186e0f1b9SPhilipp Neuser<?php 286e0f1b9SPhilipp Neuser// must be run within Dokuwiki 386e0f1b9SPhilipp Neuserif(!defined('DOKU_INC')) die(); 486e0f1b9SPhilipp Neuser 586e0f1b9SPhilipp Neuser/** 686e0f1b9SPhilipp Neuser* Chained authentication backend 786e0f1b9SPhilipp Neuser* 886e0f1b9SPhilipp Neuser* @license GPL 2 (http://www.gnu.org/licenses/gpl.html) 9*d9c5261fSeinhirn* @author Philipp Neuser <pneuser@physik.fu-berlin.de> 10*d9c5261fSeinhirn* @author Christian Marg <marg@rz.tu-clausthal.de> 11*d9c5261fSeinhirn* 12*d9c5261fSeinhirn* Based on "Chained authentication backend" 13*d9c5261fSeinhirn* by Grant Gardner <grant@lastweekend.com.au> 14*d9c5261fSeinhirn* see https://www.dokuwiki.org/auth:ggauth 15*d9c5261fSeinhirn* 1686e0f1b9SPhilipp Neuser*/ 1786e0f1b9SPhilipp Neuserclass auth_plugin_authchained extends DokuWiki_Auth_Plugin { 1886e0f1b9SPhilipp Neuser public $success = true; 1932fe206aSeinhirn //array with authentication plugins 2086e0f1b9SPhilipp Neuser protected $chained_plugins = array(); 2186e0f1b9SPhilipp Neuser protected $chained_auth = NULL; 22*d9c5261fSeinhirn protected $usermanager_auth = NULL; 2386e0f1b9SPhilipp Neuser 2486e0f1b9SPhilipp Neuser /** 2586e0f1b9SPhilipp Neuser * Constructor. 2686e0f1b9SPhilipp Neuser * 2786e0f1b9SPhilipp Neuser * Loads all configured plugins or the authentication plugin of the 2886e0f1b9SPhilipp Neuser * logged in user. 2986e0f1b9SPhilipp Neuser * 3086e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 31*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 3286e0f1b9SPhilipp Neuser */ 3386e0f1b9SPhilipp Neuser public function __construct() { 3486e0f1b9SPhilipp Neuser global $conf; 3586e0f1b9SPhilipp Neuser // call parent 3686e0f1b9SPhilipp Neuser # parent::__constructor(); 3786e0f1b9SPhilipp Neuser 3832fe206aSeinhirn //check if there is already an authentication plugin selected 399e84dbfbSPhilipp Neuser if( isset($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']) && 4032fe206aSeinhirn !empty($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']) ) { 4132fe206aSeinhirn 42*d9c5261fSeinhirn //get previously selected authentication plugin 43*d9c5261fSeinhirn $this->chained_auth =& plugin_load('auth',$_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']); 44*d9c5261fSeinhirn if ( is_null($this->chained_auth) || !$this->chained_auth->success ) { 45*d9c5261fSeinhirn $this->success = false; 46*d9c5261fSeinhirn } 4732fe206aSeinhirn } else { 48*d9c5261fSeinhirn print_r($this->getConf('authtypes')); 4986e0f1b9SPhilipp Neuser //get authentication plugins 50*d9c5261fSeinhirn if($this->getConf('authtypes')){ 51*d9c5261fSeinhirn foreach(explode(":",$this->getConf('authtypes')) as $tmp_plugin){ 52*d9c5261fSeinhirn $tmp_class =& plugin_load('auth',$tmp_plugin); 53*d9c5261fSeinhirn 54*d9c5261fSeinhirn if ( !is_null($tmp_class) || $tmp_class->success ) { 5586e0f1b9SPhilipp Neuser $tmp_module = array($tmp_plugin,$tmp_class); 5686e0f1b9SPhilipp Neuser array_push($this->chained_plugins, $tmp_module); 57*d9c5261fSeinhirn } else { 58*d9c5261fSeinhirn msg("Problem constructing $tmp_plugin",-1); 59*d9c5261fSeinhirn $this->success = false; 60*d9c5261fSeinhirn } 6186e0f1b9SPhilipp Neuser } 6286e0f1b9SPhilipp Neuser } else { 6386e0f1b9SPhilipp Neuser $success = false; 6486e0f1b9SPhilipp Neuser } 6586e0f1b9SPhilipp Neuser } 66*d9c5261fSeinhirn 67*d9c5261fSeinhirn // If defined, instantiate usermanager authtype. 68*d9c5261fSeinhirn // No need to check for duplicates, "plugin_load" does that for us. 69*d9c5261fSeinhirn if($this->getConf('usermanager_authtype')){ 70*d9c5261fSeinhirn $this->usermanager_auth =& plugin_load('auth',$this->getConf('usermanager_authtype')); 71*d9c5261fSeinhirn if(is_null($this->usermanager_auth) || !$this->usermanager_auth->success ) { 72*d9c5261fSeinhirn msg("Problem constructing usermanager authtype: ".$this->getConf('usermanager_authtype'),-1); 73*d9c5261fSeinhirn $this->success = false; 74*d9c5261fSeinhirn } 75*d9c5261fSeinhirn } else { 76*d9c5261fSeinhirn $this->usermanager_auth =& $this->chained_auth; 77*d9c5261fSeinhirn } 78*d9c5261fSeinhirn 7986e0f1b9SPhilipp Neuser //debug 8086e0f1b9SPhilipp Neuser // print_r($chained_plugins); 8186e0f1b9SPhilipp Neuser } 8286e0f1b9SPhilipp Neuser 8386e0f1b9SPhilipp Neuser /** 8486e0f1b9SPhilipp Neuser * Forwards the authentication to configured authplugins. 8586e0f1b9SPhilipp Neuser * Returns true, if the usermanager authtype has the capability and no user 8686e0f1b9SPhilipp Neuser * is logged in. 8786e0f1b9SPhilipp Neuser * 8886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 89*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 9086e0f1b9SPhilipp Neuser * @param string $cap the capability to check 9186e0f1b9SPhilipp Neuser * @return bool 9286e0f1b9SPhilipp Neuser */ 9386e0f1b9SPhilipp Neuser public function canDo($cap) { 94*d9c5261fSeinhirn global $ACT; 95c368b833SPhilipp Neuser # print_r($cap); 9632fe206aSeinhirn if(is_null($this->chained_auth)) { 97*d9c5261fSeinhirn if (!is_null($this->usermanager_auth)) { 98*d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 9932fe206aSeinhirn } else { 100*d9c5261fSeinhirn return parent::canDo($cap); 101*d9c5261fSeinhirn } 102*d9c5261fSeinhirn } else { 103*d9c5261fSeinhirn switch($cap) { 104*d9c5261fSeinhirn case 'Profile': 105*d9c5261fSeinhirn case 'logoff': 106*d9c5261fSeinhirn //Depends on current user. 107*d9c5261fSeinhirn return $this->chained_auth->canDo($cap); 108*d9c5261fSeinhirn case 'UserMod': 109*d9c5261fSeinhirn case 'addUser': 110*d9c5261fSeinhirn case 'delUser': 111*d9c5261fSeinhirn case 'getUsers': 112*d9c5261fSeinhirn case 'getUserCount': 113*d9c5261fSeinhirn case 'getGroups': 114*d9c5261fSeinhirn //Depends on the auth for use with user manager 115*d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 116*d9c5261fSeinhirn case 'modPass': 117*d9c5261fSeinhirn case 'modName': 118*d9c5261fSeinhirn case 'modLogin': 119*d9c5261fSeinhirn case 'modGroups': 120*d9c5261fSeinhirn case 'modMail': 121*d9c5261fSeinhirn /** 122*d9c5261fSeinhirn * Use request attributes to guess whether we are in the Profile or UserManager 123*d9c5261fSeinhirn * and return the appropriate auth capabilities 124*d9c5261fSeinhirn */ 125*d9c5261fSeinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 126*d9c5261fSeinhirn return $this->usermanager_auth->canDo($cap); 127*d9c5261fSeinhirn } else { 128*d9c5261fSeinhirn // assume we want profile info. 12986e0f1b9SPhilipp Neuser return $this->chained_auth->canDo($cap); 13086e0f1b9SPhilipp Neuser } 131*d9c5261fSeinhirn// I don't know how to handle "external" in this context yet. 132*d9c5261fSeinhirn// Is it in any way sensible to mix regular auth with external auth? 133*d9c5261fSeinhirn// case 'external': 134*d9c5261fSeinhirn// //We are external if one of the chains is valid for external use 135*d9c5261fSeinhirn// return $this->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); 136*d9c5261fSeinhirn default: 137*d9c5261fSeinhirn //Everything else (false) 138*d9c5261fSeinhirn return parent::canDo($cap); 13986e0f1b9SPhilipp Neuser } 140*d9c5261fSeinhirn #echo "canDo $cap ".$this->chained_auth->canDo($cap)."\n"; 141*d9c5261fSeinhirn } 14286e0f1b9SPhilipp Neuser } 14386e0f1b9SPhilipp Neuser 14486e0f1b9SPhilipp Neuser /** 14586e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user and 14686e0f1b9SPhilipp Neuser * unsets our session variable. 14786e0f1b9SPhilipp Neuser * @see auth_logoff() 14886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de 149*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 15086e0f1b9SPhilipp Neuser */ 15186e0f1b9SPhilipp Neuser public function logOff() { 15286e0f1b9SPhilipp Neuser if(!is_null($this->chained_auth)) 15386e0f1b9SPhilipp Neuser $this->chained_auth->logOff(); 1549e84dbfbSPhilipp Neuser unset($_SESSION[DOKU_COOKIE]['plugin']['authchained']['module']); 15586e0f1b9SPhilipp Neuser } 15686e0f1b9SPhilipp Neuser 15786e0f1b9SPhilipp Neuser /** 15886e0f1b9SPhilipp Neuser * Do all authentication [ OPTIONAL ] 15986e0f1b9SPhilipp Neuser * If the current plugin is external, be external. 16086e0f1b9SPhilipp Neuser * 16186e0f1b9SPhilipp Neuser * @see auth_login() 16286e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 163*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 16486e0f1b9SPhilipp Neuser * 16586e0f1b9SPhilipp Neuser * @param string $user Username 16686e0f1b9SPhilipp Neuser * @param string $pass Cleartext Password 16786e0f1b9SPhilipp Neuser * @param bool $sticky Cookie should not expire 16886e0f1b9SPhilipp Neuser * @return bool true on successful auth 16986e0f1b9SPhilipp Neuser */ 17086e0f1b9SPhilipp Neuser public function trustExternal($user, $pass, $sticky = false) { 17186e0f1b9SPhilipp Neuser if(!is_null($this->chained_auth) && $this->chained_auth->canDo('external')) 17286e0f1b9SPhilipp Neuser $this->chained_auth->trustExternal($user, $pass, $sticky); 17386e0f1b9SPhilipp Neuser } 17486e0f1b9SPhilipp Neuser 17586e0f1b9SPhilipp Neuser /** 17686e0f1b9SPhilipp Neuser * Check user+password [ MUST BE OVERRIDDEN ] 17786e0f1b9SPhilipp Neuser * 17886e0f1b9SPhilipp Neuser * Checks if the given user exists in one of the plugins and checks 17986e0f1b9SPhilipp Neuser * against the given password. The first plugin returning true becomes 18086e0f1b9SPhilipp Neuser * auth plugin of the user session. 18186e0f1b9SPhilipp Neuser * 18286e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de 183*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 18486e0f1b9SPhilipp Neuser * @param string $user the user name 18586e0f1b9SPhilipp Neuser * @param string $pass the clear text password 18686e0f1b9SPhilipp Neuser * @return bool 18786e0f1b9SPhilipp Neuser */ 18886e0f1b9SPhilipp Neuser public function checkPass($user, $pass) { 18986e0f1b9SPhilipp Neuser //debug 19086e0f1b9SPhilipp Neuser //print_r($this->chained_plugins); 1918a493abfSPhilipp Neuser if(is_null($this->chained_auth)) { 19232fe206aSeinhirn foreach($this->chained_plugins as $module) { 19332fe206aSeinhirn if($module[1]->canDo('external')) { 19432fe206aSeinhirn if($module[1]->trustExternal($user, $pass)) { 19532fe206aSeinhirn $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 19686e0f1b9SPhilipp Neuser $this->chained_auth = $module[1]; 19786e0f1b9SPhilipp Neuser return true; 19886e0f1b9SPhilipp Neuser } else { 19932fe206aSeinhirn if($module[1]->checkPass($user, $pass)) { 20032fe206aSeinhirn $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 20186e0f1b9SPhilipp Neuser $this->chained_auth = $module[1]; 20286e0f1b9SPhilipp Neuser return true; 20386e0f1b9SPhilipp Neuser } 20486e0f1b9SPhilipp Neuser } 20586e0f1b9SPhilipp Neuser } else { 20632fe206aSeinhirn if($module[1]->checkPass($user, $pass)) { 20732fe206aSeinhirn $_SESSION[DOKU_COOKIE]['plugin']['authchained']['module'] = $module[0]; 20886e0f1b9SPhilipp Neuser $this->this->chained_auth = $module[1]; 20986e0f1b9SPhilipp Neuser return true; 21086e0f1b9SPhilipp Neuser } 21186e0f1b9SPhilipp Neuser } 21286e0f1b9SPhilipp Neuser } 21332fe206aSeinhirn } else { 21432fe206aSeinhirn return $this->chained_auth->checkPass($user, $pass); 21532fe206aSeinhirn } 21686e0f1b9SPhilipp Neuser return false; 21786e0f1b9SPhilipp Neuser } 21886e0f1b9SPhilipp Neuser 21986e0f1b9SPhilipp Neuser /** 22086e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 22186e0f1b9SPhilipp Neuser * checks all plugins if the users exists. The first plugin returning 22286e0f1b9SPhilipp Neuser * data is used. 22386e0f1b9SPhilipp Neuser * 22486e0f1b9SPhilipp Neuser * name string full name of the user 22586e0f1b9SPhilipp Neuser * mail string email addres of the user 22686e0f1b9SPhilipp Neuser * grps array list of groups the user is in 22786e0f1b9SPhilipp Neuser * 22886e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 229*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 23086e0f1b9SPhilipp Neuser * @param string $user the user name 23186e0f1b9SPhilipp Neuser * @return array containing user data or false 23286e0f1b9SPhilipp Neuser */ 23386e0f1b9SPhilipp Neuser public function getUserData($user) { 23486e0f1b9SPhilipp Neuser //if(!$this->cando['external']) msg("no valid authorisation system in use", -1); 23586e0f1b9SPhilipp Neuser // echo "TESTSETEST"; 23632fe206aSeinhirn if(is_null($this->chained_auth)) { 23732fe206aSeinhirn foreach($this->chained_plugins as $module) { 23886e0f1b9SPhilipp Neuser $tmp_array = $module[1]->getUserData($user); 23986e0f1b9SPhilipp Neuser if(!is_bool($tmp_array)) 24086e0f1b9SPhilipp Neuser $tmp_chk_arr =array_filter($tmp_array); 24186e0f1b9SPhilipp Neuser if(!empty($tmp_chk_arr) && $tmp_array) 24286e0f1b9SPhilipp Neuser return $tmp_array; 24386e0f1b9SPhilipp Neuser } 24486e0f1b9SPhilipp Neuser return false; 24532fe206aSeinhirn } else { 24686e0f1b9SPhilipp Neuser return $this->chained_auth->getUserData($user); 24786e0f1b9SPhilipp Neuser } 24886e0f1b9SPhilipp Neuser } 24986e0f1b9SPhilipp Neuser 25086e0f1b9SPhilipp Neuser /** 25186e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 25286e0f1b9SPhilipp Neuser * returns null. 25386e0f1b9SPhilipp Neuser * 25486e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 255*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 25686e0f1b9SPhilipp Neuser * @param string $user 25786e0f1b9SPhilipp Neuser * @param string $pass 25886e0f1b9SPhilipp Neuser * @param string $name 25986e0f1b9SPhilipp Neuser * @param string $mail 26086e0f1b9SPhilipp Neuser * @param null|array $grps 26186e0f1b9SPhilipp Neuser * @return bool|null 26286e0f1b9SPhilipp Neuser */ 26386e0f1b9SPhilipp Neuser public function createUser($user, $pass, $name, $mail, $grps = null) { 264*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('addUser')) { 265*d9c5261fSeinhirn return $this->usermanager_auth->createUser($user, $pass, $name, $mail, $grps); 26686e0f1b9SPhilipp Neuser } else { 26732fe206aSeinhirn msg("authorisation method does not allow creation of new users", -1); 26886e0f1b9SPhilipp Neuser return null; 26986e0f1b9SPhilipp Neuser } 27086e0f1b9SPhilipp Neuser } 27186e0f1b9SPhilipp Neuser 27286e0f1b9SPhilipp Neuser /** 27386e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 27486e0f1b9SPhilipp Neuser * returns false 27586e0f1b9SPhilipp Neuser * 27686e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 277*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 27886e0f1b9SPhilipp Neuser * @param string $user nick of the user to be changed 27986e0f1b9SPhilipp Neuser * @param array $changes array of field/value pairs to be changed (password will be clear text) 28086e0f1b9SPhilipp Neuser * @return bool 28186e0f1b9SPhilipp Neuser */ 28286e0f1b9SPhilipp Neuser public function modifyUser($user, $changes) { 283*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('UserMod') ) { 284*d9c5261fSeinhirn return $this->usermanager_auth->modifyUser($user, $changes); 28586e0f1b9SPhilipp Neuser } else { 28632fe206aSeinhirn msg("authorisation method does not allow modifying of user data", -1); 287*d9c5261fSeinhirn return null; 28886e0f1b9SPhilipp Neuser } 28986e0f1b9SPhilipp Neuser } 29086e0f1b9SPhilipp Neuser 29186e0f1b9SPhilipp Neuser /** 29286e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 29386e0f1b9SPhilipp Neuser * returns false 29486e0f1b9SPhilipp Neuser * 29586e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 296*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 29786e0f1b9SPhilipp Neuser * @param array $users 29886e0f1b9SPhilipp Neuser * @return int number of users deleted 29986e0f1b9SPhilipp Neuser */ 30086e0f1b9SPhilipp Neuser public function deleteUsers($users) { 301*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('delUser') ) { 302*d9c5261fSeinhirn return $this->usermanager_auth->deleteUsers($users); 30386e0f1b9SPhilipp Neuser }else{ 30486e0f1b9SPhilipp Neuser msg("authorisation method does not allow deleting of users", -1); 30586e0f1b9SPhilipp Neuser return false; 30686e0f1b9SPhilipp Neuser } 30786e0f1b9SPhilipp Neuser } 30886e0f1b9SPhilipp Neuser 30986e0f1b9SPhilipp Neuser /** 31086e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 31186e0f1b9SPhilipp Neuser * returns 0 31286e0f1b9SPhilipp Neuser * 31386e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 314*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 31586e0f1b9SPhilipp Neuser * @param array $filter array of field/pattern pairs, empty array for no filter 31686e0f1b9SPhilipp Neuser * @return int 31786e0f1b9SPhilipp Neuser */ 31886e0f1b9SPhilipp Neuser public function getUserCount($filter = array()) { 319*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getUserCount') ){ 320*d9c5261fSeinhirn return $this->usermanager_auth->getUserCount($filter); 32186e0f1b9SPhilipp Neuser } else { 32286e0f1b9SPhilipp Neuser msg("authorisation method does not provide user counts", -1); 32386e0f1b9SPhilipp Neuser return 0; 32486e0f1b9SPhilipp Neuser } 32586e0f1b9SPhilipp Neuser } 32686e0f1b9SPhilipp Neuser 32786e0f1b9SPhilipp Neuser /** 32886e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 32986e0f1b9SPhilipp Neuser * returns empty array 33086e0f1b9SPhilipp Neuser * 33186e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 332*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 33386e0f1b9SPhilipp Neuser * @param int $start index of first user to be returned 33486e0f1b9SPhilipp Neuser * @param int $limit max number of users to be returned 33586e0f1b9SPhilipp Neuser * @param array $filter array of field/pattern pairs, null for no filter 33686e0f1b9SPhilipp Neuser * @return array list of userinfo (refer getUserData for internal userinfo details) 33786e0f1b9SPhilipp Neuser */ 33886e0f1b9SPhilipp Neuser public function retrieveUsers($start = 0, $limit = -1, $filter = null) { 339*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getUsers') ) { 340*d9c5261fSeinhirn //msg("RetrieveUsers is using ".get_class($this->usermanager_auth)); 341*d9c5261fSeinhirn return $this->usermanager_auth->retrieveUsers($start, $limit, $filter); 34286e0f1b9SPhilipp Neuser } else { 34386e0f1b9SPhilipp Neuser msg("authorisation method does not support mass retrievals", -1); 34486e0f1b9SPhilipp Neuser return array(); 34586e0f1b9SPhilipp Neuser } 34686e0f1b9SPhilipp Neuser } 34786e0f1b9SPhilipp Neuser 34886e0f1b9SPhilipp Neuser /** 34986e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 35086e0f1b9SPhilipp Neuser * returns false 35186e0f1b9SPhilipp Neuser * 35286e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 353*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 35486e0f1b9SPhilipp Neuser * @param string $group 35586e0f1b9SPhilipp Neuser * @return bool 35686e0f1b9SPhilipp Neuser */ 35786e0f1b9SPhilipp Neuser public function addGroup($group) { 358*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('addGroup') ) { 359*d9c5261fSeinhirn return $this->usermanager_auth->addGroup($group); 36086e0f1b9SPhilipp Neuser } else { 36132fe206aSeinhirn msg("authorisation method does not support independent group creation", -1); 36286e0f1b9SPhilipp Neuser return false; 36386e0f1b9SPhilipp Neuser } 36486e0f1b9SPhilipp Neuser } 36586e0f1b9SPhilipp Neuser 36686e0f1b9SPhilipp Neuser /** 36786e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 36886e0f1b9SPhilipp Neuser * returns empty array 36986e0f1b9SPhilipp Neuser * 37086e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 371*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 37286e0f1b9SPhilipp Neuser * @param int $start 37386e0f1b9SPhilipp Neuser * @param int $limit 37486e0f1b9SPhilipp Neuser * @return array 37586e0f1b9SPhilipp Neuser */ 37686e0f1b9SPhilipp Neuser public function retrieveGroups($start = 0, $limit = 0) { 377*d9c5261fSeinhirn if(!is_null($this->usermanager_auth) && $this->canDo('getGroups') ) { 378*d9c5261fSeinhirn return $this->usermanager_auth->retrieveGroups($start,$limit); 37986e0f1b9SPhilipp Neuser } else { 38032fe206aSeinhirn msg("authorisation method does not support group list retrieval", -1); 38186e0f1b9SPhilipp Neuser return array(); 38286e0f1b9SPhilipp Neuser } 38386e0f1b9SPhilipp Neuser } 38486e0f1b9SPhilipp Neuser 38586e0f1b9SPhilipp Neuser /** 38686e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 38786e0f1b9SPhilipp Neuser * returns true 38886e0f1b9SPhilipp Neuser * 38986e0f1b9SPhilipp Neuser * @return bool 39086e0f1b9SPhilipp Neuser */ 39186e0f1b9SPhilipp Neuser public function isCaseSensitive() { 39286e0f1b9SPhilipp Neuser if(is_null($this->chained_auth)) 393*d9c5261fSeinhirn return parent::isCaseSensitive(); 39486e0f1b9SPhilipp Neuser else 39586e0f1b9SPhilipp Neuser return $this->chained_auth->isCaseSensitive(); 39686e0f1b9SPhilipp Neuser } 39786e0f1b9SPhilipp Neuser 39886e0f1b9SPhilipp Neuser /** 39986e0f1b9SPhilipp Neuser * Sanitize a given username [OPTIONAL] 40086e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 40186e0f1b9SPhilipp Neuser * returns false 40286e0f1b9SPhilipp Neuser * 40386e0f1b9SPhilipp Neuser * 40486e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 405*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 40686e0f1b9SPhilipp Neuser * @param string $user username 40786e0f1b9SPhilipp Neuser * @return string the cleaned username 40886e0f1b9SPhilipp Neuser */ 40986e0f1b9SPhilipp Neuser public function cleanUser($user) { 410*d9c5261fSeinhirn global $ACT; 41186e0f1b9SPhilipp Neuser //print_r($this->chained_auth); 412*d9c5261fSeinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 413*d9c5261fSeinhirn if(!is_null($this->usermanager_auth)) 414*d9c5261fSeinhirn return $this->usermanager_auth->cleanUser($user); 415*d9c5261fSeinhirn } else { 416*d9c5261fSeinhirn if(!is_null($this->chained_auth)) 41786e0f1b9SPhilipp Neuser return $this->chained_auth->cleanUser($user); 41886e0f1b9SPhilipp Neuser } 419*d9c5261fSeinhirn return parent::cleanUser($user); 420*d9c5261fSeinhirn } 42186e0f1b9SPhilipp Neuser 42286e0f1b9SPhilipp Neuser /** 42386e0f1b9SPhilipp Neuser * Sanitize a given groupname [OPTIONAL] 42486e0f1b9SPhilipp Neuser * Forwards the result of the auth plugin of the logged in user or 42586e0f1b9SPhilipp Neuser * returns false 42686e0f1b9SPhilipp Neuser * 42786e0f1b9SPhilipp Neuser * @author Philipp Neuser <pneuser@physik.fu-berlin.de> 428*d9c5261fSeinhirn * @author Christian Marg <marg@rz.tu-clausthal.de> 42986e0f1b9SPhilipp Neuser * @param string $group groupname 43086e0f1b9SPhilipp Neuser * @return string the cleaned groupname 43186e0f1b9SPhilipp Neuser */ 43286e0f1b9SPhilipp Neuser public function cleanGroup($group) { 433*d9c5261fSeinhirn global $ACT; 434*d9c5261fSeinhirn if ($ACT == "admin" && $_REQUEST['page']=="usermanager") { 435*d9c5261fSeinhirn if(!is_null($this->usermanager_auth)) 436*d9c5261fSeinhirn return $this->usermanager_auth->cleanGroup($group); 43732fe206aSeinhirn } else { 438*d9c5261fSeinhirn if(!is_null($this->chained_auth)) 43986e0f1b9SPhilipp Neuser return $this->chained_auth->cleanGroup($group); 44086e0f1b9SPhilipp Neuser } 441*d9c5261fSeinhirn return parent::cleanGroup($group); 44232fe206aSeinhirn } 44386e0f1b9SPhilipp Neuser 44486e0f1b9SPhilipp Neuser 44586e0f1b9SPhilipp Neuser public function useSessionCache($user) { 44686e0f1b9SPhilipp Neuser global $conf; 44786e0f1b9SPhilipp Neuser if(is_null($this->chained_auth)) 448*d9c5261fSeinhirn return parent::useSessionCache($user); 44986e0f1b9SPhilipp Neuser else 45086e0f1b9SPhilipp Neuser return $this->chained_auth->useSessionCache($user); 45186e0f1b9SPhilipp Neuser } 452*d9c5261fSeinhirn 45386e0f1b9SPhilipp Neuser} 454