aliens/SemanticScuttle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

part of request #3163623: add support to login via ssl client certificate. web interface to register certificates is still missing

Browse source
This commit is contained in:
Christian Weiske 2011-05-04 17:08:25 +02:00
parent dda05f5cc7
commit 4e63a9a679
4 changed files with 71 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
data/schema/6.sql
View file

@ -2,3 +2,13 @@ CREATE TABLE `sc_version` (
`schema_version` int(11) NOT NULL `schema_version` int(11) NOT NULL
) DEFAULT CHARSET=utf8; ) DEFAULT CHARSET=utf8;
INSERT INTO `sc_version` (`schema_version`) VALUES ('6'); INSERT INTO `sc_version` (`schema_version`) VALUES ('6');
CREATE TABLE `sc_users_sslclientcerts` (
`id` INT NOT NULL AUTO_INCREMENT ,
`uId` INT NOT NULL ,
`sslSerial` VARCHAR( 32 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
UNIQUE (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;

10
data/tables.sql
View file

@ -77,6 +77,16 @@ CREATE TABLE `sc_users` (
-- -------------------------------------------------------- -- --------------------------------------------------------
CREATE TABLE `sc_users_sslclientcerts` (
`id` INT NOT NULL AUTO_INCREMENT ,
`uId` INT NOT NULL ,
`sslSerial` VARCHAR( 32 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
UNIQUE (`id`)
) CHARACTER SET utf8 COLLATE utf8_general_ci;
-- --
-- Table structure for table `sc_watched` -- Table structure for table `sc_watched`
-- --

2
data/templates/toolbar.inc.php
View file

@ -1,5 +1,5 @@
<?php <?php
if ($userservice->isLoggedOn()) { if ($userservice->isLoggedOn() && is_object($currentUser)) {
$cUserId = $userservice->getCurrentUserId(); $cUserId = $userservice->getCurrentUserId();
$cUsername = $currentUser->getUsername(); $cUsername = $currentUser->getUsername();
?> ?>

50
src/SemanticScuttle/Service/User.php
View file

@ -390,6 +390,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
$this->db->sql_freeresult($dbresult); $this->db->sql_freeresult($dbresult);
return (int)$_SESSION[$this->getSessionKey()]; return (int)$_SESSION[$this->getSessionKey()];
} }
} else if (isset($_SERVER['SSL_CLIENT_M_SERIAL'])
&& isset($_SERVER['SSL_CLIENT_V_END'])
) {
$id = $this->getUserIdFromSslClientCert();
if ($id !== false) {
$this->setCurrentUserId($id);
return (int)$_SESSION[$this->getSessionKey()];
}
} }
return false; return false;
} }
@ -420,6 +428,48 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
/**
* Tries to detect the user ID from the SSL client certificate passed
* to the web server.
*
* @return mixed Integer user ID if the certificate is valid and
* assigned to a user, boolean false otherwise
*/
protected function getUserIdFromSslClientCert()
{
if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
|| !isset($_SERVER['SSL_CLIENT_V_END'])
) {
return false;
}
//TODO: verify this var is always there
if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
return false;
}
$serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
$query = 'SELECT uId'
. ' FROM ' . $this->getTableName() . '_sslclientcerts'
. ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'';
if (!($dbresult = $this->db->sql_query($query))) {
message_die(
GENERAL_ERROR, 'Could not load user for client certificate',
'', __LINE__, __FILE__, $query, $this->db
);
return false;
}
$row = $this->db->sql_fetchrow($dbresult);
$this->db->sql_freeresult($dbresult);
if (!$row) {
return false;
}
return (int)$row['uId'];
}
/** /**
* Try to authenticate and login a user with * Try to authenticate and login a user with
* username and password. * username and password.