also match client issuer (CA)
This commit is contained in:
parent
b212c837f0
commit
c7ec370b47
3 changed files with 13 additions and 3 deletions
|
@ -7,6 +7,7 @@ CREATE TABLE `sc_users_sslclientcerts` (
|
|||
`id` INT NOT NULL AUTO_INCREMENT ,
|
||||
`uId` INT NOT NULL ,
|
||||
`sslSerial` VARCHAR( 32 ) NOT NULL ,
|
||||
`sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
|
||||
`sslName` VARCHAR( 64 ) NOT NULL ,
|
||||
`sslEmail` VARCHAR( 64 ) NOT NULL ,
|
||||
PRIMARY KEY ( `id` ) ,
|
||||
|
|
|
@ -81,6 +81,7 @@ CREATE TABLE `sc_users_sslclientcerts` (
|
|||
`id` INT NOT NULL AUTO_INCREMENT ,
|
||||
`uId` INT NOT NULL ,
|
||||
`sslSerial` VARCHAR( 32 ) NOT NULL ,
|
||||
`sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
|
||||
`sslName` VARCHAR( 64 ) NOT NULL ,
|
||||
`sslEmail` VARCHAR( 64 ) NOT NULL ,
|
||||
PRIMARY KEY ( `id` ) ,
|
||||
|
|
|
@ -439,18 +439,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
|
|||
{
|
||||
if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
|
||||
|| !isset($_SERVER['SSL_CLIENT_V_END'])
|
||||
|| !isset($_SERVER['SSL_CLIENT_VERIFY'])
|
||||
|| $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS'
|
||||
|| !isset($_SERVER['SSL_CLIENT_I_DN'])
|
||||
) {
|
||||
return false;
|
||||
}
|
||||
//TODO: verify this var is always there
|
||||
|
||||
if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
|
||||
$serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
|
||||
$clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
|
||||
|
||||
$query = 'SELECT uId'
|
||||
. ' FROM ' . $this->getTableName() . '_sslclientcerts'
|
||||
. ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'';
|
||||
. ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''
|
||||
. ' AND sslClientIssuerDn = \''
|
||||
. $this->db->sql_escape($clientIssuerDn)
|
||||
. '\'';
|
||||
if (!($dbresult = $this->db->sql_query($query))) {
|
||||
message_die(
|
||||
GENERAL_ERROR, 'Could not load user for client certificate',
|
||||
|
|
Loading…
Reference in a new issue