diff options
| author | Christian Weiske <cweiske@cweiske.de> | 2011-05-04 17:08:25 +0200 | 
|---|---|---|
| committer | Christian Weiske <cweiske@cweiske.de> | 2011-05-04 17:08:25 +0200 | 
| commit | 4e63a9a6793583c7f7f4959724be2653ddc85f49 (patch) | |
| tree | 2f6ee12531276bd6ed47909325df3238969fb75c | |
| parent | dda05f5cc7e1d984564e5154f6ceda762c2224a3 (diff) | |
| download | semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.gz semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.bz2 | |
part of request #3163623: add support to login via ssl client certificate. web interface to register certificates is still missing
| -rw-r--r-- | data/schema/6.sql | 10 | ||||
| -rw-r--r-- | data/tables.sql | 10 | ||||
| -rw-r--r-- | data/templates/toolbar.inc.php | 2 | ||||
| -rw-r--r-- | src/SemanticScuttle/Service/User.php | 50 | 
4 files changed, 71 insertions, 1 deletions
| diff --git a/data/schema/6.sql b/data/schema/6.sql index 4ae7cb9..bc85ffd 100644 --- a/data/schema/6.sql +++ b/data/schema/6.sql @@ -2,3 +2,13 @@ CREATE TABLE `sc_version` (    `schema_version` int(11) NOT NULL  ) DEFAULT CHARSET=utf8;  INSERT INTO `sc_version` (`schema_version`) VALUES ('6'); + +CREATE TABLE `sc_users_sslclientcerts` ( +  `id` INT NOT NULL AUTO_INCREMENT , +  `uId` INT NOT NULL , +  `sslSerial` VARCHAR( 32 ) NOT NULL , +  `sslName` VARCHAR( 64 ) NOT NULL , +  `sslEmail` VARCHAR( 64 ) NOT NULL , +  PRIMARY KEY ( `id` ) , +  UNIQUE (`id`) +) CHARACTER SET utf8 COLLATE utf8_general_ci; diff --git a/data/tables.sql b/data/tables.sql index 7a9c5bd..af0c81b 100644 --- a/data/tables.sql +++ b/data/tables.sql @@ -77,6 +77,16 @@ CREATE TABLE `sc_users` (  -- -------------------------------------------------------- +CREATE TABLE `sc_users_sslclientcerts` ( +  `id` INT NOT NULL AUTO_INCREMENT , +  `uId` INT NOT NULL , +  `sslSerial` VARCHAR( 32 ) NOT NULL , +  `sslName` VARCHAR( 64 ) NOT NULL , +  `sslEmail` VARCHAR( 64 ) NOT NULL , +  PRIMARY KEY ( `id` ) , +  UNIQUE (`id`) +) CHARACTER SET utf8 COLLATE utf8_general_ci; +  --   -- Table structure for table `sc_watched`  --  diff --git a/data/templates/toolbar.inc.php b/data/templates/toolbar.inc.php index 0d9bf49..fb6638d 100644 --- a/data/templates/toolbar.inc.php +++ b/data/templates/toolbar.inc.php @@ -1,5 +1,5 @@  <?php -if ($userservice->isLoggedOn()) { +if ($userservice->isLoggedOn() && is_object($currentUser)) {      $cUserId = $userservice->getCurrentUserId();      $cUsername = $currentUser->getUsername();  ?> diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 9ef8430..0071f9b 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -390,6 +390,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService                  $this->db->sql_freeresult($dbresult);                  return (int)$_SESSION[$this->getSessionKey()];              } +        } else if (isset($_SERVER['SSL_CLIENT_M_SERIAL']) +            && isset($_SERVER['SSL_CLIENT_V_END']) +        ) { +            $id = $this->getUserIdFromSslClientCert(); +            if ($id !== false) { +                $this->setCurrentUserId($id); +                return (int)$_SESSION[$this->getSessionKey()]; +            }          }          return false;      } @@ -421,6 +429,48 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService      /** +     * Tries to detect the user ID from the SSL client certificate passed +     * to the web server. +     * +     * @return mixed Integer user ID if the certificate is valid and +     *               assigned to a user, boolean false otherwise +     */ +    protected function getUserIdFromSslClientCert() +    { +        if (!isset($_SERVER['SSL_CLIENT_M_SERIAL']) +            || !isset($_SERVER['SSL_CLIENT_V_END']) +        ) { +            return false; +        } +        //TODO: verify this var is always there +        if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { +            return false; +        } + +        $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; +        $query = 'SELECT uId' +            . ' FROM ' . $this->getTableName() . '_sslclientcerts' +            . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''; +        if (!($dbresult = $this->db->sql_query($query))) { +            message_die( +                GENERAL_ERROR, 'Could not load user for client certificate', +                '', __LINE__, __FILE__, $query, $this->db +            ); +            return false; +        } + +        $row = $this->db->sql_fetchrow($dbresult); +        $this->db->sql_freeresult($dbresult); + +        if (!$row) { +            return false; +        } +        return (int)$row['uId']; +    } + + + +    /**       * Try to authenticate and login a user with       * username and password.       * | 
