summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Weiske <cweiske@cweiske.de>2011-05-04 17:08:25 +0200
committerChristian Weiske <cweiske@cweiske.de>2011-05-04 17:08:25 +0200
commit4e63a9a6793583c7f7f4959724be2653ddc85f49 (patch)
tree2f6ee12531276bd6ed47909325df3238969fb75c
parentdda05f5cc7e1d984564e5154f6ceda762c2224a3 (diff)
downloadsemanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.gz
semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.bz2
part of request #3163623: add support to login via ssl client certificate. web interface to register certificates is still missing
-rw-r--r--data/schema/6.sql10
-rw-r--r--data/tables.sql10
-rw-r--r--data/templates/toolbar.inc.php2
-rw-r--r--src/SemanticScuttle/Service/User.php50
4 files changed, 71 insertions, 1 deletions
diff --git a/data/schema/6.sql b/data/schema/6.sql
index 4ae7cb9..bc85ffd 100644
--- a/data/schema/6.sql
+++ b/data/schema/6.sql
@@ -2,3 +2,13 @@ CREATE TABLE `sc_version` (
`schema_version` int(11) NOT NULL
) DEFAULT CHARSET=utf8;
INSERT INTO `sc_version` (`schema_version`) VALUES ('6');
+
+CREATE TABLE `sc_users_sslclientcerts` (
+ `id` INT NOT NULL AUTO_INCREMENT ,
+ `uId` INT NOT NULL ,
+ `sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslName` VARCHAR( 64 ) NOT NULL ,
+ `sslEmail` VARCHAR( 64 ) NOT NULL ,
+ PRIMARY KEY ( `id` ) ,
+ UNIQUE (`id`)
+) CHARACTER SET utf8 COLLATE utf8_general_ci;
diff --git a/data/tables.sql b/data/tables.sql
index 7a9c5bd..af0c81b 100644
--- a/data/tables.sql
+++ b/data/tables.sql
@@ -77,6 +77,16 @@ CREATE TABLE `sc_users` (
-- --------------------------------------------------------
+CREATE TABLE `sc_users_sslclientcerts` (
+ `id` INT NOT NULL AUTO_INCREMENT ,
+ `uId` INT NOT NULL ,
+ `sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslName` VARCHAR( 64 ) NOT NULL ,
+ `sslEmail` VARCHAR( 64 ) NOT NULL ,
+ PRIMARY KEY ( `id` ) ,
+ UNIQUE (`id`)
+) CHARACTER SET utf8 COLLATE utf8_general_ci;
+
--
-- Table structure for table `sc_watched`
--
diff --git a/data/templates/toolbar.inc.php b/data/templates/toolbar.inc.php
index 0d9bf49..fb6638d 100644
--- a/data/templates/toolbar.inc.php
+++ b/data/templates/toolbar.inc.php
@@ -1,5 +1,5 @@
<?php
-if ($userservice->isLoggedOn()) {
+if ($userservice->isLoggedOn() && is_object($currentUser)) {
$cUserId = $userservice->getCurrentUserId();
$cUsername = $currentUser->getUsername();
?>
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php
index 9ef8430..0071f9b 100644
--- a/src/SemanticScuttle/Service/User.php
+++ b/src/SemanticScuttle/Service/User.php
@@ -390,6 +390,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
$this->db->sql_freeresult($dbresult);
return (int)$_SESSION[$this->getSessionKey()];
}
+ } else if (isset($_SERVER['SSL_CLIENT_M_SERIAL'])
+ && isset($_SERVER['SSL_CLIENT_V_END'])
+ ) {
+ $id = $this->getUserIdFromSslClientCert();
+ if ($id !== false) {
+ $this->setCurrentUserId($id);
+ return (int)$_SESSION[$this->getSessionKey()];
+ }
}
return false;
}
@@ -421,6 +429,48 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
/**
+ * Tries to detect the user ID from the SSL client certificate passed
+ * to the web server.
+ *
+ * @return mixed Integer user ID if the certificate is valid and
+ * assigned to a user, boolean false otherwise
+ */
+ protected function getUserIdFromSslClientCert()
+ {
+ if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
+ || !isset($_SERVER['SSL_CLIENT_V_END'])
+ ) {
+ return false;
+ }
+ //TODO: verify this var is always there
+ if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
+ return false;
+ }
+
+ $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $query = 'SELECT uId'
+ . ' FROM ' . $this->getTableName() . '_sslclientcerts'
+ . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'';
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR, 'Could not load user for client certificate',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
+ return false;
+ }
+
+ $row = $this->db->sql_fetchrow($dbresult);
+ $this->db->sql_freeresult($dbresult);
+
+ if (!$row) {
+ return false;
+ }
+ return (int)$row['uId'];
+ }
+
+
+
+ /**
* Try to authenticate and login a user with
* username and password.
*