diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-05-05 12:01:39 +0200 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-05-05 12:01:39 +0200 |
commit | c7ec370b4712a3d2782c310d486e0d749eed2e0d (patch) | |
tree | dc0a7b7a4a759a60c3fbb402de13a7c672c4fc68 | |
parent | b212c837f0fab0c95c0699afc63e7085e094f88f (diff) | |
download | semanticscuttle-c7ec370b4712a3d2782c310d486e0d749eed2e0d.tar.gz semanticscuttle-c7ec370b4712a3d2782c310d486e0d749eed2e0d.tar.bz2 |
also match client issuer (CA)
-rw-r--r-- | data/schema/6.sql | 1 | ||||
-rw-r--r-- | data/tables.sql | 1 | ||||
-rw-r--r-- | src/SemanticScuttle/Service/User.php | 14 |
3 files changed, 13 insertions, 3 deletions
diff --git a/data/schema/6.sql b/data/schema/6.sql index bc85ffd..0c208ad 100644 --- a/data/schema/6.sql +++ b/data/schema/6.sql @@ -7,6 +7,7 @@ CREATE TABLE `sc_users_sslclientcerts` ( `id` INT NOT NULL AUTO_INCREMENT , `uId` INT NOT NULL , `sslSerial` VARCHAR( 32 ) NOT NULL , + `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL , `sslName` VARCHAR( 64 ) NOT NULL , `sslEmail` VARCHAR( 64 ) NOT NULL , PRIMARY KEY ( `id` ) , diff --git a/data/tables.sql b/data/tables.sql index af0c81b..d53945e 100644 --- a/data/tables.sql +++ b/data/tables.sql @@ -81,6 +81,7 @@ CREATE TABLE `sc_users_sslclientcerts` ( `id` INT NOT NULL AUTO_INCREMENT , `uId` INT NOT NULL , `sslSerial` VARCHAR( 32 ) NOT NULL , + `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL , `sslName` VARCHAR( 64 ) NOT NULL , `sslEmail` VARCHAR( 64 ) NOT NULL , PRIMARY KEY ( `id` ) , diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 0071f9b..bf7c61d 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -439,18 +439,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService { if (!isset($_SERVER['SSL_CLIENT_M_SERIAL']) || !isset($_SERVER['SSL_CLIENT_V_END']) + || !isset($_SERVER['SSL_CLIENT_VERIFY']) + || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS' + || !isset($_SERVER['SSL_CLIENT_I_DN']) ) { return false; } - //TODO: verify this var is always there + if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { return false; } - $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN']; + $query = 'SELECT uId' . ' FROM ' . $this->getTableName() . '_sslclientcerts' - . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''; + . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'' + . ' AND sslClientIssuerDn = \'' + . $this->db->sql_escape($clientIssuerDn) + . '\''; if (!($dbresult = $this->db->sql_query($query))) { message_die( GENERAL_ERROR, 'Could not load user for client certificate', |