diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-05-04 17:08:25 +0200 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-05-04 17:08:25 +0200 |
commit | 4e63a9a6793583c7f7f4959724be2653ddc85f49 (patch) | |
tree | 2f6ee12531276bd6ed47909325df3238969fb75c | |
parent | dda05f5cc7e1d984564e5154f6ceda762c2224a3 (diff) | |
download | semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.gz semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.bz2 |
part of request #3163623: add support to login via ssl client certificate. web interface to register certificates is still missing
-rw-r--r-- | data/schema/6.sql | 10 | ||||
-rw-r--r-- | data/tables.sql | 10 | ||||
-rw-r--r-- | data/templates/toolbar.inc.php | 2 | ||||
-rw-r--r-- | src/SemanticScuttle/Service/User.php | 50 |
4 files changed, 71 insertions, 1 deletions
diff --git a/data/schema/6.sql b/data/schema/6.sql index 4ae7cb9..bc85ffd 100644 --- a/data/schema/6.sql +++ b/data/schema/6.sql @@ -2,3 +2,13 @@ CREATE TABLE `sc_version` ( `schema_version` int(11) NOT NULL ) DEFAULT CHARSET=utf8; INSERT INTO `sc_version` (`schema_version`) VALUES ('6'); + +CREATE TABLE `sc_users_sslclientcerts` ( + `id` INT NOT NULL AUTO_INCREMENT , + `uId` INT NOT NULL , + `sslSerial` VARCHAR( 32 ) NOT NULL , + `sslName` VARCHAR( 64 ) NOT NULL , + `sslEmail` VARCHAR( 64 ) NOT NULL , + PRIMARY KEY ( `id` ) , + UNIQUE (`id`) +) CHARACTER SET utf8 COLLATE utf8_general_ci; diff --git a/data/tables.sql b/data/tables.sql index 7a9c5bd..af0c81b 100644 --- a/data/tables.sql +++ b/data/tables.sql @@ -77,6 +77,16 @@ CREATE TABLE `sc_users` ( -- -------------------------------------------------------- +CREATE TABLE `sc_users_sslclientcerts` ( + `id` INT NOT NULL AUTO_INCREMENT , + `uId` INT NOT NULL , + `sslSerial` VARCHAR( 32 ) NOT NULL , + `sslName` VARCHAR( 64 ) NOT NULL , + `sslEmail` VARCHAR( 64 ) NOT NULL , + PRIMARY KEY ( `id` ) , + UNIQUE (`id`) +) CHARACTER SET utf8 COLLATE utf8_general_ci; + -- -- Table structure for table `sc_watched` -- diff --git a/data/templates/toolbar.inc.php b/data/templates/toolbar.inc.php index 0d9bf49..fb6638d 100644 --- a/data/templates/toolbar.inc.php +++ b/data/templates/toolbar.inc.php @@ -1,5 +1,5 @@ <?php -if ($userservice->isLoggedOn()) { +if ($userservice->isLoggedOn() && is_object($currentUser)) { $cUserId = $userservice->getCurrentUserId(); $cUsername = $currentUser->getUsername(); ?> diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 9ef8430..0071f9b 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -390,6 +390,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService $this->db->sql_freeresult($dbresult); return (int)$_SESSION[$this->getSessionKey()]; } + } else if (isset($_SERVER['SSL_CLIENT_M_SERIAL']) + && isset($_SERVER['SSL_CLIENT_V_END']) + ) { + $id = $this->getUserIdFromSslClientCert(); + if ($id !== false) { + $this->setCurrentUserId($id); + return (int)$_SESSION[$this->getSessionKey()]; + } } return false; } @@ -421,6 +429,48 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService /** + * Tries to detect the user ID from the SSL client certificate passed + * to the web server. + * + * @return mixed Integer user ID if the certificate is valid and + * assigned to a user, boolean false otherwise + */ + protected function getUserIdFromSslClientCert() + { + if (!isset($_SERVER['SSL_CLIENT_M_SERIAL']) + || !isset($_SERVER['SSL_CLIENT_V_END']) + ) { + return false; + } + //TODO: verify this var is always there + if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { + return false; + } + + $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $query = 'SELECT uId' + . ' FROM ' . $this->getTableName() . '_sslclientcerts' + . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''; + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not load user for client certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + $row = $this->db->sql_fetchrow($dbresult); + $this->db->sql_freeresult($dbresult); + + if (!$row) { + return false; + } + return (int)$row['uId']; + } + + + + /** * Try to authenticate and login a user with * username and password. * |