diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-05-04 17:08:25 +0200 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-05-04 17:08:25 +0200 |
commit | 4e63a9a6793583c7f7f4959724be2653ddc85f49 (patch) | |
tree | 2f6ee12531276bd6ed47909325df3238969fb75c /src/SemanticScuttle | |
parent | dda05f5cc7e1d984564e5154f6ceda762c2224a3 (diff) | |
download | semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.gz semanticscuttle-4e63a9a6793583c7f7f4959724be2653ddc85f49.tar.bz2 |
part of request #3163623: add support to login via ssl client certificate. web interface to register certificates is still missing
Diffstat (limited to 'src/SemanticScuttle')
-rw-r--r-- | src/SemanticScuttle/Service/User.php | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 9ef8430..0071f9b 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -390,6 +390,14 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService $this->db->sql_freeresult($dbresult); return (int)$_SESSION[$this->getSessionKey()]; } + } else if (isset($_SERVER['SSL_CLIENT_M_SERIAL']) + && isset($_SERVER['SSL_CLIENT_V_END']) + ) { + $id = $this->getUserIdFromSslClientCert(); + if ($id !== false) { + $this->setCurrentUserId($id); + return (int)$_SESSION[$this->getSessionKey()]; + } } return false; } @@ -421,6 +429,48 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService /** + * Tries to detect the user ID from the SSL client certificate passed + * to the web server. + * + * @return mixed Integer user ID if the certificate is valid and + * assigned to a user, boolean false otherwise + */ + protected function getUserIdFromSslClientCert() + { + if (!isset($_SERVER['SSL_CLIENT_M_SERIAL']) + || !isset($_SERVER['SSL_CLIENT_V_END']) + ) { + return false; + } + //TODO: verify this var is always there + if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) { + return false; + } + + $serial = $_SERVER['SSL_CLIENT_M_SERIAL']; + $query = 'SELECT uId' + . ' FROM ' . $this->getTableName() . '_sslclientcerts' + . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''; + if (!($dbresult = $this->db->sql_query($query))) { + message_die( + GENERAL_ERROR, 'Could not load user for client certificate', + '', __LINE__, __FILE__, $query, $this->db + ); + return false; + } + + $row = $this->db->sql_fetchrow($dbresult); + $this->db->sql_freeresult($dbresult); + + if (!$row) { + return false; + } + return (int)$row['uId']; + } + + + + /** * Try to authenticate and login a user with * username and password. * |