summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--data/schema/6.sql1
-rw-r--r--data/tables.sql1
-rw-r--r--src/SemanticScuttle/Service/User.php14
3 files changed, 13 insertions, 3 deletions
diff --git a/data/schema/6.sql b/data/schema/6.sql
index bc85ffd..0c208ad 100644
--- a/data/schema/6.sql
+++ b/data/schema/6.sql
@@ -7,6 +7,7 @@ CREATE TABLE `sc_users_sslclientcerts` (
`id` INT NOT NULL AUTO_INCREMENT ,
`uId` INT NOT NULL ,
`sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
diff --git a/data/tables.sql b/data/tables.sql
index af0c81b..d53945e 100644
--- a/data/tables.sql
+++ b/data/tables.sql
@@ -81,6 +81,7 @@ CREATE TABLE `sc_users_sslclientcerts` (
`id` INT NOT NULL AUTO_INCREMENT ,
`uId` INT NOT NULL ,
`sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslClientIssuerDn` VARCHAR( 1024 ) NOT NULL ,
`sslName` VARCHAR( 64 ) NOT NULL ,
`sslEmail` VARCHAR( 64 ) NOT NULL ,
PRIMARY KEY ( `id` ) ,
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php
index 0071f9b..bf7c61d 100644
--- a/src/SemanticScuttle/Service/User.php
+++ b/src/SemanticScuttle/Service/User.php
@@ -439,18 +439,26 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
{
if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
|| !isset($_SERVER['SSL_CLIENT_V_END'])
+ || !isset($_SERVER['SSL_CLIENT_VERIFY'])
+ || $_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS'
+ || !isset($_SERVER['SSL_CLIENT_I_DN'])
) {
return false;
}
- //TODO: verify this var is always there
+
if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
return false;
}
- $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $clientIssuerDn = $_SERVER['SSL_CLIENT_I_DN'];
+
$query = 'SELECT uId'
. ' FROM ' . $this->getTableName() . '_sslclientcerts'
- . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'';
+ . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\''
+ . ' AND sslClientIssuerDn = \''
+ . $this->db->sql_escape($clientIssuerDn)
+ . '\'';
if (!($dbresult = $this->db->sql_query($query))) {
message_die(
GENERAL_ERROR, 'Could not load user for client certificate',