`schema_version` int(11) NOT NULL
) DEFAULT CHARSET=utf8;
INSERT INTO `sc_version` (`schema_version`) VALUES ('6');
+
+CREATE TABLE `sc_users_sslclientcerts` (
+ `id` INT NOT NULL AUTO_INCREMENT ,
+ `uId` INT NOT NULL ,
+ `sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslName` VARCHAR( 64 ) NOT NULL ,
+ `sslEmail` VARCHAR( 64 ) NOT NULL ,
+ PRIMARY KEY ( `id` ) ,
+ UNIQUE (`id`)
+) CHARACTER SET utf8 COLLATE utf8_general_ci;
-- --------------------------------------------------------
+CREATE TABLE `sc_users_sslclientcerts` (
+ `id` INT NOT NULL AUTO_INCREMENT ,
+ `uId` INT NOT NULL ,
+ `sslSerial` VARCHAR( 32 ) NOT NULL ,
+ `sslName` VARCHAR( 64 ) NOT NULL ,
+ `sslEmail` VARCHAR( 64 ) NOT NULL ,
+ PRIMARY KEY ( `id` ) ,
+ UNIQUE (`id`)
+) CHARACTER SET utf8 COLLATE utf8_general_ci;
+
--
-- Table structure for table `sc_watched`
--
$this->db->sql_freeresult($dbresult);
return (int)$_SESSION[$this->getSessionKey()];
}
+ } else if (isset($_SERVER['SSL_CLIENT_M_SERIAL'])
+ && isset($_SERVER['SSL_CLIENT_V_END'])
+ ) {
+ $id = $this->getUserIdFromSslClientCert();
+ if ($id !== false) {
+ $this->setCurrentUserId($id);
+ return (int)$_SESSION[$this->getSessionKey()];
+ }
}
return false;
}
+ /**
+ * Tries to detect the user ID from the SSL client certificate passed
+ * to the web server.
+ *
+ * @return mixed Integer user ID if the certificate is valid and
+ * assigned to a user, boolean false otherwise
+ */
+ protected function getUserIdFromSslClientCert()
+ {
+ if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
+ || !isset($_SERVER['SSL_CLIENT_V_END'])
+ ) {
+ return false;
+ }
+ //TODO: verify this var is always there
+ if ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0) {
+ return false;
+ }
+
+ $serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
+ $query = 'SELECT uId'
+ . ' FROM ' . $this->getTableName() . '_sslclientcerts'
+ . ' WHERE sslSerial = \'' . $this->db->sql_escape($serial) . '\'';
+ if (!($dbresult = $this->db->sql_query($query))) {
+ message_die(
+ GENERAL_ERROR, 'Could not load user for client certificate',
+ '', __LINE__, __FILE__, $query, $this->db
+ );
+ return false;
+ }
+
+ $row = $this->db->sql_fetchrow($dbresult);
+ $this->db->sql_freeresult($dbresult);
+
+ if (!$row) {
+ return false;
+ }
+ return (int)$row['uId'];
+ }
+
+
+
/**
* Try to authenticate and login a user with
* username and password.
projects / semanticscuttle.git / commitdiff