From b5ee07271aea9e0722a7ed58e52f80b495d190d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michael=20T=C3=A4nzer?= <neo@nhng.de>
Date: Wed, 6 Jul 2011 01:01:24 +0200
Subject: bug 841: not only check for serial number but for serial number and
 issuer in combination when checking login
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix provided by Uli60

Signed-off-by: Michael Tänzer <neo@nhng.de>
---
 includes/lib/general.php | 33 +++++++++++++++++++++++++++++++++
 includes/loggedin.php    |  7 ++++++-
 www/index.php            |  7 ++++++-
 3 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 includes/lib/general.php

diff --git a/includes/lib/general.php b/includes/lib/general.php
new file mode 100644
index 0000000..5a84303
--- /dev/null
+++ b/includes/lib/general.php
@@ -0,0 +1,33 @@
+<? /*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2011  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+function rootcertid($CertIssuerCN)
+{
+	$query = "select * from `root_certs` where `Cert_Text`='".$CertIssuerCN."'";
+	$res = mysql_query($query);
+	if(mysql_num_rows($res) > 0)
+	{
+		$row = mysql_fetch_assoc($res);
+		$rootcertid = intval($row['id']);
+		return $rootcertid;
+	}
+	
+	return -1;
+}
+
+?>
diff --git a/includes/loggedin.php b/includes/loggedin.php
index 355527f..2cbc121 100644
--- a/includes/loggedin.php
+++ b/includes/loggedin.php
@@ -16,6 +16,7 @@
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 
+	include_once("../includes/lib/general.php");
 
 	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && $_SESSION['profile']['id'] > 0 && $_SESSION['profile']['loggedin'] != 0)
 	{
@@ -41,7 +42,11 @@
   
 	if($_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'] && ($_SESSION['profile']['id'] == 0 || $_SESSION['profile']['loggedin'] == 0))
 	{
-		$query = "select * from `emailcerts` where `serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and `revoked`=0 and disablelogin=0 and
+		/* identify unique certs serial number related to root or subroot */
+		$query = "select * from `emailcerts` where
+				`serial`='${_SERVER['SSL_CLIENT_M_SERIAL']}' and
+				`rootcert`='".rootcertid($_SERVER['SSL_CLIENT_I_DN_CN'])."' and
+				`revoked`=0 and disablelogin=0 and
 				UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
 		$res = mysql_query($query);
 
diff --git a/www/index.php b/www/index.php
index fb215c6..ddfa610 100644
--- a/www/index.php
+++ b/www/index.php
@@ -148,7 +148,12 @@
 
 	if($id == 4 && $_SERVER['HTTP_HOST'] == $_SESSION['_config']['securehostname'])
 	{
-		$query = "select * from `emailcerts` where `serial`='$_SERVER[SSL_CLIENT_M_SERIAL]' and `revoked`=0 and disablelogin=0 and
+		include_once("../includes/lib/general.php");
+		/* identify unique certs serial number related to root or subroot */
+		$query = "select * from `emailcerts` where
+				`serial`='".$_SERVER['SSL_CLIENT_M_SERIAL']."' and
+				`rootcert`='".rootcertid($_SERVER['SSL_CLIENT_I_DN_CN'])."' and
+				`revoked`=0 and disablelogin=0 and
 				UNIX_TIMESTAMP(`expire`) - UNIX_TIMESTAMP() > 0";
 		$res = mysql_query($query);
 		if(mysql_num_rows($res) > 0)
-- 
cgit v1.2.1