summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarkus Warg <mw@it-sls.de>2010-04-14 12:46:51 +0200
committerMarkus Warg <mw@it-sls.de>2010-04-14 12:46:51 +0200
commitd09a673644f87ee067f62f3de978cb046a02c7a8 (patch)
tree74447b752918485fc07252815e9284752436823e
parent98a5e0d7416909104e4a665c421d5e42c8b91c2e (diff)
downloadcacert-mgr-d09a673644f87ee067f62f3de978cb046a02c7a8.tar.gz
cacert-mgr-d09a673644f87ee067f62f3de978cb046a02c7a8.tar.xz
cacert-mgr-d09a673644f87ee067f62f3de978cb046a02c7a8.zip
enable crt login
to use crt login, a string which resembles parts of the crt cn and dn needs to exist in an system_user record. The string is combined from SSL_CLIENT_S_DN and SSL_CLIENT_I_DN: SSL_CLIENT_S_DN + "//" + SSL_CLIENT_I_DN
-rw-r--r--dbadm/ca_mgr.mysql8
-rw-r--r--manager/application/controllers/LoginController.php60
2 files changed, 49 insertions, 19 deletions
diff --git a/dbadm/ca_mgr.mysql b/dbadm/ca_mgr.mysql
index 43f4f0e..1542932 100644
--- a/dbadm/ca_mgr.mysql
+++ b/dbadm/ca_mgr.mysql
@@ -153,8 +153,12 @@ SET @saved_cs_client = @@character_set_client;
SET character_set_client = utf8;
CREATE TABLE `system_user` (
`id` bigint(20) NOT NULL auto_increment,
- PRIMARY KEY (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ `system_role_id` bigint(20) NOT NULL,
+ `login` varchar(255) collate utf8_unicode_ci NOT NULL default '',
+ PRIMARY KEY (`id`),
+ KEY `fk_system_user_system_role1` (`system_role_id`),
+ CONSTRAINT `fk_system_user_system_role1` FOREIGN KEY (`system_role_id`) REFERENCES `system_role` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
SET character_set_client = @saved_cs_client;
--
diff --git a/manager/application/controllers/LoginController.php b/manager/application/controllers/LoginController.php
index e007e05..347fa6a 100644
--- a/manager/application/controllers/LoginController.php
+++ b/manager/application/controllers/LoginController.php
@@ -12,6 +12,12 @@ class LoginController extends Zend_Controller_Action
public function init() {
/* Initialize action controller here */
+ $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+
+ $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
+ Zend_Registry::set('auth_dbc', $db);
+ $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
+ Zend_Registry::set('auth2_dbc', $db2);
}
public function indexAction() {
@@ -24,10 +30,8 @@ class LoginController extends Zend_Controller_Action
if ($form->isValid($_POST)) {
$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
- $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
- Zend_Registry::set('auth_dbc', $db);
- $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
- Zend_Registry::set('auth2_dbc', $db2);
+ $db = Zend_Registry::get('auth_dbc');
+ $db2 = Zend_Registry::get('auth2_dbc');
$auth = new Zend_Auth_Adapter_DbTable($db);
@@ -86,14 +90,12 @@ class LoginController extends Zend_Controller_Action
$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
- $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
- Zend_Registry::set('auth_dbc', $db);
- $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
- Zend_Registry::set('auth2_dbc', $db2);
+ $db = Zend_Registry::get('auth_dbc');
+ $db2 = Zend_Registry::get('auth2_dbc');
- $auth = new Zend_Auth_Adapter_DbTable($db);
+ $auth = new Zend_Auth_Adapter_DbTable($db2);
- $auth->setTableName($config->ca_mgr->db->auth->tablename)
+ $auth->setTableName($config->ca_mgr->db->auth2->tablename)
->setIdentityColumn('user_client_crt_s_dn_i_dn')
->setCredentialColumn('user_client_crt_s_dn_i_dn');
@@ -143,27 +145,51 @@ class LoginController extends Zend_Controller_Action
protected function getAuthDetailsIntoSession($auth, $crt) {
$session = Zend_Registry::get('session');
+ $db = Zend_Registry::get('auth_dbc');
+ $db2 = Zend_Registry::get('auth2_dbc');
+
/**
* non existent in our case, look up a 2nd table (ca_mgr.system_user by login name (email)) and
* get id from there, defaulting to User (1) when no db entry exists
*/
$auth_res = $auth->getResultRowObject();
- $system_roles_id = 1;
+
+ if (!isset($auth_res->system_role_id) || $auth_res->system_role_id == 0) {
+ $res = $db2->query('select * from system_user where login=?', array($auth_res->email));
+ if ($res->rowCount() > 0) {
+ $res_ar = $res->fetch();
+ $system_roles_id = $res_ar['system_role_id'];
+ }
+ else {
+ // no extra user info in manager database, assume standard user
+ $system_roles_id = 1;
+ }
+ }
+ else
+ $system_roles_id = $auth_res->system_role_id;
$session->authdata['authed'] = true;
$session->authdata['authed_id'] = $auth_res->id;
- $session->authdata['authed_username'] = $auth_res->email;
- $session->authdata['authed_fname'] = $auth_res->fname;
- $session->authdata['authed_lname'] = $auth_res->lname;
+ if (!isset($auth_res->fname) || !isset($auth_res->lname)) {
+ $res = $db->query('select * from users where email=?', array($auth_res->login));
+ $res_ar = $res->fetch();
+ $session->authdata['authed_username'] = 'crt' . $res_ar['login'];
+ $session->authdata['authed_fname'] = $res_ar['fname'];
+ $session->authdata['authed_lname'] = $res_ar['lname'];
+ }
+ else {
+ $session->authdata['authed_username'] = $auth_res->email;
+ $session->authdata['authed_fname'] = $auth_res->fname;
+ $session->authdata['authed_lname'] = $auth_res->lname;
+ }
$session->authdata['authed_by_crt'] = $crt;
$session->authdata['authed_by_cli'] = true;
- $db = Zend_Registry::get('auth2_dbc');
- $res = $db->query('select * from system_role where id=?', array($system_roles_id));
+ $res = $db2->query('select * from system_role where id=?', array($system_roles_id));
$res_ar = $res->fetch();
$session->authdata['authed_role'] = $res_ar['role'];
- $acl = $this->makeAcl($db);
+ $acl = $this->makeAcl($db2);
$session->authdata['authed_permissions'] = $acl;