summaryrefslogtreecommitdiff
path: root/manager
diff options
context:
space:
mode:
authorMarkus Warg <mw@it-sls.de>2010-04-14 12:46:51 +0200
committerMarkus Warg <mw@it-sls.de>2010-04-14 12:46:51 +0200
commitd09a673644f87ee067f62f3de978cb046a02c7a8 (patch)
tree74447b752918485fc07252815e9284752436823e /manager
parent98a5e0d7416909104e4a665c421d5e42c8b91c2e (diff)
downloadcacert-mgr-d09a673644f87ee067f62f3de978cb046a02c7a8.tar.gz
cacert-mgr-d09a673644f87ee067f62f3de978cb046a02c7a8.tar.xz
cacert-mgr-d09a673644f87ee067f62f3de978cb046a02c7a8.zip
enable crt login
to use crt login, a string which resembles parts of the crt cn and dn needs to exist in an system_user record. The string is combined from SSL_CLIENT_S_DN and SSL_CLIENT_I_DN: SSL_CLIENT_S_DN + "//" + SSL_CLIENT_I_DN
Diffstat (limited to 'manager')
-rw-r--r--manager/application/controllers/LoginController.php60
1 files changed, 43 insertions, 17 deletions
diff --git a/manager/application/controllers/LoginController.php b/manager/application/controllers/LoginController.php
index e007e05..347fa6a 100644
--- a/manager/application/controllers/LoginController.php
+++ b/manager/application/controllers/LoginController.php
@@ -12,6 +12,12 @@ class LoginController extends Zend_Controller_Action
public function init() {
/* Initialize action controller here */
+ $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
+
+ $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
+ Zend_Registry::set('auth_dbc', $db);
+ $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
+ Zend_Registry::set('auth2_dbc', $db2);
}
public function indexAction() {
@@ -24,10 +30,8 @@ class LoginController extends Zend_Controller_Action
if ($form->isValid($_POST)) {
$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
- $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
- Zend_Registry::set('auth_dbc', $db);
- $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
- Zend_Registry::set('auth2_dbc', $db2);
+ $db = Zend_Registry::get('auth_dbc');
+ $db2 = Zend_Registry::get('auth2_dbc');
$auth = new Zend_Auth_Adapter_DbTable($db);
@@ -86,14 +90,12 @@ class LoginController extends Zend_Controller_Action
$config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);
- $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);
- Zend_Registry::set('auth_dbc', $db);
- $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);
- Zend_Registry::set('auth2_dbc', $db2);
+ $db = Zend_Registry::get('auth_dbc');
+ $db2 = Zend_Registry::get('auth2_dbc');
- $auth = new Zend_Auth_Adapter_DbTable($db);
+ $auth = new Zend_Auth_Adapter_DbTable($db2);
- $auth->setTableName($config->ca_mgr->db->auth->tablename)
+ $auth->setTableName($config->ca_mgr->db->auth2->tablename)
->setIdentityColumn('user_client_crt_s_dn_i_dn')
->setCredentialColumn('user_client_crt_s_dn_i_dn');
@@ -143,27 +145,51 @@ class LoginController extends Zend_Controller_Action
protected function getAuthDetailsIntoSession($auth, $crt) {
$session = Zend_Registry::get('session');
+ $db = Zend_Registry::get('auth_dbc');
+ $db2 = Zend_Registry::get('auth2_dbc');
+
/**
* non existent in our case, look up a 2nd table (ca_mgr.system_user by login name (email)) and
* get id from there, defaulting to User (1) when no db entry exists
*/
$auth_res = $auth->getResultRowObject();
- $system_roles_id = 1;
+
+ if (!isset($auth_res->system_role_id) || $auth_res->system_role_id == 0) {
+ $res = $db2->query('select * from system_user where login=?', array($auth_res->email));
+ if ($res->rowCount() > 0) {
+ $res_ar = $res->fetch();
+ $system_roles_id = $res_ar['system_role_id'];
+ }
+ else {
+ // no extra user info in manager database, assume standard user
+ $system_roles_id = 1;
+ }
+ }
+ else
+ $system_roles_id = $auth_res->system_role_id;
$session->authdata['authed'] = true;
$session->authdata['authed_id'] = $auth_res->id;
- $session->authdata['authed_username'] = $auth_res->email;
- $session->authdata['authed_fname'] = $auth_res->fname;
- $session->authdata['authed_lname'] = $auth_res->lname;
+ if (!isset($auth_res->fname) || !isset($auth_res->lname)) {
+ $res = $db->query('select * from users where email=?', array($auth_res->login));
+ $res_ar = $res->fetch();
+ $session->authdata['authed_username'] = 'crt' . $res_ar['login'];
+ $session->authdata['authed_fname'] = $res_ar['fname'];
+ $session->authdata['authed_lname'] = $res_ar['lname'];
+ }
+ else {
+ $session->authdata['authed_username'] = $auth_res->email;
+ $session->authdata['authed_fname'] = $auth_res->fname;
+ $session->authdata['authed_lname'] = $auth_res->lname;
+ }
$session->authdata['authed_by_crt'] = $crt;
$session->authdata['authed_by_cli'] = true;
- $db = Zend_Registry::get('auth2_dbc');
- $res = $db->query('select * from system_role where id=?', array($system_roles_id));
+ $res = $db2->query('select * from system_role where id=?', array($system_roles_id));
$res_ar = $res->fetch();
$session->authdata['authed_role'] = $res_ar['role'];
- $acl = $this->makeAcl($db);
+ $acl = $this->makeAcl($db2);
$session->authdata['authed_permissions'] = $acl;