enable crt login
authorMarkus Warg <mw@it-sls.de>
Wed, 14 Apr 2010 10:46:51 +0000 (12:46 +0200)
committerMarkus Warg <mw@it-sls.de>
Wed, 14 Apr 2010 10:46:51 +0000 (12:46 +0200)
to use crt login, a string which resembles parts of the crt cn and dn needs to exist in an system_user
record. The string is combined from SSL_CLIENT_S_DN and SSL_CLIENT_I_DN:
SSL_CLIENT_S_DN + "//" + SSL_CLIENT_I_DN

dbadm/ca_mgr.mysql
manager/application/controllers/LoginController.php

index 43f4f0e..1542932 100644 (file)
@@ -153,8 +153,12 @@ SET @saved_cs_client     = @@character_set_client;
 SET character_set_client = utf8;
 CREATE TABLE `system_user` (
   `id` bigint(20) NOT NULL auto_increment,
-  PRIMARY KEY  (`id`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+  `system_role_id` bigint(20) NOT NULL,
+  `login` varchar(255) collate utf8_unicode_ci NOT NULL default '',
+  PRIMARY KEY  (`id`),
+  KEY `fk_system_user_system_role1` (`system_role_id`),
+  CONSTRAINT `fk_system_user_system_role1` FOREIGN KEY (`system_role_id`) REFERENCES `system_role` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 SET character_set_client = @saved_cs_client;
 
 --
index e007e05..347fa6a 100644 (file)
@@ -12,6 +12,12 @@ class LoginController extends Zend_Controller_Action
 \r
     public function init() {\r
         /* Initialize action controller here */\r
+       $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);\r
+\r
+       $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);\r
+               Zend_Registry::set('auth_dbc', $db);\r
+       $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);\r
+               Zend_Registry::set('auth2_dbc', $db2);\r
     }\r
 \r
     public function indexAction() {\r
@@ -24,10 +30,8 @@ class LoginController extends Zend_Controller_Action
        if ($form->isValid($_POST)) {\r
                $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);\r
 \r
-               $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);\r
-                       Zend_Registry::set('auth_dbc', $db);\r
-               $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);\r
-                       Zend_Registry::set('auth2_dbc', $db2);\r
+                       $db = Zend_Registry::get('auth_dbc');\r
+                       $db2 = Zend_Registry::get('auth2_dbc');\r
 \r
                $auth = new Zend_Auth_Adapter_DbTable($db);\r
 \r
@@ -86,14 +90,12 @@ class LoginController extends Zend_Controller_Action
 \r
        $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini', APPLICATION_ENV);\r
 \r
-       $db = Zend_Db::factory($config->ca_mgr->db->auth->pdo, $config->ca_mgr->db->auth);\r
-               Zend_Registry::set('auth_dbc', $db);\r
-               $db2 = Zend_Db::factory($config->ca_mgr->db->auth2->pdo, $config->ca_mgr->db->auth2);\r
-               Zend_Registry::set('auth2_dbc', $db2);\r
+               $db = Zend_Registry::get('auth_dbc');\r
+               $db2 = Zend_Registry::get('auth2_dbc');\r
 \r
-       $auth = new Zend_Auth_Adapter_DbTable($db);\r
+       $auth = new Zend_Auth_Adapter_DbTable($db2);\r
 \r
-       $auth->setTableName($config->ca_mgr->db->auth->tablename)\r
+       $auth->setTableName($config->ca_mgr->db->auth2->tablename)\r
                 ->setIdentityColumn('user_client_crt_s_dn_i_dn')\r
                 ->setCredentialColumn('user_client_crt_s_dn_i_dn');\r
 \r
@@ -143,27 +145,51 @@ class LoginController extends Zend_Controller_Action
        protected function getAuthDetailsIntoSession($auth, $crt) {\r
                $session = Zend_Registry::get('session');\r
 \r
+               $db  = Zend_Registry::get('auth_dbc');\r
+               $db2 = Zend_Registry::get('auth2_dbc');\r
+\r
                /**\r
                 * non existent in our case, look up a 2nd table (ca_mgr.system_user by login name (email)) and\r
                 * get id from there, defaulting to User (1) when no db entry exists\r
                 */\r
        $auth_res = $auth->getResultRowObject();\r
-               $system_roles_id = 1;\r
+\r
+       if (!isset($auth_res->system_role_id) || $auth_res->system_role_id == 0) {\r
+               $res = $db2->query('select * from system_user where login=?', array($auth_res->email));\r
+                       if ($res->rowCount() > 0) {\r
+                       $res_ar = $res->fetch();\r
+                       $system_roles_id = $res_ar['system_role_id'];\r
+                       }\r
+               else {\r
+                       // no extra user info in manager database, assume standard user\r
+                       $system_roles_id = 1;\r
+               }\r
+       }\r
+               else\r
+                       $system_roles_id = $auth_res->system_role_id;\r
 \r
                $session->authdata['authed'] = true;\r
        $session->authdata['authed_id'] = $auth_res->id;\r
-       $session->authdata['authed_username'] = $auth_res->email;\r
-       $session->authdata['authed_fname'] = $auth_res->fname;\r
-       $session->authdata['authed_lname'] = $auth_res->lname;\r
+               if (!isset($auth_res->fname) || !isset($auth_res->lname)) {\r
+                       $res = $db->query('select * from users where email=?', array($auth_res->login));\r
+                       $res_ar = $res->fetch();\r
+                       $session->authdata['authed_username'] = 'crt' . $res_ar['login'];\r
+                       $session->authdata['authed_fname'] = $res_ar['fname'];\r
+                       $session->authdata['authed_lname'] = $res_ar['lname'];\r
+               }\r
+               else  {\r
+                   $session->authdata['authed_username'] = $auth_res->email;\r
+                   $session->authdata['authed_fname'] = $auth_res->fname;\r
+                   $session->authdata['authed_lname'] = $auth_res->lname;\r
+               }\r
                $session->authdata['authed_by_crt'] = $crt;\r
                $session->authdata['authed_by_cli'] = true;\r
 \r
-       $db = Zend_Registry::get('auth2_dbc');\r
-               $res = $db->query('select * from system_role where id=?', array($system_roles_id));\r
+               $res = $db2->query('select * from system_role where id=?', array($system_roles_id));\r
                $res_ar = $res->fetch();\r
        $session->authdata['authed_role'] = $res_ar['role'];\r
 \r
-       $acl = $this->makeAcl($db);\r
+       $acl = $this->makeAcl($db2);\r
 \r
        $session->authdata['authed_permissions'] = $acl;\r
 \r