public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 08:55:55 +00:00
Code Issues Releases Wiki Activity

authenticate against a hash of identifyable information from certificate instead of only serial (refs #324)

Browse Source
This commit is contained in:
Andrew Dolgov
2011-03-28 09:45:23 +04:00
parent 3d72afa19a
commit 8de8bfb871
6 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
functions.php
View File

@@ -1757,9 +1757,19 @@
return true; return true;
} }
function get_ssl_certificate_id() {
if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) {
return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
$_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
$_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
$_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
}
return "";
}
function get_login_by_ssl_certificate($link) { function get_login_by_ssl_certificate($link) {
$cert_serial = db_escape_string($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]); $cert_serial = db_escape_string(get_ssl_certificate_id());
if ($cert_serial) { if ($cert_serial) {
$result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users $result = db_query($link, "SELECT login FROM ttrss_user_prefs, ttrss_users

10
modules/pref-prefs.php
View File

@@ -435,17 +435,21 @@
} else if ($pref_name == "SSL_CERT_SERIAL") { } else if ($pref_name == "SSL_CERT_SERIAL") {
print "<input dojoType=\"dijit.form.ValidationTextBox\" print "<input dojoType=\"dijit.form.ValidationTextBox\"
id=\"SSL_CERT_SERIAL\" id=\"SSL_CERT_SERIAL\" readonly=\"1\"
name=\"$pref_name\" value=\"$value\">"; name=\"$pref_name\" value=\"$value\">";
$cert_serial = htmlspecialchars($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]); $cert_serial = htmlspecialchars(get_ssl_certificate_id());
if ($cert_serial) { if ($cert_serial) {
print " <button dojoType=\"dijit.form.Button\" print " <button dojoType=\"dijit.form.Button\"
onclick=\"insertSSLserial('$cert_serial')\">" . onclick=\"insertSSLserial('$cert_serial')\">" .
__('Fill automatically') . "</button>"; __('Register') . "</button>";
} }
print " <button dojoType=\"dijit.form.Button\"
onclick=\"insertSSLserial('')\">" .
__('Clear') . "</button>";
} else { } else {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';

2
schema/ttrss_schema_mysql.sql
View File

@@ -391,7 +391,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.'); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'Click to register your SSL client certificate with tt-rss');
create table ttrss_user_prefs ( create table ttrss_user_prefs (
owner_uid integer not null, owner_uid integer not null,

2
schema/ttrss_schema_pgsql.sql
View File

@@ -355,7 +355,7 @@ insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id) values('_MOBILE_BROWSE_CATS', 1, 'true', '', 1);
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.'); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'Click to register your SSL client certificate with tt-rss');
create table ttrss_user_prefs ( create table ttrss_user_prefs (
owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE, owner_uid integer not null references ttrss_users(id) ON DELETE CASCADE,

2
schema/versions/mysql/82.sql
View File

@@ -1,6 +1,6 @@
begin; begin;
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.'); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'Click to register your SSL client certificate with tt-rss');
update ttrss_version set schema_version = 82; update ttrss_version set schema_version = 82;

2
schema/versions/pgsql/82.sql
View File

@@ -1,6 +1,6 @@
begin; begin;
insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'You can login automatically with an active client SSL certificate if you fill in its serial number here.'); insert into ttrss_prefs (pref_name,type_id,def_value,short_desc,section_id,help_text) values('SSL_CERT_SERIAL', 2, '', 'Login with an SSL certificate',3, 'Click to register your SSL client certificate with tt-rss');
update ttrss_version set schema_version = 82; update ttrss_version set schema_version = 82;