verstehe Umgebungsvariablen für Client-Cert mit oder ohne "REDRIECT_"-Prefix
Bernd Wurst commited on 2015-12-14 15:33:20
Zeige 1 geänderte Dateien mit 14 Einfügungen und 10 Löschungen.
- certlogin/index.php d7ff580..b2a77fe
| ... | ... |
@@ -55,15 +55,19 @@ function get_logins_by_cert($cert) |
| 55 | 55 |
DEBUG('$_SERVER:');
|
| 56 | 56 |
DEBUG($_SERVER); |
| 57 | 57 |
|
| 58 |
+$redirect = ""; |
|
| 59 |
+if (! isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) {
|
|
| 60 |
+ $redirect = "REDIRECT_"; |
|
| 61 |
+} |
|
| 58 | 62 |
|
| 59 | 63 |
if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto'])) |
| 60 | 64 |
{
|
| 61 | 65 |
DEBUG('recording client-cert');
|
| 62 |
- if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_S_DN']) && isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN'])) |
|
| 66 |
+ if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_I_DN'])) |
|
| 63 | 67 |
{
|
| 64 |
- $_SESSION['clientcert_cert'] = prepare_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']); |
|
| 65 |
- $_SESSION['clientcert_dn'] = $_SERVER['REDIRECT_SSL_CLIENT_S_DN']; |
|
| 66 |
- $_SESSION['clientcert_issuer'] = $_SERVER['REDIRECT_SSL_CLIENT_I_DN']; |
|
| 68 |
+ $_SESSION['clientcert_cert'] = prepare_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
| 69 |
+ $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN']; |
|
| 70 |
+ $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN']; |
|
| 67 | 71 |
header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
|
| 68 | 72 |
die(); |
| 69 | 73 |
} |
| ... | ... |
@@ -75,10 +79,10 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($ |
| 75 | 79 |
} |
| 76 | 80 |
} |
| 77 | 81 |
elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
|
| 78 |
- if (!isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) |
|
| 82 |
+ if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) |
|
| 79 | 83 |
system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
|
| 80 | 84 |
|
| 81 |
- $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']); |
|
| 85 |
+ $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
| 82 | 86 |
DEBUG($ret); |
| 83 | 87 |
foreach ($ret as $account) {
|
| 84 | 88 |
DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/ /'.$account['username'].'/'.$_REQUEST['username'].'/ =>');
|
| ... | ... |
@@ -103,10 +107,10 @@ elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
|
| 103 | 107 |
} |
| 104 | 108 |
else |
| 105 | 109 |
{
|
| 106 |
- if (isset($_SERVER['REDIRECT_SSL_CLIENT_CERT']) && |
|
| 107 |
- isset($_SERVER['REDIRECT_SSL_CLIENT_S_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_S_DN'] != '' && |
|
| 108 |
- isset($_SERVER['REDIRECT_SSL_CLIENT_I_DN']) && $_SERVER['REDIRECT_SSL_CLIENT_I_DN'] != '') {
|
|
| 109 |
- $ret = get_logins_by_cert($_SERVER['REDIRECT_SSL_CLIENT_CERT']); |
|
| 110 |
+ if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && |
|
| 111 |
+ isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && |
|
| 112 |
+ isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '') {
|
|
| 113 |
+ $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']); |
|
| 110 | 114 |
if ($ret === NULL) {
|
| 111 | 115 |
login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
|
| 112 | 116 |
} |
| 113 | 117 |