Page MenuHomePhabricator
Files F2361

clientcerts.diff
Public
Actions

Authored By
bzimport
Nov 21 2014, 8:51 PM
Size
2 KB
Referenced Files
None
Subscribers
None

clientcerts.diff
View Options

Index: DefaultSettings.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/DefaultSettings.php,v
retrieving revision 1.379
diff -u -r1.379 DefaultSettings.php
--- DefaultSettings.php 16 Oct 2005 04:09:14 -0000 1.379
+++ DefaultSettings.php 17 Oct 2005 23:25:45 -0000
@@ -622,6 +622,11 @@
$wgShowIPinHeader = true; # For non-logged in users
$wgMaxNameChars = 255; # Maximum number of bytes in username
+# Enable this setting if you want to use strong authentication
+# based on SSL client certificates; the serial number of the certificate
+# will be mapped to the last three octets of a 10.*.*.* IP address
+$wgMapClientCertToIP = false;
+
$wgExtraSubtitle = '';
$wgSiteSupportPage = ''; # A page where you users can receive donations
Index: ProxyTools.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/ProxyTools.php,v
retrieving revision 1.6
diff -u -r1.6 ProxyTools.php
--- ProxyTools.php 5 Sep 2005 02:22:20 -0000 1.6
+++ ProxyTools.php 17 Oct 2005 23:25:45 -0000
@@ -11,6 +11,7 @@
/** Work out the IP address based on various globals */
function wfGetIP() {
global $wgSquidServers, $wgSquidServersNoPurge, $wgIP;
+ global $wgMapClientCertToIP;
# Return cached result
if ( !empty( $wgIP ) ) {
@@ -50,6 +51,24 @@
}
}
+ if ( $wgMapClientCertToIP && isset( $_SERVER['SSL_CLIENT_M_SERIAL'] ) ) {
+ # This is a little classier, but requires more codebase changes
+ # and might cause more problems
+ # $ip = 'anonuser.' . $_SERVER['SSL_CLIENT_M_SERIAL'];
+
+ # This, on the other hand, is almost guaranteed to work, but could
+ # cause problems for people using the 10.*.*.* private IP range
+ $s = $_SERVER['SSL_CLIENT_M_SERIAL'];
+
+ if ( $s >= (2 << 24) ) {
+ die('Client certificate ID too large(!)');
+ }
+ $o1 = ($s >> 16);
+ $o2 = ($s >> 8) & 255;
+ $o3 = $s & 255;
+ $ip = '10.' . $o1 .'.'. $o2 .'.'. $o3;
+ }
+
wfDebug( "IP: $ip\n" );
$wgIP = $ip;
return $ip;

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1937
Default Alt Text
clientcerts.diff (2 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL