Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F2361
clientcerts.diff
Public
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Authored By
•
bzimport
Nov 21 2014, 8:51 PM
2014-11-21 20:51:33 (UTC+0)
Size
2 KB
Referenced Files
None
Subscribers
None
clientcerts.diff
View Options
Index: DefaultSettings.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/DefaultSettings.php,v
retrieving revision 1.379
diff -u -r1.379 DefaultSettings.php
--- DefaultSettings.php 16 Oct 2005 04:09:14 -0000 1.379
+++ DefaultSettings.php 17 Oct 2005 23:25:45 -0000
@@ -622,6 +622,11 @@
$wgShowIPinHeader = true; # For non-logged in users
$wgMaxNameChars = 255; # Maximum number of bytes in username
+# Enable this setting if you want to use strong authentication
+# based on SSL client certificates; the serial number of the certificate
+# will be mapped to the last three octets of a 10.*.*.* IP address
+$wgMapClientCertToIP = false;
+
$wgExtraSubtitle = '';
$wgSiteSupportPage = ''; # A page where you users can receive donations
Index: ProxyTools.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/ProxyTools.php,v
retrieving revision 1.6
diff -u -r1.6 ProxyTools.php
--- ProxyTools.php 5 Sep 2005 02:22:20 -0000 1.6
+++ ProxyTools.php 17 Oct 2005 23:25:45 -0000
@@ -11,6 +11,7 @@
/** Work out the IP address based on various globals */
function wfGetIP() {
global $wgSquidServers, $wgSquidServersNoPurge, $wgIP;
+ global $wgMapClientCertToIP;
# Return cached result
if ( !empty( $wgIP ) ) {
@@ -50,6 +51,24 @@
}
}
+ if ( $wgMapClientCertToIP && isset( $_SERVER['SSL_CLIENT_M_SERIAL'] ) ) {
+ # This is a little classier, but requires more codebase changes
+ # and might cause more problems
+ # $ip = 'anonuser.' . $_SERVER['SSL_CLIENT_M_SERIAL'];
+
+ # This, on the other hand, is almost guaranteed to work, but could
+ # cause problems for people using the 10.*.*.* private IP range
+ $s = $_SERVER['SSL_CLIENT_M_SERIAL'];
+
+ if ( $s >= (2 << 24) ) {
+ die('Client certificate ID too large(!)');
+ }
+ $o1 = ($s >> 16);
+ $o2 = ($s >> 8) & 255;
+ $o3 = $s & 255;
+ $ip = '10.' . $o1 .'.'. $o2 .'.'. $o3;
+ }
+
wfDebug( "IP: $ip\n" );
$wgIP = $ip;
return $ip;
File Metadata
Details
Attached
Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1937
Default Alt Text
clientcerts.diff (2 KB)
Attached To
Mode
T5729: SSL client certificate authentication
Attached
Detach File
Event Timeline
Log In to Comment