Page MenuHomePhabricator

clientcerts.diff

Authored By
bzimport
Nov 21 2014, 8:51 PM
Size
2 KB
Referenced Files
None
Subscribers
None

clientcerts.diff

Index: DefaultSettings.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/DefaultSettings.php,v
retrieving revision 1.379
diff -u -r1.379 DefaultSettings.php
--- DefaultSettings.php 16 Oct 2005 04:09:14 -0000 1.379
+++ DefaultSettings.php 17 Oct 2005 23:25:45 -0000
@@ -622,6 +622,11 @@
$wgShowIPinHeader = true; # For non-logged in users
$wgMaxNameChars = 255; # Maximum number of bytes in username
+# Enable this setting if you want to use strong authentication
+# based on SSL client certificates; the serial number of the certificate
+# will be mapped to the last three octets of a 10.*.*.* IP address
+$wgMapClientCertToIP = false;
+
$wgExtraSubtitle = '';
$wgSiteSupportPage = ''; # A page where you users can receive donations
Index: ProxyTools.php
===================================================================
RCS file: /cvsroot/wikipedia/phase3/includes/ProxyTools.php,v
retrieving revision 1.6
diff -u -r1.6 ProxyTools.php
--- ProxyTools.php 5 Sep 2005 02:22:20 -0000 1.6
+++ ProxyTools.php 17 Oct 2005 23:25:45 -0000
@@ -11,6 +11,7 @@
/** Work out the IP address based on various globals */
function wfGetIP() {
global $wgSquidServers, $wgSquidServersNoPurge, $wgIP;
+ global $wgMapClientCertToIP;
# Return cached result
if ( !empty( $wgIP ) ) {
@@ -50,6 +51,24 @@
}
}
+ if ( $wgMapClientCertToIP && isset( $_SERVER['SSL_CLIENT_M_SERIAL'] ) ) {
+ # This is a little classier, but requires more codebase changes
+ # and might cause more problems
+ # $ip = 'anonuser.' . $_SERVER['SSL_CLIENT_M_SERIAL'];
+
+ # This, on the other hand, is almost guaranteed to work, but could
+ # cause problems for people using the 10.*.*.* private IP range
+ $s = $_SERVER['SSL_CLIENT_M_SERIAL'];
+
+ if ( $s >= (2 << 24) ) {
+ die('Client certificate ID too large(!)');
+ }
+ $o1 = ($s >> 16);
+ $o2 = ($s >> 8) & 255;
+ $o3 = $s & 255;
+ $ip = '10.' . $o1 .'.'. $o2 .'.'. $o3;
+ }
+
wfDebug( "IP: $ip\n" );
$wgIP = $ip;
return $ip;

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
1937
Default Alt Text
clientcerts.diff (2 KB)

Event Timeline