From 01c6169e1fd3ad2278798ad56816a9d81fc215d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Fr=C3=B6hlich?= Date: Mon, 4 Mar 2013 00:06:29 +0100 Subject: [PATCH 1/2] Do not accept certificates for login which have nor Email field set --- lang/dutch.php | 2 ++ lang/english.php | 2 ++ lang/french.php | 2 ++ lang/german.php | 2 ++ lang/spanish.php | 2 ++ login.php | 2 ++ 6 files changed, 12 insertions(+) diff --git a/lang/dutch.php b/lang/dutch.php index 7e1bb6d..de4dec0 100755 --- a/lang/dutch.php +++ b/lang/dutch.php @@ -140,6 +140,8 @@ define("Index_01","aangemeld als :"); define("Login_01","Uw certificaat kon niet gecontroleerd worden."); define("Login_02","Uw certificaat is ingetrokken."); define("Login_03_No_Org_Certs","Organisatie (OA) certificaten worden niet aanvaard door CATS omdat deze niet eenvoudig naar een gebruikersaccount te herleiden zijn."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Help"); define("Menue_02","Aanmelden"); define("Menue_03","Afmelden"); diff --git a/lang/english.php b/lang/english.php index e9bc379..34b214a 100755 --- a/lang/english.php +++ b/lang/english.php @@ -139,6 +139,8 @@ define("Index_01","logged in as :"); define("Login_01","Your certificate could not be validated."); define("Login_02","Your certificate has been revoked."); define("Login_03_No_Org_Certs","Organisation certificates are not accepted for CATS since they cannot be easily traced to a user account."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Help"); define("Menue_02","Login"); define("Menue_03","Logout"); diff --git a/lang/french.php b/lang/french.php index 5dcfe45..be06a8c 100755 --- a/lang/french.php +++ b/lang/french.php @@ -139,6 +139,8 @@ define("Index_01","Connect define("Login_01","votre certificat pourrait ne pas être validé."); define("Login_02","votre certificat a été révoqué."); define("Login_03_No_Org_Certs","certificats d'organisation ne sont pas acceptés pour chats car ils ne peuvent pas être facilement remonter à un compte d'utilisateur."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Help"); define("Menue_02","connexion"); define("Menue_03","déconnexion"); diff --git a/lang/german.php b/lang/german.php index 0d34f87..d7c16cf 100755 --- a/lang/german.php +++ b/lang/german.php @@ -139,6 +139,8 @@ define("Index_01","eingeloggt als :"); define("Login_01","Ihr Zertifikat konnte nicht überprüft werden"); define("Login_02","Ihr Zertifikat wurde wiederrufen"); define("Login_03_No_Org_Certs","Organisations-Zertifikate werden von CATS nicht akzeptiert, da sie sich nicht einfach einem Benutzerkonto zuordnen lassen."); +define("Login_04_No_Server_Certs","Ihr Zertifikat enthält kein Email-Feld, vermutlich handelt es sich um ein Server-Zertifikat.
". + "Server-Zertifikate werden von CATS nicht akzeptiert, da sie keine Person identifizieren."); define("Menue_01","Hilfe"); define("Menue_02","Login"); define("Menue_03","Logout"); diff --git a/lang/spanish.php b/lang/spanish.php index 1133fe0..d4a8d07 100755 --- a/lang/spanish.php +++ b/lang/spanish.php @@ -139,6 +139,8 @@ define("Index_01","registrado como :"); define("Login_01","Su certificado no pudo ser validado."); define("Login_02","Su certificado ha sido revocado."); define("Login_03_No_Org_Certs","No se aceptan certificados de organizaciones para los CATS ya que no pueden ser relacionados fácilmente con una cuenta de usuario."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Ayuda"); define("Menue_02","Iniciar sesión"); define("Menue_03","Salir"); diff --git a/login.php b/login.php index c0a6a30..0fd2bdd 100755 --- a/login.php +++ b/login.php @@ -13,6 +13,8 @@ include ("functions/acceptLogin.php"); if (isset($_SERVER["SSL_CLIENT_S_DN_O"])) { echo '

'.Login_03_No_Org_Certs.'
'; + } elseif(!isset($_SERVER["SSL_CLIENT_S_DN_Email"]) { + echo '

'.Login_04_No_Server_Certs.'
'; } elseif( $user_id ){ $sql="SELECT * FROM user where `user_id`='".$user_id."' and `root`='".$root."' "; $query = mysql_query($sql); From 0fe3c3509f09326a2302b3064bdc6309962d977b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bernhard=20Fr=C3=B6hlich?= Date: Mon, 4 Mar 2013 00:06:29 +0100 Subject: [PATCH 2/2] Do not accept certificates for login which have nor Email field set --- lang/dutch.php | 2 ++ lang/english.php | 2 ++ lang/french.php | 2 ++ lang/german.php | 2 ++ lang/spanish.php | 2 ++ login.php | 2 ++ 6 files changed, 12 insertions(+) diff --git a/lang/dutch.php b/lang/dutch.php index 7e1bb6d..de4dec0 100755 --- a/lang/dutch.php +++ b/lang/dutch.php @@ -140,6 +140,8 @@ define("Index_01","aangemeld als :"); define("Login_01","Uw certificaat kon niet gecontroleerd worden."); define("Login_02","Uw certificaat is ingetrokken."); define("Login_03_No_Org_Certs","Organisatie (OA) certificaten worden niet aanvaard door CATS omdat deze niet eenvoudig naar een gebruikersaccount te herleiden zijn."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Help"); define("Menue_02","Aanmelden"); define("Menue_03","Afmelden"); diff --git a/lang/english.php b/lang/english.php index d78effe..859acbb 100755 --- a/lang/english.php +++ b/lang/english.php @@ -144,6 +144,8 @@ define("Index_01","logged in as :"); define("Login_01","Your certificate could not be validated."); define("Login_02","Your certificate has been revoked."); define("Login_03_No_Org_Certs","Organisation certificates are not accepted for CATS since they cannot be easily traced to a user account."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Help"); define("Menue_02","Login"); define("Menue_03","Logout"); diff --git a/lang/french.php b/lang/french.php index 1531ecf..1d5e144 100755 --- a/lang/french.php +++ b/lang/french.php @@ -143,6 +143,8 @@ define("Index_01","Connect define("Login_01","votre certificat pourrait ne pas être validé."); define("Login_02","votre certificat a été révoqué."); define("Login_03_No_Org_Certs","certificats d'organisation ne sont pas acceptés pour chats car ils ne peuvent pas être facilement remonter à un compte d'utilisateur."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Help"); define("Menue_02","connexion"); define("Menue_03","déconnexion"); diff --git a/lang/german.php b/lang/german.php index 91a23c0..c1444b6 100755 --- a/lang/german.php +++ b/lang/german.php @@ -143,6 +143,8 @@ define("Index_01","eingeloggt als :"); define("Login_01","Ihr Zertifikat konnte nicht überprüft werden"); define("Login_02","Ihr Zertifikat wurde wiederrufen"); define("Login_03_No_Org_Certs","Organisations-Zertifikate werden von CATS nicht akzeptiert, da sie sich nicht einfach einem Benutzerkonto zuordnen lassen."); +define("Login_04_No_Server_Certs","Ihr Zertifikat enthält kein Email-Feld, vermutlich handelt es sich um ein Server-Zertifikat.
". + "Server-Zertifikate werden von CATS nicht akzeptiert, da sie keine Person identifizieren."); define("Menue_01","Hilfe"); define("Menue_02","Login"); define("Menue_03","Logout"); diff --git a/lang/spanish.php b/lang/spanish.php index 1133fe0..d4a8d07 100755 --- a/lang/spanish.php +++ b/lang/spanish.php @@ -139,6 +139,8 @@ define("Index_01","registrado como :"); define("Login_01","Su certificado no pudo ser validado."); define("Login_02","Su certificado ha sido revocado."); define("Login_03_No_Org_Certs","No se aceptan certificados de organizaciones para los CATS ya que no pueden ser relacionados fácilmente con una cuenta de usuario."); +define("Login_04_No_Server_Certs","Your certificate does not contain an Email field, you are probably using a server certificate.
". + "Server certificates cannot be used to log in to CATS since they do not identify a person."); define("Menue_01","Ayuda"); define("Menue_02","Iniciar sesión"); define("Menue_03","Salir"); diff --git a/login.php b/login.php index c0a6a30..0fd2bdd 100755 --- a/login.php +++ b/login.php @@ -13,6 +13,8 @@ include ("functions/acceptLogin.php"); if (isset($_SERVER["SSL_CLIENT_S_DN_O"])) { echo '

'.Login_03_No_Org_Certs.'
'; + } elseif(!isset($_SERVER["SSL_CLIENT_S_DN_Email"]) { + echo '

'.Login_04_No_Server_Certs.'
'; } elseif( $user_id ){ $sql="SELECT * FROM user where `user_id`='".$user_id."' and `root`='".$root."' "; $query = mysql_query($sql);