diff options
| author | Ermal <eri@pfsense.org> | 2011-03-30 20:33:39 +0000 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2011-03-30 20:34:13 +0000 |
| commit | b7d5a7bab8531b6a038100e74edc5d27a26b1d6a (patch) | |
| tree | 4473e8099a41f8d42da8923b4911dea6002e03bf /etc | |
| parent | 176a282e335e2df27754d2dc391ba6266700e31e (diff) | |
| download | pfsense-b7d5a7bab8531b6a038100e74edc5d27a26b1d6a.zip pfsense-b7d5a7bab8531b6a038100e74edc5d27a26b1d6a.tar.gz | |
Do not rely on first user being admin as this breaks in certain cases the XMLRPC authentication. TODO: pass username as argument too. This now can use the local system authentication settings as well.
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/xmlrpc.inc | 38 |
1 files changed, 20 insertions, 18 deletions
diff --git a/etc/inc/xmlrpc.inc b/etc/inc/xmlrpc.inc index ae725e5..72a368e 100644 --- a/etc/inc/xmlrpc.inc +++ b/etc/inc/xmlrpc.inc @@ -33,6 +33,7 @@ pfSense_MODULE: utils */ +require_once("auth.inc"); require_once("xmlrpc_client.inc"); /* @@ -109,25 +110,26 @@ function php_value_to_xmlrpc($value, $force_array = false) { function xmlrpc_auth(&$params) { global $config, $_SERVER; - if (!is_array($config['system']['user'])) { + /* XXX: Should teach caller to pass username and use it here. */ + /* XXX: Should clarify from old behaviour what is in params[0] that differs from params['xmlrpcauth'] */ + if (isset($config['system']['webgui']['authmode'])) { + $authcfg = auth_get_authserver($config['system']['webgui']['authmode']); + if (authenticate_user("admin", $params[0], $authcfg) || + authenticate_user("admin", $params[0])) { + array_shift($params); + unset($params['0']); + return true; + } else if (authenticate_user("admin", $params['xmlrpcauth'], $authcfg) || + authenticate_user("admin", $params['xmlrpcauth'])) { + array_shift($params); + unset($params['xmlrpcauth']); + return true; + } + } else if (authenticate_user("admin", $params[0])) { array_shift($params); - unset($params['xmlrpcauth']); - log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); - return false; - } - if (!isset($config['system']['user'][0]['password'])) { - array_shift($params); - unset($params['xmlrpcauth']); - log_error("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']} during sync settings."); - return false; - } - - $localpass = $config['system']['user'][0]['password']; - if(crypt($params[0], $localpass) == $localpass) { - array_shift($params); - unset($params['xmlrpcauth']); + unset($params['0']); return true; - } else if(crypt($params['xmlrpcauth'], $localpass) == $localpass) { + } else if (authenticate_user("admin", $params['xmlrpcauth'])) { array_shift($params); unset($params['xmlrpcauth']); return true; @@ -139,4 +141,4 @@ function xmlrpc_auth(&$params) { return false; } -?>
\ No newline at end of file +?> |
