summaryrefslogtreecommitdiffstats
path: root/usr/local
diff options
context:
space:
mode:
Diffstat (limited to 'usr/local')
-rwxr-xr-xusr/local/www/xmlrpc.php29
1 files changed, 19 insertions, 10 deletions
diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php
index 3b52764..7a0f448 100755
--- a/usr/local/www/xmlrpc.php
+++ b/usr/local/www/xmlrpc.php
@@ -29,7 +29,9 @@
TODO:
* Expose more functions.
- * Write handlers for authentication and PHP -> XML_RPC_Value.
+ * Add syslog handling of errors.
+ * Define XML_RPC_erruser.
+ * Write handlers for PHP -> XML_RPC_Value.
* xmlrpc_params_to_php currently does *not* handle structs.
*/
@@ -38,6 +40,18 @@ require_once("config.inc");
require_once("functions.inc");
// Helper functions.
+/*
+ * xmlrpc_auth: Handle basic crypt() authentication of the XMLRPC request. This function assumes that
+ * $params[0] contains the local system's plaintext password and removes the password from
+ * the array before returning it.
+ */
+function xmlrpc_auth(&$params) {
+ global $config;
+ if (crypt($params[0], $config['system']['password']) != $config['system']['password'])
+ return false; // Password didn't match.
+ array_shift($params); // Shift the password parameter off of the array.
+ return true; // Password matched.
+}
/*
* xmlrpc_params_to_php: Convert params array passed from XMLRPC server into a PHP array and return it.
@@ -46,7 +60,6 @@ require_once("functions.inc");
*/
function xmlrpc_params_to_php($params) {
$array = array();
- $param_length = $params->getNumParams();
for($i = 0; $i < $params->getNumParams(); $i++) {
$value = $params->getParam($i);
if($value->kindOf() == "scalar") {
@@ -81,10 +94,8 @@ $backup_config_section_doc = 'XMLRPC wrapper for backup_config_section. This met
$backup_config_section_sig = array(array(string, string, string));
function backup_config_section_xmlrpc($raw_params) {
- global $config;
$params = xmlrpc_params_to_php($raw_params); // Convert XML_RPC_Value objects to a PHP array of values.
- if(crypt($params[0], $config['system']['password']) != $config['system']['password'])
- return new XML_RPC_Response(new XML_RPC_Value("FAILURE.", 'string'));
+ if(!xmlrpc_auth($params)) return new XML_RPC_Response(new XML_RPC_Value("auth_failure", 'string'));
$val = new XML_RPC_Value(backup_config_section($params[1]), 'string');
return new XML_RPC_Response($val);
}
@@ -93,10 +104,9 @@ $restore_config_section_doc = 'XMLRPC wrapper for restore_config_section. This m
$restore_config_section_sig = array(array(boolean, string, string, string));
function restore_config_section_xmlrpc($raw_params) {
- global $config;
$params = xmlrpc_params_to_php($raw_params);
- if(crypt($params[0], $config['system']['password']) != $config['system']['password']) return; // Basic authentication.
- restore_config_section($params[1], $params[2]);
+ if(!xmlrpc_auth($params)) return new XML_RPC_Response(new XML_RPC_Value("auth_failure", 'string'));
+ restore_config_section($params[0], $params[1]);
return new XML_RPC_Response(new XML_RPC_Value(true, 'boolean'));
}
@@ -104,9 +114,8 @@ $filter_configure_doc = 'Basic XMLRPC wrapper for filter_configure. This method
$filter_configure_sig = array(array(boolean, string));
function filter_configure_xmlrpc($raw_params) {
- global $config;
$params = xmlrpc_params_to_php($raw_params);
- if(crypt($params[0], $config['system']['password']) != $config['system']['password']) return; // Basic authentication.
+ if(!xmlrpc_auth($params)) return new XML_RPC_Response(new XML_RPC_Value("auth_failure", 'string'));
filter_configure();
return new XML_PRC_Response(new XML_RPC_Value(true, 'boolean'));
}
OpenPOWER on IntegriCloud