From 97bde338475cf7d960716826420950d351a0afc2 Mon Sep 17 00:00:00 2001
From: Colin Smith <colin@pfsense.org>
Date: Mon, 28 Mar 2005 15:23:00 +0000
Subject: Add (basic) authentication handler and clean up a bit.

---
 usr/local/www/xmlrpc.php | 29 +++++++++++++++++++----------
 1 file changed, 19 insertions(+), 10 deletions(-)

(limited to 'usr/local/www/xmlrpc.php')

diff --git a/usr/local/www/xmlrpc.php b/usr/local/www/xmlrpc.php
index 3b52764..7a0f448 100755
--- a/usr/local/www/xmlrpc.php
+++ b/usr/local/www/xmlrpc.php
@@ -29,7 +29,9 @@
 
 	TODO:
 		* Expose more functions.
-		* Write handlers for authentication and PHP -> XML_RPC_Value.
+		* Add syslog handling of errors.
+		* Define XML_RPC_erruser.
+		* Write handlers for PHP -> XML_RPC_Value.
 		* xmlrpc_params_to_php currently does *not* handle structs.
 */
 
@@ -38,6 +40,18 @@ require_once("config.inc");
 require_once("functions.inc");
 
 // Helper functions.
+/*
+ *   xmlrpc_auth: Handle basic crypt() authentication of the XMLRPC request. This function assumes that
+ *                $params[0] contains the local system's plaintext password and removes the password from
+ *		  the array before returning it.
+ */
+function xmlrpc_auth(&$params) {
+	global $config;
+	if (crypt($params[0], $config['system']['password']) != $config['system']['password'])
+		return false; // Password didn't match.
+	array_shift($params); // Shift the password parameter off of the array.
+	return true; // Password matched.
+}
 
 /*
  *   xmlrpc_params_to_php: Convert params array passed from XMLRPC server into a PHP array and return it.
@@ -46,7 +60,6 @@ require_once("functions.inc");
  */
 function xmlrpc_params_to_php($params) {
 	$array = array();
-	$param_length = $params->getNumParams();
 	for($i = 0; $i < $params->getNumParams(); $i++) {
 		$value = $params->getParam($i);
 		if($value->kindOf() == "scalar") {
@@ -81,10 +94,8 @@ $backup_config_section_doc = 'XMLRPC wrapper for backup_config_section. This met
 $backup_config_section_sig = array(array(string, string, string));
 
 function backup_config_section_xmlrpc($raw_params) {
-	global $config;
 	$params = xmlrpc_params_to_php($raw_params); // Convert XML_RPC_Value objects to a PHP array of values.
-	if(crypt($params[0], $config['system']['password']) != $config['system']['password'])
-		return new XML_RPC_Response(new XML_RPC_Value("FAILURE.", 'string'));
+	if(!xmlrpc_auth($params)) return new XML_RPC_Response(new XML_RPC_Value("auth_failure", 'string'));
 	$val = new XML_RPC_Value(backup_config_section($params[1]), 'string'); 
 	return new XML_RPC_Response($val);
 }
@@ -93,10 +104,9 @@ $restore_config_section_doc = 'XMLRPC wrapper for restore_config_section. This m
 $restore_config_section_sig = array(array(boolean, string, string, string));
 
 function restore_config_section_xmlrpc($raw_params) {
-	global $config;
 	$params = xmlrpc_params_to_php($raw_params);
-	if(crypt($params[0], $config['system']['password']) != $config['system']['password']) return; // Basic authentication.
-	restore_config_section($params[1], $params[2]);
+	if(!xmlrpc_auth($params)) return new XML_RPC_Response(new XML_RPC_Value("auth_failure", 'string'));
+	restore_config_section($params[0], $params[1]);
 	return new XML_RPC_Response(new XML_RPC_Value(true, 'boolean'));
 }
 
@@ -104,9 +114,8 @@ $filter_configure_doc = 'Basic XMLRPC wrapper for filter_configure. This method
 $filter_configure_sig = array(array(boolean, string));
 
 function filter_configure_xmlrpc($raw_params) {
-	global $config;
 	$params = xmlrpc_params_to_php($raw_params);
-	if(crypt($params[0], $config['system']['password']) != $config['system']['password']) return; // Basic authentication.
+	if(!xmlrpc_auth($params)) return new XML_RPC_Response(new XML_RPC_Value("auth_failure", 'string'));
 	filter_configure();
 	return new XML_PRC_Response(new XML_RPC_Value(true, 'boolean'));
 }
-- 
cgit v1.1