From 21e323111d14100d1ac53d65049e484100aeece8 Mon Sep 17 00:00:00 2001 From: Miles Lott Date: Wed, 15 Aug 2001 03:54:15 +0000 Subject: [PATCH] Add create_server() verify_server() for the 'special' needs they have --- phpgwapi/inc/class.interserver.inc.php | 23 ++-- phpgwapi/inc/class.sessions.inc.php | 173 +++++++++++++++++++++++++ phpgwapi/inc/xml_functions.inc.php | 42 +++++- 3 files changed, 222 insertions(+), 16 deletions(-) diff --git a/phpgwapi/inc/class.interserver.inc.php b/phpgwapi/inc/class.interserver.inc.php index dbb9691082..f5a02df601 100644 --- a/phpgwapi/inc/class.interserver.inc.php +++ b/phpgwapi/inc/class.interserver.inc.php @@ -29,6 +29,7 @@ var $accounts; var $table = 'phpgw_interserv'; var $total = 0; + var $result = ''; var $servers = array(); var $serverid = 0; @@ -112,12 +113,9 @@ /* send command to remote server */ function send($method_name, $args, $url, $debug=True) { - $cmd = '$return = $this->_send_' . $this->mode . '_' . $this->security . '($method_name, $args, $url, $debug);'; + $cmd = '$this->_send_' . $this->mode . '_' . $this->security . '($method_name, $args, $url, $debug);'; eval($cmd); - if($return) - { - return $return; - } + return $this->result; } function _split_url($url) @@ -193,8 +191,8 @@ { $this->debug('Error: no response from '.$hostpart.'!'); } - - return $retval; + $this->result = $retval; + return $this->result; } function _send_xmlrpc_($method_name, $args, $url, $debug=True) @@ -232,7 +230,8 @@ $this->debug('Fault Code: ' . $r->faultCode() . ' Reason "' . $r->faultString() . '"
',$debug); } - return $v; + $this->result = xmlrpc_decode($v); + return $this->result; } function _send_soap_ssl($method_name, $args, $url, $debug=True) @@ -419,6 +418,7 @@ { $sql = "SELECT * FROM $this->table"; $this->db->query($sql,__LINE__,__FILE__); + while ($this->db->next_record()) { $this->servers[$this->db->f('server_name')]['server_id'] = $this->db->f('server_id'); @@ -431,7 +431,7 @@ $this->servers[$this->db->f('server_name')]['admin_name'] = $this->db->f('admin_name'); $this->servers[$this->db->f('server_name')]['admin_email'] = $this->db->f('admin_email'); } - $this->total = $this->db->num_rows(); + $this->total = $this->db->num_rows() + 1; return $this->servers; } @@ -447,7 +447,7 @@ { $select .= ' selected'; } - $select .= '>' . lang('Local') . ''."\n"; + $select .= '>' . lang('Please Select') . ''."\n"; while (list($key,$val) = each($this->get_list())) { @@ -552,8 +552,7 @@ $this->db->f('trust_rel') >= 1) { $this->authed = True; - $sessionid = $GLOBALS['phpgw']->session->create('anonymous','anonymous1'); - return $sessionid; + return True; } } return False; diff --git a/phpgwapi/inc/class.sessions.inc.php b/phpgwapi/inc/class.sessions.inc.php index 8016bf355e..caf74472b2 100644 --- a/phpgwapi/inc/class.sessions.inc.php +++ b/phpgwapi/inc/class.sessions.inc.php @@ -301,6 +301,179 @@ return $this->sessionid; } + function verify_server($sessionid, $kp3) + { + global $phpgw, $phpgw_info; + + $phpgw->interserver = CreateObject('phpgwapi.interserver'); + $db = $phpgw->db; + $db2 = $phpgw->db; + $this->sessionid = $sessionid; + $this->kp3 = $kp3; + + $phpgw->common->key = md5($this->kp3 . $this->sessionid . $phpgw_info['server']['encryptkey']); + $phpgw->common->iv = $phpgw_info['server']['mcrypt_iv']; + + $cryptovars[0] = $phpgw->common->key; + $cryptovars[1] = $phpgw->common->iv; + $phpgw->crypto = CreateObject('phpgwapi.crypto', $cryptovars); + + $db->query("select * from phpgw_sessions where session_id='" . $this->sessionid . "'",__LINE__,__FILE__); + $db->next_record(); + + $this->session_flags = $db->f('session_flags'); + + $login_array = explode('@', $db->f('session_lid')); + $this->account_lid = $login_array[0]; + + if (@$login_array[1] != '') + { + $this->account_domain = $login_array[1]; + } + else + { + $this->account_domain = $phpgw_info['server']['default_domain']; + } + + $phpgw_info['user']['kp3'] = $this->kp3; + $phpgw_info_flags = $phpgw_info['flags']; + + $phpgw_info['flags'] = $phpgw_info_flags; + $userid_array = explode('@',$db->f('session_lid')); +// Thinking this might solve auth_http problems + if(@$userid_array[1] == '') { $userid_array[1] = 'default'; } + $this->account_lid = $userid_array[1]; + $this->update_dla(); + $this->account_id = $phpgw->interserver->name2id($this->account_lid); + + if (!$this->account_id) + { + return False; + } + + $phpgw_info['user']['account_id'] = $this->account_id; + + $this->read_repositories(@$phpgw_info['server']['cache_phpgw_info']); + + $phpgw_info['user'] = $this->user; + $phpgw_info['hooks'] = $this->hooks; + + $phpgw_info['user']['session_ip'] = $db->f('session_ip'); + $phpgw_info['user']['passwd'] = base64_decode($this->appsession('password','phpgwapi')); + + if ($userid_array[1] != $phpgw_info['user']['domain']) + { + $phpgw->log->message('W-VerifySession, the domains %1 and %2 don\t match',$userid_array[1],$phpgw_info['user']['domain']); + $phpgw->log->commit(); + + return False; + } + + if (@$phpgw_info['server']['sessions_checkip']) + { + if (PHP_OS != 'Windows' && (! $phpgw_info['user']['session_ip'] || $phpgw_info['user']['session_ip'] != $this->getuser_ip())) + { + // This needs some better wording + $phpgw->log->message('W-VerifySession, IP %1 doesn\'t match IP %2 in session table',$this->getuser_ip(),$phpgw_info['user']['session_ip']); + $phpgw->log->commit(); + + return False; + } + } + + $phpgw->acl->acl($this->account_id); + $phpgw->accounts->accounts($this->account_id); + $phpgw->preferences->preferences($this->account_id); + $phpgw->applications->applications($this->account_id); + + if (! $this->account_lid) + { + // This needs some better wording + $phpgw->log->message('W-VerifySession, account_id is empty'); + $phpgw->log->commit(); + + return False; + } + else + { + return True; + } + } + + function create_server($login,$passwd) + { + global $phpgw_info, $phpgw, $PHP_SELF; + + $phpgw->interserver = CreateObject('phpgwapi.interserver'); + $this->login = $login; + $this->passwd = $passwd; + $this->clean_sessions(); + $login_array = explode('@', $login); + $this->account_lid = $login_array[0]; + $now = time(); + + if ($login_array[1] != '') + { + $this->account_domain = $login_array[1]; + } + else + { + $this->account_domain = $phpgw_info['server']['default_domain']; + } + + $serverdata = array( + 'server_name' => $this->account_domain, + 'username' => $this->account_lid, + 'password' => $passwd + ); + if (!$phpgw->interserver->auth($serverdata)) + { + return False; + exit; + } + + if (!$phpgw->interserver->exists($this->account_lid)) + { + $this->account_id = $phpgw->interserver->name2id($this->account_lid); + } + $phpgw_info['user']['account_id'] = $this->account_id; + $phpgw->interserver->serverid = $this->account_id; + + $this->sessionid = md5($phpgw->common->randomstring(10)); + $this->kp3 = md5($phpgw->common->randomstring(15)); + + $phpgw->common->key = md5($this->kp3 . $this->sessionid . $phpgw_info['server']['encryptkey']); + $phpgw->common->iv = $phpgw_info['server']['mcrypt_iv']; + $cryptovars[0] = $phpgw->common->key; + $cryptovars[1] = $phpgw->common->iv; + $phpgw->crypto = CreateObject('phpgwapi.crypto', $cryptovars); + + //$this->read_repositories(False); + + $phpgw_info['user'] = $this->user; + $phpgw_info['hooks'] = $this->hooks; + + $this->appsession('password','phpgwapi',base64_encode($this->passwd)); + $session_flags = 'S'; + + $user_ip = $this->getuser_ip(); + + $phpgw->db->transaction_begin(); + $phpgw->db->query("INSERT INTO phpgw_sessions VALUES ('" . $this->sessionid + . "','".$login."','" . $user_ip . "','" + . $now . "','" . $now . "','" . $PHP_SELF . "','" . $session_flags + . "')",__LINE__,__FILE__); + + $phpgw->db->query("INSERT INTO phpgw_access_log VALUES ('" . $this->sessionid . "','" + . "$login','" . $user_ip . "','$now','','" . $this->account_id . "')",__LINE__,__FILE__); + + $this->appsession('account_previous_login','phpgwapi',$phpgw->auth->previous_login); + $phpgw->auth->update_lastlogin($this->account_id,$user_ip); + $phpgw->db->transaction_commit(); + + return array($this->sessionid,$this->kp3); + } + // This will update the DateLastActive column, so the login does not expire function update_dla() { diff --git a/phpgwapi/inc/xml_functions.inc.php b/phpgwapi/inc/xml_functions.inc.php index fbe4223e47..cdf6b58f39 100644 --- a/phpgwapi/inc/xml_functions.inc.php +++ b/phpgwapi/inc/xml_functions.inc.php @@ -652,7 +652,7 @@ } $GLOBALS['_xmlrpcs_auth_sig'] = array(array(xmlrpcString,xmlrpcString,xmlrpcString,xmlrpcString)); - $GLOBALS['_xmlrpcs_auth_doc'] = 'Verify server authentication'; + $GLOBALS['_xmlrpcs_auth_doc'] = 'Server authentication'; function _xmlrpcs_auth($server,$m) { $server_name = $m->getParam(0); @@ -662,10 +662,39 @@ $serverdata['username'] = $username->scalarval(); $serverdata['password'] = $password->scalarval(); - $is = CreateObject('phpgwapi.interserver'); - $sessionid = $is->auth($serverdata); + list($sessionid,$kp3) = $GLOBALS['phpgw']->session->create_server($serverdata['username'].'@'.$serverdata['server_name'],$serverdata['password']); - if($sessionid) + if($sessionid && $kp3) + { + $rtrn[] = CreateObject('phpgwapi.xmlrpcval','sessionid','string'); + $rtrn[] = CreateObject('phpgwapi.xmlrpcval',$sessionid,'string'); + $rtrn[] = CreateObject('phpgwapi.xmlrpcval','kp3','string'); + $rtrn[] = CreateObject('phpgwapi.xmlrpcval',$kp3,'string'); + } + else + { + $rtrn[] = CreateObject('phpgwapi.xmlrpcval','GOAWAY','string'); + $rtrn[] = CreateObject('phpgwapi.xmlrpcval','XOXO','string'); + } + $r = CreateObject('phpgwapi.xmlrpcresp',CreateObject('phpgwapi.xmlrpcval',$rtrn,'struct')); + return $r; + } + + $GLOBALS['_xmlrpcs_auth_verify_sig'] = array(array(xmlrpcString,xmlrpcString,xmlrpcString,xmlrpcString)); + $GLOBALS['_xmlrpcs_auth_verify_doc'] = 'Verify Server authentication'; + function _xmlrpcs_auth_verify($server,$m) + { + $xserver_name = $m->getParam(0); + $xsessionid = $m->getParam(1); + $xkp3 = $m->getParam(2); + + $server_name = $xserver_name->scalarval(); + $sessionid = $xsessionid->scalarval(); + $kp3 = $xkp3->scalarval(); + + $verified = $GLOBALS['phpgw']->session->verify_server($sessionid,$kp3); + + if($verified) { $rtrn[] = CreateObject('phpgwapi.xmlrpcval','HELO','string'); $rtrn[] = CreateObject('phpgwapi.xmlrpcval',$sessionid,'string'); @@ -704,6 +733,11 @@ 'function' => '_xmlrpcs_auth', 'signature' => $GLOBALS['_xmlrpcs_auth_sig'], 'docstring' => $GLOBALS['_xmlrpcs_auth_doc'] + ), + 'system.auth_verify' => array( + 'function' => '_xmlrpcs_auth_verify', + 'signature' => $GLOBALS['_xmlrpcs_auth_verify_sig'], + 'docstring' => $GLOBALS['_xmlrpcs_auth_verify_doc'] ) );