| Dmitry Shmidt | df5a7e4 | 2014-04-02 12:59:59 -0700 | [diff] [blame] | 1 | <?php |
| 2 | |
| 3 | require('config.php'); |
| 4 | |
| 5 | if (!stristr($_SERVER["CONTENT_TYPE"], "application/soap+xml")) { |
| 6 | error_log("spp.php - Unexpected Content-Type " . $_SERVER["CONTENT_TYPE"]); |
| 7 | die("Unexpected Content-Type"); |
| 8 | } |
| 9 | |
| 10 | if ($_SERVER["REQUEST_METHOD"] != "POST") { |
| 11 | error_log("spp.php - Unexpected method " . $_SERVER["REQUEST_METHOD"]); |
| 12 | die("Unexpected method"); |
| 13 | } |
| 14 | |
| 15 | if (isset($_GET["realm"])) { |
| 16 | $realm = $_GET["realm"]; |
| 17 | $realm = PREG_REPLACE("/[^0-9a-zA-Z\.\-]/i", '', $realm); |
| 18 | } else { |
| 19 | error_log("spp.php - Realm not specified"); |
| 20 | die("Realm not specified"); |
| 21 | } |
| 22 | |
| Hai Shalom | 39ba6fc | 2019-01-22 12:40:38 -0800 | [diff] [blame^] | 23 | if (isset($_GET["test"])) |
| 24 | $test = PREG_REPLACE("/[^0-9a-zA-Z\_\-]/i", '', $_GET["test"]); |
| 25 | else |
| 26 | $test = ""; |
| 27 | |
| Dmitry Shmidt | df5a7e4 | 2014-04-02 12:59:59 -0700 | [diff] [blame] | 28 | unset($user); |
| 29 | putenv("HS20CERT"); |
| 30 | |
| 31 | if (!empty($_SERVER['PHP_AUTH_DIGEST'])) { |
| 32 | $needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, |
| 33 | 'uri'=>1, 'response'=>1); |
| 34 | $data = array(); |
| 35 | $keys = implode('|', array_keys($needed)); |
| 36 | preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', |
| 37 | $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER); |
| 38 | foreach ($matches as $m) { |
| 39 | $data[$m[1]] = $m[3] ? $m[3] : $m[4]; |
| 40 | unset($needed[$m[1]]); |
| 41 | } |
| 42 | if ($needed) { |
| 43 | error_log("spp.php - Authentication failed - missing: " . print_r($needed)); |
| 44 | die('Authentication failed'); |
| 45 | } |
| 46 | $user = $data['username']; |
| 47 | if (strlen($user) < 1) { |
| 48 | error_log("spp.php - Authentication failed - empty username"); |
| 49 | die('Authentication failed'); |
| 50 | } |
| 51 | |
| 52 | |
| 53 | $db = new PDO($osu_db); |
| 54 | if (!$db) { |
| 55 | error_log("spp.php - Could not access database"); |
| 56 | die("Could not access database"); |
| 57 | } |
| 58 | $row = $db->query("SELECT password FROM users " . |
| 59 | "WHERE identity='$user' AND realm='$realm'")->fetch(); |
| 60 | if (!$row) { |
| 61 | $row = $db->query("SELECT osu_password FROM users " . |
| 62 | "WHERE osu_user='$user' AND realm='$realm'")->fetch(); |
| 63 | $pw = $row['osu_password']; |
| 64 | } else |
| 65 | $pw = $row['password']; |
| 66 | if (!$row) { |
| 67 | error_log("spp.php - Authentication failed - user '$user' not found"); |
| 68 | die('Authentication failed'); |
| 69 | } |
| 70 | if (strlen($pw) < 1) { |
| 71 | error_log("spp.php - Authentication failed - empty password"); |
| 72 | die('Authentication failed'); |
| 73 | } |
| 74 | |
| 75 | $A1 = md5($user . ':' . $realm . ':' . $pw); |
| 76 | $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); |
| 77 | $resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . |
| 78 | $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); |
| 79 | if ($data['response'] != $resp) { |
| 80 | error_log("Authentication failure - response mismatch"); |
| 81 | die('Authentication failed'); |
| 82 | } |
| 83 | } else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) && |
| 84 | $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" && |
| 85 | isset($_SERVER["SSL_CLIENT_M_SERIAL"])) { |
| 86 | $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"]; |
| 87 | putenv("HS20CERT=yes"); |
| 88 | } else if (!isset($_SERVER["PATH_INFO"]) || |
| 89 | $_SERVER["PATH_INFO"] != "/signup") { |
| 90 | header('HTTP/1.1 401 Unauthorized'); |
| 91 | header('WWW-Authenticate: Digest realm="'.$realm. |
| 92 | '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); |
| 93 | error_log("spp.php - Authentication required (not signup)"); |
| 94 | die('Authentication required (not signup)'); |
| 95 | } |
| 96 | |
| 97 | |
| 98 | if (isset($user) && strlen($user) > 0) |
| 99 | putenv("HS20USER=$user"); |
| 100 | else |
| 101 | putenv("HS20USER"); |
| 102 | |
| 103 | putenv("HS20REALM=$realm"); |
| Dmitry Shmidt | d5ab1b5 | 2016-06-21 12:38:41 -0700 | [diff] [blame] | 104 | $postdata = file_get_contents("php://input"); |
| 105 | putenv("HS20POST=$postdata"); |
| Dmitry Shmidt | df5a7e4 | 2014-04-02 12:59:59 -0700 | [diff] [blame] | 106 | $addr = $_SERVER["REMOTE_ADDR"]; |
| 107 | putenv("HS20ADDR=$addr"); |
| Hai Shalom | 39ba6fc | 2019-01-22 12:40:38 -0800 | [diff] [blame^] | 108 | putenv("HS20TEST=$test"); |
| Dmitry Shmidt | df5a7e4 | 2014-04-02 12:59:59 -0700 | [diff] [blame] | 109 | |
| 110 | $last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret); |
| 111 | |
| 112 | if ($ret == 2) { |
| 113 | if (empty($_SERVER['PHP_AUTH_DIGEST'])) { |
| 114 | header('HTTP/1.1 401 Unauthorized'); |
| 115 | header('WWW-Authenticate: Digest realm="'.$realm. |
| 116 | '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); |
| 117 | error_log("spp.php - Authentication required (ret 2)"); |
| 118 | die('Authentication required'); |
| 119 | } else { |
| 120 | error_log("spp.php - Unexpected authentication error"); |
| 121 | die("Unexpected authentication error"); |
| 122 | } |
| 123 | } |
| 124 | if ($ret != 0) { |
| 125 | error_log("spp.php - Failed to process SPP request"); |
| 126 | die("Failed to process SPP request"); |
| 127 | } |
| 128 | //error_log("spp.php: Response: " . implode($output)); |
| 129 | |
| 130 | header("Content-Type: application/soap+xml"); |
| 131 | |
| 132 | echo implode($output); |
| 133 | |
| 134 | ?> |