mnet MDL-21098 small fixes - ss out issue and edge case simultaneous keyswap loop
[moodle.git] / mnet / xmlrpc / server.php
CommitLineData
71558f85 1<?php
2/**
3 * An XML-RPC server
4 *
5 * @author Donal McMullan donal@catalyst.net.nz
6 * @version 0.0.1
7 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
8 * @package mnet
9 */
10
11// Make certain that config.php doesn't display any errors, and that it doesn't
12// override our do-not-display-errors setting:
af0e9032
PS
13// disable moodle specific debug messages and any errors in output
14define('NO_DEBUG_DISPLAY', true);
15// cookies are not used, makes sure there is empty global $USER
16define('NO_MOODLE_COOKIES', true);
17
287efec6
PL
18define('MNET_SERVER', true);
19
71558f85 20require_once(dirname(dirname(dirname(__FILE__))) . '/config.php');
71558f85 21
287efec6 22$mnet = get_mnet_environment();
71558f85 23// Include MNET stuff:
24require_once $CFG->dirroot.'/mnet/lib.php';
25require_once $CFG->dirroot.'/mnet/remote_client.php';
de260e0f
PL
26require_once $CFG->dirroot.'/mnet/xmlrpc/serverlib.php';
27
71558f85 28
600be062 29if ($CFG->mnet_dispatcher_mode === 'off') {
30 print_error('mnetdisabled', 'mnet');
31}
32
71558f85 33// Content type for output is not html:
1008dad6 34header('Content-type: text/xml; charset=utf-8');
71558f85 35
25202581 36// PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug:
37// http://bugs.php.net/bug.php?id=41293
38if (empty($HTTP_RAW_POST_DATA)) {
39 $HTTP_RAW_POST_DATA = file_get_contents('php://input');
40}
41
71558f85 42if (!empty($CFG->mnet_rpcdebug)) {
de260e0f
PL
43 error_log("HTTP_RAW_POST_DATA");
44 error_log($HTTP_RAW_POST_DATA);
71558f85 45}
46
8d60e942 47if (!isset($_SERVER)) {
48 exit(mnet_server_fault(712, "phperror"));
49}
50
51
71558f85 52// New global variable which ONLY gets set in this server page, so you know that
53// if you've been called by a remote Moodle, this should be set:
287efec6
PL
54$remoteclient = new mnet_remote_client();
55set_mnet_remote_client($remoteclient);
71558f85 56
939ea0bc
PL
57try {
58 $plaintextmessage = mnet_server_strip_encryption($HTTP_RAW_POST_DATA);
59 $xmlrpcrequest = mnet_server_strip_signature($plaintextmessage);
c0b22a3f 60} catch (Exception $e) {
939ea0bc
PL
61 exit(mnet_server_fault($e->getCode(), $e->getMessage(), $e->a));
62}
63
de260e0f
PL
64if (!empty($CFG->mnet_rpcdebug)) {
65 error_log("XMLRPC Payload");
66 error_log(print_r($xmlrpcrequest,1));
67}
8d60e942 68
287efec6 69if($remoteclient->pushkey == true) {
8d60e942 70 // The peer used one of our older public keys, we will return a
71 // signed/encrypted error message containing our new public key
72 // Sign message with our old key, and encrypt to the peer's private key.
287efec6 73 exit(mnet_server_fault_xml(7025, $mnet->public_key, $remoteclient->useprivatekey));
8d60e942 74}
75// Have a peek at what the request would be if we were to process it
76$params = xmlrpc_decode_request($xmlrpcrequest, $method);
77
78// One of three conditions need to be met before we continue processing this request:
79// 1. Request is properly encrypted and signed
80// 2. Request is for a keyswap (we don't mind enencrypted or unsigned requests for a public key)
81// 3. Request is properly signed and we're happy with it being unencrypted
287efec6 82if ((($remoteclient->request_was_encrypted == true) && ($remoteclient->signatureok == true))
8d60e942 83 || (($method == 'system.keyswap') || ($method == 'system/keyswap'))
287efec6 84 || (($remoteclient->signatureok == true) && ($remoteclient->plaintext_is_ok() == true))) {
939ea0bc 85 try {
de260e0f
PL
86 // main dispatch call. will echo the response directly
87 mnet_server_dispatch($xmlrpcrequest);
88 exit;
c0b22a3f 89 } catch (Exception $e) {
939ea0bc
PL
90 exit(mnet_server_fault($e->getCode(), $e->getMessage(), $e->a));
91 }
8d60e942 92}
de260e0f
PL
93// if we get to here, something is wrong
94// so detect a few common cases and send appropriate errors
287efec6 95if (($remoteclient->request_was_encrypted == false) && ($remoteclient->plaintext_is_ok() == false)) {
de260e0f 96 exit(mnet_server_fault(7021, 'forbidden-transport'));
71558f85 97}
98
287efec6 99if ($remoteclient->request_was_signed == false) {
de260e0f
PL
100 // Request was not signed
101 exit(mnet_server_fault(711, 'verifysignature-error'));
5f6b28fa 102}
71558f85 103
287efec6 104if ($remoteclient->signatureok == false) {
de260e0f
PL
105 // We were unable to verify the signature
106 exit(mnet_server_fault(710, 'verifysignature-invalid'));
71558f85 107}
de260e0f 108exit(mnet_server_fault(7000, 'unknownerror'));