1df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt<?php 2df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 3df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtrequire('config.php'); 4df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 5df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!stristr($_SERVER["CONTENT_TYPE"], "application/soap+xml")) { 6df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Unexpected Content-Type " . $_SERVER["CONTENT_TYPE"]); 7df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Unexpected Content-Type"); 8df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 9df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 10df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($_SERVER["REQUEST_METHOD"] != "POST") { 11df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Unexpected method " . $_SERVER["REQUEST_METHOD"]); 12df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Unexpected method"); 13df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 14df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 15df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($_GET["realm"])) { 16df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $realm = $_GET["realm"]; 17df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $realm = PREG_REPLACE("/[^0-9a-zA-Z\.\-]/i", '', $realm); 18df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else { 19df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Realm not specified"); 20df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Realm not specified"); 21df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 22df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 23df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtunset($user); 24df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtputenv("HS20CERT"); 25df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 26df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (!empty($_SERVER['PHP_AUTH_DIGEST'])) { 27df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 28df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 'uri'=>1, 'response'=>1); 29df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $data = array(); 30df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $keys = implode('|', array_keys($needed)); 31df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', 32df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER); 33df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt foreach ($matches as $m) { 34df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $data[$m[1]] = $m[3] ? $m[3] : $m[4]; 35df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt unset($needed[$m[1]]); 36df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 37df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($needed) { 38df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Authentication failed - missing: " . print_r($needed)); 39df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication failed'); 40df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 41df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $user = $data['username']; 42df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strlen($user) < 1) { 43df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Authentication failed - empty username"); 44df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication failed'); 45df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 46df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 47df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 48df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $db = new PDO($osu_db); 49df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!$db) { 50df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Could not access database"); 51df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Could not access database"); 52df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 53df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row = $db->query("SELECT password FROM users " . 54df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "WHERE identity='$user' AND realm='$realm'")->fetch(); 55df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!$row) { 56df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $row = $db->query("SELECT osu_password FROM users " . 57df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt "WHERE osu_user='$user' AND realm='$realm'")->fetch(); 58df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $pw = $row['osu_password']; 59df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else 60df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $pw = $row['password']; 61df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (!$row) { 62df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Authentication failed - user '$user' not found"); 63df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication failed'); 64df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 65df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (strlen($pw) < 1) { 66df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Authentication failed - empty password"); 67df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication failed'); 68df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 69df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 70df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $A1 = md5($user . ':' . $realm . ':' . $pw); 71df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); 72df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . 73df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); 74df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if ($data['response'] != $resp) { 75df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("Authentication failure - response mismatch"); 76df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication failed'); 77df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 78df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) && 79df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" && 80df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt isset($_SERVER["SSL_CLIENT_M_SERIAL"])) { 81df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"]; 82df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt putenv("HS20CERT=yes"); 83df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} else if (!isset($_SERVER["PATH_INFO"]) || 84df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt $_SERVER["PATH_INFO"] != "/signup") { 85df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header('HTTP/1.1 401 Unauthorized'); 86df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header('WWW-Authenticate: Digest realm="'.$realm. 87df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); 88df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Authentication required (not signup)"); 89df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication required (not signup)'); 90df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 91df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 92df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 93df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif (isset($user) && strlen($user) > 0) 94df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt putenv("HS20USER=$user"); 95df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtelse 96df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt putenv("HS20USER"); 97df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 98df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtputenv("HS20REALM=$realm"); 99df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtputenv("HS20POST=$HTTP_RAW_POST_DATA"); 100df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$addr = $_SERVER["REMOTE_ADDR"]; 101df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtputenv("HS20ADDR=$addr"); 102df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 103df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt$last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret); 104df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 105df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($ret == 2) { 106df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt if (empty($_SERVER['PHP_AUTH_DIGEST'])) { 107df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header('HTTP/1.1 401 Unauthorized'); 108df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt header('WWW-Authenticate: Digest realm="'.$realm. 109df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"'); 110df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Authentication required (ret 2)"); 111df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die('Authentication required'); 112df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } else { 113df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Unexpected authentication error"); 114df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Unexpected authentication error"); 115df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt } 116df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 117df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtif ($ret != 0) { 118df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt error_log("spp.php - Failed to process SPP request"); 119df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt die("Failed to process SPP request"); 120df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt} 121df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt//error_log("spp.php: Response: " . implode($output)); 122df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 123df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtheader("Content-Type: application/soap+xml"); 124df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 125df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidtecho implode($output); 126df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt 127df5a7e4c5c64890c2425bb47d665bbce4992b676Dmitry Shmidt?> 128