function networkingform_submit(Pieform $form, $values) { $reply = ''; if ($form->get_submitvalue() === 'deletekey') { global $SESSION; $openssl = OpenSslRepo::singleton(); $openssl->get_keypair(true); $SESSION->add_info_msg(get_string('keydeleted', 'admin')); // Using cancel here as a hack to get it to redirect so it shows the new keys $form->reply(PIEFORM_CANCEL, array('location' => get_config('wwwroot') . 'admin/site/networking.php')); } if (get_config('enablenetworking') != $values['enablenetworking']) { if (!set_config('enablenetworking', $values['enablenetworking'])) { networkingform_fail($form); } else { if (empty($values['enablenetworking'])) { $reply .= get_string('networkingdisabled', 'admin'); } else { $reply .= get_string('networkingenabled', 'admin'); } } } if (get_config('promiscuousmode') != $values['promiscuousmode']) { if (!set_config('promiscuousmode', $values['promiscuousmode'])) { networkingform_fail($form); } else { if (empty($values['promiscuousmode'])) { $reply .= get_string('promiscuousmodedisabled', 'admin'); } else { $reply .= get_string('promiscuousmodeenabled', 'admin'); } } } $form->reply(PIEFORM_OK, array('message' => $reply == '' ? get_string('networkingunchanged', 'admin') : $reply, 'goto' => '/admin/site/networking.php')); }
/** * this function hooks cases of keyswap being called with forced mode. * Forced mode can only be used from hosts we trust untill now. * * @see api/xmlrpc/dispatcher.php::keyswap() * * Add : * // PATCH add force mode * if (!empty($params[3])){ // requiring force mode * $mnetlocallib = get_config('docroot').'/local/mnet/lib.php'; * if (file_exists($mnetlocallib)){ * return local_xmlrpc_key_forced_keyswap($wwwroot, $pubkey, $application); * } * return false; * } * // /PATCH * * after $params decoding for enabling forced mode. */ function local_xmlrpc_key_forced_keyswap($wwwroot, $pubkey, $application) { $now = time(); // reinforced security : only known host with still valid key can force us renewal if ($exists = get_records_select_array('host', " wwwroot = '{$wwwroot}' AND deleted = 0 AND publickeyexpires >= {$now} ")) { try { $peer = new Peer(); if ($peer->findByWwwroot($wwwroot)) { $pk = new PublicKey($pubkey, $wwwroot); $peer->publickey = $pk; $peer->commit(); } // Mahara return his own key $openssl = OpenSslRepo::singleton(); return $openssl->certificate; } catch (Exception $e) { throw new SystemException($e->getMessage(), $e->getCode()); } } else { throw new SystemException("Fails exists known {$wwwroot} as wwwroot", 6100); } }
require_once 'searchlib.php'; define('TITLE', get_string('networking', 'admin')); $opensslext = extension_loaded('openssl'); $curlext = extension_loaded('curl'); $xmlrpcext = extension_loaded('xmlrpc'); if (!$opensslext || !$curlext || !$xmlrpcext) { $smarty = smarty(); $missingextensions = array(); !$opensslext && ($missingextensions[] = 'openssl'); !$curlext && ($missingextensions[] = 'curl'); !$xmlrpcext && ($missingextensions[] = 'xmlrpc'); $smarty->assign('missingextensions', $missingextensions); $smarty->display('admin/site/networking.tpl'); exit; } $openssl = OpenSslRepo::singleton(); $yesno = array(true => get_string('yes'), false => get_string('no')); $networkingform = pieform(array('name' => 'networkingform', 'jsform' => true, 'elements' => array('wwwroot' => array('type' => 'html', 'title' => get_string('wwwroot', 'admin'), 'description' => get_string('wwwrootdescription', 'admin'), 'value' => get_config('wwwroot')), 'pubkey' => array('type' => 'html', 'title' => get_string('publickey', 'admin'), 'description' => get_string('publickeydescription2', 'admin', 365), 'value' => '<pre style="font-size: 0.7em">' . $openssl->certificate . '</pre>'), 'expires' => array('type' => 'html', 'title' => get_string('publickeyexpires', 'admin'), 'value' => format_date($openssl->expires)), 'enablenetworking' => array('type' => 'select', 'title' => get_string('enablenetworking', 'admin'), 'description' => get_string('enablenetworkingdescription', 'admin'), 'defaultvalue' => get_config('enablenetworking'), 'options' => $yesno), 'promiscuousmode' => array('type' => 'select', 'title' => get_string('promiscuousmode', 'admin'), 'description' => get_string('promiscuousmodedescription', 'admin'), 'defaultvalue' => get_config('promiscuousmode'), 'options' => $yesno), 'proxyfieldset' => array('type' => 'fieldset', 'legend' => get_string('proxysettings', 'admin'), 'elements' => array('proxyaddress' => array('type' => 'text', 'title' => get_string('proxyaddress', 'admin'), 'description' => get_string('proxyaddressdescription', 'admin'), 'defaultvalue' => get_config('proxyaddress')), 'proxyauthmodel' => array('type' => 'select', 'title' => get_string('proxyauthmodel', 'admin'), 'description' => get_string('proxyauthmodeldescription', 'admin'), 'defaultvalue' => get_config('proxyauthmodel'), 'options' => array('' => 'None', 'basic' => 'Basic (NCSA)')), 'proxyauthcredentials' => array('type' => 'text', 'title' => get_string('proxyauthcredentials', 'admin'), 'description' => get_string('proxyauthcredentialsdescription', 'admin'), 'defaultvalue' => get_config('proxyauthcredentials')))), 'submit' => array('type' => 'submit', 'value' => get_string('savechanges', 'admin'))))); function networkingform_fail(Pieform $form) { $form->reply(PIEFORM_ERR, array('message' => get_string('enablenetworkingfailed', 'admin'), 'goto' => '/admin/site/networking.php')); } function networkingform_submit(Pieform $form, $values) { $reply = ''; if (get_config('enablenetworking') != $values['enablenetworking']) { if (!set_config('enablenetworking', $values['enablenetworking'])) { networkingform_fail($form); } else { if (empty($values['enablenetworking'])) { $reply .= get_string('networkingdisabled', 'admin');
/** * Sign a message and return it in an XML-Signature document * * This function can sign any content, but it was written to provide a system of * signing XML-RPC request and response messages. The message will be base64 * encoded, so it does not need to be text. * * We compute the SHA1 digest of the message. * We compute a signature on that digest with our private key. * We link to the public key that can be used to verify our signature. * We base64 the message data. * We identify our wwwroot - this must match our certificate's CN * * The XML-RPC document will be parceled inside an XML-SIG document, which holds * the base64_encoded XML as an object, the SHA1 digest of that document, and a * signature of that document using the local private key. This signature will * uniquely identify the RPC document as having come from this server. * * See the {@Link http://www.w3.org/TR/xmldsig-core/ XML-DSig spec} at the W3c * site * * @param string $message The data you want to sign * @return string An XML-DSig document */ function xmldsig_envelope($message) { $openssl = OpenSslRepo::singleton(); $wwwroot = dropslash(get_config('wwwroot')); $digest = sha1($message); $sig = base64_encode($openssl->sign_message($message)); $message = base64_encode($message); $time = time(); // TODO: Provide RESTful access to our public key as per KeyInfo element return <<<EOF <?xml version="1.0" encoding="iso-8859-1"?> <signedMessage> <Signature Id="MoodleSignature" xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI="#XMLRPC-MSG"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>{$digest}</DigestValue> </Reference> </SignedInfo> <SignatureValue>{$sig}</SignatureValue> <KeyInfo> <RetrievalMethod URI="{$wwwroot}/api/xmlrpc/publickey.php"/> </KeyInfo> </Signature> <object ID="XMLRPC-MSG">{$message}</object> <wwwroot>{$wwwroot}</wwwroot> <timestamp>{$time}</timestamp> </signedMessage> EOF; }
/** * Chance for each protocol to modify the out going * raw payload - eg: SOAP encryption and signatures * * @param string $response The raw response value * * @return content */ protected function modify_result($response) { if (!empty($this->publickey)) { // do sigs + encrypt require_once get_config('docroot') . 'api/xmlrpc/lib.php'; $openssl = OpenSslRepo::singleton(); if ($this->payload_signed) { // Sign and encrypt our response, even though we don't know if the // request was signed and encrypted $response = xmldsig_envelope($response); } if ($this->payload_encrypted) { $response = xmlenc_envelope($response, $this->publickey); } } return $response; }
/** * Custom webservices config page * - activate/deactivate webservices comletely * - activate/deactivat protocols - SOAP/XML-RPC/REST * - manage service clusters * - manage users and access tokens * * @return pieforms $element array */ function get_config_options_extended() { $protosform = array('name' => 'activate_webservice_protos', 'elements' => webservices_protocol_switch_form()); $protos = new Pieform($protosform); // certificate values from MNet $openssl = OpenSslRepo::singleton(); $yesno = array(true => get_string('yes'), false => get_string('no')); $elements = array('webservicesmaster' => array('type' => 'fieldset', 'legend' => get_string('protocolswitches', 'auth.webservice'), 'elements' => array('protos_help' => array('type' => 'html', 'value' => '<div><p>' . get_string('manage_protocols', 'auth.webservice') . '</p></div>'), 'masterswitchlabel' => array('type' => 'html', 'value' => '<h4 class="mtxl">' . get_string('masterswitch', 'auth.webservice') . '</h4>'), 'webservicesmasterswitchform' => webservices_master_switch_form()['webservicesmasterswitchform'], 'enablewebserviceprotos' => array('type' => 'html', 'value' => $protos->build(false))), 'collapsible' => true, 'collapsed' => true, 'name' => 'activate_webservices'), 'certificates' => array('type' => 'fieldset', 'legend' => get_string('certificates', 'auth.webservice'), 'elements' => array('protos_help' => array('type' => 'html', 'value' => '<div><p>' . get_string('manage_certificates', 'auth.webservice', get_config('wwwroot') . 'admin/site/networking.php') . '</p></div>'), 'pubkey' => array('type' => 'html', 'value' => '<h3 class="title">' . get_string('publickey', 'admin') . '</h3>' . '<div class="detail">' . get_string('publickeydescription2', 'admin', 365) . '</div>' . '<pre style="font-size: 0.7em; white-space: pre;">' . $openssl->certificate . '</pre>'), 'sha1fingerprint' => array('type' => 'html', 'value' => '<div><p>' . get_string('sha1fingerprint', 'auth.webservice', $openssl->sha1_fingerprint) . '</p></div>'), 'md5fingerprint' => array('type' => 'html', 'value' => '<div><p>' . get_string('md5fingerprint', 'auth.webservice', $openssl->md5_fingerprint) . '</p></div>'), 'expires' => array('type' => 'html', 'value' => '<div><p>' . get_string('publickeyexpireson', 'auth.webservice', format_date($openssl->expires)) . '</p></div>')), 'collapsible' => true, 'collapsed' => true, 'name' => 'activate_webservices_networking'), 'servicefunctiongroups' => array('type' => 'fieldset', 'legend' => get_string('servicefunctiongroups', 'auth.webservice'), 'elements' => array('sfgdescription' => array('value' => '<div><p>' . get_string('sfgdescription', 'auth.webservice') . '</p></div>'), 'webservicesservicecontainer' => array('type' => 'html', 'value' => service_fg_edit_form())), 'collapsible' => true, 'collapsed' => true, 'name' => 'webservices_function_groups'), 'servicetokens' => array('type' => 'fieldset', 'legend' => get_string('servicetokens', 'auth.webservice'), 'elements' => array('stdescription' => array('value' => '<div><p>' . get_string('stdescription', 'auth.webservice') . '</p></div>'), 'webservicestokenscontainer' => array('type' => 'html', 'value' => service_tokens_edit_form())), 'collapsible' => true, 'collapsed' => false, 'name' => 'webservices_token'), 'serviceusers' => array('type' => 'fieldset', 'legend' => get_string('manageserviceusers', 'auth.webservice'), 'elements' => array('sudescription' => array('value' => '<div><p>' . get_string('sudescription', 'auth.webservice') . '</p></div>'), 'webservicesuserscontainer' => array('type' => 'html', 'value' => service_users_edit_form())), 'collapsible' => true, 'collapsed' => false, 'name' => 'webservices_user')); $form = array('renderer' => 'div', 'type' => 'div', 'elements' => $elements); return $form; }
public function replaceMnetKeys() { require_once get_config('docroot') . 'api/xmlrpc/lib.php'; $openssl = OpenSslRepo::singleton(); if (!($key_pair = $openssl->get_keypair(true))) { global $CFG; $CFG->current_app->gcError('Failure to regenerate keypair', 'gcdatabaseerror'); } }
function keyswap($function, $params) { require_once get_config('libroot') . 'peer.php'; //TODO: Verify params empty($params[0]) ? $wwwroot = null : ($wwwroot = $params[0]); empty($params[1]) ? $pubkey = null : ($pubkey = $params[1]); empty($params[2]) ? $application = null : ($application = $params[2]); if (get_config('promiscuousmode')) { try { $peer = new Peer(); if ($peer->bootstrap($wwwroot, $pubkey, $application)) { $peer->commit(); } } catch (Exception $e) { throw new SystemException($e->getMessage(), $e->getCode()); } } $openssl = OpenSslRepo::singleton(); return $openssl->certificate; }