function networkingform_submit(Pieform $form, $values)
{
$reply = '';
if ($form->get_submitvalue() === 'deletekey') {
global $SESSION;
$openssl = OpenSslRepo::singleton();
$openssl->get_keypair(true);
$SESSION->add_info_msg(get_string('keydeleted', 'admin'));
// Using cancel here as a hack to get it to redirect so it shows the new keys
$form->reply(PIEFORM_CANCEL, array('location' => get_config('wwwroot') . 'admin/site/networking.php'));
}
if (get_config('enablenetworking') != $values['enablenetworking']) {
if (!set_config('enablenetworking', $values['enablenetworking'])) {
networkingform_fail($form);
} else {
if (empty($values['enablenetworking'])) {
$reply .= get_string('networkingdisabled', 'admin');
} else {
$reply .= get_string('networkingenabled', 'admin');
}
}
}
if (get_config('promiscuousmode') != $values['promiscuousmode']) {
if (!set_config('promiscuousmode', $values['promiscuousmode'])) {
networkingform_fail($form);
} else {
if (empty($values['promiscuousmode'])) {
$reply .= get_string('promiscuousmodedisabled', 'admin');
} else {
$reply .= get_string('promiscuousmodeenabled', 'admin');
}
}
}
$form->reply(PIEFORM_OK, array('message' => $reply == '' ? get_string('networkingunchanged', 'admin') : $reply, 'goto' => '/admin/site/networking.php'));
}
/**
* this function hooks cases of keyswap being called with forced mode.
* Forced mode can only be used from hosts we trust untill now.
*
* @see api/xmlrpc/dispatcher.php::keyswap()
*
* Add :
* // PATCH add force mode
* if (!empty($params[3])){ // requiring force mode
* $mnetlocallib = get_config('docroot').'/local/mnet/lib.php';
* if (file_exists($mnetlocallib)){
* return local_xmlrpc_key_forced_keyswap($wwwroot, $pubkey, $application);
* }
* return false;
* }
* // /PATCH
*
* after $params decoding for enabling forced mode.
*/
function local_xmlrpc_key_forced_keyswap($wwwroot, $pubkey, $application)
{
$now = time();
// reinforced security : only known host with still valid key can force us renewal
if ($exists = get_records_select_array('host', " wwwroot = '{$wwwroot}' AND deleted = 0 AND publickeyexpires >= {$now} ")) {
try {
$peer = new Peer();
if ($peer->findByWwwroot($wwwroot)) {
$pk = new PublicKey($pubkey, $wwwroot);
$peer->publickey = $pk;
$peer->commit();
}
// Mahara return his own key
$openssl = OpenSslRepo::singleton();
return $openssl->certificate;
} catch (Exception $e) {
throw new SystemException($e->getMessage(), $e->getCode());
}
} else {
throw new SystemException("Fails exists known {$wwwroot} as wwwroot", 6100);
}
}
require_once 'searchlib.php';
define('TITLE', get_string('networking', 'admin'));
$opensslext = extension_loaded('openssl');
$curlext = extension_loaded('curl');
$xmlrpcext = extension_loaded('xmlrpc');
if (!$opensslext || !$curlext || !$xmlrpcext) {
$smarty = smarty();
$missingextensions = array();
!$opensslext && ($missingextensions[] = 'openssl');
!$curlext && ($missingextensions[] = 'curl');
!$xmlrpcext && ($missingextensions[] = 'xmlrpc');
$smarty->assign('missingextensions', $missingextensions);
$smarty->display('admin/site/networking.tpl');
exit;
}
$openssl = OpenSslRepo::singleton();
$yesno = array(true => get_string('yes'), false => get_string('no'));
$networkingform = pieform(array('name' => 'networkingform', 'jsform' => true, 'elements' => array('wwwroot' => array('type' => 'html', 'title' => get_string('wwwroot', 'admin'), 'description' => get_string('wwwrootdescription', 'admin'), 'value' => get_config('wwwroot')), 'pubkey' => array('type' => 'html', 'title' => get_string('publickey', 'admin'), 'description' => get_string('publickeydescription2', 'admin', 365), 'value' => '<pre style="font-size: 0.7em">' . $openssl->certificate . '</pre>'), 'expires' => array('type' => 'html', 'title' => get_string('publickeyexpires', 'admin'), 'value' => format_date($openssl->expires)), 'enablenetworking' => array('type' => 'select', 'title' => get_string('enablenetworking', 'admin'), 'description' => get_string('enablenetworkingdescription', 'admin'), 'defaultvalue' => get_config('enablenetworking'), 'options' => $yesno), 'promiscuousmode' => array('type' => 'select', 'title' => get_string('promiscuousmode', 'admin'), 'description' => get_string('promiscuousmodedescription', 'admin'), 'defaultvalue' => get_config('promiscuousmode'), 'options' => $yesno), 'proxyfieldset' => array('type' => 'fieldset', 'legend' => get_string('proxysettings', 'admin'), 'elements' => array('proxyaddress' => array('type' => 'text', 'title' => get_string('proxyaddress', 'admin'), 'description' => get_string('proxyaddressdescription', 'admin'), 'defaultvalue' => get_config('proxyaddress')), 'proxyauthmodel' => array('type' => 'select', 'title' => get_string('proxyauthmodel', 'admin'), 'description' => get_string('proxyauthmodeldescription', 'admin'), 'defaultvalue' => get_config('proxyauthmodel'), 'options' => array('' => 'None', 'basic' => 'Basic (NCSA)')), 'proxyauthcredentials' => array('type' => 'text', 'title' => get_string('proxyauthcredentials', 'admin'), 'description' => get_string('proxyauthcredentialsdescription', 'admin'), 'defaultvalue' => get_config('proxyauthcredentials')))), 'submit' => array('type' => 'submit', 'value' => get_string('savechanges', 'admin')))));
function networkingform_fail(Pieform $form)
{
$form->reply(PIEFORM_ERR, array('message' => get_string('enablenetworkingfailed', 'admin'), 'goto' => '/admin/site/networking.php'));
}
function networkingform_submit(Pieform $form, $values)
{
$reply = '';
if (get_config('enablenetworking') != $values['enablenetworking']) {
if (!set_config('enablenetworking', $values['enablenetworking'])) {
networkingform_fail($form);
} else {
if (empty($values['enablenetworking'])) {
$reply .= get_string('networkingdisabled', 'admin');
/**
* Sign a message and return it in an XML-Signature document
*
* This function can sign any content, but it was written to provide a system of
* signing XML-RPC request and response messages. The message will be base64
* encoded, so it does not need to be text.
*
* We compute the SHA1 digest of the message.
* We compute a signature on that digest with our private key.
* We link to the public key that can be used to verify our signature.
* We base64 the message data.
* We identify our wwwroot - this must match our certificate's CN
*
* The XML-RPC document will be parceled inside an XML-SIG document, which holds
* the base64_encoded XML as an object, the SHA1 digest of that document, and a
* signature of that document using the local private key. This signature will
* uniquely identify the RPC document as having come from this server.
*
* See the {@Link http://www.w3.org/TR/xmldsig-core/ XML-DSig spec} at the W3c
* site
*
* @param string $message The data you want to sign
* @return string An XML-DSig document
*/
function xmldsig_envelope($message)
{
$openssl = OpenSslRepo::singleton();
$wwwroot = dropslash(get_config('wwwroot'));
$digest = sha1($message);
$sig = base64_encode($openssl->sign_message($message));
$message = base64_encode($message);
$time = time();
// TODO: Provide RESTful access to our public key as per KeyInfo element
return <<<EOF
<?xml version="1.0" encoding="iso-8859-1"?>
<signedMessage>
<Signature Id="MoodleSignature" xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference URI="#XMLRPC-MSG">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>{$digest}</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>{$sig}</SignatureValue>
<KeyInfo>
<RetrievalMethod URI="{$wwwroot}/api/xmlrpc/publickey.php"/>
</KeyInfo>
</Signature>
<object ID="XMLRPC-MSG">{$message}</object>
<wwwroot>{$wwwroot}</wwwroot>
<timestamp>{$time}</timestamp>
</signedMessage>
EOF;
}
/**
* Chance for each protocol to modify the out going
* raw payload - eg: SOAP encryption and signatures
*
* @param string $response The raw response value
*
* @return content
*/
protected function modify_result($response)
{
if (!empty($this->publickey)) {
// do sigs + encrypt
require_once get_config('docroot') . 'api/xmlrpc/lib.php';
$openssl = OpenSslRepo::singleton();
if ($this->payload_signed) {
// Sign and encrypt our response, even though we don't know if the
// request was signed and encrypted
$response = xmldsig_envelope($response);
}
if ($this->payload_encrypted) {
$response = xmlenc_envelope($response, $this->publickey);
}
}
return $response;
}
/**
* Custom webservices config page
* - activate/deactivate webservices comletely
* - activate/deactivat protocols - SOAP/XML-RPC/REST
* - manage service clusters
* - manage users and access tokens
*
* @return pieforms $element array
*/
function get_config_options_extended()
{
$protosform = array('name' => 'activate_webservice_protos', 'elements' => webservices_protocol_switch_form());
$protos = new Pieform($protosform);
// certificate values from MNet
$openssl = OpenSslRepo::singleton();
$yesno = array(true => get_string('yes'), false => get_string('no'));
$elements = array('webservicesmaster' => array('type' => 'fieldset', 'legend' => get_string('protocolswitches', 'auth.webservice'), 'elements' => array('protos_help' => array('type' => 'html', 'value' => '<div><p>' . get_string('manage_protocols', 'auth.webservice') . '</p></div>'), 'masterswitchlabel' => array('type' => 'html', 'value' => '<h4 class="mtxl">' . get_string('masterswitch', 'auth.webservice') . '</h4>'), 'webservicesmasterswitchform' => webservices_master_switch_form()['webservicesmasterswitchform'], 'enablewebserviceprotos' => array('type' => 'html', 'value' => $protos->build(false))), 'collapsible' => true, 'collapsed' => true, 'name' => 'activate_webservices'), 'certificates' => array('type' => 'fieldset', 'legend' => get_string('certificates', 'auth.webservice'), 'elements' => array('protos_help' => array('type' => 'html', 'value' => '<div><p>' . get_string('manage_certificates', 'auth.webservice', get_config('wwwroot') . 'admin/site/networking.php') . '</p></div>'), 'pubkey' => array('type' => 'html', 'value' => '<h3 class="title">' . get_string('publickey', 'admin') . '</h3>' . '<div class="detail">' . get_string('publickeydescription2', 'admin', 365) . '</div>' . '<pre style="font-size: 0.7em; white-space: pre;">' . $openssl->certificate . '</pre>'), 'sha1fingerprint' => array('type' => 'html', 'value' => '<div><p>' . get_string('sha1fingerprint', 'auth.webservice', $openssl->sha1_fingerprint) . '</p></div>'), 'md5fingerprint' => array('type' => 'html', 'value' => '<div><p>' . get_string('md5fingerprint', 'auth.webservice', $openssl->md5_fingerprint) . '</p></div>'), 'expires' => array('type' => 'html', 'value' => '<div><p>' . get_string('publickeyexpireson', 'auth.webservice', format_date($openssl->expires)) . '</p></div>')), 'collapsible' => true, 'collapsed' => true, 'name' => 'activate_webservices_networking'), 'servicefunctiongroups' => array('type' => 'fieldset', 'legend' => get_string('servicefunctiongroups', 'auth.webservice'), 'elements' => array('sfgdescription' => array('value' => '<div><p>' . get_string('sfgdescription', 'auth.webservice') . '</p></div>'), 'webservicesservicecontainer' => array('type' => 'html', 'value' => service_fg_edit_form())), 'collapsible' => true, 'collapsed' => true, 'name' => 'webservices_function_groups'), 'servicetokens' => array('type' => 'fieldset', 'legend' => get_string('servicetokens', 'auth.webservice'), 'elements' => array('stdescription' => array('value' => '<div><p>' . get_string('stdescription', 'auth.webservice') . '</p></div>'), 'webservicestokenscontainer' => array('type' => 'html', 'value' => service_tokens_edit_form())), 'collapsible' => true, 'collapsed' => false, 'name' => 'webservices_token'), 'serviceusers' => array('type' => 'fieldset', 'legend' => get_string('manageserviceusers', 'auth.webservice'), 'elements' => array('sudescription' => array('value' => '<div><p>' . get_string('sudescription', 'auth.webservice') . '</p></div>'), 'webservicesuserscontainer' => array('type' => 'html', 'value' => service_users_edit_form())), 'collapsible' => true, 'collapsed' => false, 'name' => 'webservices_user'));
$form = array('renderer' => 'div', 'type' => 'div', 'elements' => $elements);
return $form;
}
public function replaceMnetKeys()
{
require_once get_config('docroot') . 'api/xmlrpc/lib.php';
$openssl = OpenSslRepo::singleton();
if (!($key_pair = $openssl->get_keypair(true))) {
global $CFG;
$CFG->current_app->gcError('Failure to regenerate keypair', 'gcdatabaseerror');
}
}
function keyswap($function, $params)
{
require_once get_config('libroot') . 'peer.php';
//TODO: Verify params
empty($params[0]) ? $wwwroot = null : ($wwwroot = $params[0]);
empty($params[1]) ? $pubkey = null : ($pubkey = $params[1]);
empty($params[2]) ? $application = null : ($application = $params[2]);
if (get_config('promiscuousmode')) {
try {
$peer = new Peer();
if ($peer->bootstrap($wwwroot, $pubkey, $application)) {
$peer->commit();
}
} catch (Exception $e) {
throw new SystemException($e->getMessage(), $e->getCode());
}
}
$openssl = OpenSslRepo::singleton();
return $openssl->certificate;
}
