// signed/encrypted error message containing our new public key // Sign message with our old key, and encrypt to the peer's private key. mnet_debug('sending back new key'); exit(mnet_server_fault_xml(7025, $mnet->public_key, $remoteclient->useprivatekey)); } // Have a peek at what the request would be if we were to process it $params = xmlrpc_decode_request($xmlrpcrequest, $method); mnet_debug("incoming mnet request {$method}"); // One of three conditions need to be met before we continue processing this request: // 1. Request is properly encrypted and signed // 2. Request is for a keyswap (we don't mind enencrypted or unsigned requests for a public key) // 3. Request is properly signed and we're happy with it being unencrypted if ($remoteclient->request_was_encrypted == true && $remoteclient->signatureok == true || ($method == 'system.keyswap' || $method == 'system/keyswap') || $remoteclient->signatureok == true && $remoteclient->plaintext_is_ok() == true) { try { // main dispatch call. will echo the response directly mnet_server_dispatch($xmlrpcrequest); mnet_debug('exiting cleanly'); exit; } catch (Exception $e) { mnet_debug('dispatch exception thrown: ' . $e->getMessage()); exit(mnet_server_fault($e->getCode(), $e->getMessage(), $e->a)); } } // if we get to here, something is wrong // so detect a few common cases and send appropriate errors if ($remoteclient->request_was_encrypted == false && $remoteclient->plaintext_is_ok() == false) { mnet_debug('non encrypted request'); exit(mnet_server_fault(7021, get_string('forbidden-transport', 'mnet'))); } if ($remoteclient->request_was_signed == false) { // Request was not signed
} // Looks like plaintext is ok. It is assumed that a plaintext call: // 1. Came from a trusted host on your local network // 2. Is *not* from a Moodle - otherwise why skip encryption/signing? // 3. Is free to execute ANY function in Moodle // 4. Cannot execute any methods (as it can't instantiate a class first) // To execute a method, you'll need to create a wrapper function that first // instantiates the class, and then calls the method. $payload = $HTTP_RAW_POST_DATA; } if (!empty($CFG->mnet_rpcdebug)) { trigger_error("XMLRPC Payload"); trigger_error(print_r($payload, 1)); } // Parse and action the XML-RPC payload $response = mnet_server_dispatch($payload); /** * Strip the encryption (XML-ENC) and signature (XML-SIG) wrappers and return the XML-RPC payload * * IF COMMUNICATION TAKES PLACE OVER UNENCRYPTED HTTP: * The payload will have been encrypted with a symmetric key. This key will * itself have been encrypted using your public key. The key is decrypted using * your private key, and then used to decrypt the XML payload. * * IF COMMUNICATION TAKES PLACE OVER UNENCRYPTED HTTP *OR* ENCRYPTED HTTPS: * In either case, there will be an XML wrapper which contains your XML-RPC doc * as an object element, a signature for that doc, and various standards- * compliant info to aid in verifying the signature. * * This function parses the encryption wrapper, decrypts the contents, parses * the signature wrapper, and if the signature matches the payload, it returns
$plaintextmessage = mnet_server_strip_encryption($HTTP_RAW_POST_DATA); $xmlrpcrequest = mnet_server_strip_signature($plaintextmessage); if ($MNET_REMOTE_CLIENT->pushkey == true) { // The peer used one of our older public keys, we will return a // signed/encrypted error message containing our new public key // Sign message with our old key, and encrypt to the peer's private key. exit(mnet_server_fault_xml(7025, $MNET->public_key, $MNET_REMOTE_CLIENT->useprivatekey)); } // Have a peek at what the request would be if we were to process it $params = xmlrpc_decode_request($xmlrpcrequest, $method); // One of three conditions need to be met before we continue processing this request: // 1. Request is properly encrypted and signed // 2. Request is for a keyswap (we don't mind enencrypted or unsigned requests for a public key) // 3. Request is properly signed and we're happy with it being unencrypted if ($MNET_REMOTE_CLIENT->request_was_encrypted == true && $MNET_REMOTE_CLIENT->signatureok == true || ($method == 'system.keyswap' || $method == 'system/keyswap') || $MNET_REMOTE_CLIENT->signatureok == true && $MNET_REMOTE_CLIENT->plaintext_is_ok() == true) { $response = mnet_server_dispatch($xmlrpcrequest); } else { if ($MNET_REMOTE_CLIENT->request_was_encrypted == false && $MNET_REMOTE_CLIENT->plaintext_is_ok() == false) { exit(mnet_server_fault(7021, 'forbidden-transport')); } if ($MNET_REMOTE_CLIENT->request_was_signed == false) { // Request was not signed exit(mnet_server_fault(711, 'verifysignature-error')); } if ($MNET_REMOTE_CLIENT->signatureok == false) { // We were unable to verify the signature exit(mnet_server_fault(710, 'verifysignature-invalid')); } } if (!empty($CFG->mnet_rpcdebug)) { trigger_error("XMLRPC Payload");