search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge commit 'catalyst/MOODLE_19_STABLE' into mdl19-linuxchix
[moodle-linuxchix.git] / mnet / xmlrpc / server.php
blobb101ff028b0f808ea424f5c580414400ab8f2a57
1 <?php
2 /**
3 * An XML-RPC server
4 *
5 * @author Donal McMullan donal@catalyst.net.nz
6 * @version 0.0.1
7 * @license http://www.gnu.org/copyleft/gpl.html GNU Public License
8 * @package mnet
9 */
10
11 // Make certain that config.php doesn't display any errors, and that it doesn't
12 // override our do-not-display-errors setting:
13 ini_set('display_errors',0);
14 require_once(dirname(dirname(dirname(__FILE__))) . '/config.php');
15 ini_set('display_errors',0);
16
17 // Include MNET stuff:
18 require_once $CFG->dirroot.'/mnet/lib.php';
19 require_once $CFG->dirroot.'/mnet/remote_client.php';
20
21 // Content type for output is not html:
22 header('Content-type: text/xml; charset=utf-8');
23
24 // PHP 5.2.2: $HTTP_RAW_POST_DATA not populated bug:
25 // http://bugs.php.net/bug.php?id=41293
26 if (empty($HTTP_RAW_POST_DATA)) {
27 $HTTP_RAW_POST_DATA = file_get_contents('php://input');
28 }
29
30 if (!empty($CFG->mnet_rpcdebug)) {
31 trigger_error("HTTP_RAW_POST_DATA");
32 trigger_error($HTTP_RAW_POST_DATA);
33 }
34
35 // New global variable which ONLY gets set in this server page, so you know that
36 // if you've been called by a remote Moodle, this should be set:
37 $MNET_REMOTE_CLIENT = new mnet_remote_client();
38
39 // Peek at the message to see if it's an XML-ENC document. If it is, note that
40 // the client connection was encrypted, and strip the xml-encryption and
41 // xml-signature wrappers from the XML-RPC payload
42 if (strpos(substr($HTTP_RAW_POST_DATA, 0, 100), '<encryptedMessage>')) {
43 $MNET_REMOTE_CLIENT->was_encrypted();
44 // Extract the XML-RPC payload from the XML-ENC and XML-SIG wrappers.
45 $payload = mnet_server_strip_wrappers($HTTP_RAW_POST_DATA);
46 } else {
47 $params = xmlrpc_decode_request($HTTP_RAW_POST_DATA, $method);
48 if ($method == 'system.keyswap' ||
49 $method == 'system/keyswap') {
50
51 // OK
52
53 } elseif ($MNET_REMOTE_CLIENT->plaintext_is_ok() == false) {
54 exit(mnet_server_fault(7021, 'forbidden-transport'));
55 }
56 // Looks like plaintext is ok. It is assumed that a plaintext call:
57 // 1. Came from a trusted host on your local network
58 // 2. Is *not* from a Moodle - otherwise why skip encryption/signing?
59 // 3. Is free to execute ANY function in Moodle
60 // 4. Cannot execute any methods (as it can't instantiate a class first)
61 // To execute a method, you'll need to create a wrapper function that first
62 // instantiates the class, and then calls the method.
63 $payload = $HTTP_RAW_POST_DATA;
64 }
65
66 if (!empty($CFG->mnet_rpcdebug)) {
67 trigger_error("XMLRPC Payload");
68 trigger_error(print_r($payload,1));
69 }
70
71 // Parse and action the XML-RPC payload
72 $response = mnet_server_dispatch($payload);
73
74 /**
75 * Strip the encryption (XML-ENC) and signature (XML-SIG) wrappers and return the XML-RPC payload
76 *
77 * IF COMMUNICATION TAKES PLACE OVER UNENCRYPTED HTTP:
78 * The payload will have been encrypted with a symmetric key. This key will
79 * itself have been encrypted using your public key. The key is decrypted using
80 * your private key, and then used to decrypt the XML payload.
81 *
82 * IF COMMUNICATION TAKES PLACE OVER UNENCRYPTED HTTP *OR* ENCRYPTED HTTPS:
83 * In either case, there will be an XML wrapper which contains your XML-RPC doc
84 * as an object element, a signature for that doc, and various standards-
85 * compliant info to aid in verifying the signature.
86 *
87 * This function parses the encryption wrapper, decrypts the contents, parses
88 * the signature wrapper, and if the signature matches the payload, it returns
89 * the payload, which should be an XML-RPC request.
90 * If there is an error, or the signatures don't match, it echoes an XML-RPC
91 * error and exits.
92 *
93 * See the W3C's {@link http://www.w3.org/TR/xmlenc-core/ XML Encryption Syntax and Processing}
94 * and {@link http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/ XML-Signature Syntax and Processing}
95 * guidelines for more detail on the XML.
96 *
97 * -----XML-Envelope---------------------------------
98 * | |
99 * | Encrypted-Symmetric-key---------------- |
100 * | |_____________________________________| |
101 * | |
102 * | Encrypted data------------------------- |
103 * | | | |
104 * | | -XML-Envelope------------------ | |
105 * | | | | | |
106 * | | | --Signature------------- | | |
107 * | | | |______________________| | | |
108 * | | | | | |
109 * | | | --Signed-Payload-------- | | |
110 * | | | | | | | |
111 * | | | | XML-RPC Request | | | |
112 * | | | |______________________| | | |
113 * | | | | | |
114 * | | |_____________________________| | |
115 * | |_____________________________________| |
116 * | |
117 * |________________________________________________|
118 *
119 * @uses $db
120 * @param string $HTTP_RAW_POST_DATA The XML that the client sent
121 * @return string The XMLRPC payload.
122 */
123 function mnet_server_strip_wrappers($HTTP_RAW_POST_DATA) {
124 global $MNET, $MNET_REMOTE_CLIENT;
125 if (isset($_SERVER)) {
126
127 $crypt_parser = new mnet_encxml_parser();
128 $crypt_parser->parse($HTTP_RAW_POST_DATA);
129
130 // Make sure we know who we're talking to
131 $host_record_exists = $MNET_REMOTE_CLIENT->set_wwwroot($crypt_parser->remote_wwwroot);
132
133 if (false == $host_record_exists) {
134 exit(mnet_server_fault(7020, 'wrong-wwwroot', $crypt_parser->remote_wwwroot));
135 }
136
137 if ($crypt_parser->payload_encrypted) {
138
139 $key = array_pop($crypt_parser->cipher); // This key is Symmetric
140 $data = array_pop($crypt_parser->cipher);
141
142 $crypt_parser->free_resource();
143
144 $payload = ''; // Initialize payload var
145 $push_current_key = false; // True if we need to push a fresh key to the peer
146
147 // &$payload
148 $isOpen = openssl_open(base64_decode($data), $payload, base64_decode($key), $MNET->get_private_key());
149
150 if (!$isOpen) {
151 // Decryption failed... let's try our archived keys
152 $openssl_history = get_config('mnet', 'openssl_history');
153 if(empty($openssl_history)) {
154 $openssl_history = array();
155 set_config('openssl_history', serialize($openssl_history), 'mnet');
156 } else {
157 $openssl_history = unserialize($openssl_history);
158 }
159 foreach($openssl_history as $keyset) {
160 $keyresource = openssl_pkey_get_private($keyset['keypair_PEM']);
161 $isOpen = openssl_open(base64_decode($data), $payload, base64_decode($key), $keyresource);
162 if ($isOpen) {
163 // It's an older code, sir, but it checks out
164 $push_current_key = true;
165 break;
166 }
167 }
168 }
169
170 if (!$isOpen) {
171 exit(mnet_server_fault(7023, 'encryption-invalid'));
172 }
173
174 if (strpos(substr($payload, 0, 100), '<signedMessage>')) {
175 $MNET_REMOTE_CLIENT->was_signed();
176 $sig_parser = new mnet_encxml_parser();
177 $sig_parser->parse($payload);
178 } else {
179 exit(mnet_server_fault(7022, 'verifysignature-error'));
180 }
181
182 } else {
183 exit(mnet_server_fault(7024, 'payload-not-encrypted'));
184 }
185
186 unset($payload);
187
188 // if the peer used one of our public keys that have expired, we will
189 // return a signed/encrypted error message with our new public key
190 if($push_current_key) {
191 // NOTE: Here, we use the 'mnet_server_fault_xml' to avoid
192 // get_string being called on our public_key
193 exit(mnet_server_fault_xml(7025, $MNET->public_key, $keyresource));
194 }
195
196 /**
197 * Get the certificate (i.e. public key) from the remote server.
198 */
199 $certificate = $MNET_REMOTE_CLIENT->public_key;
200
201 if ($certificate == false) {
202 exit(mnet_server_fault(709, 'nosuchpublickey'));
203 }
204
205 $payload = base64_decode($sig_parser->data_object);
206
207 // Does the signature match the data and the public cert?
208 $signature_verified = openssl_verify($payload, base64_decode($sig_parser->signature), $certificate);
209 if ($signature_verified == 1) {
210 $MNET_REMOTE_CLIENT->touch();
211 // Parse the XML
212 } elseif ($signature_verified == 0) {
213 $currkey = mnet_get_public_key($MNET_REMOTE_CLIENT->wwwroot, $MNET_REMOTE_CLIENT->application->xmlrpc_server_url);
214 if($currkey != $certificate) {
215 // Has the server updated its certificate since our last
216 // handshake?
217 if(!$MNET_REMOTE_CLIENT->refresh_key()) {
218 exit(mnet_server_fault(7026, 'verifysignature-invalid'));
219 }
220 } else {
221 exit(mnet_server_fault(710, 'verifysignature-invalid'));
222 }
223 } else {
224 exit(mnet_server_fault(711, 'verifysignature-error'));
225 }
226
227 $sig_parser->free_resource();
228
229 return $payload;
230 } else {
231 exit(mnet_server_fault(712, "phperror"));
232 }
233 }
234
235 /**
236 * Return the proper XML-RPC content to report an error in the local language.
237 *
238 * @param int $code The ID code of the error message
239 * @param string $text The array-key of the error message in the lang file
240 * @param string $param The $a param for the error message in the lang file
241 * @return string $text The text of the error message
242 */
243 function mnet_server_fault($code, $text, $param = null) {
244 global $MNET_REMOTE_CLIENT;
245 if (!is_numeric($code)) {
246 $code = 0;
247 }
248 $code = intval($code);
249
250 $text = get_string($text, 'mnet', $param);
251 return mnet_server_fault_xml($code, $text);
252 }
253
254 /**
255 * Return the proper XML-RPC content to report an error.
256 *
257 * @param int $code The ID code of the error message
258 * @param string $text The error message
259 * @param resource $privatekey The private key that should be used to sign the response
260 * @return string $text The XML text of the error message
261 */
262 function mnet_server_fault_xml($code, $text, $privatekey = null) {
263 global $MNET_REMOTE_CLIENT, $CFG;
264 // Replace illegal XML chars - is this already in a lib somewhere?
265 $text = str_replace(array('<','>','&','"',"'"), array('&lt;','&gt;','&amp;','&quot;','&apos;'), $text);
266
267 $return = mnet_server_prepare_response('<?xml version="1.0"?>
268 <methodResponse>
269 <fault>
270 <value>
271 <struct>
272 <member>
273 <name>faultCode</name>
274 <value><int>'.$code.'</int></value>
275 </member>
276 <member>
277 <name>faultString</name>
278 <value><string>'.$text.'</string></value>
279 </member>
280 </struct>
281 </value>
282 </fault>
283 </methodResponse>', $privatekey);
284
285 if (!empty($CFG->mnet_rpcdebug)) {
286 trigger_error("XMLRPC Error Response $code: $text");
287 trigger_error(print_r($return,1));
288 }
289
290 return $return;
291 }
292
293 /**
294 * Dummy function for the XML-RPC dispatcher - use to call a method on an object
295 * or to call a function
296 *
297 * Translate XML-RPC's strange function call syntax into a more straightforward
298 * PHP-friendly alternative. This dummy function will be called by the
299 * dispatcher, and can be used to call a method on an object, or just a function
300 *
301 * The methodName argument (eg. mnet/testlib/mnet_concatenate_strings)
302 * is ignored.
303 *
304 * @param string $methodname We discard this - see 'functionname'
305 * @param array $argsarray Each element is an argument to the real
306 * function
307 * @param string $functionname The name of the PHP function you want to call
308 * @return mixed The return value will be that of the real
309 * function, whateber it may be.
310 */
311 function mnet_server_dummy_method($methodname, $argsarray, $functionname) {
312 global $MNET_REMOTE_CLIENT;
313
314 if (!is_object($MNET_REMOTE_CLIENT->object_to_call)) {
315 return @call_user_func_array($functionname, $argsarray);
316 } else {
317 return @call_user_method_array($functionname, $MNET_REMOTE_CLIENT->object_to_call, $argsarray);
318 }
319 }
320
321 /**
322 * Package a response in any required envelope, and return it to the client
323 *
324 * @param string $response The XMLRPC response string
325 * @param resource $privatekey The private key to sign the response with
326 * @return string The encoded response string
327 */
328 function mnet_server_prepare_response($response, $privatekey = null) {
329 global $MNET_REMOTE_CLIENT;
330
331 if ($MNET_REMOTE_CLIENT->request_was_signed) {
332 $response = mnet_sign_message($response, $privatekey);
333 }
334
335 if ($MNET_REMOTE_CLIENT->request_was_encrypted) {
336 $response = mnet_encrypt_message($response, $MNET_REMOTE_CLIENT->public_key);
337 }
338
339 return $response;
340 }
341
342 /**
343 * If security checks are passed, dispatch the request to the function/method
344 *
345 * The config variable 'mnet_dispatcher_mode' can be:
346 * strict: Only execute functions that are in specific files
347 * off: The default - don't execute anything
348 *
349 * @param string $payload The XML-RPC request
350 * @return No return val - just echo the response
351 */
352 function mnet_server_dispatch($payload) {
353 global $CFG, $MNET_REMOTE_CLIENT;
354 // xmlrpc_decode_request returns an array of parameters, and the $method
355 // variable (which is passed by reference) is instantiated with the value from
356 // the methodName tag in the xml payload
357 // xmlrpc_decode_request($xml, &$method)
358 $params = xmlrpc_decode_request($payload, $method);
359
360 // $method is something like: "mod/forum/lib.php/forum_add_instance"
361 // $params is an array of parameters. A parameter might itself be an array.
362
363 // Whitelist characters that are permitted in a method name
364 // The method name must not begin with a / - avoid absolute paths
365 // A dot character . is only allowed in the filename, i.e. something.php
366 if (0 == preg_match("@^[A-Za-z0-9]+/[A-Za-z0-9/_-]+(\.php/)?[A-Za-z0-9_-]+$@",$method)) {
367 exit(mnet_server_fault(713, 'nosuchfunction'));
368 }
369
370 if(preg_match("/^system\./", $method)) {
371 $callstack = explode('.', $method);
372 } else {
373 $callstack = explode('/', $method);
374 // callstack will look like array('mod', 'forum', 'lib.php', 'forum_add_instance');
375 }
376
377 /**
378 * What has the site administrator chosen as his dispatcher setting?
379 * strict: Only execute functions that are in specific files
380 * off: The default - don't execute anything
381 */
382 ////////////////////////////////////// OFF
383 if (!isset($CFG->mnet_dispatcher_mode) ) {
384 set_config('mnet_dispatcher_mode', 'off');
385 exit(mnet_server_fault(704, 'nosuchservice'));
386 } elseif ('off' == $CFG->mnet_dispatcher_mode) {
387 exit(mnet_server_fault(704, 'nosuchservice'));
388
389 ////////////////////////////////////// SYSTEM METHODS
390 } elseif ($callstack[0] == 'system') {
391 $functionname = $callstack[1];
392 $xmlrpcserver = xmlrpc_server_create();
393
394 // I'm adding the canonical xmlrpc references here, however we've
395 // already forbidden that the period (.) should be allowed in the call
396 // stack, so if someone tries to access our XMLRPC in the normal way,
397 // they'll already have received a RPC server fault message.
398
399 // Maybe we should allow an easement so that regular XMLRPC clients can
400 // call our system methods, and find out what we have to offer?
401
402 xmlrpc_server_register_method($xmlrpcserver, 'system.listMethods', 'mnet_system');
403 xmlrpc_server_register_method($xmlrpcserver, 'system/listMethods', 'mnet_system');
404
405 xmlrpc_server_register_method($xmlrpcserver, 'system.methodSignature', 'mnet_system');
406 xmlrpc_server_register_method($xmlrpcserver, 'system/methodSignature', 'mnet_system');
407
408 xmlrpc_server_register_method($xmlrpcserver, 'system.methodHelp', 'mnet_system');
409 xmlrpc_server_register_method($xmlrpcserver, 'system/methodHelp', 'mnet_system');
410
411 xmlrpc_server_register_method($xmlrpcserver, 'system.listServices', 'mnet_system');
412 xmlrpc_server_register_method($xmlrpcserver, 'system/listServices', 'mnet_system');
413
414 xmlrpc_server_register_method($xmlrpcserver, 'system.keyswap', 'mnet_keyswap');
415 xmlrpc_server_register_method($xmlrpcserver, 'system/keyswap', 'mnet_keyswap');
416
417 if ($method == 'system.listMethods' ||
418 $method == 'system/listMethods' ||
419 $method == 'system.methodSignature' ||
420 $method == 'system/methodSignature' ||
421 $method == 'system.methodHelp' ||
422 $method == 'system/methodHelp' ||
423 $method == 'system.listServices' ||
424 $method == 'system/listServices' ||
425 $method == 'system.keyswap' ||
426 $method == 'system/keyswap') {
427
428 $response = xmlrpc_server_call_method($xmlrpcserver, $payload, $MNET_REMOTE_CLIENT, array("encoding" => "utf-8"));
429 $response = mnet_server_prepare_response($response);
430 } else {
431 exit(mnet_server_fault(7018, 'nosuchfunction'));
432 }
433
434 xmlrpc_server_destroy($xmlrpcserver);
435 echo $response;
436 ////////////////////////////////////// STRICT AUTH
437 } elseif ($callstack[0] == 'auth') {
438
439 // Break out the callstack into its elements
440 list($base, $plugin, $filename, $methodname) = $callstack;
441
442 // We refuse to include anything that is not auth.php
443 if ($filename == 'auth.php' && is_enabled_auth($plugin)) {
444 $authclass = 'auth_plugin_'.$plugin;
445 $includefile = '/auth/'.$plugin.'/auth.php';
446 $response = mnet_server_invoke_method($includefile, $methodname, $method, $payload, $authclass);
447 $response = mnet_server_prepare_response($response);
448 echo $response;
449 } else {
450 // Generate error response - unable to locate function
451 exit(mnet_server_fault(702, 'nosuchfunction'));
452 }
453
454 ////////////////////////////////////// STRICT ENROL
455 } elseif ($callstack[0] == 'enrol') {
456
457 // Break out the callstack into its elements
458 list($base, $plugin, $filename, $methodname) = $callstack;
459
460 if ($filename == 'enrol.php' && is_enabled_enrol($plugin)) {
461 $enrolclass = 'enrolment_plugin_'.$plugin;
462 $includefile = '/enrol/'.$plugin.'/enrol.php';
463 $response = mnet_server_invoke_method($includefile, $methodname, $method, $payload, $enrolclass);
464 $response = mnet_server_prepare_response($response);
465 echo $response;
466 } else {
467 // Generate error response - unable to locate function
468 exit(mnet_server_fault(703, 'nosuchfunction'));
469 }
470
471 ////////////////////////////////////// STRICT MOD/*
472 } elseif ($callstack[0] == 'mod' || 'dangerous' == $CFG->mnet_dispatcher_mode) {
473 list($base, $module, $filename, $functionname) = $callstack;
474
475 ////////////////////////////////////// STRICT MOD/*
476 if ($base == 'mod' && $filename == 'rpclib.php') {
477 $includefile = '/mod/'.$module.'/rpclib.php';
478 $response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
479 $response = mnet_server_prepare_response($response);
480 echo $response;
481
482 ////////////////////////////////////// DANGEROUS
483 } elseif ('dangerous' == $CFG->mnet_dispatcher_mode && $MNET_REMOTE_CLIENT->plaintext_is_ok()) {
484
485 $functionname = array_pop($callstack);
486
487 if ($MNET_REMOTE_CLIENT->plaintext_is_ok()) {
488
489 $filename = clean_param(implode('/',$callstack), PARAM_PATH);
490 if (0 == preg_match("/php$/", $filename)) {
491 // Filename doesn't end in 'php'; possible attack?
492 // Generate error response - unable to locate function
493 exit(mnet_server_fault(7012, 'nosuchfunction'));
494 }
495
496 // The call stack holds the path to any include file
497 $includefile = $CFG->dirroot.'/'.$filename;
498
499 $response = mnet_server_invoke_method($includefile, $functionname, $method, $payload);
500 echo $response;
501 }
502
503 } else {
504 // Generate error response - unable to locate function
505 exit(mnet_server_fault(7012, 'nosuchfunction'));
506 }
507
508 } else {
509 // Generate error response - unable to locate function
510 exit(mnet_server_fault(7012, 'nosuchfunction'));
511 }
512 }
513
514 /**
515 * Execute the system functions - mostly for introspection
516 *
517 * @param string $method XMLRPC method name, e.g. system.listMethods
518 * @param array $params Array of parameters from the XMLRPC request
519 * @param string $hostinfo Hostinfo object from the mnet_host table
520 * @return mixed Response data - any kind of PHP variable
521 */
522 function mnet_system($method, $params, $hostinfo) {
523 global $CFG;
524
525 if (empty($hostinfo)) return array();
526
527 $id_list = $hostinfo->id;
528 if (!empty($CFG->mnet_all_hosts_id)) {
529 $id_list .= ', '.$CFG->mnet_all_hosts_id;
530 }
531
532 if ('system.listMethods' == $method || 'system/listMethods' == $method) {
533 if (count($params) == 0) {
534 $query = '
535 SELECT DISTINCT
536 rpc.function_name,
537 rpc.xmlrpc_path,
538 rpc.enabled,
539 rpc.help,
540 rpc.profile
541 FROM
542 '.$CFG->prefix.'mnet_host2service h2s,
543 '.$CFG->prefix.'mnet_service2rpc s2r,
544 '.$CFG->prefix.'mnet_rpc rpc
545 WHERE
546 s2r.rpcid = rpc.id AND
547 h2s.serviceid = s2r.serviceid AND
548 h2s.hostid in ('.$id_list .') AND
549 h2s.publish =\'1\'
550 ORDER BY
551 rpc.xmlrpc_path ASC';
552
553 } else {
554 $query = '
555 SELECT DISTINCT
556 rpc.function_name,
557 rpc.xmlrpc_path,
558 rpc.enabled,
559 rpc.help,
560 rpc.profile
561 FROM
562 '.$CFG->prefix.'mnet_host2service h2s,
563 '.$CFG->prefix.'mnet_service2rpc s2r,
564 '.$CFG->prefix.'mnet_service svc,
565 '.$CFG->prefix.'mnet_rpc rpc
566 WHERE
567 s2r.rpcid = rpc.id AND
568 h2s.serviceid = s2r.serviceid AND
569 h2s.hostid in ('.$id_list .') AND
570 h2s.publish =\'1\' AND
571 svc.id = h2s.serviceid AND
572 svc.name = \''.$params[0].'\'
573 ORDER BY
574 rpc.xmlrpc_path ASC';
575
576 }
577 $resultset = array_values(get_records_sql($query));
578 $methods = array();
579 foreach($resultset as $result) {
580 $methods[] = $result->xmlrpc_path;
581 }
582 return $methods;
583 } elseif ('system.methodSignature' == $method || 'system/methodSignature' == $method) {
584 $query = '
585 SELECT DISTINCT
586 rpc.function_name,
587 rpc.xmlrpc_path,
588 rpc.enabled,
589 rpc.help,
590 rpc.profile
591 FROM
592 '.$CFG->prefix.'mnet_host2service h2s,
593 '.$CFG->prefix.'mnet_service2rpc s2r,
594 '.$CFG->prefix.'mnet_rpc rpc
595 WHERE
596 rpc.xmlrpc_path = \''.$params[0].'\' AND
597 s2r.rpcid = rpc.id AND
598 h2s.serviceid = s2r.serviceid AND
599 h2s.publish =\'1\' AND
600 h2s.hostid in ('.$id_list .')';
601
602 $result = get_records_sql($query);
603 $methodsigs = array();
604
605 if (is_array($result)) {
606 foreach($result as $method) {
607 $methodsigs[] = unserialize($method->profile);
608 }
609 }
610
611 return $methodsigs;
612 } elseif ('system.methodHelp' == $method || 'system/methodHelp' == $method) {
613 $query = '
614 SELECT DISTINCT
615 rpc.function_name,
616 rpc.xmlrpc_path,
617 rpc.enabled,
618 rpc.help,
619 rpc.profile
620 FROM
621 '.$CFG->prefix.'mnet_host2service h2s,
622 '.$CFG->prefix.'mnet_service2rpc s2r,
623 '.$CFG->prefix.'mnet_rpc rpc
624 WHERE
625 rpc.xmlrpc_path = \''.$params[0].'\' AND
626 s2r.rpcid = rpc.id AND
627 h2s.publish =\'1\' AND
628 h2s.serviceid = s2r.serviceid AND
629 h2s.hostid in ('.$id_list .')';
630
631 $result = get_record_sql($query);
632
633 if (is_object($result)) {
634 return $result->help;
635 }
636 } elseif ('system.listServices' == $method || 'system/listServices' == $method) {
637 $query = '
638 SELECT DISTINCT
639 s.id,
640 s.name,
641 s.apiversion,
642 h2s.publish,
643 h2s.subscribe
644 FROM
645 '.$CFG->prefix.'mnet_host2service h2s,
646 '.$CFG->prefix.'mnet_service s
647 WHERE
648 h2s.serviceid = s.id AND
649 (h2s.publish =\'1\' OR h2s.subscribe =\'1\') AND
650 h2s.hostid in ('.$id_list .')
651 ORDER BY
652 s.name ASC';
653
654 $result = get_records_sql($query);
655 $services = array();
656
657 if (is_array($result)) {
658 foreach($result as $service) {
659 $services[] = array('name' => $service->name,
660 'apiversion' => $service->apiversion,
661 'publish' => $service->publish,
662 'subscribe' => $service->subscribe);
663 }
664 }
665
666 return $services;
667 }
668 exit(mnet_server_fault(7019, 'nosuchfunction'));
669 }
670
671 /**
672 * Initialize the object (if necessary), execute the method or function, and
673 * return the response
674 *
675 * @param string $includefile The file that contains the object definition
676 * @param string $methodname The name of the method to execute
677 * @param string $method The full path to the method
678 * @param string $payload The XML-RPC request payload
679 * @param string $class The name of the class to instantiate (or false)
680 * @return string The XML-RPC response
681 */
682 function mnet_server_invoke_method($includefile, $methodname, $method, $payload, $class=false) {
683
684 $permission = mnet_permit_rpc_call($includefile, $methodname, $class);
685
686 if (RPC_NOSUCHFILE == $permission) {
687 // Generate error response - unable to locate function
688 exit(mnet_server_fault(705, 'nosuchfile', $includefile));
689 }
690
691 if (RPC_NOSUCHFUNCTION == $permission) {
692 // Generate error response - unable to locate function
693 exit(mnet_server_fault(706, 'nosuchfunction'));
694 }
695
696 if (RPC_FORBIDDENFUNCTION == $permission) {
697 // Generate error response - unable to locate function
698 exit(mnet_server_fault(707, 'forbidden-function'));
699 }
700
701 if (RPC_NOSUCHCLASS == $permission) {
702 // Generate error response - unable to locate function
703 exit(mnet_server_fault(7013, 'nosuchfunction'));
704 }
705
706 if (RPC_NOSUCHMETHOD == $permission) {
707 // Generate error response - unable to locate function
708 exit(mnet_server_fault(7014, 'nosuchmethod'));
709 }
710
711 if (RPC_NOSUCHFUNCTION == $permission) {
712 // Generate error response - unable to locate function
713 exit(mnet_server_fault(7014, 'nosuchmethod'));
714 }
715
716 if (RPC_FORBIDDENMETHOD == $permission) {
717 // Generate error response - unable to locate function
718 exit(mnet_server_fault(7015, 'nosuchfunction'));
719 }
720
721 if (0 < $permission) {
722 // Generate error response - unable to locate function
723 exit(mnet_server_fault(7019, 'unknownerror'));
724 }
725
726 if (RPC_OK == $permission) {
727 $xmlrpcserver = xmlrpc_server_create();
728 $bool = xmlrpc_server_register_method($xmlrpcserver, $method, 'mnet_server_dummy_method');
729 $response = xmlrpc_server_call_method($xmlrpcserver, $payload, $methodname, array("encoding" => "utf-8"));
730 $bool = xmlrpc_server_destroy($xmlrpcserver);
731 return $response;
732 }
733 }
734
735 /**
736 * Accepts a public key from a new remote host and returns the public key for
737 * this host. If 'register all hosts' is turned on, it will bootstrap a record
738 * for the remote host in the mnet_host table (if it's not already there)
739 *
740 * @param string $function XML-RPC requires this but we don't... discard!
741 * @param array $params Array of parameters
742 * $params[0] is the remote wwwroot
743 * $params[1] is the remote public key
744 * @return string The XML-RPC response
745 */
746 function mnet_keyswap($function, $params) {
747 global $CFG, $MNET;
748 $return = array();
749
750 if (!empty($CFG->mnet_register_allhosts)) {
751 $mnet_peer = new mnet_peer();
752 @list($wwwroot, $pubkey, $application) = each($params);
753 $keyok = $mnet_peer->bootstrap($wwwroot, $pubkey, $application);
754 if ($keyok) {
755 $mnet_peer->commit();
756 }
757 }
758 return $MNET->public_key;
759 }
760
761 ?>
Moodle Repo, with LinuxChix modifications