5 if (!stristr($_SERVER["CONTENT_TYPE"], "application/soap+xml")) {
6 error_log("spp.php - Unexpected Content-Type " . $_SERVER["CONTENT_TYPE"]);
7 die("Unexpected Content-Type");
10 if ($_SERVER["REQUEST_METHOD"] != "POST") {
11 error_log("spp.php - Unexpected method " . $_SERVER["REQUEST_METHOD"]);
12 die("Unexpected method");
15 if (isset($_GET["realm"])) {
16 $realm = $_GET["realm"];
17 $realm = PREG_REPLACE("/[^0-9a-zA-Z\.\-]/i", '', $realm);
19 error_log("spp.php - Realm not specified");
20 die("Realm not specified");
26 if (!empty($_SERVER['PHP_AUTH_DIGEST'])) {
27 $needed = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1,
28 'uri'=>1, 'response'=>1);
30 $keys = implode('|', array_keys($needed));
31 preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@',
32 $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER);
33 foreach ($matches as $m) {
34 $data[$m[1]] = $m[3] ? $m[3] : $m[4];
35 unset($needed[$m[1]]);
38 error_log("spp.php - Authentication failed - missing: " . print_r($needed));
39 die('Authentication failed');
41 $user = $data['username'];
42 if (strlen($user) < 1) {
43 error_log("spp.php - Authentication failed - empty username");
44 die('Authentication failed');
48 $db = new PDO($osu_db);
50 error_log("spp.php - Could not access database");
51 die("Could not access database");
53 $row = $db->query("SELECT password FROM users " .
54 "WHERE identity='$user' AND realm='$realm'")->fetch();
56 $row = $db->query("SELECT osu_password FROM users " .
57 "WHERE osu_user='$user' AND realm='$realm'")->fetch();
58 $pw = $row['osu_password'];
60 $pw = $row['password'];
62 error_log("spp.php - Authentication failed - user '$user' not found");
63 die('Authentication failed');
65 if (strlen($pw) < 1) {
66 error_log("spp.php - Authentication failed - empty password");
67 die('Authentication failed');
70 $A1 = md5($user . ':' . $realm . ':' . $pw);
71 $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']);
72 $resp = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' .
73 $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
74 if ($data['response'] != $resp) {
75 error_log("Authentication failure - response mismatch");
76 die('Authentication failed');
78 } else if (isset($_SERVER["SSL_CLIENT_VERIFY"]) &&
79 $_SERVER["SSL_CLIENT_VERIFY"] == "SUCCESS" &&
80 isset($_SERVER["SSL_CLIENT_M_SERIAL"])) {
81 $user = "cert-" . $_SERVER["SSL_CLIENT_M_SERIAL"];
82 putenv("HS20CERT=yes");
83 } else if (!isset($_SERVER["PATH_INFO"]) ||
84 $_SERVER["PATH_INFO"] != "/signup") {
85 header('HTTP/1.1 401 Unauthorized');
86 header('WWW-Authenticate: Digest realm="'.$realm.
87 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
88 error_log("spp.php - Authentication required (not signup)");
89 die('Authentication required (not signup)');
93 if (isset($user) && strlen($user) > 0)
94 putenv("HS20USER=$user");
98 putenv("HS20REALM=$realm");
99 putenv("HS20POST=$HTTP_RAW_POST_DATA");
100 $addr = $_SERVER["REMOTE_ADDR"];
101 putenv("HS20ADDR=$addr");
103 $last = exec("$osu_root/spp/hs20_spp_server -r$osu_root -f/tmp/hs20_spp_server.log", $output, $ret);
106 if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
107 header('HTTP/1.1 401 Unauthorized');
108 header('WWW-Authenticate: Digest realm="'.$realm.
109 '",qop="auth",nonce="'.uniqid().'",opaque="'.md5($realm).'"');
110 error_log("spp.php - Authentication required (ret 2)");
111 die('Authentication required');
113 error_log("spp.php - Unexpected authentication error");
114 die("Unexpected authentication error");
118 error_log("spp.php - Failed to process SPP request");
119 die("Failed to process SPP request");
121 //error_log("spp.php: Response: " . implode($output));
123 header("Content-Type: application/soap+xml");
125 echo implode($output);
projects / mech_eap.git / blob