mirrors/flexisip-account-manager
1
0
Fork 0
mirror of https://gitlab.linphone.org/BC/public/flexisip-account-manager.git synced 2026-01-17 10:08:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added digest auth to provisioning.php

Browse source
This commit is contained in:
Sylvain Berfini 2020-08-20 10:41:55 +02:00
parent 172dd08423
commit bffcde2193
4 changed files with 43 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
conf/provisioning.conf
View file

@ -36,4 +36,11 @@ define("REMOTE_PROVISIONING_DEFAULT_TRANSPORT", "tls");
*/
define("REMOTE_PROVISIONING_ONE_TIME_PASSWORD", False);
/*
* If set to True, digest authentication will be asked for remote provisioning process (see auth.conf).
*
* Default value: False
*/
define("REMOTE_PROVISIONING_USE_DIGEST_AUTH", False);
?>

5
src/xmlrpc/authentication.php
View file

@ -53,9 +53,8 @@ function authenticate($auth_digest, $realm = "sip.example.org")
{
Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm);
// Parse the client authentication data
$default = array('nounce', 'nc', 'cnounce', 'qop', 'username', 'uri', 'response');
preg_match_all('~(\w+)="?([^",]+)"?~', $auth_digest, $matches); # $_SERVER['PHP_AUTH_DIGEST']
$data = array_combine($matches[1] + $default, $matches[2]);
preg_match_all('@(realm|username|nonce|uri|nc|cnonce|qop|response|opaque|algorithm)=[\'"]?([^\'",]+)@', $auth_digest, $a);
$data = array_combine($a[1], $a[2]);
// Get the password/hash from database
$database = new Database();

30
src/xmlrpc/provisioning.php
View file

@ -21,11 +21,41 @@
header("Access-Control-Allow-Origin: *");
include_once __DIR__ . '/../misc/utilities.php';
include_once __DIR__ . '/../objects/account.php';
include_once __DIR__ . '/../objects/password.php';
include_once __DIR__ . '/authentication.php';
$logger = Logger::getInstance();
if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) {
$headers = getallheaders();
// Get authentication header if there is one
if (!empty($headers['Auth-Digest'])) {
$logger->debug("Auth-Digest = " . $headers['Auth-Digest']);
$authorization = $headers['Auth-Digest'];
} elseif (!empty($headers['Authorization'])) {
$logger->debug("Authorization = " . $headers['Authorization']);
$authorization = $headers['Authorization'];
}
if (!empty($authorization)) {
$authentication_status = authenticate($authorization, AUTH_REALM);
if ($authentication_status == true) {
Logger::getInstance()->debug("Authentication successful");
} else {
Logger::getInstance()->debug("Authentication failed");
request_authentication(AUTH_REALM);
}
} else {
Logger::getInstance()->debug("No authentication header");
request_authentication(AUTH_REALM);
}
}
if (isset($_GET['qrcode']) && $_GET['qrcode'] == 1) {
$query = $_GET;
$query['qrcode'] = 0;

8
src/xmlrpc/xmlrpc.php
View file

@ -86,16 +86,16 @@ if (USE_DIGEST_AUTH) {
// Authentication
if (in_array($request_type, $unauthenticated_requests) == false) {
if (!empty($authorization)) {
$authentication_status = authenticate(AUTH_REALM);
$authentication_status = authenticate($authorization, AUTH_REALM);
if ($authentication_status == true) {
Logger::getInstance()->debug("Authentication successful for " . $headers['From']);
Logger::getInstance()->debug("Authentication successful");
} else {
Logger::getInstance()->debug("Authentication failed for " . $headers['From']);
Logger::getInstance()->debug("Authentication failed");
request_authentication(AUTH_REALM);
}
} else {
Logger::getInstance()->debug("No authentication header for " . $headers['From']);
Logger::getInstance()->debug("No authentication header");
request_authentication(AUTH_REALM);
}
}