diff --git a/conf/provisioning.conf b/conf/provisioning.conf index c4d4820..0e8fc79 100644 --- a/conf/provisioning.conf +++ b/conf/provisioning.conf @@ -36,4 +36,11 @@ define("REMOTE_PROVISIONING_DEFAULT_TRANSPORT", "tls"); */ define("REMOTE_PROVISIONING_ONE_TIME_PASSWORD", False); +/* + * If set to True, digest authentication will be asked for remote provisioning process (see auth.conf). + * + * Default value: False + */ +define("REMOTE_PROVISIONING_USE_DIGEST_AUTH", False); + ?> \ No newline at end of file diff --git a/src/xmlrpc/authentication.php b/src/xmlrpc/authentication.php index 346a260..5e8ea45 100644 --- a/src/xmlrpc/authentication.php +++ b/src/xmlrpc/authentication.php @@ -53,9 +53,8 @@ function authenticate($auth_digest, $realm = "sip.example.org") { Logger::getInstance()->debug("Authenticate : Digest ".(print_r($auth_digest, true))." realm " . $realm); // Parse the client authentication data - $default = array('nounce', 'nc', 'cnounce', 'qop', 'username', 'uri', 'response'); - preg_match_all('~(\w+)="?([^",]+)"?~', $auth_digest, $matches); # $_SERVER['PHP_AUTH_DIGEST'] - $data = array_combine($matches[1] + $default, $matches[2]); + preg_match_all('@(realm|username|nonce|uri|nc|cnonce|qop|response|opaque|algorithm)=[\'"]?([^\'",]+)@', $auth_digest, $a); + $data = array_combine($a[1], $a[2]); // Get the password/hash from database $database = new Database(); diff --git a/src/xmlrpc/provisioning.php b/src/xmlrpc/provisioning.php index 11991ad..7400595 100644 --- a/src/xmlrpc/provisioning.php +++ b/src/xmlrpc/provisioning.php @@ -21,11 +21,41 @@ header("Access-Control-Allow-Origin: *"); include_once __DIR__ . '/../misc/utilities.php'; + include_once __DIR__ . '/../objects/account.php'; include_once __DIR__ . '/../objects/password.php'; +include_once __DIR__ . '/authentication.php'; + $logger = Logger::getInstance(); +if (REMOTE_PROVISIONING_USE_DIGEST_AUTH) { + $headers = getallheaders(); + + // Get authentication header if there is one + if (!empty($headers['Auth-Digest'])) { + $logger->debug("Auth-Digest = " . $headers['Auth-Digest']); + $authorization = $headers['Auth-Digest']; + } elseif (!empty($headers['Authorization'])) { + $logger->debug("Authorization = " . $headers['Authorization']); + $authorization = $headers['Authorization']; + } + + if (!empty($authorization)) { + $authentication_status = authenticate($authorization, AUTH_REALM); + + if ($authentication_status == true) { + Logger::getInstance()->debug("Authentication successful"); + } else { + Logger::getInstance()->debug("Authentication failed"); + request_authentication(AUTH_REALM); + } + } else { + Logger::getInstance()->debug("No authentication header"); + request_authentication(AUTH_REALM); + } +} + if (isset($_GET['qrcode']) && $_GET['qrcode'] == 1) { $query = $_GET; $query['qrcode'] = 0; diff --git a/src/xmlrpc/xmlrpc.php b/src/xmlrpc/xmlrpc.php index cdee579..1729761 100644 --- a/src/xmlrpc/xmlrpc.php +++ b/src/xmlrpc/xmlrpc.php @@ -86,16 +86,16 @@ if (USE_DIGEST_AUTH) { // Authentication if (in_array($request_type, $unauthenticated_requests) == false) { if (!empty($authorization)) { - $authentication_status = authenticate(AUTH_REALM); + $authentication_status = authenticate($authorization, AUTH_REALM); if ($authentication_status == true) { - Logger::getInstance()->debug("Authentication successful for " . $headers['From']); + Logger::getInstance()->debug("Authentication successful"); } else { - Logger::getInstance()->debug("Authentication failed for " . $headers['From']); + Logger::getInstance()->debug("Authentication failed"); request_authentication(AUTH_REALM); } } else { - Logger::getInstance()->debug("No authentication header for " . $headers['From']); + Logger::getInstance()->debug("No authentication header"); request_authentication(AUTH_REALM); } }