1 | <?php |
---|
2 | // Copyright (c) 1999,2000,2001 Edd Dumbill. |
---|
3 | // All rights reserved. |
---|
4 | // |
---|
5 | // Redistribution and use in source and binary forms, with or without |
---|
6 | // modification, are permitted provided that the following conditions |
---|
7 | // are met: |
---|
8 | // |
---|
9 | // * Redistributions of source code must retain the above copyright |
---|
10 | // notice, this list of conditions and the following disclaimer. |
---|
11 | // |
---|
12 | // * Redistributions in binary form must reproduce the above |
---|
13 | // copyright notice, this list of conditions and the following |
---|
14 | // disclaimer in the documentation and/or other materials provided |
---|
15 | // with the distribution. |
---|
16 | // |
---|
17 | // * Neither the name of the "XML-RPC for PHP" nor the names of its |
---|
18 | // contributors may be used to endorse or promote products derived |
---|
19 | // from this software without specific prior written permission. |
---|
20 | // |
---|
21 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
---|
22 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
---|
23 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS |
---|
24 | // FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE |
---|
25 | // REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
---|
26 | // INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES |
---|
27 | // (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR |
---|
28 | // SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
29 | // HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
---|
30 | // STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
---|
31 | // ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
---|
32 | // OF THE POSSIBILITY OF SUCH DAMAGE. |
---|
33 | |
---|
34 | |
---|
35 | /* BEGIN server class */ |
---|
36 | class xmlrpc_server extends xmlrpc_server_shared |
---|
37 | { |
---|
38 | var $dmap = array(); |
---|
39 | var $authed = False; |
---|
40 | var $req_array = array(); |
---|
41 | var $resp_struct = array(); |
---|
42 | var $debug = False; |
---|
43 | var $method_requested; |
---|
44 | var $log = False; //'/tmp/xmlrpc.log'; |
---|
45 | |
---|
46 | function xmlrpc_server($dispMap='', $serviceNow=0) |
---|
47 | { |
---|
48 | global $HTTP_RAW_POST_DATA; |
---|
49 | |
---|
50 | // dispMap is a despatch array of methods |
---|
51 | // mapped to function names and signatures |
---|
52 | // if a method |
---|
53 | // doesn't appear in the map then an unknown |
---|
54 | // method error is generated |
---|
55 | if($dispMap) |
---|
56 | { |
---|
57 | $this->dmap = $dispMap; |
---|
58 | if ($serviceNow) |
---|
59 | { |
---|
60 | $this->service(); |
---|
61 | } |
---|
62 | } |
---|
63 | } |
---|
64 | |
---|
65 | function serializeDebug() |
---|
66 | { |
---|
67 | if ($GLOBALS['_xmlrpc_debuginfo'] != '') |
---|
68 | { |
---|
69 | return "<!-- DEBUG INFO:\n\n" . $GLOBALS['_xmlrpc_debuginfo'] . "\n-->\n"; |
---|
70 | } |
---|
71 | else |
---|
72 | { |
---|
73 | return ''; |
---|
74 | } |
---|
75 | } |
---|
76 | |
---|
77 | function service($r=False) |
---|
78 | { |
---|
79 | global $HTTP_RAW_POST_DATA; |
---|
80 | |
---|
81 | if (!$r) // do we have a response, or we need to parse the request |
---|
82 | { |
---|
83 | $r = $this->parseRequest(); |
---|
84 | } |
---|
85 | if (!$r) |
---|
86 | { |
---|
87 | header('WWW-Authenticate: Basic realm="eGroupWare xmlrpc"'); |
---|
88 | header('HTTP/1.0 401 Unauthorized'); |
---|
89 | // for the log: |
---|
90 | $payload = "WWW-Authenticate: Basic realm=\"eGroupWare xmlrpc\"\nHTTP/1.0 401 Unauthorized\n"; |
---|
91 | } |
---|
92 | else |
---|
93 | { |
---|
94 | $payload = "<?xml version=\"1.0\"?>\n" . $this->serializeDebug() . $r->serialize(); |
---|
95 | Header("Content-type: text/xml\r\nContent-length: " . strlen($payload)); |
---|
96 | echo $GLOBALS['phpgw']->translation->convert($payload,$GLOBALS['phpgw']->translation->charset(),'utf-8'); |
---|
97 | } |
---|
98 | |
---|
99 | if ($this->log) |
---|
100 | { |
---|
101 | $fp = fopen($this->log,'a+'); |
---|
102 | fwrite($fp,"\n\n".date('Y-m-d H:i:s')." authorized=". |
---|
103 | ($this->authed?$GLOBALS['phpgw_info']['user']['account_lid']:'False'). |
---|
104 | ", method='$this->last_method'\n"); |
---|
105 | fwrite($fp,"==== GOT ============================\n".$HTTP_RAW_POST_DATA. |
---|
106 | "\n==== RETURNED =======================\n"); |
---|
107 | fputs($fp,$payload); |
---|
108 | fclose($fp); |
---|
109 | } |
---|
110 | |
---|
111 | if ($this->debug) |
---|
112 | { |
---|
113 | $this->echoInput(); |
---|
114 | |
---|
115 | $fp = fopen('/tmp/xmlrpc_debug.out','w'); |
---|
116 | fputs($fp,$payload); |
---|
117 | fclose($fp); |
---|
118 | } |
---|
119 | |
---|
120 | } |
---|
121 | |
---|
122 | /* |
---|
123 | add a method to the dispatch map |
---|
124 | */ |
---|
125 | function add_to_map($methodname,$function,$sig,$doc) |
---|
126 | { |
---|
127 | $this->dmap[$methodname] = array( |
---|
128 | 'function' => $function, |
---|
129 | 'signature' => $sig, |
---|
130 | 'docstring' => $doc |
---|
131 | ); |
---|
132 | } |
---|
133 | |
---|
134 | function verifySignature($in, $sig) |
---|
135 | { |
---|
136 | for($i=0; $i<sizeof($sig); $i++) |
---|
137 | { |
---|
138 | // check each possible signature in turn |
---|
139 | $cursig = $sig[$i]; |
---|
140 | if (sizeof($cursig) == $in->getNumParams()+1) |
---|
141 | { |
---|
142 | $itsOK = 1; |
---|
143 | for($n=0; $n<$in->getNumParams(); $n++) |
---|
144 | { |
---|
145 | $p = $in->getParam($n); |
---|
146 | // print "<!-- $p -->\n"; |
---|
147 | if ($p->kindOf() == 'scalar') |
---|
148 | { |
---|
149 | $pt = $p->scalartyp(); |
---|
150 | } |
---|
151 | else |
---|
152 | { |
---|
153 | $pt = $p->kindOf(); |
---|
154 | } |
---|
155 | // $n+1 as first type of sig is return type |
---|
156 | if ($pt != $cursig[$n+1]) |
---|
157 | { |
---|
158 | $itsOK = 0; |
---|
159 | $pno = $n+1; |
---|
160 | $wanted = $cursig[$n+1]; |
---|
161 | $got = $pt; |
---|
162 | break; |
---|
163 | } |
---|
164 | } |
---|
165 | if ($itsOK) |
---|
166 | { |
---|
167 | return array(1); |
---|
168 | } |
---|
169 | } |
---|
170 | } |
---|
171 | return array(0, "Wanted $wanted, got $got at param $pno)"); |
---|
172 | } |
---|
173 | |
---|
174 | function reqtoarray($_req,$recursed=False) |
---|
175 | { |
---|
176 | switch(gettype($_req)) |
---|
177 | { |
---|
178 | case 'object': |
---|
179 | if($recursed) |
---|
180 | { |
---|
181 | return $_req->getval(); |
---|
182 | } |
---|
183 | else |
---|
184 | { |
---|
185 | $this->req_array = $_req->getval(); |
---|
186 | } |
---|
187 | break; |
---|
188 | case 'array': |
---|
189 | @reset($_req); |
---|
190 | $ele = array(); |
---|
191 | while(list($key,$val) = @each($_req)) |
---|
192 | { |
---|
193 | if($recursed) |
---|
194 | { |
---|
195 | $ele[$key] = $this->reqtoarray($val,True); |
---|
196 | } |
---|
197 | else |
---|
198 | { |
---|
199 | $this->req_array[$key] = $this->reqtoarray($val,True); |
---|
200 | } |
---|
201 | } |
---|
202 | if($recursed) |
---|
203 | { |
---|
204 | return $ele; |
---|
205 | } |
---|
206 | break; |
---|
207 | case 'string': |
---|
208 | case 'integer': |
---|
209 | if($recursed) |
---|
210 | { |
---|
211 | return $_req; |
---|
212 | } |
---|
213 | else |
---|
214 | { |
---|
215 | $this->req_array[] = $_req; |
---|
216 | } |
---|
217 | break; |
---|
218 | default: |
---|
219 | break; |
---|
220 | } |
---|
221 | } |
---|
222 | |
---|
223 | function build_resp($_res) |
---|
224 | { |
---|
225 | if (is_array($_res)) |
---|
226 | { |
---|
227 | $i = 0; |
---|
228 | $is_array = True; |
---|
229 | foreach($_res as $key => $val) |
---|
230 | { |
---|
231 | $ele[$key] = $this->build_resp($val,True); |
---|
232 | $is_array = $is_array && $i === $key; |
---|
233 | ++$i; |
---|
234 | } |
---|
235 | return CreateObject('phpgwapi.xmlrpcval',$ele,$is_array ? 'array' : 'struct'); |
---|
236 | } |
---|
237 | $_type = (is_integer($_res) ? 'int' : gettype($_res)); |
---|
238 | |
---|
239 | if ($_type == 'string' && (ereg('^[0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}$',$_res) |
---|
240 | || ereg('^[0-9]{4}[0-9]{2}[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}$',$_res) ) ) |
---|
241 | { |
---|
242 | $_type = 'dateTime.iso8601'; |
---|
243 | } |
---|
244 | // Passing an integer of 0 to the xmlrpcval constructor results in the value being lost. (jengo) |
---|
245 | if ($_type == 'int' && $_res == 0) |
---|
246 | { |
---|
247 | return CreateObject('phpgwapi.xmlrpcval','0',$_type); |
---|
248 | } |
---|
249 | return CreateObject('phpgwapi.xmlrpcval',$_res,$_type); |
---|
250 | } |
---|
251 | |
---|
252 | function parseRequest($data='') |
---|
253 | { |
---|
254 | global $HTTP_RAW_POST_DATA; |
---|
255 | |
---|
256 | $r = False; |
---|
257 | |
---|
258 | if ($data == '') |
---|
259 | { |
---|
260 | $data = $HTTP_RAW_POST_DATA; |
---|
261 | } |
---|
262 | $parser = xml_parser_create($GLOBALS['xmlrpc_defencoding']); |
---|
263 | |
---|
264 | $GLOBALS['_xh'][$parser] = array(); |
---|
265 | $GLOBALS['_xh'][$parser]['st'] = ''; |
---|
266 | $GLOBALS['_xh'][$parser]['cm'] = 0; |
---|
267 | $GLOBALS['_xh'][$parser]['isf'] = 0; |
---|
268 | $GLOBALS['_xh'][$parser]['params'] = array(); |
---|
269 | $GLOBALS['_xh'][$parser]['method'] = ''; |
---|
270 | |
---|
271 | // decompose incoming XML into request structure |
---|
272 | xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, true); |
---|
273 | xml_set_element_handler($parser, 'xmlrpc_se', 'xmlrpc_ee'); |
---|
274 | xml_set_character_data_handler($parser, 'xmlrpc_cd'); |
---|
275 | xml_set_default_handler($parser, 'xmlrpc_dh'); |
---|
276 | if (!xml_parse($parser, $data, 1)) |
---|
277 | { |
---|
278 | // return XML error as a faultCode |
---|
279 | $r = CreateObject('phpgwapi.xmlrpcresp','', |
---|
280 | $GLOBALS['xmlrpcerrxml'] + xml_get_error_code($parser), |
---|
281 | sprintf('XML error: %s at line %d', |
---|
282 | xml_error_string(xml_get_error_code($parser)), |
---|
283 | xml_get_current_line_number($parser)) |
---|
284 | ); |
---|
285 | xml_parser_free($parser); |
---|
286 | } |
---|
287 | else |
---|
288 | { |
---|
289 | xml_parser_free($parser); |
---|
290 | $m = CreateObject('phpgwapi.xmlrpcmsg',$GLOBALS['_xh'][$parser]['method']); |
---|
291 | // now add parameters in |
---|
292 | $plist = ''; |
---|
293 | for($i=0; $i<sizeof($GLOBALS['_xh'][$parser]['params']); $i++) |
---|
294 | { |
---|
295 | //print "<!-- " . $GLOBALS['_xh'][$parser]['params'][$i]. "-->\n"; |
---|
296 | $plist .= "$i - " . $GLOBALS['_xh'][$parser]['params'][$i]. " \n"; |
---|
297 | $code = '$m->addParam(' . $GLOBALS['_xh'][$parser]['params'][$i] . ');'; |
---|
298 | $code = str_replace(',,',",'',",$code); |
---|
299 | eval($code); |
---|
300 | } |
---|
301 | // uncomment this to really see what the server's getting! |
---|
302 | // xmlrpc_debugmsg($plist); |
---|
303 | // now to deal with the method |
---|
304 | $methName = $GLOBALS['_xh'][$parser]['method']; |
---|
305 | $_methName = $GLOBALS['_xh'][$parser]['method']; |
---|
306 | $this->last_method = $methName; |
---|
307 | |
---|
308 | if (ereg("^system\.", $methName)) |
---|
309 | { |
---|
310 | $dmap = $GLOBALS['_xmlrpcs_dmap']; |
---|
311 | $sysCall=1; |
---|
312 | } |
---|
313 | else |
---|
314 | { |
---|
315 | $dmap = $this->dmap; |
---|
316 | $sysCall=0; |
---|
317 | } |
---|
318 | |
---|
319 | if (!isset($dmap[$methName]['function'])) |
---|
320 | { |
---|
321 | if($sysCall && $this->authed) |
---|
322 | { |
---|
323 | $r = CreateObject('phpgwapi.xmlrpcresp', |
---|
324 | '', |
---|
325 | $GLOBALS['xmlrpcerr']['unknown_method'], |
---|
326 | $GLOBALS['xmlrpcstr']['unknown_method'] . ': ' . $methName |
---|
327 | ); |
---|
328 | return $r; |
---|
329 | } |
---|
330 | if ($this->authed) |
---|
331 | { |
---|
332 | /* phpgw mod - fetch the (bo) class methods to create the dmap */ |
---|
333 | // This part is to update session action to match |
---|
334 | $this->method_requested = $methName; |
---|
335 | |
---|
336 | $method = $methName; |
---|
337 | $tmp = explode('.',$methName); |
---|
338 | $methName = $tmp[2]; |
---|
339 | $service = $tmp[1]; |
---|
340 | $class = $tmp[0]; |
---|
341 | |
---|
342 | if (ereg('^service',$method)) |
---|
343 | { |
---|
344 | $t = 'phpgwapi.' . $class . '.exec'; |
---|
345 | $dmap = ExecMethod($t,array($service,'list_methods','xmlrpc')); |
---|
346 | } |
---|
347 | elseif($GLOBALS['phpgw']->acl->check('run',1,$class)) |
---|
348 | { |
---|
349 | /* This only happens if they have app access. If not, we will |
---|
350 | * return a fault below. |
---|
351 | */ |
---|
352 | $listmeth = $class . '.' . $service . '.' . 'list_methods'; |
---|
353 | $dmap = ExecMethod($listmeth,'xmlrpc'); |
---|
354 | } |
---|
355 | else |
---|
356 | { |
---|
357 | $r = CreateObject('phpgwapi.xmlrpcresp', |
---|
358 | '', |
---|
359 | $GLOBALS['xmlrpcerr']['no_access'], |
---|
360 | $GLOBALS['xmlrpcstr']['no_access'] |
---|
361 | ); |
---|
362 | return $r; |
---|
363 | } |
---|
364 | |
---|
365 | $this->dmap = $dmap; |
---|
366 | /* _debug_array($this->dmap);exit; */ |
---|
367 | } |
---|
368 | } |
---|
369 | |
---|
370 | if (isset($dmap[$methName]['function'])) |
---|
371 | { |
---|
372 | // dispatch if exists |
---|
373 | if (isset($dmap[$methName]['signature'])) |
---|
374 | { |
---|
375 | $sr = $this->verifySignature($m, $dmap[$methName]['signature'] ); |
---|
376 | } |
---|
377 | if ( (!isset($dmap[$methName]['signature'])) || $sr[0]) |
---|
378 | { |
---|
379 | // if no signature or correct signature |
---|
380 | if ($sysCall) |
---|
381 | { |
---|
382 | $code = '$r=' . $dmap[$methName]['function'] . '($this, $m);'; |
---|
383 | $code = str_replace(',,',",'',",$code); |
---|
384 | eval($code); |
---|
385 | } |
---|
386 | else |
---|
387 | { |
---|
388 | if (function_exists($dmap[$methName]['function'])) |
---|
389 | { |
---|
390 | $code = '$r =' . $dmap[$methName]['function'] . '($m);'; |
---|
391 | $code = str_replace(',,',",'',",$code); |
---|
392 | eval($code); |
---|
393 | } |
---|
394 | else |
---|
395 | { |
---|
396 | /* phpgw mod - finally, execute the function call and return the values */ |
---|
397 | $params = $GLOBALS['_xh'][$parser]['params'][0]; |
---|
398 | $code = '$p = ' . $params . ';'; |
---|
399 | if (count($params) != 0) |
---|
400 | { |
---|
401 | eval($code); |
---|
402 | $params = $p->getval(); |
---|
403 | } |
---|
404 | |
---|
405 | // _debug_array($params); |
---|
406 | $this->reqtoarray($params); |
---|
407 | // decode from utf-8 to our charset |
---|
408 | $this->req_array = $GLOBALS['phpgw']->translation->convert($this->req_array,'utf-8'); |
---|
409 | //_debug_array($this->req_array); |
---|
410 | if (ereg('^service',$method)) |
---|
411 | { |
---|
412 | $res = ExecMethod('phpgwapi.service.exec',array($service,$methName,$this->req_array)); |
---|
413 | } |
---|
414 | else |
---|
415 | { |
---|
416 | list($s,$c,$m) = explode('.',$_methName); |
---|
417 | $res = ExecMethod($s . '.' . $c . '.' . $dmap[$methName]['function'],$this->req_array); |
---|
418 | } |
---|
419 | //$this->resp_struct = array($this->build_resp($res,True)); |
---|
420 | //@reset($this->resp_struct); |
---|
421 | //$r = CreateObject('phpgwapi.xmlrpcresp',CreateObject('phpgwapi.xmlrpcval',$this->resp_struct,'struct')); |
---|
422 | // this fixes the unnecessary (and not standard-conform) array/xmlrpc struct around everything |
---|
423 | $r = CreateObject('phpgwapi.xmlrpcresp',$this->build_resp($res,True)); |
---|
424 | /* _debug_array($r); */ |
---|
425 | } |
---|
426 | } |
---|
427 | } |
---|
428 | else |
---|
429 | { |
---|
430 | $r = CreateObject('phpgwapi.xmlrpcresp', |
---|
431 | '', |
---|
432 | $GLOBALS['xmlrpcerr']['incorrect_params'], |
---|
433 | $GLOBALS['xmlrpcstr']['incorrect_params'] . ': ' . $sr[1] |
---|
434 | ); |
---|
435 | } |
---|
436 | } |
---|
437 | else |
---|
438 | { |
---|
439 | // else prepare error response |
---|
440 | if(!$this->authed) |
---|
441 | { |
---|
442 | $r = False; // send 401 header to force authorization |
---|
443 | /*CreateObject('phpgwapi.xmlrpcresp', |
---|
444 | CreateObject('phpgwapi.xmlrpcval', |
---|
445 | 'UNAUTHORIZED', |
---|
446 | 'string' |
---|
447 | ) |
---|
448 | );*/ |
---|
449 | } |
---|
450 | else |
---|
451 | { |
---|
452 | $r = CreateObject('phpgwapi.xmlrpcresp', |
---|
453 | '', |
---|
454 | $GLOBALS['xmlrpcerr']['unknown_method'], |
---|
455 | $GLOBALS['xmlrpcstr']['unknown_method'] . ': ' . $methName |
---|
456 | ); |
---|
457 | } |
---|
458 | } |
---|
459 | } |
---|
460 | return $r; |
---|
461 | } |
---|
462 | |
---|
463 | function echoInput() |
---|
464 | { |
---|
465 | global $HTTP_RAW_POST_DATA; |
---|
466 | |
---|
467 | // a debugging routine: just echos back the input |
---|
468 | // packet as a string value |
---|
469 | |
---|
470 | $r = CreateObject('phpgwapi.xmlrpcresp',CreateObject('phpgwapi.xmlrpcval',"'Aha said I: '" . $HTTP_RAW_POST_DATA,'string')); |
---|
471 | //echo $r->serialize(); |
---|
472 | |
---|
473 | $fp = fopen('/tmp/xmlrpc_debug.in','w'); |
---|
474 | fputs($fp,$r->serialize); |
---|
475 | fputs($fp,$HTTP_RAW_POST_DATA); |
---|
476 | fclose($fp); |
---|
477 | } |
---|
478 | |
---|
479 | function xmlrpc_error($error_number, $error_string) |
---|
480 | { |
---|
481 | $r = CreateObject('phpgwapi.xmlrpcresp', |
---|
482 | '', |
---|
483 | $error_number, |
---|
484 | $error_string . ': ' . $this->last_method |
---|
485 | ); |
---|
486 | $this->service($r); |
---|
487 | exit; |
---|
488 | } |
---|
489 | } |
---|
490 | ?> |
---|