Revision 7e982e0a
Added by Scott Ullrich almost 14 years ago
| usr/local/www/xmlrpc.php | ||
|---|---|---|
| 84 | 84 |
) |
| 85 | 85 |
); |
| 86 | 86 |
|
| 87 |
function xmlrpc_authfail() {
|
|
| 88 |
log_auth("webConfigurator authentication error for 'admin' from {$_SERVER['REMOTE_ADDR']}");
|
|
| 89 |
} |
|
| 90 |
|
|
| 87 | 91 |
function exec_php_xmlrpc($raw_params) {
|
| 88 | 92 |
global $config, $xmlrpc_g; |
| 89 | 93 |
|
| 90 | 94 |
$params = xmlrpc_params_to_php($raw_params); |
| 91 |
if(!xmlrpc_auth($params)) |
|
| 95 |
if(!xmlrpc_auth($params)) {
|
|
| 96 |
xmlrpc_authfail(); |
|
| 92 | 97 |
return $xmlrpc_g['return']['authfail']; |
| 98 |
} |
|
| 93 | 99 |
$exec_php = $params[0]; |
| 94 | 100 |
eval($exec_php); |
| 95 | 101 |
if($toreturn) {
|
| ... | ... | |
| 113 | 119 |
global $config, $xmlrpc_g; |
| 114 | 120 |
|
| 115 | 121 |
$params = xmlrpc_params_to_php($raw_params); |
| 116 |
if(!xmlrpc_auth($params)) |
|
| 122 |
if(!xmlrpc_auth($params)) {
|
|
| 123 |
xmlrpc_authfail(); |
|
| 117 | 124 |
return $xmlrpc_g['return']['authfail']; |
| 125 |
} |
|
| 118 | 126 |
$shell_cmd = $params[0]; |
| 119 | 127 |
mwexec($shell_cmd); |
| 120 | 128 |
|
| ... | ... | |
| 135 | 143 |
global $config, $xmlrpc_g; |
| 136 | 144 |
|
| 137 | 145 |
$params = xmlrpc_params_to_php($raw_params); |
| 138 |
if(!xmlrpc_auth($params)) |
|
| 146 |
if(!xmlrpc_auth($params)) {
|
|
| 147 |
xmlrpc_authfail(); |
|
| 139 | 148 |
return $xmlrpc_g['return']['authfail']; |
| 149 |
} |
|
| 140 | 150 |
$val = array_intersect_key($config, array_flip($params[0])); |
| 141 | 151 |
|
| 142 | 152 |
return new XML_RPC_Response(XML_RPC_encode($val)); |
| ... | ... | |
| 156 | 166 |
global $config, $xmlrpc_g; |
| 157 | 167 |
|
| 158 | 168 |
$params = xmlrpc_params_to_php($raw_params); |
| 159 |
if(!xmlrpc_auth($params)) |
|
| 169 |
if(!xmlrpc_auth($params)) {
|
|
| 170 |
xmlrpc_authfail(); |
|
| 160 | 171 |
return $xmlrpc_g['return']['authfail']; |
| 161 |
|
|
| 172 |
} |
|
| 162 | 173 |
$vipbackup = array(); |
| 163 | 174 |
$oldvips = array(); |
| 164 | 175 |
if (isset($params[0]['virtualip'])) {
|
| ... | ... | |
| 262 | 273 |
global $config, $xmlrpc_g; |
| 263 | 274 |
|
| 264 | 275 |
$params = xmlrpc_params_to_php($raw_params); |
| 265 |
if(!xmlrpc_auth($params)) |
|
| 276 |
if(!xmlrpc_auth($params)) {
|
|
| 277 |
xmlrpc_authfail(); |
|
| 266 | 278 |
return $xmlrpc_g['return']['authfail']; |
| 279 |
} |
|
| 267 | 280 |
$config['installedpackages'] = array_merge($config['installedpackages'], $params[0]); |
| 268 | 281 |
$mergedkeys = implode(",", array_keys($params[0]));
|
| 269 | 282 |
write_config(sprintf(gettext("Merged in config (%s sections) from XMLRPC client."),$mergedkeys));
|
| ... | ... | |
| 284 | 297 |
function merge_config_section_xmlrpc($raw_params) {
|
| 285 | 298 |
global $config, $xmlrpc_g; |
| 286 | 299 |
$params = xmlrpc_params_to_php($raw_params); |
| 287 |
if(!xmlrpc_auth($params)) |
|
| 300 |
if(!xmlrpc_auth($params)) {
|
|
| 301 |
xmlrpc_authfail(); |
|
| 288 | 302 |
return $xmlrpc_g['return']['authfail']; |
| 303 |
} |
|
| 289 | 304 |
$config_new = array_overlay($config, $params[0]); |
| 290 | 305 |
$config = $config_new; |
| 291 | 306 |
$mergedkeys = implode(",", array_keys($params[0]));
|
| ... | ... | |
| 306 | 321 |
global $xmlrpc_g; |
| 307 | 322 |
|
| 308 | 323 |
$params = xmlrpc_params_to_php($raw_params); |
| 309 |
if(!xmlrpc_auth($params)) |
|
| 324 |
if(!xmlrpc_auth($params)) {
|
|
| 325 |
xmlrpc_authfail(); |
|
| 310 | 326 |
return $xmlrpc_g['return']['authfail']; |
| 327 |
} |
|
| 311 | 328 |
filter_configure(); |
| 312 | 329 |
system_routing_configure(); |
| 313 | 330 |
setup_gateways_monitor(); |
| ... | ... | |
| 334 | 351 |
global $xmlrpc_g; |
| 335 | 352 |
|
| 336 | 353 |
$params = xmlrpc_params_to_php($raw_params); |
| 337 |
if(!xmlrpc_auth($params)) |
|
| 354 |
if(!xmlrpc_auth($params)) {
|
|
| 355 |
xmlrpc_authfail(); |
|
| 338 | 356 |
return $xmlrpc_g['return']['authfail']; |
| 357 |
} |
|
| 339 | 358 |
interfaces_vips_configure(); |
| 340 | 359 |
|
| 341 | 360 |
return $xmlrpc_g['return']['true']; |
| ... | ... | |
| 355 | 374 |
global $xmlrpc_g, $XML_RPC_String; |
| 356 | 375 |
|
| 357 | 376 |
$params = xmlrpc_params_to_php($raw_params); |
| 358 |
if(!xmlrpc_auth($params)) |
|
| 377 |
if(!xmlrpc_auth($params)) {
|
|
| 378 |
xmlrpc_authfail(); |
|
| 359 | 379 |
return $xmlrpc_g['return']['authfail']; |
| 360 |
|
|
| 380 |
} |
|
| 361 | 381 |
return new XML_RPC_Response(new XML_RPC_Value(check_firmware_version(false), $XML_RPC_String)); |
| 362 | 382 |
} |
| 363 | 383 |
|
| ... | ... | |
| 375 | 395 |
global $xmlrpc_g; |
| 376 | 396 |
|
| 377 | 397 |
$params = xmlrpc_params_to_php($raw_params); |
| 378 |
if(!xmlrpc_auth($params)) |
|
| 379 |
return $xmlrpc_g['return']['authfail']; |
|
| 380 |
|
|
| 398 |
if(!xmlrpc_auth($params)) {
|
|
| 399 |
xmlrpc_authfail(); |
|
| 400 |
return $xmlrpc_g['return']['authfail']; |
|
| 401 |
} |
|
| 381 | 402 |
return new XML_RPC_Response(XML_RPC_encode(host_firmware_version())); |
| 382 | 403 |
} |
| 383 | 404 |
|
| ... | ... | |
| 388 | 409 |
global $xmlrpc_g; |
| 389 | 410 |
|
| 390 | 411 |
$params = xmlrpc_params_to_php($raw_params); |
| 391 |
if(!xmlrpc_auth($params)) |
|
| 412 |
if(!xmlrpc_auth($params)) {
|
|
| 413 |
xmlrpc_authfail(); |
|
| 392 | 414 |
return $xmlrpc_g['return']['authfail']; |
| 415 |
} |
|
| 393 | 416 |
mwexec_bg("/etc/rc.reboot");
|
| 394 | 417 |
|
| 395 | 418 |
return $xmlrpc_g['return']['true']; |
| ... | ... | |
| 410 | 433 |
global $g, $xmlrpc_g; |
| 411 | 434 |
|
| 412 | 435 |
$params = xmlrpc_params_to_php($raw_params); |
| 413 |
if(!xmlrpc_auth($params)) return $xmlrpc_g['return']['authfail']; |
|
| 436 |
if(!xmlrpc_auth($params)) {
|
|
| 437 |
xmlrpc_authfail(); |
|
| 438 |
return $xmlrpc_g['return']['authfail']; |
|
| 439 |
} |
|
| 414 | 440 |
require("notices.inc");
|
| 415 | 441 |
if(!$params) {
|
| 416 | 442 |
$toreturn = get_notices(); |
| ... | ... | |
| 479 | 505 |
return $a1; |
| 480 | 506 |
} |
| 481 | 507 |
|
| 482 |
?> |
|
| 508 |
?> |
|
Also available in: Unified diff
Log when XMLRPC auth fails so that the brute force lockout will kick in.