2012-06-04 16:58:40 +02:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2019-05-01 07:10:13 +02:00
|
|
|
Copyright (C) 2008-2019 All Rights Reserved.
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2015-02-04 04:53:34 +01:00
|
|
|
Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
|
2012-06-04 16:58:40 +02:00
|
|
|
*/
|
2014-01-15 23:07:40 +01:00
|
|
|
|
2016-11-27 02:35:10 +01:00
|
|
|
//includes
|
|
|
|
|
include "root.php";
|
|
|
|
|
require_once "resources/require.php";
|
|
|
|
|
require_once "resources/functions/device_by.php";
|
|
|
|
|
|
|
|
|
|
//logging
|
2017-10-09 07:12:38 +02:00
|
|
|
openlog("FusionPBX", LOG_PID | LOG_PERROR, LOG_LOCAL0);
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//set default variables
|
|
|
|
|
$dir_count = 0;
|
|
|
|
|
$file_count = 0;
|
|
|
|
|
$row_count = 0;
|
2013-04-10 00:27:02 +02:00
|
|
|
$device_template = '';
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2012-07-05 20:22:02 +02:00
|
|
|
//define PHP variables from the HTTP values
|
2012-10-03 16:10:37 +02:00
|
|
|
$mac = check_str($_REQUEST['mac']);
|
|
|
|
|
$file = check_str($_REQUEST['file']);
|
2016-05-06 09:49:43 +02:00
|
|
|
$ext = check_str($_REQUEST['ext']);
|
2014-01-29 05:50:50 +01:00
|
|
|
//if (strlen(check_str($_REQUEST['template'])) > 0) {
|
|
|
|
|
// $device_template = check_str($_REQUEST['template']);
|
|
|
|
|
//}
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2015-11-29 03:48:45 +01:00
|
|
|
//get the mac address for Cisco 79xx in the URL as &name=SEP000000000000
|
|
|
|
|
if (empty($mac)){
|
|
|
|
|
$name = check_str($_REQUEST['name']);
|
|
|
|
|
if (substr($name, 0, 3) == "SEP") {
|
2015-11-29 04:08:24 +01:00
|
|
|
$mac = strtolower(substr($name, 3, 12));
|
2015-11-29 03:48:45 +01:00
|
|
|
unset($name);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2016-05-06 09:49:43 +02:00
|
|
|
// Escence make request based on UserID for Memory keys
|
2016-09-21 00:51:17 +02:00
|
|
|
// The file name is fixed to `Account1_Extern.xml`.
|
|
|
|
|
// (Account1 is the first account you register)
|
2016-05-06 09:49:43 +02:00
|
|
|
if(empty($mac) && !empty($ext)){
|
|
|
|
|
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
|
|
|
|
$domain_name = $domain_array[0];
|
|
|
|
|
$device = device_by_ext($db, $ext, $domain_name);
|
2017-06-09 00:21:47 +02:00
|
|
|
if(($device !== false)&&(($device['device_vendor']=='escene')||($device['device_vendor']=='grandstream'))){
|
2016-05-06 09:49:43 +02:00
|
|
|
$mac = $device['device_mac_address'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-03 20:24:20 +01:00
|
|
|
//send http error
|
|
|
|
|
function http_error($error) {
|
|
|
|
|
if ($error === "404") {
|
|
|
|
|
header("HTTP/1.0 404 Not Found");
|
|
|
|
|
echo "<html>\n";
|
|
|
|
|
echo "<head><title>404 Not Found</title></head>\n";
|
|
|
|
|
echo "<body bgcolor=\"white\">\n";
|
|
|
|
|
echo "<center><h1>404 Not Found</h1></center>\n";
|
|
|
|
|
echo "<hr><center>nginx/1.12.1</center>\n";
|
|
|
|
|
echo "</body>\n";
|
|
|
|
|
echo "</html>\n";
|
|
|
|
|
}
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-05 20:22:02 +02:00
|
|
|
//check alternate MAC source
|
|
|
|
|
if (empty($mac)){
|
2014-01-09 23:17:09 +01:00
|
|
|
//set the http user agent
|
|
|
|
|
//$_SERVER['HTTP_USER_AGENT'] = "Yealink SIP-T38G 38.70.0.125 00:15:65:00:00:00";
|
2017-10-26 06:46:37 +02:00
|
|
|
//$_SERVER['HTTP_USER_AGENT'] = "Yealink SIP-T56A 58.80.0.25 001565f429a4";
|
2014-01-09 23:17:09 +01:00
|
|
|
//Yealink: 17 digit mac appended to the user agent, so check for a space exactly 17 digits before the end.
|
2015-03-16 18:46:34 +01:00
|
|
|
if (strtolower(substr($_SERVER['HTTP_USER_AGENT'],0,7)) == "yealink" || strtolower(substr($_SERVER['HTTP_USER_AGENT'],0,5)) == "vp530") {
|
2017-10-26 06:46:37 +02:00
|
|
|
if (strstr(substr($_SERVER['HTTP_USER_AGENT'],-4), ':')) { //remove colons if they exist
|
|
|
|
|
$mac = substr($_SERVER['HTTP_USER_AGENT'],-17);
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
} else { //take mac as is - fixes T5X series
|
|
|
|
|
$mac = substr($_SERVER['HTTP_USER_AGENT'],-12);
|
|
|
|
|
}
|
2014-01-09 23:17:09 +01:00
|
|
|
}
|
2018-04-15 07:57:03 +02:00
|
|
|
//HTek: $_SERVER['HTTP_USER_AGENT'] = "Htek UC926 2.0.4.2 00:1f:c1:00:00:00"
|
|
|
|
|
if (substr($_SERVER['HTTP_USER_AGENT'],0,4) == "Htek") {
|
|
|
|
|
$mac = substr($_SERVER['HTTP_USER_AGENT'],-17);
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
}
|
2015-12-10 01:19:05 +01:00
|
|
|
//Panasonic: $_SERVER['HTTP_USER_AGENT'] = "Panasonic_KX-UT670/01.022 (0080f000000)"
|
|
|
|
|
if (substr($_SERVER['HTTP_USER_AGENT'],0,9) == "Panasonic") {
|
|
|
|
|
$mac = substr($_SERVER['HTTP_USER_AGENT'],-14);
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
}
|
2017-06-09 00:21:47 +02:00
|
|
|
//Grandstream: $_SERVER['HTTP_USER_AGENT'] = "Grandstream Model HW GXP2135 SW 1.0.7.97 DevId 000b828aa872"
|
2017-04-08 07:47:52 +02:00
|
|
|
if (substr($_SERVER['HTTP_USER_AGENT'],0,11) == "Grandstream") {
|
|
|
|
|
$mac = substr($_SERVER['HTTP_USER_AGENT'],-12);
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
}
|
2017-04-11 22:04:10 +02:00
|
|
|
//Audiocodes: $_SERVER['HTTP_USER_AGENT'] = "AUDC-IPPhone/2.2.8.61 (440HDG-Rev0; 00908F602AAC)"
|
|
|
|
|
if (substr($_SERVER['HTTP_USER_AGENT'],0,12) == "AUDC-IPPhone") {
|
|
|
|
|
$mac = substr($_SERVER['HTTP_USER_AGENT'],-13);
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
}
|
2017-07-30 18:47:13 +02:00
|
|
|
//Aastra: $_SERVER['HTTP_USER_AGENT'] = "Aastra6731i MAC:00-08-5D-29-4C-6B V:3.3.1.4365-SIP"
|
|
|
|
|
if (substr($_SERVER['HTTP_USER_AGENT'],0,6) == "Aastra") {
|
|
|
|
|
preg_match("/MAC:([A-F0-9-]{17})/", $_SERVER['HTTP_USER_AGENT'], $matches);
|
|
|
|
|
$mac = $matches[1];
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
}
|
2014-01-09 23:17:09 +01:00
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2012-07-05 20:22:02 +02:00
|
|
|
//prepare the mac address
|
2016-09-21 00:51:17 +02:00
|
|
|
if (isset($mac)) {
|
2015-04-06 00:29:56 +02:00
|
|
|
//normalize the mac address to lower case
|
|
|
|
|
$mac = strtolower($mac);
|
|
|
|
|
//replace all non hexadecimal values and validate the mac address
|
|
|
|
|
$mac = preg_replace("#[^a-fA-F0-9./]#", "", $mac);
|
|
|
|
|
if (strlen($mac) != 12) {
|
|
|
|
|
echo "invalid mac address";
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-07-05 20:22:02 +02:00
|
|
|
|
2015-02-24 08:24:50 +01:00
|
|
|
//get the domain_name and domain_uuid
|
2019-07-04 18:08:25 +02:00
|
|
|
if ((!isset($_SESSION['provision']['http_domain_filter'])) or $_SESSION['provision']['http_domain_filter']['boolean'] == "false") {
|
2015-02-24 08:24:50 +01:00
|
|
|
//get the domain_uuid
|
|
|
|
|
$sql = "SELECT domain_uuid FROM v_devices ";
|
2018-12-11 20:37:57 +01:00
|
|
|
$sql .= "WHERE device_mac_address = :mac ";
|
|
|
|
|
//$sql .= "WHERE device_mac_address = '".$mac."' ";
|
2015-02-24 08:24:50 +01:00
|
|
|
$prep_statement = $db->prepare($sql);
|
2018-12-11 20:37:57 +01:00
|
|
|
$prep_statement->bindParam(':mac', $mac);
|
2015-02-24 08:24:50 +01:00
|
|
|
$prep_statement->execute();
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
foreach($result as $row) {
|
|
|
|
|
$domain_uuid = $row["domain_uuid"];
|
|
|
|
|
}
|
|
|
|
|
unset($result, $prep_statement);
|
2015-09-01 00:21:23 +02:00
|
|
|
$_SESSION['domain_uuid'] = $domain_uuid;
|
2015-02-24 08:24:50 +01:00
|
|
|
|
|
|
|
|
//get the domain name
|
|
|
|
|
$domain_name = $_SESSION['domains'][$domain_uuid]['domain_name'];
|
2015-03-28 12:37:56 +01:00
|
|
|
|
|
|
|
|
//set the PDO error mode
|
|
|
|
|
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
|
|
|
|
|
|
//get the default settings
|
|
|
|
|
$sql = "select * from v_default_settings ";
|
|
|
|
|
$sql .= "where default_setting_enabled = 'true' ";
|
|
|
|
|
try {
|
|
|
|
|
$prep_statement = $db->prepare($sql . " order by default_setting_order asc ");
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
}
|
|
|
|
|
catch(PDOException $e) {
|
|
|
|
|
$prep_statement = $db->prepare($sql);
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
}
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
//unset the previous settings
|
|
|
|
|
foreach ($result as $row) {
|
|
|
|
|
unset($_SESSION[$row['default_setting_category']]);
|
|
|
|
|
}
|
|
|
|
|
//set the settings as a session
|
|
|
|
|
foreach ($result as $row) {
|
|
|
|
|
$name = $row['default_setting_name'];
|
|
|
|
|
$category = $row['default_setting_category'];
|
|
|
|
|
$subcategory = $row['default_setting_subcategory'];
|
|
|
|
|
if (strlen($subcategory) == 0) {
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][] = $row['default_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$name] = $row['default_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][$subcategory][] = $row['default_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$subcategory]['uuid'] = $row['default_setting_uuid'];
|
|
|
|
|
$_SESSION[$category][$subcategory][$name] = $row['default_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//get the domains settings
|
2018-12-11 20:37:57 +01:00
|
|
|
if (strlen($domain_uuid) > 0 && is_uuid($domain_uuid)) {
|
2015-03-28 12:37:56 +01:00
|
|
|
$sql = "select * from v_domain_settings ";
|
|
|
|
|
$sql .= "where domain_uuid = '" . $domain_uuid . "' ";
|
|
|
|
|
$sql .= "and domain_setting_enabled = 'true' ";
|
|
|
|
|
try {
|
|
|
|
|
$prep_statement = $db->prepare($sql . " order by domain_setting_order asc ");
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
}
|
|
|
|
|
catch(PDOException $e) {
|
|
|
|
|
$prep_statement = $db->prepare($sql);
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
}
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
//unset the arrays that domains are overriding
|
|
|
|
|
foreach ($result as $row) {
|
|
|
|
|
$name = $row['domain_setting_name'];
|
|
|
|
|
$category = $row['domain_setting_category'];
|
|
|
|
|
$subcategory = $row['domain_setting_subcategory'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
unset($_SESSION[$category][$subcategory]);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
//set the settings as a session
|
|
|
|
|
foreach ($result as $row) {
|
|
|
|
|
$name = $row['domain_setting_name'];
|
|
|
|
|
$category = $row['domain_setting_category'];
|
|
|
|
|
$subcategory = $row['domain_setting_subcategory'];
|
|
|
|
|
if (strlen($subcategory) == 0) {
|
|
|
|
|
//$$category[$name] = $row['domain_setting_value'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][] = $row['domain_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$name] = $row['domain_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
//$$category[$subcategory][$name] = $row['domain_setting_value'];
|
|
|
|
|
if ($name == "array") {
|
|
|
|
|
$_SESSION[$category][$subcategory][] = $row['domain_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$_SESSION[$category][$subcategory][$name] = $row['domain_setting_value'];
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-02-24 08:24:50 +01:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
//get the domain_name
|
2015-06-11 19:42:47 +02:00
|
|
|
$domain_array = explode(":", $_SERVER["HTTP_HOST"]);
|
|
|
|
|
$domain_name = $domain_array[0];
|
2015-02-24 08:24:50 +01:00
|
|
|
|
|
|
|
|
//get the domain_uuid
|
|
|
|
|
$sql = "SELECT * FROM v_domains ";
|
2018-12-11 20:37:57 +01:00
|
|
|
$sql .= "WHERE domain_name = :domain_name ";
|
|
|
|
|
//$sql .= "WHERE domain_name = '".$domain_name."' ";
|
2015-02-24 08:24:50 +01:00
|
|
|
$prep_statement = $db->prepare($sql);
|
2018-12-11 20:37:57 +01:00
|
|
|
$prep_statement->bindParam(':domain_name', $domain_name);
|
2015-02-24 08:24:50 +01:00
|
|
|
$prep_statement->execute();
|
|
|
|
|
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
|
|
|
|
foreach($result as $row) {
|
|
|
|
|
$domain_uuid = $row["domain_uuid"];
|
|
|
|
|
}
|
|
|
|
|
unset($result, $prep_statement);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//build the provision array
|
|
|
|
|
foreach($_SESSION['provision'] as $key=>$val) {
|
|
|
|
|
if (strlen($val['var']) > 0) { $value = $val['var']; }
|
|
|
|
|
if (strlen($val['text']) > 0) { $value = $val['text']; }
|
2016-12-02 20:11:47 +01:00
|
|
|
if (strlen($val['boolean']) > 0) { $value = $val['boolean']; }
|
|
|
|
|
if (strlen($val['numeric']) > 0) { $value = $val['numeric']; }
|
2016-06-20 19:40:22 +02:00
|
|
|
if (strlen($value) > 0) { $provision[$key] = $value; }
|
2015-02-24 08:24:50 +01:00
|
|
|
unset($value);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//check if provisioning has been enabled
|
|
|
|
|
if ($provision["enabled"] != "true") {
|
2017-03-25 06:18:15 +01:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but provisioning is not enabled for ".check_str($_REQUEST['mac']));
|
2017-12-03 20:24:20 +01:00
|
|
|
http_error('404');
|
2015-02-24 08:24:50 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//send a request to a remote server to validate the MAC address and secret
|
|
|
|
|
if (strlen($_SERVER['auth_server']) > 0) {
|
|
|
|
|
$result = send_http_request($_SERVER['auth_server'], 'mac='.check_str($_REQUEST['mac']).'&secret='.check_str($_REQUEST['secret']));
|
|
|
|
|
if ($result == "false") {
|
2017-03-25 06:18:15 +01:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but the remote auth server said no for ".check_str($_REQUEST['mac']));
|
2017-12-03 20:24:20 +01:00
|
|
|
http_error('404');
|
2015-02-24 08:24:50 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-09 02:24:36 +01:00
|
|
|
//use the mac address to get the vendor
|
2014-01-09 08:36:11 +01:00
|
|
|
$device_vendor = device::get_vendor($mac);
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2014-07-27 12:09:04 +02:00
|
|
|
//keep backwards compatibility
|
2014-07-29 06:26:32 +02:00
|
|
|
if (strlen($_SESSION['provision']["cidr"]["text"]) > 0) {
|
|
|
|
|
$_SESSION['provision']["cidr"][] = $_SESSION['provision']["cidr"]["text"];
|
2014-07-27 12:09:04 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//check the cidr range
|
|
|
|
|
if (is_array($_SESSION['provision']["cidr"])) {
|
|
|
|
|
$found = false;
|
|
|
|
|
foreach($_SESSION['provision']["cidr"] as $cidr) {
|
|
|
|
|
if (check_cidr($cidr, $_SERVER['REMOTE_ADDR'])) {
|
|
|
|
|
$found = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (!$found) {
|
2017-03-25 06:18:15 +01:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but failed CIDR check for ".check_str($_REQUEST['mac']));
|
2017-12-03 20:24:20 +01:00
|
|
|
http_error('404');
|
2013-12-28 23:02:57 +01:00
|
|
|
}
|
2013-12-23 22:28:04 +01:00
|
|
|
}
|
|
|
|
|
|
2016-03-08 05:31:37 +01:00
|
|
|
//http authentication - digest
|
|
|
|
|
if (strlen($provision["http_auth_username"]) > 0 && strlen($provision["http_auth_type"]) == 0) { $provision["http_auth_type"] = "digest"; }
|
2019-05-01 07:10:13 +02:00
|
|
|
if (strlen($provision["http_auth_username"]) > 0 && $provision["http_auth_type"] === "digest" && $provision["http_auth_enabled"] === "true") {
|
2016-03-08 05:31:37 +01:00
|
|
|
//function to parse the http auth header
|
|
|
|
|
function http_digest_parse($txt) {
|
|
|
|
|
//protect against missing data
|
|
|
|
|
$needed_parts = array('nonce'=>1, 'nc'=>1, 'cnonce'=>1, 'qop'=>1, 'username'=>1, 'uri'=>1, 'response'=>1);
|
|
|
|
|
$data = array();
|
|
|
|
|
$keys = implode('|', array_keys($needed_parts));
|
|
|
|
|
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $txt, $matches, PREG_SET_ORDER);
|
|
|
|
|
foreach ($matches as $m) {
|
|
|
|
|
$data[$m[1]] = $m[3] ? $m[3] : $m[4];
|
|
|
|
|
unset($needed_parts[$m[1]]);
|
|
|
|
|
}
|
|
|
|
|
return $needed_parts ? false : $data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//function to request digest authentication
|
|
|
|
|
function http_digest_request($realm) {
|
|
|
|
|
header('HTTP/1.1 401 Authorization Required');
|
|
|
|
|
header('WWW-Authenticate: Digest realm="'.$realm.'", qop="auth", nonce="'.uniqid().'", opaque="'.md5($realm).'"');
|
|
|
|
|
header("Content-Type: text/html");
|
|
|
|
|
$content = 'Authorization Cancelled';
|
|
|
|
|
header("Content-Length: ".strval(strlen($content)));
|
|
|
|
|
echo $content;
|
|
|
|
|
die();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//set the realm
|
|
|
|
|
$realm = $_SESSION['domain_name'];
|
|
|
|
|
|
|
|
|
|
//request authentication
|
|
|
|
|
if (empty($_SERVER['PHP_AUTH_DIGEST'])) {
|
|
|
|
|
http_digest_request($realm);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//check for valid digest authentication details
|
2018-03-18 00:56:01 +01:00
|
|
|
if (isset($provision["http_auth_username"]) > 0 && strlen($provision["http_auth_username"])) {
|
|
|
|
|
if (!($data = http_digest_parse($_SERVER['PHP_AUTH_DIGEST'])) || ($data['username'] != $provision["http_auth_username"])) {
|
|
|
|
|
header('HTTP/1.1 401 Unauthorized');
|
|
|
|
|
header("Content-Type: text/html");
|
|
|
|
|
$content = 'Unauthorized '.$__line__;
|
|
|
|
|
header("Content-Length: ".strval(strlen($content)));
|
|
|
|
|
echo $content;
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2016-03-08 05:31:37 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//generate the valid response
|
2018-02-26 20:12:51 +01:00
|
|
|
$authorized = false;
|
2018-03-18 00:56:01 +01:00
|
|
|
if (!$authorized && is_array($_SESSION['provision']["http_auth_password"])) {
|
|
|
|
|
foreach ($_SESSION['provision']["http_auth_password"] as $password) {
|
|
|
|
|
$A1 = md5($provision["http_auth_username"] . ':' . $realm . ':' . $password);
|
|
|
|
|
$A2 = md5($_SERVER['REQUEST_METHOD'].':'.$data['uri']);
|
|
|
|
|
$valid_response = md5($A1.':'.$data['nonce'].':'.$data['nc'].':'.$data['cnonce'].':'.$data['qop'].':'.$A2);
|
|
|
|
|
if ($data['response'] == $valid_response) {
|
|
|
|
|
$authorized = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-02-26 20:12:51 +01:00
|
|
|
}
|
2018-03-18 00:56:01 +01:00
|
|
|
unset($password);
|
2018-02-26 20:12:51 +01:00
|
|
|
}
|
|
|
|
|
if (!$authorized) {
|
2016-03-08 05:31:37 +01:00
|
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
|
|
|
header("Content-Type: text/html");
|
|
|
|
|
$content = 'Unauthorized '.$__line__;
|
|
|
|
|
header("Content-Length: ".strval(strlen($content)));
|
|
|
|
|
echo $content;
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//http authentication - basic
|
2019-05-01 07:10:13 +02:00
|
|
|
if (strlen($provision["http_auth_username"]) > 0 && $provision["http_auth_type"] === "basic" && $provision["http_auth_enabled"] === "true") {
|
2015-03-28 12:37:56 +01:00
|
|
|
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
2016-03-08 05:31:37 +01:00
|
|
|
header('WWW-Authenticate: Basic realm="'.$_SESSION['domain_name'].'"');
|
|
|
|
|
header('HTTP/1.0 401 Authorization Required');
|
|
|
|
|
header("Content-Type: text/html");
|
|
|
|
|
$content = 'Authorization Required';
|
|
|
|
|
header("Content-Length: ".strval(strlen($content)));
|
|
|
|
|
echo $content;
|
2015-03-28 12:37:56 +01:00
|
|
|
exit;
|
|
|
|
|
} else {
|
2018-02-26 20:12:51 +01:00
|
|
|
$authorized = false;
|
2018-03-18 00:56:01 +01:00
|
|
|
if (is_array($_SESSION['provision']["http_auth_password"])) {
|
|
|
|
|
foreach ($_SESSION['provision']["http_auth_password"] as $password) {
|
|
|
|
|
if ($_SERVER['PHP_AUTH_PW'] == $password) {
|
|
|
|
|
$authorized = true;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2018-02-26 20:12:51 +01:00
|
|
|
}
|
2018-03-18 00:56:01 +01:00
|
|
|
unset($password);
|
2014-01-24 06:53:32 +01:00
|
|
|
}
|
2018-02-26 20:12:51 +01:00
|
|
|
if (!$authorized) {
|
2015-03-28 12:37:56 +01:00
|
|
|
//access denied
|
2017-03-25 06:18:15 +01:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt but failed http basic authentication for ".check_str($_REQUEST['mac']));
|
2016-03-08 05:31:37 +01:00
|
|
|
header('HTTP/1.0 401 Unauthorized');
|
|
|
|
|
header('WWW-Authenticate: Basic realm="'.$_SESSION['domain_name'].'"');
|
2015-03-28 12:37:56 +01:00
|
|
|
unset($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
|
2016-03-08 05:31:37 +01:00
|
|
|
$content = 'Unauthorized';
|
2015-09-29 22:28:48 +02:00
|
|
|
header("Content-Length: ".strval(strlen($content)));
|
|
|
|
|
echo $content;
|
2015-03-28 12:37:56 +01:00
|
|
|
exit;
|
2014-01-24 06:53:32 +01:00
|
|
|
}
|
2015-03-28 12:37:56 +01:00
|
|
|
}
|
|
|
|
|
}
|
2015-02-24 08:24:50 +01:00
|
|
|
|
2015-03-28 12:37:56 +01:00
|
|
|
//if password was defined in the system -> variables page then require the password.
|
|
|
|
|
if (strlen($provision['password']) > 0) {
|
|
|
|
|
//deny access if the password doesn't match
|
|
|
|
|
if ($provision['password'] != check_str($_REQUEST['password'])) {
|
2017-03-25 06:18:15 +01:00
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt bad password for ".check_str($_REQUEST['mac']));
|
2015-03-28 12:37:56 +01:00
|
|
|
//log the failed auth attempt to the system, to be available for fail2ban.
|
|
|
|
|
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);
|
|
|
|
|
syslog(LOG_WARNING, '['.$_SERVER['REMOTE_ADDR']."] provision attempt bad password for ".check_str($_REQUEST['mac']));
|
|
|
|
|
closelog();
|
2017-03-25 06:18:15 +01:00
|
|
|
echo "access denied";
|
2015-03-28 12:37:56 +01:00
|
|
|
return;
|
|
|
|
|
}
|
2014-01-24 06:53:32 +01:00
|
|
|
}
|
2016-08-25 19:10:39 +02:00
|
|
|
|
2013-11-26 21:09:56 +01:00
|
|
|
//output template to string for header processing
|
2014-01-29 05:50:50 +01:00
|
|
|
$prov = new provision;
|
|
|
|
|
$prov->domain_uuid = $domain_uuid;
|
|
|
|
|
$prov->mac = $mac;
|
|
|
|
|
$prov->file = $file;
|
|
|
|
|
$file_contents = $prov->render();
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
//deliver the customized config over HTTP/HTTPS
|
|
|
|
|
//need to make sure content-type is correct
|
2015-11-29 03:15:29 +01:00
|
|
|
if ($_REQUEST['content_type'] == 'application/octet-stream') {
|
2016-03-11 12:56:29 +01:00
|
|
|
//format the mac address and
|
2016-01-09 19:50:49 +01:00
|
|
|
$mac = $prov->format_mac($mac, $device_vendor);
|
2016-01-09 19:10:37 +01:00
|
|
|
|
|
|
|
|
//replace the variable name with the value
|
|
|
|
|
$file_name = str_replace("{\$mac}", $mac, $file);
|
|
|
|
|
|
|
|
|
|
//set the headers
|
|
|
|
|
header('Content-Description: File Transfer');
|
|
|
|
|
header('Content-Type: application/octet-stream');
|
|
|
|
|
header('Content-Disposition: attachment; filename="'.basename($file_name).'"');
|
|
|
|
|
header('Content-Transfer-Encoding: binary');
|
|
|
|
|
header('Expires: 0');
|
|
|
|
|
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
|
|
|
|
header('Pragma: public');
|
2016-04-28 23:06:16 +02:00
|
|
|
header('Content-Length: ' . strlen($file_contents));
|
2015-11-25 08:10:49 +01:00
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$cfg_ext = ".cfg";
|
|
|
|
|
if ($device_vendor === "aastra" && strrpos($file, $cfg_ext, 0) === strlen($file) - strlen($cfg_ext)) {
|
|
|
|
|
header("Content-Type: text/plain");
|
|
|
|
|
header("Content-Length: ".strlen($file_contents));
|
|
|
|
|
} else if ($device_vendor === "yealink") {
|
|
|
|
|
header("Content-Type: text/plain");
|
|
|
|
|
header("Content-Length: ".strval(strlen($file_contents)));
|
|
|
|
|
} else if ($device_vendor === "snom" && $device_template === "snom/m3") {
|
|
|
|
|
$file_contents = utf8_decode($file_contents);
|
|
|
|
|
header("Content-Type: text/plain; charset=iso-8859-1");
|
|
|
|
|
header("Content-Length: ".strlen($file_contents));
|
|
|
|
|
} else {
|
2018-03-18 03:11:32 +01:00
|
|
|
$result = simplexml_load_string ($file_contents, 'SimpleXmlElement', LIBXML_NOERROR+LIBXML_ERR_FATAL+LIBXML_ERR_NONE);
|
|
|
|
|
if (false == $result){
|
|
|
|
|
header("Content-Type: text/plain");
|
|
|
|
|
header("Content-Length: ".strval(strlen($file_contents)));
|
|
|
|
|
} else {
|
|
|
|
|
header("Content-Type: text/xml; charset=utf-8");
|
|
|
|
|
header("Content-Length: ".strlen($file_contents));
|
|
|
|
|
}
|
2015-11-25 08:10:49 +01:00
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2013-08-29 22:52:11 +02:00
|
|
|
echo $file_contents;
|
2015-02-04 04:53:34 +01:00
|
|
|
closelog();
|
2015-02-24 08:24:50 +01:00
|
|
|
|
2015-09-01 00:21:23 +02:00
|
|
|
?>
|
