restrict XMLRPC to configurable groups and users

Ignore-this: 1370cee84d44bb35ae7c0c988ed8f1ff

This patch adds a config option to define users or groups that may access
the XMLRPC API. ACLs are still checked on top of this intial access control.

darcs-hash:20090516114351-7ad00-155fb6c74c29f5f84e79544a534369eec0403ff0.gz

3 files changed, 71 insertions, 12 deletions

diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php
index 4b08e4487..61a7e4de6 100644
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -7,17 +7,14 @@ if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA);
 /**
  * Increased whenever the API is changed
  */
-define('DOKU_XMLRPC_API_VERSION',1);
+define('DOKU_XMLRPC_API_VERSION',2);
 
 require_once(DOKU_INC.'inc/init.php');
 require_once(DOKU_INC.'inc/common.php');
 require_once(DOKU_INC.'inc/auth.php');
 session_write_close();  //close session
 
-if(!$conf['xmlrpc']) {
-    die('XML-RPC server not enabled.');
-    // FIXME check for groups allowed
-}
+if(!$conf['xmlrpc']) die('XML-RPC server not enabled.');
 
 require_once(DOKU_INC.'inc/IXR_Library.php');
 
@@ -27,7 +24,61 @@ require_once(DOKU_INC.'inc/IXR_Library.php');
  * XMLRPC functions.
  */
 class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
-    var $methods = array();
+    var $methods       = array();
+    var $public_methods = array();
+
+    /**
+     * Checks if the current user is allowed to execute non anonymous methods
+     */
+    function checkAuth(){
+        global $conf;
+        global $USERINFO;
+
+        if(!$conf['useacl']) return true; //no ACL - then no checks
+
+        $allowed = explode(',',$conf['xmlrpcuser']);
+        $allowed = array_map('trim', $allowed);
+        $allowed = array_unique($allowed);
+        $allowed = array_filter($allowed);
+
+        if(!count($allowed)) return true; //no restrictions
+
+        $user   = $_SERVER['REMOTE_USER'];
+        $groups = (array) $USERINFO['grps'];
+
+        if(in_array($user,$allowed)) return true; //user explicitly mentioned
+
+        //check group memberships
+        foreach($groups as $group){
+            if(in_array('@'.$group,$allowed)) return true;
+        }
+
+        //still here? no access!
+        return false;
+    }
+
+    /**
+     * Adds a callback, extends parent method
+     *
+     * add another parameter to define if anonymous access to
+     * this method should be granted.
+     */
+    function addCallback($method, $callback, $args, $help, $public=false){
+        if($public) $this->public_methods[] = $method;
+        return parent::addCallback($method, $callback, $args, $help);
+    }
+
+    /**
+     * Execute a call, extends parent method
+     *
+     * Checks for authentication first
+     */
+    function call($methodname, $args){
+        if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){
+            return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".');
+        }
+        return parent::call($methodname, $args);
+    }
 
     /**
      * Constructor. Register methods and run Server
@@ -40,21 +91,24 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
             'dokuwiki.getXMLRPCAPIVersion',
             'this:getAPIVersion',
             array('integer'),
-            'Returns the XMLRPC API version.'
+            'Returns the XMLRPC API version.',
+            true
         );
 
         $this->addCallback(
             'dokuwiki.getVersion',
             'getVersion',
             array('string'),
-            'Returns the running DokuWiki version.'
+            'Returns the running DokuWiki version.',
+            true
         );
 
         $this->addCallback(
             'dokuwiki.login',
             'this:login',
             array('integer','string','string'),
-            'Tries to login with the given credentials and sets auth cookies.'
+            'Tries to login with the given credentials and sets auth cookies.',
+            true
         );
 
         $this->addCallback(
@@ -83,7 +137,8 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
             'wiki.getRPCVersionSupported',
             'this:wiki_RPCVersion',
             array('int'),
-            'Returns 2 with the supported RPC API version.'
+            'Returns 2 with the supported RPC API version.',
+            true
         );
         $this->addCallback(
             'wiki.getPage',
@@ -856,6 +911,8 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
             return auth_login($user,$pass,false,true);
         }
     }
+
+
 }
 
 $server = new dokuwiki_xmlrpc_server();
diff --git a/lib/plugins/config/lang/en/lang.php b/lib/plugins/config/lang/en/lang.php
index f74393703..4eefbaad3 100644
--- a/lib/plugins/config/lang/en/lang.php
+++ b/lib/plugins/config/lang/en/lang.php
@@ -108,6 +108,8 @@ $lang['disableactions_other'] = 'Other actions (comma separated)';
 $lang['sneaky_index'] = 'By default, DokuWiki will show all namespaces in the index view. Enabling this option will hide those where the user doesn\'t have read permissions. This might result in hiding of accessable subnamespaces. This may make the index unusable with certain ACL setups.';
 $lang['auth_security_timeout'] = 'Authentication Security Timeout (seconds)';
 $lang['securecookie'] = 'Should cookies set via HTTPS only be sent via HTTPS by the browser? Disable this option when only the login of your wiki is secured with SSL but browsing the wiki is done unsecured.';
+$lang['xmlrpc']      = 'Enable/disable XML-RPC interface.';
+$lang['xmlrpcuser']  = 'Restrict XML-RPC access to the comma separated groups or users given here. Leave empty to give access to everyone.';
 
 /* Advanced Options */
 $lang['updatecheck'] = 'Check for updates and security warnings? DokuWiki needs to contact splitbrain.org for this feature.';
@@ -135,7 +137,6 @@ $lang['send404']     = 'Send "HTTP 404/Page Not Found" for non existing pages';
 $lang['sitemap']     = 'Generate Google sitemap (days)';
 $lang['broken_iua']  = 'Is the ignore_user_abort function broken on your system? This could cause a non working search index. IIS+PHP/CGI is known to be broken. See <a href="http://bugs.splitbrain.org/?do=details&amp;task_id=852">Bug 852</a> for more info.';
 $lang['xsendfile']   = 'Use the X-Sendfile header to let the webserver deliver static files? Your webserver needs to support this.';
-$lang['xmlrpc']      = 'Enable/disable XML-RPC interface.';
 $lang['renderer_xhtml']   = 'Renderer to use for main (xhtml) wiki output';
 $lang['renderer__core']   = '%s (dokuwiki core)';
 $lang['renderer__plugin'] = '%s (plugin)';
diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php
index b506a8b91..8593e6033 100644
--- a/lib/plugins/config/settings/config.metadata.php
+++ b/lib/plugins/config/settings/config.metadata.php
@@ -133,6 +133,8 @@ $meta['disableactions'] = array('disableactions',
 $meta['sneaky_index'] = array('onoff');
 $meta['auth_security_timeout'] = array('numeric');
 $meta['securecookie'] = array('onoff');
+$meta['xmlrpc']       = array('onoff');
+$meta['xmlrpcuser']   = array('string');
 
 $meta['_anti_spam']  = array('fieldset');
 $meta['usewordblock']= array('onoff');
@@ -185,7 +187,6 @@ $meta['recent_days'] = array('numeric');
 $meta['rss_show_summary'] = array('onoff');
 $meta['broken_iua']  = array('onoff');
 $meta['xsendfile']   = array('multichoice','_choices' => array(0,1,2,3));
-$meta['xmlrpc']      = array('onoff');
 $meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml'));
 
 $meta['_network']    = array('fieldset');