--- /dev/null
+<?php
+
+// you may want to override these after including this file
+$d0_blind_id_keygen = "crypto-keygen-standalone";
+$d0_blind_id_d0pk = "key_0.d0pk";
+
+// usage:
+// list($status, $idfp) = get_d0_blind_id();
+// return values:
+// null, null = signature failed
+// "", 0 = not signed
+// idfp, 0 = signed, ID was not signed by CA
+// idfp, 1 = signed, ID was signed by CA
+function d0_blind_id_verify()
+{
+ global $d0_blind_id_keygen;
+ global $d0_blind_id_d0pk;
+
+ $postdata = file_get_contents("php://input");
+ if($postdata === false)
+ die("Cannot read from input");
+ $sig = $_SERVER["HTTP_X_D0_BLIND_ID_DETACHED_SIGNATURE"];
+ if($sig)
+ {
+ // check signature
+ putenv("KEYGEN=$d0_blind_id_keygen");
+ $checker = proc_open(
+ "\"\$KEYGEN\" -p /dev/fd/3 -d /dev/fd/4 -s /dev/fd/5",
+ array(
+ 1 => array("pipe", "w"),
+ 3 => array("file", $d0_blind_id_d0pk, "r"),
+ 4 => array("pipe", "r"),
+ 5 => array("pipe", "r")
+ ),
+ $pipes,
+ null,
+ null,
+ array("binary_pipes")
+ );
+ if(!$checker)
+ die("Cannot start process");
+ $outfh = $pipes[1];
+ $buffers = array(
+ 4 => $postdata,
+ 5 => base64_decode($sig)
+ );
+ $rpipes = array(
+ 4 => $pipes[4],
+ 5 => $pipes[5]
+ );
+ foreach($rpipes as $p)
+ stream_set_blocking($p, 0);
+ while(!empty($rpipes))
+ {
+ $readers = null;
+ $writers = $rpipes;
+ $errorers = $rpipes;
+ $n = stream_select($readers, $writers, $errorers, 1, 0);
+ if($n == 0)
+ break;
+ $n = 0;
+ foreach($errorers as $e)
+ {
+ $i = array_search($e, $rpipes);
+ if($i === false)
+ continue;
+ fclose($pipes[$i]);
+ unset($buffers[$i]);
+ unset($rpipes[$i]);
+ ++$n;
+ }
+ foreach($writers as $w)
+ {
+ $i = array_search($w, $rpipes);
+ if($i === false)
+ continue;
+ $written = fwrite($w, $buffers[$i], strlen($buffers[$i]));
+ if($written)
+ $buffers[$i] = substr($buffers[$i], $written);
+ if($buffers[$i] == "")
+ {
+ fclose($pipes[$i]);
+ unset($buffers[$i]);
+ unset($rpipes[$i]);
+ }
+ ++$n;
+ }
+ if(!$n)
+ break;
+ }
+ if($buffers)
+ die("could not write data to process");
+ $status = stream_get_line($outfh, 8192, "\n");
+ $idfp = stream_get_line($outfh, 8192, "\n");
+ $ret = proc_close($checker);
+ if($ret != 0)
+ return array(null, null);
+ return array($idfp, $status);
+ }
+ else
+ return array("", 0);
+}
+?>
--- /dev/null
+<?php
+
+require("d0_blind_id.inc");
+$d0_blind_id_keygen = "/opt/d0_blind_id/bin/crypto-keygen-standalone";
+
+// read raw POST data
+list($status, $idfp) = d0_blind_id_verify();
+$version = $_GET["version"];
+$postdata = $_POST["foo"];
+
+// log access
+$ip = $_SERVER["REMOTE_ADDR"];
+if($idfp)
+ syslog(LOG_NOTICE, "update notification was called by $idfp ($status, $postdata) at $ip for version $version");
+else if($version)
+ syslog(LOG_NOTICE, "update notification was called by an unknown user at $ip for version $version");
+else
+ syslog(LOG_NOTICE, "update notification was called by an unknown user at $ip");
+
+header("Content-type: text/plain");
+echo "0\n";
+echo "file:///dev/null\n";
+
+?>
projects / xonotic / xonotic.git / commitdiff