Permalink
Browse files

mnet/xmlrpc/client & parser: Diff time between servers and break if it's

too large


Author: Donal McMullan <donal@catalyst.net.nz>
  • Loading branch information...
1 parent 8c99567 commit f0e4c2701ce7edfd9aa5c7d9b9988781c81ecb53 martinlanghoff committed Jan 4, 2007
Showing with 46 additions and 0 deletions.
  1. +30 −0 mnet/xmlrpc/client.php
  2. +16 −0 mnet/xmlrpc/xmlparser.php
View
30 mnet/xmlrpc/client.php
@@ -174,9 +174,13 @@ function send($mnet_peer) {
curl_setopt($ch, CURLOPT_POSTFIELDS, $rq);
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Content-Type: text/xml charset=UTF-8"));
+ $timestamp_send = time();
$this->rawresponse = curl_exec($ch);
+ $timestamp_receive = time();
+
if ($this->rawresponse == false) {
$this->error[] = array(curl_errno($ch), curl_error($ch));
+ return false;
}
$crypt_parser = new mnet_encxml_parser();
@@ -211,6 +215,32 @@ function send($mnet_peer) {
return false;
}
+ // Margin of error is the time it took the request to complete.
+ $margin_of_error = $timestamp_receive - $timestamp_send;
+
+ // Guess the time gap between sending the request and the remote machine
+ // executing the time() function. Marginally better than nothing.
+ $hysteresis = ($margin_of_error) / 2;
+
+ $remote_timestamp = $sig_parser->remote_timestamp - $hysteresis;
+ $time_offset = $remote_timestamp - $timestamp_send;
+ if ($time_offset > 0) {
+ $result = get_field('config_plugins', 'value', 'plugin', 'mnet', 'name', 'drift_threshold');
+ if(empty($result)) {
+ // We decided 15 seconds was a pretty good arbitrary threshold
+ // for time-drift between servers, but you can customize this in
+ // the config_plugins table. It's not advised though.
+ set_config('drift_threshold', 15, 'mnet');
+ $threshold = 15;
+ } else {
+ $threshold = $result;
+ }
+ if ($time_offset > $threshold) {
+ $this->error[] = 'Time gap with '.$mnet_peer->name.' ('.$time_offset.' seconds) is greater than the permitted maximum of '.$threshold.' seconds';
+ return false;
+ }
+ }
+
$this->xmlrpcresponse = base64_decode($sig_parser->data_object);
$this->response = xmlrpc_decode($this->xmlrpcresponse);
curl_close($ch);
View
16 mnet/xmlrpc/xmlparser.php
@@ -35,6 +35,7 @@ function initialise() {
$this->tag_number = 0; // Just a unique ID for each tag
$this->digest = '';
+ $this->remote_timestamp = '';
$this->remote_wwwroot = '';
$this->signature = '';
$this->data_object = '';
@@ -130,6 +131,9 @@ function start_element($parser, $name, $attrs) {
case 'RETRIEVALMETHOD':
$this->key_URI = $attrs['URI'];
break;
+ case 'TIMESTAMP':
+ $handler = 'parse_timestamp';
+ break;
case 'WWWROOT':
$handler = 'parse_wwwroot';
break;
@@ -145,6 +149,18 @@ function start_element($parser, $name, $attrs) {
}
/**
+ * Add the next chunk of character data to the remote_timestamp string
+ *
+ * @param mixed $parser The XML parser
+ * @param string $data The content of the current tag (1024 byte chunk)
+ * @return bool True
+ */
+ function parse_timestamp($parser, $data) {
+ $this->remote_timestamp .= $data;
+ return true;
+ }
+
+ /**
* Add the next chunk of character data to the cipher string for that tag
*
* The XML parser calls the character-data handler with 1024-character

0 comments on commit f0e4c27

Please sign in to comment.