mnet MDL-21098 small fixes - ss out issue and edge case simultaneous keyswap loop

2025-04-24 01:44:27 +02:00 · 2010-02-05 03:56:22 +00:00 · 2010-02-05 03:56:22 +00:00 · 48fb39411f
commit 48fb39411f
parent 2078b2a37d
2 changed files with 15 additions and 1 deletions
--- a/auth/mnet/auth.php
+++ b/auth/mnet/auth.php
@ -1036,7 +1036,10 @@ class auth_plugin_mnet extends auth_plugin_base {
     */
    function kill_children($username, $useragent) {
        global $CFG, $USER, $DB;
-        $remoteclient = get_mnet_remote_client();
+        $remoteclient = null;
+        if (defined('MNET_SERVER')) {
+            $remoteclient = get_mnet_remote_client();
+        }
        require_once $CFG->dirroot.'/mnet/xmlrpc/client.php';

        $userid = $DB->get_field('user', 'id', array('mnethostid'=>$CFG->mnet_localhost_id, 'username'=>$username));
@ -1096,6 +1099,7 @@ class auth_plugin_mnet extends auth_plugin_base {
        global $CFG, $DB;
        $remoteclient = get_mnet_remote_client();
        $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
+        $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
        if (false != $session) {
            session_kill($session->session_id);
            return true;
--- a/mnet/xmlrpc/serverlib.php
+++ b/mnet/xmlrpc/serverlib.php
@ -128,6 +128,16 @@ function mnet_server_strip_signature($plaintextmessage) {
        $currkey = mnet_get_public_key($remoteclient->wwwroot, $remoteclient->application);
        // If the key the remote peer is currently publishing is different to $certificate
        if($currkey != $certificate) {
+            // if pushkey is already set, it means the request was encrypted to an old key
+            // in mnet_server_strip_encryption.
+            // if we call refresh_key() here before pushing out our new key,
+            // and the other site ALSO has a new key,
+            // we'll get into an infinite keyswap loop
+            // so push just bail here, and push out the new key.
+            // the next request will get through to refresh_key
+            if ($remoteclient->pushkey) {
+                return false;
+            }
            // Try and get the server's new key through trusted means
            $remoteclient->refresh_key();
            // If we did manage to re-key, try to verify the signature again using the new public key.