From 48fb39411f4b75b30d47bca514d805c5840d60c8 Mon Sep 17 00:00:00 2001
From: Penny Leach <penny@liip.ch>
Date: Fri, 5 Feb 2010 03:56:22 +0000
Subject: [PATCH] mnet MDL-21098  small fixes - ss out issue and edge case
 simultaneous keyswap loop

---
 auth/mnet/auth.php        |  6 +++++-
 mnet/xmlrpc/serverlib.php | 10 ++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php
index b352e34b6b0..254687a6b75 100644
--- a/auth/mnet/auth.php
+++ b/auth/mnet/auth.php
@@ -1036,7 +1036,10 @@ class auth_plugin_mnet extends auth_plugin_base {
      */
     function kill_children($username, $useragent) {
         global $CFG, $USER, $DB;
-        $remoteclient = get_mnet_remote_client();
+        $remoteclient = null;
+        if (defined('MNET_SERVER')) {
+            $remoteclient = get_mnet_remote_client();
+        }
         require_once $CFG->dirroot.'/mnet/xmlrpc/client.php';
 
         $userid = $DB->get_field('user', 'id', array('mnethostid'=>$CFG->mnet_localhost_id, 'username'=>$username));
@@ -1096,6 +1099,7 @@ class auth_plugin_mnet extends auth_plugin_base {
         global $CFG, $DB;
         $remoteclient = get_mnet_remote_client();
         $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
+        $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
         if (false != $session) {
             session_kill($session->session_id);
             return true;
diff --git a/mnet/xmlrpc/serverlib.php b/mnet/xmlrpc/serverlib.php
index 4406de0489a..da1228160c0 100644
--- a/mnet/xmlrpc/serverlib.php
+++ b/mnet/xmlrpc/serverlib.php
@@ -128,6 +128,16 @@ function mnet_server_strip_signature($plaintextmessage) {
         $currkey = mnet_get_public_key($remoteclient->wwwroot, $remoteclient->application);
         // If the key the remote peer is currently publishing is different to $certificate
         if($currkey != $certificate) {
+            // if pushkey is already set, it means the request was encrypted to an old key
+            // in mnet_server_strip_encryption.
+            // if we call refresh_key() here before pushing out our new key,
+            // and the other site ALSO has a new key,
+            // we'll get into an infinite keyswap loop
+            // so push just bail here, and push out the new key.
+            // the next request will get through to refresh_key
+            if ($remoteclient->pushkey) {
+                return false;
+            }
             // Try and get the server's new key through trusted means
             $remoteclient->refresh_key();
             // If we did manage to re-key, try to verify the signature again using the new public key.