mirror_php/moodle
1
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-04-14 04:52:36 +02:00
Code Issues Projects Releases Wiki Activity

MDL-18183 mnet: Option to verify peer and host of MNet peer using HTTPS

Browse Source
This commit is contained in:
Frederic Massart 2014-11-17 18:18:41 +08:00
parent ca0e301c7b
commit 93539c44dc
9 changed files with 82 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
admin/mnet/peer_forms.php
View File

@ -94,6 +94,15 @@ class mnet_review_host_form extends moodleform {
$mform->setType('wwwroot', PARAM_URL);
$mform->addRule('wwwroot', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$options = array(
mnet_peer::SSL_NONE => get_string('none'),
mnet_peer::SSL_HOST => get_string('verifyhostonly', 'core_mnet'),
mnet_peer::SSL_HOST_AND_PEER => get_string('verifyhostandpeer', 'core_mnet')
);
$mform->addElement('select', 'sslverification', get_string('sslverification', 'core_mnet'), $options);
$mform->setDefault('sslverification', mnet_peer::SSL_HOST_AND_PEER);
$mform->addHelpButton('sslverification', 'sslverification', 'core_mnet');
$themes = array('' => get_string('forceno'));
foreach (array_keys(core_component::get_plugin_list('theme')) as $themename) {
$themes[$themename] = get_string('pluginname', 'theme_'.$themename);

1
admin/mnet/peers.php
View File

@ -172,6 +172,7 @@ if ($formdata = $reviewform->get_data()) {
$mnet_peer->public_key = $formdata->public_key;
$credentials = $mnet_peer->check_credentials($mnet_peer->public_key);
$mnet_peer->public_key_expires = $credentials['validTo_time_t'];
$mnet_peer->sslverification = $formdata->sslverification;
if ($mnet_peer->commit()) {
redirect(new moodle_url('/admin/mnet/peers.php', array('hostid' => $mnet_peer->id)), get_string('changessaved'));

19
admin/mnet/testclient.php
View File

@ -66,12 +66,19 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
$mnet_request->set_method('system/listServices');
$mnet_request->send($mnet_peer);
$services = $mnet_request->response;
$yesno = array('No', 'Yes');
$servicenames = array();
echo $OUTPUT->heading(get_string('servicesavailableonhost', 'mnet', $host->wwwroot));
if (!empty($mnet_request->error)) {
echo $OUTPUT->heading(get_string('error'), 3);
echo html_writer::alist($mnet_request->error);
$services = array();
}
$table = new html_table();
$table->head = array(
get_string('serviceid', 'mnet'),
@ -127,6 +134,7 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
echo html_writer::table($table);
$mnet_request = new mnet_xmlrpc_client();
$mnet_request->set_method('system/listMethods');
if (isset($servicename) && array_key_exists($servicename, $serviceinfo)) {
echo $OUTPUT->heading(get_string('methodsavailableonhostinservice', 'mnet', (object)array('host' => $host->wwwroot, 'service' => $servicename)));
@ -139,6 +147,11 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
$mnet_request->send($mnet_peer);
$methods = $mnet_request->response;
if (!empty($mnet_request->error)) {
echo $OUTPUT->heading(get_string('error'), 3);
echo html_writer::alist($mnet_request->error);
$methods = array();
}
$table = new html_table();
$table->head = array(
@ -171,6 +184,12 @@ if (!empty($hostid) && array_key_exists($hostid, $hosts)) {
echo $OUTPUT->heading(get_string('methodsignature', 'mnet', $method));
if (!empty($mnet_request->error)) {
echo $OUTPUT->heading(get_string('error'), 3);
echo html_writer::alist($mnet_request->error);
$signature = array();
}
$table = new html_table();
$table->head = array(
get_string('position', 'mnet'),

8
lang/en/mnet.php
View File

@ -216,6 +216,12 @@ $string['showlocal'] = 'Show local users';
$string['showremote'] = 'Show remote users';
$string['ssl_acl_allow'] = 'SSO ACL: Allow user \'{$a->user}\' from \'{$a->host}\'';
$string['ssl_acl_deny'] = 'SSO ACL: Deny user \'{$a->user}\' from \'{$a->host}\'';
$string['sslverification'] = 'SSL verification';
$string['sslverification_help'] = 'This option allows you to configure the level of security when connecting to a peer using HTTPS.
* None: no level of security
* Verify host only: validates the domain of the SSL certificate
* Verify host and peer (recommended): validates the domain and issuer of the SSL certificate';
$string['ssoaccesscontrol'] = 'SSO access control';
$string['ssoacldescr'] = 'Use this page to grant/deny access to specific users from remote MNet hosts. This is functional when you are offering SSO services to remote users. To control your <em>local</em> users\' ability to roam to other MNet hosts, use the roles system to grant them the <em>mnetlogintoremote</em> capability.';
$string['ssoaclneeds'] = 'For this functionality to work, you must have Networking on, plus the MNet authentication plugin enabled.';
@ -244,6 +250,8 @@ $string['userchangepasswordlink'] = '<br /> You may be able to change your passw
$string['usernotfullysetup'] = 'Your user account is incomplete. You need to go <a href="{$a}">back to your provider</a> and ensure your profile is completed there. You may need to log out and in again for this to take effect.';
$string['usersareonline'] = 'Warning: {$a} users from that server are currently logged on to your site.';
$string['validated_by'] = 'It is validated by the network: <code>{$a}</code>';
$string['verifyhostandpeer'] = 'Verify host and peer';
$string['verifyhostonly'] = 'Verify host only';
$string['verifysignature-error'] = 'The signature verification failed. An error has occurred.';
$string['verifysignature-invalid'] = 'The signature verification failed. It appears that this payload was not signed by you.';
$string['version'] = 'Version';

5
lib/db/install.xml
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8" ?>
<XMLDB PATH="lib/db" VERSION="20141017" COMMENT="XMLDB file for core Moodle tables"
<XMLDB PATH="lib/db" VERSION="20141117" COMMENT="XMLDB file for core Moodle tables"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../../lib/xmldb/xmldb.xsd"
>
@ -1442,6 +1442,7 @@
<FIELD NAME="force_theme" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" SEQUENCE="false"/>
<FIELD NAME="theme" TYPE="char" LENGTH="100" NOTNULL="false" SEQUENCE="false"/>
<FIELD NAME="applicationid" TYPE="int" LENGTH="10" NOTNULL="true" DEFAULT="1" SEQUENCE="false"/>
<FIELD NAME="sslverification" TYPE="int" LENGTH="1" NOTNULL="true" DEFAULT="0" SEQUENCE="false"/>
</FIELDS>
<KEYS>
<KEY NAME="primary" TYPE="primary" FIELDS="id" COMMENT="primary key of the mnet_host table"/>
@ -3081,4 +3082,4 @@
</KEYS>
</TABLE>
</TABLES>
</XMLDB>
</XMLDB>

16
lib/db/upgrade.php
View File

@ -4058,5 +4058,21 @@ function xmldb_main_upgrade($oldversion) {
// Moodle v2.8.0 release upgrade line.
// Put any upgrade step following this.
if ($oldversion < 2014112001.00) {
// Define field sslverification to be added to mnet_host.
$table = new xmldb_table('mnet_host');
$field = new xmldb_field('sslverification', XMLDB_TYPE_INTEGER, '1', null, XMLDB_NOTNULL, null, '0', 'applicationid');
// Conditionally launch add field sslverification.
if (!$dbman->field_exists($table, $field)) {
$dbman->add_field($table, $field);
}
// Main savepoint reached.
upgrade_main_savepoint(true, 2014112001.00);
}
return true;
}

14
mnet/peer.php
View File

@ -12,6 +12,15 @@ require_once($CFG->libdir . '/filelib.php'); // download_file_content() used her
class mnet_peer {
/** No SSL verification. */
const SSL_NONE = 0;
/** SSL verification for host. */
const SSL_HOST = 1;
/** SSL verification for host and peer. */
const SSL_HOST_AND_PEER = 2;
var $id = 0;
var $wwwroot = '';
var $ip_address = '';
@ -27,6 +36,9 @@ class mnet_peer {
var $error = array();
var $bootstrapped = false; // set when the object is populated
/** @var int $sslverification The level of SSL verification to apply. */
public $sslverification = self::SSL_HOST_AND_PEER;
function mnet_peer() {
return true;
}
@ -192,6 +204,7 @@ class mnet_peer {
$obj->force_theme = $this->force_theme;
$obj->theme = $this->theme;
$obj->applicationid = $this->applicationid;
$obj->sslverification = $this->sslverification;
if (isset($this->id) && $this->id > 0) {
$obj->id = $this->id;
@ -286,6 +299,7 @@ class mnet_peer {
$this->force_theme = $hostinfo->force_theme;
$this->theme = $hostinfo->theme;
$this->applicationid = $hostinfo->applicationid;
$this->sslverification = $hostinfo->sslverification;
$this->application = $DB->get_record('mnet_application', array('id'=>$this->applicationid));
$this->bootstrapped = true;
}

13
mnet/xmlrpc/client.php
View File

@ -368,8 +368,17 @@ class mnet_xmlrpc_client {
curl_setopt($httprequest, CURLOPT_POST, true);
curl_setopt($httprequest, CURLOPT_USERAGENT, 'Moodle');
curl_setopt($httprequest, CURLOPT_HTTPHEADER, array("Content-Type: text/xml charset=UTF-8"));
curl_setopt($httprequest, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($httprequest, CURLOPT_SSL_VERIFYHOST, 0);
$verifyhost = 0;
$verifypeer = false;
if ($mnet_peer->sslverification == mnet_peer::SSL_HOST_AND_PEER) {
$verifyhost = 2;
$verifypeer = true;
} else if ($mnet_peer->sslverification == mnet_peer::SSL_HOST) {
$verifyhost = 2;
}
curl_setopt($httprequest, CURLOPT_SSL_VERIFYHOST, $verifyhost);
curl_setopt($httprequest, CURLOPT_SSL_VERIFYPEER, $verifypeer);
return $httprequest;
}
}

2
version.php
View File

@ -29,7 +29,7 @@
defined('MOODLE_INTERNAL') || die();
$version = 2014112000.00; // YYYYMMDD = weekly release date of this DEV branch.
$version = 2014112001.00; // YYYYMMDD = weekly release date of this DEV branch.
// RR = release increments - 00 in DEV branches.
// .XX = incremental changes.