This partially reverts MDL-73270, where some useful environmental
checks and notifications in the admin UI were added to inform
about different parts of Moodle relying on the "unsupported"
php-xmlrpc extension.
Since then, some changes have happened in core, only available
for Moodle 4.1 and up (see the MDL-70889 mini-epic). Namely:
- MNet (SSO, roaming, auth, enrol and Mahara portfolio) are not
using the php-xmlrpc extension anymore, but a pure php library.
- The xmlrpc webservices protocol, has been move from core to
the plugins directory, although it continues using the php-xmlrpc
extension.
Because of that here we are removing all the checks and notifications
related with MNet (not using the extension anymore), but keeping the
webservice plugin ones (still using the extension). Surely if some day the
protocol stops using the extension, we'll be able to remove the
corresponding checks too. But that's future.
Note the associated lang strings have been also removed (not deprecated)
because they were highly specific and hardly reusable:
- xmlrpcmaharaenabled
- xmlrpcmnetauthenticationenabled
- xmlrpcmnetenabled
And very same applies, because MNet doesn't contain anything deprecated
or not supported anymore, hence, straight deletion, to the function:
- mnet_get_deprecation_notice()
Also, related tests using any of the removed stuff above have been deleted.
In the other side, the "check_xmlrpc_usage" continues existing and
being used both by environment checks and admin notifications but,
as commented above, now it only looks for the xmlrpc webservice
protocol now.
This service is different from the rest because it
doesn't run encrypted, but plain xmlrpc. Hence, we
cannot use the normal mnet_xmlrpc_client (that provides
on-the-fly encryption and signing).
So, instead, let's instantiate a custom client here
and use it for this pure xmlrpc request and response.
PS: It's curious that this exact sevice has support
for proxies but the mnet_xmlrpc_client one has not. I'm not
going to modify that here, but have left a comment
in the code about that.
PS: Some small style changes have been applied around
the modified code (spacing, &&, comments...)
The mnet_environment->keypair array contains the following
elements (and more, just focussing on these):
- keypair_PEM : textual representation of the private key.
- certificate : textual representation of the public key.
- privatekey : OpenSSLAsymmetricKey representation of the private key,
generated from keypair_PEM. See get_private_key().
- publickey : OpenSSLAsymmetricKey representation if the public key,
generated from certificate. See get_public_key().
The last 2 elements in the array are only used as "caching", to avoid
having to call to openssl_pkey_get_private() and
openssl_pkey_get_public() to convert from the textual representation
to the OpenSSLAsymmetricKey representation that is the one required
by a number of openssl functions.
Problems arrive when, as part of the MNet protocol, the mnet_environment
is serialised, because, since PHP 8.0 those OpenSSLAsymmetricKey objects
aren't serialisable any more.
So, as far as they are only used for internal caching it's perfectly ok
to remove the caching bits and use the openssl_pkey_get_xxx() methods
to calculate them under demand.
The alternative to this would be to implement into the mnet_environment
some custom serialisation, skipping those OpenSSLAsymmetricKey
instances, using __sleep(), the Serializabla interface or __serialize(),
but that seems unnecessary because, as explained above, the uses are
really limited and easily replaceable.
That's what this patch does.
Since php80 the 5th parameter (cypher) in the following functions:
- openssl_seal
- openssl_open
is mandatory, hence:
- adding it.
- with value 'RC4' to keep BC.
So we are putting them under a standard PHP_MAJOR_VERSION < 8 condition.
Also, added TODO comments to remember to delete that block of code when
php80 becomes the minimum required versions in the future (Moodle 4.3?).
When possible, an issue has been created upstream, else a comment in
readme_moodle files has been added.
Finally, when the keys being freed were class or object attributes, also
nullify them (but when the calls were part of destructor methods).
This patch adds the missing 'escaping' option to all remaining
xmlrpc_encode_request() calls in the moodle core code.
Without this, the xmlrpc_decode_request() call on the server side may
lead to wrongly decoded non-ascii characters.
Using core_text::substr instead of substr for trimming certificate
data. Is needed for sites with long unicode sitename to prevent
breaking line between unicode pair.
The patch highlights the undelete radio selector at the host edit form.
It moves it to the end of the form (near the submit button) and displays
an explanation above the radio selector.
Also, the list of deleted hosts is now displayed below the table of
active peers at the Manage peers page.
The data returned by mnet_get_hosts() function now contain the deleted
status, too. It is possible to obtain deleted hosts from that function
now.
The 'confirmed' field can't be optional. If the identity provider did
not export it, the new remote user would be created with 'confirmed' set
to default zero and as such could be a subject of scheduled deletion.
- The way that mnet rpc functions are registered. Plugins must now
create db/mnet.php which is an array, similar to services.php. This
*replaces* the old mnet_publishes() functions. version.php must be
bumped to trigger this.
- More information about each rpc-available function is stored in the
database, including the class it belongs to, the file it is found in,
and whether or not it is static. Methods that are not static must be
in a class with a constructor that takes no arguments (this can easily
be achieved with a small wrapper if necessary)
- The xmlrpc dispatcher has been rewritten to remove all the
dependencies on hardcoded information about auth,mnet,portfolio and
repository, and just use the information in the database.
- The old hardcoded hidden mnet/testclient.php has been moved to the
Admin menu under "Development" and rewritten.
- The xmlrpc introspection method profiling is now using php and zend
reflection - which is a lot nicer than the old way, which was using a
php-based php parser. This fixes some inconsistent handling of
methods without arguments that were advertising their return value as
the only method parameter. While this is a *fix*, it breaks BC
slightly - the old 1.9 broken mnet/testclient.php will now not work
properly with 2.0
- Dangerous mode is still supported, but old mod/*/rpclib.php is
now unsupported, due to the fact that any plugin can export mnet
functions with db/mnet.php. This is a slight BC break.
Still TODO:
- TEST TEST TEST
- Document the two small BC breaks in release notes
- Document the contract for db/mnet.php
* Allow multiple roles to be allocated by identity provider
* Allow existing enrolment plugins to manage mnet enrolments
Author: Peter Bulmer <peter.bulmer@catalyst.net.nz>
Where Moodle sites had a path in their wwwroot, the MNET function that
forced remote users to go via their identity provider (to make sure they
were logged in) previously directed the user back to a URL like
contentprovider.com/moodle/moodle/mod/forum/view.php?f=7 where there
should only be one /moodle in the middle of the URL.
