From e2d4f75c4011ba3c087cb0f219fa7eaafa466808 Mon Sep 17 00:00:00 2001 From: martinlanghoff Date: Thu, 4 Jan 2007 03:38:30 +0000 Subject: [PATCH] admin/mnet/peers: Allow admins to manually update a remote server's public key Author: Donal McMullan --- admin/mnet/mnet_review.html | 55 ++++++++++++++++--------------------- admin/mnet/peers.php | 20 +++++++++----- mnet/environment.php | 22 +++++++++------ 3 files changed, 50 insertions(+), 47 deletions(-) diff --git a/admin/mnet/mnet_review.html b/admin/mnet/mnet_review.html index afc221c644..205272cae0 100644 --- a/admin/mnet/mnet_review.html +++ b/admin/mnet/mnet_review.html @@ -23,7 +23,7 @@ print_simple_box_start("center", ""); - +
@@ -43,34 +43,37 @@ if (empty($mnet_peer->public_key)) $mnet_peer->public_key = ''; helpbutton("publickey", get_string('publickey', 'mnet'), "mnet", true, true); ?>deleted) && $mnet_peer->deleted > 0) { $key = mnet_get_public_key($mnet_peer->wwwroot); $mnet_peer->public_key = clean_param($key, PARAM_PEM); +} ?> + public_key)) { + print_string('nopubkey', 'mnet'); + } + ?>
+ + - - + + + + + + + + id) && $mnet_peer->id > 0): ?> @@ -79,13 +82,6 @@ if (isset($mnet_peer->id) && $mnet_peer->id > 0): transport) && $mnet_peer->transport > 0): -?> - - - - -deleted) && $mnet_peer->deleted > 0): @@ -100,8 +96,6 @@ if (isset($mnet_peer->deleted) && $mnet_peer->deleted > 0): ip_address) && '' != $mnet_peer->ip_address): ?> @@ -119,9 +113,8 @@ endif; +
: - public_key)) { - notice(get_string('invalidpubkey', 'mnet')); - } - ?> -
- public_key)) { - p(get_string('invalidpubkey', 'mnet')); - } - ?> - 
-    public_key; ?>
-
:
last_connect_time == 0)? get_string('never','mnet') : date('H:i:s d/m/Y',$mnet_peer->last_connect_time);?>
:transport);?>
" />
'; print_simple_box_end(); admin_externalpage_print_footer($adminroot); ?> diff --git a/admin/mnet/peers.php b/admin/mnet/peers.php index 8ed34d57bb..05fb81d65f 100644 --- a/admin/mnet/peers.php +++ b/admin/mnet/peers.php @@ -56,10 +56,11 @@ if (($form = data_submitted()) && confirm_sesskey()) { $mnet_peer->set_id($form->id); } else { // PARAM_URL requires a genuine TLD (I think) This breaks my testing - $temp_wwwroot = $form->wwwroot; //clean_param($form->wwwroot, PARAM_URL); + $temp_wwwroot = clean_param($form->wwwroot, PARAM_URL); if ($temp_wwwroot !== $form->wwwroot) { - trigger_error("We now parse the wwwroot with PARAM_URL"); - error('Invalid URL parameter.', 'peers.php'); + trigger_error("We now parse the wwwroot with PARAM_URL. Your URL will need to have a valid TLD, etc."); + error(get_string("invalidurl", 'mnet'),'peers.php'); + exit; } unset($temp_wwwroot); $mnet_peer->bootstrap($form->wwwroot); @@ -77,24 +78,27 @@ if (($form = data_submitted()) && confirm_sesskey()) { if (isset($form->public_key)) { $form->public_key = clean_param($form->public_key, PARAM_PEM); if (empty($form->public_key)) { - // Public key was not in a correct format + error(get_string("invalidpubkey", 'mnet'),'peers.php?step=update&hostid='.$mnet_peer->id); + exit; } else { $oldkey = $mnet_peer->public_key; $mnet_peer->public_key = $form->public_key; $mnet_peer->public_key_expires = $mnet_peer->check_common_name($form->public_key); if ($mnet_peer->public_key_expires == false) { $mnet_peer->public_key == $oldkey; + error(get_string("invalidpubkey", 'mnet'),'peers.php?step=update&hostid='.$mnet_peer->id); + exit; } } } - + // PREVENT DUPLICATE RECORDS /////////////////////////////////////////// if ('input' == $form->step) { if ( isset($mnet_peer->id) && $mnet_peer->id > 0 ) { - error(get_string("hostexists ".$mnet_peer->id, 'mnet', $mnet_peer->id),'peers.php?step=update&hostid='.$mnet_peer->id); + error(get_string("hostexists", 'mnet', $mnet_peer->id),'peers.php?step=update&hostid='.$mnet_peer->id); } } - + if ('input' == $form->step) { include('./mnet_review.html'); } elseif ('commit' == $form->step) { @@ -109,6 +113,8 @@ if (($form = data_submitted()) && confirm_sesskey()) { } elseif (is_int($hostid)) { $mnet_peer = new mnet_peer(); $mnet_peer->set_id($hostid); + $currentkey = mnet_get_public_key($mnet_peer->wwwroot); + if($currentkey == $mnet_peer->public_key) unset($currentkey); $form = new stdClass(); if ($hostid != $CFG->mnet_all_hosts_id) { include('./mnet_review.html'); diff --git a/mnet/environment.php b/mnet/environment.php index 90c5a13bcc..4d4fe579b2 100644 --- a/mnet/environment.php +++ b/mnet/environment.php @@ -120,19 +120,23 @@ class mnet_environment { set_config('openssl_history', serialize($openssl_history), 'mnet'); // 3. Generate fresh keys - $this->keypair = array(); - $this->keypair = mnet_generate_keypair(); - $this->public_key = $this->keypair['certificate']; - $details = openssl_x509_parse($this->public_key); - $this->public_key_expires = $details['validTo_time_t']; - - set_config('openssl', implode('@@@@@@@@', $this->keypair), 'mnet'); - - update_record('mnet_host', $this); + $this->replace_keys(); } return true; } + function replace_keys() { + $this->keypair = array(); + $this->keypair = mnet_generate_keypair(); + $this->public_key = $this->keypair['certificate']; + $details = openssl_x509_parse($this->public_key); + $this->public_key_expires = $details['validTo_time_t']; + + set_config('openssl', implode('@@@@@@@@', $this->keypair), 'mnet'); + + update_record('mnet_host', $this); + } + function get_private_key() { if (empty($this->keypair)) $this->get_keypair(); if (isset($this->keypair['privatekey'])) return $this->keypair['privatekey']; -- 2.39.5