From edb5da833119c9b624979e21b9700e3ee6c632bb Mon Sep 17 00:00:00 2001 From: Petr Skoda Date: Mon, 23 Nov 2009 21:50:40 +0000 Subject: [PATCH] MDL-20934 'not cached' flag used in all auth plugins that do not need the password --- auth/cas/auth.php | 5 +++++ auth/db/auth.php | 7 +++++++ auth/email/auth.php | 4 ++++ auth/fc/auth.php | 4 ++++ auth/imap/auth.php | 4 ++++ auth/ldap/auth.php | 4 ++++ auth/ldap/config.html | 2 +- auth/manual/auth.php | 4 ++++ auth/mnet/auth.php | 4 ++++ auth/nntp/auth.php | 4 ++++ auth/nologin/auth.php | 5 +++++ auth/none/auth.php | 4 ++++ auth/pam/auth.php | 4 ++++ auth/pop3/auth.php | 4 ++++ auth/radius/auth.php | 4 ++++ auth/shibboleth/auth.php | 4 ++++ backup/restorelib.php | 4 ++-- lib/authlib.php | 9 +++++++++ lib/moodlelib.php | 2 +- 19 files changed, 78 insertions(+), 4 deletions(-) diff --git a/auth/cas/auth.php b/auth/cas/auth.php index 2e65812baf..703cebd68f 100644 --- a/auth/cas/auth.php +++ b/auth/cas/auth.php @@ -48,6 +48,11 @@ class auth_plugin_cas extends auth_plugin_base { $this->config->objectclass = 'objectClass='.$this->config->objectclass; } } + + function prevent_local_passwords() { + return true; + } + /** * Authenticates user againt CAS * Returns true if the username and password work and false if they are diff --git a/auth/db/auth.php b/auth/db/auth.php index 724496cef9..caf57f0c4c 100644 --- a/auth/db/auth.php +++ b/auth/db/auth.php @@ -563,6 +563,13 @@ class auth_plugin_db extends auth_plugin_base { } } + function prevent_local_passwords() { + if (!isset($this->config->passtype)) { + return false; + } + return ($this->config->passtype != 'internal'); + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/email/auth.php b/auth/email/auth.php index 5b709d2cc8..a1bb6e4ee8 100644 --- a/auth/email/auth.php +++ b/auth/email/auth.php @@ -146,6 +146,10 @@ class auth_plugin_email extends auth_plugin_base { } } + function prevent_local_passwords() { + return false; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/fc/auth.php b/auth/fc/auth.php index 51035232e1..8e9018204a 100644 --- a/auth/fc/auth.php +++ b/auth/fc/auth.php @@ -144,6 +144,10 @@ class auth_plugin_fc extends auth_plugin_base { return false; } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/imap/auth.php b/auth/imap/auth.php index e8028c3054..9bf042d60f 100644 --- a/auth/imap/auth.php +++ b/auth/imap/auth.php @@ -81,6 +81,10 @@ class auth_plugin_imap extends auth_plugin_base { return false; // No match } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/ldap/auth.php b/auth/ldap/auth.php index ca3a7746d5..9162ab6421 100644 --- a/auth/ldap/auth.php +++ b/auth/ldap/auth.php @@ -1749,6 +1749,10 @@ class auth_plugin_ldap extends auth_plugin_base { return ($fresult); } + function prevent_local_passwords() { + return !empty($this->config->preventpassindb); + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/ldap/config.html b/auth/ldap/config.html index d00f7dd012..51f26b878a 100644 --- a/auth/ldap/config.html +++ b/auth/ldap/config.html @@ -16,7 +16,7 @@ if (!isset($config->opt_deref)) { $config->opt_deref = LDAP_DEREF_NEVER; } if (!isset($config->preventpassindb)) - { $config->preventpassindb = 0; } + { $config->preventpassindb = 1; } if (!isset($config->bind_dn)) {$config->bind_dn = ''; } if (!isset($config->bind_pw)) diff --git a/auth/manual/auth.php b/auth/manual/auth.php index 4010c8f9b6..31a643ad22 100644 --- a/auth/manual/auth.php +++ b/auth/manual/auth.php @@ -62,6 +62,10 @@ class auth_plugin_manual extends auth_plugin_base { return update_internal_user_password($user, $newpassword); } + function prevent_local_passwords() { + return false; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php index ddae159e14..5da68394cd 100644 --- a/auth/mnet/auth.php +++ b/auth/mnet/auth.php @@ -578,6 +578,10 @@ class auth_plugin_mnet extends auth_plugin_base { $DB->delete_records_select('mnet_enrol_assignments', $whereclause, array($userid, $MNET_REMOTE_CLIENT->id)); } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/nntp/auth.php b/auth/nntp/auth.php index 36cdeb395c..de0aa4ee1a 100644 --- a/auth/nntp/auth.php +++ b/auth/nntp/auth.php @@ -64,6 +64,10 @@ class auth_plugin_nntp extends auth_plugin_base { return false; } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/nologin/auth.php b/auth/nologin/auth.php index 20794da719..72f5fa8575 100644 --- a/auth/nologin/auth.php +++ b/auth/nologin/auth.php @@ -46,6 +46,11 @@ class auth_plugin_nologin extends auth_plugin_base { return false; } + function prevent_local_passwords() { + // just in case, we do not want to loose the passwords + return false; + } + /** * No external data sync. * diff --git a/auth/none/auth.php b/auth/none/auth.php index e6022cdc38..9a1cbf9ac0 100644 --- a/auth/none/auth.php +++ b/auth/none/auth.php @@ -62,6 +62,10 @@ class auth_plugin_none extends auth_plugin_base { return update_internal_user_password($user, $newpassword); } + function prevent_local_passwords() { + return false; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/pam/auth.php b/auth/pam/auth.php index 5bb65831a6..c0afbe0ed8 100644 --- a/auth/pam/auth.php +++ b/auth/pam/auth.php @@ -77,6 +77,10 @@ class auth_plugin_pam extends auth_plugin_base { } } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/pop3/auth.php b/auth/pop3/auth.php index d4abd780e1..a49f510359 100644 --- a/auth/pop3/auth.php +++ b/auth/pop3/auth.php @@ -81,6 +81,10 @@ class auth_plugin_pop3 extends auth_plugin_base { return false; // No matches found } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/radius/auth.php b/auth/radius/auth.php index 976432d968..e6eb6a5a1f 100644 --- a/auth/radius/auth.php +++ b/auth/radius/auth.php @@ -126,6 +126,10 @@ class auth_plugin_radius extends auth_plugin_base { $rauth->close(); } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/auth/shibboleth/auth.php b/auth/shibboleth/auth.php index 1cfaa462bc..3e557ed360 100644 --- a/auth/shibboleth/auth.php +++ b/auth/shibboleth/auth.php @@ -152,6 +152,10 @@ class auth_plugin_shibboleth extends auth_plugin_base { return $moodleattributes; } + function prevent_local_passwords() { + return true; + } + /** * Returns true if this authentication plugin is 'internal'. * diff --git a/backup/restorelib.php b/backup/restorelib.php index eccc2fab4a..42b0ce500d 100644 --- a/backup/restorelib.php +++ b/backup/restorelib.php @@ -2707,7 +2707,7 @@ define('RESTORE_GROUPS_GROUPINGS', 3); if (!array_key_exists($user->auth, $authcache)) { // Not in cache $userauth = new stdClass(); $authplugin = get_auth_plugin($user->auth); - $userauth->preventpassindb = !empty($authplugin->config->preventpassindb); + $userauth->preventpassindb = $authplugin->prevent_local_passwords(); $userauth->isinternal = $authplugin->is_internal(); $userauth->canresetpwd = $authplugin->can_reset_password(); $authcache[$user->auth] = $userauth; @@ -2715,7 +2715,7 @@ define('RESTORE_GROUPS_GROUPINGS', 3); $userauth = $authcache[$user->auth]; // Get from cache } - // Respect strange config in some (ldap) plugins. Isn't this a dupe of is_internal() ? + // Most external plugins do not store passwords locally if (!empty($userauth->preventpassindb)) { $user->password = 'not cached'; diff --git a/lib/authlib.php b/lib/authlib.php index b89aa0160f..eaffbf4bc0 100644 --- a/lib/authlib.php +++ b/lib/authlib.php @@ -155,6 +155,15 @@ class auth_plugin_base { return true; } + /** + * Indicates if password hashes should be stored in local moodle database. + * @return bool true means md5 password hash stored in user table, false means flag 'not_cached' stored there instead + */ + function prevent_local_passwords() { + // NOTE: this will be changed to true in 2.0 + return false; + } + /** * Updates the user's password. * diff --git a/lib/moodlelib.php b/lib/moodlelib.php index 2e2ada81e6..8ecf1953ed 100644 --- a/lib/moodlelib.php +++ b/lib/moodlelib.php @@ -3715,7 +3715,7 @@ function update_internal_user_password(&$user, $password) { global $CFG, $DB; $authplugin = get_auth_plugin($user->auth); - if (!empty($authplugin->config->preventpassindb)) { + if ($authplugin->prevent_local_passwords()) { $hashedpassword = 'not cached'; } else { $hashedpassword = hash_internal_user_password($password); -- 2.39.5