mnet MDL-21098 small fixes - ss out issue and edge case simultaneous …

…keyswap loop
Mrmoodle · Feb 5, 2010 · 48fb394 · 48fb394
1 parent 2078b2a
commit 48fb394
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/auth/mnet/auth.php b/auth/mnet/auth.php
@@ -1036,7 +1036,10 @@ function kill_parent($username, $useragent) {
      */
     function kill_children($username, $useragent) {
         global $CFG, $USER, $DB;
-        $remoteclient = get_mnet_remote_client();
+        $remoteclient = null;
+        if (defined('MNET_SERVER')) {
+            $remoteclient = get_mnet_remote_client();
+        }
         require_once $CFG->dirroot.'/mnet/xmlrpc/client.php';
 
         $userid = $DB->get_field('user', 'id', array('mnethostid'=>$CFG->mnet_localhost_id, 'username'=>$username));
@@ -1096,6 +1099,7 @@ function kill_child($username, $useragent) {
         global $CFG, $DB;
         $remoteclient = get_mnet_remote_client();
         $session = $DB->get_record('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
+        $DB->delete_records('mnet_session', array('username'=>$username, 'mnethostid'=>$remoteclient->id, 'useragent'=>$useragent));
         if (false != $session) {
             session_kill($session->session_id);
             return true;

diff --git a/mnet/xmlrpc/serverlib.php b/mnet/xmlrpc/serverlib.php
@@ -128,6 +128,16 @@ function mnet_server_strip_signature($plaintextmessage) {
         $currkey = mnet_get_public_key($remoteclient->wwwroot, $remoteclient->application);
         // If the key the remote peer is currently publishing is different to $certificate
         if($currkey != $certificate) {
+            // if pushkey is already set, it means the request was encrypted to an old key
+            // in mnet_server_strip_encryption.
+            // if we call refresh_key() here before pushing out our new key,
+            // and the other site ALSO has a new key,
+            // we'll get into an infinite keyswap loop
+            // so push just bail here, and push out the new key.
+            // the next request will get through to refresh_key
+            if ($remoteclient->pushkey) {
+                return false;
+            }
             // Try and get the server's new key through trusted means
             $remoteclient->refresh_key();
             // If we did manage to re-key, try to verify the signature again using the new public key.