Example #1
0
 public function kill_parent($username)
 {
     require_once get_config('docroot') . 'api/xmlrpc/client.php';
     // For some people, the call to kill_children fails (when the remote
     // site is a Moodle). We still haven't worked out why that is, but it's
     // not a problem on the Mahara site
     try {
         $client = new Client();
         $client->set_method('auth/mnet/auth.php/kill_children')->add_param($username)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($this->wwwroot);
     } catch (XmlrpcClientException $e) {
         log_debug("XMLRPC error occurred while calling MNET method kill_children on {$this->wwwroot}");
         log_debug("This means that single-signout probably didn't work properly, but the problem " . "is at the remote application");
         log_debug("If the remote application is Moodle, you are likely a victim of " . "http://tracker.moodle.org/browse/MDL-16872 - try applying the attached patch to fix the issue");
         log_debug("Exception message follows:");
         log_debug($e->getMessage());
     }
 }
/**
 * Check that the signature has been signed by the remote host.
 */
function xmldsig_envelope_strip(&$xml)
{
    $signature = base64_decode($xml->Signature->SignatureValue);
    $payload = base64_decode($xml->object);
    $wwwroot = (string) $xml->wwwroot;
    $timestamp = $xml->timestamp;
    $peer = get_peer($wwwroot);
    // Does the signature match the data and the public cert?
    $signature_verified = openssl_verify($payload, $signature, $peer->certificate);
    if ($signature_verified == 0) {
        // Maybe the remote host is using a new key?
        // Make a dummy request so we'll be given a new key
        log_info("Signature verification for message from {$wwwroot} failed, checking to see if they have a new signature for us");
        require_once get_config('docroot') . 'api/xmlrpc/client.php';
        $client = new Client();
        $client->set_method('system/listServices')->send($wwwroot);
        // Now use the new key and re-try verification
        $peer = get_peer($wwwroot, false);
        $signature_verified = openssl_verify($payload, $signature, $peer->certificate);
    }
    if ($signature_verified == 1) {
        // Parse the XML
        try {
            $xml = new SimpleXMLElement($payload);
            return $payload;
        } catch (Exception $e) {
            throw new MaharaException('Signed payload is not a valid XML document', 6007);
        }
    }
    throw new MaharaException('An error occurred while trying to verify your message signature', 6004);
}
Example #3
0
 public function prepare_files()
 {
     require_once get_config('docroot') . 'api/xmlrpc/client.php';
     $client = new Client();
     try {
         $client->set_method('portfolio/mahara/lib.php/fetch_file')->add_param($this->token)->send($this->host->wwwroot);
     } catch (XmlrpcClientException $e) {
         throw new ImportException('Failed to retrieve zipfile from remote server: ' . $e->getMessage());
     }
     if (!($filecontents = base64_decode($client->response))) {
         throw new ImportException('Failed to retrieve zipfile from remote server');
     }
     $this->relativepath = 'temp/import/' . $this->importer->get('id') . '/';
     if ($tmpdir = get_config('unziptempdir')) {
         $this->tempdir = $tmpdir . $this->relativepath;
     } else {
         $this->tempdir = get_config('dataroot') . $this->relativepath;
     }
     if (!check_dir_exists($this->tempdir)) {
         throw new ImportException('Failed to create the temporary directories to work in');
     }
     $this->zipfilename = 'import.zip';
     if (!file_put_contents($this->tempdir . $this->zipfilename, $filecontents)) {
         throw new ImportException('Failed to write out the zipfile to local temporary storage');
     }
 }
Example #4
0
 /**
  * retrieves the files from the remote host
  */
 public function prepare_files()
 {
     if (empty($this->importer)) {
         throw new ImportException(null, 'Failed to initialise XMLRPC file retrieval - no importer object');
     }
     $this->prepare_tempdir();
     $this->token = $this->importer->get('token');
     require_once get_config('docroot') . 'api/xmlrpc/client.php';
     $client = new Client();
     try {
         $client->set_method('portfolio/mahara/lib.php/fetch_file')->add_param($this->token)->send($this->host->wwwroot);
     } catch (XmlrpcClientException $e) {
         throw new ImportException($this->importer, 'Failed to retrieve zipfile from remote server: ' . $e->getMessage());
     }
     if (!($filecontents = base64_decode($client->response))) {
         throw new ImportException($this->importer, 'Failed to retrieve zipfile from remote server');
     }
     $this->importfilename = 'import.zip';
     $this->importfile = $this->tempdir . $this->importfilename;
     if (!file_put_contents($this->tempdir . $this->importfilename, $filecontents)) {
         throw new ImportException($this->importer, 'Failed to write out the zipfile to local temporary storage');
     }
     // detect the filetype and bail if it's not a zip file
     safe_require('artefact', 'file');
     require_once 'file.php';
     $ziptypes = PluginArtefactFile::get_mimetypes_from_description('zip');
     $this->mimetype = file_mime_type($this->tempdir . $this->importfilename);
     if (!in_array($this->mimetype, $ziptypes)) {
         throw new ImportException($this->importer, 'Not a valid zipfile - mimetype was ' . $this->mimetype);
     }
 }
Example #5
0
 public function kill_parent($username)
 {
     require_once get_config('docroot') . 'api/xmlrpc/client.php';
     // For some people, the call to kill_children fails (when the remote
     // site is a Moodle). We still haven't worked out why that is, but it's
     // not a problem on the Mahara site
     try {
         $client = new Client();
         $client->set_method('auth/mnet/auth.php/kill_children')->add_param($username)->add_param(sha1($_SERVER['HTTP_USER_AGENT']))->send($this->wwwroot);
     } catch (XmlrpcClientException $e) {
         log_debug("XMLRPC error occured while calling MNET method kill_children on {$this->wwwroot}");
         log_debug("This means that single-signout probably didn't work properly, but the problem " . "is at the remote application");
         log_debug("If the remote application is Moodle, and you're happy with a Mahara developer " . "getting access to your system so they can try and debug the problem, get in touch with dev@mahara.org");
         log_debug("Exception message follows:");
         log_debug($e->getMessage());
     }
 }