Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-37625

Included PEAR Crypt_CHAP library uses obsolete mhash() code which breaks RADIUS auth support in some PHP 5.3 installs

    Details

    • Database:
      Any
    • Testing Instructions:
      Hide

      Requirements

      1. a RADIUS server
      2. the PHP RADIUS extension installed and available on the web server of your Moodle testing site

      Testing steps

      1. log into your Moodle test site as a system administrator
      2. configure the RADIUS auth plugin in Moodle by going to the following path in the Settings block – Site administration -> Plugins -> Authentication -> Manage authentication
      3. enable and configure the RADIUS server plugin so that it communicates with your RADIUS server
      4. log out of the Moodle site
      5. attempt to log into the Moodle site using the credentials for a test user from the RADIUS server
      6. you should be able to successfully log in and have a new account created for you if you have never logged in with that user before
      Show
      Requirements a RADIUS server if you don't have one available you can setup one using FreeRADIUS – http://freeradius.org/ the PHP RADIUS extension installed and available on the web server of your Moodle testing site Testing steps log into your Moodle test site as a system administrator configure the RADIUS auth plugin in Moodle by going to the following path in the Settings block – Site administration -> Plugins -> Authentication -> Manage authentication enable and configure the RADIUS server plugin so that it communicates with your RADIUS server log out of the Moodle site attempt to log into the Moodle site using the credentials for a test user from the RADIUS server you should be able to successfully log in and have a new account created for you if you have never logged in with that user before
    • Affected Branches:
      MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
    • Fixed Branches:
      MOODLE_23_STABLE, MOODLE_24_STABLE
    • Pull Master Branch:
      MDL-37625-master

      Description

      The PHP mhash module is obsoleted by the hash module (the latter of which is a required extension for current Moodle installs).

      The Crypt_CHAP PEAR library that is currently included with Moodle uses mhash() calls which breaks on some PHP 5.3 installs due to the mhash extension not being available. This was a bug reported, fixed and released for this PEAR library in 2010.

      Note: It looks like Red Hat Linux does not even have the mhash module available for install but Debian-based distros do include it (even with PHP 5.4). This is output from my Debian workstation:

      • $ php --version
        PHP 5.4.4-12 (cli) (built: Jan 21 2013 10:32:30) 
        Copyright (c) 1997-2012 The PHP Group
        Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies
            with Xdebug v2.2.1, Copyright (c) 2002-2012, by Derick Rethans
         
        $ php -m | grep hash
        hash
        mhash
        

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  5 Vote for this issue
                  Watchers:
                  9 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    11/Mar/13