[MDL-37625] Included PEAR Crypt_CHAP library uses obsolete mhash() code which breaks RADIUS auth support in some PHP 5.3 installs - Moodle Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.5, 2.3.4, 2.4.1
Fix Version/s: 2.3.5, 2.4.2
Component/s: Authentication, Libraries
Labels:
- partner
- patch
- remote-learner
- triaged

Database:

Any
Affected Branches:
MOODLE_22_STABLE, MOODLE_23_STABLE, MOODLE_24_STABLE
Fixed Branches:
MOODLE_23_STABLE, MOODLE_24_STABLE
Pull Master Branch:
~~MDL-37625~~-master
Pull Master Diff URL:
https://github.com/jfilip/moodle/compare/master...MDL-37625-master
URL:
https://github.com/jfilip/moodle
Testing Instructions:
Hide

Requirements

a RADIUS server

if you don't have one available you can setup one using FreeRADIUS – http://freeradius.org/

the PHP RADIUS extension installed and available on the web server of your Moodle testing site

Testing steps

log into your Moodle test site as a system administrator

configure the RADIUS auth plugin in Moodle by going to the following path in the Settings block – Site administration -> Plugins -> Authentication -> Manage authentication

enable and configure the RADIUS server plugin so that it communicates with your RADIUS server

log out of the Moodle site

attempt to log into the Moodle site using the credentials for a test user from the RADIUS server

you should be able to successfully log in and have a new account created for you if you have never logged in with that user before
Show
Requirements a RADIUS server if you don't have one available you can setup one using FreeRADIUS – http://freeradius.org/ the PHP RADIUS extension installed and available on the web server of your Moodle testing site Testing steps log into your Moodle test site as a system administrator configure the RADIUS auth plugin in Moodle by going to the following path in the Settings block – Site administration -> Plugins -> Authentication -> Manage authentication enable and configure the RADIUS server plugin so that it communicates with your RADIUS server log out of the Moodle site attempt to log into the Moodle site using the credentials for a test user from the RADIUS server you should be able to successfully log in and have a new account created for you if you have never logged in with that user before

Description

The PHP mhash module is obsoleted by the hash module (the latter of which is a required extension for current Moodle installs).

http://php.net/manual/en/intro.mhash.php

The Crypt_CHAP PEAR library that is currently included with Moodle uses mhash() calls which breaks on some PHP 5.3 installs due to the mhash extension not being available. This was a bug reported, fixed and released for this PEAR library in 2010.

Note: It looks like Red Hat Linux does not even have the mhash module available for install but Debian-based distros do include it (even with PHP 5.4). This is output from my Debian workstation:

$ php --version

PHP 5.4.4-12 (cli) (built: Jan 21 2013 10:32:30)

Copyright (c) 1997-2012 The PHP Group

Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies

    with Xdebug v2.2.1, Copyright (c) 2002-2012, by Derick Rethans

$ php -m | grep hash

hash

mhash

Attachments

Issue Links

Discovered while testing

MDL-38373 Strict standards error with auth_radius

Closed

will help resolve

MDL-32000 RADIUS authentification

Closed

Activity

People

Assignee:: Justin Filip

Reporter:: Justin Filip

Peer reviewer:: Dan Poltawski

Integrator:: Sam Hemelryk

Tester:: David Monllaó

Participants:: Dan Poltawski, David Monllaó, Eloy Lafuente (stronk7), Justin Filip, Michael de Raadt, Petr Skoda, Sam Hemelryk

Component watchers:: David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo, David Woloszyn, Huong Nguyen, Jake Dallimore, Michael Hawkins, Stevani Andolo

Votes:: 5 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 22/Jan/13 11:14 PM

Updated:: 08/Mar/13 10:42 AM

Resolved:: 08/Mar/13 12:20 AM

Fix Release Date:: 11/Mar/13