Moodle-OpenID

Access to /dev/urandom shown only when debug enabled

Bug #285838 reported by josemoya on 2008-10-19

2

Affects		Status	Importance	Assigned to	Milestone
	Moodle-OpenID	New	Undecided	Unassigned

Bug Description

Access to /dev/urandom is needed for lib\openid\Auth\OpenID\CryptUtil.php to work. If path restrictions are enabled in server, the openid login process will fail with a blank screen.

An error message is displayed, but only when debug mode is enabled.

For sanity reasons, a warning should be displayed in mod/openid/auth_config.html, in order to notify the administrator before he activates openid.

Here is a small patch for this, for moodle-openid-rev8. I'll make a patch for moodle-openid-rev27 when in the mood.

The patch adds one new file, RandSource.php, to contain a value for Auth_OpenID_RAND_SOURCE. /lib/OpenID.php could have been used instead, but having it in a single file makes things easier for newbie administrators like me.

See original description

Tags:

Revision history for this message

josemoya (josemoya) wrote on 2008-10-19:

#1

Patch to show an alert about Auth_OpenID_RAND_SOURCE in auth_config.html Edit (2.8 KiB, text/plain)

description:

updated

Revision history for this message

josemoya (josemoya) wrote on 2008-10-19:

#2

RAND_SOURCE diff for rev27 Edit (1.2 MiB, text/plain)

Here is the patch for Rev 27.

Also here is a new patch for Rev 8 since old patch had the default value of using "pseudo-random" instead of /dev/urandom.

Revision history for this message

josemoya (josemoya) wrote on 2008-10-19:

#3

moodle-openid RAND_SOURCE diff for rev8 Edit (2.8 KiB, text/plain)

Here is the new patch for Rev 8. Please use this one, since it is more safe.

Revision history for this message

josemoya (josemoya) wrote on 2008-10-19:

#4

moodle-openid RAND_SOURCE diff for rev8 Edit (2.8 KiB, text/plain)

Here is the new patch for Rev 8. Please use this one, since it is more safe.

Revision history for this message

Stuart Metcalfe (stuartmetcalfe) wrote on 2008-11-22:

#5

This should probably be pushed upstream if it isn't resolved in the neweest version of the library. I'm planning to update in the next week so will review this bug again after that. Thanks.

Stuart Metcalfe (stuartmetcalfe) on 2009-09-29

tags:

added: taskbucket

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Bug attachments

moodle-openid RAND_SOURCE diff for rev8 Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.