[TYPO3-core] RFC #9474: Integrate OpenID authentication support to TYPO3
Xavier Perseguers
typo3 at perseguers.ch
Tue Oct 7 13:50:28 CEST 2008
Hi Dmitry,
>> The code above should take care of it. /dev/urandom definitely does
>> not exist on Windows and we can even check OS before we check that
>> /dev/urandom exists. So on Windows it will be just built–in generator.
>> trigger_error will never be called in this case.
>
> if (TYPO3_OS == 'WIN') {
> // No random generator on Windows!
> define('Auth_OpenID_RAND_SOURCE', null);
> } elseif (!is_readable('/dev/urandom')) {
> if (is_readable('/dev/random')) {
> define('Auth_OpenID_RAND_SOURCE', '/dev/random');
> } else {
> define('Auth_OpenID_RAND_SOURCE', null);
> }
> }
I think your whole code looks like that:
if (!defined('Auth_OpenID_RAND_SOURCE')) {
/**
* The filename for a source of random bytes. Define this yourself
* if you have a different source of randomness.
*/
define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
if (TYPO3_OS == 'WIN') {
// No random generator on Windows!
define('Auth_OpenID_RAND_SOURCE', null);
} elseif (!is_readable('/dev/urandom')) {
if (is_readable('/dev/random')) {
define('Auth_OpenID_RAND_SOURCE', '/dev/random');
} else {
define('Auth_OpenID_RAND_SOURCE', null);
}
}
}
If yes, then it does not work as (at least on my installation),
constants cannot be redefined. I have to change the code above to
if (!defined('Auth_OpenID_RAND_SOURCE')) {
/**
* The filename for a source of random bytes. Define this yourself
* if you have a different source of randomness.
*/
if (TYPO3_OS == 'WIN') {
// No random generator on Windows!I
define('Auth_OpenID_RAND_SOURCE', null);
} else {
if (is_readable('/dev/urandom')) {
define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
} elseif (is_readable('/dev/random')) {
define('Auth_OpenID_RAND_SOURCE', '/dev/random');
} else {
define('Auth_OpenID_RAND_SOURCE', null);
}
}
}
to make it work. And then I noticed that there are warnings:
Warning: is_readable() [function.is-readable]: open_basedir restriction
in effect. File(/dev/urandom) is not within the allowed path(s):
(/var/www/data/domain.tld/www:/var/www/data/share:/usr/share/php:/tmp:/proc)
in
/var/www/data/share/typo3_src-4.2.2/typo3/sysext/openid/lib/php-openid/Auth/OpenID/CryptUtil.php
on line 27
Thus you have to prefix these functions with the @ to finally get:
if (!defined('Auth_OpenID_RAND_SOURCE')) {
/**
* The filename for a source of random bytes. Define this yourself
* if you have a different source of randomness.
*/
if (TYPO3_OS == 'WIN') {
// No random generator on Windows!I
define('Auth_OpenID_RAND_SOURCE', null);
} else {
if (@is_readable('/dev/urandom')) {
define('Auth_OpenID_RAND_SOURCE', '/dev/urandom');
} elseif (@is_readable('/dev/random')) {
define('Auth_OpenID_RAND_SOURCE', '/dev/random');
} else {
define('Auth_OpenID_RAND_SOURCE', null);
}
}
}
which just works fine.
Now I think I found another bug related to the return_to location but
I'll investigate a bit more and create another post related to this thread.
--
Xavier Perseguers
http://xavier.perseguers.ch/en/tutorials/typo3.html
More information about the TYPO3-team-core
mailing list