From 76793c89927a4a7851d5401d19191a475aada99a Mon Sep 17 00:00:00 2001 From: Michael Kaufmann Date: Thu, 17 Apr 2025 14:56:55 +0200 Subject: [PATCH] adjust sql-queries for db-mgmt to be more compatible with mysql-dbms, fixes #1316, #1324, #1326 --- composer.lock | 22 +++++++-------- install/updates/froxlor/update_2.2.inc.php | 2 +- lib/Froxlor/Api/Commands/Customers.php | 2 +- lib/Froxlor/Database/DbManager.php | 4 +-- .../Database/Manager/DbManagerMySQL.php | 28 ++++++++----------- lib/configfiles/bookworm.xml | 1 + lib/configfiles/bullseye.xml | 1 + lib/configfiles/focal.xml | 1 + lib/configfiles/jammy.xml | 1 + lib/configfiles/noble.xml | 1 + templates/Froxlor/login/enter2fa.html.twig | 2 +- 11 files changed, 32 insertions(+), 33 deletions(-) diff --git a/composer.lock b/composer.lock index ecf9b77d..ea9b6cb0 100644 --- a/composer.lock +++ b/composer.lock @@ -3066,16 +3066,16 @@ }, { "name": "phpstan/phpstan", - "version": "1.12.20", + "version": "1.12.24", "source": { "type": "git", "url": "https://github.com/phpstan/phpstan.git", - "reference": "3240b1972042c7f73cf1045e879ea5bd5f761bb7" + "reference": "338b92068f58d9f8035b76aed6cf2b9e5624c025" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpstan/phpstan/zipball/3240b1972042c7f73cf1045e879ea5bd5f761bb7", - "reference": "3240b1972042c7f73cf1045e879ea5bd5f761bb7", + "url": "https://api.github.com/repos/phpstan/phpstan/zipball/338b92068f58d9f8035b76aed6cf2b9e5624c025", + "reference": "338b92068f58d9f8035b76aed6cf2b9e5624c025", "shasum": "" }, "require": { @@ -3120,7 +3120,7 @@ "type": "github" } ], - "time": "2025-03-05T13:37:43+00:00" + "time": "2025-04-16T13:01:53+00:00" }, { "name": "phpunit/php-code-coverage", @@ -4571,16 +4571,16 @@ }, { "name": "squizlabs/php_codesniffer", - "version": "3.11.3", + "version": "3.12.2", "source": { "type": "git", "url": "https://github.com/PHPCSStandards/PHP_CodeSniffer.git", - "reference": "ba05f990e79cbe69b9f35c8c1ac8dca7eecc3a10" + "reference": "6d4cf6032d4b718f168c90a96e36c7d0eaacb2aa" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/ba05f990e79cbe69b9f35c8c1ac8dca7eecc3a10", - "reference": "ba05f990e79cbe69b9f35c8c1ac8dca7eecc3a10", + "url": "https://api.github.com/repos/PHPCSStandards/PHP_CodeSniffer/zipball/6d4cf6032d4b718f168c90a96e36c7d0eaacb2aa", + "reference": "6d4cf6032d4b718f168c90a96e36c7d0eaacb2aa", "shasum": "" }, "require": { @@ -4647,11 +4647,11 @@ "type": "open_collective" }, { - "url": "https://thanks.dev/phpcsstandards", + "url": "https://thanks.dev/u/gh/phpcsstandards", "type": "thanks_dev" } ], - "time": "2025-01-23T17:04:15+00:00" + "time": "2025-04-13T04:10:18+00:00" }, { "name": "symfony/config", diff --git a/install/updates/froxlor/update_2.2.inc.php b/install/updates/froxlor/update_2.2.inc.php index a5691e17..04407ac6 100644 --- a/install/updates/froxlor/update_2.2.inc.php +++ b/install/updates/froxlor/update_2.2.inc.php @@ -238,7 +238,7 @@ if (Froxlor::isDatabaseVersion('202411200')) { } } $dbm->getManager()->flushPrivileges(); - Database::needRoot(false); + Database::needRoot(); } } Update::lastStepStatus(0); diff --git a/lib/Froxlor/Api/Commands/Customers.php b/lib/Froxlor/Api/Commands/Customers.php index 428984f7..f2ec06ba 100644 --- a/lib/Froxlor/Api/Commands/Customers.php +++ b/lib/Froxlor/Api/Commands/Customers.php @@ -777,7 +777,7 @@ class Customers extends ApiCommand implements ResourceEntity if ($mysqls != 0) { foreach ($allowed_mysqlserver as $dbserver) { // require privileged access for target db-server - Database::needRoot(true, $dbserver, true); + Database::needRoot(true, $dbserver, false); // get DbManager $dbm = new DbManager($this->logger()); // give permission to the user on every access-host we have diff --git a/lib/Froxlor/Database/DbManager.php b/lib/Froxlor/Database/DbManager.php index 8ef72dab..a3594a10 100644 --- a/lib/Froxlor/Database/DbManager.php +++ b/lib/Froxlor/Database/DbManager.php @@ -176,7 +176,7 @@ class DbManager */ public function createDatabase(string $loginname = null, string $password = null, int $dbserver = 0, int $last_accnumber = 0, string $global_user = "") { - Database::needRoot(true, $dbserver, true); + Database::needRoot(true, $dbserver, false); // check whether we shall create a random username if (strtoupper(Settings::Get('customer.mysqlprefix')) == 'RANDOM') { @@ -211,7 +211,7 @@ class DbManager } $this->getManager()->flushPrivileges(); - Database::needRoot(false); + Database::needRoot(); $this->log->logAction(FroxlorLogger::USR_ACTION, LOG_INFO, "created database '" . $username . "'"); diff --git a/lib/Froxlor/Database/Manager/DbManagerMySQL.php b/lib/Froxlor/Database/Manager/DbManagerMySQL.php index 1cf3f61c..a8876023 100644 --- a/lib/Froxlor/Database/Manager/DbManagerMySQL.php +++ b/lib/Froxlor/Database/Manager/DbManagerMySQL.php @@ -115,12 +115,9 @@ class DbManagerMySQL $grants = "SELECT, INSERT, UPDATE, DELETE, DROP, INDEX, ALTER"; } $stmt = Database::prepare(" - GRANT " . $grants . " ON `" . $username . ($grant_access_prefix ? '%' : '') . "`.* TO :username@:host + GRANT " . $grants . " ON `" . $username . ($grant_access_prefix ? '%' : '') . "`.* TO `" . $username . "`@`" . $access_host . "` "); - Database::pexecute($stmt, [ - "username" => $username, - "host" => $access_host - ]); + Database::pexecute($stmt); if ($grant_access_prefix) { $this->grantCreateToCustomerDbs($username, $access_host); @@ -340,12 +337,9 @@ class DbManagerMySQL Database::needRoot(true, $currentDbServer, false); while ($dbdata = $sel_stmt->fetch(\PDO::FETCH_ASSOC)) { $stmt = Database::prepare(" - GRANT ALL ON `" . $dbdata['databasename'] . "`.* TO :username@:host + GRANT ALL ON `" . $dbdata['databasename'] . "`.* TO `" . $username . "`@`" . $access_host . "` "); - Database::pexecute($stmt, [ - "username" => $username, - "host" => $access_host - ]); + Database::pexecute($stmt); } } } @@ -361,12 +355,12 @@ class DbManagerMySQL */ public function grantCreateToDb(string $username, string $database, string $access_host) { - $stmt = Database::prepare(" - GRANT ALL ON `" . $database . "`.* TO :username@:host - "); - Database::pexecute($stmt, [ - "username" => $username, - "host" => $access_host - ]); + // only grant permission if the user exists + if ($this->userExistsOnHost($username, $access_host)) { + $stmt = Database::prepare(" + GRANT ALL ON `" . $database . "`.* TO `" . $username . "`@`" . $access_host . "` + "); + Database::pexecute($stmt); + } } } diff --git a/lib/configfiles/bookworm.xml b/lib/configfiles/bookworm.xml index f60744fb..528446e9 100644 --- a/lib/configfiles/bookworm.xml +++ b/lib/configfiles/bookworm.xml @@ -2599,6 +2599,7 @@ try_fallback = true; allow_username_mismatch = true; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; selector_map = "/etc/rspamd/dkim_selectors.map"; +use_esld = false; ]]> diff --git a/lib/configfiles/bullseye.xml b/lib/configfiles/bullseye.xml index 062def86..adfeb15f 100644 --- a/lib/configfiles/bullseye.xml +++ b/lib/configfiles/bullseye.xml @@ -4168,6 +4168,7 @@ try_fallback = true; allow_username_mismatch = true; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; selector_map = "/etc/rspamd/dkim_selectors.map"; +use_esld = false; ]]> diff --git a/lib/configfiles/focal.xml b/lib/configfiles/focal.xml index 7054a2f3..45c98ac4 100644 --- a/lib/configfiles/focal.xml +++ b/lib/configfiles/focal.xml @@ -3391,6 +3391,7 @@ try_fallback = true; allow_username_mismatch = true; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; selector_map = "/etc/rspamd/dkim_selectors.map"; +use_esld = false; ]]> diff --git a/lib/configfiles/jammy.xml b/lib/configfiles/jammy.xml index ace26c6b..4c4d5761 100644 --- a/lib/configfiles/jammy.xml +++ b/lib/configfiles/jammy.xml @@ -3381,6 +3381,7 @@ try_fallback = true; allow_username_mismatch = true; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; selector_map = "/etc/rspamd/dkim_selectors.map"; +use_esld = false; ]]> diff --git a/lib/configfiles/noble.xml b/lib/configfiles/noble.xml index 9a727992..0a021258 100644 --- a/lib/configfiles/noble.xml +++ b/lib/configfiles/noble.xml @@ -2054,6 +2054,7 @@ try_fallback = true; allow_username_mismatch = true; path = "/var/lib/rspamd/dkim/$domain.$selector.key"; selector_map = "/etc/rspamd/dkim_selectors.map"; +use_esld = false; ]]> diff --git a/templates/Froxlor/login/enter2fa.html.twig b/templates/Froxlor/login/enter2fa.html.twig index 5f2ad725..7708c5e3 100644 --- a/templates/Froxlor/login/enter2fa.html.twig +++ b/templates/Froxlor/login/enter2fa.html.twig @@ -19,7 +19,7 @@
- +
{% if remember_me %}