diff --git a/lib/Froxlor/Database/Manager/DbManagerMySQL.php b/lib/Froxlor/Database/Manager/DbManagerMySQL.php index fa1b2a5c..b194631f 100644 --- a/lib/Froxlor/Database/Manager/DbManagerMySQL.php +++ b/lib/Froxlor/Database/Manager/DbManagerMySQL.php @@ -81,9 +81,15 @@ class DbManagerMySQL // mysql8 compatibility if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) { // create user - $stmt = Database::prepare(" - CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password - "); + if ($p_encrypted) { + $stmt = Database::prepare(" + CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password + "); + } else { + $stmt = Database::prepare(" + CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password + "); + } Database::pexecute($stmt, array( "password" => $password )); @@ -97,9 +103,15 @@ class DbManagerMySQL )); } else { // grant privileges - $stmt = Database::prepare(" - GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY :password - "); + if ($p_encrypted) { + $stmt = Database::prepare(" + GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED WITH mysql_native_password AS :password + "); + } else { + $stmt = Database::prepare(" + GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY :password + "); + } Database::pexecute($stmt, array( "username" => $username, "host" => $access_host, @@ -115,7 +127,11 @@ class DbManagerMySQL $stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)"); } } else { - $stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password"); + if ($p_encrypted) { + $stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password"); + } else { + $stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password"); + } } Database::pexecute($stmt, array( "username" => $username, diff --git a/tests/Mysqls/MysqlsTest.php b/tests/Mysqls/MysqlsTest.php index 45989ec9..6bd4d300 100644 --- a/tests/Mysqls/MysqlsTest.php +++ b/tests/Mysqls/MysqlsTest.php @@ -4,6 +4,7 @@ use PHPUnit\Framework\TestCase; use Froxlor\Api\Commands\Admins; use Froxlor\Api\Commands\Customers; use Froxlor\Api\Commands\Mysqls; +use Froxlor\Database\Database; /** * @@ -181,5 +182,18 @@ class MysqlsTest extends TestCase foreach ($users as $user => $data) { $this->assertNotEmpty($data['password'], 'No password for user "' . $user . '"'); } + + // grant privileges to another host + $testdata = $users['froxlor010']; + $dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true); + + // select all entries from mysql.user for froxlor010 to compare password-hashes + $sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr"); + Database::pexecute($sel_stmt, ['usr' => 'froxlor010']); + $results = $sel_stmt->fetchAll(\PDO::FETCH_ASSOC); + foreach ($results as $user) { + $passwd = $user['Password'] ?? $user['authentication_string']; + $this->assertEquals($testdata['password'], $passwd); + } } }