maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix issue when adding new database users with already-hashed passwords, refs #758

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2019-11-18 10:48:31 +01:00
parent dfce1fea3c
commit c84732a0cd
2 changed files with 37 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/Froxlor/Database/Manager/DbManagerMySQL.php
View File

@@ -81,9 +81,15 @@ class DbManagerMySQL
// mysql8 compatibility // mysql8 compatibility
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) { if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '8.0.11', '>=')) {
// create user // create user
$stmt = Database::prepare(" if ($p_encrypted) {
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password $stmt = Database::prepare("
"); CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password
");
} else {
$stmt = Database::prepare("
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED BY :password
");
}
Database::pexecute($stmt, array( Database::pexecute($stmt, array(
"password" => $password "password" => $password
)); ));
@@ -97,9 +103,15 @@ class DbManagerMySQL
)); ));
} else { } else {
// grant privileges // grant privileges
$stmt = Database::prepare(" if ($p_encrypted) {
GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY :password $stmt = Database::prepare("
"); GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED WITH mysql_native_password AS :password
");
} else {
$stmt = Database::prepare("
GRANT ALL PRIVILEGES ON `" . $username . "`.* TO :username@:host IDENTIFIED BY :password
");
}
Database::pexecute($stmt, array( Database::pexecute($stmt, array(
"username" => $username, "username" => $username,
"host" => $access_host, "host" => $access_host,
@@ -115,7 +127,11 @@ class DbManagerMySQL
$stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)"); $stmt = Database::prepare("SET PASSWORD FOR :username@:host = PASSWORD(:password)");
} }
} else { } else {
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password"); if ($p_encrypted) {
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password");
} else {
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
}
} }
Database::pexecute($stmt, array( Database::pexecute($stmt, array(
"username" => $username, "username" => $username,

14
tests/Mysqls/MysqlsTest.php
View File

@@ -4,6 +4,7 @@ use PHPUnit\Framework\TestCase;
use Froxlor\Api\Commands\Admins; use Froxlor\Api\Commands\Admins;
use Froxlor\Api\Commands\Customers; use Froxlor\Api\Commands\Customers;
use Froxlor\Api\Commands\Mysqls; use Froxlor\Api\Commands\Mysqls;
use Froxlor\Database\Database;
/** /**
* *
@@ -181,5 +182,18 @@ class MysqlsTest extends TestCase
foreach ($users as $user => $data) { foreach ($users as $user => $data) {
$this->assertNotEmpty($data['password'], 'No password for user "' . $user . '"'); $this->assertNotEmpty($data['password'], 'No password for user "' . $user . '"');
} }
// grant privileges to another host
$testdata = $users['froxlor010'];
$dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true);
// select all entries from mysql.user for froxlor010 to compare password-hashes
$sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr");
Database::pexecute($sel_stmt, ['usr' => 'froxlor010']);
$results = $sel_stmt->fetchAll(\PDO::FETCH_ASSOC);
foreach ($results as $user) {
$passwd = $user['Password'] ?? $user['authentication_string'];
$this->assertEquals($testdata['password'], $passwd);
}
} }
} }