update sql-users with their corresponding password-hash-algorithm; remove a few notices for empty values in str_replace and others
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -180,12 +180,18 @@ abstract class ApiParameter
|
||||
*/
|
||||
private function trimArray($input)
|
||||
{
|
||||
if (! is_array($input)) {
|
||||
if ($input === '') {
|
||||
return "";
|
||||
}
|
||||
if (is_numeric($input) || is_null($input)) {
|
||||
return $input;
|
||||
}
|
||||
if (!is_array($input)) {
|
||||
return trim($input);
|
||||
}
|
||||
return array_map(array(
|
||||
return array_map([
|
||||
$this,
|
||||
'trimArray'
|
||||
), $input);
|
||||
], $input);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -475,7 +475,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
|
||||
$email = $this->getParam('email', true, $idna_convert->decode($result['email'] ?? ''));
|
||||
$password = $this->getParam('admin_password', true, '');
|
||||
$def_language = $this->getParam('def_language', true, $result['def_language']);
|
||||
$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
|
||||
$custom_notes = $this->getParam('custom_notes', true, ($result['custom_notes'] ?? ""));
|
||||
$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
|
||||
$theme = $this->getParam('theme', true, $result['theme']);
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ class EmailForwarders extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
|
||||
$id = $result['id'];
|
||||
|
||||
// current destination array
|
||||
$result['destination_array'] = explode(' ', $result['destination']);
|
||||
$result['destination_array'] = explode(' ', ($result['destination'] ?? ''));
|
||||
|
||||
// prepare destination
|
||||
$destination = trim($destination);
|
||||
|
||||
@@ -378,9 +378,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
$listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']);
|
||||
$namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']);
|
||||
$vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']);
|
||||
$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, $result['specialsettings'])), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, ($result['specialsettings'] ?? ""))), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']);
|
||||
$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain'])), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, ($result['default_vhostconf_domain'] ?? ""))), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
|
||||
|
||||
if ((int) Settings::Get('system.use_ssl') == 1) {
|
||||
@@ -389,9 +389,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
|
||||
$ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true);
|
||||
$ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true);
|
||||
$ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true);
|
||||
$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, ($result['ssl_specialsettings'] ?? ""))), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);
|
||||
$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, ($result['ssl_default_vhostconf_domain'] ?? ""))), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
|
||||
$include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']);
|
||||
} else {
|
||||
$ssl = 0;
|
||||
|
||||
@@ -173,7 +173,10 @@ class DbManager
|
||||
|
||||
if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
|
||||
|
||||
$password = $users[$username]['password'];
|
||||
$password = [
|
||||
'password' => $users[$username]['password'],
|
||||
'plugin' => $users[$username]['plugin']
|
||||
];
|
||||
|
||||
foreach ($mysql_access_host_array as $mysql_access_host) {
|
||||
|
||||
|
||||
@@ -1,4 +1,5 @@
|
||||
<?php
|
||||
|
||||
namespace Froxlor\Database\Manager;
|
||||
|
||||
use Froxlor\Database\Database;
|
||||
@@ -68,7 +69,7 @@ class DbManagerMySQL
|
||||
* username and sets the password for that user the given access_host
|
||||
*
|
||||
* @param string $username
|
||||
* @param string $password
|
||||
* @param string|array $password
|
||||
* @param string $access_host
|
||||
* @param bool $p_encrypted
|
||||
* optional, whether the password is encrypted or not, default false
|
||||
@@ -77,7 +78,13 @@ class DbManagerMySQL
|
||||
*/
|
||||
public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false)
|
||||
{
|
||||
if (! $update) {
|
||||
$pwd_plugin = 'mysql_native_password';
|
||||
if (is_array($password) && count($password) == 2) {
|
||||
$pwd_plugin = $password['plugin'];
|
||||
$password = $password['password'];
|
||||
}
|
||||
|
||||
if (!$update) {
|
||||
// create user
|
||||
if ($p_encrypted) {
|
||||
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
|
||||
@@ -86,7 +93,7 @@ class DbManagerMySQL
|
||||
");
|
||||
} else {
|
||||
$stmt = Database::prepare("
|
||||
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password
|
||||
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH " . $pwd_plugin . " AS :password
|
||||
");
|
||||
}
|
||||
} else {
|
||||
@@ -115,7 +122,7 @@ class DbManagerMySQL
|
||||
}
|
||||
} else {
|
||||
if ($p_encrypted) {
|
||||
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password");
|
||||
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH " . $pwd_plugin . " AS :password");
|
||||
} else {
|
||||
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
|
||||
}
|
||||
@@ -247,9 +254,10 @@ class DbManagerMySQL
|
||||
$allsqlusers = array();
|
||||
while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
|
||||
if ($user_only == false) {
|
||||
if (! isset($allsqlusers[$row['User']]) || ! is_array($allsqlusers[$row['User']])) {
|
||||
if (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {
|
||||
$allsqlusers[$row['User']] = array(
|
||||
'password' => $row['Password'] ?? $row['authentication_string'],
|
||||
'plugin' => $row['plugin'] ?? 'mysql_native_password',
|
||||
'hosts' => array()
|
||||
);
|
||||
}
|
||||
|
||||
@@ -286,8 +286,8 @@ class MysqlsTest extends TestCase
|
||||
$dbm = new \Froxlor\Database\DbManager(\Froxlor\FroxlorLogger::getInstanceOf());
|
||||
$users = $dbm->getManager()->getAllSqlUsers(false);
|
||||
foreach ($users as $user => $data) {
|
||||
if (TRAVIS_CI == 1 && strtolower($user) == 'mariadb.sys') {
|
||||
// travis seems to have a user for mariadb on version 10.4
|
||||
if (strtolower($user) == 'mariadb.sys') {
|
||||
// some systems seem to have a user for mariadb on version 10.4
|
||||
// we do not want to test that one
|
||||
continue;
|
||||
}
|
||||
@@ -302,7 +302,11 @@ class MysqlsTest extends TestCase
|
||||
|
||||
// grant privileges to another host
|
||||
$testdata = $users['froxlor010'];
|
||||
$dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true);
|
||||
$password = [
|
||||
'password' => $testdata['password'],
|
||||
'plugin' => $testdata['plugin']
|
||||
];
|
||||
$dbm->getManager()->grantPrivilegesTo('froxlor010', $password, '10.0.0.10', true);
|
||||
|
||||
// select all entries from mysql.user for froxlor010 to compare password-hashes
|
||||
$sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr");
|
||||
|
||||
Reference in New Issue
Block a user