From cfda35a36b13b57cf48cfc717dfab373d4016ab1 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Sun, 17 Jul 2022 12:03:37 +0200
Subject: [PATCH] update sql-users with their corresponding
 password-hash-algorithm; remove a few notices for empty values in str_replace
 and others

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/Froxlor/Api/ApiParameter.php               | 12 +++++++++---
 lib/Froxlor/Api/Commands/Admins.php            |  2 +-
 lib/Froxlor/Api/Commands/EmailForwarders.php   |  2 +-
 lib/Froxlor/Api/Commands/IpsAndPorts.php       |  8 ++++----
 lib/Froxlor/Database/DbManager.php             |  5 ++++-
 .../Database/Manager/DbManagerMySQL.php        | 18 +++++++++++++-----
 tests/Mysqls/MysqlsTest.php                    | 10 +++++++---
 7 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/lib/Froxlor/Api/ApiParameter.php b/lib/Froxlor/Api/ApiParameter.php
index 6acb2309..7c4b3dee 100644
--- a/lib/Froxlor/Api/ApiParameter.php
+++ b/lib/Froxlor/Api/ApiParameter.php
@@ -180,12 +180,18 @@ abstract class ApiParameter
 	 */
 	private function trimArray($input)
 	{
-		if (! is_array($input)) {
+		if ($input === '') {
+			return "";
+		}
+		if (is_numeric($input) || is_null($input)) {
+			return $input;
+		}
+		if (!is_array($input)) {
 			return trim($input);
 		}
-		return array_map(array(
+		return array_map([
 			$this,
 			'trimArray'
-		), $input);
+		], $input);
 	}
 }
diff --git a/lib/Froxlor/Api/Commands/Admins.php b/lib/Froxlor/Api/Commands/Admins.php
index 0d39e53c..6799f469 100644
--- a/lib/Froxlor/Api/Commands/Admins.php
+++ b/lib/Froxlor/Api/Commands/Admins.php
@@ -475,7 +475,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
 				$email = $this->getParam('email', true, $idna_convert->decode($result['email'] ?? ''));
 				$password = $this->getParam('admin_password', true, '');
 				$def_language = $this->getParam('def_language', true, $result['def_language']);
-				$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
+				$custom_notes = $this->getParam('custom_notes', true, ($result['custom_notes'] ?? ""));
 				$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
 				$theme = $this->getParam('theme', true, $result['theme']);
 
diff --git a/lib/Froxlor/Api/Commands/EmailForwarders.php b/lib/Froxlor/Api/Commands/EmailForwarders.php
index 847bf9f6..48f37378 100644
--- a/lib/Froxlor/Api/Commands/EmailForwarders.php
+++ b/lib/Froxlor/Api/Commands/EmailForwarders.php
@@ -65,7 +65,7 @@ class EmailForwarders extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
 			$id = $result['id'];
 
 			// current destination array
-			$result['destination_array'] = explode(' ', $result['destination']);
+			$result['destination_array'] = explode(' ', ($result['destination'] ?? ''));
 
 			// prepare destination
 			$destination = trim($destination);
diff --git a/lib/Froxlor/Api/Commands/IpsAndPorts.php b/lib/Froxlor/Api/Commands/IpsAndPorts.php
index 71d836fb..5afdf8a7 100644
--- a/lib/Froxlor/Api/Commands/IpsAndPorts.php
+++ b/lib/Froxlor/Api/Commands/IpsAndPorts.php
@@ -378,9 +378,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 			$listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']);
 			$namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']);
 			$vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']);
-			$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, $result['specialsettings'])), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
+			$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, ($result['specialsettings'] ?? ""))), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 			$vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']);
-			$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain'])), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
+			$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, ($result['default_vhostconf_domain'] ?? ""))), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 			$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
 
 			if ((int) Settings::Get('system.use_ssl') == 1) {
@@ -389,9 +389,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
 				$ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true);
 				$ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true);
 				$ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true);
-				$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
+				$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, ($result['ssl_specialsettings'] ?? ""))), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);
-				$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
+				$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, ($result['ssl_default_vhostconf_domain'] ?? ""))), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
 				$include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']);
 			} else {
 				$ssl = 0;
diff --git a/lib/Froxlor/Database/DbManager.php b/lib/Froxlor/Database/DbManager.php
index dc0f3d1b..970c0216 100644
--- a/lib/Froxlor/Database/DbManager.php
+++ b/lib/Froxlor/Database/DbManager.php
@@ -173,7 +173,10 @@ class DbManager
 
 				if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
 
-					$password = $users[$username]['password'];
+					$password = [
+						'password' => $users[$username]['password'],
+						'plugin' => $users[$username]['plugin']
+					];
 
 					foreach ($mysql_access_host_array as $mysql_access_host) {
 
diff --git a/lib/Froxlor/Database/Manager/DbManagerMySQL.php b/lib/Froxlor/Database/Manager/DbManagerMySQL.php
index 089c440d..a93d5ef1 100644
--- a/lib/Froxlor/Database/Manager/DbManagerMySQL.php
+++ b/lib/Froxlor/Database/Manager/DbManagerMySQL.php
@@ -1,4 +1,5 @@
 <?php
+
 namespace Froxlor\Database\Manager;
 
 use Froxlor\Database\Database;
@@ -68,7 +69,7 @@ class DbManagerMySQL
 	 * username and sets the password for that user the given access_host
 	 *
 	 * @param string $username
-	 * @param string $password
+	 * @param string|array $password
 	 * @param string $access_host
 	 * @param bool $p_encrypted
 	 *        	optional, whether the password is encrypted or not, default false
@@ -77,7 +78,13 @@ class DbManagerMySQL
 	 */
 	public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false)
 	{
-		if (! $update) {
+		$pwd_plugin = 'mysql_native_password';
+		if (is_array($password) && count($password) == 2) {
+			$pwd_plugin = $password['plugin'];
+			$password = $password['password'];
+		}
+
+		if (!$update) {
 			// create user
 			if ($p_encrypted) {
 				if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
@@ -86,7 +93,7 @@ class DbManagerMySQL
 					");
 				} else {
 					$stmt = Database::prepare("
-						CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password
+						CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH " . $pwd_plugin . " AS :password
 					");
 				}
 			} else {
@@ -115,7 +122,7 @@ class DbManagerMySQL
 				}
 			} else {
 				if ($p_encrypted) {
-					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password");
+					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH " . $pwd_plugin . " AS :password");
 				} else {
 					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
 				}
@@ -247,9 +254,10 @@ class DbManagerMySQL
 		$allsqlusers = array();
 		while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
 			if ($user_only == false) {
-				if (! isset($allsqlusers[$row['User']]) || ! is_array($allsqlusers[$row['User']])) {
+				if (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {
 					$allsqlusers[$row['User']] = array(
 						'password' => $row['Password'] ?? $row['authentication_string'],
+						'plugin' => $row['plugin'] ?? 'mysql_native_password',
 						'hosts' => array()
 					);
 				}
diff --git a/tests/Mysqls/MysqlsTest.php b/tests/Mysqls/MysqlsTest.php
index 5673a474..da762ef1 100644
--- a/tests/Mysqls/MysqlsTest.php
+++ b/tests/Mysqls/MysqlsTest.php
@@ -286,8 +286,8 @@ class MysqlsTest extends TestCase
 		$dbm = new \Froxlor\Database\DbManager(\Froxlor\FroxlorLogger::getInstanceOf());
 		$users = $dbm->getManager()->getAllSqlUsers(false);
 		foreach ($users as $user => $data) {
-			if (TRAVIS_CI == 1 && strtolower($user) == 'mariadb.sys') {
-				// travis seems to have a user for mariadb on version 10.4
+			if (strtolower($user) == 'mariadb.sys') {
+				// some systems seem to have a user for mariadb on version 10.4
 				// we do not want to test that one
 				continue;
 			}
@@ -302,7 +302,11 @@ class MysqlsTest extends TestCase
 
 		// grant privileges to another host
 		$testdata = $users['froxlor010'];
-		$dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true);
+		$password = [
+			'password' => $testdata['password'],
+			'plugin' => $testdata['plugin']
+		];
+		$dbm->getManager()->grantPrivilegesTo('froxlor010', $password, '10.0.0.10', true);
 
 		// select all entries from mysql.user for froxlor010 to compare password-hashes
 		$sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr");