maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

update sql-users with their corresponding password-hash-algorithm; remove a few notices for empty values in str_replace and others

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2022-07-17 12:03:37 +02:00
parent 57ae625d38
commit cfda35a36b
7 changed files with 39 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/Froxlor/Api/ApiParameter.php
View File

@@ -180,12 +180,18 @@ abstract class ApiParameter
*/ */
private function trimArray($input) private function trimArray($input)
{ {
if (! is_array($input)) { if ($input === '') {
return "";
}
if (is_numeric($input) || is_null($input)) {
return $input;
}
if (!is_array($input)) {
return trim($input); return trim($input);
} }
return array_map(array( return array_map([
$this, $this,
'trimArray' 'trimArray'
), $input); ], $input);
} }
} }

2
lib/Froxlor/Api/Commands/Admins.php
View File

@@ -475,7 +475,7 @@ class Admins extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\ResourceEnt
$email = $this->getParam('email', true, $idna_convert->decode($result['email'] ?? '')); $email = $this->getParam('email', true, $idna_convert->decode($result['email'] ?? ''));
$password = $this->getParam('admin_password', true, ''); $password = $this->getParam('admin_password', true, '');
$def_language = $this->getParam('def_language', true, $result['def_language']); $def_language = $this->getParam('def_language', true, $result['def_language']);
$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']); $custom_notes = $this->getParam('custom_notes', true, ($result['custom_notes'] ?? ""));
$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']); $custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
$theme = $this->getParam('theme', true, $result['theme']); $theme = $this->getParam('theme', true, $result['theme']);

2
lib/Froxlor/Api/Commands/EmailForwarders.php
View File

@@ -65,7 +65,7 @@ class EmailForwarders extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Re
$id = $result['id']; $id = $result['id'];
// current destination array // current destination array
$result['destination_array'] = explode(' ', $result['destination']); $result['destination_array'] = explode(' ', ($result['destination'] ?? ''));
// prepare destination // prepare destination
$destination = trim($destination); $destination = trim($destination);

8
lib/Froxlor/Api/Commands/IpsAndPorts.php
View File

@@ -378,9 +378,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
$listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']); $listen_statement = $this->getBoolParam('listen_statement', true, $result['listen_statement']);
$namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']); $namevirtualhost_statement = $this->getBoolParam('namevirtualhost_statement', true, $result['namevirtualhost_statement']);
$vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']); $vhostcontainer = $this->getBoolParam('vhostcontainer', true, $result['vhostcontainer']);
$specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, $result['specialsettings'])), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true); $specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('specialsettings', true, ($result['specialsettings'] ?? ""))), 'specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
$vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']); $vhostcontainer_servername_statement = $this->getParam('vhostcontainer_servername_statement', true, $result['vhostcontainer_servername_statement']);
$default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, $result['default_vhostconf_domain'])), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true); $default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('default_vhostconf_domain', true, ($result['default_vhostconf_domain'] ?? ""))), 'default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
$docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true); $docroot = \Froxlor\Validate\Validate::validate($this->getParam('docroot', true, $result['docroot']), 'docroot', \Froxlor\Validate\Validate::REGEX_DIR, '', array(), true);
if ((int) Settings::Get('system.use_ssl') == 1) { if ((int) Settings::Get('system.use_ssl') == 1) {
@@ -389,9 +389,9 @@ class IpsAndPorts extends \Froxlor\Api\ApiCommand implements \Froxlor\Api\Resour
$ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true); $ssl_key_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_key_file', $ssl, $result['ssl_key_file']), 'ssl_key_file', '', '', array(), true);
$ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true); $ssl_ca_file = \Froxlor\Validate\Validate::validate($this->getParam('ssl_ca_file', true, $result['ssl_ca_file']), 'ssl_ca_file', '', '', array(), true);
$ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true); $ssl_cert_chainfile = \Froxlor\Validate\Validate::validate($this->getParam('ssl_cert_chainfile', true, $result['ssl_cert_chainfile']), 'ssl_cert_chainfile', '', '', array(), true);
$ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, $result['ssl_specialsettings'])), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true); $ssl_specialsettings = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_specialsettings', true, ($result['ssl_specialsettings'] ?? ""))), 'ssl_specialsettings', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
$include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']); $include_specialsettings = $this->getBoolParam('include_specialsettings', true, $result['include_specialsettings']);
$ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, $result['ssl_default_vhostconf_domain'])), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true); $ssl_default_vhostconf_domain = \Froxlor\Validate\Validate::validate(str_replace("\r\n", "\n", $this->getParam('ssl_default_vhostconf_domain', true, ($result['ssl_default_vhostconf_domain'] ?? ""))), 'ssl_default_vhostconf_domain', \Froxlor\Validate\Validate::REGEX_CONF_TEXT, '', array(), true);
$include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']); $include_default_vhostconf_domain = $this->getBoolParam('include_default_vhostconf_domain', true, $result['include_default_vhostconf_domain']);
} else { } else {
$ssl = 0; $ssl = 0;

5
lib/Froxlor/Database/DbManager.php
View File

@@ -173,7 +173,10 @@ class DbManager
if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) { if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
$password = $users[$username]['password']; $password = [
'password' => $users[$username]['password'],
'plugin' => $users[$username]['plugin']
];
foreach ($mysql_access_host_array as $mysql_access_host) { foreach ($mysql_access_host_array as $mysql_access_host) {

18
lib/Froxlor/Database/Manager/DbManagerMySQL.php
View File

@@ -1,4 +1,5 @@
<?php <?php
namespace Froxlor\Database\Manager; namespace Froxlor\Database\Manager;
use Froxlor\Database\Database; use Froxlor\Database\Database;
@@ -68,7 +69,7 @@ class DbManagerMySQL
* username and sets the password for that user the given access_host * username and sets the password for that user the given access_host
* *
* @param string $username * @param string $username
* @param string $password * @param string|array $password
* @param string $access_host * @param string $access_host
* @param bool $p_encrypted * @param bool $p_encrypted
* optional, whether the password is encrypted or not, default false * optional, whether the password is encrypted or not, default false
@@ -77,7 +78,13 @@ class DbManagerMySQL
*/ */
public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false) public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false)
{ {
if (! $update) { $pwd_plugin = 'mysql_native_password';
if (is_array($password) && count($password) == 2) {
$pwd_plugin = $password['plugin'];
$password = $password['password'];
}
if (!$update) {
// create user // create user
if ($p_encrypted) { if ($p_encrypted) {
if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) { if (version_compare(Database::getAttribute(\PDO::ATTR_SERVER_VERSION), '5.7.0', '<')) {
@@ -86,7 +93,7 @@ class DbManagerMySQL
"); ");
} else { } else {
$stmt = Database::prepare(" $stmt = Database::prepare("
CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH " . $pwd_plugin . " AS :password
"); ");
} }
} else { } else {
@@ -115,7 +122,7 @@ class DbManagerMySQL
} }
} else { } else {
if ($p_encrypted) { if ($p_encrypted) {
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password"); $stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH " . $pwd_plugin . " AS :password");
} else { } else {
$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password"); $stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
} }
@@ -247,9 +254,10 @@ class DbManagerMySQL
$allsqlusers = array(); $allsqlusers = array();
while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) { while ($row = $result_stmt->fetch(\PDO::FETCH_ASSOC)) {
if ($user_only == false) { if ($user_only == false) {
if (! isset($allsqlusers[$row['User']]) || ! is_array($allsqlusers[$row['User']])) { if (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {
$allsqlusers[$row['User']] = array( $allsqlusers[$row['User']] = array(
'password' => $row['Password'] ?? $row['authentication_string'], 'password' => $row['Password'] ?? $row['authentication_string'],
'plugin' => $row['plugin'] ?? 'mysql_native_password',
'hosts' => array() 'hosts' => array()
); );
} }

10
tests/Mysqls/MysqlsTest.php
View File

@@ -286,8 +286,8 @@ class MysqlsTest extends TestCase
$dbm = new \Froxlor\Database\DbManager(\Froxlor\FroxlorLogger::getInstanceOf()); $dbm = new \Froxlor\Database\DbManager(\Froxlor\FroxlorLogger::getInstanceOf());
$users = $dbm->getManager()->getAllSqlUsers(false); $users = $dbm->getManager()->getAllSqlUsers(false);
foreach ($users as $user => $data) { foreach ($users as $user => $data) {
if (TRAVIS_CI == 1 && strtolower($user) == 'mariadb.sys') { if (strtolower($user) == 'mariadb.sys') {
// travis seems to have a user for mariadb on version 10.4 // some systems seem to have a user for mariadb on version 10.4
// we do not want to test that one // we do not want to test that one
continue; continue;
} }
@@ -302,7 +302,11 @@ class MysqlsTest extends TestCase
// grant privileges to another host // grant privileges to another host
$testdata = $users['froxlor010']; $testdata = $users['froxlor010'];
$dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true); $password = [
'password' => $testdata['password'],
'plugin' => $testdata['plugin']
];
$dbm->getManager()->grantPrivilegesTo('froxlor010', $password, '10.0.0.10', true);
// select all entries from mysql.user for froxlor010 to compare password-hashes // select all entries from mysql.user for froxlor010 to compare password-hashes
$sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr"); $sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr");