From 391bb4a50d400994b790db2c7e52738e16899ab1 Mon Sep 17 00:00:00 2001 From: Steven Mondji-Lerider Date: Tue, 14 Aug 2012 09:44:43 +0000 Subject: [PATCH] Continuing on sql modification for consistency + Bugfixes --- bureau/admin/sql_bck.php | 2 +- bureau/admin/sql_restore.php | 2 +- bureau/admin/sql_users_add.php | 2 +- bureau/admin/sql_users_rights.php | 1 - bureau/class/m_mysql.php | 84 +++++++++++++++++++++++++------ debian/alternc.config | 2 +- debian/changelog | 12 +++++ install/mysql.sql | 2 +- 8 files changed, 85 insertions(+), 22 deletions(-) diff --git a/bureau/admin/sql_bck.php b/bureau/admin/sql_bck.php index a5acb4bd..bd0acf44 100644 --- a/bureau/admin/sql_bck.php +++ b/bureau/admin/sql_bck.php @@ -49,7 +49,7 @@ if (!$r=$mysql->get_mysql_details($id)) {

$error

 

"; } diff --git a/bureau/admin/sql_restore.php b/bureau/admin/sql_restore.php index 62f6af58..7e49b52e 100644 --- a/bureau/admin/sql_restore.php +++ b/bureau/admin/sql_restore.php @@ -44,7 +44,7 @@ if (!$r=$mysql->get_mysql_details($id)) {

$error

 

"; } diff --git a/bureau/admin/sql_users_add.php b/bureau/admin/sql_users_add.php index 2e8037d9..570c7b1c 100644 --- a/bureau/admin/sql_users_add.php +++ b/bureau/admin/sql_users_add.php @@ -49,7 +49,7 @@ if (!$quota->cancreate("mysql_users")) { $error

"; - if ($fatal) { + if (isset($fatal) && $fatal) { ?> diff --git a/bureau/admin/sql_users_rights.php b/bureau/admin/sql_users_rights.php index 1d238f08..24bf0523 100644 --- a/bureau/admin/sql_users_rights.php +++ b/bureau/admin/sql_users_rights.php @@ -48,7 +48,6 @@ if (isset($error) && $error) { if ($r) { -echo "

"._("help_sql_users_rights_ok")."

"; ?>
diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index 8902425b..cc1935c1 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -131,16 +131,13 @@ class m_mysql { * @return array returns an associative array as follow :
* "db" => database name "bck" => backup mode for this db * "dir" => Backup folder. - * Returns FALSE if the user has no database. + * Returns an array (empty) if no databases */ function get_dblist() { global $db,$err,$bro,$cuid; $err->log("mysql","get_dblist"); + $db->free(); $db->query("SELECT login,pass,db, bck_mode, bck_dir FROM db WHERE uid='$cuid' ORDER BY db;"); - if (!$db->num_rows()) { - $err->raise("mysql",11); - return false; - } $c=array(); while ($db->next_record()) { list($dbu,$dbn)=split_mysql_database_name($db->f("db")); @@ -247,10 +244,8 @@ class m_mysql { $err->log("mysql","add_db_succes",$dbn); // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$myadm','$password','$dbname',0);"); -  #TODO escape dbname to avoid wildcard '_' -die(); - print_r("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$myadm."'@".$this->dbus->Host." IDENTIFIED BY '".addslashes($password)."'"); - $this->dbus->query("GRANT ALL PRIVILEGES ON `".addslashes($dbname)."`.* TO '".$myadm."'@".$this->dbus->Host." IDENTIFIED BY '".addslashes($password)."'"); + $dbname=str_replace('_','\_',$dbname); + $this->grant($dbname,$myadm,"ALL PRIVILEGES",$password); $this->dbus->query("FLUSH PRIVILEGES;"); return true; } else { @@ -369,7 +364,55 @@ die(); return true; } +/** +* Function used to grant SQL rights to users: +* @base :database +* @user : database user +* @rights : rights to apply ( optional, every rights apply given if missing +* @pass : user password ( optional, if not given the pass stays the same, else it takes the new value ) +* @table : sql tables to apply rights +**/ + function grant($base,$user,$rights=null,$pass=null,$table='*'){ + global $err,$db; + $err->log("mysql","grant"); + if(!preg_match("#^[0-9a-z\_]*$#",$base)){ + $err->raise("mysql",2); + return false; + }elseif(!$db->query("select db from db where db='$base';")){ + $err->raise("mysql",10); + return false; + } + if($rights==null){ + $rights='ALL PRIVILEGES'; + }elseif(!preg_match("#^[a-zA-Z\,]*$#",$rights)){ + $err->raise("mysql",3); + return false; + } + + if(!preg_match("#^[0-9a-z\_]*$#",$user)) { + $err->raise("mysql",5); + return false; + } + if(!$db->query("select name from dbusers where name='".$user."' ;")){ + $err->raise("mysql",6); + return false; + } + + $grant="grant ".$rights." on `".$base."`.".$table." to '".$user."'@'".$this->dbus->Host."'" ; + + if($pass){ + $grant .= " identified by '".$pass."';"; + }else{ + $grant .= ";"; + } + if(!$this->dbus->query($grant)){ + $err->raise("mysql",6); + return false; + } + return true; + + } /* ----------------------------------------------------------------- */ @@ -509,7 +552,7 @@ die(); } // We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile) - $this->dbus->query("GRANT file ON *.* TO '$user'@".$this->dbus->Host." IDENTIFIED BY '$pass';"); + $this->grant("*",$user,"FILE",$pass); // We add him to the user table $db->query("INSERT INTO dbusers (uid,name,enable) VALUES($cuid,'$user','ACTIVATED');"); return true; @@ -525,7 +568,7 @@ die(); **/ function change_user_password($usern,$password,$passconf) { global $db,$err,$quota,$mem,$cuid,$admin; - $err->log("mysql","add_user",$usern); + $err->log("mysql","change_user_pass",$usern); $usern=trim($usern); $user=addslashes($mem->user["login"]."_".$usern); @@ -541,7 +584,7 @@ die(); return false; // The error has been raised by checkPolicy() } } - $this->dbus->query("SET PASSWORD FOR ".$user."@".$this->dbus->Host." = PASSWORD(".$pass.")"); + $this->dbus->query("SET PASSWORD FOR ".$user."@".$this->dbus->Host." = PASSWORD('".$pass."')"); return true; } @@ -589,8 +632,8 @@ die(); $err->log("mysql","get_user_dblist"); $r=array(); + $db->free(); $dblist=$this->get_dblist(); - for ( $i=0 ; $idbus->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='".$this->dbus->Host."' AND Db='".$dblist[$i]["db"]."';"); if ($this->dbus->next_record()) @@ -662,7 +705,7 @@ die(); $this->dbus->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'".$this->dbus->Host."';"); if( $strrights ){ $strrights=substr($strrights,0,strlen($strrights)-1); - $this->dbus->query("GRANT $strrights ON $dbname.* TO '$usern'@'".$this->dbus->Host."';"); + $this->grant($dbname,$usern,$strrights); } $this->dbus->query("FLUSH PRIVILEGES"); return TRUE; @@ -695,7 +738,7 @@ die(); return 0; } else return false; } - + /* ----------------------------------------------------------------- */ /** Hook function called when a user is created. * AlternC's standard function that create a member @@ -711,11 +754,20 @@ die(); $password=$db->f("password"); }else{ $myadm=$mem->user["login"]."_myadm"; - $password="kikoulol"; + $chars = "234567890abcdefghijkmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; + $i = 0; + $password = ""; + while ($i <= 8) { + $password .= $chars{mt_rand(0,strlen($chars))}; + $i++; + } $db->query("INSERT INTO dbusers (uid,name,password,enable) VALUES ('$cuid','$myadm','$password','ADMIN');"); } return true; } + + + /* ----------------------------------------------------------------- */ /** Hook function called when a user is deleted. diff --git a/debian/alternc.config b/debian/alternc.config index b3dda949..c72674a1 100644 --- a/debian/alternc.config +++ b/debian/alternc.config @@ -94,7 +94,7 @@ if [ "$mount_point" != "$quota_activation" ] then db_input critical alternc/quotauninstalled || true db_go - db_reset alternc/puotauninstalled || true + db_reset alternc/quotauninstalled || true db_fset alternc/quotauninstalled "seen" "false" || true fi diff --git a/debian/changelog b/debian/changelog index fc4f98c3..6ed4f1d8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,15 @@ +alternc (1.1+nmu4) stable; urgency=low + + * SQL Modification + * MySQL tables used for Alternc users databases modified (mysql.sql) + * Adding a special phpmyadmin user. + * Users can now create databases en databases users independently + ( no need to create a first database to create a user anymore) + * Bugfixes in installation process + + + -- squidly Tue, 14 Aug 2012 11:21:14 +0200 + alternc (1.1+nmu3) stable; urgency=low * Templating full configuration of postfix & dovecot diff --git a/install/mysql.sql b/install/mysql.sql index 74dd156b..76e6e4b8 100644 --- a/install/mysql.sql +++ b/install/mysql.sql @@ -106,7 +106,7 @@ CREATE TABLE IF NOT EXISTS db ( bck_history tinyint(3) unsigned NOT NULL default '0', # Nombre de backup conserver ? bck_gzip tinyint(3) unsigned NOT NULL default '0', # Faut-il compresser les backups ? bck_dir varchar(255) NOT NULL default '', # O stocke-t-on les backups sql ? - PRIMARY KEY uid (uid) + PRIMARY KEY id (id) ) TYPE=MyISAM COMMENT='Bases MySQL des membres'; --