From e303fdee7241b45bc3d195c1d826ec845b2a5793 Mon Sep 17 00:00:00 2001 From: Alan Garcia Date: Wed, 18 May 2011 20:26:12 +0000 Subject: [PATCH] =?UTF-8?q?S=C3=A9paration=20des=20bases=20de=20donn=C3=A9?= =?UTF-8?q?es=20utilisateurs=20de=20la=20base=20de=20donn=C3=A9e=20syst?= =?UTF-8?q?=C3=A9me.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Attention ! Bug ! $db et $dbu ne sont pas étanche ! Il faut se pencher sur la class db_mysql.php pour finir l'isolation --- .gitattributes | 1 + bureau/admin/bro_editor.php | 2 +- bureau/class/m_bro.php | 100 ++++++++++++------------- bureau/class/m_mysql.php | 133 ++++++++++++++++++++++++--------- etc/alternc/dbusers.cnf.sample | 8 ++ 5 files changed, 156 insertions(+), 88 deletions(-) create mode 100644 etc/alternc/dbusers.cnf.sample diff --git a/.gitattributes b/.gitattributes index e21eef47..8756d420 100644 --- a/.gitattributes +++ b/.gitattributes @@ -376,6 +376,7 @@ debian/templates -text etc/alternc/alternc.ini -text etc/alternc/apache2-ssl.conf -text etc/alternc/apache2.conf -text +etc/alternc/dbusers.cnf.sample -text etc/alternc/functions_hosting/hosting_massvhost.sh -text etc/alternc/menulist.txt -text etc/alternc/phpmyadmin.inc.php -text diff --git a/bureau/admin/bro_editor.php b/bureau/admin/bro_editor.php index bb1062dd..77be76f1 100644 --- a/bureau/admin/bro_editor.php +++ b/bureau/admin/bro_editor.php @@ -74,4 +74,4 @@ SET_DHTML("resizer"+RESIZABLE); //--> - \ No newline at end of file + diff --git a/bureau/class/m_bro.php b/bureau/class/m_bro.php index 833912b4..a81c08d5 100644 --- a/bureau/class/m_bro.php +++ b/bureau/class/m_bro.php @@ -267,9 +267,9 @@ class m_bro { $ext=$t[count($t)-1]; // Now seek the extension if (!$bro_type[$ext]) { - return "File"; + return "File"; } else { - return $bro_type[$ext]; + return $bro_type[$ext]; } } @@ -306,7 +306,7 @@ class m_bro { while (false !== ($file = readdir($handle))) { $nextpath = $dir . '/' . $file; - if ($file != '.' && $file != '..' && !is_link($nextpath)) { + if ($file != '.' && $file != '..' && !is_link($nextpath)) { if (is_dir($nextpath)) { $totalsize += $this->dirsize($nextpath); } elseif (is_file ($nextpath)) { @@ -405,12 +405,12 @@ class m_bro { $old[$i]=ssla($old[$i]); // strip slashes if needed $new[$i]=ssla($new[$i]); if (!strpos($old[$i],"/") && !strpos($new[$i],"/")) { // caractère / interdit dans old ET dans new... - @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea); + @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea); } } for ($i=0;$iquery("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid' - AND type=0 AND (valeur='/$beg/' or valeur='/$beg');"); - $db->next_record(); - if ($db->num_rows()) { - $tofind=false; - $this->cacheurl["d".$dir]="http://".$db->f("sub").ife($db->f("sub"),".").$db->f("domaine").$end; - } - if (!$beg && $tofind) { - $tofind=false; - $this->cacheurl["d".$dir]="-"; - // We did not find it ;( - } - if (($tt=strrpos($beg,"/"))!==false) { - $end=substr($beg,$tt).$end; // = /topdir$end so $end starts AND ends with / - $beg=substr($beg,0,$tt); - } else { - $end="/".$beg.$end; - $beg="/"; - } + $db->query("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid' + AND type=0 AND (valeur='/$beg/' or valeur='/$beg');"); + $db->next_record(); + if ($db->num_rows()) { + $tofind=false; + $this->cacheurl["d".$dir]="http://".$db->f("sub").ife($db->f("sub"),".").$db->f("domaine").$end; + } + if (!$beg && $tofind) { + $tofind=false; + $this->cacheurl["d".$dir]="-"; + // We did not find it ;( + } + if (($tt=strrpos($beg,"/"))!==false) { + $end=substr($beg,$tt).$end; // = /topdir$end so $end starts AND ends with / + $beg=substr($beg,0,$tt); + } else { + $end="/".$beg.$end; + $beg="/"; + } } } if ($this->cacheurl["d".$dir] && $this->cacheurl["d".$dir]!="-") { @@ -793,8 +793,8 @@ class m_bro { case "gz": case "bz": case "bz2": - $ext = array_pop($parts) . $ext; - /* FALLTHROUGH */ + $ext = array_pop($parts) . $ext; + /* FALLTHROUGH */ case "tar.gz": case "tar.bz": case "tar.bz2": @@ -816,10 +816,10 @@ class m_bro { if (!strpos($file,"/")) { $absolute.="/".$file; if (file_exists($absolute)) { - $content = @file($absolute); - for($i=0;$iraise("bro",1); @@ -843,11 +843,11 @@ class m_bro { if (!strpos($file,"/")) { $absolute.="/".$file; if (file_exists($absolute)) { - $f=@fopen($absolute,"wb"); - if ($f) { - fputs($f,$texte,strlen($texte)); - fclose($f); - } + $f=@fopen($absolute,"wb"); + if ($f) { + fputs($f,$texte,strlen($texte)); + fclose($f); + } } } else { $err->raise("bro",1); @@ -939,9 +939,9 @@ class m_bro { if (is_dir($file)) { $handle = opendir($file); while($filename = readdir($handle)) { - if ($filename != "." && $filename != "..") { - $this->_delete($file."/".$filename); - } + if ($filename != "." && $filename != "..") { + $this->_delete($file."/".$filename); + } } closedir($handle); rmdir($file); diff --git a/bureau/class/m_mysql.php b/bureau/class/m_mysql.php index f900ddd4..2226885a 100644 --- a/bureau/class/m_mysql.php +++ b/bureau/class/m_mysql.php @@ -33,19 +33,77 @@ * * @copyright AlternC-Team 2002-2005 http://alternc.org/ */ + +class DBU_mysql extends DB_Sql { + var $Host,$HumanHostname,$User,$Password; + + /** + * Creator + */ + function DBU_mysql() { + + # Use the dbusers file if exist, else use default alternc configuration + if ( is_readable("/etc/alternc/dbusers.cnf") ) { + $mysqlconf=file_get_contents("/etc/alternc/dbusers.cnf"); + } else { + $mysqlconf=file_get_contents("/etc/alternc/my.cnf"); + } + $mysqlconf=explode("\n",$mysqlconf); + + # Read the configuration + foreach ($mysqlconf as $line) { + # First, read the "standard" configuration + if (preg_match('/^([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) { + switch ($regs[1]) { + case "user": + $user = $regs[2]; + break; + case "password": + $password = $regs[2]; + break; + case "host": + $host = $regs[2]; + break; + } + } + # Then, read specific alternc configuration + if (preg_match('/^#alternc_var ([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) { + $$regs[1]=$regs[2]; + } + } + + # Set value of human_host if unset + if (! isset($human_hostname) || empty($human_hostname)) { + if ( checkip($host) || checkipv6($host) ) { + $human_hostname = gethostbyaddr($host); + } else { + $human_hostname = $host; + } + } + + + # Create the object + $this->Host = $host; + $this->User = $user; + $this->Password = $password; +// TODO BUG BUG BUG +// c'est pas étanche : $db se retrouve avec Database de $sql->dbu . Danger, faut comprendre pourquoi + $this->Database = "alternc"; + $this->HumanHostname = $human_hostname; + + } +} + + class m_mysql { - - var $server; - var $client; - + var $dbu; /*---------------------------------------------------------------------------*/ /** Constructor * m_mysql([$mid]) Constructeur de la classe m_mysql, initialise le membre concerne */ function m_mysql() { - $this->server = $GLOBALS['L_MYSQL_HOST']; - $this->client = $GLOBALS['L_MYSQL_CLIENT']; + $this->dbu = new DBU_mysql(); } @@ -159,12 +217,12 @@ class m_mysql { $lo=addslashes($db->f("login")); $pa=addslashes($db->f("pass")); } - if ($db->query("CREATE DATABASE `$dbname`;")) { + if ($this->dbu->query("CREATE DATABASE `$dbname`;")) { // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$lo','$pa','$dbname',0);"); // give everything but GRANT on db.* // we assume there's already a user - $db->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$lo."'@'$this->client'"); + $this->dbu->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$lo."'@'$this->client'"); return true; } else { $err->raise("mysql",3); @@ -194,13 +252,13 @@ class m_mysql { // Ok, database exists and dbname is compliant. Let's proceed $db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';"); - $db->query("DROP DATABASE `$dbname`;"); + $this->dbu->query("DROP DATABASE `$dbname`;"); $db->query("SELECT COUNT(*) AS cnt FROM db WHERE uid='$cuid';"); $db->next_record(); - $db->query("REVOKE ALL PRIVILEGES ON `".$dbname."`.* FROM '".$login."'@'$this->client'"); - if ($db->f("cnt")==0) { - $db->query("DELETE FROM mysql.user WHERE User='".$login."';"); - $db->query("FLUSH PRIVILEGES;"); + $this->dbu->query("REVOKE ALL PRIVILEGES ON `".$dbname."`.* FROM '".$login."'@'$this->client'"); + if ($this->dbu->f("cnt")==0) { + $this->dbu->query("DELETE FROM mysql.user WHERE User='".$login."';"); + $this->dbu->query("FLUSH PRIVILEGES;"); } return true; } @@ -278,13 +336,13 @@ class m_mysql { // Check this password against the password policy using common API : if (is_callable(array($admin,"checkPolicy"))) { if (!$admin->checkPolicy("mysql",$login,$password)) { - return false; // The error has been raised by checkPolicy() + return false; // The error has been raised by checkPolicy() } } // Update all the "pass" fields for this user : $db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';"); - $db->query("SET PASSWORD FOR '$login'@'$this->client' = PASSWORD('$password')"); + $this->dbu->query("SET PASSWORD FOR '$login'@'$this->client' = PASSWORD('$password')"); return true; } @@ -322,15 +380,15 @@ class m_mysql { // Check this password against the password policy using common API : if (is_callable(array($admin,"checkPolicy"))) { if (!$admin->checkPolicy("mysql",$login,$password)) { - return false; // The error has been raised by checkPolicy() + return false; // The error has been raised by checkPolicy() } } // OK, creation now... $db->query("INSERT INTO db (uid,login,pass,db) VALUES ('$cuid','".$login."','$password','".$dbname."');"); // give everything but GRANT on $user.* - $db->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$login."'@'$this->client' IDENTIFIED BY '".addslashes($password)."'"); - $db->query("CREATE DATABASE `".$dbname."`;"); + $this->dbu->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$login."'@'$this->client' IDENTIFIED BY '".addslashes($password)."'"); + $this->dbu->query("CREATE DATABASE `".$dbname."`;"); return true; } @@ -343,6 +401,7 @@ class m_mysql { * @return boolean TRUE if the database has been restored, or FALSE if an error occurred */ function restore($file,$stdout,$id) { +// TODO don't work with the separated sql serveur for dbusers global $err,$bro,$mem,$L_MYSQL_HOST; if (!$r=$this->get_mysql_details($id)) { return false; @@ -384,11 +443,10 @@ class m_mysql { function get_db_size($dbname) { global $db,$err; - $db->query("SHOW TABLE STATUS FROM `$dbname`;"); + $this->dbu->query("SHOW TABLE STATUS FROM `$dbname`;"); $size = 0; while ($db->next_record()) { - $size += $db->f('Data_length') + $db->f('Index_length') - + $db->f('Data_free'); + $size += $db->f('Data_length') + $db->f('Index_length') + $db->f('Data_free'); } return $size; } @@ -466,12 +524,12 @@ class m_mysql { // Check this password against the password policy using common API : if (is_callable(array($admin,"checkPolicy"))) { if (!$admin->checkPolicy("mysql",$user,$password)) { - return false; // The error has been raised by checkPolicy() + return false; // The error has been raised by checkPolicy() } } // We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile) - $db->query("GRANT file ON *.* TO '$user'@'$this->client' IDENTIFIED BY '$pass';"); + $this->dbu->query("GRANT file ON *.* TO '$user'@'$this->client' IDENTIFIED BY '$pass';"); // We add him to the user table $db->query("INSERT INTO dbusers (uid,name) VALUES($cuid,'$user');"); return true; @@ -504,7 +562,7 @@ class m_mysql { } } - $db->query("SET PASSWORD FOR '$user'@'$this->client' = PASSWORD('$pass')"); + $this->dbu->query("SET PASSWORD FOR '$user'@'$this->client' = PASSWORD('$pass')"); return true; } @@ -532,11 +590,11 @@ class m_mysql { $login=$db->f("name"); // Ok, database exists and dbname is compliant. Let's proceed - $db->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'$this->client';"); - $db->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';"); - $db->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';"); - $db->query("FLUSH PRIVILEGES"); - $db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';"); + $this->dbu->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'$this->client';"); + $this->dbu->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';"); + $this->dbu->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';"); + $this->dbu->query("FLUSH PRIVILEGES"); + $this->dbu->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';"); return true; } @@ -555,9 +613,9 @@ class m_mysql { $dblist=$this->get_dblist(); for ( $i=0 ; $iquery("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='$this->client' AND Db='".$dblist[$i]["db"]."';"); - if ($db->next_record()) - $r[]=array("db"=>$dblist[$i]["name"], "select"=>$db->f("Select_priv"), "insert"=>$db->f("Insert_priv"), "update"=>$db->f("Update_priv"), "delete"=>$db->f("Delete_priv"), "create"=>$db->f("Create_priv"), "drop"=>$db->f("Drop_priv"), "references"=>$db->f("References_priv"), "index"=>$db->f("Index_priv"), "alter"=>$db->f("Alter_priv"), "create_tmp"=>$db->f("Create_tmp_table_priv"), "lock"=>$db->f("Lock_tables_priv")); + $this->dbu->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='$this->client' AND Db='".$dblist[$i]["db"]."';"); + if ($this->dbu->next_record()) + $r[]=array("db"=>$dblist[$i]["name"], "select"=>$this->dbu->f("Select_priv"), "insert"=>$this->dbu->f("Insert_priv"), "update"=>$this->dbu->f("Update_priv"), "delete"=>$this->dbu->f("Delete_priv"), "create"=>$this->dbu->f("Create_priv"), "drop"=>$this->dbu->f("Drop_priv"), "references"=>$this->dbu->f("References_priv"), "index"=>$this->dbu->f("Index_priv"), "alter"=>$this->dbu->f("Alter_priv"), "create_tmp"=>$this->dbu->f("Create_tmp_table_priv"), "lock"=>$this->dbu->f("Lock_tables_priv")); else $r[]=array("db"=>$dblist[$i]["name"], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" ); } @@ -619,14 +677,14 @@ class m_mysql { } // We reset all user rights on this DB : - $db->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';"); - if($db->num_rows()) - $db->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'$this->client';"); + $this->dbu->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';"); + if($this->dbu->num_rows()) + $this->dbu->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'$this->client';"); if( $strrights ){ $strrights=substr($strrights,0,strlen($strrights)-1); - $db->query("GRANT $strrights ON $dbname.* TO '$usern'@'$this->client';"); + $this->dbu->query("GRANT $strrights ON $dbname.* TO '$usern'@'$this->client';"); } - $db->query("FLUSH PRIVILEGES"); + $this->dbu->query("FLUSH PRIVILEGES"); return TRUE; } @@ -701,6 +759,7 @@ class m_mysql { * EXPERIMENTAL 'sid' function ;) */ function alternc_export($tmpdir) { +//TODO don't work with separated sql server for dbusers global $db,$err,$cuid; $err->log("mysql","export"); $db->query("SELECT login, pass, db, bck_mode, bck_dir, bck_history, bck_gzip FROM db WHERE uid='$cuid';"); diff --git a/etc/alternc/dbusers.cnf.sample b/etc/alternc/dbusers.cnf.sample new file mode 100644 index 00000000..052fc6d0 --- /dev/null +++ b/etc/alternc/dbusers.cnf.sample @@ -0,0 +1,8 @@ +# If you create a file /etc/alternc/dbusers.cnf +# His configuration will be used for the storage +# of the users databases. +[client] +host="1.2.3.4" +#alternc_var human_hostnameee ="human_readable_hostname" +user="my_user" +password="my_string_password"