Merge branch '247_escape-mysql-passwords-at-install' into pu

2018-06-13 18:04:25 -04:00 · 2018-06-13 18:04:25 -04:00 · e9da389e85
parent c300912d78 1b08ae2638
commit e9da389e85
2 changed files with 22 additions and 68 deletions
--- a/install/alternc.install
+++ b/install/alternc.install
@ -155,7 +155,8 @@ if [ -r /etc/alternc/my.cnf ]; then
    # * add a right quote operator at the end of line (;s)
    # * convert mysql variables into our MYSQL_ naming convention (;s)
    # * print the result (;p)
-    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
+    MYSQL_PASS_ESC=$(echo "$MYSQL_PASS" | sed -e 's/[\/&^$]/\\&/g')
+    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_USER/;s/password/MYSQL_PASS_ESC/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my.cnf`
    chown root:alterncpanel /etc/alternc/my.cnf
    chmod 640 /etc/alternc/my.cnf
 fi
@ -168,7 +169,8 @@ if [ -r /etc/alternc/my_mail.cnf ]; then
    # * add a right quote operator at the end of line (;s)
    # * convert mysql variables into our MYSQL_ naming convention (;s)
    # * print the result (;p)
-    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_MAIL_USER/;s/password/MYSQL_MAIL_PASS/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my_mail.cnf`
+    MYSQL_MAIL_PASS_ESC=$(echo "$MYSQL_MAIL_PASS" | sed -e 's/[\/&^$]/\\&/g')
+    eval `sed -n -e "/=/{s/ *= *\"\?/='/;s/\"\?\$/'/;s/host/MYSQL_HOST/;s/user/MYSQL_MAIL_USER/;s/password/MYSQL_MAIL_PASS_ESC/;s/database/MYSQL_DATABASE/;p}" /etc/alternc/my_mail.cnf`
    chown root:alterncpanel /etc/alternc/my_mail.cnf
    chmod 640 /etc/alternc/my_mail.cnf
 fi
--- a/install/mysql.sh
+++ b/install/mysql.sh
@ -117,87 +117,39 @@ if [ -f $MYSQL_CONFIG ]; then
    echo "Updating mysql configuration in $MYSQL_CONFIG"
 else
    echo "Creating mysql configuration in $MYSQL_CONFIG"
-    cat > $MYSQL_CONFIG <<EOF
-# AlternC - Web Hosting System - MySQL Configuration
-# Automatically generated by AlternC configuration, do not edit
-# This file will be modified on package configuration
-# (e.g. upgrade or dpkg-reconfigure alternc)
-[mysql]
-database=
-
-[client]
-EOF
-    chown root:www-data $MYSQL_CONFIG
-    chmod 640 $MYSQL_CONFIG
 fi

 if [ -f $MYSQL_MAIL_CONFIG ]; then
    echo "Updating mysql configuration in $MYSQL_MAIL_CONFIG"
 else
    echo "Creating mysql configuration in $MYSQL_MAIL_CONFIG"
-    cat > $MYSQL_MAIL_CONFIG <<EOF
+fi
+
+write_mysql_cnf() {
+    local filename="$1"
+    local host=$(echo "$2" | sed -e 's/["]/\\&/g')
+    local db=$(echo "$3" | sed -e 's/["]/\\&/g')
+    local user=$(echo "$4" | sed -e 's/["]/\\&/g')
+    local password=$(echo "$5" | sed -e 's/["]/\\&/g')
+    cat > "$filename" <<EOF
 # AlternC - Web Hosting System - MySQL mail user Configuration
 # Automatically generated by AlternC configuration, do not edit
 # This file will be modified on package configuration
 # (e.g. upgrade or dpkg-reconfigure alternc)
 [mysql]
-database=
+database="$db"

 [client]
+host="$host"
+user="$user"
+password="$password"
 EOF
-    chown root:www-data $MYSQL_MAIL_CONFIG
-    chmod 640 $MYSQL_MAIL_CONFIG
-fi
-# create a sed script to create/update the file
-set_value() {
-    var=$1
-    RET=$2
-    file=$3
-    grep -Eq "^ *$var=" $file || echo "$var=" >> $file
-    if [ $file = $MYSQL_CONFIG ]; then
-      SED_SCRIPT_USR="$SED_SCRIPT_USR;s\\^ *$var=.*\\$var=\"$RET\"\\"
-    else
-      SED_SCRIPT_MAIL="$SED_SCRIPT_MAIL;s\\^ *$var=.*\\$var=\"$RET\"\\"
-    fi 
+    chown root:www-data "$filename"
+    chmod 640 "$filename"
 }

-SED_SCRIPT_USR=""
-SED_SCRIPT_MAIL=""
-# hostname was empty in older (pre-0.9.6?) versions
-if [ -z "$host" ]; then
-    host="localhost"
-fi
-#filling the config file for the sysusr
-set_value host $host $MYSQL_CONFIG
-set_value database $database $MYSQL_CONFIG
-set_value user $user $MYSQL_CONFIG
-set_value password $password $MYSQL_CONFIG
-
-
-#filling the config file for the mailuser
-set_value host $host $MYSQL_MAIL_CONFIG
-set_value database $database $MYSQL_MAIL_CONFIG
-set_value user $alternc_mail_user $MYSQL_MAIL_CONFIG
-set_value password $alternc_mail_password $MYSQL_MAIL_CONFIG
-
-
-# take extra precautions here with the mysql password:
-# put the sed script in a temporary file
-SED_SCRIPT_NAME=`mktemp`
-cat > $SED_SCRIPT_NAME <<EOF
-$SED_SCRIPT_USR
-EOF
-sed -f "$SED_SCRIPT_NAME" < $MYSQL_CONFIG > $MYSQL_CONFIG.$$
-mv -f $MYSQL_CONFIG.$$ $MYSQL_CONFIG
-rm -f $SED_SCRIPT_NAME
-
-SED_SCRIPT_NAME_MAIL=`mktemp`
-cat > $SED_SCRIPT_NAME_MAIL <<EOF
-$SED_SCRIPT_MAIL
-EOF
-sed -f "$SED_SCRIPT_NAME_MAIL" < $MYSQL_MAIL_CONFIG > $MYSQL_MAIL_CONFIG.$$
-mv -f $MYSQL_MAIL_CONFIG.$$ $MYSQL_MAIL_CONFIG
-rm -f $SED_SCRIPT_NAME_MAIL
+write_mysql_cnf "$MYSQL_CONFIG" "$host" "$database" "$user" "$password"
+write_mysql_cnf "$MYSQL_MAIL_CONFIG" "$host" "$database" "$alternc_mail_user" "$alternc_mail_password"

 # Now we should be able to use the mysql configuration
 mysql="/usr/bin/mysql --defaults-file=$MYSQL_CONFIG"