gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 5c80fff2 | patch | commit | ignore whitespace

Fixed: Some improvements and fixes for the database/user separation

mcramer

2012-09-04 317b4d0d88793601d32105de19427c151512f889

Fixed: Some improvements and fixes for the database/user separation

5 files modified

	interface/lib/plugins/sites_web_database_user_plugin.inc.php	5 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_edit.php	1 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/database_user_edit.php	15 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/form/database_user.tform.php	11 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/mysql_clientdb_plugin.inc.php	10 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/plugins/sites_web_database_user_plugin.inc.php

@@ -30,11 +30,12 @@
        // also make sure that the user can not delete domain created by a admin
        if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
            $client_group_id = intval($page_form->dataRecord["client_group_id"]);
            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
        }
        if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
            $client_group_id = intval($page_form->dataRecord["client_group_id"]);
            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
        }
        $app->db->query("UPDATE web_database_user SET server_id = '" . intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
    }
}                  

 interface/web/sites/database_edit.php

@@ -309,6 +309,7 @@
        global $app;
        if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(),$this->id)) {
            
            $app->uses('sites_database_plugin');
            $app->sites_database_plugin->processDatabaseUpdate($this);

            $app->db->query($sql);

 interface/web/sites/database_user_edit.php

@@ -145,6 +145,8 @@
            $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
        }
        
        $this->dataRecord['server_id'] = $conf['server_id'];
        
        parent::onBeforeUpdate();
    }

@@ -173,6 +175,8 @@
            $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
        }
        
        $this->dataRecord['server_id'] = $conf['server_id'];
        
        parent::onBeforeInsert();
    }

@@ -200,7 +204,16 @@
            $client_group_id = intval($this->dataRecord["client_group_id"]);
            $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
        }

        
        $old_rec = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");
        
        $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".intval($this->id)."'");
        foreach($records as $rec) {
            $new_rec = $this->dataRecord;
            $new_rec['server_id'] = $rec['server_id'];
            $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $old_rec, $new_rec);
        }
        unset($new_rec);
    }

}

 interface/web/sites/form/database_user.tform.php

@@ -63,6 +63,17 @@
    ##################################
    # Begin Datatable fields
    ##################################
        'server_id' => array (
            'datatype'    => 'INTEGER',
            'formtype'    => 'SELECT',
            'default'    => '',
            'datasource'    => array (     'type'    => 'SQL',
                                        'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name',
                                        'keyfield'=> 'server_id',
                                        'valuefield'=> 'server_name'
                                     ),
            'value'        => ''
        ),
        'database_user' => array (
            'datatype'    => 'VARCHAR',
            'formtype'    => 'TEXT',

 server/plugins-available/mysql_clientdb_plugin.inc.php

@@ -88,9 +88,11 @@
      foreach($host_list as $db_host) {
          $db_host = trim($db_host);
          
          $app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);
          
          // check if entry is valid ip address
          $valid = true;
          if($db_host == '%') {
          if($db_host == '%' || $db_host == 'localhost') {
              $valid = true;
          } elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
              $groups = explode('.', $db_host);
@@ -106,6 +108,7 @@
          
          if($action == 'GRANT') {
              if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
              $app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
          } elseif($action == 'REVOKE') {
              if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
          } elseif($action == 'DROP') {
@@ -388,9 +391,8 @@
            }

            if($data['new']['database_password'] != $data['old']['database_password']) {
                $db_host = 'localhost';
                $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
                $app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG);
                $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
                $app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
            }
        }

			@@ -30,11 +30,12 @@
			// also make sure that the user can not delete domain created by a admin
			if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) {
			$client_group_id = intval($page_form->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id);
			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id);
			}
			if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) {
			$client_group_id = intval($page_form->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id);
			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id);
			}
			$app->db->query("UPDATE web_database_user SET server_id = '" . intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id);
			}
			}

			@@ -309,6 +309,7 @@
			global $app;
			if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(),$this->id)) {

			$app->uses('sites_database_plugin');
			$app->sites_database_plugin->processDatabaseUpdate($this);

			$app->db->query($sql);

			@@ -145,6 +145,8 @@
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			}

			$this->dataRecord['server_id'] = $conf['server_id'];

			parent::onBeforeUpdate();
			}

			@@ -173,6 +175,8 @@
			$this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16);
			}

			$this->dataRecord['server_id'] = $conf['server_id'];

			parent::onBeforeInsert();
			}

			@@ -200,7 +204,16 @@
			$client_group_id = intval($this->dataRecord["client_group_id"]);
			$app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id);
			}


			$old_rec = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'");

			$records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".intval($this->id)."'");
			foreach($records as $rec) {
			$new_rec = $this->dataRecord;
			$new_rec['server_id'] = $rec['server_id'];
			$app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $old_rec, $new_rec);
			}
			unset($new_rec);
			}

			}

			@@ -63,6 +63,17 @@
			##################################
			# Begin Datatable fields
			##################################
			'server_id' => array (
			'datatype' => 'INTEGER',
			'formtype' => 'SELECT',
			'default' => '',
			'datasource' => array ( 'type' => 'SQL',
			'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name',
			'keyfield'=> 'server_id',
			'valuefield'=> 'server_name'
			),
			'value' => ''
			),
			'database_user' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',

			@@ -88,9 +88,11 @@
			foreach($host_list as $db_host) {
			$db_host = trim($db_host);

			$app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG);

			// check if entry is valid ip address
			$valid = true;
			if($db_host == '%') {
			if($db_host == '%' \|\| $db_host == 'localhost') {
			$valid = true;
			} elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) {
			$groups = explode('.', $db_host);
			@@ -106,6 +108,7 @@

			if($action == 'GRANT') {
			if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
			$app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
			} elseif($action == 'REVOKE') {
			if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
			} elseif($action == 'DROP') {
			@@ -388,9 +391,8 @@
			}

			if($data['new']['database_password'] != $data['old']['database_password']) {
			$db_host = 'localhost';
			$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';");
			$app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG);
			$link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed
			$app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG);
			}
			}