From 317b4d0d88793601d32105de19427c151512f889 Mon Sep 17 00:00:00 2001 From: mcramer Date: Tue, 4 Sep 2012 14:12:45 +0000 Subject: [PATCH] Fixed: Some improvements and fixes for the database/user separation --- .../sites_web_database_user_plugin.inc.php | 5 +++-- interface/web/sites/database_edit.php | 1 + interface/web/sites/database_user_edit.php | 15 ++++++++++++++- interface/web/sites/form/database_user.tform.php | 11 +++++++++++ .../mysql_clientdb_plugin.inc.php | 10 ++++++---- 5 files changed, 35 insertions(+), 7 deletions(-) diff --git a/interface/lib/plugins/sites_web_database_user_plugin.inc.php b/interface/lib/plugins/sites_web_database_user_plugin.inc.php index 4b6af430d..be894caa8 100644 --- a/interface/lib/plugins/sites_web_database_user_plugin.inc.php +++ b/interface/lib/plugins/sites_web_database_user_plugin.inc.php @@ -30,11 +30,12 @@ class sites_web_database_user_plugin { // also make sure that the user can not delete domain created by a admin if($_SESSION["s"]["user"]["typ"] == 'admin' && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE domain_id = ".$page_form->id); + $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'ru' WHERE database_user_id = ".$page_form->id); } if($app->auth->has_clients($_SESSION['s']['user']['userid']) && isset($page_form->dataRecord["client_group_id"])) { $client_group_id = intval($page_form->dataRecord["client_group_id"]); - $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE domain_id = ".$page_form->id); + $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$page_form->id); } + $app->db->query("UPDATE web_database_user SET server_id = '" . intval($conf['server_id']) . "' WHERE database_user_id = ".$page_form->id); } } \ No newline at end of file diff --git a/interface/web/sites/database_edit.php b/interface/web/sites/database_edit.php index 1393aaf41..3858440e7 100644 --- a/interface/web/sites/database_edit.php +++ b/interface/web/sites/database_edit.php @@ -309,6 +309,7 @@ class page_action extends tform_actions { global $app; if(!empty($sql) && !$app->tform->isReadonlyTab($app->tform->getCurrentTab(),$this->id)) { + $app->uses('sites_database_plugin'); $app->sites_database_plugin->processDatabaseUpdate($this); $app->db->query($sql); diff --git a/interface/web/sites/database_user_edit.php b/interface/web/sites/database_user_edit.php index 651b20814..f3ec904ec 100644 --- a/interface/web/sites/database_user_edit.php +++ b/interface/web/sites/database_user_edit.php @@ -145,6 +145,8 @@ class page_action extends tform_actions { $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); } + $this->dataRecord['server_id'] = $conf['server_id']; + parent::onBeforeUpdate(); } @@ -173,6 +175,8 @@ class page_action extends tform_actions { $this->dataRecord['database_user'] = substr($dbuser_prefix . $this->dataRecord['database_user'], 0, 16); } + $this->dataRecord['server_id'] = $conf['server_id']; + parent::onBeforeInsert(); } @@ -200,7 +204,16 @@ class page_action extends tform_actions { $client_group_id = intval($this->dataRecord["client_group_id"]); $app->db->query("UPDATE web_database_user SET sys_groupid = $client_group_id, sys_perm_group = 'riud' WHERE database_user_id = ".$this->id); } - + + $old_rec = $app->db->queryOneRecord("SELECT * FROM web_database_user WHERE database_user_id = '".$this->id."'"); + + $records = $app->db->queryAllRecords("SELECT DISTINCT server_id FROM web_database WHERE database_user_id = '".intval($this->id)."' UNION SELECT DISTINCT server_id FROM web_database WHERE database_ro_user_id = '".intval($this->id)."'"); + foreach($records as $rec) { + $new_rec = $this->dataRecord; + $new_rec['server_id'] = $rec['server_id']; + $app->db->datalogSave('web_database_user', 'UPDATE', 'database_user_id', $this->id, $old_rec, $new_rec); + } + unset($new_rec); } } diff --git a/interface/web/sites/form/database_user.tform.php b/interface/web/sites/form/database_user.tform.php index f8cd38c95..971670185 100644 --- a/interface/web/sites/form/database_user.tform.php +++ b/interface/web/sites/form/database_user.tform.php @@ -63,6 +63,17 @@ $form["tabs"]['database_user'] = array ( ################################## # Begin Datatable fields ################################## + 'server_id' => array ( + 'datatype' => 'INTEGER', + 'formtype' => 'SELECT', + 'default' => '', + 'datasource' => array ( 'type' => 'SQL', + 'querystring' => 'SELECT server_id,server_name FROM server WHERE mirror_server_id = 0 AND {AUTHSQL} AND db_server = 1 ORDER BY server_name', + 'keyfield'=> 'server_id', + 'valuefield'=> 'server_name' + ), + 'value' => '' + ), 'database_user' => array ( 'datatype' => 'VARCHAR', 'formtype' => 'TEXT', diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php index 98efd8c35..df840eef5 100644 --- a/server/plugins-available/mysql_clientdb_plugin.inc.php +++ b/server/plugins-available/mysql_clientdb_plugin.inc.php @@ -88,9 +88,11 @@ class mysql_clientdb_plugin { foreach($host_list as $db_host) { $db_host = trim($db_host); + $app->log($action . ' for user ' . $database_user . ' at host ' . $db_host, LOGLEVEL_DEBUG); + // check if entry is valid ip address $valid = true; - if($db_host == '%') { + if($db_host == '%' || $db_host == 'localhost') { $valid = true; } elseif(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $db_host)) { $groups = explode('.', $db_host); @@ -106,6 +108,7 @@ class mysql_clientdb_plugin { if($action == 'GRANT') { if(!$link->query("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false; + $app->log("GRANT " . ($user_read_only ? "SELECT" : "ALL") . " ON ".$link->escape_string($database_name).".* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG); } elseif($action == 'REVOKE') { if(!$link->query("REVOKE ALL PRIVILEGES ON ".$link->escape_string($database_name).".* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false; } elseif($action == 'DROP') { @@ -388,9 +391,8 @@ class mysql_clientdb_plugin { } if($data['new']['database_password'] != $data['old']['database_password']) { - $db_host = 'localhost'; - $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = '".$link->escape_string($data['new']['database_password'])."';"); - $app->log('Changing MySQL user password for: '.$data['new']['database_user'],LOGLEVEL_DEBUG); + $link->query("SET PASSWORD FOR '".$link->escape_string($data['new']['database_user'])."'@'$db_host' = PASSWORD('".$link->escape_string($data['new']['database_password'])."');"); // is contained in clear text so PASSWORD() func is needed + $app->log('Changing MySQL user password for: '.$data['new']['database_user'].'@'.$db_host,LOGLEVEL_DEBUG); } } -- GitLab