#318: fix_318-3.diff - AlternC - Trac

debian/postinst

old	new
83	83	# Mail server hostname
84	84	DEFAULT_MX=""
85	85
86		# MySQL configuration
87		MYSQL_HOST=""
88		MYSQL_DATABASE=""
89		MYSQL_USER=""
90		MYSQL_PASS=""
	86	# Note: MySQL username/password configuration now stored in /etc/alternc/mysql-root.cnf
	87
91	88	# quels clients mysql sont permis (%, localhost, etc)
92	89	MYSQL_CLIENT=""
93	90
…	…
119	116	update_var alternc/ns2 NS2_HOSTNAME
120	117	update_var alternc/bind_internal BIND_INTERNAL
121	118	update_var alternc/default_mx DEFAULT_MX
122		~~update_var alternc/mysql/host MYSQL_HOST~~
123		~~update_var alternc/mysql/db MYSQL_DATABASE~~
124		~~update_var alternc/mysql/user MYSQL_USER~~
125		~~update_var alternc/mysql/password MYSQL_PASS~~
126	119	update_var alternc/mysql/client MYSQL_CLIENT
127	120	update_var alternc/alternc_location ALTERNC_LOC
128	121	update_var alternc/mynetwork SMTP_RELAY_NETWORKS
129	122	sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp
130	123	mv -f $CONFIGFILE.tmp $CONFIGFILE
131	124
	125	echo "Updating /etc/alternc/mysql.cnf"
	126	# build local.sh if it does not exist
	127	if [ ! -f $CONFIGFILE ]; then
	128	cat > $CONFIGFILE <<EOF
	129	# AlternC - Web Hosting System - MySQL Configuration
	130	# Automatically generated by AlternC configuration, do not edit
	131	# This file will be modified on package configuration
	132	# (e.g. upgrade or dpkg-reconfigure alternc)
	133	[client]
	134	host = ""
	135	database = ""
	136	user = ""
	137	password = ""
	138	EOF
	139	chown root:www-data $CONFIGFILE
	140	chmod 640 $CONFIGFILE
	141	fi
	142
	143	# Setup grants
	144	db_get "alternc/mysql/host"
	145	MYSQL_HOST="$RET"
	146	if [ "$MYSQL_HOST" != "localhost" -o -e /usr/sbin/mysqld ]; then
	147	# compatibility shims
	148	# XXX: should be deprecated
	149	sqlserver="$RET"
	150	db_get "alternc/mysql/db"
	151	systemdb="$RET"
	152	db_get "alternc/mysql/user"
	153	rootlogin="$RET"
	154	db_get "alternc/mysql/password"
	155	rootpass="$RET"
	156	# we don't execute the script
	157	# ...so that it gets the local environment above
	158	. /usr/share/alternc/install/mysql.sh
	159	fi
	160
	161	# Update the mysql configuration file
	162	SED_SCRIPT=""
	163	update_var alternc/mysql/host host
	164	update_var alternc/mysql/db database
	165	update_var alternc/mysql/user user
	166	update_var alternc/mysql/password password
	167	# take extra precautions here with the mysql password:
	168	# put the sed script in a temporary file
	169	SED_SCRIPT_NAME=`mktemp`
	170	cat > $SED_SCRIPT_NAME <<EOF
	171	$SED_SCRIPT
	172	EOF
	173	sed -f "$SED_SCRIPT_NAME" < /etc/alternc/mysql.cnf > /etc/alternc/mysql.cnf.$$
	174	mv -f /etc/alternc/mysql.cnf.$$ /etc/alternc/mysql.cnf
	175	rm -f $SED_SCRIPT_NAME
	176
132	177	# forget the password
133	178	db_reset alternc/mysql/password \|\| true
134	179	db_fset alternc/mysql/password "seen" "false" \|\| true
135	180
	181	if [ "$MYSQL_HOST" != "localhost" -o -e /usr/sbin/mysqld ]; then
	182	echo "Final msqyl setup"
	183
	184	# Now we can use the mysql configuration
	185	mysql="/usr/bin/mysql --defaults-file=/etc/alternc/mysql.cnf"
	186
	187	echo " * creating AlternC database '$systemdb'... "
	188	$mysql -e "CREATE DATABASE IF NOT EXISTS $systemdb;" \|\| echo cannot create database
	189
	190	echo " * installing AlternC schema..."
	191	$mysql $systemdb < /usr/share/alternc/install/mysql.sql \|\| echo cannot load database schema
	192	fi
	193
136	194	if [ -e $CONFIGFILE ]; then
137	195	# source local.sh variables
138	196	. $CONFIGFILE

debian/postrm

old	new
15	15
16	16	case "$1" in
17	17	purge)
18		rm -f /etc/alternc/local.sh /etc/alternc/bureau.conf
	18	rm -f /etc/alternc/local.sh /etc/alternc/mysql.cnf /etc/alternc/bureau.conf
19	19	rm -f /var/backups/alternc/etc-installed.tar.gz
20	20
21	21	# Purge database?

debian/changelog

old	new
1	1	alternc (0.9.7+dev) stable; urgency=low UNRELEASED
2	2
	3	* move mysql configuration into a valid MySQL configuration file
	4	(/etc/alternc/mysql.cnf). This fixes a serious security issue
	5	(#318) where the MySQL root password was passed on the commandline.
3	6	* standardisation of the web interface, along with some esthetic changes, by
4	7	Marc Angles, sponsored by Koumbit
5	8	* styles can now be changed locally in admin/styles/base.css

debian/config

old	new
38	38	# source the current config
39	39	. /etc/alternc/local.sh
40	40	fi
	41	if [ -r /etc/alternc/mysql.cnf ]; then
	42	# make mysql configuration available as shell variables
	43	# to convert from .cnf to shell syntax, we:
	44	# * match only lines with "equal" in them (/=/)
	45	# * remove whitespace (s)
	46	# * convert mysql variables into our MYSQL_ naming convention (;s)
	47	# * print the result (;p)
	48	# XXX: removing the ws breaks passwords with spaces, which are legal
	49	eval `sed -n -e '/=/{s/ //g;s/host/MYSQL_HOST/;s/user/MYSQL_LOGIN/;s/password/MYSQL_PWD/;p}' /etc/alternc/mysql.cnf`
	50	fi
41	51
42	52	# mettre les valeurs de local.sh comme "default" pour debconf
43	53	db_get alternc/hostingname

bureau/class/local.php

old	new
22	22	}
23	23
24	24	fclose($config_file);
	25
	26	$config_file = fopen('/etc/alternc/mysql.cnf', 'r');
	27	while (FALSE !== ($line = fgets($config_file))) {
	28	if (ereg('^([A-Za-z0-9_]) = (.)$', trim($line), $regs)) {
	29	switch ($regs[1]) {
	30	case "user":
	31	$GLOBALS['L_MYSQL_LOGIN'] = $regs[2];
	32	break;
	33	case "password":
	34	$GLOBALS['L_MYSQL_PWD'] = $regs[2];
	35	break;
	36	case "host":
	37	$GLOBALS['L_MYSQL_HOST'] = $regs[2];
	38	break;
	39	case "database":
	40	$GLOBALS['L_MYSQL_DATABASE'] = $regs[2];
	41	break;
	42	}
	43	}
	44	}
	45
	46	fclose($config_file);

src/functions.sh

old	new
309	309	else
310	310	# implantons localement ce que nous avons besoin, puisque admintools
311	311	# n'est pas lÃ
312		mysql -~~h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE~~ -B -N -e \
	312	mysql --defaults-file=/etc/alternc/mysql.cnf -B -N -e \
313	313	'SELECT a.login FROM membres a, sub_domaines b WHERE a.uid = b.compte AND \
314	314	CONCAT(IF(sub="", "", CONCAT(sub, ".")), domaine) = "'"$1"'" LIMIT 1;'
315	315	fi

src/sqlbackup.sh

old	new
29	29
30	30	set -e
31	31
32		~~# Get mysql user and password :~~
33		~~. /etc/alternc/local.sh~~
34
35	32	function dobck {
36	33	local ext
37	34	local i
…	…
63	60	mv -f "${target_dir}/${db}.sql${ext}" \
64	61	"${target_dir}/${db}.sql.${i}${ext}" 2>/dev/null \|\| true
65	62	if [ "$compressed" -eq 1 ]; then
66		mysqldump -~~h"$MYSQL_HOST" -u"$login" -p"$pass" "$db"~~ --add-drop-table --allow-keywords -Q -f -q -a -e \|
	63	mysqldump --defaults-file=/etc/alternc/mysql-alternc.cnf --add-drop-table --allow-keywords -Q -f -q -a -e \|
67	64	gzip -c > "${target_dir}/${db}.sql${ext}"
68	65	else
69		mysqldump -~~h"$MYSQL_HOST" -u"$login" -p"$pass" "$db"~~ --add-drop-table --allow-keywords -Q -f -q -a -e \
	66	mysqldump --defaults-file=/etc/alternc/mysql-alternc.cnf --add-drop-table --allow-keywords -Q -f -q -a -e \
70	67	> "${target_dir}/${db}.sql"
71	68	fi
72	69
…	…
83	80	mode=1
84	81	fi
85	82
86		/usr/bin/mysql -h"$MYSQL_HOST" -u"$MYSQL_USER" -p"$MYSQL_PASS" \
87		"$MYSQL_DATABASE" -B << EOF \| tail -n '+2' \| dobck
	83	/usr/bin/mysql --defaults-file=/etc/alternc/mysql.cnf -B << EOF \| tail -n '+2' \| dobck
88	84	SELECT login, pass, db, bck_history, bck_gzip, bck_dir
89	85	FROM db
90	86	WHERE bck_mode=$mode;

src/update_domains.sh

old	new
74	74
75	75	. "$CONFIG_FILE"
76	76
77		if [ -z "$MYSQL_HOST" -o -z "$MYSQL_DATABASE" -o -z "$MYSQL_USER" -o \
78		-z "$MYSQL_PASS" -o -z "$DEFAULT_MX" -o -z "$PUBLIC_IP" ]; then
	77	if [ -z "$DEFAULT_MX" -o -z "$PUBLIC_IP" ]; then
79	78	echo "Bad configuration. Please use:"
80	79	echo " dpkg-reconfigure alternc"
81	80	exit 1
…	…
96	95	HTTP_DNS="$DATA_ROOT/dns"
97	96	HTML_HOME="$DATA_ROOT/html"
98	97
99		MYSQL_SELECT="mysql -h${MYSQL_HOST} -u${MYSQL_USER}
100		-p${MYSQL_PASS} -Bs ${MYSQL_DATABASE}"
101		MYSQL_DELETE="mysql -h${MYSQL_HOST} -u${MYSQL_USER}
102		-p${MYSQL_PASS} ${MYSQL_DATABASE}"
	98	MYSQL_SELECT="mysql --defaults-file=/etc/alternc/mysql-alternc.cnf -Bs "
	99	MYSQL_DELETE="mysql --defaults-file=/etc/alternc/mysql-alternc.cnf "
103	100
104	101	########################################################################
105	102	# Functions

src/fixperms.sh

old	new
63	63	done
64	64	}
65	65
66		mysql -~~h"$MYSQL_HOST" -p"$MYSQL_PASS" -u"$MYSQL_USER" "$MYSQL_DATABASE"~~ -B -e "select uid,login from membres" \|grep -v ^uid\|doone
	66	mysql --defaults-file=/etc/alternc/mysql.cnf -B -e "select uid,login from membres" \|grep -v ^uid\|doone
67	67

tools/get_domains_by_account

old	new
74	74	# Have to get AlternC conf file :
75	75	! [ -f "$ALTERNC_CONF_FILE" ] && { echo $MISSING_CONF_FILE ; exit 1 ; } \|\| . $ALTERNC_CONF_FILE
76	76	# Must have access to mysql to retreive accounts owning domains :
77		[ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost
78		$mysql ~~-h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e~~ "select count(*) from domaines_standby;" > /dev/null 2>&1
79		[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } ~~\|\| mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e "~~
	77	mysql="$mysql --defaults-file=/etc/alternc/mysql.cnf -B -N -e"
	78	$mysql "select count(*) from domaines_standby;" > /dev/null 2>&1
	79	[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; }
80	80
81	81	# Does the stuff
82	82	$mysql "select concat(a.sub, if(a.sub=\"\",\"\", \".\"), a.domaine) from sub_domaines a, membres b where a.compte = b.uid and b.login = \"${1}\";"

tools/top_http_users

old	new
168	168	# Have to get AlternC conf file :
169	169	[ -f "$ALTERNC_CONF_FILE" ] \|\| { echo $MISSING_CONF_FILE ; exit 1 ; } && . $ALTERNC_CONF_FILE
170	170	# Must have access to mysql to retreive accounts owning domains :
171		[ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost
172		$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1
173		[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } \|\| mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e "
174
	171	mysql="$mysql --defaults-file=/etc/alternc/mysql.cnf -B -N -e"
	172	$mysql "select count(*) from domaines_standby;" > /dev/null 2>&1
	173	[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; }
175	174	# Prevents executing more than one shell at the same time
176	175	$lockfilecreate --retry 1 $LOCK_FILE
177	176	if [ $? != 0 ]

tools/get_account_by_domain

old	new
75	75	[ "$1" = "-h" ] \|\| [ "$1" = "--help" ] && { echo $HELP ; echo $USAGE ; exit 0 ; }
76	76	# Have to get AlternC conf file :
77	77	! [ -f "$ALTERNC_CONF_FILE" ] && { echo $MISSING_CONF_FILE ; exit 1 ; } \|\| . $ALTERNC_CONF_FILE
78		# Must have access to mysql to retreive accounts owning domains :
79		[ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost
80		$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1
81		[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } \|\| mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e "
	78	mysql=$mysql --defaults-file=/etc/alternc/mysql.cnf
	79	$mysql -e "select count(*) from domaines_standby;" > /dev/null 2>&1
	80	[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; }
82	81
83	82	# Does the stuff
84		$mysql "select concat(a.login, \" (\", a.mail, \")\") from membres a, sub_domaines b where a.uid = b.compte and concat(if(sub=\"\", \"\", concat(sub, \".\")), domaine) = \"${1}\";"
	83	$mysql -B -N -e "select concat(a.login, \" (\", a.mail, \")\") from membres a, sub_domaines b where a.uid = b.compte and concat(if(sub=\"\", \"\", concat(sub, \".\")), domaine) = \"${1}\";"
85	84
86	85

install/alternc.install

old	new
5	5	# on a new server. THIS SCRIPT ERASE ALL DATA ON THE AlternC SYSTEM !!
6	6	# YOU HAVE BEEN WARNED !
7	7
	8	# This script now assumes it has MySQL connectivity through
	9	# /etc/alternc/mysql.cnf
	10
8	11	set -e
9	12
10	13	. /usr/lib/alternc/functions.sh
…	…
101	104	MONITOR_IP="127.0.0.1"
102	105	fi
103	106
104		SED_SCRIPT="
	107	# XXX: I assume this is secure if /tmp is sticky (+t)
	108	# we should have a better way to deal with templating, of course.
	109	SED_SCRIPT=`mktemp`
	110	cat > $SED_SCRIPT <<EOF
105	111	s\\%%hosting%%\\$HOSTING\\;
106	112	s\\%%fqdn%%\\$FQDN\\;
107	113	s\\%%public_ip%%\\$PUBLIC_IP\\;
…	…
121	127	s\\%%fqdn_lettre%%\\$FQDN_LETTER\\;
122	128	s\\%%version%%\\$VERSION\\;
123	129	s\\%%ns2_ip%%\\$NS2_IP\\;
124		"
	130	EOF
125	131
126	132	#######################################################################
127	133	# Backup configuration files
…	…
145	151	for file in $CONFIG_FILES; do
146	152	TEMPLATE="$TEMPLATE_DIR/${file##etc/}"
147	153	if [ -f "$TEMPLATE" ]; then
148		sed -e "$SED_SCRIPT" < $TEMPLATE > /$file
	154	sed -f "$SED_SCRIPT" < $TEMPLATE > /$file
149	155	fi
150	156	done
	157	rm -f $SED_SCRIPT
151	158
152	159	#######################################################################
153	160	# Save installed files to check them during next install
154	161	#
155	162	tar -zcf "$INSTALLED_CONFIG_TAR" -C / $CONFIG_FILES
156	163
157		~~######################################################################~~
158		~~# Initialize database~~
159		#
160		~~if [ "$MYSQL_HOST" != "localhost" -o -e /usr/sbin/mysqld ]; then~~
161		~~echo "Setup MySQL and database..."~~
162		~~/usr/share/alternc/install/mysql.sh "$MYSQL_HOST" "$MYSQL_USER" "$MYSQL_PASS" "$MYSQL_DATABASE"~~
163		fi
164
165	164	########################################################################
166	165	# Ad-hoc fixes
167	166	#
…	…
263	262	/usr/lib/alternc/basedir_prot.sh
264	263
265	264	# Creating admin user if needed
266		HAS_ROOT=~~"`mysql -h"$MYSQL_HOST" -u"$MYSQL_USER" -p"$MYSQL_PASS" "$MYSQL_DATABASE" -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" \| tail -1`"~~
	265	HAS_ROOT=`mysql --defaults-file=/etc/alternc/mysql.cnf -e "SELECT COUNT(*) FROM membres WHERE login = 'admin' OR login = 'root' and su = 1" \| tail -1`
267	266	if [ "$HAS_ROOT" != "1" ]; then
268	267	echo "Creating admin user..."
269	268	echo ""

install/mysql.sh

old	new
28	28	# USAGE : "mysql.sh loginroot passroot systemdb"
29	29	# ----------------------------------------------------------------------
30	30	#
	31
	32	# This script expects the following environment to exist:
	33	# * sqlserver
	34	# * rootlogin
	35	# * rootpass
	36	# * systemdb
	37	#
	38	# So this file should generally be sourced like this:
	39	# . /usr/share/alternc/install/mysql.sh
	40	#
	41	# Those values are used to set the username/passwords...
31	42
32		sqlserver="$1"
33		rootlogin="$2"
34		rootpass="$3"
35		systemdb="$4"
	43	# The grant all is the most important right needed in this script.
	44	echo "Granting users..."
36	45
37		if [ -z "$rootlogin" -o -z "$rootpass" -o -z "$systemdb" ]
38		then
39		echo "Usage: mysql.sh <mysqlserver> <rootlogin> <rootpass> <systemdb>"
40		exit 1
41		fi
42
43		mysql="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf -h$sqlserver "
44
45		# The grant all is the most important right needed in this script.
	46	echo -n " * Trying debian.cnf... "
	47	mysql="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf"
46	48	# If this call fail, we may be connected to a mysql-server version 5.0.
47		echo "Granting users "
48		# In that case, change mysql parameters and retry. Use root / nopassword.
49		$mysql -e "GRANT ALL ON . TO '$rootlogin'@'${MYSQL_CLIENT}' IDENTIFIED BY '$rootpass' WITH GRANT OPTION"
	49	# In that case, change mysql parameters and retry. Use root / nopassword.
	50	$mysql <<EOF
	51	GRANT ALL ON . TO '$rootlogin'@'${MYSQL_CLIENT}' IDENTIFIED BY '$rootpass' WITH GRANT OPTION
	52	EOF
50	53	if [ "$?" -ne "0" ]
51	54	then
52		echo "debian-sys-maintainer doesn't have the right credentials, assuming we're doing an upgrade"
53		mysql="/usr/bin/mysql -h$sqlserver -u$rootlogin -p$rootpass"
54		$mysql -e "GRANT ALL ON . TO '$rootlogin'@'${MYSQL_CLIENT}' IDENTIFIED BY '$rootpass' WITH GRANT OPTION"
	55	echo "failed: debian-sys-maintainer doesn't have the right credentials"
	56	echo -n "are we doing an upgrade? "
	57	mysql="/usr/bin/mysql --defaults-file=/etc/alternc/mysql.cnf"
	58	$mysql <<EOF
	59	GRANT ALL ON . TO '$rootlogin'@'${MYSQL_CLIENT}' IDENTIFIED BY '$rootpass' WITH GRANT OPTION
	60	EOF
55	61	if [ "$?" -ne "0" ]
56		then
57		echo "Still not working, assuming clean install and empty root password"
	62	then
	63	echo "No"
	64	echo - "Assuming clean install (empty root password)... "
58	65	mysql="/usr/bin/mysql -h$sqlserver -uroot "
59		$mysql -e "GRANT ALL ON . TO '$rootlogin'@'${MYSQL_CLIENT}' IDENTIFIED BY '$rootpass' WITH GRANT OPTION"
	66	$mysql <<EOF
	67	GRANT ALL ON . TO '$rootlogin'@'${MYSQL_CLIENT}' IDENTIFIED BY '$rootpass' WITH GRANT OPTION
	68	EOF
60	69	if [ "$?" -ne "0" ]
61	70	then
	71	echo "Failed"
62	72	echo "Can't grant system user $rootlogin, aborting";
63	73	exit 1
64	74	fi
65	75	fi
66	76	fi
	77	echo "ok!"
67	78
68		# Now we can use rootlogin and rootpass.
69		mysql="/usr/bin/mysql -h$sqlserver -u$rootlogin -p$rootpass"
	79	echo "Checking for MySQL connectivity"
	80	/usr/bin/mysql --defaults-file=/etc/alternc/mysql.cnf -e "SHOW TABLES" >/dev/null && echo "MYSQL.SH OK!" \|\| echo "MYSQL.SH FAILED!"
70	81
71		~~echo "Setting AlternC '$systemdb' system table and privileges "~~
72		~~$mysql -e "CREATE DATABASE IF NOT EXISTS $systemdb;"~~
73
74		~~echo "Installing AlternC schema "~~
75		~~$mysql $systemdb < /usr/share/alternc/install/mysql.sql~~
76
77		~~/usr/bin/mysql -h$sqlserver -u$rootlogin -p$rootpass $systemdb -e "SHOW TABLES" >/dev/null && echo "MYSQL.SH OK!" \|\| echo "MYSQL.SH FAILED!"~~

Ticket #318: fix_318-3.diff

debian/postinst

debian/postrm

debian/changelog

debian/config

bureau/class/local.php

src/functions.sh

src/sqlbackup.sh

src/update_domains.sh

src/fixperms.sh

tools/get_domains_by_account

tools/top_http_users

tools/get_account_by_domain

install/alternc.install

install/mysql.sh

Download in other formats: