#318: fix_318.diff - AlternC - Trac

debian/postinst

old	new
83	83	# Mail server hostname
84	84	DEFAULT_MX=""
85	85
86		# MySQL configuration
87		MYSQL_HOST=""
88		MYSQL_DATABASE=""
89		MYSQL_USER=""
90		MYSQL_PASS=""
	86	# Note: MySQL username/password configuration now stored in /etc/alternc/mysql-root.cnf
	87
91	88	# quels clients mysql sont permis (%, localhost, etc)
92	89	MYSQL_CLIENT=""
93	90
…	…
119	116	update_var alternc/ns2 NS2_HOSTNAME
120	117	update_var alternc/bind_internal BIND_INTERNAL
121	118	update_var alternc/default_mx DEFAULT_MX
122		~~update_var alternc/mysql/host MYSQL_HOST~~
123		~~update_var alternc/mysql/db MYSQL_DATABASE~~
124		~~update_var alternc/mysql/user MYSQL_USER~~
125		~~update_var alternc/mysql/password MYSQL_PASS~~
126	119	update_var alternc/mysql/client MYSQL_CLIENT
127	120	update_var alternc/alternc_location ALTERNC_LOC
128	121	update_var alternc/mynetwork SMTP_RELAY_NETWORKS
129	122	sed -e "$SED_SCRIPT" < $CONFIGFILE > $CONFIGFILE.tmp
130	123	mv -f $CONFIGFILE.tmp $CONFIGFILE
131	124
	125	echo "Updating /etc/alternc/mysql-root.cnf"
	126	# build local.sh if it does not exist
	127	if [ ! -f $CONFIGFILE ]; then
	128	cat > $CONFIGFILE <<EOF
	129	# AlternC - Web Hosting System - MySQL Configuration
	130	# Automatically generated by AlternC configuration, do not edit
	131	# This file will be modified on package configuration
	132	# (e.g. upgrade or dpkg-reconfigure alternc)
	133	[client]
	134	host = ""
	135	database = ""
	136	user = ""
	137	password = ""
	138	EOF
	139	chown root:www-data $CONFIGFILE
	140	chmod 640 $CONFIGFILE
	141	fi
	142
	143	# Update the mysql configuration file
	144	SED_SCRIPT=""
	145	update_var alternc/mysql/host host
	146	update_var alternc/mysql/db database
	147	update_var alternc/mysql/user user
	148	update_var alternc/mysql/password password
	149	sed -e "$SED_SCRIPT" < /etc/alternc/mysql-root.cnf > /etc/alternc/mysql-root.cnf.$$
	150	mv -f /etc/alternc/mysql-root.cnf.$$ /etc/alternc/mysql-root.cnf
	151
132	152	# forget the password
133	153	db_reset alternc/mysql/password \|\| true
134	154	db_fset alternc/mysql/password "seen" "false" \|\| true

debian/postrm

old	new
15	15
16	16	case "$1" in
17	17	purge)
18		rm -f /etc/alternc/local.sh /etc/alternc/bureau.conf
	18	rm -f /etc/alternc/local.sh /etc/alternc/mysql-root.cnf /etc/alternc/bureau.conf
19	19	rm -f /var/backups/alternc/etc-installed.tar.gz
20	20
21	21	# Purge database?

debian/changelog

old	new
1	1	alternc (0.9.7+dev) stable; urgency=low UNRELEASED
2	2
	3	* move mysql configuration into a valid .my.cnf configuration file
	4	(/etc/alternc/mysql-root.cnf). This fixes a serious security
	5	((#318) where the MySQL root password was passed on the commandline.
3	6	* standardisation of the web interface, along with some esthetic changes, by
4	7	Marc Angles, sponsored by Koumbit
5	8	* styles can now be changed locally in admin/styles/base.css

debian/config

old	new
23	23	MYSQL_HOST=127.0.0.1
24	24	MYSQL_DATABASE=alternc
25	25	MYSQL_USER=sysusr
26		MYSQL_PASS="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..10)' `"
	26	MYSQL_PASS="`perl -e 'print map{("a".."z","A".."Z",0..9)[int(rand(62))]}(1..10)' `" # ' unconfuse emacs
27	27	MYSQL_CLIENT=localhost
28	28	FQDN="`cat /etc/mailname 2>/dev/null \|\| hostname -f`"
29	29	INTERNAL_IP="`/sbin/ifconfig\|grep "inet addr:" \| grep -v 127.0.0.1\| head -1 \| sed -e 's/^.addr:$[0-9\.]$.*$/\1/' 2>/dev/null \|\| hostname -f`"
…	…
38	38	# source the current config
39	39	. /etc/alternc/local.sh
40	40	fi
	41	if [ -r /etc/alternc/mysql-root.cnf ]; then
	42	# make mysql configuration available as shell variables
	43	# this funky sed function does the following:
	44	# * match only lines with "equal" in them
	45	# * remove whitespace
	46	# * convert mysql variables into our MYSQL_ naming convention
	47	# * print the result
	48	eval `sed -n -e '/=/{s/ //g;s/host/MYSQL_HOST/;s/user/MYSQL_LOGIN/;s/password/MYSQL_PWD/;p}' /etc/alternc/mysql-root.cnf`
	49	fi
41	50
42	51	# mettre les valeurs de local.sh comme "default" pour debconf
43	52	db_get alternc/hostingname

bureau/class/local.php

old	new
22	22	}
23	23
24	24	fclose($config_file);
	25
	26	$config_file = fopen('/etc/alternc/mysql-root.cnf', 'r');
	27	while (FALSE !== ($line = fgets($config_file))) {
	28	if (ereg('^([A-Za-z0-9_]) = (.)$', trim($line), $regs)) {
	29	switch ($regs[1]) {
	30	case "user":
	31	$GLOBALS['L_MYSQL_LOGIN'] = $regs[2];
	32	break;
	33	case "password":
	34	$GLOBALS['L_MYSQL_PWD'] = $regs[2];
	35	break;
	36	case "host":
	37	$GLOBALS['L_MYSQL_HOST'] = $regs[2];
	38	break;
	39	case "database":
	40	$GLOBALS['L_MYSQL_DATABASE'] = $regs[2];
	41	break;
	42	}
	43	}
	44	}
	45
	46	fclose($config_file);
	47	print_r($GLOBALS);

src/basedir_prot.sh

old	new
7	7	# dans alternc/html/u/user avec open_base_dir
8	8
9	9	# ce script a les dépendances suivantes:
10		# (mysql, /etc/alternc/local.sh) OR /usr/bin/get_account_by_domain dans
11		# l'ancien package alternc-admintools désormais dans alternc natif.
12		# cut, awk, sort
	10	# /usr/bin/get_account_by_domain dans l'ancien package
	11	# alternc-admintools désormais dans alternc natif. cut, awk, sort
13	12
14	13	override_d=/var/alternc/apacheconf
15	14	override_f=${override_d}/override_php.conf
…	…
18	17	. /etc/alternc/local.sh
19	18	. /usr/lib/alternc/functions.sh
20	19
21		~~if [ -z "$MYSQL_HOST" ]~~
22		~~then~~
23		~~MYSQL_HOST="localhost"~~
24		fi
25
26	20	echo -n "adding open_base_dir protection for:"
27	21	# boucle sur tous les domaines hébergés, ou sur les arguments de la
28	22	# ligne de commande

src/sqlbackup.sh

old	new
29	29
30	30	set -e
31	31
32		~~# Get mysql user and password :~~
33		~~. /etc/alternc/local.sh~~
34
35	32	function dobck {
36	33	local ext
37	34	local i
…	…
63	60	mv -f "${target_dir}/${db}.sql${ext}" \
64	61	"${target_dir}/${db}.sql.${i}${ext}" 2>/dev/null \|\| true
65	62	if [ "$compressed" -eq 1 ]; then
66		mysqldump -~~h"$MYSQL_HOST" -u"$login" -p"$pass" "$db"~~ --add-drop-table --allow-keywords -Q -f -q -a -e \|
	63	mysqldump --defaults-file=/etc/alternc/mysql-alternc.cnf --add-drop-table --allow-keywords -Q -f -q -a -e \|
67	64	gzip -c > "${target_dir}/${db}.sql${ext}"
68	65	else
69		mysqldump -~~h"$MYSQL_HOST" -u"$login" -p"$pass" "$db"~~ --add-drop-table --allow-keywords -Q -f -q -a -e \
	66	mysqldump --defaults-file=/etc/alternc/mysql-alternc.cnf --add-drop-table --allow-keywords -Q -f -q -a -e \
70	67	> "${target_dir}/${db}.sql"
71	68	fi
72	69
…	…
83	80	mode=1
84	81	fi
85	82
86		/usr/bin/mysql -h"$MYSQL_HOST" -u"$MYSQL_USER" -p"$MYSQL_PASS" \
87		"$MYSQL_DATABASE" -B << EOF \| tail -n '+2' \| dobck
	83	/usr/bin/mysql --defaults-file=/etc/alternc/mysql-root.cnf -B << EOF \| tail -n '+2' \| dobck
88	84	SELECT login, pass, db, bck_history, bck_gzip, bck_dir
89	85	FROM db
90	86	WHERE bck_mode=$mode;

src/update_domains.sh

old	new
74	74
75	75	. "$CONFIG_FILE"
76	76
77		~~if [ -z "$MYSQL_HOST" -o -z "$MYSQL_DATABASE" -o -z "$MYSQL_USER" -o \~~
78		~~-z "$MYSQL_PASS" -o -z "$DEFAULT_MX" -o -z "$PUBLIC_IP" ]; then~~
79		~~echo "Bad configuration. Please use:"~~
80		~~echo " dpkg-reconfigure alternc"~~
81		~~exit 1~~
82		fi
83
84	77	if [ -f "$LOCK_FILE" ]; then
85	78	echo "`date` $0: last cron unfinished or stale lock file." \|
86	79	tee -a "$DOMAIN_LOG_FILE" >&2
…	…
96	89	HTTP_DNS="$DATA_ROOT/dns"
97	90	HTML_HOME="$DATA_ROOT/html"
98	91
99		MYSQL_SELECT="mysql -h${MYSQL_HOST} -u${MYSQL_USER}
100		-p${MYSQL_PASS} -Bs ${MYSQL_DATABASE}"
101		MYSQL_DELETE="mysql -h${MYSQL_HOST} -u${MYSQL_USER}
102		-p${MYSQL_PASS} ${MYSQL_DATABASE}"
	92	MYSQL_SELECT="mysql --defaults-file=/etc/alternc/mysql-alternc.cnf -Bs "
	93	MYSQL_DELETE="mysql --defaults-file=/etc/alternc/mysql-alternc.cnf "
103	94
104	95	########################################################################
105	96	# Functions

src/fixperms.sh

old	new
63	63	done
64	64	}
65	65
66		mysql -~~h"$MYSQL_HOST" -p"$MYSQL_PASS" -u"$MYSQL_USER" "$MYSQL_DATABASE"~~ -B -e "select uid,login from membres" \|grep -v ^uid\|doone
	66	mysql --defaults-file=/etc/alternc/mysql-root.cnf -B -e "select uid,login from membres" \|grep -v ^uid\|doone
67	67

tools/get_domains_by_account

old	new
74	74	# Have to get AlternC conf file :
75	75	! [ -f "$ALTERNC_CONF_FILE" ] && { echo $MISSING_CONF_FILE ; exit 1 ; } \|\| . $ALTERNC_CONF_FILE
76	76	# Must have access to mysql to retreive accounts owning domains :
77		[ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost
78		$mysql ~~-h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e~~ "select count(*) from domaines_standby;" > /dev/null 2>&1
79		[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } ~~\|\| mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e "~~
	77	mysql="$mysql --defaults-file=/etc/alternc/mysql-root.cnf -B -N -e"
	78	$mysql "select count(*) from domaines_standby;" > /dev/null 2>&1
	79	[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; }
80	80
81	81	# Does the stuff
82	82	$mysql "select concat(a.sub, if(a.sub=\"\",\"\", \".\"), a.domaine) from sub_domaines a, membres b where a.compte = b.uid and b.login = \"${1}\";"

tools/top_http_users

old	new
168	168	# Have to get AlternC conf file :
169	169	[ -f "$ALTERNC_CONF_FILE" ] \|\| { echo $MISSING_CONF_FILE ; exit 1 ; } && . $ALTERNC_CONF_FILE
170	170	# Must have access to mysql to retreive accounts owning domains :
171		[ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost
172		$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1
173		[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } \|\| mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e "
174
	171	mysql="$mysql --defaults-file=/etc/alternc/mysql-root.cnf -B -N -e"
	172	$mysql "select count(*) from domaines_standby;" > /dev/null 2>&1
	173	[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; }
175	174	# Prevents executing more than one shell at the same time
176	175	$lockfilecreate --retry 1 $LOCK_FILE
177	176	if [ $? != 0 ]

tools/get_account_by_domain

old	new
75	75	[ "$1" = "-h" ] \|\| [ "$1" = "--help" ] && { echo $HELP ; echo $USAGE ; exit 0 ; }
76	76	# Have to get AlternC conf file :
77	77	! [ -f "$ALTERNC_CONF_FILE" ] && { echo $MISSING_CONF_FILE ; exit 1 ; } \|\| . $ALTERNC_CONF_FILE
78		# Must have access to mysql to retreive accounts owning domains :
79		[ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost
80		$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1
81		[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } \|\| mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e "
	78	mysql=$mysql --defaults-file=/etc/alternc/mysql-root.cnf
	79	$mysql -e "select count(*) from domaines_standby;" > /dev/null 2>&1
	80	[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; }
82	81
83	82	# Does the stuff
84		$mysql "select concat(a.login, \" (\", a.mail, \")\") from membres a, sub_domaines b where a.uid = b.compte and concat(if(sub=\"\", \"\", concat(sub, \".\")), domaine) = \"${1}\";"
	83	$mysql -B -N -e "select concat(a.login, \" (\", a.mail, \")\") from membres a, sub_domaines b where a.uid = b.compte and concat(if(sub=\"\", \"\", concat(sub, \".\")), domaine) = \"${1}\";"
85	84
86	85

Ticket #318: fix_318.diff

debian/postinst

debian/postrm

debian/changelog

debian/config

bureau/class/local.php

src/basedir_prot.sh

src/sqlbackup.sh

src/update_domains.sh

src/fixperms.sh

tools/get_domains_by_account

tools/top_http_users

tools/get_account_by_domain

Download in other formats: