Changeset 2943

Timestamp:

05/18/11 22:26:12 (2 years ago)

Author:

fufroma

Message:

Séparation des bases de données utilisateurs de la base
de donnée systéme.

Attention ! Bug ! $db et $dbu ne sont pas étanche !
Il faut se pencher sur la class db_mysql.php pour
finir l'isolation

Location:

alternc/trunk

Files:

• bureau/class/m_bro.php (modified) (9 diffs)
• bureau/class/m_mysql.php (modified) (16 diffs)
• etc/alternc/dbusers.cnf.sample (added)

alternc/trunk/bureau/class/m_bro.php

@@ -268 +268 @@
     // Now seek the extension
     if (!$bro_type[$ext]) {
-        return "File";
-    } else {
-        return $bro_type[$ext];
+            return "File";
+    } else {
+            return $bro_type[$ext];
     }
   }
@@ -307 +307 @@
         $nextpath = $dir . '/' . $file;
 
-        if ($file != '.' && $file != '..' && !is_link($nextpath)) {
+              if ($file != '.' && $file != '..' && !is_link($nextpath)) {
           if (is_dir($nextpath)) {
             $totalsize += $this->dirsize($nextpath);
@@ -406 +406 @@
       $new[$i]=ssla($new[$i]);
       if (!strpos($old[$i],"/") && !strpos($new[$i],"/")) {  // caractère / interdit dans old ET dans new...
-        @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea);
+              @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea);
       }
     }
     for ($i=0;$i<count($old);$i++) {
       if (!strpos($old[$i],"/") && !strpos($new[$i],"/")) {  // caractère / interdit dans old ET dans new...
-        @rename($absolute."/".$old[$i].$alea,$absolute."/".$new[$i]);
+        @rename($absolute."/".$old[$i].$alea,$absolute."/".$new[$i]);
       }
     }
@@ -477 +477 @@
       $d[$i]=ssla($d[$i]); // strip slashes if needed
       if (!strpos($d[$i],"/")) {  // caractère / interdit dans le nom du fichier
-        // @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea);
-        $m = fileperms($absolute."/". $d[$i]);
-
-        // pour l'instant on se limite a "write" pour owner, puisque c'est le seul
-        // cas interessant compte tenu de la conf de Apache pour AlternC..
-        if ($perm[$i]['w']) {
-          $m = $m | 128;
-        } else {
-          $m = $m ^ 128;
-        }
-        $m = $m | ($perm[$i]['w'] ? 128 : 0); // 0600
-        chmod($absolute."/".$d[$i], $m);
-        echo "chmod " . sprintf('%o', $m) . " file, was " . sprintf('%o', fileperms($absolute."/". $d[$i])). " -- " . $perm[$i]['w'];
+        // @rename($absolute."/".$old[$i],$absolute."/".$old[$i].$alea);
+        $m = fileperms($absolute."/". $d[$i]);
+
+        // pour l'instant on se limite a "write" pour owner, puisque c'est le seul
+        // cas interessant compte tenu de la conf de Apache pour AlternC..
+        if ($perm[$i]['w']) {
+          $m = $m | 128;
+        } else {
+                $m = $m ^ 128;
+        }
+        $m = $m | ($perm[$i]['w'] ? 128 : 0); // 0600
+        chmod($absolute."/".$d[$i], $m);
+        echo "chmod " . sprintf('%o', $m) . " file, was " . sprintf('%o', fileperms($absolute."/". $d[$i])). " -- " . $perm[$i]['w'];
       }
     }
@@ -756 +756 @@
       $end="";  $beg=$dir;      $tofind=true;
       while ($tofind) {
-        $db->query("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid'
-                         AND type=0 AND (valeur='/$beg/' or valeur='/$beg');");
-        $db->next_record();
-        if ($db->num_rows()) {
-          $tofind=false;
-          $this->cacheurl["d".$dir]="http://".$db->f("sub").ife($db->f("sub"),".").$db->f("domaine").$end;
-        }
-        if (!$beg && $tofind) {
-          $tofind=false;
-          $this->cacheurl["d".$dir]="-";
-                                // We did not find it ;(
-        }
-        if (($tt=strrpos($beg,"/"))!==false) {
-          $end=substr($beg,$tt).$end; // = /topdir$end so $end starts AND ends with /
-          $beg=substr($beg,0,$tt);
-        } else {
-          $end="/".$beg.$end;
-          $beg="/";
-        }
+        $db->query("SELECT sub,domaine FROM sub_domaines WHERE compte='$cuid'
+             AND type=0 AND (valeur='/$beg/' or valeur='/$beg');");
+        $db->next_record();
+        if ($db->num_rows()) {
+          $tofind=false;
+          $this->cacheurl["d".$dir]="http://".$db->f("sub").ife($db->f("sub"),".").$db->f("domaine").$end;
+        }
+        if (!$beg && $tofind) {
+          $tofind=false;
+          $this->cacheurl["d".$dir]="-";
+              // We did not find it ;(
+        }
+        if (($tt=strrpos($beg,"/"))!==false) {
+          $end=substr($beg,$tt).$end; // = /topdir$end so $end starts AND ends with /
+          $beg=substr($beg,0,$tt);
+        } else {
+          $end="/".$beg.$end;
+          $beg="/";
+        }
       }
     }
@@ -794 +794 @@
       case "bz":
       case "bz2":
-        $ext = array_pop($parts) . $ext;
-        /* FALLTHROUGH */
+            $ext = array_pop($parts) . $ext;
+            /* FALLTHROUGH */
       case "tar.gz":
       case "tar.bz":
@@ -817 +817 @@
       $absolute.="/".$file;
       if (file_exists($absolute)) {
-        $content = @file($absolute);
-        for($i=0;$i<count($content);$i++) {
-          echo stripslashes($content[$i]);
-        }
+              $content = @file($absolute);
+              for($i=0;$i<count($content);$i++) {
+                echo stripslashes($content[$i]);
+        }
       }
     } else {
@@ -844 +844 @@
       $absolute.="/".$file;
       if (file_exists($absolute)) {
-        $f=@fopen($absolute,"wb");
-        if ($f) {
-          fputs($f,$texte,strlen($texte));
-          fclose($f);
-        }
+              $f=@fopen($absolute,"wb");
+        if ($f) {
+                fputs($f,$texte,strlen($texte));
+                fclose($f);
+              }
       }
     } else {
@@ -940 +940 @@
       $handle = opendir($file);
       while($filename = readdir($handle)) {
-        if ($filename != "." && $filename != "..") {
-          $this->_delete($file."/".$filename);
-        }
+              if ($filename != "." && $filename != "..") {
+                $this->_delete($file."/".$filename);
+              }
       }
       closedir($handle);

alternc/trunk/bureau/class/m_mysql.php

@@ -34 +34 @@
  * @copyright    AlternC-Team 2002-2005 http://alternc.org/
  */
+
+class DBU_mysql extends DB_Sql {
+  var $Host,$HumanHostname,$User,$Password;
+
+  /**
+  * Creator
+  */
+  function DBU_mysql() {
+
+    # Use the dbusers file if exist, else use default alternc configuration
+    if ( is_readable("/etc/alternc/dbusers.cnf") ) {
+      $mysqlconf=file_get_contents("/etc/alternc/dbusers.cnf");
+    } else {
+      $mysqlconf=file_get_contents("/etc/alternc/my.cnf");
+    }
+    $mysqlconf=explode("\n",$mysqlconf);
+
+    # Read the configuration
+    foreach ($mysqlconf as $line) {
+      # First, read the "standard" configuration
+      if (preg_match('/^([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) {
+          switch ($regs[1]) {
+          case "user":
+              $user = $regs[2];
+              break;
+          case "password":
+              $password = $regs[2];
+              break;
+          case "host":
+              $host = $regs[2];
+              break;
+          }
+      }
+      # Then, read specific alternc configuration
+      if (preg_match('/^#alternc_var ([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) {
+        $$regs[1]=$regs[2];
+      }
+    }
+
+    # Set value of human_host if unset
+    if (! isset($human_hostname) || empty($human_hostname)) {
+      if ( checkip($host) || checkipv6($host) ) {
+        $human_hostname = gethostbyaddr($host);
+      } else {
+        $human_hostname = $host;
+      }
+    }
+
+
+    # Create the object
+    $this->Host     = $host;
+    $this->User     = $user;
+    $this->Password = $password;
+// TODO BUG BUG BUG
+// c'est pas étanche : $db se retrouve avec Database de $sql->dbu . Danger, faut comprendre pourquoi
+    $this->Database = "alternc";
+    $this->HumanHostname = $human_hostname;
+
+  }
+}
+
+
 class m_mysql {
-
-  var $server;
-  var $client;
-
+  var $dbu;
 
   /*---------------------------------------------------------------------------*/
@@ -45 +104 @@
   */
   function m_mysql() {
-      $this->server = $GLOBALS['L_MYSQL_HOST'];
-      $this->client = $GLOBALS['L_MYSQL_CLIENT'];
+    $this->dbu = new DBU_mysql();
   }
 
@@ -160 +218 @@
       $pa=addslashes($db->f("pass"));
     }
-    if ($db->query("CREATE DATABASE `$dbname`;")) {
+    if ($this->dbu->query("CREATE DATABASE `$dbname`;")) {
       // Ok, database does not exist, quota is ok and dbname is compliant. Let's proceed
       $db->query("INSERT INTO db (uid,login,pass,db,bck_mode) VALUES ('$cuid','$lo','$pa','$dbname',0);");
       // give everything but GRANT on db.*
       // we assume there's already a user
-      $db->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$lo."'@'$this->client'");
+      $this->dbu->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$lo."'@'$this->client'");
       return true;
     } else {
@@ -195 +253 @@
     // Ok, database exists and dbname is compliant. Let's proceed
     $db->query("DELETE FROM db WHERE uid='$cuid' AND db='$dbname';");
-    $db->query("DROP DATABASE `$dbname`;");
+    $this->dbu->query("DROP DATABASE `$dbname`;");
     $db->query("SELECT COUNT(*) AS cnt FROM db WHERE uid='$cuid';");
     $db->next_record();
-    $db->query("REVOKE ALL PRIVILEGES ON `".$dbname."`.* FROM '".$login."'@'$this->client'");
-    if ($db->f("cnt")==0) {
-      $db->query("DELETE FROM mysql.user WHERE User='".$login."';");
-      $db->query("FLUSH PRIVILEGES;");
+    $this->dbu->query("REVOKE ALL PRIVILEGES ON `".$dbname."`.* FROM '".$login."'@'$this->client'");
+    if ($this->dbu->f("cnt")==0) {
+      $this->dbu->query("DELETE FROM mysql.user WHERE User='".$login."';");
+      $this->dbu->query("FLUSH PRIVILEGES;");
     }
     return true;
@@ -279 +337 @@
     if (is_callable(array($admin,"checkPolicy"))) {
       if (!$admin->checkPolicy("mysql",$login,$password)) {
-        return false; // The error has been raised by checkPolicy()
+              return false; // The error has been raised by checkPolicy()
       }
     }
@@ -285 +343 @@
     // Update all the "pass" fields for this user : 
     $db->query("UPDATE db SET pass='$password' WHERE uid='$cuid';");
-    $db->query("SET PASSWORD FOR '$login'@'$this->client' = PASSWORD('$password')");
+    $this->dbu->query("SET PASSWORD FOR '$login'@'$this->client' = PASSWORD('$password')");
     return true;
   }
@@ -323 +381 @@
     if (is_callable(array($admin,"checkPolicy"))) {
       if (!$admin->checkPolicy("mysql",$login,$password)) {
-        return false; // The error has been raised by checkPolicy()
+        return false; // The error has been raised by checkPolicy()
       }
     }    
@@ -330 +388 @@
     $db->query("INSERT INTO db (uid,login,pass,db) VALUES ('$cuid','".$login."','$password','".$dbname."');");
     // give everything but GRANT on $user.*
-    $db->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$login."'@'$this->client' IDENTIFIED BY '".addslashes($password)."'");
-    $db->query("CREATE DATABASE `".$dbname."`;");
+    $this->dbu->query("GRANT ALL PRIVILEGES ON `".$dbname."`.* TO '".$login."'@'$this->client' IDENTIFIED BY '".addslashes($password)."'");
+    $this->dbu->query("CREATE DATABASE `".$dbname."`;");
     return true;
   }
@@ -344 +402 @@
    */
   function restore($file,$stdout,$id) { 
+// TODO don't work with the separated sql serveur for dbusers
     global $err,$bro,$mem,$L_MYSQL_HOST;
     if (!$r=$this->get_mysql_details($id)) { 
@@ -385 +444 @@
     global $db,$err;
     
-    $db->query("SHOW TABLE STATUS FROM `$dbname`;");
+    $this->dbu->query("SHOW TABLE STATUS FROM `$dbname`;");
     $size = 0;
     while ($db->next_record()) {
-      $size += $db->f('Data_length') + $db->f('Index_length')
-        + $db->f('Data_free');
+      $size += $db->f('Data_length') + $db->f('Index_length')   + $db->f('Data_free');
     }
     return $size;
@@ -467 +525 @@
     if (is_callable(array($admin,"checkPolicy"))) {
       if (!$admin->checkPolicy("mysql",$user,$password)) {
-        return false; // The error has been raised by checkPolicy()
+              return false; // The error has been raised by checkPolicy()
       }
     }
 
     // We create the user account (the "file" right is the only one we need globally to be able to use load data into outfile)
-    $db->query("GRANT file ON *.* TO '$user'@'$this->client' IDENTIFIED BY '$pass';");
+    $this->dbu->query("GRANT file ON *.* TO '$user'@'$this->client' IDENTIFIED BY '$pass';");
     // We add him to the user table 
     $db->query("INSERT INTO dbusers (uid,name) VALUES($cuid,'$user');");
@@ -505 +563 @@
     }
 
-    $db->query("SET PASSWORD FOR '$user'@'$this->client' = PASSWORD('$pass')");
+    $this->dbu->query("SET PASSWORD FOR '$user'@'$this->client' = PASSWORD('$pass')");
     return true;
   }
@@ -533 +591 @@
 
     // Ok, database exists and dbname is compliant. Let's proceed
-    $db->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'$this->client';");
-    $db->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';");
-    $db->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';");
-    $db->query("FLUSH PRIVILEGES");
-    $db->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';");
+    $this->dbu->query("REVOKE ALL PRIVILEGES ON *.* FROM '".$mem->user["login"]."_$user'@'$this->client';");
+    $this->dbu->query("DELETE FROM mysql.db WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';");
+    $this->dbu->query("DELETE FROM mysql.user WHERE User='".$mem->user["login"]."_$user' AND Host='$this->client';");
+    $this->dbu->query("FLUSH PRIVILEGES");
+    $this->dbu->query("DELETE FROM dbusers WHERE uid='$cuid' AND name='".$mem->user["login"]."_$user';");
     return true;
   }
@@ -556 +614 @@
 
     for ( $i=0 ; $i<count($dblist) ; $i++ ) {
-      $db->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='$this->client' AND Db='".$dblist[$i]["db"]."';");
-      if ($db->next_record())
-        $r[]=array("db"=>$dblist[$i]["name"], "select"=>$db->f("Select_priv"), "insert"=>$db->f("Insert_priv"), "update"=>$db->f("Update_priv"), "delete"=>$db->f("Delete_priv"), "create"=>$db->f("Create_priv"), "drop"=>$db->f("Drop_priv"), "references"=>$db->f("References_priv"), "index"=>$db->f("Index_priv"), "alter"=>$db->f("Alter_priv"), "create_tmp"=>$db->f("Create_tmp_table_priv"), "lock"=>$db->f("Lock_tables_priv"));
+      $this->dbu->query("SELECT Db, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, References_priv, Index_priv, Alter_priv, Create_tmp_table_priv, Lock_tables_priv FROM mysql.db WHERE User='".$mem->user["login"].($user?"_":"").$user."' AND Host='$this->client' AND Db='".$dblist[$i]["db"]."';");
+      if ($this->dbu->next_record())
+        $r[]=array("db"=>$dblist[$i]["name"], "select"=>$this->dbu->f("Select_priv"), "insert"=>$this->dbu->f("Insert_priv"),   "update"=>$this->dbu->f("Update_priv"), "delete"=>$this->dbu->f("Delete_priv"), "create"=>$this->dbu->f("Create_priv"), "drop"=>$this->dbu->f("Drop_priv"), "references"=>$this->dbu->f("References_priv"), "index"=>$this->dbu->f("Index_priv"), "alter"=>$this->dbu->f("Alter_priv"), "create_tmp"=>$this->dbu->f("Create_tmp_table_priv"), "lock"=>$this->dbu->f("Lock_tables_priv"));
       else
         $r[]=array("db"=>$dblist[$i]["name"], "select"=>"N", "insert"=>"N", "update"=>"N", "delete"=>"N", "create"=>"N", "drop"=>"N", "references"=>"N", "index"=>"N", "alter"=>"N", "Create_tmp"=>"N", "lock"=>"N" );
@@ -620 +678 @@
 
     // We reset all user rights on this DB : 
-    $db->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
-    if($db->num_rows())
-      $db->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'$this->client';");
+    $this->dbu->query("SELECT * FROM mysql.db WHERE User = '$usern' AND Db = '$dbname';");
+    if($this->dbu->num_rows())
+      $this->dbu->query("REVOKE ALL PRIVILEGES ON $dbname.* FROM '$usern'@'$this->client';");
     if( $strrights ){
       $strrights=substr($strrights,0,strlen($strrights)-1);
-      $db->query("GRANT $strrights ON $dbname.* TO '$usern'@'$this->client';");      
-    }
-    $db->query("FLUSH PRIVILEGES");
+      $this->dbu->query("GRANT $strrights ON $dbname.* TO '$usern'@'$this->client';");      
+    }
+    $this->dbu->query("FLUSH PRIVILEGES");
     return TRUE;
   }
@@ -702 +760 @@
    */
   function alternc_export($tmpdir) {
+//TODO don't work with separated sql server for dbusers
     global $db,$err,$cuid;
     $err->log("mysql","export");