nextcloud /
server
@@ -36,167 +36,167 @@ |
||
| 36 | 36 | use OCP\Security\ISecureRandom; |
| 37 | 37 | |
| 38 | 38 | class MySQL extends AbstractDatabase { |
| 39 | - public $dbprettyname = 'MySQL/MariaDB'; |
|
| 40 | - |
|
| 41 | - public function setupDatabase($username) { |
|
| 42 | - //check if the database user has admin right |
|
| 43 | - $connection = $this->connect(['dbname' => null]); |
|
| 44 | - |
|
| 45 | - // detect mb4 |
|
| 46 | - $tools = new MySqlTools(); |
|
| 47 | - if ($tools->supports4ByteCharset(new ConnectionAdapter($connection))) { |
|
| 48 | - $this->config->setValue('mysql.utf8mb4', true); |
|
| 49 | - $connection = $this->connect(['dbname' => null]); |
|
| 50 | - } |
|
| 51 | - |
|
| 52 | - $this->createSpecificUser($username, new ConnectionAdapter($connection)); |
|
| 53 | - |
|
| 54 | - //create the database |
|
| 55 | - $this->createDatabase($connection); |
|
| 56 | - |
|
| 57 | - //fill the database if needed |
|
| 58 | - $query = 'select count(*) from information_schema.tables where table_schema=? AND table_name = ?'; |
|
| 59 | - $connection->executeQuery($query, [$this->dbName, $this->tablePrefix.'users']); |
|
| 60 | - |
|
| 61 | - $connection->close(); |
|
| 62 | - $connection = $this->connect(); |
|
| 63 | - try { |
|
| 64 | - $connection->connect(); |
|
| 65 | - } catch (\Exception $e) { |
|
| 66 | - $this->logger->error($e->getMessage(), [ |
|
| 67 | - 'exception' => $e, |
|
| 68 | - ]); |
|
| 69 | - throw new \OC\DatabaseSetupException($this->trans->t('MySQL username and/or password not valid'), |
|
| 70 | - $this->trans->t('You need to enter details of an existing account.'), 0, $e); |
|
| 71 | - } |
|
| 72 | - } |
|
| 73 | - |
|
| 74 | - /** |
|
| 75 | - * @param \OC\DB\Connection $connection |
|
| 76 | - */ |
|
| 77 | - private function createDatabase($connection) { |
|
| 78 | - try { |
|
| 79 | - $name = $this->dbName; |
|
| 80 | - $user = $this->dbUser; |
|
| 81 | - //we can't use OC_DB functions here because we need to connect as the administrative user. |
|
| 82 | - $characterSet = $this->config->getValue('mysql.utf8mb4', false) ? 'utf8mb4' : 'utf8'; |
|
| 83 | - $query = "CREATE DATABASE IF NOT EXISTS `$name` CHARACTER SET $characterSet COLLATE {$characterSet}_bin;"; |
|
| 84 | - $connection->executeUpdate($query); |
|
| 85 | - } catch (\Exception $ex) { |
|
| 86 | - $this->logger->error('Database creation failed.', [ |
|
| 87 | - 'exception' => $ex, |
|
| 88 | - 'app' => 'mysql.setup', |
|
| 89 | - ]); |
|
| 90 | - return; |
|
| 91 | - } |
|
| 92 | - |
|
| 93 | - try { |
|
| 94 | - //this query will fail if there aren't the right permissions, ignore the error |
|
| 95 | - $query = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `$name` . * TO '$user'"; |
|
| 96 | - $connection->executeUpdate($query); |
|
| 97 | - } catch (\Exception $ex) { |
|
| 98 | - $this->logger->debug('Could not automatically grant privileges, this can be ignored if database user already had privileges.', [ |
|
| 99 | - 'exception' => $ex, |
|
| 100 | - 'app' => 'mysql.setup', |
|
| 101 | - ]); |
|
| 102 | - } |
|
| 103 | - } |
|
| 104 | - |
|
| 105 | - /** |
|
| 106 | - * @param IDBConnection $connection |
|
| 107 | - * @throws \OC\DatabaseSetupException |
|
| 108 | - */ |
|
| 109 | - private function createDBUser($connection) { |
|
| 110 | - try { |
|
| 111 | - $name = $this->dbUser; |
|
| 112 | - $password = $this->dbPassword; |
|
| 113 | - // we need to create 2 accounts, one for global use and one for local user. if we don't specify the local one, |
|
| 114 | - // the anonymous user would take precedence when there is one. |
|
| 115 | - |
|
| 116 | - if ($connection->getDatabasePlatform() instanceof Mysql80Platform) { |
|
| 117 | - $query = "CREATE USER '$name'@'localhost' IDENTIFIED WITH mysql_native_password BY '$password'"; |
|
| 118 | - $connection->executeUpdate($query); |
|
| 119 | - $query = "CREATE USER '$name'@'%' IDENTIFIED WITH mysql_native_password BY '$password'"; |
|
| 120 | - $connection->executeUpdate($query); |
|
| 121 | - } else { |
|
| 122 | - $query = "CREATE USER '$name'@'localhost' IDENTIFIED BY '$password'"; |
|
| 123 | - $connection->executeUpdate($query); |
|
| 124 | - $query = "CREATE USER '$name'@'%' IDENTIFIED BY '$password'"; |
|
| 125 | - $connection->executeUpdate($query); |
|
| 126 | - } |
|
| 127 | - } catch (\Exception $ex) { |
|
| 128 | - $this->logger->error('Database user creation failed.', [ |
|
| 129 | - 'exception' => $ex, |
|
| 130 | - 'app' => 'mysql.setup', |
|
| 131 | - ]); |
|
| 132 | - throw $ex; |
|
| 133 | - } |
|
| 134 | - } |
|
| 135 | - |
|
| 136 | - /** |
|
| 137 | - * @param $username |
|
| 138 | - * @param IDBConnection $connection |
|
| 139 | - */ |
|
| 140 | - private function createSpecificUser($username, $connection): void { |
|
| 141 | - $rootUser = $this->dbUser; |
|
| 142 | - $rootPassword = $this->dbPassword; |
|
| 143 | - |
|
| 144 | - //create a random password so we don't need to store the admin password in the config file |
|
| 145 | - $saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS); |
|
| 146 | - $password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols) |
|
| 147 | - . $this->random->generate(2, ISecureRandom::CHAR_UPPER) |
|
| 148 | - . $this->random->generate(2, ISecureRandom::CHAR_LOWER) |
|
| 149 | - . $this->random->generate(2, ISecureRandom::CHAR_DIGITS) |
|
| 150 | - . $this->random->generate(2, $saveSymbols) |
|
| 151 | - ; |
|
| 152 | - $this->dbPassword = str_shuffle($password); |
|
| 153 | - |
|
| 154 | - try { |
|
| 155 | - //user already specified in config |
|
| 156 | - $oldUser = $this->config->getValue('dbuser', false); |
|
| 157 | - |
|
| 158 | - //we don't have a dbuser specified in config |
|
| 159 | - if ($this->dbUser !== $oldUser) { |
|
| 160 | - //add prefix to the admin username to prevent collisions |
|
| 161 | - $adminUser = substr('oc_' . $username, 0, 16); |
|
| 162 | - |
|
| 163 | - $i = 1; |
|
| 164 | - while (true) { |
|
| 165 | - //this should be enough to check for admin rights in mysql |
|
| 166 | - $query = 'SELECT user FROM mysql.user WHERE user=?'; |
|
| 167 | - $result = $connection->executeQuery($query, [$adminUser]); |
|
| 168 | - |
|
| 169 | - //current dbuser has admin rights |
|
| 170 | - $data = $result->fetchAll(); |
|
| 171 | - $result->closeCursor(); |
|
| 172 | - //new dbuser does not exist |
|
| 173 | - if (count($data) === 0) { |
|
| 174 | - //use the admin login data for the new database user |
|
| 175 | - $this->dbUser = $adminUser; |
|
| 176 | - $this->createDBUser($connection); |
|
| 177 | - |
|
| 178 | - break; |
|
| 179 | - } else { |
|
| 180 | - //repeat with different username |
|
| 181 | - $length = strlen((string)$i); |
|
| 182 | - $adminUser = substr('oc_' . $username, 0, 16 - $length) . $i; |
|
| 183 | - $i++; |
|
| 184 | - } |
|
| 185 | - } |
|
| 186 | - } |
|
| 187 | - } catch (\Exception $ex) { |
|
| 188 | - $this->logger->info('Can not create a new MySQL user, will continue with the provided user.', [ |
|
| 189 | - 'exception' => $ex, |
|
| 190 | - 'app' => 'mysql.setup', |
|
| 191 | - ]); |
|
| 192 | - // Restore the original credentials |
|
| 193 | - $this->dbUser = $rootUser; |
|
| 194 | - $this->dbPassword = $rootPassword; |
|
| 195 | - } |
|
| 196 | - |
|
| 197 | - $this->config->setValues([ |
|
| 198 | - 'dbuser' => $this->dbUser, |
|
| 199 | - 'dbpassword' => $this->dbPassword, |
|
| 200 | - ]); |
|
| 201 | - } |
|
| 39 | + public $dbprettyname = 'MySQL/MariaDB'; |
|
| 40 | + |
|
| 41 | + public function setupDatabase($username) { |
|
| 42 | + //check if the database user has admin right |
|
| 43 | + $connection = $this->connect(['dbname' => null]); |
|
| 44 | + |
|
| 45 | + // detect mb4 |
|
| 46 | + $tools = new MySqlTools(); |
|
| 47 | + if ($tools->supports4ByteCharset(new ConnectionAdapter($connection))) { |
|
| 48 | + $this->config->setValue('mysql.utf8mb4', true); |
|
| 49 | + $connection = $this->connect(['dbname' => null]); |
|
| 50 | + } |
|
| 51 | + |
|
| 52 | + $this->createSpecificUser($username, new ConnectionAdapter($connection)); |
|
| 53 | + |
|
| 54 | + //create the database |
|
| 55 | + $this->createDatabase($connection); |
|
| 56 | + |
|
| 57 | + //fill the database if needed |
|
| 58 | + $query = 'select count(*) from information_schema.tables where table_schema=? AND table_name = ?'; |
|
| 59 | + $connection->executeQuery($query, [$this->dbName, $this->tablePrefix.'users']); |
|
| 60 | + |
|
| 61 | + $connection->close(); |
|
| 62 | + $connection = $this->connect(); |
|
| 63 | + try { |
|
| 64 | + $connection->connect(); |
|
| 65 | + } catch (\Exception $e) { |
|
| 66 | + $this->logger->error($e->getMessage(), [ |
|
| 67 | + 'exception' => $e, |
|
| 68 | + ]); |
|
| 69 | + throw new \OC\DatabaseSetupException($this->trans->t('MySQL username and/or password not valid'), |
|
| 70 | + $this->trans->t('You need to enter details of an existing account.'), 0, $e); |
|
| 71 | + } |
|
| 72 | + } |
|
| 73 | + |
|
| 74 | + /** |
|
| 75 | + * @param \OC\DB\Connection $connection |
|
| 76 | + */ |
|
| 77 | + private function createDatabase($connection) { |
|
| 78 | + try { |
|
| 79 | + $name = $this->dbName; |
|
| 80 | + $user = $this->dbUser; |
|
| 81 | + //we can't use OC_DB functions here because we need to connect as the administrative user. |
|
| 82 | + $characterSet = $this->config->getValue('mysql.utf8mb4', false) ? 'utf8mb4' : 'utf8'; |
|
| 83 | + $query = "CREATE DATABASE IF NOT EXISTS `$name` CHARACTER SET $characterSet COLLATE {$characterSet}_bin;"; |
|
| 84 | + $connection->executeUpdate($query); |
|
| 85 | + } catch (\Exception $ex) { |
|
| 86 | + $this->logger->error('Database creation failed.', [ |
|
| 87 | + 'exception' => $ex, |
|
| 88 | + 'app' => 'mysql.setup', |
|
| 89 | + ]); |
|
| 90 | + return; |
|
| 91 | + } |
|
| 92 | + |
|
| 93 | + try { |
|
| 94 | + //this query will fail if there aren't the right permissions, ignore the error |
|
| 95 | + $query = "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `$name` . * TO '$user'"; |
|
| 96 | + $connection->executeUpdate($query); |
|
| 97 | + } catch (\Exception $ex) { |
|
| 98 | + $this->logger->debug('Could not automatically grant privileges, this can be ignored if database user already had privileges.', [ |
|
| 99 | + 'exception' => $ex, |
|
| 100 | + 'app' => 'mysql.setup', |
|
| 101 | + ]); |
|
| 102 | + } |
|
| 103 | + } |
|
| 104 | + |
|
| 105 | + /** |
|
| 106 | + * @param IDBConnection $connection |
|
| 107 | + * @throws \OC\DatabaseSetupException |
|
| 108 | + */ |
|
| 109 | + private function createDBUser($connection) { |
|
| 110 | + try { |
|
| 111 | + $name = $this->dbUser; |
|
| 112 | + $password = $this->dbPassword; |
|
| 113 | + // we need to create 2 accounts, one for global use and one for local user. if we don't specify the local one, |
|
| 114 | + // the anonymous user would take precedence when there is one. |
|
| 115 | + |
|
| 116 | + if ($connection->getDatabasePlatform() instanceof Mysql80Platform) { |
|
| 117 | + $query = "CREATE USER '$name'@'localhost' IDENTIFIED WITH mysql_native_password BY '$password'"; |
|
| 118 | + $connection->executeUpdate($query); |
|
| 119 | + $query = "CREATE USER '$name'@'%' IDENTIFIED WITH mysql_native_password BY '$password'"; |
|
| 120 | + $connection->executeUpdate($query); |
|
| 121 | + } else { |
|
| 122 | + $query = "CREATE USER '$name'@'localhost' IDENTIFIED BY '$password'"; |
|
| 123 | + $connection->executeUpdate($query); |
|
| 124 | + $query = "CREATE USER '$name'@'%' IDENTIFIED BY '$password'"; |
|
| 125 | + $connection->executeUpdate($query); |
|
| 126 | + } |
|
| 127 | + } catch (\Exception $ex) { |
|
| 128 | + $this->logger->error('Database user creation failed.', [ |
|
| 129 | + 'exception' => $ex, |
|
| 130 | + 'app' => 'mysql.setup', |
|
| 131 | + ]); |
|
| 132 | + throw $ex; |
|
| 133 | + } |
|
| 134 | + } |
|
| 135 | + |
|
| 136 | + /** |
|
| 137 | + * @param $username |
|
| 138 | + * @param IDBConnection $connection |
|
| 139 | + */ |
|
| 140 | + private function createSpecificUser($username, $connection): void { |
|
| 141 | + $rootUser = $this->dbUser; |
|
| 142 | + $rootPassword = $this->dbPassword; |
|
| 143 | + |
|
| 144 | + //create a random password so we don't need to store the admin password in the config file |
|
| 145 | + $saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS); |
|
| 146 | + $password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols) |
|
| 147 | + . $this->random->generate(2, ISecureRandom::CHAR_UPPER) |
|
| 148 | + . $this->random->generate(2, ISecureRandom::CHAR_LOWER) |
|
| 149 | + . $this->random->generate(2, ISecureRandom::CHAR_DIGITS) |
|
| 150 | + . $this->random->generate(2, $saveSymbols) |
|
| 151 | + ; |
|
| 152 | + $this->dbPassword = str_shuffle($password); |
|
| 153 | + |
|
| 154 | + try { |
|
| 155 | + //user already specified in config |
|
| 156 | + $oldUser = $this->config->getValue('dbuser', false); |
|
| 157 | + |
|
| 158 | + //we don't have a dbuser specified in config |
|
| 159 | + if ($this->dbUser !== $oldUser) { |
|
| 160 | + //add prefix to the admin username to prevent collisions |
|
| 161 | + $adminUser = substr('oc_' . $username, 0, 16); |
|
| 162 | + |
|
| 163 | + $i = 1; |
|
| 164 | + while (true) { |
|
| 165 | + //this should be enough to check for admin rights in mysql |
|
| 166 | + $query = 'SELECT user FROM mysql.user WHERE user=?'; |
|
| 167 | + $result = $connection->executeQuery($query, [$adminUser]); |
|
| 168 | + |
|
| 169 | + //current dbuser has admin rights |
|
| 170 | + $data = $result->fetchAll(); |
|
| 171 | + $result->closeCursor(); |
|
| 172 | + //new dbuser does not exist |
|
| 173 | + if (count($data) === 0) { |
|
| 174 | + //use the admin login data for the new database user |
|
| 175 | + $this->dbUser = $adminUser; |
|
| 176 | + $this->createDBUser($connection); |
|
| 177 | + |
|
| 178 | + break; |
|
| 179 | + } else { |
|
| 180 | + //repeat with different username |
|
| 181 | + $length = strlen((string)$i); |
|
| 182 | + $adminUser = substr('oc_' . $username, 0, 16 - $length) . $i; |
|
| 183 | + $i++; |
|
| 184 | + } |
|
| 185 | + } |
|
| 186 | + } |
|
| 187 | + } catch (\Exception $ex) { |
|
| 188 | + $this->logger->info('Can not create a new MySQL user, will continue with the provided user.', [ |
|
| 189 | + 'exception' => $ex, |
|
| 190 | + 'app' => 'mysql.setup', |
|
| 191 | + ]); |
|
| 192 | + // Restore the original credentials |
|
| 193 | + $this->dbUser = $rootUser; |
|
| 194 | + $this->dbPassword = $rootPassword; |
|
| 195 | + } |
|
| 196 | + |
|
| 197 | + $this->config->setValues([ |
|
| 198 | + 'dbuser' => $this->dbUser, |
|
| 199 | + 'dbpassword' => $this->dbPassword, |
|
| 200 | + ]); |
|
| 201 | + } |
|
| 202 | 202 | } |
@@ -143,7 +143,7 @@ discard block |
||
| 143 | 143 | |
| 144 | 144 | //create a random password so we don't need to store the admin password in the config file |
| 145 | 145 | $saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS); |
| 146 | - $password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols) |
|
| 146 | + $password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC.$saveSymbols) |
|
| 147 | 147 | . $this->random->generate(2, ISecureRandom::CHAR_UPPER) |
| 148 | 148 | . $this->random->generate(2, ISecureRandom::CHAR_LOWER) |
| 149 | 149 | . $this->random->generate(2, ISecureRandom::CHAR_DIGITS) |
@@ -158,7 +158,7 @@ discard block |
||
| 158 | 158 | //we don't have a dbuser specified in config |
| 159 | 159 | if ($this->dbUser !== $oldUser) { |
| 160 | 160 | //add prefix to the admin username to prevent collisions |
| 161 | - $adminUser = substr('oc_' . $username, 0, 16); |
|
| 161 | + $adminUser = substr('oc_'.$username, 0, 16); |
|
| 162 | 162 | |
| 163 | 163 | $i = 1; |
| 164 | 164 | while (true) { |
@@ -178,8 +178,8 @@ discard block |
||
| 178 | 178 | break; |
| 179 | 179 | } else { |
| 180 | 180 | //repeat with different username |
| 181 | - $length = strlen((string)$i); |
|
| 182 | - $adminUser = substr('oc_' . $username, 0, 16 - $length) . $i; |
|
| 181 | + $length = strlen((string) $i); |
|
| 182 | + $adminUser = substr('oc_'.$username, 0, 16 - $length).$i; |
|
| 183 | 183 | $i++; |
| 184 | 184 | } |
| 185 | 185 | } |
