From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
server/plugins-available/mongo_clientdb_plugin.inc.php | 159 ++++++++++++++++++++++++++++------------------------
1 files changed, 85 insertions(+), 74 deletions(-)
diff --git a/server/plugins-available/mongo_clientdb_plugin.inc.php b/server/plugins-available/mongo_clientdb_plugin.inc.php
index 545fe9e..b4d274c 100644
--- a/server/plugins-available/mongo_clientdb_plugin.inc.php
+++ b/server/plugins-available/mongo_clientdb_plugin.inc.php
@@ -32,6 +32,8 @@
* The MongoDB client plugin is used by ISPConfig to control the management of MongoDB.
* If handles everything from creating DBs/Users, update them or delete them.
*/
+
+
class mongo_clientdb_plugin {
/**
@@ -49,9 +51,14 @@
*/
function onInstall() {
global $conf;
-
- return (bool) $conf['services']['db'];
+
+ if($conf['services']['db'] == true && class_exists('MongoClient')) {
+ return true;
+ } else {
+ return false;
+ }
}
+
/**
* This function is called when the plugin is loaded.
@@ -65,14 +72,14 @@
global $app;
//* Databases
- $app->plugins->registerEvent('database_insert',$this->plugin_name,'db_insert');
- $app->plugins->registerEvent('database_update',$this->plugin_name,'db_update');
- $app->plugins->registerEvent('database_delete',$this->plugin_name,'db_delete');
+ $app->plugins->registerEvent('database_insert', $this->plugin_name, 'db_insert');
+ $app->plugins->registerEvent('database_update', $this->plugin_name, 'db_update');
+ $app->plugins->registerEvent('database_delete', $this->plugin_name, 'db_delete');
//* Database users
- $app->plugins->registerEvent('database_user_insert',$this->plugin_name,'db_user_insert');
- $app->plugins->registerEvent('database_user_update',$this->plugin_name,'db_user_update');
- $app->plugins->registerEvent('database_user_delete',$this->plugin_name,'db_user_delete');
+ $app->plugins->registerEvent('database_user_insert', $this->plugin_name, 'db_user_insert');
+ $app->plugins->registerEvent('database_user_update', $this->plugin_name, 'db_user_update');
+ $app->plugins->registerEvent('database_user_delete', $this->plugin_name, 'db_user_delete');
}
@@ -166,10 +173,10 @@
if ($this->dropUser($user, $db)) {
return $this->addUser($db, array(
- 'username' => $user,
- 'password' => $password,
- 'roles' => $old_user['roles']
- ));
+ 'username' => $user,
+ 'password' => $password,
+ 'roles' => $old_user['roles']
+ ));
}
return false;
@@ -493,8 +500,8 @@
return;
}
- $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");
- $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");
+ $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
+ $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);
$user = $db_user['database_user'];
$password = $db_user['database_password_mongo'];
@@ -505,41 +512,42 @@
$db = $data['new']['database_name'];
if ((bool) $db_user) {
- if ($user == 'root') {
- $app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
- } else {
- if (!$this->addUser($db, array(
- 'username' => $user,
- 'password' => $password,
- 'roles' => array(
- "readWrite",
- "dbAdmin"
- )
- ))) {
- $app->log("Error while adding user: ".$user." to DB: ".$db, LOGLEVEL_WARNING);
+ if ($user == 'root') {
+ $app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
+ } else {
+ if (!$this->addUser($db, array(
+ 'username' => $user,
+ 'password' => $password,
+ 'roles' => array(
+ "readWrite",
+ "dbAdmin"
+ )
+ ))) {
+ $app->log("Error while adding user: ".$user." to DB: ".$db, LOGLEVEL_WARNING);
+ }
}
- }
}
if ($db_ro_user && $data['new']['database_user_id'] != $data['new']['database_ro_user_id']) {
- if ($user == 'root') {
- $app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
- } else {
- if (!$this->addUser($db, array(
- 'username' => $ro_user,
- 'password' => $ro_password,
- 'roles' => array(
- "read"
- )
- ))) {
- $app->log("Error while adding read-only user: ".$user." to DB: ".$db, LOGLEVEL_WARNING);
+ if ($user == 'root') {
+ $app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
+ } else {
+ if (!$this->addUser($db, array(
+ 'username' => $ro_user,
+ 'password' => $ro_password,
+ 'roles' => array(
+ "read"
+ )
+ ))) {
+ $app->log("Error while adding read-only user: ".$user." to DB: ".$db, LOGLEVEL_WARNING);
+ }
}
- }
}
$this->disconnect();
}
}
+
/**
* This function is called when a DB is updated from within the ISPConfig interface.
@@ -551,7 +559,7 @@
* @param array $data the event data (old and new)
* @return only if something is wrong
*/
- function db_update($event_name,$data) {
+ function db_update($event_name, $data) {
global $app, $conf;
if ($data['old']['active'] == 'n' && $data['new']['active'] == 'n') {
@@ -565,8 +573,8 @@
return;
}
- $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_user_id']) . "'");
- $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['new']['database_ro_user_id']) . "'");
+ $db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
+ $db_ro_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_ro_user_id']);
$user = $db_user['database_user'];
$password = $db_user['database_password_mongo'];
@@ -582,17 +590,17 @@
// users to a given DB
$this->db_insert($event_name, $data);
} else if ($data['new']['active'] == 'n' && $data['old']['active'] == 'y') {
- $users = $this->getUsers($db);
+ $users = $this->getUsers($db);
- if ((bool) $users) {
- foreach ($users as $user) {
- $this->dropUser($user, $db);
+ if ((bool) $users) {
+ foreach ($users as $user) {
+ $this->dropUser($user, $db);
+ }
}
- }
- } else {
+ } else {
// selected user has changed -> drop old one
if ($data['new']['database_user_id'] != $data['old']['database_user_id']) {
- $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_user_id']) . "'");
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);
if ((bool) $old_db_user) {
if ($old_db_user['database_user'] == 'root') {
@@ -605,11 +613,11 @@
// selected read-only user has changed -> drop old one
if ($data['new']['database_ro_user_id'] != $data['old']['database_ro_user_id']) {
- $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = '" . intval($data['old']['database_ro_user_id']) . "'");
+ $old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password_mongo` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_ro_user_id']);
if ((bool) $old_db_user) {
if ($old_db_user['database_user'] == 'root') {
- $app->log("User root not allowed for client databases",LOGLEVEL_WARNING);
+ $app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
} else {
$this->dropUser($old_db_user['database_user'], $db);
}
@@ -623,13 +631,13 @@
$app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
} else {
$this->addUser($db, array(
- 'username' => $user,
- 'password' => $password,
- 'roles' => array(
- "readWrite",
- "dbAdmin"
- )
- ));
+ 'username' => $user,
+ 'password' => $password,
+ 'roles' => array(
+ "readWrite",
+ "dbAdmin"
+ )
+ ));
}
}
}
@@ -641,12 +649,12 @@
$app->log("User root not allowed for client databases", LOGLEVEL_WARNING);
} else {
$this->addUser($db, array(
- 'username' => $ro_user,
- 'password' => $ro_password,
- 'roles' => array(
- "read"
- )
- ));
+ 'username' => $ro_user,
+ 'password' => $ro_password,
+ 'roles' => array(
+ "read"
+ )
+ ));
}
}
}
@@ -676,6 +684,7 @@
$this->disconnect();
}
+
/**
* This function is called when a DB is deleted from within the ISPConfig interface.
* All we need to do is to delete the database.
@@ -684,7 +693,7 @@
* @param array $data the event data (old and new)
* @return only if something is wrong
*/
- function db_delete($event_name,$data) {
+ function db_delete($event_name, $data) {
global $app, $conf;
if ($data['old']['type'] == 'mongo') {
@@ -714,7 +723,8 @@
* @param string $event_name the name of the event (insert, update, delete)
* @param array $data the event data (old and new)
*/
- function db_user_insert($event_name,$data) {}
+ function db_user_insert($event_name, $data) {}
+
/**
* This function is called when a user is updated from within the ISPConfig interface.
@@ -725,13 +735,13 @@
* @param array $data the event data (old and new)
* @return only if something is wrong
*/
- function db_user_update($event_name,$data) {
+ function db_user_update($event_name, $data) {
global $app, $conf;
if ($data['old']['database_user'] == $data['new']['database_user']
- && ($data['old']['database_password'] == $data['new']['database_password']
- || $data['new']['database_password'] == '')) {
- return;
+ && ($data['old']['database_password'] == $data['new']['database_password']
+ || $data['new']['database_password'] == '')) {
+ return;
}
if ($this->connect() === false) {
@@ -751,10 +761,10 @@
if ($this->dropUser($data['old']['database_user'], $db)) {
if ($this->addUser($db, array(
- 'username' => $data['new']['database_user'],
- 'password' => md5($data['new']['database_password_mongo']),
- 'roles' => $user['roles']
- ))) {
+ 'username' => $data['new']['database_user'],
+ 'password' => md5($data['new']['database_password_mongo']),
+ 'roles' => $user['roles']
+ ))) {
$app->log("Created user: ".$data['new']['database_user']." in DB: ".$db, LOGLEVEL_DEBUG);
} else {
$app->log("Couldn't create user: ".$data['new']['database_user']." in DB: ".$db, LOGLEVEL_WARNING);
@@ -791,6 +801,7 @@
$this->disconnect();
}
+
/**
* This function is called when a user is deleted from within the ISPConfig interface.
* Since MongoDB uses per-DB user management, we have to find every database where the user is
--
Gitblit v1.9.1