update sql-users with their corresponding password-hash-algorithm; remove a few notices for empty values in str_replace and others

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2024-09-21 02:17:34 +00:00 · 2022-07-17 12:03:37 +02:00 · 2022-07-17 12:03:37 +02:00 · faba5b0715
commit faba5b0715
parent 430aefe0f7
4 changed files with 22 additions and 7 deletions
--- a/lib/Froxlor/Api/Commands/Admins.php
+++ b/lib/Froxlor/Api/Commands/Admins.php
@ -528,7 +528,7 @@ class Admins extends ApiCommand implements ResourceEntity
 				$email = $this->getParam('email', true, $idna_convert->decode($result['email']));
 				$password = $this->getParam('admin_password', true, '');
 				$def_language = $this->getParam('def_language', true, $result['def_language']);
-				$custom_notes = $this->getParam('custom_notes', true, $result['custom_notes']);
+				$custom_notes = $this->getParam('custom_notes', true, ($result['custom_notes'] ?? ""));
 				$custom_notes_show = $this->getBoolParam('custom_notes_show', true, $result['custom_notes_show']);
 				$theme = $this->getParam('theme', true, $result['theme']);

--- a/lib/Froxlor/Database/DbManager.php
+++ b/lib/Froxlor/Database/DbManager.php
@ -111,7 +111,11 @@ class DbManager

 			foreach ($databases as $username) {
 				if (isset($users[$username]) && is_array($users[$username]) && isset($users[$username]['hosts']) && is_array($users[$username]['hosts'])) {
-					$password = $users[$username]['password'];
+
+					$password = [
+						'password' => $users[$username]['password'],
+						'plugin' => $users[$username]['plugin']
+					];

 					foreach ($mysql_access_host_array as $mysql_access_host) {
 						$mysql_access_host = trim($mysql_access_host);
--- a/lib/Froxlor/Database/Manager/DbManagerMySQL.php
+++ b/lib/Froxlor/Database/Manager/DbManagerMySQL.php
@ -70,7 +70,7 @@ class DbManagerMySQL
 	 * username and sets the password for that user the given access_host
 	 *
 	 * @param string $username
-	 * @param string $password
+	 * @param string|array $password
 	 * @param string $access_host
 	 * @param bool $p_encrypted
 	 *            optional, whether the password is encrypted or not, default false
@ -79,6 +79,12 @@ class DbManagerMySQL
 	 */
 	public function grantPrivilegesTo($username = null, $password = null, $access_host = null, $p_encrypted = false, $update = false)
 	{
+		$pwd_plugin = 'mysql_native_password';
+		if (is_array($password) && count($password) == 2) {
+			$pwd_plugin = $password['plugin'];
+			$password = $password['password'];
+		}
+
 		if (!$update) {
 			// create user
 			if ($p_encrypted) {
@ -88,7 +94,7 @@ class DbManagerMySQL
 					");
 				} else {
 					$stmt = Database::prepare("
-						CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH mysql_native_password AS :password
+						CREATE USER '" . $username . "'@'" . $access_host . "' IDENTIFIED WITH " . $pwd_plugin . " AS :password
 					");
 				}
 			} else {
@ -117,7 +123,7 @@ class DbManagerMySQL
 				}
 			} else {
 				if ($p_encrypted) {
-					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH mysql_native_password AS :password");
+					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED WITH " . $pwd_plugin . " AS :password");
 				} else {
 					$stmt = Database::prepare("ALTER USER :username@:host IDENTIFIED BY :password");
 				}
@ -252,6 +258,7 @@ class DbManagerMySQL
 				if (!isset($allsqlusers[$row['User']]) || !is_array($allsqlusers[$row['User']])) {
 					$allsqlusers[$row['User']] = [
 						'password' => $row['Password'] ?? $row['authentication_string'],
+						'plugin' => $row['plugin'] ?? 'mysql_native_password',
 						'hosts' => []
 					];
 				}
--- a/tests/Mysqls/MysqlsTest.php
+++ b/tests/Mysqls/MysqlsTest.php
@ -319,7 +319,7 @@ class MysqlsTest extends TestCase
 		$users = $dbm->getManager()->getAllSqlUsers(false);
 		foreach ($users as $user => $data) {
 			if (strtolower($user) == 'mariadb.sys') {
-				// travis seems to have a user for mariadb on version 10.4
+				// some systems seem to have a user for mariadb on version 10.4
 				// we do not want to test that one
 				continue;
 			}
@ -334,7 +334,11 @@ class MysqlsTest extends TestCase

 		// grant privileges to another host
 		$testdata = $users['froxlor010'];
-		$dbm->getManager()->grantPrivilegesTo('froxlor010', $testdata['password'], '10.0.0.10', true);
+		$password = [
+			'password' => $testdata['password'],
+			'plugin' => $testdata['plugin']
+		];
+		$dbm->getManager()->grantPrivilegesTo('froxlor010', $password, '10.0.0.10', true);

 		// select all entries from mysql.user for froxlor010 to compare password-hashes
 		$sel_stmt = Database::prepare("SELECT * FROM mysql.user WHERE `User` = :usr");