Merge branch '5418-database-user-creation-not-working-on-mysql-8' into 'stable-3.1'

Resolve "Database user creation not working on MySQL 8"

Closes #5418

See merge request ispconfig/ispconfig3!1127

Author: Till Brehm

install/lib/installer_base.lib.php

@@ -235,21 +235,27 @@ public function reconfigure_app($service, $reconfigure_services_answer) {
 	public function configure_database() {
 		global $conf;
 
-		//* check sql-mode
-		/*$check_sql_mode = $this->db->queryOneRecord("SELECT @@sql_mode");
-
-		if ($check_sql_mode['@@sql_mode'] != '' && $check_sql_mode['@@sql_mode'] != 'NO_ENGINE_SUBSTITUTION') {
-			echo "Wrong SQL-mode. You should use NO_ENGINE_SUBSTITUTION. Add\n\n";
-			echo "    sql-mode=\"NO_ENGINE_SUBSTITUTION\"\n\n";
-			echo"to the mysqld-section in your mysql-config on this server and restart mysqld afterwards\n";
-			die();
-		}*/
-
-		$unwanted_sql_plugins = array('validate_password');
-		$sql_plugins = $this->db->queryAllRecords("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ?", $unwanted_sql_plugins);
-		if(is_array($sql_plugins) && !empty($sql_plugins)) {
-			foreach ($sql_plugins as $plugin) echo "Login in to MySQL and disable $plugin[plugin_name] with:\n\n    UNINSTALL PLUGIN $plugin[plugin_name];";
-			die();
+		//** Check for unwanted plugins
+		if ($this->db->getDatabaseType() == 'mysql' && $this->db->getDatabaseVersion(true) >= 8) {
+			// component approach since MySQL 8.0
+			$unwanted_components = [
+				'file://component_validate_password',
+			];
+			$sql_components = $this->db->queryAllRecords("SELECT * FROM mysql.component where component_urn IN ?", $unwanted_components);
+			if(is_array($sql_components) && !empty($sql_components)) {
+				foreach ($sql_components as $component) {
+					$component_name = parse_url($component['component_urn'], PHP_URL_HOST);
+					echo "Login in to MySQL and disable '{$component_name}' with:\n\n    UNINSTALL COMPONENT '{$component['component_urn']}';\n\n";
+				}
+				die();
+			}
+		} else {
+			$unwanted_sql_plugins = array('validate_password');
+			$sql_plugins = $this->db->queryAllRecords("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ?", $unwanted_sql_plugins);
+			if(is_array($sql_plugins) && !empty($sql_plugins)) {
+				foreach ($sql_plugins as $plugin) echo "Login in to MySQL and disable $plugin[plugin_name] with:\n\n    UNINSTALL PLUGIN $plugin[plugin_name];";
+				die();
+			}
 		}
 
 		//** Create the database
@@ -308,6 +314,15 @@ public function add_database_server_record() {
 		if(!$this->db->query($query, $conf['mysql']['database'] . ".*", $conf['mysql']['ispconfig_user'], $from_host)) {
 			$this->error('Unable to grant databse permissions to user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage);
 		}
+		
+		// add correct administrative rights to IPSConfig user (SUPER is deprecated and unnecessarily powerful)
+		 if ($this->db->getDatabaseType() == 'mysql' && $this->db->getDatabaseVersion(true) >= 8) {
+			// there might be more needed on replicated db environments, this was not tested
+			$query = 'GRANT SYSTEM_VARIABLES_ADMIN ON *.* TO ?@?';
+			if(!$this->db->query($query, $conf['mysql']['ispconfig_user'], $from_host)) {
+				$this->error('Unable to grant administrative permissions to user: '.$conf['mysql']['ispconfig_user'].' Error: '.$this->db->errorMessage);
+			}
+		}
 
 		//* Set the database name in the DB library
 		$this->db->setDBName($conf['mysql']['database']);

install/lib/mysql.lib.php

@@ -761,6 +761,41 @@ public function mapType($metaType, $typeValue) {
 			break;
 		}
 	}
+	
+	/**
+	 * Get the database type (mariadb or mysql)
+	 *
+	 * @access public
+	 * @return string 'mariadb' or string 'mysql'
+	 */
+	
+	public function getDatabaseType() {
+		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
+		if(stristr($tmp['version'],'mariadb')) {
+			return 'mariadb';
+		} else {
+			return 'mysql';
+		}
+	}
+	
+	/**
+	 * Get the database version
+	 *
+	 * @access public
+	 * @param bool   $major_version_only = true will return the major version only, e.g. 8 for MySQL 8
+	 * @return string version number
+	 */
+	
+	public function getDatabaseVersion($major_version_only = false) {
+		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
+		$version = explode('-', $tmp['version']);
+		if($major_version_only == true) {
+			$version_parts = explode('.', $version[0]);
+			return $version_parts[0];
+		} else {
+			return $version[0];
+		}
+	}
 
 }
 

install/sql/incremental/upd_dev_collection.sql

@@ -37,7 +37,7 @@ ALTER TABLE `mail_user` ADD `disableindexer-worker` ENUM('n','y') CHARACTER SET
 ALTER TABLE `dns_rr` CHANGE `type` `type` ENUM('A','AAAA','ALIAS','CNAME','DNAME','CAA','DS','HINFO','LOC','MX','NAPTR','NS','PTR','RP','SRV','SSHFP','TXT','TLSA','DNSKEY') NULL DEFAULT NULL AFTER `name`;
 
 -- change cc and sender_cc column type
-ALTER TABLE `mail_user` CHANGE `cc` `cc` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '';
+ALTER TABLE `mail_user` CHANGE `cc` `cc` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
 -- remove SPDY option
 ALTER TABLE `web_domain` DROP COLUMN `enable_spdy`;
@@ -62,7 +62,7 @@ ALTER TABLE `web_domain` CHANGE `nginx_directives` `nginx_directives` mediumtext
 ALTER TABLE `mail_user` MODIFY `move_junk` enum('y','a','n') NOT NULL DEFAULT 'y';
 
 -- Change id_rsa column to TEXT format
-ALTER TABLE `client` CHANGE `id_rsa` `id_rsa` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL DEFAULT '';
+ALTER TABLE `client` CHANGE `id_rsa` `id_rsa` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
 ALTER TABLE `directive_snippets` ADD `update_sites` ENUM('y','n') NOT NULL DEFAULT 'n' ;
 

install/sql/ispconfig3.sql

@@ -253,7 +253,7 @@ CREATE TABLE `client` (
   `canceled` enum('n','y') NOT NULL DEFAULT 'n',
   `can_use_api` enum('n','y') NOT NULL DEFAULT 'n',
   `tmp_data` mediumblob,
-  `id_rsa` text NOT NULL DEFAULT '',
+  `id_rsa` text,
   `ssh_rsa` varchar(600) NOT NULL DEFAULT '',
   `customer_no_template` varchar(255) DEFAULT 'R[CLIENTID]C[CUSTOMER_NO]',
   `customer_no_start` int(11) NOT NULL DEFAULT '1',
@@ -1040,7 +1040,7 @@ CREATE TABLE `mail_user` (
   `maildir` varchar(255) NOT NULL default '',
   `maildir_format` varchar(255) NOT NULL default 'maildir',
   `quota` bigint(20) NOT NULL default '-1',
-  `cc` text NOT NULL default '',
+  `cc` text,
   `sender_cc` varchar(255) NOT NULL default '',
   `homedir` varchar(255) NOT NULL default '',
   `autoresponder` enum('n','y') NOT NULL default 'n',

interface/lib/classes/db_mysql.inc.php

@@ -1106,6 +1106,76 @@ public function mapType($metaType, $typeValue) {
 		}
 	}
 
+	/**
+	 * Get the database type (mariadb or mysql)
+	 *
+	 * @access public
+	 * @return string 'mariadb' or string 'mysql'
+	 */
+	
+	public function getDatabaseType() {
+		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
+		if(stristr($tmp['version'],'mariadb')) {
+			return 'mariadb';
+		} else {
+			return 'mysql';
+		}
+	}
+
+	/**
+	 * Get the database version
+	 *
+	 * @access public
+	 * @param bool   $major_version_only = true will return the major version only, e.g. 8 for MySQL 8
+	 * @return string version number
+	 */
+
+	public function getDatabaseVersion($major_version_only = false) {
+		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
+		$version = explode('-', $tmp['version']);
+		if($major_version_only == true) {
+			$version_parts = explode('.', $version[0]);
+			return $version_parts[0];
+		} else {
+			return $version[0];
+		}
+	}
+	
+	/**
+	 * Get a mysql password hash
+	 *
+	 * @access public
+	 * @param string   cleartext password
+	 * @return string  Password hash
+	 */
+
+	public function getPasswordHash($password) {
+		
+		$password_type = 'password';
+		
+		/* Disabled until caching_sha2_password is implemented
+		if($this->getDatabaseType() == 'mysql' && $this->getDatabaseVersion(true) >= 8) {
+			// we are in MySQL 8 mode
+			$tmp = $this->queryOneRecord("show variables like 'default_authentication_plugin'");
+			if($tmp['default_authentication_plugin'] == 'caching_sha2_password') {
+				$password_type = 'caching_sha2_password';
+			}
+		}
+		*/
+		
+		if($password_type == 'caching_sha2_password') {
+			/*
+				caching_sha2_password hashing needs to be implemented, have not 
+				found valid PHP implementation for the new password hash type.
+			*/
+		} else {
+			$password_hash = '*'.strtoupper(sha1(sha1($password, true)));
+		}
+		
+		return $password_hash;
+	}
+
+
 }
 
 /**

interface/lib/classes/tform_base.inc.php

@@ -1358,8 +1358,7 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 								$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
 								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 							} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
-								$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
-								$record[$key] = $tmp['crypted'];
+								$record[$key] = $app->db->getPasswordHash($record[$key]);
 								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 							} else {
 								$record[$key] = md5(stripslashes($record[$key]));
@@ -1390,8 +1389,7 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 								$record[$key] = $app->auth->crypt_password(stripslashes($record[$key]),'ISO-8859-1');
 								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 							} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') {
-								$tmp = $app->db->queryOneRecord("SELECT PASSWORD(?) as `crypted`", stripslashes($record[$key]));
-								$record[$key] = $tmp['crypted'];
+								$record[$key] = $app->db->getPasswordHash($record[$key]);
 								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 							} else {
 								$record[$key] = md5(stripslashes($record[$key]));

server/lib/classes/db_mysql.inc.php

@@ -1106,6 +1106,75 @@ public function mapType($metaType, $typeValue) {
 		}
 	}
 
+	/**
+	 * Get the database type (mariadb or mysql)
+	 *
+	 * @access public
+	 * @return string 'mariadb' or string 'mysql'
+	 */
+
+	public function getDatabaseType() {
+		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
+		if(stristr($tmp['version'],'mariadb')) {
+			return 'mariadb';
+		} else {
+			return 'mysql';
+		}
+	}
+
+	/**
+	 * Get the database version
+	 *
+	 * @access public
+	 * @param bool   $major_version_only = true will return the major version only, e.g. 8 for MySQL 8
+	 * @return string version number
+	 */
+
+	public function getDatabaseVersion($major_version_only = false) {
+		$tmp = $this->queryOneRecord('SELECT VERSION() as version');
+		$version = explode('-', $tmp['version']);
+		if($major_version_only == true) {
+			$version_parts = explode('.', $version[0]);
+			return $version_parts[0];
+		} else {
+			return $version[0];
+		}
+	}
+	
+	/**
+	 * Get a mysql password hash
+	 *
+	 * @access public
+	 * @param string   cleartext password
+	 * @return string  Password hash
+	 */
+	
+	public function getPasswordHash($password) {
+		
+		$password_type = 'password';
+		
+		/* Disabled until caching_sha2_password is implemented
+		if($this->getDatabaseType() == 'mysql' && $this->getDatabaseVersion(true) >= 8) {
+			// we are in MySQL 8 mode
+			$tmp = $this->queryOneRecord("show variables like 'default_authentication_plugin'");
+			if($tmp['default_authentication_plugin'] == 'caching_sha2_password') {
+				$password_type = 'caching_sha2_password';
+			}
+		}
+		*/
+		
+		if($password_type == 'caching_sha2_password') {
+			/*
+				caching_sha2_password hashing needs to be implemented, have not 
+				found valid PHP implementation for the new password hash type.
+			*/
+		} else {
+			$password_hash = '*'.strtoupper(sha1(sha1($password, true)));
+		}
+		
+		return $password_hash;
+	}
+
 }
 
 /**