Merge branch 'stable-3.1' into 'stable-3.1'

Marius Burkard · Marius Burkard · commit b1337668df50 · 2017-09-06T16:41:57.000+02:00
Add check for mysql-plugin validate_password to allow passwords as hashes (Fixes #4777)

See merge request !635
diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
@@ -234,6 +234,13 @@ public function configure_database() {
 			die();
 		}
 
+		$unwanted_sql_plugins = array('validate_password');		
+		$sql_plugins = $inst->db->queryAllRecords("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ?", $unwanted_sql_plugins);
+		if(is_array($sql_plugins) && !empty($sql_plugins)) {
+			foreach ($sql_plugins as $plugin) echo "Login in to MySQL and disable $plugin[plugin_name] with:\n\n    UNINSTALL PLUGIN $plugin[plugin_name];";
+			die();
+		}
+
 		//** Create the database
 		if(!$this->db->query('CREATE DATABASE IF NOT EXISTS ?? DEFAULT CHARACTER SET ?', $conf['mysql']['database'], $conf['mysql']['charset'])) {
 			$this->error('Unable to create MySQL database: '.$conf['mysql']['database'].'.');
diff --git a/install/lib/update.lib.php b/install/lib/update.lib.php
@@ -132,6 +132,13 @@ function updateDbAndIni() {
 		die();
 	}
 
+	$unwanted_sql_plugins = array('validate_password');
+	$sql_plugins = $inst->db->queryAllRecords("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ?", $unwanted_sql_plugins);
+	if(is_array($sql_plugins) && !empty($sql_plugins)) {
+		foreach ($sql_plugins as $plugin) echo "Login in to MySQL and disable $plugin[plugin_name] with:\n\n    UNINSTALL PLUGIN $plugin[plugin_name];";
+		die();
+	}
+
 	//* Update $conf array with values from the server.ini that shall be preserved
 	$tmp = $inst->db->queryOneRecord("SELECT * FROM ?? WHERE server_id = ?", $conf["mysql"]["database"] . '.server', $conf['server_id']);
 	$ini_array = ini_to_array(stripslashes($tmp['config']));
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -73,7 +73,20 @@ function onLoad() {
 
 	function process_host_list($action, $database_name, $database_user, $database_password, $host_list, $link, $database_rename_user = '', $user_access_mode = 'rw') {
 		global $app;
-		
+
+		// check mysql-plugins
+		$unwanted_sql_plugins = array('validate_password'); // strict-password-validation
+		$temp = "'".implode("','", $unwanted_sql_plugins)."'";
+		$result = $link->query("SELECT plugin_name FROM information_schema.plugins WHERE plugin_status='ACTIVE' AND plugin_name IN ($temp)");
+		if($result) {
+			while ($row = $result->fetch_assoc()) {
+				$sql_plugins[] = $row['plugin_name'];
+			}
+			$result->free();
+			foreach ($sql_plugins as $plugin) $app->log("MySQL-Plugin $plugin[plugin_name] enabled - can not execute function process_host_list", LOGLEVEL_ERROR);
+			return false;
+		}
+
 		if(!$user_access_mode) $user_access_mode = 'rw';
 		$action = strtoupper($action);
 
