Implements #973 PostgreSQL client database support

Author: tbrehm

install/sql/incremental/upd_dev_collection.sql

@@ -1 +1,4 @@
 ALTER TABLE `web_database_user` ADD `database_password_sha2` varchar(70) DEFAULT NULL AFTER `database_password`;
+ALTER TABLE `web_database_user` ADD `database_password_postgres` varchar(255) DEFAULT NULL AFTER `database_password_mongo`;
+ALTER TABLE `client` ADD `limit_database_postgresql` INT NOT NULL DEFAULT '-1' AFTER `limit_database`;
+ALTER TABLE `client_template` ADD `limit_database_postgresql` INT NOT NULL DEFAULT '-1' AFTER `limit_database`;

install/sql/ispconfig3.sql

@@ -233,6 +233,7 @@ CREATE TABLE `client` (
   `default_dbserver` int(11) NOT NULL DEFAULT '1',
   `dns_servers` text,
   `limit_database` int(11) NOT NULL DEFAULT '-1',
+  `limit_database_postgresql` int(11) NOT NULL default '-1',
   `limit_database_user` int(11) NOT NULL DEFAULT '-1',
   `limit_database_quota` int(11) NOT NULL default '-1',
   `limit_cron` int(11) NOT NULL DEFAULT '0',
@@ -363,6 +364,7 @@ CREATE TABLE `client_template` (
   `limit_dns_record` int(11) NOT NULL default '-1',
   `db_servers` text,
   `limit_database` int(11) NOT NULL default '-1',
+  `limit_database_postgresql` int(11) NOT NULL default '-1',
   `limit_database_user` int(11) NOT NULL DEFAULT '-1',
   `limit_database_quota` int(11) NOT NULL default '-1',
   `limit_cron` int(11) NOT NULL default '0',
@@ -1949,6 +1951,7 @@ CREATE TABLE IF NOT EXISTS `web_database_user` (
   `database_password` varchar(64) DEFAULT NULL,
   `database_password_sha2` varchar(70) DEFAULT NULL,
   `database_password_mongo` varchar(32) DEFAULT NULL,
+  `database_password_postgres` varchar(255) DEFAULT NULL,
   PRIMARY KEY (`database_user_id`)
 )  DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
 

install/tpl/system.ini.master

@@ -40,7 +40,7 @@ show_aps_menu=n
 client_protection=y
 ssh_authentication=
 le_caa_autocreate_options=y
-
+postgresql_database=n
 
 [tools]
 

interface/lib/classes/crypt.inc.php

@@ -0,0 +1,49 @@
+<?php
+
+/*
+Copyright (c) 2024, Till Brehm, ISPConfig UG
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification,
+are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice,
+      this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
+      and/or other materials provided with the distribution.
+    * Neither the name of ISPConfig nor the names of its contributors
+      may be used to endorse or promote products derived from this software without
+      specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
+OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+class crypt {
+	
+	/**
+	 * Encode passwords for PostgreSQL with scram-sha-256
+	 *
+	 * @param  mixed $password
+	 * @return string
+	 */
+
+	public function postgres_scram_sha_256($password) {
+		$salt = openssl_random_pseudo_bytes(16); // Salt size = 16
+		$digest_key = hash_pbkdf2("sha256", $password, $salt, 4096, 32, true); // Rounds 4096 and  Digest length = 32
+		$client_key = hash_hmac("sha256", 'Client Key', $digest_key, true);
+		$stored_key = hash("sha256", $client_key, true);
+		$server_key = hash_hmac("sha256", 'Server Key', $digest_key, true);
+		return sprintf('SCRAM-SHA-256$4096:%s$%s:%s', base64_encode($salt), base64_encode($stored_key), base64_encode($server_key));
+	}
+
+}

interface/lib/classes/tform_base.inc.php

@@ -1379,6 +1379,10 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 							} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQLSHA2') {
 								$record[$key] = $app->db->getPasswordHash($record[$key], 'caching_sha2_password');
 								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
+							} elseif (isset($field['encryption']) && $field['encryption'] == 'POSTGRESHA256') {
+								$app->uses('crypt');
+								$record[$key] = $app->crypt->postgres_scram_sha_256($record[$key]);
+								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
 							} else {
 								$record[$key] = md5(stripslashes($record[$key]));
 								$sql_insert_val .= "'".$app->db->quote($record[$key])."', ";
@@ -1413,6 +1417,10 @@ protected function _getSQL($record, $tab, $action = 'INSERT', $primary_id = 0, $
 							} elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQLSHA2') {
 								$record[$key] = $app->db->getPasswordHash($record[$key], 'caching_sha2_password');
 								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
+							} elseif (isset($field['encryption']) && $field['encryption'] == 'POSTGRESHA256') {
+								$app->uses('crypt');
+								$record[$key] = $app->crypt->postgres_scram_sha_256($record[$key]);
+								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";
 							} else {
 								$record[$key] = md5(stripslashes($record[$key]));
 								$sql_update .= "`$key` = '".$app->db->quote($record[$key])."', ";

interface/web/admin/form/system_config.tform.php

@@ -252,7 +252,16 @@
 			'formtype' => 'CHECKBOX',
 			'default' => 'y',
 			'value'  => array(0 => 'n', 1 => 'y')
-		),	
+		),
+		'postgresql_database' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default'  => 'n',
+			'value' => array (
+				0 => 'n',
+				1 => 'y'
+			)
+		),
 		//#################################
 		// END Datatable fields
 		//#################################

interface/web/admin/lib/lang/ar_server_config.lng

@@ -358,3 +358,4 @@ $wb['soft_delete_keep_7_txt'] = 'Purge after 7 days';
 $wb['soft_delete_keep_30_txt'] = 'Purge after 30 days';
 $wb['soft_delete_keep_90_txt'] = 'Purge after 90 days';
 $wb['soft_delete_keep_365_txt'] = 'Purge after 365 days';
+$wb['postgresql_database_txt'] = 'PostgreSQL Database';

interface/web/admin/lib/lang/ar_system_config.lng

@@ -110,4 +110,5 @@ $wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record
 $wb['show_delete_on_forms_txt'] = 'Show delete button on edit forms';
 $wb['dns_external_slave_server_txt'] = 'External DNS servers (comma separated)';
 $wb['mailbox_show_last_access_txt'] = 'Show last access time for mail accounts';
-?>
+$wb['postgresql_database_txt'] = 'PostgreSQL Database';
+

interface/web/admin/lib/lang/bg_server_config.lng

@@ -358,3 +358,4 @@ $wb['soft_delete_keep_7_txt'] = 'Purge after 7 days';
 $wb['soft_delete_keep_30_txt'] = 'Purge after 30 days';
 $wb['soft_delete_keep_90_txt'] = 'Purge after 90 days';
 $wb['soft_delete_keep_365_txt'] = 'Purge after 365 days';
+$wb['postgresql_database_txt'] = 'PostgreSQL Database';

interface/web/admin/lib/lang/bg_system_config.lng

@@ -110,4 +110,4 @@ $wb['le_caa_autocreate_options_txt'] = 'Enable automatic creation of CAA record
 $wb['show_delete_on_forms_txt'] = 'Show delete button on edit forms';
 $wb['dns_external_slave_server_txt'] = 'External DNS servers (comma separated)';
 $wb['mailbox_show_last_access_txt'] = 'Show last access time for mail accounts';
-?>
+$wb['postgresql_database_txt'] = 'PostgreSQL Database';