protected $logger;
/** @var ISecureRandom */
protected $random;
+ /** @var bool */
+ protected $tryCreateDbUser;
public function __construct(IL10N $trans, SystemConfig $config, LoggerInterface $logger, ISecureRandom $random) {
$this->trans = $trans;
$dbPort = !empty($config['dbport']) ? $config['dbport'] : '';
$dbTablePrefix = isset($config['dbtableprefix']) ? $config['dbtableprefix'] : 'oc_';
+ $createUserConfig = $this->config->getValue("setup_create_db_user", true);
+ // accept `false` both as bool and string, since setting config values from env will result in a string
+ $this->tryCreateDbUser = $createUserConfig !== false && $createUserConfig !== "false";
+
$this->config->setValues([
'dbname' => $dbName,
'dbhost' => $dbHost,
$connection = $this->connect(['dbname' => null]);
}
- $this->createSpecificUser($username, new ConnectionAdapter($connection));
+ if ($this->tryCreateDbUser) {
+ $this->createSpecificUser($username, new ConnectionAdapter($connection));
+ }
+
+ $this->config->setValues([
+ 'dbuser' => $this->dbUser,
+ 'dbpassword' => $this->dbPassword,
+ ]);
//create the database
$this->createDatabase($connection);
. $this->random->generate(2, ISecureRandom::CHAR_UPPER)
. $this->random->generate(2, ISecureRandom::CHAR_LOWER)
. $this->random->generate(2, ISecureRandom::CHAR_DIGITS)
- . $this->random->generate(2, $saveSymbols)
- ;
+ . $this->random->generate(2, $saveSymbols);
$this->dbPassword = str_shuffle($password);
try {
$this->dbUser = $rootUser;
$this->dbPassword = $rootPassword;
}
-
- $this->config->setValues([
- 'dbuser' => $this->dbUser,
- 'dbpassword' => $this->dbPassword,
- ]);
}
}
$connection = $this->connect([
'dbname' => 'postgres'
]);
- //check for roles creation rights in postgresql
- $builder = $connection->getQueryBuilder();
- $builder->automaticTablePrefix(false);
- $query = $builder
- ->select('rolname')
- ->from('pg_roles')
- ->where($builder->expr()->eq('rolcreaterole', new Literal('TRUE')))
- ->andWhere($builder->expr()->eq('rolname', $builder->createNamedParameter($this->dbUser)));
-
- try {
- $result = $query->execute();
- $canCreateRoles = $result->rowCount() > 0;
- } catch (DatabaseException $e) {
- $canCreateRoles = false;
- }
-
- if ($canCreateRoles) {
- $connectionMainDatabase = $this->connect();
- //use the admin login data for the new database user
-
- //add prefix to the postgresql user name to prevent collisions
- $this->dbUser = 'oc_' . strtolower($username);
- //create a new password so we don't need to store the admin config in the config file
- $this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
-
- $this->createDBUser($connection);
-
- // Go to the main database and grant create on the public schema
- // The code below is implemented to make installing possible with PostgreSQL version 15:
- // https://www.postgresql.org/docs/release/15.0/
- // From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases
- // Therefore we assume that the database is only used by one user/service which is Nextcloud
- // Additional services should get installed in a separate database in order to stay secure
- // Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
- $connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
- $connectionMainDatabase->close();
+ if ($this->tryCreateDbUser) {
+ //check for roles creation rights in postgresql
+ $builder = $connection->getQueryBuilder();
+ $builder->automaticTablePrefix(false);
+ $query = $builder
+ ->select('rolname')
+ ->from('pg_roles')
+ ->where($builder->expr()->eq('rolcreaterole', new Literal('TRUE')))
+ ->andWhere($builder->expr()->eq('rolname', $builder->createNamedParameter($this->dbUser)));
+
+ try {
+ $result = $query->execute();
+ $canCreateRoles = $result->rowCount() > 0;
+ } catch (DatabaseException $e) {
+ $canCreateRoles = false;
+ }
+
+ if ($canCreateRoles) {
+ $connectionMainDatabase = $this->connect();
+ //use the admin login data for the new database user
+
+ //add prefix to the postgresql user name to prevent collisions
+ $this->dbUser = 'oc_' . strtolower($username);
+ //create a new password so we don't need to store the admin config in the config file
+ $this->dbPassword = \OC::$server->getSecureRandom()->generate(30, ISecureRandom::CHAR_ALPHANUMERIC);
+
+ $this->createDBUser($connection);
+
+ // Go to the main database and grant create on the public schema
+ // The code below is implemented to make installing possible with PostgreSQL version 15:
+ // https://www.postgresql.org/docs/release/15.0/
+ // From the release notes: For new databases having no need to defend against insider threats, granting CREATE permission will yield the behavior of prior releases
+ // Therefore we assume that the database is only used by one user/service which is Nextcloud
+ // Additional services should get installed in a separate database in order to stay secure
+ // Also see https://www.postgresql.org/docs/15/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
+ $connectionMainDatabase->executeQuery('GRANT CREATE ON SCHEMA public TO ' . addslashes($this->dbUser));
+ $connectionMainDatabase->close();
+ }
}
$this->config->setValues([
projects / nextcloud-server.git / commitdiff