mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
37550 Commits
371 Branches
Tree: edd55b0ea9
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'edd55b0ea9'
${ noResults }
nextcloud/lib/private/Setup/OCI.php

OCI.php 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Andreas Fischer <bantu@owncloud.com>

  6.  * @author Bart Visscher <bartv@thisnet.nl>

  7.  * @author Joas Schilling <coding@schilljs.com>

  8.  * @author Jörn Friedrich Dreyer <jfd@butonic.de>

  9.  * @author Manish Bisht <manish.bisht490@gmail.com>

  10.  * @author Morris Jobke <hey@morrisjobke.de>

  11.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  12.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  13.  * @author Thomas Pulzer <t.pulzer@kniel.de>

  14.  * @author Victor Dubiniuk <dubiniuk@owncloud.com>

  15.  *

  16.  * @license AGPL-3.0

  17.  *

  18.  * This code is free software: you can redistribute it and/or modify

  19.  * it under the terms of the GNU Affero General Public License, version 3,

  20.  * as published by the Free Software Foundation.

  21.  *

  22.  * This program is distributed in the hope that it will be useful,

  23.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  24.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  25.  * GNU Affero General Public License for more details.

  26.  *

  27.  * You should have received a copy of the GNU Affero General Public License, version 3,

  28.  * along with this program.  If not, see <http://www.gnu.org/licenses/>

  29.  *

  30.  */

  31. namespace OC\Setup;

  32. 

  33. class OCI extends AbstractDatabase {

  34. 	public $dbprettyname = 'Oracle';

  35. 

  36. 	protected $dbtablespace;

  37. 

  38. 	public function initialize($config) {

  39. 		parent::initialize($config);

  40. 		if (array_key_exists('dbtablespace', $config)) {

  41. 			$this->dbtablespace = $config['dbtablespace'];

  42. 		} else {

  43. 			$this->dbtablespace = 'USERS';

  44. 		}

  45. 		// allow empty hostname for oracle

  46. 		$this->dbHost = $config['dbhost'];

  47. 

  48. 		$this->config->setValues([

  49. 			'dbhost'		=> $this->dbHost,

  50. 			'dbtablespace'	=> $this->dbtablespace,

  51. 		]);

  52. 	}

  53. 

  54. 	public function validate($config) {

  55. 		$errors = array();

  56. 		if(empty($config['dbuser']) && empty($config['dbname'])) {

  57. 			$errors[] = $this->trans->t("%s enter the database username and name.", array($this->dbprettyname));

  58. 		} else if(empty($config['dbuser'])) {

  59. 			$errors[] = $this->trans->t("%s enter the database username.", array($this->dbprettyname));

  60. 		} else if(empty($config['dbname'])) {

  61. 			$errors[] = $this->trans->t("%s enter the database name.", array($this->dbprettyname));

  62. 		}

  63. 		return $errors;

  64. 	}

  65. 

  66. 	public function setupDatabase($username) {

  67. 		$e_host = addslashes($this->dbHost);

  68. 		// casting to int to avoid malicious input

  69. 		$e_port = (int)$this->dbPort;

  70. 		$e_dbname = addslashes($this->dbName);

  71. 		//check if the database user has admin right

  72. 		if ($e_host == '') {

  73. 			$easy_connect_string = $e_dbname; // use dbname as easy connect name

  74. 		} else {

  75. 			$easy_connect_string = '//'.$e_host.(!empty($e_port) ? ":{$e_port}" : "").'/'.$e_dbname;

  76. 		}

  77. 		$this->logger->debug('connect string: ' . $easy_connect_string, ['app' => 'setup.oci']);

  78. 		$connection = @oci_connect($this->dbUser, $this->dbPassword, $easy_connect_string);

  79. 		if(!$connection) {

  80. 			$errorMessage = $this->getLastError();

  81. 			if ($errorMessage) {

  82. 				throw new \OC\DatabaseSetupException($this->trans->t('Oracle connection could not be established'),

  83. 				$errorMessage.' Check environment: ORACLE_HOME='.getenv('ORACLE_HOME')

  84. 							.' ORACLE_SID='.getenv('ORACLE_SID')

  85. 							.' LD_LIBRARY_PATH='.getenv('LD_LIBRARY_PATH')

  86. 							.' NLS_LANG='.getenv('NLS_LANG')

  87. 							.' tnsnames.ora is '.(is_readable(getenv('ORACLE_HOME').'/network/admin/tnsnames.ora')?'':'not ').'readable');

  88. 			}

  89. 			throw new \OC\DatabaseSetupException($this->trans->t('Oracle username and/or password not valid'),

  90. 					'Check environment: ORACLE_HOME='.getenv('ORACLE_HOME')

  91. 							.' ORACLE_SID='.getenv('ORACLE_SID')

  92. 							.' LD_LIBRARY_PATH='.getenv('LD_LIBRARY_PATH')

  93. 							.' NLS_LANG='.getenv('NLS_LANG')

  94. 							.' tnsnames.ora is '.(is_readable(getenv('ORACLE_HOME').'/network/admin/tnsnames.ora')?'':'not ').'readable');

  95. 		}

  96. 		//check for roles creation rights in oracle

  97. 

  98. 		$query='SELECT count(*) FROM user_role_privs, role_sys_privs'

  99. 			." WHERE user_role_privs.granted_role = role_sys_privs.role AND privilege = 'CREATE ROLE'";

  100. 		$stmt = oci_parse($connection, $query);

  101. 		if (!$stmt) {

  102. 			$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  103. 			$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  104. 			$this->logger->warning($entry, ['app' => 'setup.oci']);

  105. 		}

  106. 		$result = oci_execute($stmt);

  107. 		if($result) {

  108. 			$row = oci_fetch_row($stmt);

  109. 

  110. 			if ($row[0] > 0) {

  111. 				//use the admin login data for the new database user

  112. 

  113. 				//add prefix to the oracle user name to prevent collisions

  114. 				$this->dbUser='oc_'.$username;

  115. 				//create a new password so we don't need to store the admin config in the config file

  116. 				$this->dbPassword = \OC::$server->getSecureRandom()->generate(30, \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_DIGITS);

  117. 

  118. 				//oracle passwords are treated as identifiers:

  119. 				//  must start with alphanumeric char

  120. 				//  needs to be shortened to 30 bytes, as the two " needed to escape the identifier count towards the identifier length.

  121. 				$this->dbPassword=substr($this->dbPassword, 0, 30);

  122. 

  123. 				$this->createDBUser($connection);

  124. 			}

  125. 		}

  126. 

  127. 		$this->config->setValues([

  128. 			'dbuser'		=> $this->dbUser,

  129. 			'dbname'		=> $this->dbName,

  130. 			'dbpassword'	=> $this->dbPassword,

  131. 		]);

  132. 

  133. 		//create the database not necessary, oracle implies user = schema

  134. 		//$this->createDatabase($this->dbname, $this->dbuser, $connection);

  135. 

  136. 		//FIXME check tablespace exists: select * from user_tablespaces

  137. 

  138. 		// the connection to dbname=oracle is not needed anymore

  139. 		oci_close($connection);

  140. 

  141. 		// connect to the oracle database (schema=$this->dbuser) an check if the schema needs to be filled

  142. 		$this->dbUser = $this->config->getValue('dbuser');

  143. 		//$this->dbname = \OC_Config::getValue('dbname');

  144. 		$this->dbPassword = $this->config->getValue('dbpassword');

  145. 

  146. 		$e_host = addslashes($this->dbHost);

  147. 		$e_dbname = addslashes($this->dbName);

  148. 

  149. 		if ($e_host == '') {

  150. 			$easy_connect_string = $e_dbname; // use dbname as easy connect name

  151. 		} else {

  152. 			$easy_connect_string = '//'.$e_host.'/'.$e_dbname;

  153. 		}

  154. 		$connection = @oci_connect($this->dbUser, $this->dbPassword, $easy_connect_string);

  155. 		if(!$connection) {

  156. 			throw new \OC\DatabaseSetupException($this->trans->t('Oracle username and/or password not valid'),

  157. 					$this->trans->t('You need to enter either an existing account or the administrator.'));

  158. 		}

  159. 		$query = "SELECT count(*) FROM user_tables WHERE table_name = :un";

  160. 		$stmt = oci_parse($connection, $query);

  161. 		$un = $this->tablePrefix.'users';

  162. 		oci_bind_by_name($stmt, ':un', $un);

  163. 		if (!$stmt) {

  164. 			$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  165. 			$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  166. 			$this->logger->warning( $entry, ['app' => 'setup.oci']);

  167. 		}

  168. 		$result = oci_execute($stmt);

  169. 

  170. 		if($result) {

  171. 			$row = oci_fetch_row($stmt);

  172. 		}

  173. 		if(!$result or $row[0]==0) {

  174. 			\OC_DB::createDbFromStructure($this->dbDefinitionFile);

  175. 		}

  176. 	}

  177. 

  178. 	/**

  179. 	 * @param resource $connection

  180. 	 */

  181. 	private function createDBUser($connection) {

  182. 		$name = $this->dbUser;

  183. 		$password = $this->dbPassword;

  184. 		$query = "SELECT * FROM all_users WHERE USERNAME = :un";

  185. 		$stmt = oci_parse($connection, $query);

  186. 		if (!$stmt) {

  187. 			$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  188. 			$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  189. 			$this->logger->warning($entry, ['app' => 'setup.oci']);

  190. 		}

  191. 		oci_bind_by_name($stmt, ':un', $name);

  192. 		$result = oci_execute($stmt);

  193. 		if(!$result) {

  194. 			$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  195. 			$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  196. 			$this->logger->warning($entry, ['app' => 'setup.oci']);

  197. 		}

  198. 

  199. 		if(! oci_fetch_row($stmt)) {

  200. 			//user does not exists let's create it :)

  201. 			//password must start with alphabetic character in oracle

  202. 			$query = 'CREATE USER '.$name.' IDENTIFIED BY "'.$password.'" DEFAULT TABLESPACE '.$this->dbtablespace;

  203. 			$stmt = oci_parse($connection, $query);

  204. 			if (!$stmt) {

  205. 				$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  206. 				$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  207. 				$this->logger->warning($entry, ['app' => 'setup.oci']);

  208. 

  209. 			}

  210. 			//oci_bind_by_name($stmt, ':un', $name);

  211. 			$result = oci_execute($stmt);

  212. 			if(!$result) {

  213. 				$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  214. 				$entry .= $this->trans->t('Offending command was: "%s", name: %s, password: %s',

  215. 					array($query, $name, $password)) . '<br />';

  216. 				$this->logger->warning($entry, ['app' => 'setup.oci']);

  217. 

  218. 			}

  219. 		} else { // change password of the existing role

  220. 			$query = "ALTER USER :un IDENTIFIED BY :pw";

  221. 			$stmt = oci_parse($connection, $query);

  222. 			if (!$stmt) {

  223. 				$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  224. 				$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  225. 				$this->logger->warning($entry, ['app' => 'setup.oci']);

  226. 			}

  227. 			oci_bind_by_name($stmt, ':un', $name);

  228. 			oci_bind_by_name($stmt, ':pw', $password);

  229. 			$result = oci_execute($stmt);

  230. 			if(!$result) {

  231. 				$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  232. 				$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  233. 				$this->logger->warning($entry, ['app' => 'setup.oci']);

  234. 			}

  235. 		}

  236. 		// grant necessary roles

  237. 		$query = 'GRANT CREATE SESSION, CREATE TABLE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE TO '.$name;

  238. 		$stmt = oci_parse($connection, $query);

  239. 		if (!$stmt) {

  240. 			$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  241. 			$entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />';

  242. 			$this->logger->warning($entry, ['app' => 'setup.oci']);

  243. 		}

  244. 		$result = oci_execute($stmt);

  245. 		if(!$result) {

  246. 			$entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />';

  247. 			$entry .= $this->trans->t('Offending command was: "%s", name: %s, password: %s',

  248. 				array($query, $name, $password)) . '<br />';

  249. 			$this->logger->warning($entry, ['app' => 'setup.oci']);

  250. 		}

  251. 	}

  252. 

  253. 	/**

  254. 	 * @param resource $connection

  255. 	 * @return string

  256. 	 */

  257. 	protected function getLastError($connection = null) {

  258. 		if ($connection) {

  259. 			$error = oci_error($connection);

  260. 		} else {

  261. 			$error = oci_error();

  262. 		}

  263. 		foreach (array('message', 'code') as $key) {

  264. 			if (isset($error[$key])) {

  265. 				return $error[$key];

  266. 			}

  267. 		}

  268. 		return '';

  269. 	}

  270. }