diff options
author | Robin Appelman <robin@icewind.nl> | 2017-09-06 15:55:05 +0200 |
---|---|---|
committer | Robin Appelman <robin@icewind.nl> | 2017-09-06 15:55:05 +0200 |
commit | 2c0efae30fee57a3acb3b585a3d75a4b65ddc26d (patch) | |
tree | 8bbc1232a3ef566df0c291a47a2ceb02fb1a729c /lib | |
parent | 4fd3240b5f0d2f8a42675fa499c06a7f35b726fe (diff) | |
download | nextcloud-server-2c0efae30fee57a3acb3b585a3d75a4b65ddc26d.tar.gz nextcloud-server-2c0efae30fee57a3acb3b585a3d75a4b65ddc26d.zip |
cleanup oci setup code
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Setup/OCI.php | 195 |
1 files changed, 22 insertions, 173 deletions
diff --git a/lib/private/Setup/OCI.php b/lib/private/Setup/OCI.php index 3051987917c..9fd85b7247d 100644 --- a/lib/private/Setup/OCI.php +++ b/lib/private/Setup/OCI.php @@ -28,6 +28,7 @@ * along with this program. If not, see <http://www.gnu.org/licenses/> * */ + namespace OC\Setup; class OCI extends AbstractDatabase { @@ -46,201 +47,49 @@ class OCI extends AbstractDatabase { $this->dbHost = $config['dbhost']; $this->config->setValues([ - 'dbhost' => $this->dbHost, - 'dbtablespace' => $this->dbtablespace, + 'dbhost' => $this->dbHost, + 'dbtablespace' => $this->dbtablespace, ]); } public function validate($config) { $errors = array(); - if(empty($config['dbuser']) && empty($config['dbname'])) { + if (empty($config['dbuser']) && empty($config['dbname'])) { $errors[] = $this->trans->t("%s enter the database username and name.", array($this->dbprettyname)); - } else if(empty($config['dbuser'])) { + } else if (empty($config['dbuser'])) { $errors[] = $this->trans->t("%s enter the database username.", array($this->dbprettyname)); - } else if(empty($config['dbname'])) { + } else if (empty($config['dbname'])) { $errors[] = $this->trans->t("%s enter the database name.", array($this->dbprettyname)); } return $errors; } public function setupDatabase($username) { - $e_host = addslashes($this->dbHost); - // casting to int to avoid malicious input - $e_port = (int)$this->dbPort; - $e_dbname = addslashes($this->dbName); - //check if the database user has admin right - if ($e_host == '') { - $easy_connect_string = $e_dbname; // use dbname as easy connect name - } else { - $easy_connect_string = '//'.$e_host.(!empty($e_port) ? ":{$e_port}" : "").'/'.$e_dbname; - } - $this->logger->debug('connect string: ' . $easy_connect_string, ['app' => 'setup.oci']); - $connection = @oci_connect($this->dbUser, $this->dbPassword, $easy_connect_string); - if(!$connection) { + try { + $this->connect(); + } catch (\Exception $e) { $errorMessage = $this->getLastError(); if ($errorMessage) { throw new \OC\DatabaseSetupException($this->trans->t('Oracle connection could not be established'), - $errorMessage.' Check environment: ORACLE_HOME='.getenv('ORACLE_HOME') - .' ORACLE_SID='.getenv('ORACLE_SID') - .' LD_LIBRARY_PATH='.getenv('LD_LIBRARY_PATH') - .' NLS_LANG='.getenv('NLS_LANG') - .' tnsnames.ora is '.(is_readable(getenv('ORACLE_HOME').'/network/admin/tnsnames.ora')?'':'not ').'readable'); + $errorMessage . ' Check environment: ORACLE_HOME=' . getenv('ORACLE_HOME') + . ' ORACLE_SID=' . getenv('ORACLE_SID') + . ' LD_LIBRARY_PATH=' . getenv('LD_LIBRARY_PATH') + . ' NLS_LANG=' . getenv('NLS_LANG') + . ' tnsnames.ora is ' . (is_readable(getenv('ORACLE_HOME') . '/network/admin/tnsnames.ora') ? '' : 'not ') . 'readable'); } throw new \OC\DatabaseSetupException($this->trans->t('Oracle username and/or password not valid'), - 'Check environment: ORACLE_HOME='.getenv('ORACLE_HOME') - .' ORACLE_SID='.getenv('ORACLE_SID') - .' LD_LIBRARY_PATH='.getenv('LD_LIBRARY_PATH') - .' NLS_LANG='.getenv('NLS_LANG') - .' tnsnames.ora is '.(is_readable(getenv('ORACLE_HOME').'/network/admin/tnsnames.ora')?'':'not ').'readable'); - } - //check for roles creation rights in oracle - - $query='SELECT count(*) FROM user_role_privs, role_sys_privs' - ." WHERE user_role_privs.granted_role = role_sys_privs.role AND privilege = 'CREATE ROLE'"; - $stmt = oci_parse($connection, $query); - if (!$stmt) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } - $result = oci_execute($stmt); - if($result) { - $row = oci_fetch_row($stmt); - - if ($row[0] > 0) { - //use the admin login data for the new database user - - //add prefix to the oracle user name to prevent collisions - $this->dbUser='oc_'.$username; - //create a new password so we don't need to store the admin config in the config file - $this->dbPassword = \OC::$server->getSecureRandom()->generate(30, \OCP\Security\ISecureRandom::CHAR_LOWER.\OCP\Security\ISecureRandom::CHAR_DIGITS); - - //oracle passwords are treated as identifiers: - // must start with alphanumeric char - // needs to be shortened to 30 bytes, as the two " needed to escape the identifier count towards the identifier length. - $this->dbPassword=substr($this->dbPassword, 0, 30); - - $this->createDBUser($connection); - } + 'Check environment: ORACLE_HOME=' . getenv('ORACLE_HOME') + . ' ORACLE_SID=' . getenv('ORACLE_SID') + . ' LD_LIBRARY_PATH=' . getenv('LD_LIBRARY_PATH') + . ' NLS_LANG=' . getenv('NLS_LANG') + . ' tnsnames.ora is ' . (is_readable(getenv('ORACLE_HOME') . '/network/admin/tnsnames.ora') ? '' : 'not ') . 'readable'); } $this->config->setValues([ - 'dbuser' => $this->dbUser, - 'dbname' => $this->dbName, - 'dbpassword' => $this->dbPassword, + 'dbuser' => $this->dbUser, + 'dbname' => $this->dbName, + 'dbpassword' => $this->dbPassword, ]); - - //create the database not necessary, oracle implies user = schema - //$this->createDatabase($this->dbname, $this->dbuser, $connection); - - //FIXME check tablespace exists: select * from user_tablespaces - - // the connection to dbname=oracle is not needed anymore - oci_close($connection); - - // connect to the oracle database (schema=$this->dbuser) an check if the schema needs to be filled - $this->dbUser = $this->config->getValue('dbuser'); - //$this->dbname = \OC_Config::getValue('dbname'); - $this->dbPassword = $this->config->getValue('dbpassword'); - - $e_host = addslashes($this->dbHost); - $e_dbname = addslashes($this->dbName); - - if ($e_host == '') { - $easy_connect_string = $e_dbname; // use dbname as easy connect name - } else { - $easy_connect_string = '//' . $e_host . (!empty($e_port) ? ":{$e_port}" : "") . '/' . $e_dbname; - } - $connection = @oci_connect($this->dbUser, $this->dbPassword, $easy_connect_string); - if(!$connection) { - throw new \OC\DatabaseSetupException($this->trans->t('Oracle username and/or password not valid'), - $this->trans->t('You need to enter details of an existing account.')); - } - $query = "SELECT count(*) FROM user_tables WHERE table_name = :un"; - $stmt = oci_parse($connection, $query); - $un = $this->tablePrefix.'users'; - oci_bind_by_name($stmt, ':un', $un); - if (!$stmt) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning( $entry, ['app' => 'setup.oci']); - } - oci_execute($stmt); - } - - /** - * @param resource $connection - */ - private function createDBUser($connection) { - $name = $this->dbUser; - $password = $this->dbPassword; - $query = "SELECT * FROM all_users WHERE USERNAME = :un"; - $stmt = oci_parse($connection, $query); - if (!$stmt) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } - oci_bind_by_name($stmt, ':un', $name); - $result = oci_execute($stmt); - if(!$result) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } - - if(! oci_fetch_row($stmt)) { - //user does not exists let's create it :) - //password must start with alphabetic character in oracle - $query = 'CREATE USER '.$name.' IDENTIFIED BY "'.$password.'" DEFAULT TABLESPACE '.$this->dbtablespace; - $stmt = oci_parse($connection, $query); - if (!$stmt) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - - } - //oci_bind_by_name($stmt, ':un', $name); - $result = oci_execute($stmt); - if(!$result) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s", name: %s, password: %s', - array($query, $name, $password)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - - } - } else { // change password of the existing role - $query = "ALTER USER :un IDENTIFIED BY :pw"; - $stmt = oci_parse($connection, $query); - if (!$stmt) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } - oci_bind_by_name($stmt, ':un', $name); - oci_bind_by_name($stmt, ':pw', $password); - $result = oci_execute($stmt); - if(!$result) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } - } - // grant necessary roles - $query = 'GRANT CREATE SESSION, CREATE TABLE, CREATE SEQUENCE, CREATE TRIGGER, UNLIMITED TABLESPACE TO '.$name; - $stmt = oci_parse($connection, $query); - if (!$stmt) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s"', array($query)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } - $result = oci_execute($stmt); - if(!$result) { - $entry = $this->trans->t('DB Error: "%s"', array($this->getLastError($connection))) . '<br />'; - $entry .= $this->trans->t('Offending command was: "%s", name: %s, password: %s', - array($query, $name, $password)) . '<br />'; - $this->logger->warning($entry, ['app' => 'setup.oci']); - } } /** |