Import alt-mysql plugin
This commit is contained in:
@@ -0,0 +1,149 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
PLUGIN_DIR="$(cd "$(dirname "$0")/.." && pwd)"
|
||||
SCRIPT="$PLUGIN_DIR/scripts/setup/phpmyadmin_install.sh"
|
||||
TMP_DIR="$(mktemp -d)"
|
||||
trap 'rm -rf "$TMP_DIR"' EXIT
|
||||
|
||||
fail() {
|
||||
echo "FAIL: $*" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
grep -Fq 'PHPMYADMIN_VERSION="${PHPMYADMIN_VERSION:-5.2.3}"' "$SCRIPT" \
|
||||
|| fail "phpMyAdmin default version is not 5.2.3"
|
||||
grep -Fq 'PHPMYADMIN_TARBALL_URL="${PHPMYADMIN_TARBALL_URL:-https://files.phpmyadmin.net/phpMyAdmin/5.2.3/phpMyAdmin-5.2.3-all-languages.tar.gz}"' "$SCRIPT" \
|
||||
|| fail "phpMyAdmin tarball URL is not the explicit 5.2.3 URL"
|
||||
|
||||
mkdir -p "$TMP_DIR/phpMyAdmin"
|
||||
cat > "$TMP_DIR/phpMyAdmin/config.inc.php" <<'PHP'
|
||||
<?php
|
||||
$cfg = [];
|
||||
PHP
|
||||
mkdir -p "$TMP_DIR/phpMyAdmin-source"
|
||||
cat > "$TMP_DIR/phpMyAdmin-source/index.php" <<'PHP'
|
||||
<?php
|
||||
echo 'private phpMyAdmin';
|
||||
PHP
|
||||
|
||||
PHPMYADMIN_EXISTING_DIR="$TMP_DIR/phpMyAdmin" \
|
||||
PHPMYADMIN_PRIVATE_DIR="$TMP_DIR/alt-mysql-phpmyadmin" \
|
||||
PHPMYADMIN_SOURCE_DIR="$TMP_DIR/phpMyAdmin-source" \
|
||||
PHPMYADMIN_INSTALL_ASSUME_ROOT=1 \
|
||||
bash "$SCRIPT" >/dev/null
|
||||
|
||||
PRIVATE_DIR="$TMP_DIR/alt-mysql-phpmyadmin"
|
||||
CONFIG_INC="$PRIVATE_DIR/config.inc.php"
|
||||
SIGNON_SCRIPT="$PRIVATE_DIR/da_signon.php"
|
||||
SIGNON_URL_PAGE="$PRIVATE_DIR/da_login.php"
|
||||
TICKET_DIR="$PRIVATE_DIR/runtime/tickets"
|
||||
SESSION_DIR="$TMP_DIR/sessions"
|
||||
|
||||
[ -r "$PRIVATE_DIR/index.php" ] || fail "private phpMyAdmin copy was not installed"
|
||||
[ -r "$CONFIG_INC" ] || fail "private phpMyAdmin config was not created"
|
||||
[ -r "$SIGNON_SCRIPT" ] || fail "signon script was not created"
|
||||
[ -r "$SIGNON_URL_PAGE" ] || fail "phpMyAdmin SignonURL page was not created"
|
||||
[ -d "$TICKET_DIR" ] || fail "phpMyAdmin ticket directory was not created"
|
||||
if grep -Fq "config.mysql.inc.php" "$TMP_DIR/phpMyAdmin/config.inc.php"; then
|
||||
fail "installer modified existing CustomBuild phpMyAdmin config"
|
||||
fi
|
||||
|
||||
SERVER_JSON="$(php -r '
|
||||
$_SERVER["HTTPS"] = "on";
|
||||
$_SERVER["HTTP_HOST"] = "panel.example.test";
|
||||
$cfg=[];
|
||||
include $argv[1];
|
||||
echo json_encode($cfg["Servers"][1] ?? []);
|
||||
' "$CONFIG_INC")"
|
||||
php -r '
|
||||
$server = json_decode($argv[1], true);
|
||||
if (($server["host"] ?? "") !== "127.0.0.1") {
|
||||
fwrite(STDERR, "host mismatch\n");
|
||||
exit(2);
|
||||
}
|
||||
if ((string)($server["port"] ?? "") !== "33033") {
|
||||
fwrite(STDERR, "port mismatch\n");
|
||||
exit(3);
|
||||
}
|
||||
if (($server["socket"] ?? "not-empty") !== "") {
|
||||
fwrite(STDERR, "socket mismatch\n");
|
||||
exit(4);
|
||||
}
|
||||
if (($server["SignonURL"] ?? "") !== "https://panel.example.test/alt-mysql-phpmyadmin/da_login.php") {
|
||||
fwrite(STDERR, "SignonURL mismatch\n");
|
||||
exit(5);
|
||||
}
|
||||
if (($server["LogoutURL"] ?? "") !== "https://panel.example.test/alt-mysql-phpmyadmin/da_login.php") {
|
||||
fwrite(STDERR, "LogoutURL mismatch\n");
|
||||
exit(6);
|
||||
}
|
||||
' "$SERVER_JSON" || fail "phpMyAdmin config does not target alt-mariadb TCP endpoint"
|
||||
grep -Fq 'return [$username, $password];' "$SIGNON_SCRIPT" \
|
||||
|| fail "signon script should return username/password only"
|
||||
php -d display_errors=1 -r 'set_error_handler(static function($errno, $errstr) { fwrite(STDERR, $errstr . "\n"); exit(9); }); $cfg=[]; include $argv[1]; include $argv[2];' "$CONFIG_INC" "$SIGNON_SCRIPT" \
|
||||
|| fail "phpMyAdmin config and signon script cannot be loaded in one PHP process"
|
||||
|
||||
mkdir -p "$SESSION_DIR"
|
||||
cat > "$TICKET_DIR/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef.json" <<'JSON'
|
||||
{"version":1,"expires_at":4102444800,"auth":{"user":"da_tmp_phpmyadmin_test","password":"secret","db":"user_db"},"route":"/database/structure","db":"user_db"}
|
||||
JSON
|
||||
php -d display_errors=1 -d session.save_path="$SESSION_DIR" -r '
|
||||
$_GET["ticket"] = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
|
||||
$_COOKIE["DA_MYSQL_PHPMYADMIN"] = "tickettest";
|
||||
$_SERVER["HTTPS"] = "on";
|
||||
$_SERVER["HTTP_HOST"] = "panel.example.test";
|
||||
include $argv[1];
|
||||
' "$SIGNON_URL_PAGE" >/tmp/altmysql-da-login-test.out 2>/tmp/altmysql-da-login-test.err \
|
||||
|| fail "da_login.php did not accept a valid ticket"
|
||||
[ ! -e "$TICKET_DIR/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef.json" ] \
|
||||
|| fail "da_login.php did not consume the SSO ticket"
|
||||
php -d session.save_path="$SESSION_DIR" -r '
|
||||
session_name("DA_MYSQL_PHPMYADMIN");
|
||||
session_id("tickettest");
|
||||
session_start();
|
||||
$auth = $_SESSION["DA_MYSQL_PHPMYADMIN_AUTH"] ?? [];
|
||||
if (($auth["user"] ?? "") !== "da_tmp_phpmyadmin_test") {
|
||||
fwrite(STDERR, "session user mismatch\n");
|
||||
exit(2);
|
||||
}
|
||||
if (($auth["password"] ?? "") !== "secret") {
|
||||
fwrite(STDERR, "session password mismatch\n");
|
||||
exit(3);
|
||||
}
|
||||
if (($auth["db"] ?? "") !== "user_db") {
|
||||
fwrite(STDERR, "session db mismatch\n");
|
||||
exit(4);
|
||||
}
|
||||
' || fail "da_login.php did not create the phpMyAdmin signon session"
|
||||
php -d session.save_path="$SESSION_DIR" -r '
|
||||
session_name("DA_MYSQL_PHPMYADMIN");
|
||||
session_id("tickettest");
|
||||
session_start();
|
||||
$_SESSION["DA_MYSQL_PHPMYADMIN_AUTH"] = [
|
||||
"user" => "da_tmp_phpmyadmin_test",
|
||||
"password" => "secret",
|
||||
"db" => "user_db",
|
||||
];
|
||||
session_write_close();
|
||||
|
||||
session_name("phpmyadmin");
|
||||
session_id("pmaactive");
|
||||
session_start();
|
||||
$_SESSION["unrelated"] = "active phpMyAdmin session";
|
||||
$_COOKIE["DA_MYSQL_PHPMYADMIN"] = "tickettest";
|
||||
include $argv[1];
|
||||
[$username, $password] = get_login_credentials("ignored");
|
||||
if ($username !== "da_tmp_phpmyadmin_test") {
|
||||
fwrite(STDERR, "signon user mismatch with active phpMyAdmin session\n");
|
||||
exit(2);
|
||||
}
|
||||
if ($password !== "secret") {
|
||||
fwrite(STDERR, "signon password mismatch with active phpMyAdmin session\n");
|
||||
exit(3);
|
||||
}
|
||||
' "$SIGNON_SCRIPT" || fail "signon script cannot read SSO session while phpMyAdmin session is active"
|
||||
PHPMYADMIN_PRIVATE_DIR="$PRIVATE_DIR" bash "$PLUGIN_DIR/scripts/setup/phpmyadmin_health_check.sh" >/dev/null \
|
||||
|| fail "phpMyAdmin health check should pass for SignonURL-capable config"
|
||||
|
||||
echo "phpmyadmin_install_test: OK"
|
||||
Reference in New Issue
Block a user