Commit Graph

7 Commits

Author SHA1 Message Date
Marek Miklewicz d5040037d6 fix: reset parse_native_db_conf output on failure; use BASH_SOURCE for SCRIPT_DIR
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
2026-07-05 16:45:27 +02:00
Marek Miklewicz b6016bafd8 feat: parse DirectAdmin native backup/<dbname>.conf format 2026-07-05 15:32:43 +02:00
Marek Miklewicz 9e54bb32da refactor: share restore rollback helpers via mysql_common.sh 2026-07-05 15:04:20 +02:00
Marek Miklewicz b4fbd46cc1 Harden restore-archive extraction against path traversal
extract_payload_from_archive() relied entirely on tar's own default
path-traversal protection when extracting a DirectAdmin restore
archive to locate the plugin's backup/alt_mysql payload. Explicitly
inspect the archive listing first and refuse to extract at all if any
member has an absolute path or a ".." segment, rather than trusting
that the wildcard extraction pattern happens to filter out an unsafe
member.
2026-07-04 22:53:21 +02:00
Marek Miklewicz f472a7abfc Add behavioral test coverage for DA-native restore payload + hooks
alt_mysql_restore_payload.sh (the DirectAdmin native-restore hook that
imports a plugin-origin backup payload into alt-mariadb) had zero
behavioral test coverage - only hook-installation plumbing was tested.
Add a fake mariadb/mariadb-dump client stub (tracking a simple
existing-databases state file) to exercise the real script end-to-end
without a live server, covering: checksum mismatch rejection,
overwrite=deny enforcement against an existing database, and the
happy-path restore. Add a DA_ALT_MYSQL_SETTINGS_FILE override (same
pattern as worker.sh's PLUGIN_DIR) so the script's settings file can be
pointed at a test fixture instead of the real system one.

Also extend da_integration_install_test.sh to check hook-symlink
install/uninstall coverage for database_delete_pre.sh,
database_user_password_change_pre.sh, database_user_create_post.sh,
and database_destroy_user_post.sh, which were previously untested
(only database_create_pre.sh was checked).
2026-07-04 22:49:28 +02:00
Marek Miklewicz ba64342702 Fix phpMyAdmin SSO login and harden SSO/security posture
phpMyAdmin login was broken because phpmyadmin_install.sh never wired
the private phpMyAdmin copy into the web server: no Apache Alias was
registered via DirectAdmin CustomBuild, so the SSO redirect target was
unreachable. Add configure_apache_alias()/apply_apache_alias() (Alias +
Directory blocks, ./build rewrite_confs, httpd reload), detect the real
Apache group instead of hardcoding diradmin:diradmin, stop silently
swallowing chown/chmod failures, and verify an optional SHA256 for the
downloaded phpMyAdmin tarball. Extend phpmyadmin_health_check.sh to
detect a missing/incorrect Apache alias and to probe HTTP reachability.

Security hardening: scope temporary phpMyAdmin SSO MySQL roles to
127.0.0.1 instead of '%', tighten SSO ticket file permissions to 0640
(they contain a plaintext MySQL password), and log MySQL connection
failures for diagnosis instead of swallowing them silently.

Bump version to 1.2.12 and rebuild the release archive.
2026-07-04 19:16:09 +02:00
Marek Miklewicz d71fcf9ace Import alt-mysql plugin 2026-07-04 15:48:19 +02:00