danwin1210/hosting
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Randomise DB (user)names to reduce attack surface + allow multiple DBs per user

Browse Source
This commit is contained in:
Daniel Winzen
2019-01-07 22:24:21 +01:00
parent 838b6c3b6f
commit 5eab397200
3 changed files with 55 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
var/www/common.php
View File

@ -101,6 +101,7 @@ server {
}
}
';
const MAX_NUM_USER_DBS = 5; //maximum number of databases a user may have
function get_onion_v2($pkey) : string {
$keyData = openssl_pkey_get_details($pkey);
@ -468,3 +469,40 @@ php_admin_value[session.save_path] = /tmp
exec("service php$version-fpm@$key restart");
}
}
function add_mysql_user(PDO $db, string $password) : string {
$mysql_user = '';
$stmt = $db->prepare('SELECT null FROM users WHERE mysql_user = ?;');
do {
$mysql_user = substr(preg_replace('/[^a-z0-9]/i', '', base64_encode(random_bytes(32))), 0, 32);
$stmt->execute([$mysql_user]);
} while($stmt->fetch());
$create_user = $db->prepare("CREATE USER ?@'%' IDENTIFIED BY ?;");
$create_user->execute([$mysql_user, $password]);
return $mysql_user;
}
function add_user_db(PDO $db, int $user_id) : ?string {
$mysql_db = '';
$stmt = $db->prepare('SELECT COUNT(*) FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user_id]);
$count = $stmt->fetch(PDO::FETCH_NUM);
if($count[0]>=MAX_NUM_USER_DBS) {
return null;
}
$stmt = $db->prepare('SELECT null FROM mysql_databases WHERE mysql_database = ?;');
do {
$mysql_db = substr(preg_replace('/[^a-z0-9]/i', '', base64_encode(random_bytes(32))), 0, 32);
$stmt->execute([$mysql_db]);
} while($stmt->fetch());
$stmt = $db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);');
$stmt->execute([$user_id, $mysql_db]);
$db->exec("CREATE DATABASE IF NOT EXISTS `" . $mysql_db . "`;");
$stmt = $db->prepare('SELECT mysql_user FROM users WHERE id = ?;');
$stmt->execute([$user_id]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt=$db->prepare("GRANT ALL PRIVILEGES ON `" . $mysql_db . "`.* TO ?@'%';");
$stmt->execute([$user['mysql_user']]);
$db->exec('FLUSH PRIVILEGES;');
return $mysql_db;
}

10
var/www/html/home.php
View File

@ -7,6 +7,9 @@ try{
}
session_start();
$user=check_login();
if(isset($_REQUEST['action']) && $_REQUEST['action']==='add_db'){
add_user_db($db, $user['id']);
}
if(isset($_REQUEST['action']) && isset($_REQUEST['onion']) && $_REQUEST['action']==='edit'){
$stmt=$db->prepare('SELECT onions.version FROM onions INNER JOIN users ON (users.id=onions.user_id) WHERE onions.onion = ? AND users.id = ? AND onions.enabled IN (0, 1);');
$stmt->execute([$_REQUEST['onion'], $user['id']]);
@ -68,7 +71,7 @@ while($onion=$stmt->fetch(PDO::FETCH_ASSOC)){
}else{
echo '<td>Unavailable</td>';
}
echo '</tr>';
echo '</tr></form>';
}
echo '</table>';
echo '<h3>MySQL Database</h3>';
@ -76,10 +79,15 @@ echo '<table border="1">';
echo '<tr><th>Database</th><th>Host</th><th>User</th></tr>';
$stmt=$db->prepare('SELECT mysql_database FROM mysql_databases WHERE user_id = ?;');
$stmt->execute([$user['id']]);
$count_dbs = 0;
while($mysql=$stmt->fetch(PDO::FETCH_ASSOC)){
++$count_dbs;
echo "<tr><td>$mysql[mysql_database]</td><td>localhost</td><td>$user[mysql_user]</td></tr>";
}
echo '</table>';
if($count_dbs<MAX_NUM_USER_DBS){
echo '<p><form action="home.php" method="post"><button type="submit" name="action" value="add_db">Add new database</button></form></p>';
}
echo '<p><a href="password.php?type=sql">Change MySQL password</a></p>';
echo '<p>You can use <a href="/phpmyadmin/" target="_blank">PHPMyAdmin</a> and <a href="/adminer/" target="_blank">Adminer</a> for web based database administration.</p>';
echo '<h3>System Account</h3>';

12
var/www/html/register.php
View File

@ -105,19 +105,13 @@ if($_SERVER['REQUEST_METHOD']==='POST'){
echo '<p style="color:red;">To prevent abuse a site can only be registered every 60 seconds, but one has already been registered within the last 60 seconds. Please try again.</p>';
$ok=false;
}elseif($ok){
$mysql_user = add_mysql_user($db, $_POST['pass']);
$stmt=$db->prepare('INSERT INTO users (username, system_account, password, dateadded, public, php, autoindex, mysql_user) VALUES (?, ?, ?, ?, ?, ?, ?, ?);');
$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, substr("$onion.onion", 0, 32)]);
$stmt->execute([$_POST['username'], substr("$onion.onion", 0, 32), $hash, time(), $public_list, $php, $autoindex, $mysql_user]);
$user_id = $db->lastInsertId();
$stmt=$db->prepare('INSERT INTO mysql_databases (user_id, mysql_database) VALUES (?, ?);');
$stmt->execute([$user_id, substr($onion, 0, 32)]);
$stmt=$db->prepare('INSERT INTO onions (user_id, onion, private_key, version) VALUES (?, ?, ?, ?);');
$stmt->execute([$user_id, $onion, $priv_key, $onion_version]);
$create_user=$db->prepare("CREATE USER ?@'%' IDENTIFIED BY ?;");
$create_user->execute([substr("$onion.onion", 0, 32), $_POST['pass']]);
$db->exec("CREATE DATABASE IF NOT EXISTS `" . substr($onion, 0, 32) . "`;");
$stmt=$db->prepare("GRANT ALL PRIVILEGES ON `" . substr($onion, 0, 32) . "`.* TO ?@'%';");
$stmt->execute([substr("$onion.onion", 0, 32)]);
$db->exec('FLUSH PRIVILEGES;');
add_user_db($db, $user_id);
$stmt=$db->prepare('INSERT INTO new_account (user_id, password) VALUES (?, ?);');
$stmt->execute([$user_id, get_system_hash($_POST['pass'])]);
if(EMAIL_TO!==''){