From b6434dd74e3216d0ec5b15539ea4bb42ef8b517c Mon Sep 17 00:00:00 2001
From: Jimmy Monin <jimmy@monin.net>
Date: Wed, 23 May 2018 19:09:15 +0200
Subject: [PATCH] Fix stretch compatibility by creating and using a dedicated
 MySQL admin user (fixes #71) MySQL root access in Stretch is limited to
 socket access via the root system user (see here:
 https://stackoverflow.com/questions/39281594/error-1698-28000-access-denied-for-user-rootlocalhost/42742610#42742610)
 In order to be compatible with Stretch and Jessie, use another privileged
 account than root

---
 conf/config.inc.php |  4 ++--
 scripts/backup      |  7 +++++++
 scripts/install     | 13 +++++++++++++
 scripts/remove      |  4 ++++
 scripts/restore     | 16 ++++++++++++++++
 scripts/upgrade     | 19 +++++++++++++++++++
 6 files changed, 61 insertions(+), 2 deletions(-)

diff --git a/conf/config.inc.php b/conf/config.inc.php
index 504ddf4..1ac8df4 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -28,8 +28,8 @@ $i = 0;
 $i++;
 /* Authentication type */
 $cfg['Servers'][$i]['auth_type'] = 'config';
-$cfg['Servers'][$i]['user'] = 'root';
-$cfg['Servers'][$i]['password'] = 'YNH_MYSQL_ROOT_PASSWORD';
+$cfg['Servers'][$i]['user'] = 'YNH_PMA_ADMIN_USER';
+$cfg['Servers'][$i]['password'] = 'YNH_PMA_ADMIN_PASSWORD';
 /* Server parameters */
 /*
 $cfg['Servers'][$i]['host'] = 'localhost';
diff --git a/scripts/backup b/scripts/backup
index 9bdb6f7..da545a5 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -21,6 +21,13 @@ set -eu
 # source _common.sh
 source /usr/share/yunohost/helpers
 
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
 #=================================================
 # LOAD SETTINGS
 #=================================================
diff --git a/scripts/install b/scripts/install
index 9fda0c2..cab964f 100644
--- a/scripts/install
+++ b/scripts/install
@@ -59,6 +59,17 @@ db_name=$(ynh_sanitize_dbid $app)
 ynh_app_setting_set $app db_name $db_name
 ynh_mysql_setup_db $db_name $db_name
 
+# Setup a privileged user for phpmyadmin (to prevent using MySQL root user)
+db_admin_user="${app}_root"
+ynh_app_setting_set $app db_admin_user $db_admin_user
+db_admin_pwd="$(ynh_string_random)"
+ynh_app_setting_set $app db_admin_pwd $db_admin_pwd
+
+if ! ynh_mysql_user_exists "$db_admin_user" ; then
+  ynh_mysql_create_user "$db_admin_user" "$db_admin_pwd"
+  ynh_mysql_execute_as_root "GRANT ALL PRIVILEGES ON *.* TO '$db_admin_user'@'localhost' IDENTIFIED BY '$db_admin_pwd' WITH GRANT OPTION;
+  FLUSH PRIVILEGES;" mysql
+fi
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -106,6 +117,8 @@ ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
 #=================================================
 
 ynh_replace_string "YNH_DOMAIN" "$domain" ../conf/config.inc.php
+ynh_replace_string "YNH_PMA_ADMIN_USER" "$db_admin_user" ../conf/config.inc.php
+ynh_replace_string "YNH_PMA_ADMIN_PASSWORD" "$db_admin_pwd" ../conf/config.inc.php
 ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/config.inc.php
 ynh_replace_string "YNH_PMA_PASSWORD" "$db_pwd" ../conf/config.inc.php
 ynh_replace_string "YNH_MYSQL_ROOT_PASSWORD" "$(cat $MYSQL_ROOT_PWD_FILE)" ../conf/config.inc.php
diff --git a/scripts/remove b/scripts/remove
index 73d2504..a7133c0 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get $app domain)
 db_name=$(ynh_app_setting_get $app db_name)
 final_path=$(ynh_app_setting_get $app final_path)
+db_admin_user=$(ynh_app_setting_get $app db_admin_user)
 
 #=================================================
 # STANDARD REMOVE
@@ -28,6 +29,9 @@ final_path=$(ynh_app_setting_get $app final_path)
 # Remove a database if it exists, along with the associated user
 ynh_mysql_remove_db $db_name $db_name
 
+# Remove phpmyadmin MySQL admin user
+ynh_mysql_drop_user $db_admin_user
+
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 611e363..26b8c71 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -21,6 +21,13 @@ set -eu
 # source _common.sh
 source /usr/share/yunohost/helpers
 
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
 #=================================================
 # LOAD SETTINGS
 #=================================================
@@ -64,6 +71,15 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd)
 ynh_mysql_setup_db $db_name $db_name $db_pwd
 ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
 
+# Setup a privileged user for phpmyadmin (to prevent using MySQL root user)
+db_admin_user=$(ynh_app_setting_get $app db_admin_user)
+db_admin_pwd=$(ynh_app_setting_get $app db_admin_pwd)
+
+if ! ynh_mysql_user_exists "$db_admin_user" ; then
+  ynh_mysql_create_user "$db_admin_user" "$db_admin_pwd"
+  ynh_mysql_execute_as_root "GRANT ALL PRIVILEGES ON *.* TO '$db_admin_user'@'localhost' IDENTIFIED BY '$db_admin_pwd' WITH GRANT OPTION;
+  FLUSH PRIVILEGES;" mysql
+fi
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 3bd8553..acf0919 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -20,6 +20,8 @@ path_url=$(ynh_app_setting_get $app path)
 admin=$(ynh_app_setting_get $app admin)
 final_path=$(ynh_app_setting_get $app final_path)
 db_name=$(ynh_app_setting_get $app db_name)
+db_admin_user=$(ynh_app_setting_get $app db_admin_user)
+db_admin_pwd=$(ynh_app_setting_get $app db_admin_pwd)
 
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
@@ -45,6 +47,21 @@ if [ -z $admin ]; then
 	ynh_app_setting_delete $app admin_user
 fi
 
+# If db_admin_user doesn't exist, create it
+if [ -z $db_admin_user ]; then
+	# Setup a privileged user for phpmyadmin (to prevent using MySQL root user)
+	db_admin_user="${app}_root"
+	ynh_app_setting_set $app db_admin_user $db_admin_user
+	db_admin_pwd="$(ynh_string_random)"
+	ynh_app_setting_set $app db_admin_pwd $db_admin_pwd
+
+	if ! ynh_mysql_user_exists "$db_admin_user" ; then
+	  ynh_mysql_create_user "$db_admin_user" "$db_admin_pwd"
+	  ynh_mysql_execute_as_root "GRANT ALL PRIVILEGES ON *.* TO '$db_admin_user'@'localhost' IDENTIFIED BY '$db_admin_pwd' WITH GRANT OPTION;
+	  FLUSH PRIVILEGES;" mysql
+	fi
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -122,6 +139,8 @@ ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
 ynh_backup_if_checksum_is_different "$final_path/config.inc.php"
 
 ynh_replace_string "YNH_DOMAIN" "$domain" ../conf/config.inc.php
+ynh_replace_string "YNH_PMA_ADMIN_USER" "$db_admin_user" ../conf/config.inc.php
+ynh_replace_string "YNH_PMA_ADMIN_PASSWORD" "$db_admin_pwd" ../conf/config.inc.php
 ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/config.inc.php
 ynh_replace_string "YNH_PMA_PASSWORD" "$db_pwd" ../conf/config.inc.php
 ynh_replace_string "YNH_MYSQL_ROOT_PASSWORD" "$(cat $MYSQL_ROOT_PWD_FILE)" ../conf/config.inc.php