search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bug 5995 : MT2892: Fix security issue in CAS intranet login
[koha.git] / installer / install.pl
blob687d35e034e0a3ce273405785785b8db6f26e2fd
1 #!/usr/bin/perl
2
3 use strict;
4 use warnings;
5 use diagnostics;
6
7 use InstallAuth;
8 use CGI;
9 use IPC::Cmd;
10
11 use C4::Context;
12 use C4::Output;
13 use C4::Languages qw(getAllLanguages getTranslatedLanguages);
14 use C4::Installer;
15
16 my $query = new CGI;
17 my $step = $query->param('step');
18
19 my $language = $query->param('language');
20 my ( $template, $loggedinuser, $cookie );
21
22 my $all_languages = getAllLanguages();
23
24 if ( defined($language) ) {
25 setlanguagecookie( $query, $language, "install.pl?step=1" );
26 }
27 ( $template, $loggedinuser, $cookie ) = get_template_and_user(
28 {
29 template_name => "installer/step" . ( $step ? $step : 1 ) . ".tmpl",
30 query => $query,
31 type => "intranet",
32 authnotrequired => 0,
33 debug => 1,
34 }
35 );
36
37 my $installer = C4::Installer->new();
38 my %info;
39 $info{'dbname'} = C4::Context->config("database");
40 $info{'dbms'} =
41 ( C4::Context->config("db_scheme")
42 ? C4::Context->config("db_scheme")
43 : "mysql" );
44 $info{'hostname'} = C4::Context->config("hostname");
45 $info{'port'} = C4::Context->config("port");
46 $info{'user'} = C4::Context->config("user");
47 $info{'password'} = C4::Context->config("pass");
48 my $dbh = DBI->connect(
49 "DBI:$info{dbms}:dbname=$info{dbname};host=$info{hostname}"
50 . ( $info{port} ? ";port=$info{port}" : "" ),
51 $info{'user'}, $info{'password'}
52 );
53
54 if ( $step && $step == 1 ) {
55 #First Step
56 #Checking ALL perl Modules and services needed are installed.
57 #Whenever there is an error, adding a report to the page
58 $template->param( language => 1 );
59 $template->param( 'checkmodule' => 1 ); # we start with the assumption that there are no problems and set this to 0 if there are
60
61 unless ( $] >= 5.008008 ) { # Bug 4505
62 $template->param( problems => 1, perlversion => 1, checkmodule => 0 );
63 }
64
65 my $perl_modules = C4::Installer::PerlModules->new;
66 $perl_modules->version_info;
67
68 my $modules = $perl_modules->get_attr('missing_pm');
69 if (scalar(@$modules)) {
70 my @components = ();
71 my $checkmodule = 1;
72 foreach (@$modules) {
73 my ($module, $stats) = each %$_;
74 $checkmodule = 0 if $stats->{'required'};
75 push(
76 @components,
77 {
78 name => $module,
79 version => $stats->{'min_ver'},
80 require => $stats->{'required'},
81 usage => $stats->{'usage'},
82 }
83 );
84 }
85 @components = sort {$a->{'name'} cmp $b->{'name'}} @components;
86 $template->param( missing_modules => \@components, checkmodule => $checkmodule );
87 }
88 }
89 elsif ( $step && $step == 2 ) {
90 #
91 #STEP 2 Check Database connection and access
92 #
93 $template->param(%info);
94 my $checkdb = $query->param("checkdb");
95 $template->param( 'dbconnection' => $checkdb );
96 if ($checkdb) {
97 if ($dbh) {
98
99 # Can connect to the mysql
100 $template->param( "checkdatabaseaccess" => 1 );
101 if ( $info{dbms} eq "mysql" ) {
102
103 #Check if database created
104 my $rv = $dbh->do("SHOW DATABASES LIKE \'$info{dbname}\'");
105 if ( $rv == 1 ) {
106 $template->param( 'checkdatabasecreated' => 1 );
107 }
108
109 #Check if user have all necessary grants on this database.
110 my $rq =
111 $dbh->prepare(
112 "SHOW GRANTS FOR \'$info{user}\'\@'$info{hostname}'");
113 $rq->execute;
114 my $grantaccess;
115 while ( my ($line) = $rq->fetchrow ) {
116 my $dbname = $info{dbname};
117 if ( $line =~ m/^GRANT (.*?) ON `$dbname`\.\*/ || index( $line, '*.*' ) > 0 ) {
118 $grantaccess = 1
119 if (
120 index( $line, 'ALL PRIVILEGES' ) > 0
121 || ( ( index( $line, 'SELECT' ) > 0 )
122 && ( index( $line, 'INSERT' ) > 0 )
123 && ( index( $line, 'UPDATE' ) > 0 )
124 && ( index( $line, 'DELETE' ) > 0 )
125 && ( index( $line, 'CREATE' ) > 0 )
126 && ( index( $line, 'DROP' ) > 0 ) )
127 );
128 }
129 }
130 unless ($grantaccess) {
131 $rq =
132 $dbh->prepare("SHOW GRANTS FOR \'$info{user}\'\@'\%'");
133 $rq->execute;
134 while ( my ($line) = $rq->fetchrow ) {
135 my $dbname = $info{dbname};
136 if ( $line =~ m/$dbname/ || index( $line, '*.*' ) > 0 )
137 {
138 $grantaccess = 1
139 if (
140 index( $line, 'ALL PRIVILEGES' ) > 0
141 || ( ( index( $line, 'SELECT' ) > 0 )
142 && ( index( $line, 'INSERT' ) > 0 )
143 && ( index( $line, 'UPDATE' ) > 0 )
144 && ( index( $line, 'DELETE' ) > 0 )
145 && ( index( $line, 'CREATE' ) > 0 )
146 && ( index( $line, 'DROP' ) > 0 ) )
147 );
148 }
149 }
150 }
151 $template->param( "checkgrantaccess" => $grantaccess );
152 } # End mysql connect check...
153
154 elsif ( $info{dbms} eq "Pg" ) {
155 # Check if database has been created...
156 my $rv = $dbh->do( "SELECT * FROM pg_catalog.pg_database WHERE datname = \'$info{dbname}\';" );
157 if ( $rv == 1 ) {
158 $template->param( 'checkdatabasecreated' => 1 );
159 }
160
161 # Check if user has all necessary grants on this database...
162 my $rq = $dbh->do( "SELECT u.usesuper
163 FROM pg_catalog.pg_user as u
164 WHERE u.usename = \'$info{user}\';" );
165 if ( $rq == 1 ) {
166 $template->param( "checkgrantaccess" => 1 );
167 }
168 } # End Pg connect check...
169 }
170 else {
171 $template->param( "error" => DBI::err, "message" => DBI::errstr );
172 }
173 }
174 }
175 elsif ( $step && $step == 3 ) {
176 #
177 #
178 # STEP 3 : database setup
179 #
180 #
181 my $op = $query->param('op');
182 if ( $op && $op eq 'finished' ) {
183 #
184 # we have finished, just redirect to mainpage.
185 #
186 print $query->redirect("/cgi-bin/koha/mainpage.pl");
187 exit 1;
188 }
189 elsif ( $op && $op eq 'finish' ) {
190 $installer->set_version_syspref();
191 $installer->set_indexing_engine(0); # use Zebra
192
193 # Installation is finished.
194 # We just deny anybody access to install
195 # And we redirect people to mainpage.
196 # The installer will have to relogin since we do not pass cookie to redirection.
197 $template->param( "$op" => 1 );
198 }
199 elsif ( $op && $op eq 'addframeworks' ) {
200 #
201 # 1ST install, 3rd sub-step : insert the SQL files the user has selected
202 #
203
204 my ($fwk_language, $list) = $installer->load_sql_in_order($all_languages, $query->param('framework'));
205 $template->param(
206 "fwklanguage" => $fwk_language,
207 "list" => $list
208 );
209 $template->param( "$op" => 1 );
210 }
211 elsif ( $op && $op eq 'selectframeworks' ) {
212 #
213 #
214 # 1ST install, 2nd sub-step : show the user the sql datas he can insert in the database.
215 #
216 #
217 # (note that the term "selectframeworks is not correct. The user can select various files, not only frameworks)
218
219 #Framework Selection
220 #sql data for import are supposed to be located in installer/data/<language>/<level>
221 # Where <language> is en|fr or any international abbreviation (provided language hash is updated... This will be a problem with internationlisation.)
222 # Where <level> is a category of requirement : required, recommended optional
223 # level should contain :
224 # SQL File for import With a readable name.
225 # txt File that explains what this SQL File is meant for.
226 # Could be VERY useful to have A Big file for a kind of library.
227 # But could also be useful to have some Authorised values data set prepared here.
228 # Framework Selection is achieved through checking boxes.
229 my $langchoice = $query->param('fwklanguage');
230 $langchoice = $query->cookie('KohaOpacLanguage') unless ($langchoice);
231 my $marcflavour = $query->param('marcflavour');
232 if ($marcflavour){
233 $installer->set_marcflavour_syspref($marcflavour);
234 };
235 $marcflavour = C4::Context->preference('marcflavour') unless ($marcflavour);
236 #Insert into database the selected marcflavour
237 undef $/;
238 my ($marc_defaulted_to_en, $fwklist) = $installer->marc_framework_sql_list($langchoice, $marcflavour);
239 $template->param('en_marc_frameworks' => $marc_defaulted_to_en);
240 $template->param( "frameworksloop" => $fwklist );
241 $template->param( "marcflavour" => ucfirst($marcflavour));
242
243 my ($sample_defaulted_to_en, $levellist) = $installer->sample_data_sql_list($langchoice, $marcflavour);
244 $template->param( "en_sample_data" => $sample_defaulted_to_en);
245 $template->param( "levelloop" => $levellist );
246 $template->param( "$op" => 1 );
247 }
248 elsif ( $op && $op eq 'choosemarc' ) {
249 #
250 #
251 # 1ST install, 2nd sub-step : show the user the marcflavour available.
252 #
253 #
254
255 #Choose Marc Flavour
256 #sql data are supposed to be located in installer/data/<dbms>/<language>/marcflavour/marcflavourname
257 # Where <dbms> is database type according to DBD syntax
258 # Where <language> is en|fr or any international abbreviation (provided language hash is updated... This will be a problem with internationlisation.)
259 # Where <level> is a category of requirement : required, recommended optional
260 # level should contain :
261 # SQL File for import With a readable name.
262 # txt File taht explains what this SQL File is meant for.
263 # Could be VERY useful to have A Big file for a kind of library.
264 # But could also be useful to have some Authorised values data set prepared here.
265 # Marcflavour Selection is achieved through radiobuttons.
266 my $langchoice = $query->param('fwklanguage');
267 $langchoice = $query->cookie('KohaOpacLanguage') unless ($langchoice);
268 my $dir =
269 C4::Context->config('intranetdir') . "/installer/data/$info{dbms}/$langchoice/marcflavour";
270 unless (opendir( MYDIR, $dir )) {
271 if ($langchoice eq 'en') {
272 warn "cannot open MARC frameworks directory $dir";
273 } else {
274 # if no translated MARC framework is available,
275 # default to English
276 $dir = C4::Context->config('intranetdir') . "/installer/data/$info{dbms}/en/marcflavour";
277 opendir(MYDIR, $dir) or warn "cannot open English MARC frameworks directory $dir";
278 }
279 }
280 my @listdir = grep { !/^\./ && -d "$dir/$_" } readdir(MYDIR);
281 closedir MYDIR;
282 my $marcflavour=C4::Context->preference("marcflavour");
283 my @flavourlist;
284 foreach my $marc (@listdir) {
285 my %cell=(
286 "label"=> ucfirst($marc),
287 "code"=>uc($marc),
288 "checked"=> defined($marcflavour) ? uc($marc) eq $marcflavour : 0);
289 # $cell{"description"}= do { local $/ = undef; open INPUT "<$dir/$marc.txt"||"";<INPUT> };
290 push @flavourlist, \%cell;
291 }
292 $template->param( "flavourloop" => \@flavourlist );
293 $template->param( "$op" => 1 );
294 }
295 elsif ( $op && $op eq 'importdatastructure' ) {
296 #
297 #
298 # 1st install, 1st "sub-step" : import kohastructure
299 #
300 #
301 my $error = $installer->load_db_schema();
302 $template->param(
303 "error" => $error,
304 "$op" => 1,
305 );
306 }
307 elsif ( $op && $op eq 'updatestructure' ) {
308 #
309 # Not 1st install, the only sub-step : update database
310 #
311 #Do updatedatabase And report
312 my $cmd = C4::Context->config("intranetdir") . "/installer/data/$info{dbms}/updatedatabase.pl";
313 my ($success, $error_code, $full_buf, $stdout_buf, $stderr_buf) = IPC::Cmd::run(command => $cmd, verbose => 0);
314
315 if (@$stdout_buf) {
316 $template->param(update_report => [ map { { line => $_ } } split(/\n/, join('', @$stdout_buf)) ] );
317 $template->param(has_update_succeeds => 1);
318 }
319 if (@$stderr_buf) {
320 $template->param(update_errors => [ map { { line => $_ } } split(/\n/, join('', @$stderr_buf)) ] );
321 $template->param(has_update_errors => 1);
322 warn "The following errors were returned while attempting to run the updatedatabase.pl script:\n";
323 foreach my $line (@$stderr_buf) {warn "$line\n";}
324 }
325
326 $template->param( $op => 1 );
327 }
328 else {
329 #
330 # check wether it's a 1st install or an update
331 #
332 #Check if there are enough tables.
333 # Paul has cleaned up tables so reduced the count
334 #I put it there because it implied a data import if condition was not satisfied.
335 my $dbh = DBI->connect(
336 "DBI:$info{dbms}:dbname=$info{dbname};host=$info{hostname}"
337 . ( $info{port} ? ";port=$info{port}" : "" ),
338 $info{'user'}, $info{'password'}
339 );
340 my $rq;
341 if ( $info{dbms} eq 'mysql' ) { $rq = $dbh->prepare( "SHOW TABLES" ); }
342 elsif ( $info{dbms} eq 'Pg' ) { $rq = $dbh->prepare( "SELECT *
343 FROM information_schema.tables
344 WHERE table_schema='public' and table_type='BASE TABLE';" ); }
345 $rq->execute;
346 my $data = $rq->fetchall_arrayref( {} );
347 my $count = scalar(@$data);
348 #
349 # we don't have tables, propose DB import
350 #
351 if ( $count < 70 ) {
352 $template->param( "count" => $count, "proposeimport" => 1 );
353 }
354 else {
355 #
356 # we have tables, propose to select files to upload or updatedatabase
357 #
358 $template->param( "count" => $count, "default" => 1 );
359 #
360 # 1st part of step 3 : check if there is a databaseversion systempreference
361 # if there is, then we just need to upgrade
362 # if there is none, then we need to install the database
363 #
364 if (C4::Context->preference('Version')) {
365 my $dbversion = C4::Context->preference('Version');
366 $dbversion =~ /(.*)\.(..)(..)(...)/;
367 $dbversion = "$1.$2.$3.$4";
368 $template->param("upgrading" => 1,
369 "dbversion" => $dbversion,
370 "kohaversion" => C4::Context->KOHAVERSION,
371 );
372 }
373 }
374
375 $dbh->disconnect;
376 }
377 }
378 else {
379
380 # LANGUAGE SELECTION page by default
381 # using opendir + language Hash
382 my $languages_loop = getTranslatedLanguages('intranet');
383 $template->param( installer_languages_loop => $languages_loop );
384 if ($dbh) {
385 my $rq =
386 $dbh->prepare(
387 "SELECT * from systempreferences WHERE variable='Version'");
388 if ( $rq->execute ) {
389 my ($version) = $rq->fetchrow;
390 if ($version) {
391 $query->redirect("install.pl?step=3");
392 exit;
393 }
394 }
395 }
396 }
397 output_html_with_http_headers $query, $cookie, $template->output;
Koha ILS