nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-30 23:52:50 -05:00
Code Activity

Allow for changing database name (#1397)

Browse Source 
* Remove hard coded database name

* Update permissions on build scripts

* Update Setup project and run scripts for configuring database name

* Remove hyphen from database name flag

* Update with suggested changes, still needs testing

* Revert SQL statements to concatenantion for testing

* Fix typo

* Update util/Setup/EnvironmentFileBuilder.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update SQL commands to prevent SQL injection attacks

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
This commit is contained in:
Vince Grassia
2021-07-02 10:52:34 -04:00
committed by GitHub
parent 86a12efa76
commit bdcfbb3b43
10 changed files with 73 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
util/Migrator/DbMigrator.cs
View File

@ -34,15 +34,24 @@ namespace Bit.Migrator
using (var connection = new SqlConnection(_masterConnectionString))
{
var databaseName = new SqlConnectionStringBuilder(_connectionString).InitialCatalog;
if (string.IsNullOrWhiteSpace(databaseName))
{
databaseName = "vault";
}
var commandBuilder = new SqlCommandBuilder();
var databaseNameQuoted = new SqlCommandBuilder().QuoteIdentifier(databaseName);
var command = new SqlCommand(
"IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = 'vault') = 0) " +
"CREATE DATABASE [vault];", connection);
"IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = '@DatabaseName') = 0) " +
"CREATE DATABASE " + databaseNameQuoted + ";", connection);
command.Parameters.Add("@DatabaseName", System.Data.SqlDbType.VarChar);
command.Parameters["@DatabaseName"].Value = databaseName;
command.Connection.Open();
command.ExecuteNonQuery();
command.CommandText = "IF ((SELECT DATABASEPROPERTYEX([name], 'IsAutoClose') " +
"FROM sys.databases WHERE [name] = 'vault') = 1) " +
"ALTER DATABASE [vault] SET AUTO_CLOSE OFF;";
"FROM sys.databases WHERE [name] = '@DatabaseName') = 1) " +
"ALTER DATABASE " + databaseNameQuoted + " SET AUTO_CLOSE OFF;";
command.ExecuteNonQuery();
}

14
util/MsSql/backup-db.sql
View File

@ -1,10 +1,18 @@
-- Database name which is set from the backup-db.sh script.
DECLARE @DatabaseName varchar(100)
SET @DatabaseName = 'vault'
-- Database name without spaces for saving the backup files.
DELCARE @DatabaseNameSafe varchar(100)
SET @DatabaseNameSafe = 'vault'
DECLARE @BackupFile varchar(100)
SET @BackupFile = '/etc/bitwarden/mssql/backups/vault_FULL_$(now).BAK'
SET @BackupFile = '/etc/bitwarden/mssql/backups/' + @DatabaseNameSafe + '_FULL_$(now).BAK'
DECLARE @BackupName varchar(100)
SET @BackupName = 'vault full backup for $(now)'
SET @BackupName = @DatabaseName + ' full backup for $(now)'
DECLARE @BackupCommand NVARCHAR(1000)
SET @BackupCommand = 'BACKUP DATABASE [vault] TO DISK = ''' + @BackupFile + ''' WITH INIT, NAME= ''' + @BackupName + ''', NOSKIP, NOFORMAT'
SET @BackupCommand = 'BACKUP DATABASE [' + @DatabaseName + '] TO DISK = ''' + @BackupFile + ''' WITH INIT, NAME= ''' + @BackupName + ''', NOSKIP, NOFORMAT'
EXEC(@BackupCommand)

7
util/MsSql/entrypoint.sh
View File

@ -40,6 +40,13 @@ then
export SA_PASSWORD=$(cat $SA_PASSWORD_FILE)
fi
# Replace database name in backup-db.sql
if [ ! -z "$DATABASE" ]
then
sed -i -e "/@DatabaseName /s/vault/$DATABASE/" backup-db.sql
sed -i -e "/@DatabaseNameSafe /s/vault/${DATABASE// /-}/" backup-db.sql
fi
# The rest...
mkdir -p /etc/bitwarden/mssql/backups

1
util/Setup/Context.cs
View File

@ -149,6 +149,7 @@ namespace Bit.Setup
public bool SelfSignedCert { get; set; }
public string IdentityCertPassword { get; set; }
public string Domain { get; set; }
public string Database { get; set; }
}
}
}

4
util/Setup/EnvironmentFileBuilder.cs
View File

@ -62,7 +62,7 @@ namespace Bit.Setup
var dbConnectionString = new SqlConnectionStringBuilder
{
DataSource = "tcp:mssql,1433",
InitialCatalog = "vault",
InitialCatalog = _context.Install?.Database,
UserID = "sa",
Password = dbPassword,
MultipleActiveResultSets = false,
@ -75,7 +75,7 @@ namespace Bit.Setup
_globalOverrideValues = new Dictionary<string, string>
{
["globalSettings__baseServiceUri__vault"] = _context.Config.Url,
["globalSettings__sqlServer__connectionString"] = $"\"{dbConnectionString}\"",
["globalSettings__sqlServer__connectionString"] = $"'{dbConnectionString}'",
["globalSettings__identityServer__certificatePassword"] = _context.Install?.IdentityCertPassword,
["globalSettings__internalIdentityKey"] = _context.Stub ? "RANDOM_IDENTITY_KEY" :
Helpers.SecureRandomString(64, alpha: true, numeric: true),

12
util/Setup/Program.cs
View File

@ -75,6 +75,10 @@ namespace Bit.Setup
{
_context.Install.Domain = _context.Parameters["domain"].ToLowerInvariant();
}
if (_context.Parameters.ContainsKey("dbname"))
{
_context.Install.Database = _context.Parameters["dbname"];
}
if (_context.Stub)
{
@ -201,16 +205,16 @@ namespace Bit.Setup
{
var installationId = string.Empty;
var installationKey = string.Empty;
if (_context.Parameters.ContainsKey("install-id"))
{
installationId = _context.Parameters["install-id"].ToLowerInvariant();
}
else
{
installationId = Helpers.ReadInput("Enter your installation id (get at https://bitwarden.com/host)");
installationId = Helpers.ReadInput("Enter your installation id (get at https://bitwarden.com/host)");
}
if (!Guid.TryParse(installationId.Trim(), out var installationidGuid))
{
Console.WriteLine("Invalid installation id.");
@ -225,7 +229,7 @@ namespace Bit.Setup
{
installationKey = Helpers.ReadInput("Enter your installation key");
}
_context.Install.InstallationId = installationidGuid;
_context.Install.InstallationKey = installationKey;