nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

Allow for changing database name (#1397)

Browse Source 
* Remove hard coded database name

* Update permissions on build scripts

* Update Setup project and run scripts for configuring database name

* Remove hyphen from database name flag

* Update with suggested changes, still needs testing

* Revert SQL statements to concatenantion for testing

* Fix typo

* Update util/Setup/EnvironmentFileBuilder.cs

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>

* Update SQL commands to prevent SQL injection attacks

Co-authored-by: Chad Scharf <3904944+cscharf@users.noreply.github.com>
This commit is contained in:
Vince Grassia 2021-07-02 10:52:34 -04:00 committed by GitHub
parent 86a12efa76
commit bdcfbb3b43
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 73 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
bitwarden_license/src/Portal/build.sh Normal file → Executable file
View File

0
bitwarden_license/src/Sso/build.sh Normal file → Executable file
View File

34
scripts/run.ps1
View File

@ -21,15 +21,15 @@ $qFlag = ""
$quietPullFlag = "" $quietPullFlag = ""
$certbotHttpPort = "80" $certbotHttpPort = "80"
$certbotHttpsPort = "443" $certbotHttpsPort = "443"
if($env:BITWARDEN_QUIET -eq "true") { if ($env:BITWARDEN_QUIET -eq "true") {
$setupQuiet = 1 $setupQuiet = 1
$qFlag = " -q" $qFlag = " -q"
$quietPullFlag = " --quiet-pull" $quietPullFlag = " --quiet-pull"
} }
if("${env:BITWARDEN_CERTBOT_HTTP_PORT}" -ne "") { if ("${env:BITWARDEN_CERTBOT_HTTP_PORT}" -ne "") {
$certbotHttpPort = $env:BITWARDEN_CERTBOT_HTTP_PORT $certbotHttpPort = $env:BITWARDEN_CERTBOT_HTTP_PORT
} }
if("${env:BITWARDEN_CERTBOT_HTTPS_PORT}" -ne "") { if ("${env:BITWARDEN_CERTBOT_HTTPS_PORT}" -ne "") {
$certbotHttpsPort = $env:BITWARDEN_CERTBOT_HTTPS_PORT $certbotHttpsPort = $env:BITWARDEN_CERTBOT_HTTPS_PORT
} }
@ -53,7 +53,7 @@ function Install() {
if ($letsEncrypt -eq "y") { if ($letsEncrypt -eq "y") {
Write-Host "(!) " -f cyan -nonewline Write-Host "(!) " -f cyan -nonewline
[string]$email = $( Read-Host ("Enter your email address (Let's Encrypt will send you certificate " + [string]$email = $( Read-Host ("Enter your email address (Let's Encrypt will send you certificate " +
"expiration reminders)") ) "expiration reminders)") )
echo "" echo ""
$letsEncryptPath = "${outputDir}/letsencrypt" $letsEncryptPath = "${outputDir}/letsencrypt"
@ -61,18 +61,26 @@ function Install() {
New-Item -ItemType directory -Path $letsEncryptPath | Out-Null New-Item -ItemType directory -Path $letsEncryptPath | Out-Null
} }
Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " +` $certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " + `
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " +` "-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
"certonly{0} --standalone --noninteractive --agree-tos --preferred-challenges http " +` "certonly{0} --standalone --noninteractive --agree-tos --preferred-challenges http " + `
"--email ${email} -d ${domain} --logs-dir /etc/letsencrypt/logs" "--email ${email} -d ${domain} --logs-dir /etc/letsencrypt/logs"
Invoke-Expression ($certbotExp -f $qFlag) Invoke-Expression ($certbotExp -f $qFlag)
} }
} }
Write-Host "(!) " -f cyan -nonewline
[string]$database = $( Read-Host "Enter the database name for your Bitwarden instance (ex. vault): ")
echo ""
if ($database -eq "") {
$database = "vault"
}
Pull-Setup Pull-Setup
docker run -it --rm --name setup -v ${outputDir}:/bitwarden bitwarden/setup:$coreVersion ` docker run -it --rm --name setup -v ${outputDir}:/bitwarden bitwarden/setup:$coreVersion `
dotnet Setup.dll -install 1 -domain ${domain} -letsencrypt ${letsEncrypt} ` dotnet Setup.dll -install 1 -domain ${domain} -letsencrypt ${letsEncrypt} `
-os win -corev $coreVersion -webv $webVersion -q $setupQuiet -os win -corev $coreVersion -webv $webVersion -q $setupQuiet -dbname "$database"
} }
function Docker-Compose-Up { function Docker-Compose-Up {
@ -137,8 +145,8 @@ function Docker-Prune {
function Update-Lets-Encrypt { function Update-Lets-Encrypt {
if (Test-Path -Path "${outputDir}\letsencrypt\live") { if (Test-Path -Path "${outputDir}\letsencrypt\live") {
Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " +` $certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " + `
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " +` "-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
"renew{0} --logs-dir /etc/letsencrypt/logs" -f $qFlag "renew{0} --logs-dir /etc/letsencrypt/logs" -f $qFlag
Invoke-Expression $certbotExp Invoke-Expression $certbotExp
} }
@ -147,8 +155,8 @@ function Update-Lets-Encrypt {
function Force-Update-Lets-Encrypt { function Force-Update-Lets-Encrypt {
if (Test-Path -Path "${outputDir}\letsencrypt\live") { if (Test-Path -Path "${outputDir}\letsencrypt\live") {
Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag Invoke-Expression ("docker pull{0} certbot/certbot" -f "") #TODO: qFlag
$certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " +` $certbotExp = "docker run -it --rm --name certbot -p ${certbotHttpsPort}:443 -p ${certbotHttpPort}:80 " + `
"-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " +` "-v ${outputDir}/letsencrypt:/etc/letsencrypt/ certbot/certbot " + `
"renew{0} --logs-dir /etc/letsencrypt/logs --force-renew" -f $qFlag "renew{0} --logs-dir /etc/letsencrypt/logs --force-renew" -f $qFlag
Invoke-Expression $certbotExp Invoke-Expression $certbotExp
} }
@ -200,7 +208,7 @@ function Pull-Setup {
} }
function Write-Line($str) { function Write-Line($str) {
if($env:BITWARDEN_QUIET -ne "true") { if ($env:BITWARDEN_QUIET -ne "true") {
Write-Host $str Write-Host $str
} }
} }

11
scripts/run.sh
View File

@ -75,12 +75,21 @@ function install() {
--email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs --email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs
fi fi
fi fi
echo -e -n "${CYAN}(!)${NC} Enter the database name for your Bitwarden instance (ex. vault): "
read DATABASE
echo ""
if [ "$DATABASE" == "" ]
then
DATABASE="vault"
fi
pullSetup pullSetup
docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden \ docker run -it --rm --name setup -v $OUTPUT_DIR:/bitwarden \
--env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \ --env-file $ENV_DIR/uid.env bitwarden/setup:$COREVERSION \
dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS \ dotnet Setup.dll -install 1 -domain $DOMAIN -letsencrypt $LETS_ENCRYPT -os $OS \
-corev $COREVERSION -webv $WEBVERSION -corev $COREVERSION -webv $WEBVERSION -dbname "$DATABASE"
} }
function dockerComposeUp() { function dockerComposeUp() {

17
util/Migrator/DbMigrator.cs
View File

@ -34,15 +34,24 @@ namespace Bit.Migrator
using (var connection = new SqlConnection(_masterConnectionString)) using (var connection = new SqlConnection(_masterConnectionString))
{ {
var databaseName = new SqlConnectionStringBuilder(_connectionString).InitialCatalog;
if (string.IsNullOrWhiteSpace(databaseName))
{
databaseName = "vault";
}
var commandBuilder = new SqlCommandBuilder();
var databaseNameQuoted = new SqlCommandBuilder().QuoteIdentifier(databaseName);
var command = new SqlCommand( var command = new SqlCommand(
"IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = 'vault') = 0) " + "IF ((SELECT COUNT(1) FROM sys.databases WHERE [name] = '@DatabaseName') = 0) " +
"CREATE DATABASE [vault];", connection); "CREATE DATABASE " + databaseNameQuoted + ";", connection);
command.Parameters.Add("@DatabaseName", System.Data.SqlDbType.VarChar);
command.Parameters["@DatabaseName"].Value = databaseName;
command.Connection.Open(); command.Connection.Open();
command.ExecuteNonQuery(); command.ExecuteNonQuery();
command.CommandText = "IF ((SELECT DATABASEPROPERTYEX([name], 'IsAutoClose') " + command.CommandText = "IF ((SELECT DATABASEPROPERTYEX([name], 'IsAutoClose') " +
"FROM sys.databases WHERE [name] = 'vault') = 1) " + "FROM sys.databases WHERE [name] = '@DatabaseName') = 1) " +
"ALTER DATABASE [vault] SET AUTO_CLOSE OFF;"; "ALTER DATABASE " + databaseNameQuoted + " SET AUTO_CLOSE OFF;";
command.ExecuteNonQuery(); command.ExecuteNonQuery();
} }

14
util/MsSql/backup-db.sql
View File

@ -1,10 +1,18 @@
-- Database name which is set from the backup-db.sh script.
DECLARE @DatabaseName varchar(100)
SET @DatabaseName = 'vault'
-- Database name without spaces for saving the backup files.
DELCARE @DatabaseNameSafe varchar(100)
SET @DatabaseNameSafe = 'vault'
DECLARE @BackupFile varchar(100) DECLARE @BackupFile varchar(100)
SET @BackupFile = '/etc/bitwarden/mssql/backups/vault_FULL_$(now).BAK' SET @BackupFile = '/etc/bitwarden/mssql/backups/' + @DatabaseNameSafe + '_FULL_$(now).BAK'
DECLARE @BackupName varchar(100) DECLARE @BackupName varchar(100)
SET @BackupName = 'vault full backup for $(now)' SET @BackupName = @DatabaseName + ' full backup for $(now)'
DECLARE @BackupCommand NVARCHAR(1000) DECLARE @BackupCommand NVARCHAR(1000)
SET @BackupCommand = 'BACKUP DATABASE [vault] TO DISK = ''' + @BackupFile + ''' WITH INIT, NAME= ''' + @BackupName + ''', NOSKIP, NOFORMAT' SET @BackupCommand = 'BACKUP DATABASE [' + @DatabaseName + '] TO DISK = ''' + @BackupFile + ''' WITH INIT, NAME= ''' + @BackupName + ''', NOSKIP, NOFORMAT'
EXEC(@BackupCommand) EXEC(@BackupCommand)

7
util/MsSql/entrypoint.sh
View File

@ -40,6 +40,13 @@ then
export SA_PASSWORD=$(cat $SA_PASSWORD_FILE) export SA_PASSWORD=$(cat $SA_PASSWORD_FILE)
fi fi
# Replace database name in backup-db.sql
if [ ! -z "$DATABASE" ]
then
sed -i -e "/@DatabaseName /s/vault/$DATABASE/" backup-db.sql
sed -i -e "/@DatabaseNameSafe /s/vault/${DATABASE// /-}/" backup-db.sql
fi
# The rest... # The rest...
mkdir -p /etc/bitwarden/mssql/backups mkdir -p /etc/bitwarden/mssql/backups

1
util/Setup/Context.cs
View File

@ -149,6 +149,7 @@ namespace Bit.Setup
public bool SelfSignedCert { get; set; } public bool SelfSignedCert { get; set; }
public string IdentityCertPassword { get; set; } public string IdentityCertPassword { get; set; }
public string Domain { get; set; } public string Domain { get; set; }
public string Database { get; set; }
} }
} }
} }

4
util/Setup/EnvironmentFileBuilder.cs
View File

@ -62,7 +62,7 @@ namespace Bit.Setup
var dbConnectionString = new SqlConnectionStringBuilder var dbConnectionString = new SqlConnectionStringBuilder
{ {
DataSource = "tcp:mssql,1433", DataSource = "tcp:mssql,1433",
InitialCatalog = "vault", InitialCatalog = _context.Install?.Database,
UserID = "sa", UserID = "sa",
Password = dbPassword, Password = dbPassword,
MultipleActiveResultSets = false, MultipleActiveResultSets = false,
@ -75,7 +75,7 @@ namespace Bit.Setup
_globalOverrideValues = new Dictionary<string, string> _globalOverrideValues = new Dictionary<string, string>
{ {
["globalSettings__baseServiceUri__vault"] = _context.Config.Url, ["globalSettings__baseServiceUri__vault"] = _context.Config.Url,
["globalSettings__sqlServer__connectionString"] = $"\"{dbConnectionString}\"", ["globalSettings__sqlServer__connectionString"] = $"'{dbConnectionString}'",
["globalSettings__identityServer__certificatePassword"] = _context.Install?.IdentityCertPassword, ["globalSettings__identityServer__certificatePassword"] = _context.Install?.IdentityCertPassword,
["globalSettings__internalIdentityKey"] = _context.Stub ? "RANDOM_IDENTITY_KEY" : ["globalSettings__internalIdentityKey"] = _context.Stub ? "RANDOM_IDENTITY_KEY" :
Helpers.SecureRandomString(64, alpha: true, numeric: true), Helpers.SecureRandomString(64, alpha: true, numeric: true),

12
util/Setup/Program.cs
View File

@ -75,6 +75,10 @@ namespace Bit.Setup
{ {
_context.Install.Domain = _context.Parameters["domain"].ToLowerInvariant(); _context.Install.Domain = _context.Parameters["domain"].ToLowerInvariant();
} }
if (_context.Parameters.ContainsKey("dbname"))
{
_context.Install.Database = _context.Parameters["dbname"];
}
if (_context.Stub) if (_context.Stub)
{ {
@ -201,16 +205,16 @@ namespace Bit.Setup
{ {
var installationId = string.Empty; var installationId = string.Empty;
var installationKey = string.Empty; var installationKey = string.Empty;
if (_context.Parameters.ContainsKey("install-id")) if (_context.Parameters.ContainsKey("install-id"))
{ {
installationId = _context.Parameters["install-id"].ToLowerInvariant(); installationId = _context.Parameters["install-id"].ToLowerInvariant();
} }
else else
{ {
installationId = Helpers.ReadInput("Enter your installation id (get at https://bitwarden.com/host)"); installationId = Helpers.ReadInput("Enter your installation id (get at https://bitwarden.com/host)");
} }
if (!Guid.TryParse(installationId.Trim(), out var installationidGuid)) if (!Guid.TryParse(installationId.Trim(), out var installationidGuid))
{ {
Console.WriteLine("Invalid installation id."); Console.WriteLine("Invalid installation id.");
@ -225,7 +229,7 @@ namespace Bit.Setup
{ {
installationKey = Helpers.ReadInput("Enter your installation key"); installationKey = Helpers.ReadInput("Enter your installation key");
} }
_context.Install.InstallationId = installationidGuid; _context.Install.InstallationId = installationidGuid;
_context.Install.InstallationKey = installationKey; _context.Install.InstallationKey = installationKey;