dépôts / lhc / web / wiklou.git / blob
? search:


780431a4bf9aaa9d944ee2f78b2bc37c2940c792
[lhc/web/wiklou.git] / includes / installer / PostgresInstaller.php
1 <?php
2 /**
3 * PostgreSQL-specific installer.
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 * http://www.gnu.org/copyleft/gpl.html
19 *
20 * @file
21 * @ingroup Deployment
22 */
23
24 /**
25 * Class for setting up the MediaWiki database using Postgres.
26 *
27 * @ingroup Deployment
28 * @since 1.17
29 */
30 class PostgresInstaller extends DatabaseInstaller {
31
32 protected $globalNames = array(
33 'wgDBserver',
34 'wgDBport',
35 'wgDBname',
36 'wgDBuser',
37 'wgDBpassword',
38 'wgDBmwschema',
39 );
40
41 protected $internalDefaults = array(
42 '_InstallUser' => 'postgres',
43 );
44
45 public $minimumVersion = '8.3';
46 public $maxRoleSearchDepth = 5;
47
48 protected $pgConns = array();
49
50 function getName() {
51 return 'postgres';
52 }
53
54 public function isCompiled() {
55 return self::checkExtension( 'pgsql' );
56 }
57
58 function getConnectForm() {
59 return $this->getTextBox(
60 'wgDBserver',
61 'config-db-host',
62 array(),
63 $this->parent->getHelpBox( 'config-db-host-help' )
64 ) .
65 $this->getTextBox( 'wgDBport', 'config-db-port' ) .
66 Html::openElement( 'fieldset' ) .
67 Html::element( 'legend', array(), wfMessage( 'config-db-wiki-settings' )->text() ) .
68 $this->getTextBox(
69 'wgDBname',
70 'config-db-name',
71 array(),
72 $this->parent->getHelpBox( 'config-db-name-help' )
73 ) .
74 $this->getTextBox(
75 'wgDBmwschema',
76 'config-db-schema',
77 array(),
78 $this->parent->getHelpBox( 'config-db-schema-help' )
79 ) .
80 Html::closeElement( 'fieldset' ) .
81 $this->getInstallUserBox();
82 }
83
84 function submitConnectForm() {
85 // Get variables from the request
86 $newValues = $this->setVarsFromRequest( array(
87 'wgDBserver', 'wgDBport','wgDBname', 'wgDBmwschema',
88 '_InstallUser', '_InstallPassword'
89 ) );
90
91 // Validate them
92 $status = Status::newGood();
93 if ( !strlen( $newValues['wgDBname'] ) ) {
94 $status->fatal( 'config-missing-db-name' );
95 } elseif ( !preg_match( '/^[a-zA-Z0-9_]+$/', $newValues['wgDBname'] ) ) {
96 $status->fatal( 'config-invalid-db-name', $newValues['wgDBname'] );
97 }
98 if ( !preg_match( '/^[a-zA-Z0-9_]*$/', $newValues['wgDBmwschema'] ) ) {
99 $status->fatal( 'config-invalid-schema', $newValues['wgDBmwschema'] );
100 }
101 if ( !strlen( $newValues['_InstallUser'] ) ) {
102 $status->fatal( 'config-db-username-empty' );
103 }
104 if ( !strlen( $newValues['_InstallPassword'] ) ) {
105 $status->fatal( 'config-db-password-empty', $newValues['_InstallUser'] );
106 }
107
108 // Submit user box
109 if ( $status->isOK() ) {
110 $status->merge( $this->submitInstallUserBox() );
111 }
112 if ( !$status->isOK() ) {
113 return $status;
114 }
115
116 $status = $this->getPgConnection( 'create-db' );
117 if ( !$status->isOK() ) {
118 return $status;
119 }
120 /**
121 * @var $conn DatabaseBase
122 */
123 $conn = $status->value;
124
125 // Check version
126 $version = $conn->getServerVersion();
127 if ( version_compare( $version, $this->minimumVersion ) < 0 ) {
128 return Status::newFatal( 'config-postgres-old', $this->minimumVersion, $version );
129 }
130
131 $this->setVar( 'wgDBuser', $this->getVar( '_InstallUser' ) );
132 $this->setVar( 'wgDBpassword', $this->getVar( '_InstallPassword' ) );
133
134 return Status::newGood();
135 }
136
137 public function getConnection() {
138 $status = $this->getPgConnection( 'create-tables' );
139 if ( $status->isOK() ) {
140 $this->db = $status->value;
141 }
142
143 return $status;
144 }
145
146 public function openConnection() {
147 return $this->openPgConnection( 'create-tables' );
148 }
149
150 /**
151 * Open a PG connection with given parameters
152 * @param string $user User name
153 * @param string $password Password
154 * @param string $dbName Database name
155 * @return Status
156 */
157 protected function openConnectionWithParams( $user, $password, $dbName ) {
158 $status = Status::newGood();
159 try {
160 $db = new DatabasePostgres(
161 $this->getVar( 'wgDBserver' ),
162 $user,
163 $password,
164 $dbName
165 );
166 $status->value = $db;
167 } catch ( DBConnectionError $e ) {
168 $status->fatal( 'config-connection-error', $e->getMessage() );
169 }
170
171 return $status;
172 }
173
174 /**
175 * Get a special type of connection
176 * @param string $type See openPgConnection() for details.
177 * @return Status
178 */
179 protected function getPgConnection( $type ) {
180 if ( isset( $this->pgConns[$type] ) ) {
181 return Status::newGood( $this->pgConns[$type] );
182 }
183 $status = $this->openPgConnection( $type );
184
185 if ( $status->isOK() ) {
186 /**
187 * @var $conn DatabaseBase
188 */
189 $conn = $status->value;
190 $conn->clearFlag( DBO_TRX );
191 $conn->commit( __METHOD__ );
192 $this->pgConns[$type] = $conn;
193 }
194
195 return $status;
196 }
197
198 /**
199 * Get a connection of a specific PostgreSQL-specific type. Connections
200 * of a given type are cached.
201 *
202 * PostgreSQL lacks cross-database operations, so after the new database is
203 * created, you need to make a separate connection to connect to that
204 * database and add tables to it.
205 *
206 * New tables are owned by the user that creates them, and MediaWiki's
207 * PostgreSQL support has always assumed that the table owner will be
208 * $wgDBuser. So before we create new tables, we either need to either
209 * connect as the other user or to execute a SET ROLE command. Using a
210 * separate connection for this allows us to avoid accidental cross-module
211 * dependencies.
212 *
213 * @param string $type The type of connection to get:
214 * - create-db: A connection for creating DBs, suitable for pre-
215 * installation.
216 * - create-schema: A connection to the new DB, for creating schemas and
217 * other similar objects in the new DB.
218 * - create-tables: A connection with a role suitable for creating tables.
219 *
220 * @throws MWException
221 * @return Status object. On success, a connection object will be in the
222 * value member.
223 */
224 protected function openPgConnection( $type ) {
225 switch ( $type ) {
226 case 'create-db':
227 return $this->openConnectionToAnyDB(
228 $this->getVar( '_InstallUser' ),
229 $this->getVar( '_InstallPassword' ) );
230 case 'create-schema':
231 return $this->openConnectionWithParams(
232 $this->getVar( '_InstallUser' ),
233 $this->getVar( '_InstallPassword' ),
234 $this->getVar( 'wgDBname' ) );
235 case 'create-tables':
236 $status = $this->openPgConnection( 'create-schema' );
237 if ( $status->isOK() ) {
238 /**
239 * @var $conn DatabaseBase
240 */
241 $conn = $status->value;
242 $safeRole = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
243 $conn->query( "SET ROLE $safeRole" );
244 }
245
246 return $status;
247 default:
248 throw new MWException( "Invalid special connection type: \"$type\"" );
249 }
250 }
251
252 public function openConnectionToAnyDB( $user, $password ) {
253 $dbs = array(
254 'template1',
255 'postgres',
256 );
257 if ( !in_array( $this->getVar( 'wgDBname' ), $dbs ) ) {
258 array_unshift( $dbs, $this->getVar( 'wgDBname' ) );
259 }
260 $conn = false;
261 $status = Status::newGood();
262 foreach ( $dbs as $db ) {
263 try {
264 $conn = new DatabasePostgres(
265 $this->getVar( 'wgDBserver' ),
266 $user,
267 $password,
268 $db );
269 } catch ( DBConnectionError $error ) {
270 $conn = false;
271 $status->fatal( 'config-pg-test-error', $db,
272 $error->getMessage() );
273 }
274 if ( $conn !== false ) {
275 break;
276 }
277 }
278 if ( $conn !== false ) {
279 return Status::newGood( $conn );
280 } else {
281 return $status;
282 }
283 }
284
285 protected function getInstallUserPermissions() {
286 $status = $this->getPgConnection( 'create-db' );
287 if ( !$status->isOK() ) {
288 return false;
289 }
290 /**
291 * @var $conn DatabaseBase
292 */
293 $conn = $status->value;
294 $superuser = $this->getVar( '_InstallUser' );
295
296 $row = $conn->selectRow( '"pg_catalog"."pg_roles"', '*',
297 array( 'rolname' => $superuser ), __METHOD__ );
298
299 return $row;
300 }
301
302 protected function canCreateAccounts() {
303 $perms = $this->getInstallUserPermissions();
304 if ( !$perms ) {
305 return false;
306 }
307
308 return $perms->rolsuper === 't' || $perms->rolcreaterole === 't';
309 }
310
311 protected function isSuperUser() {
312 $perms = $this->getInstallUserPermissions();
313 if ( !$perms ) {
314 return false;
315 }
316
317 return $perms->rolsuper === 't';
318 }
319
320 public function getSettingsForm() {
321 if ( $this->canCreateAccounts() ) {
322 $noCreateMsg = false;
323 } else {
324 $noCreateMsg = 'config-db-web-no-create-privs';
325 }
326 $s = $this->getWebUserBox( $noCreateMsg );
327
328 return $s;
329 }
330
331 public function submitSettingsForm() {
332 $status = $this->submitWebUserBox();
333 if ( !$status->isOK() ) {
334 return $status;
335 }
336
337 $same = $this->getVar( 'wgDBuser' ) === $this->getVar( '_InstallUser' );
338
339 if ( $same ) {
340 $exists = true;
341 } else {
342 // Check if the web user exists
343 // Connect to the database with the install user
344 $status = $this->getPgConnection( 'create-db' );
345 if ( !$status->isOK() ) {
346 return $status;
347 }
348 $exists = $status->value->roleExists( $this->getVar( 'wgDBuser' ) );
349 }
350
351 // Validate the create checkbox
352 if ( $this->canCreateAccounts() && !$same && !$exists ) {
353 $create = $this->getVar( '_CreateDBAccount' );
354 } else {
355 $this->setVar( '_CreateDBAccount', false );
356 $create = false;
357 }
358
359 if ( !$create && !$exists ) {
360 if ( $this->canCreateAccounts() ) {
361 $msg = 'config-install-user-missing-create';
362 } else {
363 $msg = 'config-install-user-missing';
364 }
365
366 return Status::newFatal( $msg, $this->getVar( 'wgDBuser' ) );
367 }
368
369 if ( !$exists ) {
370 // No more checks to do
371 return Status::newGood();
372 }
373
374 // Existing web account. Test the connection.
375 $status = $this->openConnectionToAnyDB(
376 $this->getVar( 'wgDBuser' ),
377 $this->getVar( 'wgDBpassword' ) );
378 if ( !$status->isOK() ) {
379 return $status;
380 }
381
382 // The web user is conventionally the table owner in PostgreSQL
383 // installations. Make sure the install user is able to create
384 // objects on behalf of the web user.
385 if ( $same || $this->canCreateObjectsForWebUser() ) {
386 return Status::newGood();
387 } else {
388 return Status::newFatal( 'config-pg-not-in-role' );
389 }
390 }
391
392 /**
393 * Returns true if the install user is able to create objects owned
394 * by the web user, false otherwise.
395 * @return bool
396 */
397 protected function canCreateObjectsForWebUser() {
398 if ( $this->isSuperUser() ) {
399 return true;
400 }
401
402 $status = $this->getPgConnection( 'create-db' );
403 if ( !$status->isOK() ) {
404 return false;
405 }
406 $conn = $status->value;
407 $installerId = $conn->selectField( '"pg_catalog"."pg_roles"', 'oid',
408 array( 'rolname' => $this->getVar( '_InstallUser' ) ), __METHOD__ );
409 $webId = $conn->selectField( '"pg_catalog"."pg_roles"', 'oid',
410 array( 'rolname' => $this->getVar( 'wgDBuser' ) ), __METHOD__ );
411
412 return $this->isRoleMember( $conn, $installerId, $webId, $this->maxRoleSearchDepth );
413 }
414
415 /**
416 * Recursive helper for canCreateObjectsForWebUser().
417 * @param $conn DatabaseBase object
418 * @param int $targetMember Role ID of the member to look for
419 * @param int $group Role ID of the group to look for
420 * @param int $maxDepth Maximum recursive search depth
421 * @return bool
422 */
423 protected function isRoleMember( $conn, $targetMember, $group, $maxDepth ) {
424 if ( $targetMember === $group ) {
425 // A role is always a member of itself
426 return true;
427 }
428 // Get all members of the given group
429 $res = $conn->select( '"pg_catalog"."pg_auth_members"', array( 'member' ),
430 array( 'roleid' => $group ), __METHOD__ );
431 foreach ( $res as $row ) {
432 if ( $row->member == $targetMember ) {
433 // Found target member
434 return true;
435 }
436 // Recursively search each member of the group to see if the target
437 // is a member of it, up to the given maximum depth.
438 if ( $maxDepth > 0 ) {
439 if ( $this->isRoleMember( $conn, $targetMember, $row->member, $maxDepth - 1 ) ) {
440 // Found member of member
441 return true;
442 }
443 }
444 }
445
446 return false;
447 }
448
449 public function preInstall() {
450 $createDbAccount = array(
451 'name' => 'user',
452 'callback' => array( $this, 'setupUser' ),
453 );
454 $commitCB = array(
455 'name' => 'pg-commit',
456 'callback' => array( $this, 'commitChanges' ),
457 );
458 $plpgCB = array(
459 'name' => 'pg-plpgsql',
460 'callback' => array( $this, 'setupPLpgSQL' ),
461 );
462 $schemaCB = array(
463 'name' => 'schema',
464 'callback' => array( $this, 'setupSchema' )
465 );
466
467 if ( $this->getVar( '_CreateDBAccount' ) ) {
468 $this->parent->addInstallStep( $createDbAccount, 'database' );
469 }
470 $this->parent->addInstallStep( $commitCB, 'interwiki' );
471 $this->parent->addInstallStep( $plpgCB, 'database' );
472 $this->parent->addInstallStep( $schemaCB, 'database' );
473 }
474
475 function setupDatabase() {
476 $status = $this->getPgConnection( 'create-db' );
477 if ( !$status->isOK() ) {
478 return $status;
479 }
480 $conn = $status->value;
481
482 $dbName = $this->getVar( 'wgDBname' );
483
484 $exists = $conn->selectField( '"pg_catalog"."pg_database"', '1',
485 array( 'datname' => $dbName ), __METHOD__ );
486 if ( !$exists ) {
487 $safedb = $conn->addIdentifierQuotes( $dbName );
488 $conn->query( "CREATE DATABASE $safedb", __METHOD__ );
489 }
490
491 return Status::newGood();
492 }
493
494 function setupSchema() {
495 // Get a connection to the target database
496 $status = $this->getPgConnection( 'create-schema' );
497 if ( !$status->isOK() ) {
498 return $status;
499 }
500 $conn = $status->value;
501
502 // Create the schema if necessary
503 $schema = $this->getVar( 'wgDBmwschema' );
504 $safeschema = $conn->addIdentifierQuotes( $schema );
505 $safeuser = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
506 if ( !$conn->schemaExists( $schema ) ) {
507 try {
508 $conn->query( "CREATE SCHEMA $safeschema AUTHORIZATION $safeuser" );
509 } catch ( DBQueryError $e ) {
510 return Status::newFatal( 'config-install-pg-schema-failed',
511 $this->getVar( '_InstallUser' ), $schema );
512 }
513 }
514
515 // Select the new schema in the current connection
516 $conn->determineCoreSchema( $schema );
517
518 return Status::newGood();
519 }
520
521 function commitChanges() {
522 $this->db->commit( __METHOD__ );
523
524 return Status::newGood();
525 }
526
527 function setupUser() {
528 if ( !$this->getVar( '_CreateDBAccount' ) ) {
529 return Status::newGood();
530 }
531
532 $status = $this->getPgConnection( 'create-db' );
533 if ( !$status->isOK() ) {
534 return $status;
535 }
536 $conn = $status->value;
537
538 $safeuser = $conn->addIdentifierQuotes( $this->getVar( 'wgDBuser' ) );
539 $safepass = $conn->addQuotes( $this->getVar( 'wgDBpassword' ) );
540
541 // Check if the user already exists
542 $userExists = $conn->roleExists( $this->getVar( 'wgDBuser' ) );
543 if ( !$userExists ) {
544 // Create the user
545 try {
546 $sql = "CREATE ROLE $safeuser NOCREATEDB LOGIN PASSWORD $safepass";
547
548 // If the install user is not a superuser, we need to make the install
549 // user a member of the new user's group, so that the install user will
550 // be able to create a schema and other objects on behalf of the new user.
551 if ( !$this->isSuperUser() ) {
552 $sql .= ' ROLE' . $conn->addIdentifierQuotes( $this->getVar( '_InstallUser' ) );
553 }
554
555 $conn->query( $sql, __METHOD__ );
556 } catch ( DBQueryError $e ) {
557 return Status::newFatal( 'config-install-user-create-failed',
558 $this->getVar( 'wgDBuser' ), $e->getMessage() );
559 }
560 }
561
562 return Status::newGood();
563 }
564
565 function getLocalSettings() {
566 $port = $this->getVar( 'wgDBport' );
567 $schema = $this->getVar( 'wgDBmwschema' );
568
569 return "# Postgres specific settings
570 \$wgDBport = \"{$port}\";
571 \$wgDBmwschema = \"{$schema}\";";
572 }
573
574 public function preUpgrade() {
575 global $wgDBuser, $wgDBpassword;
576
577 # Normal user and password are selected after this step, so for now
578 # just copy these two
579 $wgDBuser = $this->getVar( '_InstallUser' );
580 $wgDBpassword = $this->getVar( '_InstallPassword' );
581 }
582
583 public function createTables() {
584 $schema = $this->getVar( 'wgDBmwschema' );
585
586 $status = $this->getConnection();
587 if ( !$status->isOK() ) {
588 return $status;
589 }
590
591 /**
592 * @var $conn DatabaseBase
593 */
594 $conn = $status->value;
595
596 if ( $conn->tableExists( 'archive' ) ) {
597 $status->warning( 'config-install-tables-exist' );
598 $this->enableLB();
599
600 return $status;
601 }
602
603 $conn->begin( __METHOD__ );
604
605 if ( !$conn->schemaExists( $schema ) ) {
606 $status->fatal( 'config-install-pg-schema-not-exist' );
607
608 return $status;
609 }
610 $error = $conn->sourceFile( $conn->getSchemaPath() );
611 if ( $error !== true ) {
612 $conn->reportQueryError( $error, 0, '', __METHOD__ );
613 $conn->rollback( __METHOD__ );
614 $status->fatal( 'config-install-tables-failed', $error );
615 } else {
616 $conn->commit( __METHOD__ );
617 }
618 // Resume normal operations
619 if ( $status->isOk() ) {
620 $this->enableLB();
621 }
622
623 return $status;
624 }
625
626 public function setupPLpgSQL() {
627 // Connect as the install user, since it owns the database and so is
628 // the user that needs to run "CREATE LANGAUGE"
629 $status = $this->getPgConnection( 'create-schema' );
630 if ( !$status->isOK() ) {
631 return $status;
632 }
633 /**
634 * @var $conn DatabaseBase
635 */
636 $conn = $status->value;
637
638 $exists = $conn->selectField( '"pg_catalog"."pg_language"', 1,
639 array( 'lanname' => 'plpgsql' ), __METHOD__ );
640 if ( $exists ) {
641 // Already exists, nothing to do
642 return Status::newGood();
643 }
644
645 // plpgsql is not installed, but if we have a pg_pltemplate table, we
646 // should be able to create it
647 $exists = $conn->selectField(
648 array( '"pg_catalog"."pg_class"', '"pg_catalog"."pg_namespace"' ),
649 1,
650 array(
651 'pg_namespace.oid=relnamespace',
652 'nspname' => 'pg_catalog',
653 'relname' => 'pg_pltemplate',
654 ),
655 __METHOD__ );
656 if ( $exists ) {
657 try {
658 $conn->query( 'CREATE LANGUAGE plpgsql' );
659 } catch ( DBQueryError $e ) {
660 return Status::newFatal( 'config-pg-no-plpgsql', $this->getVar( 'wgDBname' ) );
661 }
662 } else {
663 return Status::newFatal( 'config-pg-no-plpgsql', $this->getVar( 'wgDBname' ) );
664 }
665
666 return Status::newGood();
667 }
668 }
Wiklou, le Wiki du Wiklou