PNG  IHDR* pHYs+ IDATx]n#; cdLb Ǚ[at¤_:uP}>!Usă cag޿ ֵNu`ݼTâabO7uL&y^wFٝA"l[|ŲHLN밪4*sG3|Dv}?+y߉{OuOAt4Jj.u]Gz*҉sP'VQKbA1u\`& Af;HWj hsO;ogTu uj7S3/QzUr&wS`M$X_L7r2;aE+ώ%vikDA:dR+%KzƉo>eOth$z%: :{WwaQ:wz%4foɹE[9<]#ERINƻv溂E%P1i01 |Jvҗ&{b?9g=^wζXn/lK::90KwrюO\!ջ3uzuGv^;騢wq<Iatv09:tt~hEG`v;3@MNZD.1]L:{ծI3`L(÷ba")Y.iljCɄae#I"1 `3*Bdz>j<fU40⨬%O$3cGt]j%Fߠ_twJ;ABU8vP3uEԑwQ V:h%))LfraqX-ۿX]v-\9I gl8tzX ]ecm)-cgʒ#Uw=Wlێn(0hPP/ӨtQ“&J35 $=]r1{tLuǮ*i0_;NƝ8;-vݏr8+U-kruȕYr0RnC]*ެ(M:]gE;{]tg(#ZJ9y>utRDRMdr9㪩̞zֹb<ģ&wzJM"iI( .ꮅX)Qw:9,i좜\Ԛi7&N0:asϓc];=ΗOӣ APqz93 y $)A*kVHZwBƺnWNaby>XMN*45~ղM6Nvm;A=jֲ.~1}(9`KJ/V F9[=`~[;sRuk]rєT!)iQO)Y$V ی ۤmzWz5IM Zb )ˆC`6 rRa}qNmUfDsWuˤV{ Pݝ'=Kֳbg,UҘVz2ﴻnjNgBb{? ߮tcsͻQuxVCIY۠:(V뺕 ٥2;t`@Fo{Z9`;]wMzU~%UA蛚dI vGq\r82iu +St`cR.6U/M9IENDB`#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/suspendmysqlusers Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited package scripts::suspendmysqlusers; use strict; use warnings; use Cpanel::DB::Map::Reader (); use Cpanel::DB::Utils (); use Cpanel::Mysql::Passwd (); use Cpanel::MysqlUtils::Command (); use Cpanel::MysqlUtils::Quote (); use Cpanel::MysqlUtils::Compat (); use Cpanel::Logger (); use Cpanel::MysqlUtils::Connect (); use Cpanel::MysqlUtils::Version (); if ( !caller() ) { my ( $user, $team ) = @ARGV; if ( !$user ) { print "USAGE: $0 \n"; exit 1; } suspend( $user, $team ); } sub suspend { my ( $cpuser, $team ) = @_; my $logger = Cpanel::Logger->new(); my ( $team_owner, $team_user, $mysql_team_user ); # suspend the team-user mysql account alone if ( defined $team ) { ( $team_owner, $team_user ) = split /_/, $cpuser; $mysql_team_user = $cpuser; $cpuser = $team_owner; } my $map = Cpanel::DB::Map::Reader->new( 'cpuser' => $cpuser, engine => 'mysql' ); my @user_list = $map->get_dbusers_plus_cpses(); # Case48428 - Need to include the parent user associated with the database and not just virtual users # when suspending accounts in MySQL. # Also, the DB map datastore might have a different owner name associated with the user # account which the databases are tied to. my @db_owner = ( $cpuser, Cpanel::DB::Utils::username_to_dbowner($cpuser), ); push @user_list, @db_owner; my $user_list = !defined $team ? join ',', map { Cpanel::MysqlUtils::Quote::quote($_) } @user_list : Cpanel::MysqlUtils::Quote::quote($mysql_team_user); Cpanel::MysqlUtils::Connect::connect(); my $row_name = Cpanel::MysqlUtils::Compat::get_mysql_user_auth_field(); my $result = Cpanel::MysqlUtils::Command::sqlcmd("SELECT User, Host, $row_name from mysql.user WHERE user IN ($user_list)") || ''; my @lines = split /\n/, $result; my %result; foreach my $line (@lines) { my ( $user, $host, $pass ) = split /\s+/, $line, 3; if ( !$pass ) { $logger->info("MySQL user $user\@$host has a blank password!"); $result{$user}{$host} = '*' x 41; } else { $result{$user}{$host} = $pass; } } foreach my $user ( keys %result ) { foreach my $host ( keys %{ $result{$user} } ) { if ( $result{$user}{$host} =~ m/^\*/ ) { $result{$user}{$host} =~ s/^\*//; $result{$user}{$host} = reverse $result{$user}{$host}; $result{$user}{$host} = '-' . $result{$user}{$host}; } else { # Case 76857 $result{$user}{$host} =~ s/^([0-9a-f]{16})$/ ( '!' x 25 ) . reverse($1) /e; } } } my $mysql = Cpanel::Mysql::Passwd->new( { cpuser => $cpuser } ); my @sql_cmds; foreach my $user ( keys %result ) { foreach my $host ( keys %{ $result{$user} } ) { my $pass = $result{$user}{$host}; my $mysql_version = _long_mysql_version_or_default(); # Per docs on MySQL 5.7.6 - https://dev.mysql.com/doc/refman/5.7/en/grant.html # We can no longer use GRANT statements to change the password. # However, since 5.7 ships with Account Locking capabilities, we will utilize that instead to lock the accounts. if ( Cpanel::MysqlUtils::Version::is_at_least( $mysql_version, '5.7.6' ) && !Cpanel::MysqlUtils::Version::is_at_least( $mysql_version, '10.0.0' ) ) { push @sql_cmds, 'ALTER USER ' . Cpanel::MysqlUtils::Quote::quote($user) . '@' . Cpanel::MysqlUtils::Quote::quote($host) . ' ACCOUNT LOCK;'; } else { # Passing in 1 to specify a password change $mysql->passwduser_hash( $user => $pass, 1 ); } } } # This must be done in the foreground or pkgacct will break. push @sql_cmds, 'FLUSH PRIVILEGES'; Cpanel::MysqlUtils::Command::sqlcmd( \@sql_cmds ); return 1; } sub _long_mysql_version_or_default { local $@; my $long_version = eval { Cpanel::MysqlUtils::Version::current_mysql_version()->{'long'} }; if ($@) { # current_mysql_version has extensive logic to determine the current # version. If it fails, MySQL is likely beyond repair and we need to reinstall. return $Cpanel::MysqlUtils::Version::DEFAULT_MYSQL_RELEASE_TO_ASSUME_IS_INSTALLED; } return $long_version; } 1;