From 6b0468ebff2883b4bd395dbdb3c581fa9936ee24 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Thu, 19 Dec 2019 09:49:59 +0000 Subject: [PATCH 1/8] Add support for a CONFIG_PATH variable --- lib/Configuration.php | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/lib/Configuration.php b/lib/Configuration.php index 7172b3ed..e779d05f 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -102,8 +102,14 @@ class Configuration public function __construct() { $config = array(); - $configFile = PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.php'; - $configIni = PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.ini'; + $basePath = PATH. 'cfg' . DIRECTORY_SEPARATOR; + $configIni = $basePath . 'conf.ini'; + + if (getenv('CONFIG_PATH') !== false) { + $configFile = getenv('CONFIG_PATH'); + } else { + $configFile = $basePath . 'conf.php'; + } // rename INI files to avoid configuration leakage if (is_readable($configIni)) { @@ -112,7 +118,7 @@ class Configuration // cleanup sample, too $configIniSample = $configIni . '.sample'; if (is_readable($configIniSample)) { - DataStore::prependRename($configIniSample, PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.sample.php', ';'); + DataStore::prependRename($configIniSample, $basePath . 'conf.sample.php', ';'); } } From b5c86e290f446dd141a6a91a943561958ec80f34 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Fri, 20 Dec 2019 10:42:59 +0000 Subject: [PATCH 2/8] squashme: fix code style issue --- lib/Configuration.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Configuration.php b/lib/Configuration.php index e779d05f..f9e21119 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -102,7 +102,7 @@ class Configuration public function __construct() { $config = array(); - $basePath = PATH. 'cfg' . DIRECTORY_SEPARATOR; + $basePath = PATH . 'cfg' . DIRECTORY_SEPARATOR; $configIni = $basePath . 'conf.ini'; if (getenv('CONFIG_PATH') !== false) { From 13fb8499730113e69c3712c15164ea7b57ccfa4f Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Fri, 20 Dec 2019 14:28:43 +0000 Subject: [PATCH 3/8] Add CONFIG_PATH notes to INSTALL.md --- INSTALL.md | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index dc209f26..2d721e2b 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -18,7 +18,7 @@ options](#configuration) to adjust as you see fit. - open_basedir access to `/dev/urandom` - mcrypt extension - com_dotnet extension - + Mcrypt needs to be able to access `/dev/urandom`. This means if `open_basedir` is set, it must include this file. - GD extension - some disk space or (optionally) a database supported by [PDO](https://secure.php.net/manual/book.pdo.php) @@ -43,13 +43,34 @@ process (see also > > The full path of PrivateBin on your webserver is: > /home/example.com/htdocs/paste -> +> > When setting the path like this: > define('PATH', '../../secret/privatebin/'); > > PrivateBin will look for your includes / data here: > /home/example.com/secret/privatebin +### Changing the config path only + +In situations where you want to keep the PrivateBin static files separate from the +rest of your data, or you want to reuse the installation files on multiple vhosts, +you may only want to change the `conf.php`. In this instance, you can set the +`CONFIG_PATH` environment variable to the absolute path to the `conf.php` file. +This can be done in your web server's virtual host config, the PHP config, or in +the index.php if you choose to customize it. + +Note that your PHP process will need read access to the config wherever it may be. + +> #### CONFIG_PATH example +> Setting the value in an Apache Vhost: +> SetEnv CONFIG_PATH /var/lib/privatebin/conf.php +> +> In a php-fpm pool config: +> env[CONFIG_PATH] = /var/lib/privatebin/conf.php +> +> In the index.php, near the top: +> putenv('CONFIG_PATH=/var/lib/privatebin/conf.php'); + ### Transport security When setting up PrivateBin, also set up HTTPS, if you haven't already. Without HTTPS @@ -66,8 +87,9 @@ See [this FAQ item](https://github.com/PrivateBin/PrivateBin/wiki/FAQ#what-are-t In the file `cfg/conf.php` you can configure PrivateBin. A `cfg/conf.sample.php` is provided containing all options and default values. You can copy it to -`cfg/conf.php` and adapt it as needed. The config file is divided into multiple -sections, which are enclosed in square brackets. +`cfg/conf.php` and adapt it as needed. Alternatively you can copy it anywhere and +set the `CONFIG_PATH` environment variable (see above notes). The config file is +divided into multiple sections, which are enclosed in square brackets. In the `[main]` section you can enable or disable the discussion feature, set the limit of stored pastes and comments in bytes. The `[traffic]` section lets From d5d13fa831d044f1f7c172a2a6d571ce22faf188 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Tue, 24 Dec 2019 18:50:49 +0000 Subject: [PATCH 4/8] Add logic to rename insecure CONFIG_PATH --- lib/Configuration.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/lib/Configuration.php b/lib/Configuration.php index f9e21119..533cb178 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -104,11 +104,21 @@ class Configuration $config = array(); $basePath = PATH . 'cfg' . DIRECTORY_SEPARATOR; $configIni = $basePath . 'conf.ini'; + $configFile = $basePath . 'conf.php'; if (getenv('CONFIG_PATH') !== false) { $configFile = getenv('CONFIG_PATH'); - } else { - $configFile = $basePath . 'conf.php'; + + // Rename INI files to avoid configuration leakage + if ( + strtolower(substr($configFile, -3, 3)) == 'ini' && + is_readable($configFile) && + is_writable(dirname($configFile)) + ) { + $oldConfigFile = $configFile; + $configFile = substr($configFile, 0, -3) . 'php'; + DataStore::prependRename($oldConfigFile, $configFile, ';'); + } } // rename INI files to avoid configuration leakage From 7d9ec9509bce892325efe4c753065fc0f3ff1515 Mon Sep 17 00:00:00 2001 From: Lucas Savva Date: Tue, 24 Dec 2019 19:11:38 +0000 Subject: [PATCH 5/8] Handle previously renamed CONFIG_PATH gracefully --- lib/Configuration.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/Configuration.php b/lib/Configuration.php index 533cb178..5c505876 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -107,7 +107,8 @@ class Configuration $configFile = $basePath . 'conf.php'; if (getenv('CONFIG_PATH') !== false) { - $configFile = getenv('CONFIG_PATH'); + $configFile = getenv('CONFIG_PATH'); + $configFilePhp = substr($configFile, 0, -3) . 'php'; // Rename INI files to avoid configuration leakage if ( @@ -115,9 +116,12 @@ class Configuration is_readable($configFile) && is_writable(dirname($configFile)) ) { - $oldConfigFile = $configFile; - $configFile = substr($configFile, 0, -3) . 'php'; - DataStore::prependRename($oldConfigFile, $configFile, ';'); + DataStore::prependRename($configFile, $configFilePhp, ';'); + } + + // Rename successful? Already renamed? use that file + if (is_readable($configFilePhp)) { + $configFile = $configFilePhp; } } From 07a6e3094df384d0c3c0e5924e827e9e9a7b6586 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 25 Dec 2019 07:58:14 +0100 Subject: [PATCH 6/8] adding unit tests for the new confi file env variable --- tst/ConfigurationTest.php | 56 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 54 insertions(+), 2 deletions(-) diff --git a/tst/ConfigurationTest.php b/tst/ConfigurationTest.php index 15b7fd2b..bb4ce36f 100644 --- a/tst/ConfigurationTest.php +++ b/tst/ConfigurationTest.php @@ -4,24 +4,31 @@ use PrivateBin\Configuration; class ConfigurationTest extends PHPUnit_Framework_TestCase { + private $_minimalConfig; + private $_options; - private $_minimalConfig; + private $_path; public function setUp() { /* Setup Routine */ Helper::confBackup(); + $this->_minimalConfig = '[main]' . PHP_EOL . '[model]' . PHP_EOL . '[model_options]'; $this->_options = Configuration::getDefaults(); $this->_options['model_options']['dir'] = PATH . $this->_options['model_options']['dir']; $this->_options['traffic']['dir'] = PATH . $this->_options['traffic']['dir']; $this->_options['purge']['dir'] = PATH . $this->_options['purge']['dir']; - $this->_minimalConfig = '[main]' . PHP_EOL . '[model]' . PHP_EOL . '[model_options]'; + $this->_path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'privatebin_cfg'; + if (!is_dir($this->_path)) { + mkdir($this->_path); + } } public function tearDown() { /* Tear Down Routine */ + Helper::rmDir($this->_path); if (is_file(CONF)) { unlink(CONF); } @@ -177,4 +184,49 @@ class ConfigurationTest extends PHPUnit_Framework_TestCase $this->assertFileExists(CONF, 'old configuration file gets converted'); $this->assertFileNotExists(PATH . 'cfg' . DIRECTORY_SEPARATOR . 'conf.ini', 'old configuration file gets removed'); } + + public function testConfigPath() + { + // setup + $configFile = $this->_path . DIRECTORY_SEPARATOR . 'conf.php'; + $options = $this->_options; + $options['main']['name'] = 'OtherBin'; + Helper::createIniFile($configFile, $options); + + // test + putenv('CONFIG_PATH=' . $this->_path); + $conf = new Configuration; + $this->assertEquals('OtherBin', $conf->getKey('name'), 'changing config path is supported'); + + // cleanup environment + if (is_file($configFile)) { + unlink($configFile); + } + putenv('CONFIG_PATH'); + } + + public function testConfigPathIni() + { + // setup + $configFile = $this->_path . DIRECTORY_SEPARATOR . 'conf.ini'; + $configMigrated = $this->_path . DIRECTORY_SEPARATOR . 'conf.php'; + $options = $this->_options; + $options['main']['name'] = 'OtherBin'; + Helper::createIniFile($configFile, $options); + $this->assertFileNotExists(CONF, 'configuration in the default location is non existing'); + + // test + putenv('CONFIG_PATH=' . $this->_path); + $conf = new Configuration; + $this->assertEquals('OtherBin', $conf->getKey('name'), 'changing config path is supported for ini files as well'); + $this->assertFileExists($configMigrated, 'old configuration file gets converted'); + $this->assertFileNotExists($configFile, 'old configuration file gets removed'); + $this->assertFileNotExists(CONF, 'configuration is not created in the default location'); + + // cleanup environment + if (is_file($configFile)) { + unlink($configFile); + } + putenv('CONFIG_PATH'); + } } From 0efe6f7a8e57817453fbc1f109d63ef76d08a2e7 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 25 Dec 2019 08:11:25 +0100 Subject: [PATCH 7/8] simplify logic, fullfills the unit test --- lib/Configuration.php | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/lib/Configuration.php b/lib/Configuration.php index 5c505876..9d2fd00d 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -102,29 +102,10 @@ class Configuration public function __construct() { $config = array(); - $basePath = PATH . 'cfg' . DIRECTORY_SEPARATOR; + $basePath = (getenv('CONFIG_PATH') !== false ? getenv('CONFIG_PATH') : PATH . 'cfg') . DIRECTORY_SEPARATOR; $configIni = $basePath . 'conf.ini'; $configFile = $basePath . 'conf.php'; - if (getenv('CONFIG_PATH') !== false) { - $configFile = getenv('CONFIG_PATH'); - $configFilePhp = substr($configFile, 0, -3) . 'php'; - - // Rename INI files to avoid configuration leakage - if ( - strtolower(substr($configFile, -3, 3)) == 'ini' && - is_readable($configFile) && - is_writable(dirname($configFile)) - ) { - DataStore::prependRename($configFile, $configFilePhp, ';'); - } - - // Rename successful? Already renamed? use that file - if (is_readable($configFilePhp)) { - $configFile = $configFilePhp; - } - } - // rename INI files to avoid configuration leakage if (is_readable($configIni)) { DataStore::prependRename($configIni, $configFile, ';'); From 348592236641d01fbd1065203bca87b5c4345944 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 25 Dec 2019 08:13:55 +0100 Subject: [PATCH 8/8] documenting change --- CHANGELOG.md | 1 + CREDITS.md | 1 + 2 files changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 785cdfdb..18d6bf37 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ * **1.4 (not yet released)** * ADDED: Translation for Ukrainian (#533) * ADDED: Option to send a mail with the link, when creating a paste (#398) + * ADDED: Add support for CONFIG_PATH environment variable (#552) * FIXED: Password disabling option (#527) * **1.3.1 (2019-09-22)** * ADDED: Translation for Bulgarian (#455) diff --git a/CREDITS.md b/CREDITS.md index 2fb559e8..fec83fa0 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -26,6 +26,7 @@ Sébastien Sauvage - original idea and main developer * thororm - Display of video, audio & PDF, drag & drop, preview of attachments * Harald Leithner - base58 encoding of key * Haocen - lots of bugfixes and UI improvements +* Lucas Savva - configurable config file location, NixOS packaging ## Translations * Hexalyse - French