From patchwork Wed Feb 17 03:28:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eli Schwartz X-Patchwork-Id: 1874 Return-Path: Delivered-To: patchwork@archlinux.org Received: from mail.archlinux.org [95.216.189.61] by patchwork.archlinux.org with IMAP (fetchmail-6.4.16) for (single-drop); Wed, 17 Feb 2021 03:29:28 +0000 (UTC) Received: from mail.archlinux.org by mail.archlinux.org with LMTP id mJvsEZiNLGCIkAEAK+/4rw (envelope-from ) for ; Wed, 17 Feb 2021 03:29:28 +0000 Received: from luna.archlinux.org (luna.archlinux.org [5.9.250.164]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits)) (No client certificate requested) by mail.archlinux.org (Postfix) with ESMTPS id A89423FE931; Wed, 17 Feb 2021 03:29:27 +0000 (UTC) Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 840202C6F9; Wed, 17 Feb 2021 03:29:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=lists.archlinux.org; s=luna; t=1613532565; bh=7SXTzMzCgms0tEIuI9qoxn4Uc47g6EXHBx5AFHTcxXI=; h=To:Subject:Date:In-Reply-To:References:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc; b=ci3UGe0PWwUo2UyVAU8Mt+xKa5HBBSD7O7p+qvw7kUvEQCFUmmZbPvU+0DyjcbFxz 5oTrpHNjdoDbFCczgI8SJNPexOFPM94LLGNbfOI/oG1XSWiE9Iu9VeffsAi6oEh9iL N3h9Zhsp3rKKAQKd2i87jz9dYE2t+G/K4AWMln2+vAm8Z445Y1qRIZm3iaDIlheJ0n KGhErd/l1uuUGcICPjPjaX8OBWz/KjR5IHfrKxuEkhwjLd8DVZN5lwGik8NPkowdn9 gUB0hbu/qQthfriGIXJVyBidIjdhXz/VBGraCydMpzgt9qcpqjML43FxVp7fRBJksW 559eyAy8IyVxnEv9fXNLm7+e3wF9L8oHLIpaDqeZW+gDcRvd6NKs2zIjVKSS5FJ2zf ZYw3/qww2YBdtc6iKUkNNo5msPBAuhW3Z+C6xuMsDjQV5NkjtCdLrtTm6pJjA2PFSR HBB3Tw/ncNQOb42ZQ/InW4QgTPMAuFi0a9gTKRjezu3aY2RI2GebZMU4gmhQruvRp0 UCXqQBTOj/+XK/eB7Yphkbo+dLVqJfJg18GyX5TdNKQfrrcQKSOEEc0RUUGWQG51rT VdEY1/yUryyqXUfvqe/5wVe8t3AvfU6Kw5Jgetl0068+bOmc3dzwTbwBmei/+NMQkd n3lpWb5ycIO9lEZVd1ggveBs= Received: from luna.archlinux.org (luna.archlinux.org [127.0.0.1]) by luna.archlinux.org (Postfix) with ESMTP id 219F62C6F2 for ; Wed, 17 Feb 2021 03:29:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on luna.archlinux.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3,T_DMARC_POLICY_NONE=0.01 autolearn=failed autolearn_force=no version=3.4.4 X-Spam-BL-Results: [127.0.9.2] Received: from mail.archlinux.org (mail.archlinux.org [IPv6:2a01:4f9:c010:3052::1]) by luna.archlinux.org (Postfix) with ESMTPS for ; Wed, 17 Feb 2021 03:29:22 +0000 (UTC) To: aur-dev@archlinux.org Subject: [aur-dev][PATCH 2/3] prevent running mysql-specific query in sqlite Date: Tue, 16 Feb 2021 22:28:53 -0500 Message-Id: <20210217032854.245535-2-eschwartz@archlinux.org> X-Mailer: git-send-email 2.30.1 In-Reply-To: <20210217032854.245535-1-eschwartz@archlinux.org> References: <20210217032854.245535-1-eschwartz@archlinux.org> MIME-Version: 1.0 X-BeenThere: aur-dev@lists.archlinux.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Arch User Repository \(AUR\) Development" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Eli Schwartz via aur-dev From: Eli Schwartz Reply-To: "Arch User Repository \(AUR\) Development" Cc: Eli Schwartz Errors-To: aur-dev-bounces@lists.archlinux.org Sender: "aur-dev" Authentication-Results: mail.archlinux.org; dkim=pass header.d=lists.archlinux.org header.s=luna header.b=ci3UGe0P; dmarc=pass (policy=none) header.from=archlinux.org; spf=pass (mail.archlinux.org: domain of aur-dev-bounces@lists.archlinux.org designates 5.9.250.164 as permitted sender) smtp.mailfrom=aur-dev-bounces@lists.archlinux.org X-Rspamd-Queue-Id: A89423FE931 X-Spamd-Result: default: False [3.79 / 15.00]; HAS_REPLYTO(0.00)[aur-dev@lists.archlinux.org]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:5.9.250.164:c]; R_MISSING_CHARSET(2.50)[]; REPLYTO_ADDR_EQ_FROM(0.00)[]; BROKEN_CONTENT_TYPE(1.50)[]; RCVD_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROMTLD(0.00)[]; DKIM_TRACE(0.00)[lists.archlinux.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[archlinux.org,none]; MAILLIST(-0.20)[mailman]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:24940, ipnet:5.9.0.0/16, country:DE]; FROM_NEQ_ENVFROM(0.00)[aur-dev@lists.archlinux.org,aur-dev-bounces@lists.archlinux.org]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[lists.archlinux.org:s=luna]; FROM_HAS_DN(0.00)[]; TAGGED_RCPT(0.00)[aur-dev]; MIME_GOOD(-0.10)[text/plain]; HAS_LIST_UNSUB(-0.01)[]; MID_RHS_MATCH_TO(1.00)[]; NEURAL_HAM(-0.00)[-1.000]; FORGED_SENDER_MAILLIST(0.00)[] X-Rspamd-Server: mail.archlinux.org We usually guard such queries and have both mysql and sqlite branches. But I have not implemented the sqlite branch. Given sqlite is typically used for local dev setups, the fact that "users with more than the configured max simultaneous logins" can avoid getting some logins annulled is probably not a huge risk. And this always *used* to fail on sqlite, silently. Now, in php 8, it raises PDOException, which prevents running the test server Document this as a FIXME for now, until someone reimplements the query for sqlite. Signed-off-by: Eli Schwartz --- web/lib/acctfuncs.inc.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index d238c0e0..30c4cfe0 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -597,7 +597,9 @@ function try_login() { /* Generate a session ID and store it. */ while (!$logged_in && $num_tries < 5) { $session_limit = config_get_int('options', 'max_sessions_per_user'); - if ($session_limit) { + # FIXME: this does not work for sqlite (JOIN in a DELETE clause) + # hence non-prod instances can have a naughty amount of simultaneous logins + if ($backend == "mysql" && $session_limit) { /* * Delete all user sessions except the * last ($session_limit - 1).