def save(self):
##XXX begin transaction
self._owner.ctrl_be.exec_sql(
DELETE_SCHEMA_PRIV % {
"user":
escape_sql_string(self.username)
if self.username else self.username
})
for entry in self.entries:
fields = {
"user": escape_sql_string(self.username),
"host": entry.host,
"db": entry.db
}
priv_names = []
priv_values = []
for priv in self._owner.schema_privilege_names:
priv_names.append("%s" % priv)
if priv in entry.privileges:
priv_values.append("'Y'")
else:
priv_values.append("'N'")
#priv_values.append("'Y'" if priv in entry.privileges else "'N'")
fields["priv_names"] = ", ".join(priv_names)
fields["priv_values"] = ", ".join(priv_values)
self._owner.ctrl_be.exec_sql(INSERT_SCHEMA_PRIV % fields)
##XXX commit transaction
self._owner.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
def load(self, username, hostname):
self.is_commited = True
# Basic stuff from User table
query = GET_ACCOUNT_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying security information: %s" % e)
def load(self, username, hostname):
self.is_commited = True
# Basic stuff from User table
query = GET_ACCOUNT_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying security information: %s" % e)
def delete_account(self, acct):
if acct.is_commited:
query = REMOVE_USER % {"user":escape_sql_string(acct.username), "host":escape_sql_string(acct.host)}
self.ctrl_be.exec_sql(query)
self.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
del self._account_info_cache[acct.username+"@"+acct.host]
self._accounts.remove((acct.username, acct.host))
def load(self, username):
# Schema privileges from Db table
query = GET_ACCOUNT_SCHEMA_PRIVS_QUERY % {"user": escape_sql_string(username)}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying security information: %s" % e)
def load(self, username):
# Schema privileges from Db table
query = GET_ACCOUNT_SCHEMA_PRIVS_QUERY % {"user": escape_sql_string(username)}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying security information: %s" % e)
def save(self):
##XXX begin transaction
self._owner.ctrl_be.exec_sql(DELETE_SCHEMA_PRIV % {"user":escape_sql_string(self.username) if self.username else self.username})
for entry in self.entries:
fields = {"user":escape_sql_string(self.username), "host":entry.host, "db":entry.db}
priv_names = []
priv_values = []
for priv in self._owner.schema_privilege_names:
priv_names.append("%s" % priv)
if priv in entry.privileges:
priv_values.append("'Y'")
else:
priv_values.append("'N'")
#priv_values.append("'Y'" if priv in entry.privileges else "'N'")
fields["priv_names"] = ", ".join(priv_names)
fields["priv_values"] = ", ".join(priv_values)
self._owner.ctrl_be.exec_sql(INSERT_SCHEMA_PRIV % fields)
##XXX commit transaction
self._owner.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
def save(self):
if self.password != self.confirm_password:
raise WBSecurityValidationError(
"The new password and its confirmation don't match. Please re-enter them."
)
#if not self.username:
# raise WBSecurityValidationError("Username must not be blank")
if not self.host:
raise WBSecurityValidationError("Host name must not be blank")
# check if username + host is duplicated
if self.is_commited and (self.username != self._orig_username
or self.host != self._orig_host):
if (self.username, self.host) in self._owner.account_names:
raise WBSecurityValidationError(
"The '%s' account already exists and cannot be saved." %
(self.formatted_name()))
elif not self.is_commited:
if self._owner.account_names.count((self.username, self.host)) > 1:
raise WBSecurityValidationError(
"The '%s' account already exists and cannot be saved." %
(self.formatted_name()))
fields = {
"old_user":
escape_sql_string(self._orig_username)
if self._orig_username else self._orig_username,
"old_host":
escape_sql_string(self._orig_host)
if self._orig_host else self._orig_host,
"user":
escape_sql_string(self.username) or "NULL",
"host":
escape_sql_string(self.host) or "",
"password":
escape_sql_string(self.password or self._orig_password or ""),
"auth_plugin":
escape_sql_string(self.auth_plugin) if self.auth_plugin else None,
"auth_string":
escape_sql_string(self.auth_string) if self.auth_string else None
}
if self.is_commited:
assert self._orig_username is not None and self._orig_host is not None
assignments = []
for priv in self._owner.global_privilege_names:
if priv in self._global_privs:
assignments.append("%s='%s'" % (priv, 'Y'))
else:
assignments.append("%s='%s'" % (priv, 'N'))
for limit in ["max_questions", "max_updates", "max_connections"
] + (self._owner.has_max_user_connections
and ["max_user_connections"] or []):
assignments.append("%s='%s'" % (limit, getattr(self, limit)))
if self._orig_username != self.username:
assignments.append("User='******'" %
escape_sql_string(self.username))
if self.auth_plugin:
if self._orig_auth_string != self.auth_string:
assignments.append("authentication_string='%s'" %
escape_sql_string(self.auth_string))
else:
if self._orig_host != self.host:
assignments.append("Host='%s'" %
escape_sql_string(self.host))
if self.password:
assignments.append("Password=password('%s')" %
escape_sql_string(self.password))
fields["assignments"] = ", ".join(assignments)
query = UPDATE_ACCOUNT_QUERY % fields
try:
self._owner.ctrl_be.exec_sql(query)
except QueryError, e:
if e.error == 1142:
raise PermissionDeniedError(
"Error updating account %s@%s: Insufficient rights to perform operation"
% (self.username, self.host))
else:
raise Exception("Error updating account %s@%s: %s" %
(self.username, self.host, e))
except Exception, e:
raise Exception("Error updating account %s@%s: %s" %
(self.username, self.host, e))
def revoke_all(self):
command = REVOKE_ALL % {
"user": escape_sql_string(self.username),
"host": self.host
}
self._owner.ctrl_be.exec_sql(command)
if result < 0:
raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError())
try:
is_privs = []
while modules.DbMySQLQuery.resultNextRow(result):
table = result.stringByName("Table_name")
table_privs = result.stringByName("Table_priv")
is_privs.append((table, table_priv and table_privs.split(",") or []))
finally:
modules.DbMySQLQuery.closeResult(result)
"""
# privs from mysql tables
query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {
"user": escape_sql_string(username),
"host": escape_sql_string(hostname)
}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying mysql table: %s" % e)
mysql_privs = {}
while result.nextRow():
table = result.stringByName("Table_name")
table_privs = result.stringByName("Table_priv")
mysql_privs[table] = table_privs and table_privs.split(",") or []
# interpret the privileges
for name, (db, tables, required_privs, grant,
def save(self):
if self.password != self.confirm_password:
raise WBSecurityValidationError("The new password and its confirmation don't match. Please re-enter them.")
#if not self.username:
# raise WBSecurityValidationError("Username must not be blank")
if not self.host:
raise WBSecurityValidationError("Host name must not be blank")
# check if username + host is duplicated
if self.is_commited and (self.username != self._orig_username or self.host != self._orig_host):
if (self.username, self.host) in self._owner.account_names:
raise WBSecurityValidationError("The '%s' account already exists and cannot be saved." % (self.formatted_name()))
elif not self.is_commited:
if self._owner.account_names.count((self.username, self.host)) > 1:
raise WBSecurityValidationError("The '%s' account already exists and cannot be saved." % (self.formatted_name()))
fields = {
"old_user" : escape_sql_string(self._orig_username) if self._orig_username else self._orig_username,
"old_host" : escape_sql_string(self._orig_host) if self._orig_host else self._orig_host,
"user" : escape_sql_string(self.username) or "NULL",
"host" : escape_sql_string(self.host) or "",
"password" : escape_sql_string(self.password or self._orig_password or ""),
"auth_plugin" : escape_sql_string(self.auth_plugin) if self.auth_plugin else None,
"auth_string" : escape_sql_string(self.auth_string) if self.auth_string else None
}
if self.is_commited:
assert self._orig_username is not None and self._orig_host is not None
assignments = []
for priv in self._owner.global_privilege_names:
if priv in self._global_privs:
assignments.append("%s='%s'" % (priv, 'Y'))
else:
assignments.append("%s='%s'" % (priv, 'N'))
for limit in ["max_questions", "max_updates", "max_connections"] + (self._owner.has_max_user_connections and ["max_user_connections"] or []):
assignments.append("%s='%s'" % (limit, getattr(self, limit)))
if self._orig_username != self.username:
assignments.append("User='******'"%escape_sql_string(self.username))
if self.auth_plugin:
if self._orig_auth_string != self.auth_string:
assignments.append("authentication_string='%s'" % escape_sql_string(self.auth_string))
else:
if self._orig_host != self.host:
assignments.append("Host='%s'"%escape_sql_string(self.host))
if self.password:
assignments.append("Password=password('%s')"%escape_sql_string(self.password))
fields["assignments"] = ", ".join(assignments)
query = UPDATE_ACCOUNT_QUERY % fields
try:
self._owner.ctrl_be.exec_sql(query)
except QueryError, e:
if e.error == 1142:
raise PermissionDeniedError("Error updating account %s@%s: Insufficient rights to perform operation" % (self.username, self.host) )
else:
raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e) )
except Exception, e:
raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e) )
def revoke_all(self):
command = REVOKE_ALL % {"user":escape_sql_string(self.username),"host":self.host}
self._owner.ctrl_be.exec_sql(command)
result = modules.DbMySQLQuery.executeQuery(self._owner._connection, query)
if result < 0:
raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError())
try:
is_privs = []
while modules.DbMySQLQuery.resultNextRow(result):
table = result.stringByName("Table_name")
table_privs = result.stringByName("Table_priv")
is_privs.append((table, table_priv and table_privs.split(",") or []))
finally:
modules.DbMySQLQuery.closeResult(result)
"""
# privs from mysql tables
query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying mysql table: %s" % e)
mysql_privs = {}
while result.nextRow():
table = result.stringByName("Table_name")
table_privs = result.stringByName("Table_priv")
mysql_privs[table] = table_privs and table_privs.split(",") or []
# interpret the privileges
for name, (db, tables, required_privs, grant, revoke) in AdminAttributes.items():
if db == "mysql":
ok = True
result = modules.DbMySQLQuery.executeQuery(self._owner._connection, query)
if result < 0:
raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError())
try:
is_privs = []
while modules.DbMySQLQuery.resultNextRow(result):
table = result.stringByName("Table_name")
table_privs = result.stringByName("Table_priv")
is_privs.append((table, table_priv and table_privs.split(",") or []))
finally:
modules.DbMySQLQuery.closeResult(result)
"""
# privs from mysql tables
query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
try:
result = self._owner.ctrl_be.exec_query(query)
except Exception, e:
raise Exception("Error querying mysql table: %s" % e)
mysql_privs = {}
while result.nextRow():
table = result.stringByName("Table_name")
table_privs = result.stringByName("Table_priv")
mysql_privs[table] = table_privs and table_privs.split(",") or []
# interpret the privileges
for name, (db, tables, required_privs, grant, revoke) in AdminAttributes.items():
if db == "mysql":
ok = True
