def get_grants_for_object(self, qualified_obj_name, obj_type_str, global_privs=False): """ Retrieves the list of grants that the current user has that that have effect over a given object. qualified_obj_name[in] String with the qualified name of the object. obj_type_str[in] String with the type of the object that we are working with, must be one of 'ROUTINE', 'TABLE' or 'DATABASE'. global_privs[in] If True, the wildcard'%' host privileges are also taken into account This method takes the MySQL privilege hierarchy into account, e.g, if the qualified object is a table, it returns all the grant statements for this user regarding that table, as well as the grant statements for this user regarding the db where the table is at and finally any global grants that the user might have. Returns a list of strings with the grant statements. """ grant_stm_lst = self.get_grants(global_privs) obj_name_regexp = re.compile(REGEXP_QUALIFIED_OBJ_NAME) m_obj = obj_name_regexp.match(qualified_obj_name) grants = [] if not m_obj: raise UtilError("Cannot parse the specified qualified name " "'{0}'".format(qualified_obj_name)) else: db_name, obj_name = m_obj.groups() # Quote database and object name if necessary if not is_quoted_with_backticks(db_name): db_name = quote_with_backticks(db_name) if obj_name and obj_name != '*': if not is_quoted_with_backticks(obj_name): obj_name = quote_with_backticks(obj_name) # For each grant statement look for the ones that apply to this # user and object for grant_stm in grant_stm_lst: grant_tpl = self._parse_grant_statement(grant_stm[0]) if grant_tpl: # Check if any of the privileges applies to this object # and if it does then check if it inherited from this # statement if filter_grants(grant_tpl.privileges, obj_type_str): # Add global grants if grant_tpl.db == '*': grants.append(grant_stm[0]) continue # Add database level grants if grant_tpl.db == db_name and grant_tpl.object == '*': grants.append(grant_stm[0]) continue # If it is an object, add existing object level grants # as well. if obj_name: if (grant_tpl.db == db_name and grant_tpl.object == obj_name): grants.append(grant_stm[0]) return grants
def check_grants(server_cnx_val, options, dict_of_objects): """Show list of privileges over a set of objects This function creates a GrantShow object which shows the list of users with (the optionally specified list of ) privileges over the specified set of objects. server_cnx_val[in] Dictionary with the connection values to the server. options[in] Dictionary of options (verbosity, privileges, show_mode). list_of_objects[in] Dictionary of objects (set of databases, tables and procedures) by database to check. """ # Create server connection: server = connect_servers(server_cnx_val, None, options)[0] # Check user permissions to consult the grant information. _check_privileges(server) # Validate the dict of objects against our server. valid_dict_of_objects = validate_obj_type_dict(server, dict_of_objects) # Get optional list of required privileges req_privs = set(options['privileges']) if options['privileges'] else None # If we specify some privileges that are not valid for all the objects # print warning message stating that some will be ignored. if req_privs: for obj_type in valid_dict_of_objects: # get list of privileges that applies to the object type filtered_req_privs = filter_grants(req_privs, obj_type) # if the size of the set is different that means that some of the # privileges cannot be applied to this object type, print warning if len(filtered_req_privs) != len(req_privs): if obj_type.upper() == DATABASE_TYPE: obj_lst = [obj_tpl[0] for obj_tpl in valid_dict_of_objects[obj_type]] else: obj_lst = [".".join(obj_tpl) for obj_tpl in valid_dict_of_objects[obj_type]] obj_lst_str = join_and_build_str(obj_lst) missing_privs = sorted(req_privs - filtered_req_privs) priv_str = join_and_build_str(missing_privs) verb = "do" if len(missing_privs) > 1 else "does" print("# WARNING: {0} {1} not apply to {2}s " "and will be ignored for: {3}.".format( priv_str, verb, obj_type.lower(), obj_lst_str)) # get the grantee information dictionary grantee_info_dict = get_grantees(server, valid_dict_of_objects, req_privileges=req_privs) # Print the information obj_type_lst = [DATABASE_TYPE, TABLE_TYPE, ROUTINE_TYPE] for obj_type in obj_type_lst: if obj_type in grantee_info_dict: # Sort by object name for obj_name in sorted(grantee_info_dict[obj_type]): print("\n# {0} {1}:".format(obj_type, obj_name)) if options['show_mode'] == 'users': # Sort by grantee name output_str = ", ".join( sorted(grantee_info_dict[obj_type][obj_name].keys())) print("# - {0}".format(output_str)) elif options['show_mode'] == 'user_grants': # Sort by grantee name for grantee, priv_set in sorted( grantee_info_dict[obj_type][obj_name].iteritems()): # print privileges sorted by name print("# - {0} : {1}".format( grantee, ", ".join(sorted(priv_set)))) else: # raw mode # Sort by grantee name for grantee in sorted( grantee_info_dict[obj_type][obj_name].keys()): user = User(server, grantee) grant_stms = sorted( user.get_grants_for_object(obj_name, obj_type)) if grant_stms: print("# - For {0}".format(grantee)) for grant_stm in grant_stms: print("{0}".format(grant_stm))