def save(self): ##XXX begin transaction self._owner.ctrl_be.exec_sql( DELETE_SCHEMA_PRIV % { "user": escape_sql_string(self.username) if self.username else self.username }) for entry in self.entries: fields = { "user": escape_sql_string(self.username), "host": entry.host, "db": entry.db } priv_names = [] priv_values = [] for priv in self._owner.schema_privilege_names: priv_names.append("%s" % priv) if priv in entry.privileges: priv_values.append("'Y'") else: priv_values.append("'N'") #priv_values.append("'Y'" if priv in entry.privileges else "'N'") fields["priv_names"] = ", ".join(priv_names) fields["priv_values"] = ", ".join(priv_values) self._owner.ctrl_be.exec_sql(INSERT_SCHEMA_PRIV % fields) ##XXX commit transaction self._owner.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
def load(self, username, hostname): self.is_commited = True # Basic stuff from User table query = GET_ACCOUNT_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)} try: result = self._owner.ctrl_be.exec_query(query) except Exception, e: raise Exception("Error querying security information: %s" % e)
def delete_account(self, acct): if acct.is_commited: query = REMOVE_USER % {"user":escape_sql_string(acct.username), "host":escape_sql_string(acct.host)} self.ctrl_be.exec_sql(query) self.ctrl_be.exec_sql(FLUSH_PRIVILEGES) del self._account_info_cache[acct.username+"@"+acct.host] self._accounts.remove((acct.username, acct.host))
def load(self, username): # Schema privileges from Db table query = GET_ACCOUNT_SCHEMA_PRIVS_QUERY % {"user": escape_sql_string(username)} try: result = self._owner.ctrl_be.exec_query(query) except Exception, e: raise Exception("Error querying security information: %s" % e)
def save(self): ##XXX begin transaction self._owner.ctrl_be.exec_sql(DELETE_SCHEMA_PRIV % {"user":escape_sql_string(self.username) if self.username else self.username}) for entry in self.entries: fields = {"user":escape_sql_string(self.username), "host":entry.host, "db":entry.db} priv_names = [] priv_values = [] for priv in self._owner.schema_privilege_names: priv_names.append("%s" % priv) if priv in entry.privileges: priv_values.append("'Y'") else: priv_values.append("'N'") #priv_values.append("'Y'" if priv in entry.privileges else "'N'") fields["priv_names"] = ", ".join(priv_names) fields["priv_values"] = ", ".join(priv_values) self._owner.ctrl_be.exec_sql(INSERT_SCHEMA_PRIV % fields) ##XXX commit transaction self._owner.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
def save(self): if self.password != self.confirm_password: raise WBSecurityValidationError( "The new password and its confirmation don't match. Please re-enter them." ) #if not self.username: # raise WBSecurityValidationError("Username must not be blank") if not self.host: raise WBSecurityValidationError("Host name must not be blank") # check if username + host is duplicated if self.is_commited and (self.username != self._orig_username or self.host != self._orig_host): if (self.username, self.host) in self._owner.account_names: raise WBSecurityValidationError( "The '%s' account already exists and cannot be saved." % (self.formatted_name())) elif not self.is_commited: if self._owner.account_names.count((self.username, self.host)) > 1: raise WBSecurityValidationError( "The '%s' account already exists and cannot be saved." % (self.formatted_name())) fields = { "old_user": escape_sql_string(self._orig_username) if self._orig_username else self._orig_username, "old_host": escape_sql_string(self._orig_host) if self._orig_host else self._orig_host, "user": escape_sql_string(self.username) or "NULL", "host": escape_sql_string(self.host) or "", "password": escape_sql_string(self.password or self._orig_password or ""), "auth_plugin": escape_sql_string(self.auth_plugin) if self.auth_plugin else None, "auth_string": escape_sql_string(self.auth_string) if self.auth_string else None } if self.is_commited: assert self._orig_username is not None and self._orig_host is not None assignments = [] for priv in self._owner.global_privilege_names: if priv in self._global_privs: assignments.append("%s='%s'" % (priv, 'Y')) else: assignments.append("%s='%s'" % (priv, 'N')) for limit in ["max_questions", "max_updates", "max_connections" ] + (self._owner.has_max_user_connections and ["max_user_connections"] or []): assignments.append("%s='%s'" % (limit, getattr(self, limit))) if self._orig_username != self.username: assignments.append("User='******'" % escape_sql_string(self.username)) if self.auth_plugin: if self._orig_auth_string != self.auth_string: assignments.append("authentication_string='%s'" % escape_sql_string(self.auth_string)) else: if self._orig_host != self.host: assignments.append("Host='%s'" % escape_sql_string(self.host)) if self.password: assignments.append("Password=password('%s')" % escape_sql_string(self.password)) fields["assignments"] = ", ".join(assignments) query = UPDATE_ACCOUNT_QUERY % fields try: self._owner.ctrl_be.exec_sql(query) except QueryError, e: if e.error == 1142: raise PermissionDeniedError( "Error updating account %s@%s: Insufficient rights to perform operation" % (self.username, self.host)) else: raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e)) except Exception, e: raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e))
def revoke_all(self): command = REVOKE_ALL % { "user": escape_sql_string(self.username), "host": self.host } self._owner.ctrl_be.exec_sql(command)
if result < 0: raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError()) try: is_privs = [] while modules.DbMySQLQuery.resultNextRow(result): table = result.stringByName("Table_name") table_privs = result.stringByName("Table_priv") is_privs.append((table, table_priv and table_privs.split(",") or [])) finally: modules.DbMySQLQuery.closeResult(result) """ # privs from mysql tables query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % { "user": escape_sql_string(username), "host": escape_sql_string(hostname) } try: result = self._owner.ctrl_be.exec_query(query) except Exception, e: raise Exception("Error querying mysql table: %s" % e) mysql_privs = {} while result.nextRow(): table = result.stringByName("Table_name") table_privs = result.stringByName("Table_priv") mysql_privs[table] = table_privs and table_privs.split(",") or [] # interpret the privileges for name, (db, tables, required_privs, grant,
def save(self): if self.password != self.confirm_password: raise WBSecurityValidationError("The new password and its confirmation don't match. Please re-enter them.") #if not self.username: # raise WBSecurityValidationError("Username must not be blank") if not self.host: raise WBSecurityValidationError("Host name must not be blank") # check if username + host is duplicated if self.is_commited and (self.username != self._orig_username or self.host != self._orig_host): if (self.username, self.host) in self._owner.account_names: raise WBSecurityValidationError("The '%s' account already exists and cannot be saved." % (self.formatted_name())) elif not self.is_commited: if self._owner.account_names.count((self.username, self.host)) > 1: raise WBSecurityValidationError("The '%s' account already exists and cannot be saved." % (self.formatted_name())) fields = { "old_user" : escape_sql_string(self._orig_username) if self._orig_username else self._orig_username, "old_host" : escape_sql_string(self._orig_host) if self._orig_host else self._orig_host, "user" : escape_sql_string(self.username) or "NULL", "host" : escape_sql_string(self.host) or "", "password" : escape_sql_string(self.password or self._orig_password or ""), "auth_plugin" : escape_sql_string(self.auth_plugin) if self.auth_plugin else None, "auth_string" : escape_sql_string(self.auth_string) if self.auth_string else None } if self.is_commited: assert self._orig_username is not None and self._orig_host is not None assignments = [] for priv in self._owner.global_privilege_names: if priv in self._global_privs: assignments.append("%s='%s'" % (priv, 'Y')) else: assignments.append("%s='%s'" % (priv, 'N')) for limit in ["max_questions", "max_updates", "max_connections"] + (self._owner.has_max_user_connections and ["max_user_connections"] or []): assignments.append("%s='%s'" % (limit, getattr(self, limit))) if self._orig_username != self.username: assignments.append("User='******'"%escape_sql_string(self.username)) if self.auth_plugin: if self._orig_auth_string != self.auth_string: assignments.append("authentication_string='%s'" % escape_sql_string(self.auth_string)) else: if self._orig_host != self.host: assignments.append("Host='%s'"%escape_sql_string(self.host)) if self.password: assignments.append("Password=password('%s')"%escape_sql_string(self.password)) fields["assignments"] = ", ".join(assignments) query = UPDATE_ACCOUNT_QUERY % fields try: self._owner.ctrl_be.exec_sql(query) except QueryError, e: if e.error == 1142: raise PermissionDeniedError("Error updating account %s@%s: Insufficient rights to perform operation" % (self.username, self.host) ) else: raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e) ) except Exception, e: raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e) )
def revoke_all(self): command = REVOKE_ALL % {"user":escape_sql_string(self.username),"host":self.host} self._owner.ctrl_be.exec_sql(command)
result = modules.DbMySQLQuery.executeQuery(self._owner._connection, query) if result < 0: raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError()) try: is_privs = [] while modules.DbMySQLQuery.resultNextRow(result): table = result.stringByName("Table_name") table_privs = result.stringByName("Table_priv") is_privs.append((table, table_priv and table_privs.split(",") or [])) finally: modules.DbMySQLQuery.closeResult(result) """ # privs from mysql tables query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)} try: result = self._owner.ctrl_be.exec_query(query) except Exception, e: raise Exception("Error querying mysql table: %s" % e) mysql_privs = {} while result.nextRow(): table = result.stringByName("Table_name") table_privs = result.stringByName("Table_priv") mysql_privs[table] = table_privs and table_privs.split(",") or [] # interpret the privileges for name, (db, tables, required_privs, grant, revoke) in AdminAttributes.items(): if db == "mysql": ok = True