Exemplo n.º 1
0
            def _create_db_user_gran_priv_if_needed(con_fun, user, password,
                                                    db, priv, create):
                """
                Helping function to create db and user
                """
                if create:
                    log.info("Creating %s and user to access it" % (db, ))
                else:
                    log.info("Setting user to access %s" % (db, ))
                m_su_con, m_su_cur = con_fun(True, None)
                client_host = get_db_client_host(m_su_cur)

                if create:
                    _cursor_execute(
                        m_su_cur,
                        "CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8" %
                        (cv(db), ))

                create_user_if_not_exists(m_su_con,
                                          m_su_cur,
                                          user,
                                          password,
                                          client_host,
                                          dry_run=akrr.dry_run)
                _cursor_execute(
                    m_su_cur,
                    "GRANT " + cv(priv) + " ON " + cv(db) + ".* TO %s@%s",
                    (user, client_host))

                m_su_con.commit()
Exemplo n.º 2
0
    def test_db_check_priv(self):
        from akrr.util.sql import get_user_password_host_port
        from akrr.util.sql import get_db_client_host
        from akrr.util.sql import get_con_to_db
        from akrr.util.sql import db_check_priv
        from akrr.util.sql import cv
        from akrr.util.sql import create_user_if_not_exists

        su_user, \
        su_password, \
        db_host, \
        db_port = get_user_password_host_port(self.su_sql)

        su_con, su_cur = get_con_to_db(su_user, su_password, db_host, db_port)

        client_host = get_db_client_host(su_cur)

        # create user
        create_user_if_not_exists(su_con, su_cur, self.user1, self.password1,
                                  client_host)

        # check su rights
        self.assertEqual(db_check_priv(su_cur, "mysql", "ALL"), True)
        self.assertEqual(db_check_priv(su_cur, "dontexists", "ALL"), True)
        self.assertEqual(db_check_priv(su_cur, "mysql", "ALL", self.user1),
                         False)
        self.assertEqual(
            db_check_priv(su_cur, "dontexists", "ALL", self.user1), False)
        self.assertEqual(
            db_check_priv(su_cur, "mysql", "ALL", self.user1, client_host),
            False)
        self.assertEqual(
            db_check_priv(su_cur, "dontexists", "ALL", self.user1,
                          client_host), False)

        # connect as user
        _, cur = get_con_to_db(self.user1, self.password1, "localhost")
        self.assertEqual(
            db_check_priv(su_cur, "dontexists", "ALL", self.user1), False)

        # create db and give permission to user1
        su_cur.execute("CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8" %
                       (cv(self.db1), ))
        su_cur.execute("CREATE DATABASE IF NOT EXISTS %s CHARACTER SET utf8" %
                       (cv(self.db2), ))
        su_con.commit()

        su_cur.execute("GRANT ALL ON " + cv(self.db1) + ".* TO %s@%s",
                       (self.user1, client_host))
        su_cur.execute("GRANT SELECT ON " + cv(self.db2) + ".* TO %s@%s",
                       (self.user1, client_host))
        su_con.commit()

        # check rights as current regular user
        self.assertEqual(db_check_priv(cur, "mysql", "ALL"), False)
        self.assertEqual(db_check_priv(cur, self.db1, "ALL"), True)
        self.assertEqual(db_check_priv(cur, self.db1, "SELECT"), True)
        self.assertEqual(db_check_priv(cur, self.db2, "ALL"), False)
        self.assertEqual(db_check_priv(cur, self.db2, "SELECT"), True)