Exemplo n.º 1
0
    def save(self):
        ##XXX begin transaction

        self._owner.ctrl_be.exec_sql(
            DELETE_SCHEMA_PRIV % {
                "user":
                escape_sql_string(self.username)
                if self.username else self.username
            })

        for entry in self.entries:
            fields = {
                "user": escape_sql_string(self.username),
                "host": entry.host,
                "db": entry.db
            }
            priv_names = []
            priv_values = []
            for priv in self._owner.schema_privilege_names:
                priv_names.append("%s" % priv)
                if priv in entry.privileges:
                    priv_values.append("'Y'")
                else:
                    priv_values.append("'N'")
                #priv_values.append("'Y'" if priv in entry.privileges else "'N'")
            fields["priv_names"] = ", ".join(priv_names)
            fields["priv_values"] = ", ".join(priv_values)
            self._owner.ctrl_be.exec_sql(INSERT_SCHEMA_PRIV % fields)

        ##XXX commit transaction

        self._owner.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
Exemplo n.º 2
0
 def load(self, username, hostname):
     self.is_commited = True
     # Basic stuff from User table
     query = GET_ACCOUNT_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
     try:
         result = self._owner.ctrl_be.exec_query(query)
     except Exception, e:
         raise Exception("Error querying security information: %s" % e)
Exemplo n.º 3
0
 def load(self, username, hostname):
     self.is_commited = True
     # Basic stuff from User table
     query = GET_ACCOUNT_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
     try:
         result = self._owner.ctrl_be.exec_query(query)
     except Exception, e:
         raise Exception("Error querying security information: %s" % e)
Exemplo n.º 4
0
    def delete_account(self, acct):
        if acct.is_commited:
            query = REMOVE_USER % {"user":escape_sql_string(acct.username), "host":escape_sql_string(acct.host)}
            self.ctrl_be.exec_sql(query)

            self.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
    
        del self._account_info_cache[acct.username+"@"+acct.host]
        self._accounts.remove((acct.username, acct.host))
Exemplo n.º 5
0
 def load(self, username):
     # Schema privileges from Db table
     query = GET_ACCOUNT_SCHEMA_PRIVS_QUERY % {"user": escape_sql_string(username)}
     try:
         result = self._owner.ctrl_be.exec_query(query)
     except Exception, e:
         raise Exception("Error querying security information: %s" % e)
Exemplo n.º 6
0
 def load(self, username):
     # Schema privileges from Db table
     query = GET_ACCOUNT_SCHEMA_PRIVS_QUERY % {"user": escape_sql_string(username)}
     try:
         result = self._owner.ctrl_be.exec_query(query)
     except Exception, e:
         raise Exception("Error querying security information: %s" % e)
Exemplo n.º 7
0
    def save(self):
        ##XXX begin transaction

        self._owner.ctrl_be.exec_sql(DELETE_SCHEMA_PRIV % {"user":escape_sql_string(self.username) if self.username else self.username})

        for entry in self.entries:
            fields = {"user":escape_sql_string(self.username), "host":entry.host, "db":entry.db}
            priv_names = []
            priv_values = []
            for priv in self._owner.schema_privilege_names:
                priv_names.append("%s" % priv)
                if priv in entry.privileges:
                    priv_values.append("'Y'")
                else:
                    priv_values.append("'N'")
                #priv_values.append("'Y'" if priv in entry.privileges else "'N'")
            fields["priv_names"] = ", ".join(priv_names)
            fields["priv_values"] = ", ".join(priv_values)
            self._owner.ctrl_be.exec_sql(INSERT_SCHEMA_PRIV % fields)

        ##XXX commit transaction

        self._owner.ctrl_be.exec_sql(FLUSH_PRIVILEGES)
Exemplo n.º 8
0
    def save(self):
        if self.password != self.confirm_password:
            raise WBSecurityValidationError(
                "The new password and its confirmation don't match. Please re-enter them."
            )

        #if not self.username:
        #    raise WBSecurityValidationError("Username must not be blank")

        if not self.host:
            raise WBSecurityValidationError("Host name must not be blank")

        # check if username + host is duplicated
        if self.is_commited and (self.username != self._orig_username
                                 or self.host != self._orig_host):
            if (self.username, self.host) in self._owner.account_names:
                raise WBSecurityValidationError(
                    "The '%s' account already exists and cannot be saved." %
                    (self.formatted_name()))
        elif not self.is_commited:
            if self._owner.account_names.count((self.username, self.host)) > 1:
                raise WBSecurityValidationError(
                    "The '%s' account already exists and cannot be saved." %
                    (self.formatted_name()))

        fields = {
            "old_user":
            escape_sql_string(self._orig_username)
            if self._orig_username else self._orig_username,
            "old_host":
            escape_sql_string(self._orig_host)
            if self._orig_host else self._orig_host,
            "user":
            escape_sql_string(self.username) or "NULL",
            "host":
            escape_sql_string(self.host) or "",
            "password":
            escape_sql_string(self.password or self._orig_password or ""),
            "auth_plugin":
            escape_sql_string(self.auth_plugin) if self.auth_plugin else None,
            "auth_string":
            escape_sql_string(self.auth_string) if self.auth_string else None
        }

        if self.is_commited:
            assert self._orig_username is not None and self._orig_host is not None
            assignments = []
            for priv in self._owner.global_privilege_names:
                if priv in self._global_privs:
                    assignments.append("%s='%s'" % (priv, 'Y'))
                else:
                    assignments.append("%s='%s'" % (priv, 'N'))

            for limit in ["max_questions", "max_updates", "max_connections"
                          ] + (self._owner.has_max_user_connections
                               and ["max_user_connections"] or []):
                assignments.append("%s='%s'" % (limit, getattr(self, limit)))

            if self._orig_username != self.username:
                assignments.append("User='******'" %
                                   escape_sql_string(self.username))
            if self.auth_plugin:
                if self._orig_auth_string != self.auth_string:
                    assignments.append("authentication_string='%s'" %
                                       escape_sql_string(self.auth_string))
            else:
                if self._orig_host != self.host:
                    assignments.append("Host='%s'" %
                                       escape_sql_string(self.host))
                if self.password:
                    assignments.append("Password=password('%s')" %
                                       escape_sql_string(self.password))

            fields["assignments"] = ", ".join(assignments)

            query = UPDATE_ACCOUNT_QUERY % fields

            try:
                self._owner.ctrl_be.exec_sql(query)
            except QueryError, e:
                if e.error == 1142:
                    raise PermissionDeniedError(
                        "Error updating account %s@%s: Insufficient rights to perform operation"
                        % (self.username, self.host))
                else:
                    raise Exception("Error updating account %s@%s: %s" %
                                    (self.username, self.host, e))
            except Exception, e:
                raise Exception("Error updating account %s@%s: %s" %
                                (self.username, self.host, e))
Exemplo n.º 9
0
 def revoke_all(self):
     command = REVOKE_ALL % {
         "user": escape_sql_string(self.username),
         "host": self.host
     }
     self._owner.ctrl_be.exec_sql(command)
Exemplo n.º 10
0
        if result < 0:
            raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError())

        try:
            is_privs = []
            while modules.DbMySQLQuery.resultNextRow(result):
                table = result.stringByName("Table_name")
                table_privs = result.stringByName("Table_priv")
                is_privs.append((table, table_priv and table_privs.split(",") or []))
        finally:
            modules.DbMySQLQuery.closeResult(result)
        """

        # privs from mysql tables
        query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {
            "user": escape_sql_string(username),
            "host": escape_sql_string(hostname)
        }
        try:
            result = self._owner.ctrl_be.exec_query(query)
        except Exception, e:
            raise Exception("Error querying mysql table: %s" % e)

        mysql_privs = {}
        while result.nextRow():
            table = result.stringByName("Table_name")
            table_privs = result.stringByName("Table_priv")
            mysql_privs[table] = table_privs and table_privs.split(",") or []

        # interpret the privileges
        for name, (db, tables, required_privs, grant,
Exemplo n.º 11
0
    def save(self):
        if self.password != self.confirm_password:
            raise WBSecurityValidationError("The new password and its confirmation don't match. Please re-enter them.")

        #if not self.username:
        #    raise WBSecurityValidationError("Username must not be blank")

        if not self.host:
            raise WBSecurityValidationError("Host name must not be blank")

        # check if username + host is duplicated
        if self.is_commited and (self.username != self._orig_username or self.host != self._orig_host):
            if (self.username, self.host) in self._owner.account_names:
                raise WBSecurityValidationError("The '%s' account already exists and cannot be saved." % (self.formatted_name()))
        elif not self.is_commited:
            if self._owner.account_names.count((self.username, self.host)) > 1:
                raise WBSecurityValidationError("The '%s' account already exists and cannot be saved." % (self.formatted_name()))

        fields = {
            "old_user" : escape_sql_string(self._orig_username) if self._orig_username else self._orig_username,
            "old_host" : escape_sql_string(self._orig_host) if self._orig_host else self._orig_host,
            "user" : escape_sql_string(self.username) or "NULL",
            "host" : escape_sql_string(self.host) or "",
            "password" : escape_sql_string(self.password or self._orig_password or ""),
            "auth_plugin" : escape_sql_string(self.auth_plugin) if self.auth_plugin else None,
            "auth_string" : escape_sql_string(self.auth_string) if self.auth_string else None
        }

        if self.is_commited:
            assert self._orig_username is not None and self._orig_host is not None
            assignments = []
            for priv in self._owner.global_privilege_names:
                if priv in self._global_privs:
                    assignments.append("%s='%s'" % (priv, 'Y'))
                else:
                    assignments.append("%s='%s'" % (priv, 'N'))

            for limit in ["max_questions", "max_updates", "max_connections"] + (self._owner.has_max_user_connections and ["max_user_connections"] or []):
                assignments.append("%s='%s'" % (limit, getattr(self, limit)))

            if self._orig_username != self.username:
                assignments.append("User='******'"%escape_sql_string(self.username))
            if self.auth_plugin:
                if self._orig_auth_string != self.auth_string:
                    assignments.append("authentication_string='%s'" % escape_sql_string(self.auth_string))
            else:
                if self._orig_host != self.host:
                    assignments.append("Host='%s'"%escape_sql_string(self.host))
                if self.password:
                    assignments.append("Password=password('%s')"%escape_sql_string(self.password))

            fields["assignments"] = ", ".join(assignments)

            query = UPDATE_ACCOUNT_QUERY % fields

            try:
                self._owner.ctrl_be.exec_sql(query)
            except QueryError, e:
                if e.error == 1142:
                    raise PermissionDeniedError("Error updating account %s@%s: Insufficient rights to perform operation" % (self.username, self.host) )
                else:
                    raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e) )
            except Exception, e:
                raise Exception("Error updating account %s@%s: %s" % (self.username, self.host, e) )
Exemplo n.º 12
0
 def revoke_all(self):
     command = REVOKE_ALL % {"user":escape_sql_string(self.username),"host":self.host}
     self._owner.ctrl_be.exec_sql(command)
Exemplo n.º 13
0
        result = modules.DbMySQLQuery.executeQuery(self._owner._connection, query)
        if result < 0:
            raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError())

        try:
            is_privs = []
            while modules.DbMySQLQuery.resultNextRow(result):
                table = result.stringByName("Table_name")
                table_privs = result.stringByName("Table_priv")
                is_privs.append((table, table_priv and table_privs.split(",") or []))
        finally:
            modules.DbMySQLQuery.closeResult(result)
        """

        # privs from mysql tables
        query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
        try:
            result = self._owner.ctrl_be.exec_query(query)
        except Exception, e:
            raise Exception("Error querying mysql table: %s" % e)

        mysql_privs = {}
        while result.nextRow():
            table = result.stringByName("Table_name")
            table_privs = result.stringByName("Table_priv")
            mysql_privs[table] = table_privs and table_privs.split(",") or []

        # interpret the privileges
        for name, (db, tables, required_privs, grant, revoke) in AdminAttributes.items():
            if db == "mysql":
                ok = True
Exemplo n.º 14
0
        result = modules.DbMySQLQuery.executeQuery(self._owner._connection, query)
        if result < 0:
            raise Exception("Error querying information_schema table: "+modules.DbMySQLQuery.lastError())

        try:
            is_privs = []
            while modules.DbMySQLQuery.resultNextRow(result):
                table = result.stringByName("Table_name")
                table_privs = result.stringByName("Table_priv")
                is_privs.append((table, table_priv and table_privs.split(",") or []))
        finally:
            modules.DbMySQLQuery.closeResult(result)
        """

        # privs from mysql tables
        query = GET_ACCOUNT_MYSQL_TABLE_PRIVS_QUERY % {"user":escape_sql_string(username),"host":escape_sql_string(hostname)}
        try:
            result = self._owner.ctrl_be.exec_query(query)
        except Exception, e:
            raise Exception("Error querying mysql table: %s" % e)

        mysql_privs = {}
        while result.nextRow():
            table = result.stringByName("Table_name")
            table_privs = result.stringByName("Table_priv")
            mysql_privs[table] = table_privs and table_privs.split(",") or []

        # interpret the privileges
        for name, (db, tables, required_privs, grant, revoke) in AdminAttributes.items():
            if db == "mysql":
                ok = True