val passwd = "/usr/bin/sudo /usr/local/sbin/domtool-mysql passwd "
val createdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql createdb "
val dropdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql dropdb "
+val grant = "/usr/bin/sudo /usr/local/sbin/domtool-mysql grant "
end
val passwd : string
val createdb : string
val dropdb : string
+val grant : string
end
adduser : {user : string, passwd : string option} -> string option,
passwd : {user : string, passwd : string} -> string option,
createdb : {user : string, dbname : string} -> string option,
- dropdb : {user : string, dbname : string} -> string option}
+ dropdb : {user : string, dbname : string} -> string option,
+ grant : {user : string, dbname : string} -> string option}
val register : string * handler -> unit
val lookup : string -> handler option
adduser : {user : string, passwd : string option} -> string option,
passwd : {user : string, passwd : string} -> string option,
createdb : {user : string, dbname : string} -> string option,
- dropdb : {user : string, dbname : string} -> string option}
+ dropdb : {user : string, dbname : string} -> string option,
+ grant : {user : string, dbname : string} -> string option}
val dbmses : handler StringMap.map ref = ref StringMap.empty
Main.requestDbDrop {dbtype = dbtype, dbname = dbname}
else
print ("Invalid database name " ^ dbname ^ ".\n")
+ | ["grant", dbname] =>
+ if Dbms.validDbname dbname then
+ Main.requestDbGrant {dbtype = dbtype, dbname = dbname}
+ else
+ print ("Invalid database name " ^ dbname ^ ".\n")
| _ => print "Invalid command-line arguments\n"
val requestDbPasswd : {dbtype : string, passwd : string} -> unit
val requestDbTable : {dbtype : string, dbname : string} -> unit
val requestDbDrop : {dbtype : string, dbname : string} -> unit
+ val requestDbGrant : {dbtype : string, dbname : string} -> unit
val requestListMailboxes : string -> Vmail.listing
val requestNewMailbox : {domain : string, user : string,
OpenSSL.close bio
end
+fun requestDbGrant p =
+ let
+ val (user, bio) = requestBio (fn () => ())
+ in
+ Msg.send (bio, MsgGrantDb p);
+ case Msg.recv bio of
+ NONE => print "Server closed connection unexpectedly.\n"
+ | SOME m =>
+ case m of
+ MsgOk => print ("You've been granted all allowed privileges to database " ^ user ^ "_" ^ #dbname p ^ ".\n")
+ | MsgError s => print ("Grant failed: " ^ s ^ "\n")
+ | _ => print "Unexpected server reply.\n";
+ OpenSSL.close bio
+ end
+
fun requestListMailboxes domain =
let
val (_, bio) = requestBio (fn () => ())
SOME ("Invalid database name " ^ dbname)))
(fn () => ())
+ | MsgGrantDb {dbtype, dbname} =>
+ doIt (fn () =>
+ if Dbms.validDbname dbname then
+ case Dbms.lookup dbtype of
+ NONE => ("Database drop request with unknown datatype type " ^ dbtype,
+ SOME ("Unknown database type " ^ dbtype))
+ | SOME handler =>
+ case #grant handler {user = user, dbname = dbname} of
+ NONE => ("Grant permissions to database " ^ user ^ "_" ^ dbname ^ ".",
+ NONE)
+ | SOME msg => ("Error granting permissions to database " ^ user ^ "_" ^ dbname ^ ": " ^ msg,
+ SOME ("Error granting permissions to database: " ^ msg))
+ else
+ ("Invalid database name " ^ user ^ "_" ^ dbname,
+ SOME ("Invalid database name " ^ dbname)))
+ (fn () => ())
+
| MsgListMailboxes domain =>
doIt (fn () =>
if not (Domain.yourDomain domain) then
| MsgDropDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 36);
OpenSSL.writeString (bio, dbtype);
OpenSSL.writeString (bio, dbname))
+ | MsgGrantDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 37);
+ OpenSSL.writeString (bio, dbtype);
+ OpenSSL.writeString (bio, dbname))
fun checkIt v =
case v of
(SOME dbtype, SOME dbname) =>
SOME (MsgDropDb {dbtype = dbtype, dbname = dbname})
| _ => NONE)
+ | 37 => (case (OpenSSL.readString bio, OpenSSL.readString bio) of
+ (SOME dbtype, SOME dbname) =>
+ SOME (MsgGrantDb {dbtype = dbtype, dbname = dbname})
+ | _ => NONE)
| _ => NONE)
end
(* Answer to a QFirewall query *)
| MsgRegenerateTc
(* MsgRegenerate without actual publishing of configuration *)
+ | MsgGrantDb of {dbtype : string, dbname : string}
+ (* Grant all allowed privileges on a DBMS database to the user *)
end
chmod 770 $DIR/$DBNAME
ln -sf $DIR/$DBNAME /var/lib/mysql/$DBNAME
fs setacl -dir $DIR/$DBNAME/ -acl system:mysql all
+ sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME
- sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME
sudo -H mysql -e "FLUSH PRIVILEGES;"
;;
DBNAME_BASE=$3
DBNAME="${USERNAME}_${DBNAME_BASE}"
- sudo -H mysql -e "DROP DATABASE $DBNAME";
+ sudo -H mysql -e "DROP DATABASE $DBNAME;"
+ ;;
+
+ grant)
+ USERNAME=$2
+ DBNAME_BASE=$3
+ DBNAME="${USERNAME}_${DBNAME_BASE}"
+
+ sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME
;;
*)
- echo "Usage: domtool-mysql [adduser <user> <password> | passwd <user> <password> | createdb <user> <db> | dropdb <user> <db>]"
+ echo "Usage: domtool-mysql [adduser <user> <password> | passwd <user> <password> | createdb <user> <db> | dropdb <user> <db> | grant <user> <db>]"
;;
esac
else
SOME "Error executing DROP DATABASE script"
+fun grant {user, dbname} =
+ if Slave.shell [Config.MySQL.grant, user, " ", dbname] then
+ NONE
+ else
+ SOME "Error executing GRANT script"
+
val _ = Dbms.register ("mysql", {getpass = SOME Client.getpass,
adduser = adduser,
passwd = passwd,
createdb = createdb,
- dropdb = dropdb})
+ dropdb = dropdb,
+ grant = grant})
end
adduser = adduser,
passwd = passwd,
createdb = createdb,
- dropdb = dropdb})
+ dropdb = dropdb,
+ grant = fn _ => SOME "You don't need to use GRANT for Postgres."})
end