MySQL re-granting

diff --git a/configDefault/mysql.cfg b/configDefault/mysql.cfg
index e7083e8..310d7fa 100644 (file)
--- a/configDefault/mysql.cfg
+++ b/configDefault/mysql.cfg
@@ -4,5 +4,6 @@ val adduser = "/usr/bin/sudo /usr/local/sbin/domtool-mysql adduser "
 val passwd = "/usr/bin/sudo /usr/local/sbin/domtool-mysql passwd "
 val createdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql createdb "
 val dropdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql dropdb "
 val passwd = "/usr/bin/sudo /usr/local/sbin/domtool-mysql passwd "
 val createdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql createdb "
 val dropdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql dropdb "

+val grant = "/usr/bin/sudo /usr/local/sbin/domtool-mysql grant "

 
 end
 
 end

diff --git a/configDefault/mysql.csg b/configDefault/mysql.csg
index 71bf9dd..7d61caa 100644 (file)
--- a/configDefault/mysql.csg
+++ b/configDefault/mysql.csg
@@ -4,5 +4,6 @@ val adduser : string
 val passwd : string
 val createdb : string
 val dropdb : string
 val passwd : string
 val createdb : string
 val dropdb : string

+val grant : string

 
 end
 
 end

diff --git a/src/dbms.sig b/src/dbms.sig
index b600d9d..ab6772e 100644 (file)
--- a/src/dbms.sig
+++ b/src/dbms.sig
@@ -26,7 +26,8 @@ signature DBMS = sig
                    adduser : {user : string, passwd : string option} -> string option,
                    passwd : {user : string, passwd : string} -> string option,
                    createdb : {user : string, dbname : string} -> string option,
                    adduser : {user : string, passwd : string option} -> string option,
                    passwd : {user : string, passwd : string} -> string option,
                    createdb : {user : string, dbname : string} -> string option,

-                   dropdb : {user : string, dbname : string} -> string option}
+                   dropdb : {user : string, dbname : string} -> string option,
+                   grant : {user : string, dbname : string} -> string option}

 
     val register : string * handler -> unit
     val lookup : string -> handler option
 
     val register : string * handler -> unit
     val lookup : string -> handler option

diff --git a/src/dbms.sml b/src/dbms.sml
index cc00d04..0b40b26 100644 (file)
--- a/src/dbms.sml
+++ b/src/dbms.sml
@@ -28,7 +28,8 @@ type handler = {getpass : (unit -> Client.passwd_result) option,
                adduser : {user : string, passwd : string option} -> string option,
                passwd : {user : string, passwd : string} -> string option,
                createdb : {user : string, dbname : string} -> string option,
                adduser : {user : string, passwd : string option} -> string option,
                passwd : {user : string, passwd : string} -> string option,
                createdb : {user : string, dbname : string} -> string option,

-               dropdb : {user : string, dbname : string} -> string option}
+               dropdb : {user : string, dbname : string} -> string option,
+               grant : {user : string, dbname : string} -> string option}

               
 val dbmses : handler StringMap.map ref = ref StringMap.empty
                  
               
 val dbmses : handler StringMap.map ref = ref StringMap.empty
                  

diff --git a/src/main-dbtool.sml b/src/main-dbtool.sml
index f969c76..7bf0fec 100644 (file)
--- a/src/main-dbtool.sml
+++ b/src/main-dbtool.sml
@@ -63,4 +63,9 @@ val _ =
                    Main.requestDbDrop {dbtype = dbtype, dbname = dbname}
                else
                    print ("Invalid database name " ^ dbname ^ ".\n")
                    Main.requestDbDrop {dbtype = dbtype, dbname = dbname}
                else
                    print ("Invalid database name " ^ dbname ^ ".\n")

+             | ["grant", dbname] =>
+               if Dbms.validDbname dbname then
+                   Main.requestDbGrant {dbtype = dbtype, dbname = dbname}
+               else
+                   print ("Invalid database name " ^ dbname ^ ".\n")

              | _ => print "Invalid command-line arguments\n"
              | _ => print "Invalid command-line arguments\n"

diff --git a/src/main.sig b/src/main.sig
index 39c7810..97231f5 100644 (file)
--- a/src/main.sig
+++ b/src/main.sig
@@ -59,6 +59,7 @@ signature MAIN = sig
     val requestDbPasswd : {dbtype : string, passwd : string} -> unit
     val requestDbTable : {dbtype : string, dbname : string} -> unit
     val requestDbDrop : {dbtype : string, dbname : string} -> unit
     val requestDbPasswd : {dbtype : string, passwd : string} -> unit
     val requestDbTable : {dbtype : string, dbname : string} -> unit
     val requestDbDrop : {dbtype : string, dbname : string} -> unit

+    val requestDbGrant : {dbtype : string, dbname : string} -> unit

 
     val requestListMailboxes : string -> Vmail.listing
     val requestNewMailbox : {domain : string, user : string,
 
     val requestListMailboxes : string -> Vmail.listing
     val requestNewMailbox : {domain : string, user : string,

diff --git a/src/main.sml b/src/main.sml
index 7473fb6..3b54316 100644 (file)
--- a/src/main.sml
+++ b/src/main.sml
@@ -550,6 +550,21 @@ fun requestDbDrop p =
        OpenSSL.close bio
     end
 
        OpenSSL.close bio
     end
 

+fun requestDbGrant p =
+    let
+       val (user, bio) = requestBio (fn () => ())
+    in
+       Msg.send (bio, MsgGrantDb p);
+       case Msg.recv bio of
+           NONE => print "Server closed connection unexpectedly.\n"
+         | SOME m =>
+           case m of
+               MsgOk => print ("You've been granted all allowed privileges to database " ^ user ^ "_" ^ #dbname p ^ ".\n")
+             | MsgError s => print ("Grant failed: " ^ s ^ "\n")
+             | _ => print "Unexpected server reply.\n";
+       OpenSSL.close bio
+    end
+

 fun requestListMailboxes domain =
     let
        val (_, bio) = requestBio (fn () => ())
 fun requestListMailboxes domain =
     let
        val (_, bio) = requestBio (fn () => ())


@@ -1287,6 +1302,23 @@ fun service () =
                                               SOME ("Invalid database name " ^ dbname)))
                                      (fn () => ())
 
                                               SOME ("Invalid database name " ^ dbname)))
                                      (fn () => ())
 

+                              | MsgGrantDb {dbtype, dbname} =>
+                                doIt (fn () =>
+                                         if Dbms.validDbname dbname then
+                                             case Dbms.lookup dbtype of
+                                                 NONE => ("Database drop request with unknown datatype type " ^ dbtype,
+                                                          SOME ("Unknown database type " ^ dbtype))
+                                               | SOME handler =>
+                                                 case #grant handler {user = user, dbname = dbname} of
+                                                     NONE => ("Grant permissions to database " ^ user ^ "_" ^ dbname ^ ".",
+                                                              NONE)
+                                                   | SOME msg => ("Error granting permissions to database " ^ user ^ "_" ^ dbname ^ ": " ^ msg,
+                                                                  SOME ("Error granting permissions to database: " ^ msg))
+                                         else
+                                             ("Invalid database name " ^ user ^ "_" ^ dbname,
+                                              SOME ("Invalid database name " ^ dbname)))
+                                     (fn () => ())
+

                               | MsgListMailboxes domain =>
                                 doIt (fn () =>
                                          if not (Domain.yourDomain domain) then
                               | MsgListMailboxes domain =>
                                 doIt (fn () =>
                                          if not (Domain.yourDomain domain) then

diff --git a/src/msg.sml b/src/msg.sml
index bbaf24a..a8aea97 100644 (file)
--- a/src/msg.sml
+++ b/src/msg.sml
@@ -225,6 +225,9 @@ fun send (bio, m) =
       | MsgDropDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 36);
                                       OpenSSL.writeString (bio, dbtype);
                                       OpenSSL.writeString (bio, dbname))
       | MsgDropDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 36);
                                       OpenSSL.writeString (bio, dbtype);
                                       OpenSSL.writeString (bio, dbname))

+      | MsgGrantDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 37);
+                                       OpenSSL.writeString (bio, dbtype);
+                                       OpenSSL.writeString (bio, dbname))

 
 fun checkIt v =
     case v of
 
 fun checkIt v =
     case v of


@@ -330,6 +333,10 @@ fun recv bio =
                                (SOME dbtype, SOME dbname) =>
                                SOME (MsgDropDb {dbtype = dbtype, dbname = dbname})
                              | _ => NONE)
                                (SOME dbtype, SOME dbname) =>
                                SOME (MsgDropDb {dbtype = dbtype, dbname = dbname})
                              | _ => NONE)

+                  | 37 => (case (OpenSSL.readString bio, OpenSSL.readString bio) of
+                               (SOME dbtype, SOME dbname) =>
+                               SOME (MsgGrantDb {dbtype = dbtype, dbname = dbname})
+                             | _ => NONE)

                   | _ => NONE)
         
 end
                   | _ => NONE)
         
 end

diff --git a/src/msgTypes.sml b/src/msgTypes.sml
index 8f15ad7..1c2abcc 100644 (file)
--- a/src/msgTypes.sml
+++ b/src/msgTypes.sml
@@ -116,5 +116,7 @@ datatype msg =
        (* Answer to a QFirewall query *)
        | MsgRegenerateTc
        (* MsgRegenerate without actual publishing of configuration *)
        (* Answer to a QFirewall query *)
        | MsgRegenerateTc
        (* MsgRegenerate without actual publishing of configuration *)

+       | MsgGrantDb of {dbtype : string, dbname : string}
+       (* Grant all allowed privileges on a DBMS database to the user *)

 
 end
 
 end

diff --git a/src/plugins/domtool-mysql b/src/plugins/domtool-mysql
index 4f9c9ce..5d67086 100755 (executable)
--- a/src/plugins/domtool-mysql
+++ b/src/plugins/domtool-mysql
@@ -35,8 +35,8 @@ case $1 in
                chmod 770 $DIR/$DBNAME
                ln -sf $DIR/$DBNAME /var/lib/mysql/$DBNAME
                fs setacl -dir $DIR/$DBNAME/ -acl system:mysql all
                chmod 770 $DIR/$DBNAME
                ln -sf $DIR/$DBNAME /var/lib/mysql/$DBNAME
                fs setacl -dir $DIR/$DBNAME/ -acl system:mysql all

+               sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME

 
 

-               sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME

                sudo -H mysql -e "FLUSH PRIVILEGES;"
        ;;
 
                sudo -H mysql -e "FLUSH PRIVILEGES;"
        ;;
 


@@ -45,10 +45,18 @@ case $1 in
                DBNAME_BASE=$3
                DBNAME="${USERNAME}_${DBNAME_BASE}"
 
                DBNAME_BASE=$3
                DBNAME="${USERNAME}_${DBNAME_BASE}"
 

-               sudo -H mysql -e "DROP DATABASE $DBNAME";
+               sudo -H mysql -e "DROP DATABASE $DBNAME;"
+       ;;
+
+       grant)
+               USERNAME=$2
+               DBNAME_BASE=$3
+               DBNAME="${USERNAME}_${DBNAME_BASE}"
+
+               sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME

        ;;
 
        *)
        ;;
 
        *)

-               echo "Usage: domtool-mysql [adduser <user> <password> | passwd <user> <password> | createdb <user> <db> | dropdb <user> <db>]"
+               echo "Usage: domtool-mysql [adduser <user> <password> | passwd <user> <password> | createdb <user> <db> | dropdb <user> <db> | grant <user> <db>]"

        ;;
 esac
        ;;
 esac

diff --git a/src/plugins/mysql.sml b/src/plugins/mysql.sml
index 7f55e5f..5114e17 100644 (file)
--- a/src/plugins/mysql.sml
+++ b/src/plugins/mysql.sml
@@ -59,10 +59,17 @@ fun dropdb {user, dbname} =
     else
        SOME "Error executing DROP DATABASE script"
 
     else
        SOME "Error executing DROP DATABASE script"
 

+fun grant {user, dbname} =
+    if Slave.shell [Config.MySQL.grant, user, " ", dbname] then
+       NONE
+    else
+       SOME "Error executing GRANT script"
+

 val _ = Dbms.register ("mysql", {getpass = SOME Client.getpass,
                                 adduser = adduser,
                                 passwd = passwd,
                                 createdb = createdb,
 val _ = Dbms.register ("mysql", {getpass = SOME Client.getpass,
                                 adduser = adduser,
                                 passwd = passwd,
                                 createdb = createdb,

-                                dropdb = dropdb})
+                                dropdb = dropdb,
+                                grant = grant})

 
 end
 
 end

diff --git a/src/plugins/postgres.sml b/src/plugins/postgres.sml
index b92a5cf..09e3a07 100644 (file)
--- a/src/plugins/postgres.sml
+++ b/src/plugins/postgres.sml
@@ -44,6 +44,7 @@ val _ = Dbms.register ("postgres", {getpass = NONE,
                                    adduser = adduser,
                                    passwd = passwd,
                                    createdb = createdb,
                                    adduser = adduser,
                                    passwd = passwd,
                                    createdb = createdb,

-                                   dropdb = dropdb})
+                                   dropdb = dropdb,
+                                   grant = fn _ => SOME "You don't need to use GRANT for Postgres."})

 
 end
 
 end