From: Adam Chlipala Date: Mon, 2 Jul 2007 16:14:43 +0000 (+0000) Subject: MySQL re-granting X-Git-Tag: release_2010-11-19~182 X-Git-Url: https://git.hcoop.net/hcoop/domtool2.git/commitdiff_plain/99cc41443c07f97535eaeecc628d99075ca2cebf MySQL re-granting --- diff --git a/configDefault/mysql.cfg b/configDefault/mysql.cfg index e7083e8..310d7fa 100644 --- a/configDefault/mysql.cfg +++ b/configDefault/mysql.cfg @@ -4,5 +4,6 @@ val adduser = "/usr/bin/sudo /usr/local/sbin/domtool-mysql adduser " val passwd = "/usr/bin/sudo /usr/local/sbin/domtool-mysql passwd " val createdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql createdb " val dropdb = "/usr/bin/sudo /usr/local/sbin/domtool-mysql dropdb " +val grant = "/usr/bin/sudo /usr/local/sbin/domtool-mysql grant " end diff --git a/configDefault/mysql.csg b/configDefault/mysql.csg index 71bf9dd..7d61caa 100644 --- a/configDefault/mysql.csg +++ b/configDefault/mysql.csg @@ -4,5 +4,6 @@ val adduser : string val passwd : string val createdb : string val dropdb : string +val grant : string end diff --git a/src/dbms.sig b/src/dbms.sig index b600d9d..ab6772e 100644 --- a/src/dbms.sig +++ b/src/dbms.sig @@ -26,7 +26,8 @@ signature DBMS = sig adduser : {user : string, passwd : string option} -> string option, passwd : {user : string, passwd : string} -> string option, createdb : {user : string, dbname : string} -> string option, - dropdb : {user : string, dbname : string} -> string option} + dropdb : {user : string, dbname : string} -> string option, + grant : {user : string, dbname : string} -> string option} val register : string * handler -> unit val lookup : string -> handler option diff --git a/src/dbms.sml b/src/dbms.sml index cc00d04..0b40b26 100644 --- a/src/dbms.sml +++ b/src/dbms.sml @@ -28,7 +28,8 @@ type handler = {getpass : (unit -> Client.passwd_result) option, adduser : {user : string, passwd : string option} -> string option, passwd : {user : string, passwd : string} -> string option, createdb : {user : string, dbname : string} -> string option, - dropdb : {user : string, dbname : string} -> string option} + dropdb : {user : string, dbname : string} -> string option, + grant : {user : string, dbname : string} -> string option} val dbmses : handler StringMap.map ref = ref StringMap.empty diff --git a/src/main-dbtool.sml b/src/main-dbtool.sml index f969c76..7bf0fec 100644 --- a/src/main-dbtool.sml +++ b/src/main-dbtool.sml @@ -63,4 +63,9 @@ val _ = Main.requestDbDrop {dbtype = dbtype, dbname = dbname} else print ("Invalid database name " ^ dbname ^ ".\n") + | ["grant", dbname] => + if Dbms.validDbname dbname then + Main.requestDbGrant {dbtype = dbtype, dbname = dbname} + else + print ("Invalid database name " ^ dbname ^ ".\n") | _ => print "Invalid command-line arguments\n" diff --git a/src/main.sig b/src/main.sig index 39c7810..97231f5 100644 --- a/src/main.sig +++ b/src/main.sig @@ -59,6 +59,7 @@ signature MAIN = sig val requestDbPasswd : {dbtype : string, passwd : string} -> unit val requestDbTable : {dbtype : string, dbname : string} -> unit val requestDbDrop : {dbtype : string, dbname : string} -> unit + val requestDbGrant : {dbtype : string, dbname : string} -> unit val requestListMailboxes : string -> Vmail.listing val requestNewMailbox : {domain : string, user : string, diff --git a/src/main.sml b/src/main.sml index 7473fb6..3b54316 100644 --- a/src/main.sml +++ b/src/main.sml @@ -550,6 +550,21 @@ fun requestDbDrop p = OpenSSL.close bio end +fun requestDbGrant p = + let + val (user, bio) = requestBio (fn () => ()) + in + Msg.send (bio, MsgGrantDb p); + case Msg.recv bio of + NONE => print "Server closed connection unexpectedly.\n" + | SOME m => + case m of + MsgOk => print ("You've been granted all allowed privileges to database " ^ user ^ "_" ^ #dbname p ^ ".\n") + | MsgError s => print ("Grant failed: " ^ s ^ "\n") + | _ => print "Unexpected server reply.\n"; + OpenSSL.close bio + end + fun requestListMailboxes domain = let val (_, bio) = requestBio (fn () => ()) @@ -1287,6 +1302,23 @@ fun service () = SOME ("Invalid database name " ^ dbname))) (fn () => ()) + | MsgGrantDb {dbtype, dbname} => + doIt (fn () => + if Dbms.validDbname dbname then + case Dbms.lookup dbtype of + NONE => ("Database drop request with unknown datatype type " ^ dbtype, + SOME ("Unknown database type " ^ dbtype)) + | SOME handler => + case #grant handler {user = user, dbname = dbname} of + NONE => ("Grant permissions to database " ^ user ^ "_" ^ dbname ^ ".", + NONE) + | SOME msg => ("Error granting permissions to database " ^ user ^ "_" ^ dbname ^ ": " ^ msg, + SOME ("Error granting permissions to database: " ^ msg)) + else + ("Invalid database name " ^ user ^ "_" ^ dbname, + SOME ("Invalid database name " ^ dbname))) + (fn () => ()) + | MsgListMailboxes domain => doIt (fn () => if not (Domain.yourDomain domain) then diff --git a/src/msg.sml b/src/msg.sml index bbaf24a..a8aea97 100644 --- a/src/msg.sml +++ b/src/msg.sml @@ -225,6 +225,9 @@ fun send (bio, m) = | MsgDropDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 36); OpenSSL.writeString (bio, dbtype); OpenSSL.writeString (bio, dbname)) + | MsgGrantDb {dbtype, dbname} => (OpenSSL.writeInt (bio, 37); + OpenSSL.writeString (bio, dbtype); + OpenSSL.writeString (bio, dbname)) fun checkIt v = case v of @@ -330,6 +333,10 @@ fun recv bio = (SOME dbtype, SOME dbname) => SOME (MsgDropDb {dbtype = dbtype, dbname = dbname}) | _ => NONE) + | 37 => (case (OpenSSL.readString bio, OpenSSL.readString bio) of + (SOME dbtype, SOME dbname) => + SOME (MsgGrantDb {dbtype = dbtype, dbname = dbname}) + | _ => NONE) | _ => NONE) end diff --git a/src/msgTypes.sml b/src/msgTypes.sml index 8f15ad7..1c2abcc 100644 --- a/src/msgTypes.sml +++ b/src/msgTypes.sml @@ -116,5 +116,7 @@ datatype msg = (* Answer to a QFirewall query *) | MsgRegenerateTc (* MsgRegenerate without actual publishing of configuration *) + | MsgGrantDb of {dbtype : string, dbname : string} + (* Grant all allowed privileges on a DBMS database to the user *) end diff --git a/src/plugins/domtool-mysql b/src/plugins/domtool-mysql index 4f9c9ce..5d67086 100755 --- a/src/plugins/domtool-mysql +++ b/src/plugins/domtool-mysql @@ -35,8 +35,8 @@ case $1 in chmod 770 $DIR/$DBNAME ln -sf $DIR/$DBNAME /var/lib/mysql/$DBNAME fs setacl -dir $DIR/$DBNAME/ -acl system:mysql all + sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME - sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME sudo -H mysql -e "FLUSH PRIVILEGES;" ;; @@ -45,10 +45,18 @@ case $1 in DBNAME_BASE=$3 DBNAME="${USERNAME}_${DBNAME_BASE}" - sudo -H mysql -e "DROP DATABASE $DBNAME"; + sudo -H mysql -e "DROP DATABASE $DBNAME;" + ;; + + grant) + USERNAME=$2 + DBNAME_BASE=$3 + DBNAME="${USERNAME}_${DBNAME_BASE}" + + sudo -H mysql -e "GRANT CREATE,SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE VIEW,SHOW VIEW,LOCK TABLES,GRANT OPTION ON TABLE * TO '$USERNAME'@$WHERE;" $DBNAME ;; *) - echo "Usage: domtool-mysql [adduser | passwd | createdb | dropdb ]" + echo "Usage: domtool-mysql [adduser | passwd | createdb | dropdb | grant ]" ;; esac diff --git a/src/plugins/mysql.sml b/src/plugins/mysql.sml index 7f55e5f..5114e17 100644 --- a/src/plugins/mysql.sml +++ b/src/plugins/mysql.sml @@ -59,10 +59,17 @@ fun dropdb {user, dbname} = else SOME "Error executing DROP DATABASE script" +fun grant {user, dbname} = + if Slave.shell [Config.MySQL.grant, user, " ", dbname] then + NONE + else + SOME "Error executing GRANT script" + val _ = Dbms.register ("mysql", {getpass = SOME Client.getpass, adduser = adduser, passwd = passwd, createdb = createdb, - dropdb = dropdb}) + dropdb = dropdb, + grant = grant}) end diff --git a/src/plugins/postgres.sml b/src/plugins/postgres.sml index b92a5cf..09e3a07 100644 --- a/src/plugins/postgres.sml +++ b/src/plugins/postgres.sml @@ -44,6 +44,7 @@ val _ = Dbms.register ("postgres", {getpass = NONE, adduser = adduser, passwd = passwd, createdb = createdb, - dropdb = dropdb}) + dropdb = dropdb, + grant = fn _ => SOME "You don't need to use GRANT for Postgres."}) end