Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 oysteikt
|
f16239aceb
|
||
|
oysteikt
|
8f475eced1
|
||
|
oysteikt
|
6849e99c11
|
||
|
oysteikt
|
759df9ef42
|
||
|
oysteikt
|
a64d1fa1bf
|
@@ -1,5 +1,15 @@
|
||||
# Changelog
|
||||
|
||||
## v1.0.2
|
||||
|
||||
Patch release with an important bug fix
|
||||
|
||||
### Notable changes
|
||||
|
||||
- Run `FLUSH PRIVILEGES` on the server whenever users modify privileges.
|
||||
- You will have to grant `RELOAD` for the muscl admin user on all databases, see the [installation docs](./docs/installation.md) for details.
|
||||
- Bump dependencies
|
||||
|
||||
## v1.0.1
|
||||
|
||||
Patch release with some important bug fixes
|
||||
|
||||
Generated
+195
-418
File diff suppressed because it is too large
Load Diff
+9
-9
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "muscl"
|
||||
version = "1.0.1"
|
||||
version = "1.0.2"
|
||||
edition = "2024"
|
||||
resolver = "2"
|
||||
license = "BSD-3-Clause"
|
||||
@@ -23,7 +23,7 @@ async-bincode = "0.8.0"
|
||||
bincode = "2.0.1"
|
||||
clap = { version = "4.6.1", features = ["cargo", "derive"] }
|
||||
clap-verbosity-flag = { version = "3.0.4", features = [ "tracing" ] }
|
||||
clap_complete = { version = "4.6.3", features = ["unstable-dynamic"] }
|
||||
clap_complete = { version = "4.6.5", features = ["unstable-dynamic"] }
|
||||
color-print = "0.3.7"
|
||||
const_format = "0.2.36"
|
||||
derive_more = { version = "2.1.1", features = ["display", "error"] }
|
||||
@@ -32,32 +32,32 @@ futures-util = "0.3.32"
|
||||
humansize = "2.1.3"
|
||||
indoc = "2.0.7"
|
||||
itertools = "0.14.0"
|
||||
nix = { version = "0.31.2", features = ["fs", "process", "socket", "user"] }
|
||||
nix = { version = "0.31.3", features = ["fs", "process", "socket", "user"] }
|
||||
num_cpus = "1.17.0"
|
||||
prettytable = "0.10.0"
|
||||
rand = "0.10.1"
|
||||
serde = "1.0.228"
|
||||
serde_json = { version = "1.0.149", features = ["preserve_order"] }
|
||||
sqlx = { version = "0.8.6", features = ["runtime-tokio", "mysql", "tls-rustls"] }
|
||||
serde_json = { version = "1.0.150", features = ["preserve_order"] }
|
||||
sqlx = { version = "0.9.0", features = ["runtime-tokio", "mysql", "tls-rustls"] }
|
||||
thiserror = "2.0.18"
|
||||
tokio = { version = "1.52.1", features = ["rt-multi-thread", "macros", "signal"] }
|
||||
tokio = { version = "1.52.3", features = ["rt-multi-thread", "macros", "signal"] }
|
||||
tokio-serde = { version = "0.9.0", features = ["bincode"] }
|
||||
tokio-stream = "0.1.18"
|
||||
tokio-util = { version = "0.7.18", features = ["codec", "rt"] }
|
||||
toml = "1.1.2"
|
||||
tracing = { version = "0.1.44", features = ["log"] }
|
||||
tracing-subscriber = "0.3.23"
|
||||
uuid = { version = "1.23.1", features = ["v4"] }
|
||||
uuid = { version = "1.23.2", features = ["v4"] }
|
||||
|
||||
[target.'cfg(target_os = "linux")'.dependencies]
|
||||
landlock = "0.4.4"
|
||||
landlock = "0.4.5"
|
||||
sd-notify = "0.5.0"
|
||||
tracing-journald = "0.3.2"
|
||||
|
||||
[build-dependencies]
|
||||
anyhow = "1.0.102"
|
||||
build-info-build = "0.0.44"
|
||||
git2 = { version = "0.20.4", default-features = false }
|
||||
git2 = { version = "0.21.0", default-features = false }
|
||||
|
||||
[dev-dependencies]
|
||||
pretty_assertions = "1.4.1"
|
||||
|
||||
@@ -42,7 +42,7 @@ on the MySQL server as the admin user (or another user with sufficient privilege
|
||||
```sql
|
||||
CREATE USER `muscl`@`localhost` IDENTIFIED BY '<strong_password_here>';
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.* TO `muscl`@`localhost`;
|
||||
GRANT GRANT OPTION, CREATE, DROP ON *.* TO `muscl`@`localhost`;
|
||||
GRANT GRANT OPTION, CREATE, DROP, RELOAD ON *.* TO `muscl`@`localhost`;
|
||||
FLUSH PRIVILEGES;
|
||||
```
|
||||
|
||||
|
||||
Generated
+9
-9
@@ -2,11 +2,11 @@
|
||||
"nodes": {
|
||||
"crane": {
|
||||
"locked": {
|
||||
"lastModified": 1774313767,
|
||||
"narHash": "sha256-hy0XTQND6avzGEUFrJtYBBpFa/POiiaGBr2vpU6Y9tY=",
|
||||
"lastModified": 1780099841,
|
||||
"narHash": "sha256-EVZd2RsbpreRUDSi9rBwPY+ZxoyMaiEBbZxxhljbaS4=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "3d9df76e29656c679c744968b17fbaf28f0e923d",
|
||||
"rev": "0532eb17955225173906d671fb36306bdeb1e2dc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -17,11 +17,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1775036866,
|
||||
"narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=",
|
||||
"lastModified": 1779560665,
|
||||
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6201e203d09599479a3b3450ed24fa81537ebc4e",
|
||||
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@@ -45,11 +45,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1775099554,
|
||||
"narHash": "sha256-3xBsGnGDLOFtnPZ1D3j2LU19wpAlYefRKTlkv648rU0=",
|
||||
"lastModified": 1780110990,
|
||||
"narHash": "sha256-6QBThUi7SuK+dgA+DCaEkQGZN4kYx6DpXmK45+MG9zI=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "8d6387ed6d8e6e6672fd3ed4b61b59d44b124d99",
|
||||
"rev": "85570ef134d92a8702de6afd1f6f0209c863fa91",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@@ -52,7 +52,7 @@ declare -a OS_VARIANTS=(
|
||||
|
||||
for variant in "${OS_VARIANTS[@]}"; do
|
||||
echo "Downloading and uploading debs for variant: $variant"
|
||||
curl "https://git.pvv.ntnu.no/Projects/muscl/actions/runs/$RUN_NUMBER/artifacts/muscl-deb-$variant-$GIT_SHA.zip" --output "$TMPDIR/muscl-deb-$variant-$GIT_SHA.zip"
|
||||
curl "https://git.pvv.ntnu.no/Projects/muscl/actions/runs/$RUN_NUMBER/artifacts/muscl-deb-$variant-$GIT_SHA" --output "$TMPDIR/muscl-deb-$variant-$GIT_SHA.zip"
|
||||
|
||||
unzip "$TMPDIR/muscl-deb-$variant-$GIT_SHA.zip" -d "$TMPDIR/muscl-deb-$variant-$GIT_SHA"
|
||||
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
use std::collections::BTreeMap;
|
||||
|
||||
use sqlx::AssertSqlSafe;
|
||||
use sqlx::MySqlConnection;
|
||||
use sqlx::prelude::*;
|
||||
|
||||
@@ -125,12 +126,15 @@ pub async fn create_databases(
|
||||
_ => {}
|
||||
}
|
||||
|
||||
let result =
|
||||
sqlx::query(format!("CREATE DATABASE {}", quote_identifier(&database_name)).as_str())
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| CreateDatabaseError::MySqlError(err.to_string()));
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"CREATE DATABASE {}",
|
||||
quote_identifier(&database_name)
|
||||
));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| CreateDatabaseError::MySqlError(err.to_string()));
|
||||
|
||||
if let Err(err) = &result {
|
||||
tracing::error!("Failed to create database '{}': {:?}", &database_name, err);
|
||||
@@ -181,12 +185,15 @@ pub async fn drop_databases(
|
||||
_ => {}
|
||||
}
|
||||
|
||||
let result =
|
||||
sqlx::query(format!("DROP DATABASE {}", quote_identifier(&database_name)).as_str())
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| DropDatabaseError::MySqlError(err.to_string()));
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"DROP DATABASE {}",
|
||||
quote_identifier(&database_name)
|
||||
));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| DropDatabaseError::MySqlError(err.to_string()));
|
||||
|
||||
if let Err(err) = &result {
|
||||
tracing::error!("Failed to drop database '{}': {:?}", &database_name, err);
|
||||
|
||||
@@ -18,7 +18,7 @@ use std::collections::{BTreeMap, BTreeSet};
|
||||
|
||||
use indoc::indoc;
|
||||
use itertools::Itertools;
|
||||
use sqlx::{MySqlConnection, mysql::MySqlRow, prelude::*};
|
||||
use sqlx::{AssertSqlSafe, MySqlConnection, mysql::MySqlRow, prelude::*};
|
||||
|
||||
use crate::{
|
||||
core::{
|
||||
@@ -84,16 +84,17 @@ async fn unsafe_get_database_privileges(
|
||||
database_name: &str,
|
||||
connection: &mut MySqlConnection,
|
||||
) -> Result<Vec<DatabasePrivilegeRow>, sqlx::Error> {
|
||||
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(&format!(
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"SELECT {} FROM `db` WHERE `Db` = ?",
|
||||
DATABASE_PRIVILEGE_FIELDS
|
||||
.iter()
|
||||
.map(|field| quote_identifier(field))
|
||||
.join(","),
|
||||
))
|
||||
.bind(database_name)
|
||||
.fetch_all(connection)
|
||||
.await;
|
||||
));
|
||||
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(statement)
|
||||
.bind(database_name)
|
||||
.fetch_all(connection)
|
||||
.await;
|
||||
|
||||
if let Err(e) = &result {
|
||||
tracing::error!(
|
||||
@@ -113,17 +114,18 @@ pub async fn unsafe_get_database_privileges_for_db_user_pair(
|
||||
user_name: &MySQLUser,
|
||||
connection: &mut MySqlConnection,
|
||||
) -> Result<Option<DatabasePrivilegeRow>, sqlx::Error> {
|
||||
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(&format!(
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"SELECT {} FROM `db` WHERE `Db` = ? AND `User` = ? AND `Host` = '%'",
|
||||
DATABASE_PRIVILEGE_FIELDS
|
||||
.iter()
|
||||
.map(|field| quote_identifier(field))
|
||||
.join(","),
|
||||
))
|
||||
.bind(database_name.as_str())
|
||||
.bind(user_name.as_str())
|
||||
.fetch_optional(connection)
|
||||
.await;
|
||||
));
|
||||
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(statement)
|
||||
.bind(database_name.as_str())
|
||||
.bind(user_name.as_str())
|
||||
.fetch_optional(connection)
|
||||
.await;
|
||||
|
||||
if let Err(e) = &result {
|
||||
tracing::error!(
|
||||
@@ -189,8 +191,8 @@ pub async fn get_databases_privilege_data(
|
||||
}
|
||||
|
||||
/// TODO: make this constant
|
||||
fn get_all_db_privs_query() -> String {
|
||||
format!(
|
||||
fn get_all_db_privs_query() -> AssertSqlSafe<String> {
|
||||
AssertSqlSafe(format!(
|
||||
indoc! {r"
|
||||
SELECT {} FROM `db` WHERE `db` IN
|
||||
(SELECT DISTINCT CAST(`SCHEMA_NAME` AS CHAR(64)) AS `database`
|
||||
@@ -202,7 +204,7 @@ fn get_all_db_privs_query() -> String {
|
||||
.iter()
|
||||
.map(|field| quote_identifier(field))
|
||||
.join(","),
|
||||
)
|
||||
))
|
||||
}
|
||||
|
||||
/// Get all database + user + privileges pairs that are owned by the current user.
|
||||
@@ -212,7 +214,7 @@ pub async fn get_all_database_privileges(
|
||||
_db_is_mariadb: bool,
|
||||
group_denylist: &GroupDenylist,
|
||||
) -> ListAllPrivilegesResponse {
|
||||
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(&get_all_db_privs_query())
|
||||
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(get_all_db_privs_query())
|
||||
.bind(create_user_group_matching_regex(unix_user, group_denylist))
|
||||
.fetch_all(connection)
|
||||
.await
|
||||
@@ -241,7 +243,10 @@ async fn unsafe_apply_privilege_diff(
|
||||
let question_marks =
|
||||
std::iter::repeat_n("?", DATABASE_PRIVILEGE_FIELDS.len() + 1).join(",");
|
||||
|
||||
sqlx::query(format!("INSERT INTO `db` ({tables}) VALUES ({question_marks})").as_str())
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"INSERT INTO `db` ({tables}) VALUES ({question_marks})"
|
||||
));
|
||||
sqlx::query(statement)
|
||||
.bind(p.db.to_string())
|
||||
.bind(p.user.to_string())
|
||||
.bind(yn(p.select_priv))
|
||||
@@ -280,27 +285,27 @@ async fn unsafe_apply_privilege_diff(
|
||||
}
|
||||
}
|
||||
|
||||
sqlx::query(
|
||||
format!("UPDATE `db` SET {changes} WHERE `Db` = ? AND `User` = ? AND `Host` = ?")
|
||||
.as_str(),
|
||||
)
|
||||
.bind(p.select_priv.map(change_to_yn))
|
||||
.bind(p.insert_priv.map(change_to_yn))
|
||||
.bind(p.update_priv.map(change_to_yn))
|
||||
.bind(p.delete_priv.map(change_to_yn))
|
||||
.bind(p.create_priv.map(change_to_yn))
|
||||
.bind(p.drop_priv.map(change_to_yn))
|
||||
.bind(p.alter_priv.map(change_to_yn))
|
||||
.bind(p.index_priv.map(change_to_yn))
|
||||
.bind(p.create_tmp_table_priv.map(change_to_yn))
|
||||
.bind(p.lock_tables_priv.map(change_to_yn))
|
||||
.bind(p.references_priv.map(change_to_yn))
|
||||
.bind(p.db.to_string())
|
||||
.bind(p.user.to_string())
|
||||
.bind("%")
|
||||
.execute(connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"UPDATE `db` SET {changes} WHERE `Db` = ? AND `User` = ? AND `Host` = ?"
|
||||
));
|
||||
sqlx::query(statement)
|
||||
.bind(p.select_priv.map(change_to_yn))
|
||||
.bind(p.insert_priv.map(change_to_yn))
|
||||
.bind(p.update_priv.map(change_to_yn))
|
||||
.bind(p.delete_priv.map(change_to_yn))
|
||||
.bind(p.create_priv.map(change_to_yn))
|
||||
.bind(p.drop_priv.map(change_to_yn))
|
||||
.bind(p.alter_priv.map(change_to_yn))
|
||||
.bind(p.index_priv.map(change_to_yn))
|
||||
.bind(p.create_tmp_table_priv.map(change_to_yn))
|
||||
.bind(p.lock_tables_priv.map(change_to_yn))
|
||||
.bind(p.references_priv.map(change_to_yn))
|
||||
.bind(p.db.to_string())
|
||||
.bind(p.user.to_string())
|
||||
.bind("%")
|
||||
.execute(connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
}
|
||||
DatabasePrivilegesDiff::Deleted(p) => {
|
||||
sqlx::query("DELETE FROM `db` WHERE `Db` = ? AND `User` = ? AND `Host` = ?")
|
||||
@@ -487,6 +492,10 @@ pub async fn apply_privilege_diffs(
|
||||
results.insert(key, result);
|
||||
}
|
||||
|
||||
if let Err(err) = connection.execute("FLUSH PRIVILEGES").await {
|
||||
tracing::error!("Failed to flush privileges: {}", err);
|
||||
}
|
||||
|
||||
results
|
||||
.into_iter()
|
||||
.map(|((k1, k2), v)| (k1, (k2, v)))
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
use indoc::formatdoc;
|
||||
use itertools::Itertools;
|
||||
use sqlx::AssertSqlSafe;
|
||||
use std::collections::BTreeMap;
|
||||
|
||||
use serde::{Deserialize, Serialize};
|
||||
@@ -126,7 +127,8 @@ pub async fn create_database_users(
|
||||
_ => {}
|
||||
}
|
||||
|
||||
let result = sqlx::query(format!("CREATE USER {}@'%'", quote_literal(&db_user),).as_str())
|
||||
let statement = AssertSqlSafe(format!("CREATE USER {}@'%'", quote_literal(&db_user),));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
@@ -172,7 +174,8 @@ pub async fn drop_database_users(
|
||||
_ => {}
|
||||
}
|
||||
|
||||
let result = sqlx::query(format!("DROP USER {}@'%'", quote_literal(&db_user),).as_str())
|
||||
let statement = AssertSqlSafe(format!("DROP USER {}@'%'", quote_literal(&db_user),));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
@@ -205,18 +208,16 @@ pub async fn set_password_for_database_user(
|
||||
_ => {}
|
||||
}
|
||||
|
||||
let result = sqlx::query(
|
||||
format!(
|
||||
"ALTER USER {}@'%' IDENTIFIED BY {}",
|
||||
quote_literal(db_user),
|
||||
quote_literal(password).as_str(),
|
||||
)
|
||||
.as_str(),
|
||||
)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| SetPasswordError::MySqlError(err.to_string()));
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"ALTER USER {}@'%' IDENTIFIED BY {}",
|
||||
quote_literal(db_user),
|
||||
quote_literal(password).as_str(),
|
||||
));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| SetPasswordError::MySqlError(err.to_string()));
|
||||
|
||||
if result.is_err() {
|
||||
tracing::error!(
|
||||
@@ -315,13 +316,15 @@ pub async fn lock_database_users(
|
||||
}
|
||||
}
|
||||
|
||||
let result = sqlx::query(
|
||||
format!("ALTER USER {}@'%' ACCOUNT LOCK", quote_literal(&db_user),).as_str(),
|
||||
)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| LockUserError::MySqlError(err.to_string()));
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"ALTER USER {}@'%' ACCOUNT LOCK",
|
||||
quote_literal(&db_user),
|
||||
));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| LockUserError::MySqlError(err.to_string()));
|
||||
|
||||
if let Err(err) = &result {
|
||||
tracing::error!("Failed to lock database user '{}': {:?}", &db_user, err);
|
||||
@@ -375,13 +378,15 @@ pub async fn unlock_database_users(
|
||||
_ => {}
|
||||
}
|
||||
|
||||
let result = sqlx::query(
|
||||
format!("ALTER USER {}@'%' ACCOUNT UNLOCK", quote_literal(&db_user),).as_str(),
|
||||
)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| UnlockUserError::MySqlError(err.to_string()));
|
||||
let statement = AssertSqlSafe(format!(
|
||||
"ALTER USER {}@'%' ACCOUNT UNLOCK",
|
||||
quote_literal(&db_user),
|
||||
));
|
||||
let result = sqlx::query(statement)
|
||||
.execute(&mut *connection)
|
||||
.await
|
||||
.map(|_| ())
|
||||
.map_err(|err| UnlockUserError::MySqlError(err.to_string()));
|
||||
|
||||
if let Err(err) = &result {
|
||||
tracing::error!("Failed to unlock database user '{}': {:?}", &db_user, err);
|
||||
@@ -459,16 +464,17 @@ pub async fn list_database_users(
|
||||
continue;
|
||||
}
|
||||
|
||||
let mut result = sqlx::query_as::<_, DatabaseUser>(
|
||||
&(if db_is_mariadb {
|
||||
let statement = AssertSqlSafe(
|
||||
if db_is_mariadb {
|
||||
DB_USER_SELECT_STATEMENT_MARIADB.to_string()
|
||||
} else {
|
||||
DB_USER_SELECT_STATEMENT_MYSQL.to_string()
|
||||
} + "WHERE `mysql`.`user`.`User` = ? AND `mysql`.`user`.`Host` = '%'"),
|
||||
)
|
||||
.bind(db_user.as_str())
|
||||
.fetch_optional(&mut *connection)
|
||||
.await;
|
||||
} + "WHERE `mysql`.`user`.`User` = ? AND `mysql`.`user`.`Host` = '%'",
|
||||
);
|
||||
let mut result = sqlx::query_as::<_, DatabaseUser>(statement)
|
||||
.bind(db_user.as_str())
|
||||
.fetch_optional(&mut *connection)
|
||||
.await;
|
||||
|
||||
if let Err(err) = &result {
|
||||
tracing::error!("Failed to list database user '{}': {:?}", &db_user, err);
|
||||
@@ -496,17 +502,18 @@ pub async fn list_all_database_users_for_unix_user(
|
||||
db_is_mariadb: bool,
|
||||
group_denylist: &GroupDenylist,
|
||||
) -> ListAllUsersResponse {
|
||||
let mut result = sqlx::query_as::<_, DatabaseUser>(
|
||||
&(if db_is_mariadb {
|
||||
let statement = AssertSqlSafe(
|
||||
if db_is_mariadb {
|
||||
DB_USER_SELECT_STATEMENT_MARIADB.to_string()
|
||||
} else {
|
||||
DB_USER_SELECT_STATEMENT_MYSQL.to_string()
|
||||
} + "WHERE `user`.`User` REGEXP ? AND `user`.`Host` = '%'"),
|
||||
)
|
||||
.bind(create_user_group_matching_regex(unix_user, group_denylist))
|
||||
.fetch_all(&mut *connection)
|
||||
.await
|
||||
.map_err(|err| ListAllUsersError::MySqlError(err.to_string()));
|
||||
} + "WHERE `user`.`User` REGEXP ? AND `user`.`Host` = '%'",
|
||||
);
|
||||
let mut result = sqlx::query_as::<_, DatabaseUser>(statement)
|
||||
.bind(create_user_group_matching_regex(unix_user, group_denylist))
|
||||
.fetch_all(&mut *connection)
|
||||
.await
|
||||
.map_err(|err| ListAllUsersError::MySqlError(err.to_string()));
|
||||
|
||||
if let Err(err) = &result {
|
||||
tracing::error!("Failed to list all database users: {:?}", err);
|
||||
@@ -531,23 +538,21 @@ pub async fn set_databases_where_user_has_privileges(
|
||||
db_user: &mut DatabaseUser,
|
||||
connection: &mut MySqlConnection,
|
||||
) -> Result<(), sqlx::Error> {
|
||||
let database_list = sqlx::query(
|
||||
formatdoc!(
|
||||
r"
|
||||
SELECT `Db` AS `database`
|
||||
FROM `db`
|
||||
WHERE `User` = ? AND `Host` = '%' AND ({})
|
||||
",
|
||||
DATABASE_PRIVILEGE_FIELDS
|
||||
.iter()
|
||||
.map(|field| format!("`{field}` = 'Y'"))
|
||||
.join(" OR "),
|
||||
)
|
||||
.as_str(),
|
||||
)
|
||||
.bind(db_user.user.as_str())
|
||||
.fetch_all(&mut *connection)
|
||||
.await;
|
||||
let statement = AssertSqlSafe(formatdoc!(
|
||||
r"
|
||||
SELECT `Db` AS `database`
|
||||
FROM `db`
|
||||
WHERE `User` = ? AND `Host` = '%' AND ({})
|
||||
",
|
||||
DATABASE_PRIVILEGE_FIELDS
|
||||
.iter()
|
||||
.map(|field| format!("`{field}` = 'Y'"))
|
||||
.join(" OR "),
|
||||
));
|
||||
let database_list = sqlx::query(statement)
|
||||
.bind(db_user.user.as_str())
|
||||
.fetch_all(&mut *connection)
|
||||
.await;
|
||||
|
||||
if let Err(err) = &database_list {
|
||||
tracing::error!(
|
||||
|
||||
Reference in New Issue
Block a user