2001-11-25 01:41:16 +01:00
|
|
|
|
/*
|
2011-09-22 14:17:18 +02:00
|
|
|
|
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.12 2011-09-22 12:17:18 geirha Exp $
|
2001-11-25 01:41:16 +01:00
|
|
|
|
*
|
|
|
|
|
* mysql-useradm.c
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include <pwd.h>
|
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
#include <unistd.h>
|
|
|
|
|
#include <mysql.h>
|
|
|
|
|
#include "mysql-admutils.h"
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
usage()
|
|
|
|
|
{
|
|
|
|
|
printf("Usage: %s COMMAND [USER]...\n", program_name);
|
|
|
|
|
printf("Create, delete or change password for the USER(s),\n");
|
|
|
|
|
printf("as determined by the COMMAND. Valid COMMANDs:\n");
|
|
|
|
|
printf("\n");
|
|
|
|
|
printf(" create create the USER(s).\n");
|
|
|
|
|
printf(" delete delete the USER(s).\n");
|
2011-09-22 14:17:18 +02:00
|
|
|
|
printf(" passwd change the MySQL password for the USER(s).\n");
|
2001-11-25 01:41:16 +01:00
|
|
|
|
printf(" show give information about the USERS(s), or, if\n");
|
|
|
|
|
printf(" none are given, all the users you have.\n");
|
|
|
|
|
printf("\n");
|
2002-03-10 18:43:53 +01:00
|
|
|
|
printf("Report bugs to drift@stud.ntnu.no\n");
|
2001-11-25 01:41:16 +01:00
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
is_password_set(MYSQL *pmysql, const char *user)
|
|
|
|
|
{
|
2012-12-03 13:20:20 +01:00
|
|
|
|
char query[1024], *end;
|
2001-11-25 01:41:16 +01:00
|
|
|
|
MYSQL_RES *res;
|
|
|
|
|
int rows;
|
|
|
|
|
MYSQL_ROW row;
|
2012-12-03 13:20:20 +01:00
|
|
|
|
int check = 0;
|
|
|
|
|
|
|
|
|
|
end = strmov(query, "SELECT password FROM user WHERE user='");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, user, strlen(user));
|
|
|
|
|
*end++ = '\'';
|
|
|
|
|
*end = '\0';
|
2001-11-25 01:41:16 +01:00
|
|
|
|
|
|
|
|
|
if (mysql_query(pmysql, query))
|
|
|
|
|
dberror(pmysql, "Failed to look up password for user '%s'.", user);
|
|
|
|
|
res = mysql_store_result(pmysql);
|
|
|
|
|
rows = mysql_num_rows(res);
|
2012-12-03 13:20:20 +01:00
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
if (rows > 1)
|
2012-12-03 13:20:20 +01:00
|
|
|
|
{
|
|
|
|
|
mysql_free_result(res);
|
2001-11-25 01:41:16 +01:00
|
|
|
|
return dberror(NULL, "Query for password for user '%s' gave %d results!",
|
2007-02-27 15:10:08 +01:00
|
|
|
|
user, rows);
|
2012-12-03 13:20:20 +01:00
|
|
|
|
}
|
|
|
|
|
else if (rows < 1) {
|
|
|
|
|
mysql_free_result(res);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
row = mysql_fetch_row(res);
|
2012-12-03 13:20:20 +01:00
|
|
|
|
check = (row[0] && (strlen(row[0]) > 0));
|
|
|
|
|
mysql_free_result(res);
|
|
|
|
|
|
|
|
|
|
return check;
|
2001-11-25 01:41:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
create(MYSQL *pmysql, const char *user)
|
|
|
|
|
{
|
2012-12-03 13:20:20 +01:00
|
|
|
|
char query[1024], *end;
|
|
|
|
|
|
|
|
|
|
end = strmov(query, "INSERT INTO user (host, user) VALUES ('%', '");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, user, strlen(user));
|
|
|
|
|
end = strmov(end, "')");
|
2001-11-25 01:41:16 +01:00
|
|
|
|
|
|
|
|
|
if (mysql_query(pmysql, query))
|
|
|
|
|
return dberror(pmysql, "Failed to create user '%s'.", user);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
delete(MYSQL *pmysql, const char *user)
|
|
|
|
|
{
|
2012-12-03 13:20:20 +01:00
|
|
|
|
char query[1024], *end;
|
|
|
|
|
|
|
|
|
|
end = strmov(query, "DELETE FROM user WHERE user='");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, user, strlen(user));
|
|
|
|
|
*end++ = '\'';
|
|
|
|
|
*end = '\0';
|
2001-11-25 01:41:16 +01:00
|
|
|
|
|
|
|
|
|
if (mysql_query(pmysql, query))
|
|
|
|
|
return dberror(pmysql, "Failed to delete user '%s'.", user);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
passwd(MYSQL *pmysql, const char *user)
|
|
|
|
|
{
|
|
|
|
|
char prompt[1024];
|
2012-12-03 13:20:20 +01:00
|
|
|
|
char query[1024], *end;
|
2001-11-25 01:41:16 +01:00
|
|
|
|
char *password, *confirm_password;
|
|
|
|
|
|
2012-12-03 13:20:20 +01:00
|
|
|
|
if (is_password_set(pmysql, user) == -1) /* no such mysql user */
|
|
|
|
|
return dberror(NULL, "User '%s' does not exist."
|
|
|
|
|
" You must create it first.\n", user);
|
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
sprintf(prompt, "New MySQL password for user '%s': ", user);
|
|
|
|
|
password = getpass(prompt);
|
|
|
|
|
confirm_password = strdup(password);
|
|
|
|
|
sprintf(prompt, "Retype new MySQL password for user '%s': ", user);
|
|
|
|
|
password = getpass(prompt);
|
|
|
|
|
if (strcmp(password, confirm_password) != 0)
|
|
|
|
|
{
|
|
|
|
|
free(confirm_password);
|
|
|
|
|
return dberror(NULL, "Sorry, passwords do not match.");
|
|
|
|
|
}
|
|
|
|
|
free(confirm_password);
|
|
|
|
|
|
2012-12-03 13:20:20 +01:00
|
|
|
|
end = strmov(query, "UPDATE user SET password = PASSWORD('");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, password, strlen(password));
|
|
|
|
|
end = strmov(end, "') WHERE user='");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, user, strlen(user));
|
|
|
|
|
*end++ = '\'';
|
|
|
|
|
*end = '\0';
|
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
if (mysql_query(pmysql, query))
|
|
|
|
|
return dberror(pmysql, "Failed to set new password for user '%s'.", user);
|
2012-12-03 13:20:20 +01:00
|
|
|
|
if (mysql_affected_rows(pmysql) != 1)
|
2001-11-25 01:41:16 +01:00
|
|
|
|
dberror(NULL, "%d rows affected by password update for user '%s'!",
|
2007-02-27 15:10:08 +01:00
|
|
|
|
mysql_affected_rows(pmysql), user);
|
2001-11-25 01:41:16 +01:00
|
|
|
|
|
|
|
|
|
fprintf(stderr, "Password updated for user '%s'.\n", user);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
show(MYSQL *pmysql, const char *user)
|
|
|
|
|
{
|
|
|
|
|
switch (is_password_set(pmysql, user))
|
|
|
|
|
{
|
|
|
|
|
case -1:
|
|
|
|
|
break;
|
|
|
|
|
case 0:
|
|
|
|
|
printf("User '%s': ", user);
|
|
|
|
|
printf("no password set.\n");
|
|
|
|
|
break;
|
|
|
|
|
case 1:
|
|
|
|
|
printf("User '%s': ", user);
|
|
|
|
|
printf("password set.\n");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* return a list of the user's databases */
|
|
|
|
|
char **
|
|
|
|
|
list(MYSQL *pmysql)
|
|
|
|
|
{
|
2012-12-03 13:20:20 +01:00
|
|
|
|
char query[4096], *end;
|
2002-03-06 18:05:05 +01:00
|
|
|
|
char **usrgroups, **cp;
|
2001-11-25 01:41:16 +01:00
|
|
|
|
MYSQL_RES *res;
|
2002-03-06 18:05:05 +01:00
|
|
|
|
int rows, numgroups;
|
2001-11-25 01:41:16 +01:00
|
|
|
|
MYSQL_ROW row;
|
|
|
|
|
char **userlist;
|
|
|
|
|
int i;
|
|
|
|
|
struct passwd *p;
|
|
|
|
|
|
|
|
|
|
p = getpwuid(getuid());
|
2012-12-03 13:20:20 +01:00
|
|
|
|
|
|
|
|
|
end = strmov(query, "SELECT user FROM user WHERE user='");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, p->pw_name, strlen(p->pw_name));
|
|
|
|
|
end = strmov(end, "' OR user LIKE '");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, p->pw_name, strlen(p->pw_name));
|
|
|
|
|
end = strmov(end, "\\_%'");
|
2001-11-25 01:41:16 +01:00
|
|
|
|
|
2002-03-06 18:05:05 +01:00
|
|
|
|
numgroups = 0;
|
|
|
|
|
|
|
|
|
|
usrgroups = get_group_names(&numgroups);
|
|
|
|
|
cp = usrgroups;
|
2017-09-28 17:21:02 +02:00
|
|
|
|
while (cp && *cp) {
|
2012-12-03 13:20:20 +01:00
|
|
|
|
end = strmov(end, " OR user='");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, *cp, strlen(*cp));
|
|
|
|
|
end = strmov(end, "' OR user LIKE '");
|
|
|
|
|
end += mysql_real_escape_string(pmysql, end, *cp, strlen(*cp));
|
|
|
|
|
end = strmov(end, "\\_%'");
|
|
|
|
|
free(*cp);
|
2002-03-06 18:05:05 +01:00
|
|
|
|
cp++;
|
|
|
|
|
}
|
2012-12-03 13:20:20 +01:00
|
|
|
|
free(usrgroups);
|
2002-03-06 18:05:05 +01:00
|
|
|
|
|
2003-04-04 00:30:45 +02:00
|
|
|
|
#ifdef DEBUG
|
2003-04-07 18:21:50 +02:00
|
|
|
|
printf("about to run query: %s\n", query);
|
2003-04-04 00:30:45 +02:00
|
|
|
|
#endif
|
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
if (mysql_query(pmysql, query))
|
|
|
|
|
{
|
|
|
|
|
dberror(pmysql, "Failed to look up %s's users.", p->pw_name);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
res = mysql_store_result(pmysql);
|
|
|
|
|
rows = mysql_num_rows(res);
|
|
|
|
|
userlist = malloc((rows + 1) * sizeof(char *));
|
|
|
|
|
if (!userlist)
|
|
|
|
|
{
|
|
|
|
|
dberror(NULL, "%s: Out of memory.\n", program_name);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
for (i = 0; i < rows; i++)
|
|
|
|
|
if ((row = mysql_fetch_row(res)))
|
|
|
|
|
{
|
2007-02-27 15:10:08 +01:00
|
|
|
|
userlist[i] = strdup(row[0]);
|
2001-11-25 01:41:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userlist[i] = NULL;
|
|
|
|
|
|
2012-12-03 13:20:20 +01:00
|
|
|
|
mysql_free_result(res);
|
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
return userlist;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
enum { c_create, c_delete, c_passwd, c_show } command;
|
|
|
|
|
MYSQL mysql;
|
2005-06-27 12:13:01 +02:00
|
|
|
|
mysql_init(&mysql);
|
2001-11-25 01:41:16 +01:00
|
|
|
|
char **dblist, **p;
|
2012-12-03 13:20:20 +01:00
|
|
|
|
char user[65];
|
2001-11-25 01:41:16 +01:00
|
|
|
|
|
|
|
|
|
program_name = argv[0];
|
|
|
|
|
|
|
|
|
|
for (i = 1; i < argc; i++)
|
|
|
|
|
if (strcmp(argv[i], "--help") == 0)
|
|
|
|
|
return usage();
|
|
|
|
|
for (i = 1; i < argc; i++)
|
|
|
|
|
if (strcmp(argv[i], "--version") == 0)
|
|
|
|
|
return version();
|
|
|
|
|
|
2003-04-07 18:21:50 +02:00
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
printf("NB NB NB: denne versjonen av programmet er kompilert med -DDEBUG, og\n");
|
|
|
|
|
printf("kan komme til <20> skrive ut ekstra informasjon. Dette er ikke farlig,\n");
|
|
|
|
|
printf("og programmet b<>r virke som vanlig.\n");
|
|
|
|
|
#endif
|
|
|
|
|
|
2001-11-25 01:41:16 +01:00
|
|
|
|
if (argc < 2)
|
|
|
|
|
return wrong_use(NULL);
|
|
|
|
|
|
|
|
|
|
/* check that the supplied command is valid */
|
|
|
|
|
|
|
|
|
|
if (strcmp(argv[1], "create") == 0)
|
|
|
|
|
command = c_create;
|
|
|
|
|
else if (strcmp(argv[1], "delete") == 0)
|
|
|
|
|
command = c_delete;
|
|
|
|
|
else if (strcmp(argv[1], "passwd") == 0)
|
|
|
|
|
command = c_passwd;
|
|
|
|
|
else if (strcmp(argv[1], "show") == 0)
|
|
|
|
|
command = c_show;
|
|
|
|
|
else
|
|
|
|
|
return wrong_use("unrecognized command '%s'.", argv[1]); /* XXX */
|
|
|
|
|
|
2012-12-03 13:20:20 +01:00
|
|
|
|
/* all other than show requires at least one USER argument. */
|
2001-11-25 01:41:16 +01:00
|
|
|
|
if ((command != c_show) && (argc < 3))
|
|
|
|
|
return wrong_use(NULL);
|
|
|
|
|
|
|
|
|
|
read_config_file();
|
|
|
|
|
|
|
|
|
|
/* connect to the database server and select the mysql database */
|
2005-06-27 12:13:01 +02:00
|
|
|
|
if (!mysql_real_connect(&mysql, db_server, db_user, db_passwd, db_name, 0, NULL, 0))
|
2001-11-25 01:41:16 +01:00
|
|
|
|
return dberror(&mysql, "Cannot connect to database server '%s'.",
|
2007-02-27 15:10:08 +01:00
|
|
|
|
db_server);
|
2001-11-25 01:41:16 +01:00
|
|
|
|
if (mysql_select_db(&mysql, db_name))
|
|
|
|
|
return dberror(&mysql, "Cannot select database '%s'.", db_name);
|
|
|
|
|
|
|
|
|
|
if ((command == c_show) && (argc == 2))
|
|
|
|
|
{
|
|
|
|
|
dblist = list(&mysql);
|
|
|
|
|
p = dblist;
|
2017-09-28 17:21:02 +02:00
|
|
|
|
while (p && *p)
|
2007-02-27 15:10:08 +01:00
|
|
|
|
{
|
|
|
|
|
show(&mysql, *p);
|
|
|
|
|
free(*p);
|
|
|
|
|
p++;
|
|
|
|
|
}
|
2001-11-25 01:41:16 +01:00
|
|
|
|
free(dblist);
|
|
|
|
|
}
|
2004-11-16 21:59:42 +01:00
|
|
|
|
else {
|
|
|
|
|
/* for each supplied database name, perform the requested action */
|
|
|
|
|
|
|
|
|
|
for (i = 2; i < argc; i++) {
|
|
|
|
|
strncpy(user, argv[i], 32);
|
|
|
|
|
user[33] = '\0';
|
2007-02-27 15:10:08 +01:00
|
|
|
|
if (! (owner(user) || member(user)))
|
|
|
|
|
{
|
|
|
|
|
if (command == c_create)
|
|
|
|
|
dberror(NULL,"Unable to create mysql-user '%s'.\n"
|
|
|
|
|
|
2011-09-22 14:17:18 +02:00
|
|
|
|
"A mysql-user must start with either '%s_' or "
|
2007-02-27 15:10:08 +01:00
|
|
|
|
"'groupname_', where groupname is a unix group you are a "
|
|
|
|
|
"member of. Type \"groups\" to see which groups you are "
|
|
|
|
|
"a member of.\n",
|
|
|
|
|
user, getpwuid(getuid())->pw_name);
|
|
|
|
|
else
|
|
|
|
|
dberror(NULL, "You are not in charge of mysql-user: '%s'. Skipping.", user);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (command)
|
|
|
|
|
{
|
|
|
|
|
case c_create:
|
2012-12-11 15:24:07 +01:00
|
|
|
|
if(name_isclean(user)) {
|
|
|
|
|
create(&mysql, user);
|
|
|
|
|
} else {
|
|
|
|
|
dberror(NULL, "User name '%s' contains invalid characters.\n"
|
|
|
|
|
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
|
|
|
|
|
}
|
2007-02-27 15:10:08 +01:00
|
|
|
|
break;
|
|
|
|
|
case c_delete:
|
2012-12-11 15:24:07 +01:00
|
|
|
|
if(name_isclean(user)) {
|
|
|
|
|
delete(&mysql, user);
|
|
|
|
|
} else {
|
|
|
|
|
dberror(NULL, "User name '%s' contains invalid characters.\n"
|
|
|
|
|
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
|
|
|
|
|
}
|
2007-02-27 15:10:08 +01:00
|
|
|
|
break;
|
|
|
|
|
case c_passwd:
|
2012-12-11 15:24:07 +01:00
|
|
|
|
if(name_isclean(user)) {
|
|
|
|
|
passwd(&mysql, user);
|
|
|
|
|
} else {
|
|
|
|
|
dberror(NULL, "User name '%s' contains invalid characters.\n"
|
|
|
|
|
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
|
|
|
|
|
}
|
2007-02-27 15:10:08 +01:00
|
|
|
|
break;
|
|
|
|
|
case c_show:
|
2012-12-11 15:24:07 +01:00
|
|
|
|
if(name_isclean(user)) {
|
|
|
|
|
show(&mysql, user);
|
|
|
|
|
} else {
|
|
|
|
|
dberror(NULL, "User name '%s' contains invalid characters.\n"
|
|
|
|
|
"Only A-Z, a-z, 0-9, _ (underscore) and - (dash) permitted. Skipping.", user);
|
|
|
|
|
}
|
2007-02-27 15:10:08 +01:00
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
fprintf(stderr, "This point should never be reached.\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-11-25 01:41:16 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reload(&mysql);
|
|
|
|
|
mysql_close(&mysql);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|