With alter table patches and the undocumented feature for administering

mysql users and databases with same name as unix groups for the user.
This commit is contained in:
Knut Petter Svendsen 2002-02-27 08:49:48 +00:00
parent 7f589bb064
commit ff52786682
10 changed files with 260 additions and 20 deletions

View File

@ -1,7 +1,7 @@
/*
* acconfig.h
*
* @(#) $Header: /tmp/cvs/mysql-admutils/acconfig.h,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @(#) $Header: /tmp/cvs/mysql-admutils/acconfig.h,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
*/

View File

@ -1,5 +1,5 @@
/*
* @(#) $Header: /tmp/cvs/mysql-admutils/common.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @(#) $Header: /tmp/cvs/mysql-admutils/common.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
* functions used by mysql-dbadm.c and mysql-useradm.c
*
@ -17,11 +17,12 @@
#include <unistd.h>
#include <ctype.h>
#include <string.h>
#include <grp.h>
#include "mysql-admutils.h"
char *program_name;
static char *rcsheader = "@(#) " PACKAGE " " VERSION " ljosa@initio.no $Header: /tmp/cvs/mysql-admutils/common.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $";
static char *rcsheader = "@(#) " PACKAGE " " VERSION " ljosa@initio.no $Header: /tmp/cvs/mysql-admutils/common.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $";
int
@ -117,6 +118,75 @@ owner(char *name)
return 0; /* not owner if we get as far as this */
}
/**
* Decides if the user is member of a group. The Unix group can't contain any
* '_'. i.e 'fidi_s' won't be accepted.
*/
int
member(char *gr) {
char *username;
char *group;
struct group *g;
struct passwd *p;
char *foo;
/* size_t i = 0; */
/* Get username */
p = getpwuid(getuid());
if (!p) {
fprintf(stderr, "Failed to look up your UNIX username.");
exit(1);
}
username = p->pw_name;
/* Copy string, but cut at '_' */
group = strdup(gr);
if (group == NULL) {
fprintf(stderr, "Couldn't allocate memory. Terminating.");
exit(1);
}
foo = strchr(group, '_');
if (foo) {
#if DEBUG
printf("gr = %s, group = %s, foo = %s\n", gr, group, foo);
#endif
*foo = '\0';
}
/* Get group */
g = getgrnam(group);
if (g == NULL) {
fprintf(stderr, "No such group: %s\n", group);
exit(1);
}
/* Check if user is member of group */
while(*g->gr_mem != NULL) {
char * member = *g->gr_mem;
#if DEBUG
printf("Medlem: %s\n", *g->gr_mem);
#endif
if (strcmp(member,username) == 0) {
#if DEBUG
printf("You have access to '%s'\n", gr);
#endif
return 1; /* OK */
} else
*g->gr_mem++;
}
#if DEBUG
printf("You have no access to '%s'\n", gr);
#endif
return 0;
}
int
reload(MYSQL *pmysql)

86
common.patch Normal file
View File

@ -0,0 +1,86 @@
--- mysql/common.c Wed Feb 2 22:59:21 2000
+++ src-0.3-local/common.c Thu Feb 17 21:20:24 2000
@@ -17,6 +17,7 @@
#include <unistd.h>
#include <ctype.h>
#include <string.h>
+#include <grp.h>
#include "mysql-admutils.h"
char *program_name;
@@ -115,6 +116,75 @@
return 1; /* OK */
return 0; /* not owner if we get as far as this */
+}
+
+/**
+ * Decides if the user is member of a group. The Unix group can't contain any
+ * '_'. i.e 'fidi_s' won't be accepted.
+ */
+int
+member(char *gr) {
+ char *username;
+
+ char *group;
+ struct group *g;
+
+ struct passwd *p;
+ char *foo;
+
+ /* size_t i = 0; */
+
+ /* Get username */
+ p = getpwuid(getuid());
+ if (!p) {
+ fprintf(stderr, "Failed to look up your UNIX username.");
+ exit(1);
+ }
+ username = p->pw_name;
+
+ /* Copy string, but cut at '_' */
+ group = strdup(gr);
+ if (group == NULL) {
+ fprintf(stderr, "Couldn't allocate memory. Terminating.");
+ exit(1);
+ }
+
+ foo = strchr(group, '_');
+ if (foo) {
+#if DEBUG
+ printf("gr = %s, group = %s, foo = %s\n", gr, group, foo);
+#endif
+ *foo = '\0';
+ }
+
+ /* Get group */
+ g = getgrnam(group);
+ if (g == NULL) {
+ fprintf(stderr, "No such group: %s\n", group);
+ exit(1);
+ }
+
+ /* Check if user is member of group */
+ while(*g->gr_mem != NULL) {
+ char * member = *g->gr_mem;
+#if DEBUG
+ printf("Medlem: %s\n", *g->gr_mem);
+#endif
+
+ if (strcmp(member,username) == 0) {
+#if DEBUG
+ printf("You have access to '%s'\n", gr);
+#endif
+ return 1; /* OK */
+ } else
+ *g->gr_mem++;
+ }
+#if DEBUG
+ printf("You have no access to '%s'\n", gr);
+#endif
+
+ return 0;
+
}

View File

@ -1,5 +1,5 @@
/*
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-admutils.h,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-admutils.h,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
*/

View File

@ -1,5 +1,5 @@
/*
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
* mysql-dbadm.c
*
@ -168,24 +168,24 @@ writeperm(FILE *f, MYSQL *pmysql, const char *db)
MYSQL_ROW row;
sprintf(query, "select user,select_priv,insert_priv,update_priv,"
"delete_priv,create_priv,drop_priv from db where db='%s'", db);
"delete_priv,create_priv,drop_priv,alter_priv from db where db='%s'", db);
if (mysql_query(pmysql, query))
return dberror(pmysql, "Query for permissions failed.");
res = mysql_store_result(pmysql);
rows = mysql_num_rows(res);
fprintf(f, "# User "
"Select Insert Update Delete Create Drop\n");
"Select Insert Update Delete Create Drop Alter\n");
fprintf(f, "# ---------------- "
"------ ------ ------ ------ ------ ------\n");
"------ ------ ------ ------ ------ ---- -----\n");
if (rows == 0)
fprintf(f, "# (no permissions currently granted to any users)\n");
else
for (i = 0; i < rows; i++)
{
row = mysql_fetch_row(res);
fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %s\n",
row[0], row[1], row[2], row[3], row[4], row[5], row[6]);
fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %-7s %s\n",
row[0], row[1], row[2], row[3], row[4], row[5], row[6], row[7]);
}
return 0;
}
@ -215,7 +215,7 @@ editperm(MYSQL *pmysql, const char *db)
char line[1024]; /* buffer to hold one line */
char *cp; /* used to interate through a line */
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
*create_priv, *drop_priv;
*create_priv, *drop_priv, *alter_priv;
char query[1024]; /* used to build a query */
char *queries[MAX_GRANTS]; /* insert queries */
int lines; /* number of grant lines processed */
@ -285,15 +285,17 @@ editperm(MYSQL *pmysql, const char *db)
CHECK_PRIV(create_priv);
STRTOK_WHITESPACE(drop_priv, NULL);
CHECK_PRIV(drop_priv);
STRTOK_WHITESPACE(alter_priv, NULL);
CHECK_PRIV(alter_priv);
#undef STRTOK_WHITESPACE
#undef CHECK_PRIV
sprintf(query, "insert into db (host, db, user, select_priv, insert_priv, "
"update_priv, delete_priv, create_priv, drop_priv) values "
"('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
"update_priv, delete_priv, create_priv, drop_priv, alter_priv) values "
"('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
db, user, select_priv, insert_priv, update_priv, delete_priv,
create_priv, drop_priv);
create_priv, drop_priv, alter_priv);
queries[lines] = strdup(query);
lines++;
if (lines >= MAX_GRANTS)
@ -391,7 +393,7 @@ main(int argc, char *argv[])
/* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++)
{
if (! owner(argv[i]))
if (! (owner(argv[i]) || member(argv[i])))
{
dberror(NULL, "You are not the owner of '%s'. Skipping.",
argv[i]);

71
mysql-dbadm.patch Normal file
View File

@ -0,0 +1,71 @@
--- mysql/mysql-dbadm.c Wed Feb 2 20:51:53 2000
+++ src-0.3-local/mysql-dbadm.c Thu Feb 17 21:29:49 2000
@@ -168,24 +168,24 @@
MYSQL_ROW row;
sprintf(query, "select user,select_priv,insert_priv,update_priv,"
- "delete_priv,create_priv,drop_priv from db where db='%s'", db);
+ "delete_priv,create_priv,drop_priv,alter_priv from db where db='%s'", db);
if (mysql_query(pmysql, query))
return dberror(pmysql, "Query for permissions failed.");
res = mysql_store_result(pmysql);
rows = mysql_num_rows(res);
fprintf(f, "# User "
- "Select Insert Update Delete Create Drop\n");
+ "Select Insert Update Delete Create Drop Alter\n");
fprintf(f, "# ---------------- "
- "------ ------ ------ ------ ------ ------\n");
+ "------ ------ ------ ------ ------ ---- -----\n");
if (rows == 0)
fprintf(f, "# (no permissions currently granted to any users)\n");
else
for (i = 0; i < rows; i++)
{
row = mysql_fetch_row(res);
- fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %s\n",
- row[0], row[1], row[2], row[3], row[4], row[5], row[6]);
+ fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %-7s %s\n",
+ row[0], row[1], row[2], row[3], row[4], row[5], row[6], row[7]);
}
return 0;
}
@@ -215,7 +215,7 @@
char line[1024]; /* buffer to hold one line */
char *cp; /* used to interate through a line */
char *user, *select_priv, *insert_priv, *update_priv, *delete_priv,
- *create_priv, *drop_priv;
+ *create_priv, *drop_priv, *alter_priv;
char query[1024]; /* used to build a query */
char *queries[MAX_GRANTS]; /* insert queries */
int lines; /* number of grant lines processed */
@@ -285,15 +285,17 @@
CHECK_PRIV(create_priv);
STRTOK_WHITESPACE(drop_priv, NULL);
CHECK_PRIV(drop_priv);
+ STRTOK_WHITESPACE(alter_priv, NULL);
+ CHECK_PRIV(alter_priv);
#undef STRTOK_WHITESPACE
#undef CHECK_PRIV
sprintf(query, "insert into db (host, db, user, select_priv, insert_priv, "
- "update_priv, delete_priv, create_priv, drop_priv) values "
- "('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
+ "update_priv, delete_priv, create_priv, drop_priv, alter_priv) values "
+ "('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
db, user, select_priv, insert_priv, update_priv, delete_priv,
- create_priv, drop_priv);
+ create_priv, drop_priv, alter_priv);
queries[lines] = strdup(query);
lines++;
if (lines >= MAX_GRANTS)
@@ -391,7 +393,7 @@
/* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++)
{
- if (! owner(argv[i]))
+ if (! (owner(argv[i]) || member(argv[i])))
{
dberror(NULL, "You are not the owner of '%s'. Skipping.",
argv[i]);

View File

@ -1,5 +1,5 @@
/*
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
* mysql-useradm.c
*
@ -269,7 +269,7 @@ main(int argc, char *argv[])
/* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++)
{
if (! owner(argv[i]))
if (! (owner(argv[i]) || member(argv[i])))
{
dberror(NULL, "You are not the owner of '%s'. Skipping.",
argv[i]);

11
mysql-useradm.patch Normal file
View File

@ -0,0 +1,11 @@
--- mysql/mysql-useradm.c Wed Feb 2 20:51:53 2000
+++ src-0.3-local/mysql-useradm.c Thu Feb 17 21:22:31 2000
@@ -269,7 +269,7 @@
/* for each supplied database name, perform the requested action */
for (i = 2; i < argc; i++)
{
- if (! owner(argv[i]))
+ if (! (owner(argv[i]) || member(argv[i])))
{
dberror(NULL, "You are not the owner of '%s'. Skipping.",
argv[i]);

View File

@ -1,5 +1,5 @@
/*
* @($) $Id: pwfile.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @($) $Id: pwfile.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
* functions for parsing the config file.
*

View File

@ -1,7 +1,7 @@
/* A lexical scanner generated by flex */
/* Scanner skeleton version:
* $Header: /tmp/cvs/mysql-admutils/pwlex.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* $Header: /tmp/cvs/mysql-admutils/pwlex.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*/
#define FLEX_SCANNER
@ -389,7 +389,7 @@ char *yytext;
#line 1 "pwlex.l"
#define INITIAL 0
/*
* @(#) $Id: pwlex.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $
* @(#) $Id: pwlex.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $
*
* lex source for the configuration file
*