From ff52786682b88efff4349b083ea5744fa945ca4c Mon Sep 17 00:00:00 2001 From: Knut Petter Svendsen Date: Wed, 27 Feb 2002 08:49:48 +0000 Subject: [PATCH] With alter table patches and the undocumented feature for administering mysql users and databases with same name as unix groups for the user. --- acconfig.h | 2 +- common.c | 74 ++++++++++++++++++++++++++++++++++++-- common.patch | 86 +++++++++++++++++++++++++++++++++++++++++++++ mysql-admutils.h | 2 +- mysql-dbadm.c | 24 +++++++------ mysql-dbadm.patch | 71 +++++++++++++++++++++++++++++++++++++ mysql-useradm.c | 4 +-- mysql-useradm.patch | 11 ++++++ pwfile.c | 2 +- pwlex.c | 4 +-- 10 files changed, 260 insertions(+), 20 deletions(-) create mode 100644 common.patch create mode 100644 mysql-dbadm.patch create mode 100644 mysql-useradm.patch diff --git a/acconfig.h b/acconfig.h index e709182..76e5baf 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,7 +1,7 @@ /* * acconfig.h * - * @(#) $Header: /tmp/cvs/mysql-admutils/acconfig.h,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @(#) $Header: /tmp/cvs/mysql-admutils/acconfig.h,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * */ diff --git a/common.c b/common.c index 445629b..c45d72b 100644 --- a/common.c +++ b/common.c @@ -1,5 +1,5 @@ /* - * @(#) $Header: /tmp/cvs/mysql-admutils/common.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @(#) $Header: /tmp/cvs/mysql-admutils/common.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * * functions used by mysql-dbadm.c and mysql-useradm.c * @@ -17,11 +17,12 @@ #include #include #include +#include #include "mysql-admutils.h" char *program_name; -static char *rcsheader = "@(#) " PACKAGE " " VERSION " ljosa@initio.no $Header: /tmp/cvs/mysql-admutils/common.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $"; +static char *rcsheader = "@(#) " PACKAGE " " VERSION " ljosa@initio.no $Header: /tmp/cvs/mysql-admutils/common.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $"; int @@ -117,6 +118,75 @@ owner(char *name) return 0; /* not owner if we get as far as this */ } +/** + * Decides if the user is member of a group. The Unix group can't contain any + * '_'. i.e 'fidi_s' won't be accepted. + */ +int +member(char *gr) { + char *username; + + char *group; + struct group *g; + + struct passwd *p; + char *foo; + + /* size_t i = 0; */ + + /* Get username */ + p = getpwuid(getuid()); + if (!p) { + fprintf(stderr, "Failed to look up your UNIX username."); + exit(1); + } + username = p->pw_name; + + /* Copy string, but cut at '_' */ + group = strdup(gr); + if (group == NULL) { + fprintf(stderr, "Couldn't allocate memory. Terminating."); + exit(1); + } + + foo = strchr(group, '_'); + if (foo) { +#if DEBUG + printf("gr = %s, group = %s, foo = %s\n", gr, group, foo); +#endif + *foo = '\0'; + } + + /* Get group */ + g = getgrnam(group); + if (g == NULL) { + fprintf(stderr, "No such group: %s\n", group); + exit(1); + } + + /* Check if user is member of group */ + while(*g->gr_mem != NULL) { + char * member = *g->gr_mem; +#if DEBUG + printf("Medlem: %s\n", *g->gr_mem); +#endif + + if (strcmp(member,username) == 0) { +#if DEBUG + printf("You have access to '%s'\n", gr); +#endif + return 1; /* OK */ + } else + *g->gr_mem++; + } +#if DEBUG + printf("You have no access to '%s'\n", gr); +#endif + + return 0; + +} + int reload(MYSQL *pmysql) diff --git a/common.patch b/common.patch new file mode 100644 index 0000000..ed4ac5f --- /dev/null +++ b/common.patch @@ -0,0 +1,86 @@ +--- mysql/common.c Wed Feb 2 22:59:21 2000 ++++ src-0.3-local/common.c Thu Feb 17 21:20:24 2000 +@@ -17,6 +17,7 @@ + #include + #include + #include ++#include + #include "mysql-admutils.h" + + char *program_name; +@@ -115,6 +116,75 @@ + return 1; /* OK */ + + return 0; /* not owner if we get as far as this */ ++} ++ ++/** ++ * Decides if the user is member of a group. The Unix group can't contain any ++ * '_'. i.e 'fidi_s' won't be accepted. ++ */ ++int ++member(char *gr) { ++ char *username; ++ ++ char *group; ++ struct group *g; ++ ++ struct passwd *p; ++ char *foo; ++ ++ /* size_t i = 0; */ ++ ++ /* Get username */ ++ p = getpwuid(getuid()); ++ if (!p) { ++ fprintf(stderr, "Failed to look up your UNIX username."); ++ exit(1); ++ } ++ username = p->pw_name; ++ ++ /* Copy string, but cut at '_' */ ++ group = strdup(gr); ++ if (group == NULL) { ++ fprintf(stderr, "Couldn't allocate memory. Terminating."); ++ exit(1); ++ } ++ ++ foo = strchr(group, '_'); ++ if (foo) { ++#if DEBUG ++ printf("gr = %s, group = %s, foo = %s\n", gr, group, foo); ++#endif ++ *foo = '\0'; ++ } ++ ++ /* Get group */ ++ g = getgrnam(group); ++ if (g == NULL) { ++ fprintf(stderr, "No such group: %s\n", group); ++ exit(1); ++ } ++ ++ /* Check if user is member of group */ ++ while(*g->gr_mem != NULL) { ++ char * member = *g->gr_mem; ++#if DEBUG ++ printf("Medlem: %s\n", *g->gr_mem); ++#endif ++ ++ if (strcmp(member,username) == 0) { ++#if DEBUG ++ printf("You have access to '%s'\n", gr); ++#endif ++ return 1; /* OK */ ++ } else ++ *g->gr_mem++; ++ } ++#if DEBUG ++ printf("You have no access to '%s'\n", gr); ++#endif ++ ++ return 0; ++ + } + + diff --git a/mysql-admutils.h b/mysql-admutils.h index ea45a2f..8a6b5b0 100644 --- a/mysql-admutils.h +++ b/mysql-admutils.h @@ -1,5 +1,5 @@ /* - * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-admutils.h,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-admutils.h,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * */ diff --git a/mysql-dbadm.c b/mysql-dbadm.c index dee2e4f..6295fe1 100644 --- a/mysql-dbadm.c +++ b/mysql-dbadm.c @@ -1,5 +1,5 @@ /* - * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-dbadm.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * * mysql-dbadm.c * @@ -168,24 +168,24 @@ writeperm(FILE *f, MYSQL *pmysql, const char *db) MYSQL_ROW row; sprintf(query, "select user,select_priv,insert_priv,update_priv," - "delete_priv,create_priv,drop_priv from db where db='%s'", db); + "delete_priv,create_priv,drop_priv,alter_priv from db where db='%s'", db); if (mysql_query(pmysql, query)) return dberror(pmysql, "Query for permissions failed."); res = mysql_store_result(pmysql); rows = mysql_num_rows(res); fprintf(f, "# User " - "Select Insert Update Delete Create Drop\n"); + "Select Insert Update Delete Create Drop Alter\n"); fprintf(f, "# ---------------- " - "------ ------ ------ ------ ------ ------\n"); + "------ ------ ------ ------ ------ ---- -----\n"); if (rows == 0) fprintf(f, "# (no permissions currently granted to any users)\n"); else for (i = 0; i < rows; i++) { row = mysql_fetch_row(res); - fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %s\n", - row[0], row[1], row[2], row[3], row[4], row[5], row[6]); + fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %-7s %s\n", + row[0], row[1], row[2], row[3], row[4], row[5], row[6], row[7]); } return 0; } @@ -215,7 +215,7 @@ editperm(MYSQL *pmysql, const char *db) char line[1024]; /* buffer to hold one line */ char *cp; /* used to interate through a line */ char *user, *select_priv, *insert_priv, *update_priv, *delete_priv, - *create_priv, *drop_priv; + *create_priv, *drop_priv, *alter_priv; char query[1024]; /* used to build a query */ char *queries[MAX_GRANTS]; /* insert queries */ int lines; /* number of grant lines processed */ @@ -285,15 +285,17 @@ editperm(MYSQL *pmysql, const char *db) CHECK_PRIV(create_priv); STRTOK_WHITESPACE(drop_priv, NULL); CHECK_PRIV(drop_priv); + STRTOK_WHITESPACE(alter_priv, NULL); + CHECK_PRIV(alter_priv); #undef STRTOK_WHITESPACE #undef CHECK_PRIV sprintf(query, "insert into db (host, db, user, select_priv, insert_priv, " - "update_priv, delete_priv, create_priv, drop_priv) values " - "('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", + "update_priv, delete_priv, create_priv, drop_priv, alter_priv) values " + "('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", db, user, select_priv, insert_priv, update_priv, delete_priv, - create_priv, drop_priv); + create_priv, drop_priv, alter_priv); queries[lines] = strdup(query); lines++; if (lines >= MAX_GRANTS) @@ -391,7 +393,7 @@ main(int argc, char *argv[]) /* for each supplied database name, perform the requested action */ for (i = 2; i < argc; i++) { - if (! owner(argv[i])) + if (! (owner(argv[i]) || member(argv[i]))) { dberror(NULL, "You are not the owner of '%s'. Skipping.", argv[i]); diff --git a/mysql-dbadm.patch b/mysql-dbadm.patch new file mode 100644 index 0000000..9ece5a3 --- /dev/null +++ b/mysql-dbadm.patch @@ -0,0 +1,71 @@ +--- mysql/mysql-dbadm.c Wed Feb 2 20:51:53 2000 ++++ src-0.3-local/mysql-dbadm.c Thu Feb 17 21:29:49 2000 +@@ -168,24 +168,24 @@ + MYSQL_ROW row; + + sprintf(query, "select user,select_priv,insert_priv,update_priv," +- "delete_priv,create_priv,drop_priv from db where db='%s'", db); ++ "delete_priv,create_priv,drop_priv,alter_priv from db where db='%s'", db); + + if (mysql_query(pmysql, query)) + return dberror(pmysql, "Query for permissions failed."); + res = mysql_store_result(pmysql); + rows = mysql_num_rows(res); + fprintf(f, "# User " +- "Select Insert Update Delete Create Drop\n"); ++ "Select Insert Update Delete Create Drop Alter\n"); + fprintf(f, "# ---------------- " +- "------ ------ ------ ------ ------ ------\n"); ++ "------ ------ ------ ------ ------ ---- -----\n"); + if (rows == 0) + fprintf(f, "# (no permissions currently granted to any users)\n"); + else + for (i = 0; i < rows; i++) + { + row = mysql_fetch_row(res); +- fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %s\n", +- row[0], row[1], row[2], row[3], row[4], row[5], row[6]); ++ fprintf(f, " %-16s %-7s %-7s %-7s %-7s %-7s %-7s %s\n", ++ row[0], row[1], row[2], row[3], row[4], row[5], row[6], row[7]); + } + return 0; + } +@@ -215,7 +215,7 @@ + char line[1024]; /* buffer to hold one line */ + char *cp; /* used to interate through a line */ + char *user, *select_priv, *insert_priv, *update_priv, *delete_priv, +- *create_priv, *drop_priv; ++ *create_priv, *drop_priv, *alter_priv; + char query[1024]; /* used to build a query */ + char *queries[MAX_GRANTS]; /* insert queries */ + int lines; /* number of grant lines processed */ +@@ -285,15 +285,17 @@ + CHECK_PRIV(create_priv); + STRTOK_WHITESPACE(drop_priv, NULL); + CHECK_PRIV(drop_priv); ++ STRTOK_WHITESPACE(alter_priv, NULL); ++ CHECK_PRIV(alter_priv); + + #undef STRTOK_WHITESPACE + #undef CHECK_PRIV + + sprintf(query, "insert into db (host, db, user, select_priv, insert_priv, " +- "update_priv, delete_priv, create_priv, drop_priv) values " +- "('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", ++ "update_priv, delete_priv, create_priv, drop_priv, alter_priv) values " ++ "('%%', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')", + db, user, select_priv, insert_priv, update_priv, delete_priv, +- create_priv, drop_priv); ++ create_priv, drop_priv, alter_priv); + queries[lines] = strdup(query); + lines++; + if (lines >= MAX_GRANTS) +@@ -391,7 +393,7 @@ + /* for each supplied database name, perform the requested action */ + for (i = 2; i < argc; i++) + { +- if (! owner(argv[i])) ++ if (! (owner(argv[i]) || member(argv[i]))) + { + dberror(NULL, "You are not the owner of '%s'. Skipping.", + argv[i]); diff --git a/mysql-useradm.c b/mysql-useradm.c index c8098ad..a3553b7 100644 --- a/mysql-useradm.c +++ b/mysql-useradm.c @@ -1,5 +1,5 @@ /* - * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @(#) $Header: /tmp/cvs/mysql-admutils/mysql-useradm.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * * mysql-useradm.c * @@ -269,7 +269,7 @@ main(int argc, char *argv[]) /* for each supplied database name, perform the requested action */ for (i = 2; i < argc; i++) { - if (! owner(argv[i])) + if (! (owner(argv[i]) || member(argv[i]))) { dberror(NULL, "You are not the owner of '%s'. Skipping.", argv[i]); diff --git a/mysql-useradm.patch b/mysql-useradm.patch new file mode 100644 index 0000000..8807781 --- /dev/null +++ b/mysql-useradm.patch @@ -0,0 +1,11 @@ +--- mysql/mysql-useradm.c Wed Feb 2 20:51:53 2000 ++++ src-0.3-local/mysql-useradm.c Thu Feb 17 21:22:31 2000 +@@ -269,7 +269,7 @@ + /* for each supplied database name, perform the requested action */ + for (i = 2; i < argc; i++) + { +- if (! owner(argv[i])) ++ if (! (owner(argv[i]) || member(argv[i]))) + { + dberror(NULL, "You are not the owner of '%s'. Skipping.", + argv[i]); diff --git a/pwfile.c b/pwfile.c index ca6aaa5..969e22e 100644 --- a/pwfile.c +++ b/pwfile.c @@ -1,5 +1,5 @@ /* - * @($) $Id: pwfile.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @($) $Id: pwfile.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * * functions for parsing the config file. * diff --git a/pwlex.c b/pwlex.c index 9289d35..d970b7d 100644 --- a/pwlex.c +++ b/pwlex.c @@ -1,7 +1,7 @@ /* A lexical scanner generated by flex */ /* Scanner skeleton version: - * $Header: /tmp/cvs/mysql-admutils/pwlex.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * $Header: /tmp/cvs/mysql-admutils/pwlex.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $ */ #define FLEX_SCANNER @@ -389,7 +389,7 @@ char *yytext; #line 1 "pwlex.l" #define INITIAL 0 /* - * @(#) $Id: pwlex.c,v 1.1.1.1 2001-11-25 00:41:16 lkarsten Exp $ + * @(#) $Id: pwlex.c,v 1.2 2002-02-27 08:49:48 knutpett Exp $ * * lex source for the configuration file *