Projects/mysqladm-rs
12
2
Fork 0
Code Issues36 Pull Requests1 Actions Packages Releases Activity

Wrap database users and database names in newtypes

Browse Source 
Also, use less cloning where possible
This commit is contained in:
Oystein Kristoffer Tveit
2024-08-20 17:46:43 +02:00
parent 8c2754c9d7
commit a0be0d3b92
15 changed files with 355 additions and 260 deletions

2
src/server/config.rs

@ -118,7 +118,7 @@ pub fn read_config_from_path(config_path: Option<PathBuf>) -> anyhow::Result<Ser
}
fn log_config(config: &MysqlConfig) {
let mut display_config = config.clone();
let mut display_config = config.to_owned();
display_config.password = display_config
.password
.as_ref()

2
src/server/input_sanitization.rs

@ -24,7 +24,7 @@ pub fn validate_ownership_by_unix_user(
name: &str,
user: &UnixUser,
) -> Result<(), OwnerValidationError> {
let prefixes = std::iter::once(user.username.clone())
let prefixes = std::iter::once(user.username.to_owned())
.chain(user.groups.iter().cloned())
.collect::<Vec<String>>();

41
src/server/sql/database_operations.rs

@ -5,6 +5,7 @@ use sqlx::MySqlConnection;
use serde::{Deserialize, Serialize};
use crate::core::protocol::MySQLDatabase;
use crate::{
core::{
common::UnixUser,
@ -42,7 +43,7 @@ pub(super) async fn unsafe_database_exists(
}
pub async fn create_databases(
database_names: Vec<String>,
database_names: Vec<MySQLDatabase>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> CreateDatabasesOutput {
@ -51,7 +52,7 @@ pub async fn create_databases(
for database_name in database_names {
if let Err(err) = validate_name(&database_name) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(CreateDatabaseError::SanitizationError(err)),
);
continue;
@ -59,7 +60,7 @@ pub async fn create_databases(
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(CreateDatabaseError::OwnershipError(err)),
);
continue;
@ -68,14 +69,14 @@ pub async fn create_databases(
match unsafe_database_exists(&database_name, &mut *connection).await {
Ok(true) => {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(CreateDatabaseError::DatabaseAlreadyExists),
);
continue;
}
Err(err) => {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(CreateDatabaseError::MySqlError(err.to_string())),
);
continue;
@ -101,7 +102,7 @@ pub async fn create_databases(
}
pub async fn drop_databases(
database_names: Vec<String>,
database_names: Vec<MySQLDatabase>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> DropDatabasesOutput {
@ -110,7 +111,7 @@ pub async fn drop_databases(
for database_name in database_names {
if let Err(err) = validate_name(&database_name) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(DropDatabaseError::SanitizationError(err)),
);
continue;
@ -118,7 +119,7 @@ pub async fn drop_databases(
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(DropDatabaseError::OwnershipError(err)),
);
continue;
@ -127,14 +128,14 @@ pub async fn drop_databases(
match unsafe_database_exists(&database_name, &mut *connection).await {
Ok(false) => {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(DropDatabaseError::DatabaseDoesNotExist),
);
continue;
}
Err(err) => {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(DropDatabaseError::MySqlError(err.to_string())),
);
continue;
@ -159,13 +160,21 @@ pub async fn drop_databases(
results
}
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize, FromRow)]
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct DatabaseRow {
pub database: String,
pub database: MySQLDatabase,
}
impl FromRow<'_, sqlx::mysql::MySqlRow> for DatabaseRow {
fn from_row(row: &sqlx::mysql::MySqlRow) -> Result<Self, sqlx::Error> {
Ok(DatabaseRow {
database: row.try_get::<String, _>("database")?.into(),
})
}
}
pub async fn list_databases(
database_names: Vec<String>,
database_names: Vec<MySQLDatabase>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> ListDatabasesOutput {
@ -174,7 +183,7 @@ pub async fn list_databases(
for database_name in database_names {
if let Err(err) = validate_name(&database_name) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(ListDatabasesError::SanitizationError(err)),
);
continue;
@ -182,7 +191,7 @@ pub async fn list_databases(
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(ListDatabasesError::OwnershipError(err)),
);
continue;
@ -195,7 +204,7 @@ pub async fn list_databases(
WHERE `SCHEMA_NAME` = ?
"#,
)
.bind(&database_name)
.bind(database_name.to_string())
.fetch_optional(&mut *connection)
.await
.map_err(|err| ListDatabasesError::MySqlError(err.to_string()))

49
src/server/sql/database_privilege_operations.rs

@ -28,7 +28,8 @@ use crate::{
protocol::{
DiffDoesNotApplyError, GetAllDatabasesPrivilegeData, GetAllDatabasesPrivilegeDataError,
GetDatabasesPrivilegeData, GetDatabasesPrivilegeDataError,
ModifyDatabasePrivilegesError, ModifyDatabasePrivilegesOutput,
ModifyDatabasePrivilegesError, ModifyDatabasePrivilegesOutput, MySQLDatabase,
MySQLUser,
},
},
server::{
@ -63,8 +64,8 @@ pub const DATABASE_PRIVILEGE_FIELDS: [&str; 13] = [
/// This struct represents the set of privileges for a single user on a single database.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, PartialOrd, Ord)]
pub struct DatabasePrivilegeRow {
pub db: String,
pub user: String,
pub db: MySQLDatabase,
pub user: MySQLUser,
pub select_priv: bool,
pub insert_priv: bool,
pub update_priv: bool,
@ -115,8 +116,8 @@ fn get_mysql_row_priv_field(row: &MySqlRow, position: usize) -> Result<bool, sql
impl FromRow<'_, MySqlRow> for DatabasePrivilegeRow {
fn from_row(row: &MySqlRow) -> Result<Self, sqlx::Error> {
Ok(Self {
db: try_get_with_binary_fallback(row, "Db")?,
user: try_get_with_binary_fallback(row, "User")?,
db: try_get_with_binary_fallback(row, "Db")?.into(),
user: try_get_with_binary_fallback(row, "User")?.into(),
select_priv: get_mysql_row_priv_field(row, 2)?,
insert_priv: get_mysql_row_priv_field(row, 3)?,
update_priv: get_mysql_row_priv_field(row, 4)?,
@ -163,8 +164,8 @@ async fn unsafe_get_database_privileges(
// NOTE: this function is unsafe because it does no input validation.
/// Get all users + privileges for a single database-user pair.
pub async fn unsafe_get_database_privileges_for_db_user_pair(
database_name: &str,
user_name: &str,
database_name: &MySQLDatabase,
user_name: &MySQLUser,
connection: &mut MySqlConnection,
) -> Result<Option<DatabasePrivilegeRow>, sqlx::Error> {
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(&format!(
@ -174,8 +175,8 @@ pub async fn unsafe_get_database_privileges_for_db_user_pair(
.map(|field| quote_identifier(field))
.join(","),
))
.bind(database_name)
.bind(user_name)
.bind(database_name.as_str())
.bind(user_name.as_str())
.fetch_optional(connection)
.await;
@ -192,7 +193,7 @@ pub async fn unsafe_get_database_privileges_for_db_user_pair(
}
pub async fn get_databases_privilege_data(
database_names: Vec<String>,
database_names: Vec<MySQLDatabase>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> GetDatabasesPrivilegeData {
@ -201,7 +202,7 @@ pub async fn get_databases_privilege_data(
for database_name in database_names.iter() {
if let Err(err) = validate_name(database_name) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(GetDatabasesPrivilegeDataError::SanitizationError(err)),
);
continue;
@ -209,7 +210,7 @@ pub async fn get_databases_privilege_data(
if let Err(err) = validate_ownership_by_unix_user(database_name, unix_user) {
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(GetDatabasesPrivilegeDataError::OwnershipError(err)),
);
continue;
@ -220,7 +221,7 @@ pub async fn get_databases_privilege_data(
.unwrap()
{
results.insert(
database_name.clone(),
database_name.to_owned(),
Err(GetDatabasesPrivilegeDataError::DatabaseDoesNotExist),
);
continue;
@ -230,7 +231,7 @@ pub async fn get_databases_privilege_data(
.await
.map_err(|e| GetDatabasesPrivilegeDataError::MySqlError(e.to_string()));
results.insert(database_name.clone(), result);
results.insert(database_name.to_owned(), result);
}
debug_assert!(database_names.len() == results.len());
@ -364,8 +365,8 @@ async fn validate_diff(
if privilege_row.is_some() {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowAlreadyExists(
diff.get_user_name().to_string(),
diff.get_database_name().to_string(),
diff.get_database_name().to_owned(),
diff.get_user_name().to_owned(),
),
))
} else {
@ -375,8 +376,8 @@ async fn validate_diff(
DatabasePrivilegesDiff::Modified(_) if privilege_row.is_none() => {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowDoesNotExist(
diff.get_user_name().to_string(),
diff.get_database_name().to_string(),
diff.get_database_name().to_owned(),
diff.get_user_name().to_owned(),
),
))
}
@ -390,7 +391,7 @@ async fn validate_diff(
if error_exists {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowPrivilegeChangeDoesNotApply(row_diff.clone(), row),
DiffDoesNotApplyError::RowPrivilegeChangeDoesNotApply(row_diff.to_owned(), row),
))
} else {
Ok(())
@ -400,8 +401,8 @@ async fn validate_diff(
if privilege_row.is_none() {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowDoesNotExist(
diff.get_user_name().to_string(),
diff.get_database_name().to_string(),
diff.get_database_name().to_owned(),
diff.get_user_name().to_owned(),
),
))
} else {
@ -419,12 +420,12 @@ pub async fn apply_privilege_diffs(
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> ModifyDatabasePrivilegesOutput {
let mut results: BTreeMap<(String, String), _> = BTreeMap::new();
let mut results: BTreeMap<(MySQLDatabase, MySQLUser), _> = BTreeMap::new();
for diff in database_privilege_diffs {
let key = (
diff.get_database_name().to_string(),
diff.get_user_name().to_string(),
diff.get_database_name().to_owned(),
diff.get_user_name().to_owned(),
);
if let Err(err) = validate_name(diff.get_database_name()) {
results.insert(

25
src/server/sql/user_operations.rs

@ -7,18 +7,17 @@ use serde::{Deserialize, Serialize};
use sqlx::prelude::*;
use sqlx::MySqlConnection;
use crate::server::common::try_get_with_binary_fallback;
use crate::{
core::{
common::UnixUser,
protocol::{
CreateUserError, CreateUsersOutput, DropUserError, DropUsersOutput, ListAllUsersError,
ListAllUsersOutput, ListUsersError, ListUsersOutput, LockUserError, LockUsersOutput,
SetPasswordError, SetPasswordOutput, UnlockUserError, UnlockUsersOutput,
MySQLUser, SetPasswordError, SetPasswordOutput, UnlockUserError, UnlockUsersOutput,
},
},
server::{
common::create_user_group_matching_regex,
common::{create_user_group_matching_regex, try_get_with_binary_fallback},
input_sanitization::{quote_literal, validate_name, validate_ownership_by_unix_user},
},
};
@ -52,7 +51,7 @@ async fn unsafe_user_exists(
}
pub async fn create_database_users(
db_users: Vec<String>,
db_users: Vec<MySQLUser>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> CreateUsersOutput {
@ -98,7 +97,7 @@ pub async fn create_database_users(
}
pub async fn drop_database_users(
db_users: Vec<String>,
db_users: Vec<MySQLUser>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> DropUsersOutput {
@ -144,7 +143,7 @@ pub async fn drop_database_users(
}
pub async fn set_password_for_database_user(
db_user: &str,
db_user: &MySQLUser,
password: &str,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
@ -219,7 +218,7 @@ async fn database_user_is_locked_unsafe(
}
pub async fn lock_database_users(
db_users: Vec<String>,
db_users: Vec<MySQLUser>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> LockUsersOutput {
@ -279,7 +278,7 @@ pub async fn lock_database_users(
}
pub async fn unlock_database_users(
db_users: Vec<String>,
db_users: Vec<MySQLUser>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> UnlockUsersOutput {
@ -342,7 +341,7 @@ pub async fn unlock_database_users(
/// This can be extended if we need more information in the future.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct DatabaseUser {
pub user: String,
pub user: MySQLUser,
#[serde(skip)]
pub host: String,
pub has_password: bool,
@ -353,7 +352,7 @@ pub struct DatabaseUser {
impl FromRow<'_, sqlx::mysql::MySqlRow> for DatabaseUser {
fn from_row(row: &sqlx::mysql::MySqlRow) -> Result<Self, sqlx::Error> {
Ok(Self {
user: try_get_with_binary_fallback(row, "User")?,
user: try_get_with_binary_fallback(row, "User")?.into(),
host: try_get_with_binary_fallback(row, "Host")?,
has_password: row.try_get("has_password")?,
is_locked: row.try_get("is_locked")?,
@ -378,7 +377,7 @@ JOIN `global_priv` ON
"#;
pub async fn list_database_users(
db_users: Vec<String>,
db_users: Vec<MySQLUser>,
unix_user: &UnixUser,
connection: &mut MySqlConnection,
) -> ListUsersOutput {
@ -398,7 +397,7 @@ pub async fn list_database_users(
let mut result = sqlx::query_as::<_, DatabaseUser>(
&(DB_USER_SELECT_STATEMENT.to_string() + "WHERE `mysql`.`user`.`User` = ?"),
)
.bind(&db_user)
.bind(db_user.as_str())
.fetch_optional(&mut *connection)
.await;
@ -463,7 +462,7 @@ pub async fn append_databases_where_user_has_privileges(
)
.as_str(),
)
.bind(db_user.user.clone())
.bind(db_user.user.as_str())
.fetch_all(&mut *connection)
.await;