WIP

2024-08-19 00:19:54 +02:00
11 changed files with 81 additions and 212 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -265,15 +265,6 @@ dependencies = [
 "strsim",
 ]
 [[package]]
 name = "clap_complete"
 version = "4.5.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "1ee158892bd7ce77aa15c208abbdb73e155d191c287a659b57abd5adb92feb03"
 dependencies = [
 "clap",
 ]
 [[package]]
 name = "clap_derive"
 version = "4.5.13"
@ -1064,7 +1055,6 @@ dependencies = [
 "async-bincode",
 "bincode",
 "clap",
 "clap_complete",
 "derive_more",
 "dialoguer",
 "env_logger",
--- a/Cargo.toml
+++ b/Cargo.toml
@ -8,7 +8,6 @@ anyhow = "1.0.86"
 async-bincode = "0.7.2"
 bincode = "1.3.3"
 clap = { version = "4.5.16", features = ["derive"] }
 clap_complete = "4.5.18"
 derive_more = { version = "1.0.0", features = ["display", "error"] }
 dialoguer = "0.11.0"
 env_logger = "0.11.5"
--- a/build.rs
+++ b/build.rs
@ -3,44 +3,40 @@ use anyhow::anyhow;
 #[cfg(feature = "mysql-admutils-compatibility")]
 use std::{env, os::unix::fs::symlink, path::PathBuf};
 fn generate_mysql_admutils_symlinks() -> anyhow::Result<()> {
    // NOTE: This is slightly illegal, and depends on implementation details.
    //       But it is only here for ease of testing the compatibility layer,
    //       and not critical in any way. Considering the code is never going
    //       to be used as a library, it should be fine.
    let target_profile_dir: PathBuf = PathBuf::from(env::var("OUT_DIR")?)
        .parent()
        .and_then(|p| p.parent())
        .and_then(|p| p.parent())
        .ok_or(anyhow!("Could not resolve target profile directory"))?
        .to_path_buf();
    if !target_profile_dir.exists() {
        std::fs::create_dir_all(&target_profile_dir)?;
    }
    if !target_profile_dir.join("mysql-useradm").exists() {
        symlink(
            target_profile_dir.join("mysqladm"),
            target_profile_dir.join("mysql-useradm"),
        )
        .ok();
    }
    if !target_profile_dir.join("mysql-dbadm").exists() {
        symlink(
            target_profile_dir.join("mysqladm"),
            target_profile_dir.join("mysql-dbadm"),
        )
        .ok();
    }
    Ok(())
 }
 fn main() -> anyhow::Result<()> {
    #[cfg(feature = "mysql-admutils-compatibility")]
-    generate_mysql_admutils_symlinks()?;
+    {
        // NOTE: This is slightly illegal, and depends on implementation details.
        //       But it is only here for ease of testing the compatibility layer,
        //       and not critical in any way. Considering the code is never going
        //       to be used as a library, it should be fine.
        let target_profile_dir: PathBuf = PathBuf::from(env::var("OUT_DIR")?)
            .parent()
            .and_then(|p| p.parent())
            .and_then(|p| p.parent())
            .ok_or(anyhow!("Could not resolve target profile directory"))?
            .to_path_buf();
        if !target_profile_dir.exists() {
            std::fs::create_dir_all(&target_profile_dir)?;
        }
        if !target_profile_dir.join("mysql-useradm").exists() {
            symlink(
                target_profile_dir.join("mysqladm"),
                target_profile_dir.join("mysql-useradm"),
            )
            .ok();
        }
        if !target_profile_dir.join("mysql-dbadm").exists() {
            symlink(
                target_profile_dir.join("mysqladm"),
                target_profile_dir.join("mysql-dbadm"),
            )
            .ok();
        }
    }
    Ok(())
 }
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1723637854,
+        "lastModified": 1713297878,
-        "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
+        "narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
+        "rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
        "type": "github"
      },
      "original": {
@ -29,11 +29,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723947704,
+        "lastModified": 1720577957,
-        "narHash": "sha256-TcVf66N2NgGhxORFytzgqWcg0XJ+kk8uNLNsTRI5sYM=",
+        "narHash": "sha256-RZuzLdB/8FaXaSzEoWLg3au/mtbuH7MGn2LmXUKT62g=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "456e78a55feade2c3bc6d7bc0bf5e710c9d86120",
+        "rev": "a434177dfcc53bf8f1f348a3c39bfb336d760286",
        "type": "github"
      },
      "original": {
--- a/nix/default.nix
+++ b/nix/default.nix
@ -4,10 +4,8 @@
 , cargoToml
 , cargoLock
 , src
 , installShellFiles
 }:
 let
  mainProgram = (lib.head cargoToml.bin).name;
 in
 rustPlatform.buildRustPackage {
  pname = cargoToml.package.name;
@ -16,20 +14,9 @@ rustPlatform.buildRustPackage {
  cargoLock.lockFile = cargoLock;
  nativeBuildInputs = [ installShellFiles ];
  postInstall = let
    commands = lib.mapCartesianProduct ({ shell, command }: ''
      "$out/bin/${mainProgram}" generate-completions --shell "${shell}" --command "${command}" > "$TMP/mysqladm.${shell}"
      installShellCompletion "--${shell}" --cmd "${command}" "$TMP/mysqladm.${shell}"
    '') {
      shell = [ "bash" "zsh" "fish" ];
      command = [ "mysqladm" "mysql-dbadm" "mysql-useradm" ];
    };
  in lib.concatStringsSep "\n" commands;
  meta = with lib; {
    license = licenses.mit;
    platforms = platforms.linux ++ platforms.darwin;
-    inherit mainProgram;
+    mainProgram = (lib.head cargoToml.bin).name;
  };
 }
--- a/src/cli/mysql_admutils_compatibility/mysql_dbadm.rs
+++ b/src/cli/mysql_admutils_compatibility/mysql_dbadm.rs
@ -49,19 +49,7 @@ The Y/N-values corresponds to the following mysql privileges:
  References - Enables use of REFERENCES
 "#;
 /// Create, drop or edit permissions for the DATABASE(s),
 /// as determined by the COMMAND.
 ///
 /// This is a compatibility layer for the mysql-dbadm command.
 /// Please consider using the newer mysqladm command instead.
 #[derive(Parser)]
 #[command(
  bin_name = "mysql-dbadm",
  version,
  about,
  disable_help_subcommand = true,
  verbatim_doc_comment,
 )]
 pub struct Args {
    #[command(subcommand)]
    pub command: Option<Command>,
@ -94,7 +82,14 @@ pub struct Args {
 // NOTE: mysql-dbadm explicitly calls privileges "permissions".
 //       This is something we're trying to move away from.
 //       See https://git.pvv.ntnu.no/Projects/mysqladm-rs/issues/29
 /// Create, drop or edit permissions for the DATABASE(s),
 /// as determined by the COMMAND.
 ///
 /// This is a compatibility layer for the mysql-dbadm command.
 /// Please consider using the newer mysqladm command instead.
 #[derive(Parser)]
 #[command(version, about, disable_help_subcommand = true, verbatim_doc_comment)]
 pub enum Command {
    /// create the DATABASE(s).
    Create(CreateArgs),
--- a/src/cli/mysql_admutils_compatibility/mysql_useradm.rs
+++ b/src/cli/mysql_admutils_compatibility/mysql_useradm.rs
@ -25,19 +25,7 @@ use crate::{
    server::sql::user_operations::DatabaseUser,
 };
 /// Create, delete or change password for the USER(s),
 /// as determined by the COMMAND.
 ///
 /// This is a compatibility layer for the mysql-useradm command.
 /// Please consider using the newer mysqladm command instead.
 #[derive(Parser)]
 #[command(
  bin_name = "mysql-useradm",
  version,
  about,
  disable_help_subcommand = true,
  verbatim_doc_comment,
 )]
 pub struct Args {
    #[command(subcommand)]
    pub command: Option<Command>,
@ -63,7 +51,13 @@ pub struct Args {
    config: Option<PathBuf>,
 }
 /// Create, delete or change password for the USER(s),
 /// as determined by the COMMAND.
 ///
 /// This is a compatibility layer for the mysql-useradm command.
 /// Please consider using the newer mysqladm command instead.
 #[derive(Parser)]
 #[command(version, about, disable_help_subcommand = true, verbatim_doc_comment)]
 pub enum Command {
    /// create the USER(s).
    Create(CreateArgs),
--- a/src/cli/user_command.rs
+++ b/src/cli/user_command.rs
@ -6,8 +6,7 @@ use futures_util::{SinkExt, StreamExt};
 use crate::core::protocol::{
    print_create_users_output_status, print_drop_users_output_status,
    print_lock_users_output_status, print_set_password_output_status,
-    print_unlock_users_output_status, ClientToServerMessageStream, ListUsersError, Request,
+    print_unlock_users_output_status, ClientToServerMessageStream, Request, Response,
    Response,
 };
 use super::common::erroneous_server_response;
@ -208,28 +207,6 @@ async fn passwd_user(
    args: UserPasswdArgs,
    mut server_connection: ClientToServerMessageStream,
 ) -> anyhow::Result<()> {
    // TODO: create a "user" exists check" command
    let message = Request::ListUsers(Some(vec![args.username.clone()]));
    if let Err(err) = server_connection.send(message).await {
        server_connection.close().await.ok();
        anyhow::bail!(err);
    }
    let response = match server_connection.next().await {
        Some(Ok(Response::ListUsers(users))) => users,
        response => return erroneous_server_response(response),
    };
    match response
        .get(&args.username)
        .unwrap_or(&Err(ListUsersError::UserDoesNotExist))
    {
        Ok(_) => {}
        Err(err) => {
            server_connection.send(Request::Exit).await?;
            server_connection.close().await.ok();
            anyhow::bail!("{}", err.to_error_message(&args.username));
        }
    }
    let password = if let Some(password_file) = args.password_file {
        std::fs::read_to_string(password_file)
            .context("Failed to read password file")?
--- a/src/core/protocol/server_responses.rs
+++ b/src/core/protocol/server_responses.rs
@ -76,7 +76,6 @@ impl OwnerValidationError {
                indoc! {r#"
                  Invalid {} name prefix: '{}' does not match your username or any of your groups.
                  Are you sure you are allowed to create {} names with this prefix?
                  The format should be: <prefix>_<{} name>
                  Allowed prefixes:
                    - {}
@ -85,7 +84,6 @@ impl OwnerValidationError {
                db_or_user.lowercased(),
                name,
                db_or_user.lowercased(),
                db_or_user.lowercased(),
                user.as_ref()
                    .map(|u| u.username.clone())
                    .unwrap_or("???".to_string()),
--- a/src/main.rs
+++ b/src/main.rs
@ -1,8 +1,7 @@
 #[macro_use]
 extern crate prettytable;
-use clap::{CommandFactory, Parser, ValueEnum};
+use clap::Parser;
 use clap_complete::{generate, Shell};
 use std::path::PathBuf;
@ -28,14 +27,7 @@ mod core;
 #[cfg(feature = "tui")]
 mod tui;
 /// Database administration tool for non-admin users to manage their own MySQL databases and users.
 ///
 /// This tool allows you to manage users and databases in MySQL.
 ///
 /// You are only allowed to manage databases and users that are prefixed with
 /// either your username, or a group that you are a member of.
 #[derive(Parser, Debug)]
 #[command(bin_name = "mysqladm", version, about, disable_help_subcommand = true)]
 struct Args {
    #[command(subcommand)]
    command: Command,
@ -65,7 +57,14 @@ struct Args {
    interactive: bool,
 }
 // Database administration tool for non-admin users to manage their own MySQL databases and users.
 //
 // This tool allows you to manage users and databases in MySQL.
 //
 // You are only allowed to manage databases and users that are prefixed with
 // either your username, or a group that you are a member of.
 #[derive(Parser, Debug, Clone)]
 #[command(version, about, disable_help_subcommand = true)]
 enum Command {
    #[command(flatten)]
    Db(cli::database_command::DatabaseCommand),
@ -75,26 +74,6 @@ enum Command {
    #[command(hide = true)]
    Server(server::command::ServerArgs),
    #[command(hide = true)]
    GenerateCompletions(GenerateCompletionArgs),
 }
 #[derive(Parser, Debug, Clone)]
 struct GenerateCompletionArgs {
    #[arg(long, default_value = "bash")]
    shell: Shell,
    #[arg(long, default_value = "mysqladm")]
    command: ToplevelCommands,
 }
 #[cfg(feature = "mysql-admutils-compatibility")]
 #[derive(ValueEnum, Debug, Clone)]
 enum ToplevelCommands {
    Mysqladm,
    MysqlDbadm,
    MysqlUseradm,
 }
 // TODO: tag all functions that are run with elevated privileges with
@ -107,18 +86,28 @@ fn main() -> anyhow::Result<()> {
    env_logger::init();
    #[cfg(feature = "mysql-admutils-compatibility")]
-    if let Some(_) = handle_mysql_admutils_command()? {
+    {
-        return Ok(());
+        let argv0 = std::env::args().next().and_then(|s| {
            PathBuf::from(s)
                .file_name()
                .map(|s| s.to_string_lossy().to_string())
        });
        match argv0.as_deref() {
            Some("mysql-dbadm") => return mysql_dbadm::main(),
            Some("mysql-useradm") => return mysql_useradm::main(),
            _ => { /* fall through */ }
        }
    }
    let args: Args = Args::parse();
-
+    match args.command {
-    if let Some(_) = handle_server_command(&args)? {
+        Command::Server(ref command) => {
-        return Ok(());
+            drop_privs()?;
-    }
+            tokio_start_server(args.server_socket_path, args.config, command.clone())?;
-
+            return Ok(());
-    if let Some(_) = handle_generate_completions_command(&args)? {
+        }
-        return Ok(());
+        _ => { /* fall through */ }
    }
    let server_connection =
@ -129,61 +118,6 @@ fn main() -> anyhow::Result<()> {
    Ok(())
 }
 fn handle_mysql_admutils_command() -> anyhow::Result<Option<()>> {
    let argv0 = std::env::args().next().and_then(|s| {
        PathBuf::from(s)
            .file_name()
            .map(|s| s.to_string_lossy().to_string())
    });
    match argv0.as_deref() {
        Some("mysql-dbadm") => mysql_dbadm::main().map(|result| Some(result)),
        Some("mysql-useradm") => mysql_useradm::main().map(|result| Some(result)),
        _ => Ok(None),
    }
 }
 fn handle_server_command(args: &Args) -> anyhow::Result<Option<()>> {
    match args.command {
        Command::Server(ref command) => {
            drop_privs()?;
            tokio_start_server(
                args.server_socket_path.clone(),
                args.config.clone(),
                command.clone(),
            )?;
            Ok(Some(()))
        }
        _ => Ok(None),
    }
 }
 fn handle_generate_completions_command(args: &Args) -> anyhow::Result<Option<()>> {
    match args.command {
        Command::GenerateCompletions(ref completion_args) => {
            let mut cmd = match completion_args.command {
                ToplevelCommands::Mysqladm => Args::command(),
                #[cfg(feature = "mysql-admutils-compatibility")]
                ToplevelCommands::MysqlDbadm => mysql_dbadm::Args::command(),
                #[cfg(feature = "mysql-admutils-compatibility")]
                ToplevelCommands::MysqlUseradm => mysql_useradm::Args::command(),
            };
            let binary_name = cmd.get_bin_name().unwrap().to_owned();
            generate(
                completion_args.shell,
                &mut cmd,
                binary_name,
                &mut std::io::stdout(),
            );
            Ok(Some(()))
        }
        _ => Ok(None),
    }
 }
 fn tokio_start_server(
    server_socket_path: Option<PathBuf>,
    config_path: Option<PathBuf>,
@ -214,7 +148,6 @@ fn tokio_run_command(command: Command, server_connection: StdUnixStream) -> anyh
                    cli::database_command::handle_command(db_args, message_stream).await
                }
                Command::Server(_) => unreachable!(),
                Command::GenerateCompletions(_) => unreachable!(),
            }
        })
 }
--- a/src/server/input_sanitization.rs
+++ b/src/server/input_sanitization.rs
@ -45,7 +45,7 @@ pub fn validate_ownership_by_prefixes(
    if prefixes
        .iter()
-        .filter(|p| name.starts_with(&(p.to_string() + "_")))
+        .filter(|p| name.starts_with(*p))
        .collect::<Vec<_>>()
        .is_empty()
    {