Projects/mysqladm-rs
Projects
/
mysqladm-rs
12
2
Fork 0
Code Issues 36 Pull Requests Releases Activity

Compare commits

base: Projects:a0be0d3b92a1795ff2df7ba7f77ab7336f96cb98
Branches Tags
Projects:main
Projects:dpkg-packaging
..
compare: Projects:a4067975b658ba59191d508e3b196f2124e968d2
Branches Tags
Projects:main
Projects:dpkg-packaging

No commits in common. "a0be0d3b92a1795ff2df7ba7f77ab7336f96cb98" and "a4067975b658ba59191d508e3b196f2124e968d2" have entirely different histories.
a0be0d3b92 ... a4067975b6

22 changed files with 380 additions and 946 deletions
Show Stats Expand all files Collapse all files

31
Cargo.lock generated
View File

@ -253,16 +253,6 @@ dependencies = [
"clap_derive", "clap_derive",
] ]
[[package]]
name = "clap-verbosity-flag"
version = "2.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "63d19864d6b68464c59f7162c9914a0b569ddc2926b4a2d71afe62a9738eff53"
dependencies = [
"clap",
"log",
]
[[package]] [[package]]
name = "clap_builder" name = "clap_builder"
version = "4.5.15" version = "4.5.15"
@ -1003,9 +993,6 @@ name = "log"
version = "0.4.22" version = "0.4.22"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24"
dependencies = [
"value-bag",
]
[[package]] [[package]]
name = "lru" name = "lru"
@ -1077,7 +1064,6 @@ dependencies = [
"async-bincode", "async-bincode",
"bincode", "bincode",
"clap", "clap",
"clap-verbosity-flag",
"clap_complete", "clap_complete",
"derive_more", "derive_more",
"dialoguer", "dialoguer",
@ -1096,7 +1082,6 @@ dependencies = [
"serde", "serde",
"serde_json", "serde_json",
"sqlx", "sqlx",
"systemd-journal-logger",
"tokio", "tokio",
"tokio-serde", "tokio-serde",
"tokio-stream", "tokio-stream",
@ -2011,16 +1996,6 @@ dependencies = [
"unicode-ident", "unicode-ident",
] ]
[[package]]
name = "systemd-journal-logger"
version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5f3848dd723f2a54ac1d96da793b32923b52de8dfcced8722516dac312a5b2a"
dependencies = [
"log",
"rustix",
]
[[package]] [[package]]
name = "tempfile" name = "tempfile"
version = "3.12.0" version = "3.12.0"
@ -2312,12 +2287,6 @@ dependencies = [
"getrandom", "getrandom",
] ]
[[package]]
name = "value-bag"
version = "1.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5a84c137d37ab0142f0f2ddfe332651fdbf252e7b7dbb4e67b6c1f1b2e925101"
[[package]] [[package]]
name = "vcpkg" name = "vcpkg"
version = "0.2.15" version = "0.2.15"

2
Cargo.toml
View File

@ -8,7 +8,6 @@ anyhow = "1.0.86"
async-bincode = "0.7.2" async-bincode = "0.7.2"
bincode = "1.3.3" bincode = "1.3.3"
clap = { version = "4.5.16", features = ["derive"] } clap = { version = "4.5.16", features = ["derive"] }
clap-verbosity-flag = "2.2.1"
clap_complete = "4.5.18" clap_complete = "4.5.18"
derive_more = { version = "1.0.0", features = ["display", "error"] } derive_more = { version = "1.0.0", features = ["display", "error"] }
dialoguer = "0.11.0" dialoguer = "0.11.0"
@ -26,7 +25,6 @@ sd-notify = "0.4.2"
serde = "1.0.208" serde = "1.0.208"
serde_json = { version = "1.0.125", features = ["preserve_order"] } serde_json = { version = "1.0.125", features = ["preserve_order"] }
sqlx = { version = "0.8.0", features = ["runtime-tokio", "mysql", "tls-rustls"] } sqlx = { version = "0.8.0", features = ["runtime-tokio", "mysql", "tls-rustls"] }
systemd-journal-logger = "2.1.1"
tokio = { version = "1.39.3", features = ["rt", "macros"] } tokio = { version = "1.39.3", features = ["rt", "macros"] }
tokio-serde = { version = "0.9.0", features = ["bincode"] } tokio-serde = { version = "0.9.0", features = ["bincode"] }
tokio-stream = "0.1.15" tokio-stream = "0.1.15"

78
deny.toml
View File

@ -1,78 +0,0 @@
[graph]
targets = [
"x86_64-unknown-linux-gnu",
"aarch64-unknown-linux-gnu",
"armv7-unknown-linux-gnueabihf",
"x86_64-unknown-freebsd",
"aarch64-unknown-freebsd",
"armv7-unknown-freebsd",
"x86_64-apple-darwin",
"aarch64-apple-darwin",
]
all-features = false
no-default-features = false
#features = []
[output]
feature-depth = 1
[advisories]
#db-path = "$CARGO_HOME/advisory-dbs"
#db-urls = ["https://github.com/rustsec/advisory-db"]
ignore = []
[licenses]
allow = [
"GPL-2.0",
"MIT",
"Apache-2.0",
"ISC",
"MPL-2.0",
"Unicode-DFS-2016",
"BSD-3-Clause",
"OpenSSL",
]
confidence-threshold = 0.8
exceptions = []
[[licenses.clarify]]
crate = "ring"
expression = "MIT AND ISC AND OpenSSL"
license-files = [
{ path = "LICENSE", hash = 0xbd0eed23 }
]
[licenses.private]
ignore = false
registries = []
[bans]
multiple-versions = "allow"
wildcards = "allow"
highlight = "all"
workspace-default-features = "allow"
external-default-features = "allow"
allow = []
deny = []
#[[bans.features]]
#crate = "reqwest"
#deny = ["json"]
#allow = []
#exact = true
skip = []
skip-tree = []
[sources]
unknown-registry = "warn"
unknown-git = "warn"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]
allow-git = []
[sources.allow-org]

1
flake.nix
View File

@ -47,7 +47,6 @@
toolchain toolchain
mysql-client mysql-client
cargo-nextest cargo-nextest
cargo-deny
]; ];
RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library"; RUST_SRC_PATH = "${toolchain}/lib/rustlib/src/rust/library";

37
nix/module.nix
View File

@ -15,20 +15,6 @@ in
description = "Create a local database user for mysqladm-rs"; description = "Create a local database user for mysqladm-rs";
}; };
logLevel = lib.mkOption {
type = lib.types.enum [ "quiet" "error" "warn" "info" "debug" "trace" ];
default = "debug";
description = "Log level for mysqladm-rs";
apply = level: {
"quiet" = "-q";
"error" = "";
"warn" = "-v";
"info" = "-vv";
"debug" = "-vvv";
"trace" = "-vvvv";
}.${level};
};
settings = lib.mkOption { settings = lib.mkOption {
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
@ -90,7 +76,7 @@ in
name = cfg.settings.mysql.username; name = cfg.settings.mysql.username;
ensurePermissions = { ensurePermissions = {
"mysql.*" = "SELECT, INSERT, UPDATE, DELETE"; "mysql.*" = "SELECT, INSERT, UPDATE, DELETE";
"*.*" = "GRANT OPTION, CREATE, DROP"; "*.*" = "CREATE USER, GRANT OPTION";
}; };
} }
]; ];
@ -100,9 +86,7 @@ in
environment.RUST_LOG = "debug"; environment.RUST_LOG = "debug";
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStart = "${lib.getExe cfg.package} ${cfg.logLevel} server --systemd socket-activate --config ${configFile}"; ExecStart = "${lib.getExe cfg.package} server socket-activate --config ${configFile}";
WatchdogSec = 15;
User = "mysqladm"; User = "mysqladm";
Group = "mysqladm"; Group = "mysqladm";
@ -111,18 +95,7 @@ in
# This is required to read unix user/group details. # This is required to read unix user/group details.
PrivateUsers = false; PrivateUsers = false;
# Needed to communicate with MySQL. CapabilityBoundingSet = "";
PrivateNetwork = false;
IPAddressDeny =
lib.optionals (lib.elem cfg.settings.mysql.host [ null "localhost" "127.0.0.1" ]) [ "any" ];
RestrictAddressFamilies = [ "AF_UNIX" ]
++ (lib.optionals (cfg.settings.mysql.host != null) [ "AF_INET" "AF_INET6" ]);
AmbientCapabilities = [ "" ];
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true; LockPersonality = true;
MemoryDenyWriteExecute = true; MemoryDenyWriteExecute = true;
NoNewPrivileges = true; NoNewPrivileges = true;
@ -140,12 +113,12 @@ in
ProtectProc = "invisible"; ProtectProc = "invisible";
ProtectSystem = "strict"; ProtectSystem = "strict";
RemoveIPC = true; RemoveIPC = true;
UMask = "0777"; UMask = "0000";
RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
RestrictNamespaces = true; RestrictNamespaces = true;
RestrictRealtime = true; RestrictRealtime = true;
RestrictSUIDSGID = true; RestrictSUIDSGID = true;
SystemCallArchitectures = "native"; SystemCallArchitectures = "native";
SocketBindDeny = [ "any" ];
SystemCallFilter = [ SystemCallFilter = [
"@system-service" "@system-service"
"~@privileged" "~@privileged"

72
src/cli/database_command.rs
View File

@ -15,10 +15,9 @@ use crate::{
parse_privilege_table_cli_arg, parse_privilege_table_cli_arg,
}, },
protocol::{ protocol::{
print_create_databases_output_status, print_create_databases_output_status_json, print_create_databases_output_status, print_drop_databases_output_status,
print_drop_databases_output_status, print_drop_databases_output_status_json, print_modify_database_privileges_output_status, ClientToServerMessageStream, Request,
print_modify_database_privileges_output_status, ClientToServerMessageStream, Response,
MySQLDatabase, Request, Response,
}, },
}, },
server::sql::database_privilege_operations::{DatabasePrivilegeRow, DATABASE_PRIVILEGE_FIELDS}, server::sql::database_privilege_operations::{DatabasePrivilegeRow, DATABASE_PRIVILEGE_FIELDS},
@ -103,57 +102,49 @@ pub enum DatabaseCommand {
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct DatabaseCreateArgs { pub struct DatabaseCreateArgs {
/// The name of the database(s) to create /// The name of the database(s) to create.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
/// Print the information as JSON
#[arg(short, long)]
json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct DatabaseDropArgs { pub struct DatabaseDropArgs {
/// The name of the database(s) to drop /// The name of the database(s) to drop.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
/// Print the information as JSON
#[arg(short, long)]
json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct DatabaseShowArgs { pub struct DatabaseShowArgs {
/// The name of the database(s) to show /// The name of the database(s) to show.
#[arg(num_args = 0..)] #[arg(num_args = 0..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
/// Print the information as JSON /// Whether to output the information in JSON format.
#[arg(short, long)] #[arg(short, long)]
json: bool, json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct DatabaseShowPrivsArgs { pub struct DatabaseShowPrivsArgs {
/// The name of the database(s) to show /// The name of the database(s) to show.
#[arg(num_args = 0..)] #[arg(num_args = 0..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
/// Print the information as JSON /// Whether to output the information in JSON format.
#[arg(short, long)] #[arg(short, long)]
json: bool, json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct DatabaseEditPrivsArgs { pub struct DatabaseEditPrivsArgs {
/// The name of the database to edit privileges for /// The name of the database to edit privileges for.
pub name: Option<MySQLDatabase>, pub name: Option<String>,
#[arg(short, long, value_name = "[DATABASE:]USER:PRIVILEGES", num_args = 0..)] #[arg(short, long, value_name = "[DATABASE:]USER:PRIVILEGES", num_args = 0..)]
pub privs: Vec<String>, pub privs: Vec<String>,
/// Print the information as JSON /// Whether to output the information in JSON format.
#[arg(short, long)] #[arg(short, long)]
pub json: bool, pub json: bool,
@ -161,7 +152,7 @@ pub struct DatabaseEditPrivsArgs {
#[arg(short, long)] #[arg(short, long)]
pub editor: Option<String>, pub editor: Option<String>,
/// Disable interactive confirmation before saving changes /// Disable interactive confirmation before saving changes.
#[arg(short, long)] #[arg(short, long)]
pub yes: bool, pub yes: bool,
} }
@ -191,7 +182,7 @@ async fn create_databases(
anyhow::bail!("No database names provided"); anyhow::bail!("No database names provided");
} }
let message = Request::CreateDatabases(args.name.to_owned()); let message = Request::CreateDatabases(args.name.clone());
server_connection.send(message).await?; server_connection.send(message).await?;
let result = match server_connection.next().await { let result = match server_connection.next().await {
@ -201,11 +192,7 @@ async fn create_databases(
server_connection.send(Request::Exit).await?; server_connection.send(Request::Exit).await?;
if args.json { print_create_databases_output_status(&result);
print_create_databases_output_status_json(&result);
} else {
print_create_databases_output_status(&result);
}
Ok(()) Ok(())
} }
@ -218,7 +205,7 @@ async fn drop_databases(
anyhow::bail!("No database names provided"); anyhow::bail!("No database names provided");
} }
let message = Request::DropDatabases(args.name.to_owned()); let message = Request::DropDatabases(args.name.clone());
server_connection.send(message).await?; server_connection.send(message).await?;
let result = match server_connection.next().await { let result = match server_connection.next().await {
@ -228,11 +215,7 @@ async fn drop_databases(
server_connection.send(Request::Exit).await?; server_connection.send(Request::Exit).await?;
if args.json { print_drop_databases_output_status(&result);
print_drop_databases_output_status_json(&result);
} else {
print_drop_databases_output_status(&result);
};
Ok(()) Ok(())
} }
@ -244,13 +227,11 @@ async fn show_databases(
let message = if args.name.is_empty() { let message = if args.name.is_empty() {
Request::ListDatabases(None) Request::ListDatabases(None)
} else { } else {
Request::ListDatabases(Some(args.name.to_owned())) Request::ListDatabases(Some(args.name.clone()))
}; };
server_connection.send(message).await?; server_connection.send(message).await?;
// TODO: collect errors for json output.
let database_list = match server_connection.next().await { let database_list = match server_connection.next().await {
Some(Ok(Response::ListDatabases(databases))) => databases Some(Ok(Response::ListDatabases(databases))) => databases
.into_iter() .into_iter()
@ -301,7 +282,7 @@ async fn show_database_privileges(
let message = if args.name.is_empty() { let message = if args.name.is_empty() {
Request::ListPrivileges(None) Request::ListPrivileges(None)
} else { } else {
Request::ListPrivileges(Some(args.name.to_owned())) Request::ListPrivileges(Some(args.name.clone()))
}; };
server_connection.send(message).await?; server_connection.send(message).await?;
@ -373,7 +354,7 @@ pub async fn edit_database_privileges(
args: DatabaseEditPrivsArgs, args: DatabaseEditPrivsArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let message = Request::ListPrivileges(args.name.to_owned().map(|name| vec![name])); let message = Request::ListPrivileges(args.name.clone().map(|name| vec![name]));
server_connection.send(message).await?; server_connection.send(message).await?;
@ -405,14 +386,13 @@ pub async fn edit_database_privileges(
let privileges_to_change = if !args.privs.is_empty() { let privileges_to_change = if !args.privs.is_empty() {
parse_privilege_tables_from_args(&args)? parse_privilege_tables_from_args(&args)?
} else { } else {
edit_privileges_with_editor(&privilege_data, args.name.as_ref())? edit_privileges_with_editor(&privilege_data, args.name.as_deref())?
}; };
let diffs = diff_privileges(&privilege_data, &privileges_to_change); let diffs = diff_privileges(&privilege_data, &privileges_to_change);
if diffs.is_empty() { if diffs.is_empty() {
println!("No changes to make."); println!("No changes to make.");
server_connection.send(Request::Exit).await?;
return Ok(()); return Ok(());
} }
@ -471,7 +451,7 @@ fn parse_privilege_tables_from_args(
fn edit_privileges_with_editor( fn edit_privileges_with_editor(
privilege_data: &[DatabasePrivilegeRow], privilege_data: &[DatabasePrivilegeRow],
database_name: Option<&MySQLDatabase>, database_name: Option<&str>,
) -> anyhow::Result<Vec<DatabasePrivilegeRow>> { ) -> anyhow::Result<Vec<DatabasePrivilegeRow>> {
let unix_user = User::from_uid(getuid()) let unix_user = User::from_uid(getuid())
.context("Failed to look up your UNIX username") .context("Failed to look up your UNIX username")

11
src/cli/mysql_admutils_compatibility/common.rs
View File

@ -1,11 +1,4 @@
use crate::core::protocol::{MySQLDatabase, MySQLUser};
#[inline] #[inline]
pub fn trim_db_name_to_32_chars(db_name: &MySQLDatabase) -> MySQLDatabase { pub fn trim_to_32_chars(name: &str) -> String {
db_name.chars().take(32).collect::<String>().into() name.chars().take(32).collect()
}
#[inline]
pub fn trim_user_name_to_32_chars(user_name: &MySQLUser) -> MySQLUser {
user_name.chars().take(32).collect::<String>().into()
} }

45
src/cli/mysql_admutils_compatibility/mysql_dbadm.rs
View File

@ -9,7 +9,7 @@ use crate::{
common::erroneous_server_response, common::erroneous_server_response,
database_command, database_command,
mysql_admutils_compatibility::{ mysql_admutils_compatibility::{
common::trim_db_name_to_32_chars, common::trim_to_32_chars,
error_messages::{ error_messages::{
format_show_database_error_message, handle_create_database_error, format_show_database_error_message, handle_create_database_error,
handle_drop_database_error, handle_drop_database_error,
@ -20,7 +20,7 @@ use crate::{
bootstrap::bootstrap_server_connection_and_drop_privileges, bootstrap::bootstrap_server_connection_and_drop_privileges,
protocol::{ protocol::{
create_client_to_server_message_stream, ClientToServerMessageStream, create_client_to_server_message_stream, ClientToServerMessageStream,
GetDatabasesPrivilegeDataError, MySQLDatabase, Request, Response, GetDatabasesPrivilegeDataError, Request, Response,
}, },
}, },
server::sql::database_privilege_operations::DatabasePrivilegeRow, server::sql::database_privilege_operations::DatabasePrivilegeRow,
@ -120,27 +120,27 @@ pub enum Command {
pub struct CreateArgs { pub struct CreateArgs {
/// The name of the DATABASE(s) to create. /// The name of the DATABASE(s) to create.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
} }
#[derive(Parser)] #[derive(Parser)]
pub struct DatabaseDropArgs { pub struct DatabaseDropArgs {
/// The name of the DATABASE(s) to drop. /// The name of the DATABASE(s) to drop.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
} }
#[derive(Parser)] #[derive(Parser)]
pub struct DatabaseShowArgs { pub struct DatabaseShowArgs {
/// The name of the DATABASE(s) to show. /// The name of the DATABASE(s) to show.
#[arg(num_args = 0..)] #[arg(num_args = 0..)]
name: Vec<MySQLDatabase>, name: Vec<String>,
} }
#[derive(Parser)] #[derive(Parser)]
pub struct EditPermArgs { pub struct EditPermArgs {
/// The name of the DATABASE to edit permissions for. /// The name of the DATABASE to edit permissions for.
pub database: MySQLDatabase, pub database: String,
} }
pub fn main() -> anyhow::Result<()> { pub fn main() -> anyhow::Result<()> {
@ -202,7 +202,11 @@ async fn create_databases(
args: CreateArgs, args: CreateArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let database_names = args.name.iter().map(trim_db_name_to_32_chars).collect(); let database_names = args
.name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = Request::CreateDatabases(database_names); let message = Request::CreateDatabases(database_names);
server_connection.send(message).await?; server_connection.send(message).await?;
@ -228,7 +232,11 @@ async fn drop_databases(
args: DatabaseDropArgs, args: DatabaseDropArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let database_names = args.name.iter().map(trim_db_name_to_32_chars).collect(); let database_names = args
.name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = Request::DropDatabases(database_names); let message = Request::DropDatabases(database_names);
server_connection.send(message).await?; server_connection.send(message).await?;
@ -254,8 +262,11 @@ async fn show_databases(
args: DatabaseShowArgs, args: DatabaseShowArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let database_names: Vec<MySQLDatabase> = let database_names: Vec<String> = args
args.name.iter().map(trim_db_name_to_32_chars).collect(); .name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = if database_names.is_empty() { let message = if database_names.is_empty() {
let message = Request::ListDatabases(None); let message = Request::ListDatabases(None);
@ -280,16 +291,14 @@ async fn show_databases(
// NOTE: mysql-dbadm show has a quirk where valid database names // NOTE: mysql-dbadm show has a quirk where valid database names
// for non-existent databases will report with no users. // for non-existent databases will report with no users.
let results: Vec<Result<(MySQLDatabase, Vec<DatabasePrivilegeRow>), String>> = match response { let results: Vec<Result<(String, Vec<DatabasePrivilegeRow>), String>> = match response {
Some(Ok(Response::ListPrivileges(result))) => result Some(Ok(Response::ListPrivileges(result))) => result
.into_iter() .into_iter()
.map( .map(|(name, rows)| match rows.map(|rows| (name.clone(), rows)) {
|(name, rows)| match rows.map(|rows| (name.to_owned(), rows)) { Ok(rows) => Ok(rows),
Ok(rows) => Ok(rows), Err(GetDatabasesPrivilegeDataError::DatabaseDoesNotExist) => Ok((name, vec![])),
Err(GetDatabasesPrivilegeDataError::DatabaseDoesNotExist) => Ok((name, vec![])), Err(err) => Err(format_show_database_error_message(err, &name)),
Err(err) => Err(format_show_database_error_message(err, &name)), })
},
)
.collect(), .collect(),
response => return erroneous_server_response(response), response => return erroneous_server_response(response),
}; };

51
src/cli/mysql_admutils_compatibility/mysql_useradm.rs
View File

@ -9,7 +9,7 @@ use crate::{
cli::{ cli::{
common::erroneous_server_response, common::erroneous_server_response,
mysql_admutils_compatibility::{ mysql_admutils_compatibility::{
common::trim_user_name_to_32_chars, common::trim_to_32_chars,
error_messages::{ error_messages::{
handle_create_user_error, handle_drop_user_error, handle_list_users_error, handle_create_user_error, handle_drop_user_error, handle_list_users_error,
}, },
@ -19,8 +19,7 @@ use crate::{
core::{ core::{
bootstrap::bootstrap_server_connection_and_drop_privileges, bootstrap::bootstrap_server_connection_and_drop_privileges,
protocol::{ protocol::{
create_client_to_server_message_stream, ClientToServerMessageStream, MySQLUser, create_client_to_server_message_stream, ClientToServerMessageStream, Request, Response,
Request, Response,
}, },
}, },
server::sql::user_operations::DatabaseUser, server::sql::user_operations::DatabaseUser,
@ -84,28 +83,28 @@ pub enum Command {
pub struct CreateArgs { pub struct CreateArgs {
/// The name of the USER(s) to create. /// The name of the USER(s) to create.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLUser>, name: Vec<String>,
} }
#[derive(Parser)] #[derive(Parser)]
pub struct DeleteArgs { pub struct DeleteArgs {
/// The name of the USER(s) to delete. /// The name of the USER(s) to delete.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLUser>, name: Vec<String>,
} }
#[derive(Parser)] #[derive(Parser)]
pub struct PasswdArgs { pub struct PasswdArgs {
/// The name of the USER(s) to change the password for. /// The name of the USER(s) to change the password for.
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
name: Vec<MySQLUser>, name: Vec<String>,
} }
#[derive(Parser)] #[derive(Parser)]
pub struct ShowArgs { pub struct ShowArgs {
/// The name of the USER(s) to show. /// The name of the USER(s) to show.
#[arg(num_args = 0..)] #[arg(num_args = 0..)]
name: Vec<MySQLUser>, name: Vec<String>,
} }
pub fn main() -> anyhow::Result<()> { pub fn main() -> anyhow::Result<()> {
@ -153,9 +152,13 @@ async fn create_user(
args: CreateArgs, args: CreateArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let db_users = args.name.iter().map(trim_user_name_to_32_chars).collect(); let usernames = args
.name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = Request::CreateUsers(db_users); let message = Request::CreateUsers(usernames);
server_connection.send(message).await?; server_connection.send(message).await?;
let result = match server_connection.next().await { let result = match server_connection.next().await {
@ -179,9 +182,13 @@ async fn drop_users(
args: DeleteArgs, args: DeleteArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let db_users = args.name.iter().map(trim_user_name_to_32_chars).collect(); let usernames = args
.name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = Request::DropUsers(db_users); let message = Request::DropUsers(usernames);
server_connection.send(message).await?; server_connection.send(message).await?;
let result = match server_connection.next().await { let result = match server_connection.next().await {
@ -205,9 +212,13 @@ async fn passwd_users(
args: PasswdArgs, args: PasswdArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let db_users = args.name.iter().map(trim_user_name_to_32_chars).collect(); let usernames = args
.name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = Request::ListUsers(Some(db_users)); let message = Request::ListUsers(Some(usernames));
server_connection.send(message).await?; server_connection.send(message).await?;
let response = match server_connection.next().await { let response = match server_connection.next().await {
@ -232,11 +243,11 @@ async fn passwd_users(
for user in users { for user in users {
let password = read_password_from_stdin_with_double_check(&user.user)?; let password = read_password_from_stdin_with_double_check(&user.user)?;
let message = Request::PasswdUser(user.user.to_owned(), password); let message = Request::PasswdUser(user.user.clone(), password);
server_connection.send(message).await?; server_connection.send(message).await?;
match server_connection.next().await { match server_connection.next().await {
Some(Ok(Response::PasswdUser(result))) => match result { Some(Ok(Response::PasswdUser(result))) => match result {
Ok(()) => println!("Password updated for user '{}'.", &user.user), Ok(()) => println!("Password updated for user '{}'.", user.user),
Err(_) => eprintln!( Err(_) => eprintln!(
"{}: Failed to update password for user '{}'.", "{}: Failed to update password for user '{}'.",
argv0, user.user, argv0, user.user,
@ -255,12 +266,16 @@ async fn show_users(
args: ShowArgs, args: ShowArgs,
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let db_users: Vec<_> = args.name.iter().map(trim_user_name_to_32_chars).collect(); let usernames: Vec<_> = args
.name
.iter()
.map(|name| trim_to_32_chars(name))
.collect();
let message = if db_users.is_empty() { let message = if usernames.is_empty() {
Request::ListUsers(None) Request::ListUsers(None)
} else { } else {
Request::ListUsers(Some(db_users)) Request::ListUsers(Some(usernames))
}; };
server_connection.send(message).await?; server_connection.send(message).await?;

143
src/cli/user_command.rs
View File

@ -4,12 +4,10 @@ use dialoguer::{Confirm, Password};
use futures_util::{SinkExt, StreamExt}; use futures_util::{SinkExt, StreamExt};
use crate::core::protocol::{ use crate::core::protocol::{
print_create_users_output_status, print_create_users_output_status_json, print_create_users_output_status, print_drop_users_output_status,
print_drop_users_output_status, print_drop_users_output_status_json, print_lock_users_output_status, print_set_password_output_status,
print_lock_users_output_status, print_lock_users_output_status_json, print_unlock_users_output_status, ClientToServerMessageStream, ListUsersError, Request,
print_set_password_output_status, print_unlock_users_output_status, Response,
print_unlock_users_output_status_json, ClientToServerMessageStream, ListUsersError, MySQLUser,
Request, Response,
}; };
use super::common::erroneous_server_response; use super::common::erroneous_server_response;
@ -53,69 +51,46 @@ pub enum UserCommand {
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct UserCreateArgs { pub struct UserCreateArgs {
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
username: Vec<MySQLUser>, username: Vec<String>,
/// Do not ask for a password, leave it unset /// Do not ask for a password, leave it unset
#[clap(long)] #[clap(long)]
no_password: bool, no_password: bool,
/// Print the information as JSON
///
/// Note that this implies `--no-password`, since the command will become non-interactive.
#[arg(short, long)]
json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct UserDeleteArgs { pub struct UserDeleteArgs {
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
username: Vec<MySQLUser>, username: Vec<String>,
/// Print the information as JSON
#[arg(short, long)]
json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct UserPasswdArgs { pub struct UserPasswdArgs {
username: MySQLUser, username: String,
#[clap(short, long)] #[clap(short, long)]
password_file: Option<String>, password_file: Option<String>,
/// Print the information as JSON
#[arg(short, long)]
json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct UserShowArgs { pub struct UserShowArgs {
#[arg(num_args = 0..)] #[arg(num_args = 0..)]
username: Vec<MySQLUser>, username: Vec<String>,
/// Print the information as JSON #[clap(short, long)]
#[arg(short, long)]
json: bool, json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct UserLockArgs { pub struct UserLockArgs {
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
username: Vec<MySQLUser>, username: Vec<String>,
/// Print the information as JSON
#[arg(short, long)]
json: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
pub struct UserUnlockArgs { pub struct UserUnlockArgs {
#[arg(num_args = 1..)] #[arg(num_args = 1..)]
username: Vec<MySQLUser>, username: Vec<String>,
/// Print the information as JSON
#[arg(short, long)]
json: bool,
} }
pub async fn handle_command( pub async fn handle_command(
@ -140,7 +115,7 @@ async fn create_users(
anyhow::bail!("No usernames provided"); anyhow::bail!("No usernames provided");
} }
let message = Request::CreateUsers(args.username.to_owned()); let message = Request::CreateUsers(args.username.clone());
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
anyhow::bail!(anyhow::Error::from(err).context("Failed to communicate with server")); anyhow::bail!(anyhow::Error::from(err).context("Failed to communicate with server"));
@ -151,43 +126,39 @@ async fn create_users(
response => return erroneous_server_response(response), response => return erroneous_server_response(response),
}; };
if args.json { print_create_users_output_status(&result);
print_create_users_output_status_json(&result);
} else {
print_create_users_output_status(&result);
let successfully_created_users = result let successfully_created_users = result
.iter() .iter()
.filter_map(|(username, result)| result.as_ref().ok().map(|_| username)) .filter_map(|(username, result)| result.as_ref().ok().map(|_| username))
.collect::<Vec<_>>(); .collect::<Vec<_>>();
for username in successfully_created_users { for username in successfully_created_users {
if !args.no_password if !args.no_password
&& Confirm::new() && Confirm::new()
.with_prompt(format!( .with_prompt(format!(
"Do you want to set a password for user '{}'?", "Do you want to set a password for user '{}'?",
username username
)) ))
.default(false) .default(false)
.interact()? .interact()?
{ {
let password = read_password_from_stdin_with_double_check(username)?; let password = read_password_from_stdin_with_double_check(username)?;
let message = Request::PasswdUser(username.to_owned(), password); let message = Request::PasswdUser(username.clone(), password);
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
anyhow::bail!(err); anyhow::bail!(err);
}
match server_connection.next().await {
Some(Ok(Response::PasswdUser(result))) => {
print_set_password_output_status(&result, username)
}
response => return erroneous_server_response(response),
}
println!();
} }
match server_connection.next().await {
Some(Ok(Response::PasswdUser(result))) => {
print_set_password_output_status(&result, username)
}
response => return erroneous_server_response(response),
}
println!();
} }
} }
@ -204,7 +175,7 @@ async fn drop_users(
anyhow::bail!("No usernames provided"); anyhow::bail!("No usernames provided");
} }
let message = Request::DropUsers(args.username.to_owned()); let message = Request::DropUsers(args.username.clone());
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
@ -218,16 +189,12 @@ async fn drop_users(
server_connection.send(Request::Exit).await?; server_connection.send(Request::Exit).await?;
if args.json { print_drop_users_output_status(&result);
print_drop_users_output_status_json(&result);
} else {
print_drop_users_output_status(&result);
}
Ok(()) Ok(())
} }
pub fn read_password_from_stdin_with_double_check(username: &MySQLUser) -> anyhow::Result<String> { pub fn read_password_from_stdin_with_double_check(username: &str) -> anyhow::Result<String> {
Password::new() Password::new()
.with_prompt(format!("New MySQL password for user '{}'", username)) .with_prompt(format!("New MySQL password for user '{}'", username))
.with_confirmation( .with_confirmation(
@ -243,7 +210,7 @@ async fn passwd_user(
mut server_connection: ClientToServerMessageStream, mut server_connection: ClientToServerMessageStream,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
// TODO: create a "user" exists check" command // TODO: create a "user" exists check" command
let message = Request::ListUsers(Some(vec![args.username.to_owned()])); let message = Request::ListUsers(Some(vec![args.username.clone()]));
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
anyhow::bail!(err); anyhow::bail!(err);
@ -273,7 +240,7 @@ async fn passwd_user(
read_password_from_stdin_with_double_check(&args.username)? read_password_from_stdin_with_double_check(&args.username)?
}; };
let message = Request::PasswdUser(args.username.to_owned(), password); let message = Request::PasswdUser(args.username.clone(), password);
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
@ -299,7 +266,7 @@ async fn show_users(
let message = if args.username.is_empty() { let message = if args.username.is_empty() {
Request::ListUsers(None) Request::ListUsers(None)
} else { } else {
Request::ListUsers(Some(args.username.to_owned())) Request::ListUsers(Some(args.username.clone()))
}; };
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
@ -370,7 +337,7 @@ async fn lock_users(
anyhow::bail!("No usernames provided"); anyhow::bail!("No usernames provided");
} }
let message = Request::LockUsers(args.username.to_owned()); let message = Request::LockUsers(args.username.clone());
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
@ -384,11 +351,7 @@ async fn lock_users(
server_connection.send(Request::Exit).await?; server_connection.send(Request::Exit).await?;
if args.json { print_lock_users_output_status(&result);
print_lock_users_output_status_json(&result);
} else {
print_lock_users_output_status(&result);
}
Ok(()) Ok(())
} }
@ -401,7 +364,7 @@ async fn unlock_users(
anyhow::bail!("No usernames provided"); anyhow::bail!("No usernames provided");
} }
let message = Request::UnlockUsers(args.username.to_owned()); let message = Request::UnlockUsers(args.username.clone());
if let Err(err) = server_connection.send(message).await { if let Err(err) = server_connection.send(message).await {
server_connection.close().await.ok(); server_connection.close().await.ok();
@ -415,11 +378,7 @@ async fn unlock_users(
server_connection.send(Request::Exit).await?; server_connection.send(Request::Exit).await?;
if args.json { print_unlock_users_output_status(&result);
print_unlock_users_output_status_json(&result);
} else {
print_unlock_users_output_status(&result);
}
Ok(()) Ok(())
} }

2
src/core/common.rs
View File

@ -54,7 +54,7 @@ impl UnixUser {
Ok(UnixUser { Ok(UnixUser {
username: libc_user.name, username: libc_user.name,
groups: groups.iter().map(|g| g.name.to_owned()).collect(), groups: groups.iter().map(|g| g.name.clone()).collect(),
}) })
} }

101
src/core/database_privileges.rs
View File

@ -7,10 +7,7 @@ use std::{
collections::{BTreeSet, HashMap}, collections::{BTreeSet, HashMap},
}; };
use super::{ use super::common::{rev_yn, yn};
common::{rev_yn, yn},
protocol::{MySQLDatabase, MySQLUser},
};
use crate::server::sql::database_privilege_operations::{ use crate::server::sql::database_privilege_operations::{
DatabasePrivilegeRow, DATABASE_PRIVILEGE_FIELDS, DatabasePrivilegeRow, DATABASE_PRIVILEGE_FIELDS,
}; };
@ -38,8 +35,8 @@ pub fn diff(row1: &DatabasePrivilegeRow, row2: &DatabasePrivilegeRow) -> Databas
debug_assert!(row1.db == row2.db && row1.user == row2.user); debug_assert!(row1.db == row2.db && row1.user == row2.user);
DatabasePrivilegeRowDiff { DatabasePrivilegeRowDiff {
db: row1.db.to_owned(), db: row1.db.clone(),
user: row1.user.to_owned(), user: row1.user.clone(),
diff: DATABASE_PRIVILEGE_FIELDS diff: DATABASE_PRIVILEGE_FIELDS
.into_iter() .into_iter()
.skip(2) .skip(2)
@ -73,8 +70,8 @@ pub fn parse_privilege_table_cli_arg(arg: &str) -> anyhow::Result<DatabasePrivil
anyhow::bail!("Username cannot be empty."); anyhow::bail!("Username cannot be empty.");
} }
let db = parts[0].into(); let db = parts[0].to_string();
let user = parts[1].into(); let user = parts[1].to_string();
let privs = parts[2].to_string(); let privs = parts[2].to_string();
let mut result = DatabasePrivilegeRow { let mut result = DatabasePrivilegeRow {
@ -168,11 +165,11 @@ const EDITOR_COMMENT: &str = r#"
pub fn generate_editor_content_from_privilege_data( pub fn generate_editor_content_from_privilege_data(
privilege_data: &[DatabasePrivilegeRow], privilege_data: &[DatabasePrivilegeRow],
unix_user: &str, unix_user: &str,
database_name: Option<&MySQLDatabase>, database_name: Option<&str>,
) -> String { ) -> String {
let example_user = format!("{}_user", unix_user); let example_user = format!("{}_user", unix_user);
let example_db = database_name let example_db = database_name
.unwrap_or(&format!("{}_db", unix_user).into()) .unwrap_or(&format!("{}_db", unix_user))
.to_string(); .to_string();
// NOTE: `.max()`` fails when the iterator is empty. // NOTE: `.max()`` fails when the iterator is empty.
@ -209,8 +206,8 @@ pub fn generate_editor_content_from_privilege_data(
let example_line = format_privileges_line_for_editor( let example_line = format_privileges_line_for_editor(
&DatabasePrivilegeRow { &DatabasePrivilegeRow {
db: example_db.into(), db: example_db,
user: example_user.into(), user: example_user,
select_priv: true, select_priv: true,
insert_priv: true, insert_priv: true,
update_priv: true, update_priv: true,
@ -301,8 +298,8 @@ fn parse_privilege_row_from_editor(row: &str) -> PrivilegeRowParseResult {
} }
let row = DatabasePrivilegeRow { let row = DatabasePrivilegeRow {
db: (*parts.first().unwrap()).into(), db: (*parts.first().unwrap()).to_owned(),
user: (*parts.get(1).unwrap()).into(), user: (*parts.get(1).unwrap()).to_owned(),
select_priv: match parse_privilege_cell_from_editor( select_priv: match parse_privilege_cell_from_editor(
parts.get(2).unwrap(), parts.get(2).unwrap(),
DATABASE_PRIVILEGE_FIELDS[2], DATABASE_PRIVILEGE_FIELDS[2],
@ -426,8 +423,8 @@ pub fn parse_privilege_data_from_editor_content(
/// The `User` and `Database` are the same for both instances. /// The `User` and `Database` are the same for both instances.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, PartialOrd, Ord)] #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, PartialOrd, Ord)]
pub struct DatabasePrivilegeRowDiff { pub struct DatabasePrivilegeRowDiff {
pub db: MySQLDatabase, pub db: String,
pub user: MySQLUser, pub user: String,
pub diff: BTreeSet<DatabasePrivilegeChange>, pub diff: BTreeSet<DatabasePrivilegeChange>,
} }
@ -457,7 +454,7 @@ pub enum DatabasePrivilegesDiff {
} }
impl DatabasePrivilegesDiff { impl DatabasePrivilegesDiff {
pub fn get_database_name(&self) -> &MySQLDatabase { pub fn get_database_name(&self) -> &str {
match self { match self {
DatabasePrivilegesDiff::New(p) => &p.db, DatabasePrivilegesDiff::New(p) => &p.db,
DatabasePrivilegesDiff::Modified(p) => &p.db, DatabasePrivilegesDiff::Modified(p) => &p.db,
@ -465,7 +462,7 @@ impl DatabasePrivilegesDiff {
} }
} }
pub fn get_user_name(&self) -> &MySQLUser { pub fn get_user_name(&self) -> &str {
match self { match self {
DatabasePrivilegesDiff::New(p) => &p.user, DatabasePrivilegesDiff::New(p) => &p.user,
DatabasePrivilegesDiff::Modified(p) => &p.user, DatabasePrivilegesDiff::Modified(p) => &p.user,
@ -481,36 +478,34 @@ pub fn diff_privileges(
from: &[DatabasePrivilegeRow], from: &[DatabasePrivilegeRow],
to: &[DatabasePrivilegeRow], to: &[DatabasePrivilegeRow],
) -> BTreeSet<DatabasePrivilegesDiff> { ) -> BTreeSet<DatabasePrivilegesDiff> {
let from_lookup_table: HashMap<(MySQLDatabase, MySQLUser), DatabasePrivilegeRow> = let from_lookup_table: HashMap<(String, String), DatabasePrivilegeRow> = HashMap::from_iter(
HashMap::from_iter( from.iter()
from.iter() .cloned()
.cloned() .map(|p| ((p.db.clone(), p.user.clone()), p)),
.map(|p| ((p.db.to_owned(), p.user.to_owned()), p)), );
);
let to_lookup_table: HashMap<(MySQLDatabase, MySQLUser), DatabasePrivilegeRow> = let to_lookup_table: HashMap<(String, String), DatabasePrivilegeRow> = HashMap::from_iter(
HashMap::from_iter( to.iter()
to.iter() .cloned()
.cloned() .map(|p| ((p.db.clone(), p.user.clone()), p)),
.map(|p| ((p.db.to_owned(), p.user.to_owned()), p)), );
);
let mut result = BTreeSet::new(); let mut result = BTreeSet::new();
for p in to { for p in to {
if let Some(old_p) = from_lookup_table.get(&(p.db.to_owned(), p.user.to_owned())) { if let Some(old_p) = from_lookup_table.get(&(p.db.clone(), p.user.clone())) {
let diff = diff(old_p, p); let diff = diff(old_p, p);
if !diff.diff.is_empty() { if !diff.diff.is_empty() {
result.insert(DatabasePrivilegesDiff::Modified(diff)); result.insert(DatabasePrivilegesDiff::Modified(diff));
} }
} else { } else {
result.insert(DatabasePrivilegesDiff::New(p.to_owned())); result.insert(DatabasePrivilegesDiff::New(p.clone()));
} }
} }
for p in from { for p in from {
if !to_lookup_table.contains_key(&(p.db.to_owned(), p.user.to_owned())) { if !to_lookup_table.contains_key(&(p.db.clone(), p.user.clone())) {
result.insert(DatabasePrivilegesDiff::Deleted(p.to_owned())); result.insert(DatabasePrivilegesDiff::Deleted(p.clone()));
} }
} }
@ -598,8 +593,8 @@ mod tests {
assert_eq!( assert_eq!(
result.ok(), result.ok(),
Some(DatabasePrivilegeRow { Some(DatabasePrivilegeRow {
db: "db".into(), db: "db".to_owned(),
user: "user".into(), user: "user".to_owned(),
select_priv: true, select_priv: true,
insert_priv: true, insert_priv: true,
update_priv: true, update_priv: true,
@ -618,8 +613,8 @@ mod tests {
assert_eq!( assert_eq!(
result.ok(), result.ok(),
Some(DatabasePrivilegeRow { Some(DatabasePrivilegeRow {
db: "db".into(), db: "db".to_owned(),
user: "user".into(), user: "user".to_owned(),
select_priv: false, select_priv: false,
insert_priv: false, insert_priv: false,
update_priv: false, update_priv: false,
@ -638,8 +633,8 @@ mod tests {
assert_eq!( assert_eq!(
result.ok(), result.ok(),
Some(DatabasePrivilegeRow { Some(DatabasePrivilegeRow {
db: "db".into(), db: "db".to_owned(),
user: "user".into(), user: "user".to_owned(),
select_priv: true, select_priv: true,
insert_priv: true, insert_priv: true,
update_priv: true, update_priv: true,
@ -673,8 +668,8 @@ mod tests {
#[test] #[test]
fn test_diff_privileges() { fn test_diff_privileges() {
let row_to_be_modified = DatabasePrivilegeRow { let row_to_be_modified = DatabasePrivilegeRow {
db: "db".into(), db: "db".to_owned(),
user: "user".into(), user: "user".to_owned(),
select_priv: true, select_priv: true,
insert_priv: true, insert_priv: true,
update_priv: true, update_priv: true,
@ -688,20 +683,20 @@ mod tests {
references_priv: false, references_priv: false,
}; };
let mut row_to_be_deleted = row_to_be_modified.to_owned(); let mut row_to_be_deleted = row_to_be_modified.clone();
"user2".clone_into(&mut row_to_be_deleted.user); "user2".clone_into(&mut row_to_be_deleted.user);
let from = vec![row_to_be_modified.to_owned(), row_to_be_deleted.to_owned()]; let from = vec![row_to_be_modified.clone(), row_to_be_deleted.clone()];
let mut modified_row = row_to_be_modified.to_owned(); let mut modified_row = row_to_be_modified.clone();
modified_row.select_priv = false; modified_row.select_priv = false;
modified_row.insert_priv = false; modified_row.insert_priv = false;
modified_row.index_priv = true; modified_row.index_priv = true;
let mut new_row = row_to_be_modified.to_owned(); let mut new_row = row_to_be_modified.clone();
"user3".clone_into(&mut new_row.user); "user3".clone_into(&mut new_row.user);
let to = vec![modified_row.to_owned(), new_row.to_owned()]; let to = vec![modified_row.clone(), new_row.clone()];
let diffs = diff_privileges(&from, &to); let diffs = diff_privileges(&from, &to);
@ -710,8 +705,8 @@ mod tests {
BTreeSet::from_iter(vec![ BTreeSet::from_iter(vec![
DatabasePrivilegesDiff::Deleted(row_to_be_deleted), DatabasePrivilegesDiff::Deleted(row_to_be_deleted),
DatabasePrivilegesDiff::Modified(DatabasePrivilegeRowDiff { DatabasePrivilegesDiff::Modified(DatabasePrivilegeRowDiff {
db: "db".into(), db: "db".to_owned(),
user: "user".into(), user: "user".to_owned(),
diff: BTreeSet::from_iter(vec![ diff: BTreeSet::from_iter(vec![
DatabasePrivilegeChange::YesToNo("select_priv".to_owned()), DatabasePrivilegeChange::YesToNo("select_priv".to_owned()),
DatabasePrivilegeChange::YesToNo("insert_priv".to_owned()), DatabasePrivilegeChange::YesToNo("insert_priv".to_owned()),
@ -727,8 +722,8 @@ mod tests {
fn ensure_generated_and_parsed_editor_content_is_equal() { fn ensure_generated_and_parsed_editor_content_is_equal() {
let permissions = vec![ let permissions = vec![
DatabasePrivilegeRow { DatabasePrivilegeRow {
db: "db".into(), db: "db".to_owned(),
user: "user".into(), user: "user".to_owned(),
select_priv: true, select_priv: true,
insert_priv: true, insert_priv: true,
update_priv: true, update_priv: true,
@ -742,8 +737,8 @@ mod tests {
references_priv: true, references_priv: true,
}, },
DatabasePrivilegeRow { DatabasePrivilegeRow {
db: "db".into(), db: "db2".to_owned(),
user: "user".into(), user: "user2".to_owned(),
select_priv: false, select_priv: false,
insert_priv: false, insert_priv: false,
update_priv: false, update_priv: false,

113
src/core/protocol/request_response.rs
View File

@ -1,9 +1,4 @@
use std::{ use std::collections::BTreeSet;
collections::BTreeSet,
fmt::{Display, Formatter},
ops::{Deref, DerefMut},
str::FromStr,
};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use tokio::net::UnixStream; use tokio::net::UnixStream;
@ -36,107 +31,21 @@ pub fn create_client_to_server_message_stream(socket: UnixStream) -> ClientToSer
tokio_serde::Framed::new(length_delimited, Bincode::default()) tokio_serde::Framed::new(length_delimited, Bincode::default())
} }
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
pub struct MySQLUser(String);
impl FromStr for MySQLUser {
type Err = String;
fn from_str(s: &str) -> Result<Self, Self::Err> {
Ok(MySQLUser(s.to_string()))
}
}
impl Deref for MySQLUser {
type Target = String;
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl DerefMut for MySQLUser {
fn deref_mut(&mut self) -> &mut Self::Target {
&mut self.0
}
}
impl Display for MySQLUser {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "{}", self.0)
}
}
impl From<&str> for MySQLUser {
fn from(s: &str) -> Self {
MySQLUser(s.to_string())
}
}
impl From<String> for MySQLUser {
fn from(s: String) -> Self {
MySQLUser(s)
}
}
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash, Serialize, Deserialize)]
pub struct MySQLDatabase(String);
impl FromStr for MySQLDatabase {
type Err = String;
fn from_str(s: &str) -> Result<Self, Self::Err> {
Ok(MySQLDatabase(s.to_string()))
}
}
impl Deref for MySQLDatabase {
type Target = String;
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl DerefMut for MySQLDatabase {
fn deref_mut(&mut self) -> &mut Self::Target {
&mut self.0
}
}
impl Display for MySQLDatabase {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
write!(f, "{}", self.0)
}
}
impl From<&str> for MySQLDatabase {
fn from(s: &str) -> Self {
MySQLDatabase(s.to_string())
}
}
impl From<String> for MySQLDatabase {
fn from(s: String) -> Self {
MySQLDatabase(s)
}
}
#[non_exhaustive] #[non_exhaustive]
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum Request { pub enum Request {
CreateDatabases(Vec<MySQLDatabase>), CreateDatabases(Vec<String>),
DropDatabases(Vec<MySQLDatabase>), DropDatabases(Vec<String>),
ListDatabases(Option<Vec<MySQLDatabase>>), ListDatabases(Option<Vec<String>>),
ListPrivileges(Option<Vec<MySQLDatabase>>), ListPrivileges(Option<Vec<String>>),
ModifyPrivileges(BTreeSet<DatabasePrivilegesDiff>), ModifyPrivileges(BTreeSet<DatabasePrivilegesDiff>),
CreateUsers(Vec<MySQLUser>), CreateUsers(Vec<String>),
DropUsers(Vec<MySQLUser>), DropUsers(Vec<String>),
PasswdUser(MySQLUser, String), PasswdUser(String, String),
ListUsers(Option<Vec<MySQLUser>>), ListUsers(Option<Vec<String>>),
LockUsers(Vec<MySQLUser>), LockUsers(Vec<String>),
UnlockUsers(Vec<MySQLUser>), UnlockUsers(Vec<String>),
// Commit, // Commit,
Exit, Exit,

206
src/core/protocol/server_responses.rs
View File

@ -3,7 +3,6 @@ use std::collections::BTreeMap;
use indoc::indoc; use indoc::indoc;
use itertools::Itertools; use itertools::Itertools;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use serde_json::json;
use crate::{ use crate::{
core::{common::UnixUser, database_privileges::DatabasePrivilegeRowDiff}, core::{common::UnixUser, database_privileges::DatabasePrivilegeRowDiff},
@ -13,8 +12,6 @@ use crate::{
}, },
}; };
use super::{MySQLDatabase, MySQLUser};
/// This enum is used to differentiate between database and user operations. /// This enum is used to differentiate between database and user operations.
/// Their output are very similar, but there are slight differences in the words used. /// Their output are very similar, but there are slight differences in the words used.
#[derive(Debug, PartialEq, Eq, Clone, Copy)] #[derive(Debug, PartialEq, Eq, Clone, Copy)]
@ -24,17 +21,17 @@ pub enum DbOrUser {
} }
impl DbOrUser { impl DbOrUser {
pub fn lowercased(&self) -> &'static str { pub fn lowercased(&self) -> String {
match self { match self {
DbOrUser::Database => "database", DbOrUser::Database => "database".to_string(),
DbOrUser::User => "user", DbOrUser::User => "user".to_string(),
} }
} }
pub fn capitalized(&self) -> &'static str { pub fn capitalized(&self) -> String {
match self { match self {
DbOrUser::Database => "Database", DbOrUser::Database => "Database".to_string(),
DbOrUser::User => "User", DbOrUser::User => "User".to_string(),
} }
} }
} }
@ -75,11 +72,6 @@ impl OwnerValidationError {
pub fn to_error_message(self, name: &str, db_or_user: DbOrUser) -> String { pub fn to_error_message(self, name: &str, db_or_user: DbOrUser) -> String {
let user = UnixUser::from_enviroment(); let user = UnixUser::from_enviroment();
let UnixUser { username, groups } = user.unwrap_or(UnixUser {
username: "???".to_string(),
groups: vec![],
});
match self { match self {
OwnerValidationError::NoMatch => format!( OwnerValidationError::NoMatch => format!(
indoc! {r#" indoc! {r#"
@ -95,8 +87,11 @@ impl OwnerValidationError {
name, name,
db_or_user.lowercased(), db_or_user.lowercased(),
db_or_user.lowercased(), db_or_user.lowercased(),
username, user.as_ref()
groups .map(|u| u.username.clone())
.unwrap_or("???".to_string()),
user.map(|u| u.groups)
.unwrap_or_default()
.iter() .iter()
.map(|g| format!(" - {}", g)) .map(|g| format!(" - {}", g))
.sorted() .sorted()
@ -122,7 +117,7 @@ pub enum OwnerValidationError {
StringEmpty, StringEmpty,
} }
pub type CreateDatabasesOutput = BTreeMap<MySQLDatabase, Result<(), CreateDatabaseError>>; pub type CreateDatabasesOutput = BTreeMap<String, Result<(), CreateDatabaseError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum CreateDatabaseError { pub enum CreateDatabaseError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -146,29 +141,8 @@ pub fn print_create_databases_output_status(output: &CreateDatabasesOutput) {
} }
} }
pub fn print_create_databases_output_status_json(output: &CreateDatabasesOutput) {
let value = output
.iter()
.map(|(name, result)| match result {
Ok(()) => (name.to_string(), json!({ "status": "success" })),
Err(err) => (
name.to_string(),
json!({
"status": "error",
"error": err.to_error_message(name),
}),
),
})
.collect::<serde_json::Map<_, _>>();
println!(
"{}",
serde_json::to_string_pretty(&value)
.unwrap_or("Failed to serialize result to JSON".to_string())
);
}
impl CreateDatabaseError { impl CreateDatabaseError {
pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String { pub fn to_error_message(&self, database_name: &str) -> String {
match self { match self {
CreateDatabaseError::SanitizationError(err) => { CreateDatabaseError::SanitizationError(err) => {
err.to_error_message(database_name, DbOrUser::Database) err.to_error_message(database_name, DbOrUser::Database)
@ -186,7 +160,7 @@ impl CreateDatabaseError {
} }
} }
pub type DropDatabasesOutput = BTreeMap<MySQLDatabase, Result<(), DropDatabaseError>>; pub type DropDatabasesOutput = BTreeMap<String, Result<(), DropDatabaseError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum DropDatabaseError { pub enum DropDatabaseError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -199,10 +173,7 @@ pub fn print_drop_databases_output_status(output: &DropDatabasesOutput) {
for (database_name, result) in output { for (database_name, result) in output {
match result { match result {
Ok(()) => { Ok(()) => {
println!( println!("Database '{}' dropped successfully.", database_name);
"Database '{}' dropped successfully.",
database_name.as_str()
);
} }
Err(err) => { Err(err) => {
println!("{}", err.to_error_message(database_name)); println!("{}", err.to_error_message(database_name));
@ -213,29 +184,8 @@ pub fn print_drop_databases_output_status(output: &DropDatabasesOutput) {
} }
} }
pub fn print_drop_databases_output_status_json(output: &DropDatabasesOutput) {
let value = output
.iter()
.map(|(name, result)| match result {
Ok(()) => (name.to_string(), json!({ "status": "success" })),
Err(err) => (
name.to_string(),
json!({
"status": "error",
"error": err.to_error_message(name),
}),
),
})
.collect::<serde_json::Map<_, _>>();
println!(
"{}",
serde_json::to_string_pretty(&value)
.unwrap_or("Failed to serialize result to JSON".to_string())
);
}
impl DropDatabaseError { impl DropDatabaseError {
pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String { pub fn to_error_message(&self, database_name: &str) -> String {
match self { match self {
DropDatabaseError::SanitizationError(err) => { DropDatabaseError::SanitizationError(err) => {
err.to_error_message(database_name, DbOrUser::Database) err.to_error_message(database_name, DbOrUser::Database)
@ -253,7 +203,7 @@ impl DropDatabaseError {
} }
} }
pub type ListDatabasesOutput = BTreeMap<MySQLDatabase, Result<DatabaseRow, ListDatabasesError>>; pub type ListDatabasesOutput = BTreeMap<String, Result<DatabaseRow, ListDatabasesError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum ListDatabasesError { pub enum ListDatabasesError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -263,7 +213,7 @@ pub enum ListDatabasesError {
} }
impl ListDatabasesError { impl ListDatabasesError {
pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String { pub fn to_error_message(&self, database_name: &str) -> String {
match self { match self {
ListDatabasesError::SanitizationError(err) => { ListDatabasesError::SanitizationError(err) => {
err.to_error_message(database_name, DbOrUser::Database) err.to_error_message(database_name, DbOrUser::Database)
@ -300,7 +250,7 @@ impl ListAllDatabasesError {
// no need to index by database name. // no need to index by database name.
pub type GetDatabasesPrivilegeData = pub type GetDatabasesPrivilegeData =
BTreeMap<MySQLDatabase, Result<Vec<DatabasePrivilegeRow>, GetDatabasesPrivilegeDataError>>; BTreeMap<String, Result<Vec<DatabasePrivilegeRow>, GetDatabasesPrivilegeDataError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum GetDatabasesPrivilegeDataError { pub enum GetDatabasesPrivilegeDataError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -310,7 +260,7 @@ pub enum GetDatabasesPrivilegeDataError {
} }
impl GetDatabasesPrivilegeDataError { impl GetDatabasesPrivilegeDataError {
pub fn to_error_message(&self, database_name: &MySQLDatabase) -> String { pub fn to_error_message(&self, database_name: &str) -> String {
match self { match self {
GetDatabasesPrivilegeDataError::SanitizationError(err) => { GetDatabasesPrivilegeDataError::SanitizationError(err) => {
err.to_error_message(database_name, DbOrUser::Database) err.to_error_message(database_name, DbOrUser::Database)
@ -344,7 +294,7 @@ impl GetAllDatabasesPrivilegeDataError {
} }
pub type ModifyDatabasePrivilegesOutput = pub type ModifyDatabasePrivilegesOutput =
BTreeMap<(MySQLDatabase, MySQLUser), Result<(), ModifyDatabasePrivilegesError>>; BTreeMap<(String, String), Result<(), ModifyDatabasePrivilegesError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum ModifyDatabasePrivilegesError { pub enum ModifyDatabasePrivilegesError {
DatabaseSanitizationError(NameValidationError), DatabaseSanitizationError(NameValidationError),
@ -359,8 +309,8 @@ pub enum ModifyDatabasePrivilegesError {
#[allow(clippy::enum_variant_names)] #[allow(clippy::enum_variant_names)]
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum DiffDoesNotApplyError { pub enum DiffDoesNotApplyError {
RowAlreadyExists(MySQLDatabase, MySQLUser), RowAlreadyExists(String, String),
RowDoesNotExist(MySQLDatabase, MySQLUser), RowDoesNotExist(String, String),
RowPrivilegeChangeDoesNotApply(DatabasePrivilegeRowDiff, DatabasePrivilegeRow), RowPrivilegeChangeDoesNotApply(DatabasePrivilegeRowDiff, DatabasePrivilegeRow),
} }
@ -383,7 +333,7 @@ pub fn print_modify_database_privileges_output_status(output: &ModifyDatabasePri
} }
impl ModifyDatabasePrivilegesError { impl ModifyDatabasePrivilegesError {
pub fn to_error_message(&self, database_name: &MySQLDatabase, username: &MySQLUser) -> String { pub fn to_error_message(&self, database_name: &str, username: &str) -> String {
match self { match self {
ModifyDatabasePrivilegesError::DatabaseSanitizationError(err) => { ModifyDatabasePrivilegesError::DatabaseSanitizationError(err) => {
err.to_error_message(database_name, DbOrUser::Database) err.to_error_message(database_name, DbOrUser::Database)
@ -438,7 +388,7 @@ impl DiffDoesNotApplyError {
} }
} }
pub type CreateUsersOutput = BTreeMap<MySQLUser, Result<(), CreateUserError>>; pub type CreateUsersOutput = BTreeMap<String, Result<(), CreateUserError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum CreateUserError { pub enum CreateUserError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -462,29 +412,8 @@ pub fn print_create_users_output_status(output: &CreateUsersOutput) {
} }
} }
pub fn print_create_users_output_status_json(output: &CreateUsersOutput) {
let value = output
.iter()
.map(|(name, result)| match result {
Ok(()) => (name.to_string(), json!({ "status": "success" })),
Err(err) => (
name.to_string(),
json!({
"status": "error",
"error": err.to_error_message(name),
}),
),
})
.collect::<serde_json::Map<_, _>>();
println!(
"{}",
serde_json::to_string_pretty(&value)
.unwrap_or("Failed to serialize result to JSON".to_string())
);
}
impl CreateUserError { impl CreateUserError {
pub fn to_error_message(&self, username: &MySQLUser) -> String { pub fn to_error_message(&self, username: &str) -> String {
match self { match self {
CreateUserError::SanitizationError(err) => { CreateUserError::SanitizationError(err) => {
err.to_error_message(username, DbOrUser::User) err.to_error_message(username, DbOrUser::User)
@ -500,7 +429,7 @@ impl CreateUserError {
} }
} }
pub type DropUsersOutput = BTreeMap<MySQLUser, Result<(), DropUserError>>; pub type DropUsersOutput = BTreeMap<String, Result<(), DropUserError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum DropUserError { pub enum DropUserError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -524,29 +453,8 @@ pub fn print_drop_users_output_status(output: &DropUsersOutput) {
} }
} }
pub fn print_drop_users_output_status_json(output: &DropUsersOutput) {
let value = output
.iter()
.map(|(name, result)| match result {
Ok(()) => (name.to_string(), json!({ "status": "success" })),
Err(err) => (
name.to_string(),
json!({
"status": "error",
"error": err.to_error_message(name),
}),
),
})
.collect::<serde_json::Map<_, _>>();
println!(
"{}",
serde_json::to_string_pretty(&value)
.unwrap_or("Failed to serialize result to JSON".to_string())
);
}
impl DropUserError { impl DropUserError {
pub fn to_error_message(&self, username: &MySQLUser) -> String { pub fn to_error_message(&self, username: &str) -> String {
match self { match self {
DropUserError::SanitizationError(err) => err.to_error_message(username, DbOrUser::User), DropUserError::SanitizationError(err) => err.to_error_message(username, DbOrUser::User),
DropUserError::OwnershipError(err) => err.to_error_message(username, DbOrUser::User), DropUserError::OwnershipError(err) => err.to_error_message(username, DbOrUser::User),
@ -569,7 +477,7 @@ pub enum SetPasswordError {
MySqlError(String), MySqlError(String),
} }
pub fn print_set_password_output_status(output: &SetPasswordOutput, username: &MySQLUser) { pub fn print_set_password_output_status(output: &SetPasswordOutput, username: &str) {
match output { match output {
Ok(()) => { Ok(()) => {
println!("Password for user '{}' set successfully.", username); println!("Password for user '{}' set successfully.", username);
@ -582,7 +490,7 @@ pub fn print_set_password_output_status(output: &SetPasswordOutput, username: &M
} }
impl SetPasswordError { impl SetPasswordError {
pub fn to_error_message(&self, username: &MySQLUser) -> String { pub fn to_error_message(&self, username: &str) -> String {
match self { match self {
SetPasswordError::SanitizationError(err) => { SetPasswordError::SanitizationError(err) => {
err.to_error_message(username, DbOrUser::User) err.to_error_message(username, DbOrUser::User)
@ -598,7 +506,7 @@ impl SetPasswordError {
} }
} }
pub type LockUsersOutput = BTreeMap<MySQLUser, Result<(), LockUserError>>; pub type LockUsersOutput = BTreeMap<String, Result<(), LockUserError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum LockUserError { pub enum LockUserError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -623,29 +531,8 @@ pub fn print_lock_users_output_status(output: &LockUsersOutput) {
} }
} }
pub fn print_lock_users_output_status_json(output: &LockUsersOutput) {
let value = output
.iter()
.map(|(name, result)| match result {
Ok(()) => (name.to_string(), json!({ "status": "success" })),
Err(err) => (
name.to_string(),
json!({
"status": "error",
"error": err.to_error_message(name),
}),
),
})
.collect::<serde_json::Map<_, _>>();
println!(
"{}",
serde_json::to_string_pretty(&value)
.unwrap_or("Failed to serialize result to JSON".to_string())
);
}
impl LockUserError { impl LockUserError {
pub fn to_error_message(&self, username: &MySQLUser) -> String { pub fn to_error_message(&self, username: &str) -> String {
match self { match self {
LockUserError::SanitizationError(err) => err.to_error_message(username, DbOrUser::User), LockUserError::SanitizationError(err) => err.to_error_message(username, DbOrUser::User),
LockUserError::OwnershipError(err) => err.to_error_message(username, DbOrUser::User), LockUserError::OwnershipError(err) => err.to_error_message(username, DbOrUser::User),
@ -662,7 +549,7 @@ impl LockUserError {
} }
} }
pub type UnlockUsersOutput = BTreeMap<MySQLUser, Result<(), UnlockUserError>>; pub type UnlockUsersOutput = BTreeMap<String, Result<(), UnlockUserError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum UnlockUserError { pub enum UnlockUserError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -687,29 +574,8 @@ pub fn print_unlock_users_output_status(output: &UnlockUsersOutput) {
} }
} }
pub fn print_unlock_users_output_status_json(output: &UnlockUsersOutput) {
let value = output
.iter()
.map(|(name, result)| match result {
Ok(()) => (name.to_string(), json!({ "status": "success" })),
Err(err) => (
name.to_string(),
json!({
"status": "error",
"error": err.to_error_message(name),
}),
),
})
.collect::<serde_json::Map<_, _>>();
println!(
"{}",
serde_json::to_string_pretty(&value)
.unwrap_or("Failed to serialize result to JSON".to_string())
);
}
impl UnlockUserError { impl UnlockUserError {
pub fn to_error_message(&self, username: &MySQLUser) -> String { pub fn to_error_message(&self, username: &str) -> String {
match self { match self {
UnlockUserError::SanitizationError(err) => { UnlockUserError::SanitizationError(err) => {
err.to_error_message(username, DbOrUser::User) err.to_error_message(username, DbOrUser::User)
@ -728,7 +594,7 @@ impl UnlockUserError {
} }
} }
pub type ListUsersOutput = BTreeMap<MySQLUser, Result<DatabaseUser, ListUsersError>>; pub type ListUsersOutput = BTreeMap<String, Result<DatabaseUser, ListUsersError>>;
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub enum ListUsersError { pub enum ListUsersError {
SanitizationError(NameValidationError), SanitizationError(NameValidationError),
@ -738,7 +604,7 @@ pub enum ListUsersError {
} }
impl ListUsersError { impl ListUsersError {
pub fn to_error_message(&self, username: &MySQLUser) -> String { pub fn to_error_message(&self, username: &str) -> String {
match self { match self {
ListUsersError::SanitizationError(err) => { ListUsersError::SanitizationError(err) => {
err.to_error_message(username, DbOrUser::User) err.to_error_message(username, DbOrUser::User)

24
src/main.rs
View File

@ -3,7 +3,6 @@ extern crate prettytable;
use clap::{CommandFactory, Parser, ValueEnum}; use clap::{CommandFactory, Parser, ValueEnum};
use clap_complete::{generate, Shell}; use clap_complete::{generate, Shell};
use clap_verbosity_flag::Verbosity;
use std::path::PathBuf; use std::path::PathBuf;
@ -63,10 +62,6 @@ struct Args {
)] )]
config: Option<PathBuf>, config: Option<PathBuf>,
#[command(flatten)]
verbose: Verbosity,
/// Run in TUI mode.
#[cfg(feature = "tui")] #[cfg(feature = "tui")]
#[arg(short, long, alias = "tui", global = true)] #[arg(short, long, alias = "tui", global = true)]
interactive: bool, interactive: bool,
@ -108,6 +103,11 @@ enum ToplevelCommands {
// comments emphasizing the need for caution. // comments emphasizing the need for caution.
fn main() -> anyhow::Result<()> { fn main() -> anyhow::Result<()> {
// TODO: find out if there are any security risks of running
// env_logger and clap with elevated privileges.
env_logger::init();
#[cfg(feature = "mysql-admutils-compatibility")] #[cfg(feature = "mysql-admutils-compatibility")]
if handle_mysql_admutils_command()?.is_some() { if handle_mysql_admutils_command()?.is_some() {
return Ok(()); return Ok(());
@ -126,10 +126,6 @@ fn main() -> anyhow::Result<()> {
let server_connection = let server_connection =
bootstrap_server_connection_and_drop_privileges(args.server_socket_path, args.config)?; bootstrap_server_connection_and_drop_privileges(args.server_socket_path, args.config)?;
env_logger::Builder::new()
.filter_level(args.verbose.log_level_filter())
.init();
tokio_run_command(args.command, server_connection)?; tokio_run_command(args.command, server_connection)?;
Ok(()) Ok(())
@ -153,10 +149,9 @@ fn handle_server_command(args: &Args) -> anyhow::Result<Option<()>> {
match args.command { match args.command {
Command::Server(ref command) => { Command::Server(ref command) => {
tokio_start_server( tokio_start_server(
args.server_socket_path.to_owned(), args.server_socket_path.clone(),
args.config.to_owned(), args.config.clone(),
args.verbose.to_owned(), command.clone(),
command.to_owned(),
)?; )?;
Ok(Some(())) Ok(Some(()))
} }
@ -193,7 +188,6 @@ fn handle_generate_completions_command(args: &Args) -> anyhow::Result<Option<()>
fn tokio_start_server( fn tokio_start_server(
server_socket_path: Option<PathBuf>, server_socket_path: Option<PathBuf>,
config_path: Option<PathBuf>, config_path: Option<PathBuf>,
verbosity: Verbosity,
args: ServerArgs, args: ServerArgs,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
tokio::runtime::Builder::new_current_thread() tokio::runtime::Builder::new_current_thread()
@ -201,7 +195,7 @@ fn tokio_start_server(
.build() .build()
.unwrap() .unwrap()
.block_on(async { .block_on(async {
server::command::handle_command(server_socket_path, config_path, verbosity, args).await server::command::handle_command(server_socket_path, config_path, args).await
}) })
} }

144
src/server/command.rs
View File

@ -3,16 +3,11 @@ use std::path::PathBuf;
use anyhow::Context; use anyhow::Context;
use clap::Parser; use clap::Parser;
use clap_verbosity_flag::Verbosity;
use futures::SinkExt;
use indoc::concatdoc;
use systemd_journal_logger::JournalLog;
use std::os::unix::net::UnixStream as StdUnixStream; use std::os::unix::net::UnixStream as StdUnixStream;
use tokio::net::UnixStream as TokioUnixStream; use tokio::net::UnixStream as TokioUnixStream;
use crate::core::common::UnixUser; use crate::core::common::UnixUser;
use crate::core::protocol::{create_server_to_client_message_stream, Response};
use crate::server::config::read_config_from_path_with_arg_overrides; use crate::server::config::read_config_from_path_with_arg_overrides;
use crate::server::server_loop::listen_for_incoming_connections; use crate::server::server_loop::listen_for_incoming_connections;
use crate::server::{ use crate::server::{
@ -27,9 +22,6 @@ pub struct ServerArgs {
#[command(flatten)] #[command(flatten)]
config_overrides: ServerConfigArgs, config_overrides: ServerConfigArgs,
#[arg(long)]
systemd: bool,
} }
#[derive(Parser, Debug, Clone)] #[derive(Parser, Debug, Clone)]
@ -41,148 +33,27 @@ pub enum ServerCommand {
SocketActivate, SocketActivate,
} }
const LOG_LEVEL_WARNING: &str = r#"
===================================================
== WARNING: LOG LEVEL IS SET TO 'TRACE'! ==
== THIS WILL CAUSE THE SERVER TO LOG SQL QUERIES ==
== THAT MAY CONTAIN SENSITIVE INFORMATION LIKE ==
== PASSWORDS AND AUTHENTICATION TOKENS. ==
== THIS IS INTENDED FOR DEBUGGING PURPOSES ONLY ==
== AND SHOULD *NEVER* BE USED IN PRODUCTION. ==
===================================================
"#;
pub async fn handle_command( pub async fn handle_command(
socket_path: Option<PathBuf>, socket_path: Option<PathBuf>,
config_path: Option<PathBuf>, config_path: Option<PathBuf>,
verbosity: Verbosity,
args: ServerArgs, args: ServerArgs,
) -> anyhow::Result<()> { ) -> anyhow::Result<()> {
let mut auto_detected_systemd_mode = false;
let systemd_mode = args.systemd || {
if let Ok(true) = sd_notify::booted() {
auto_detected_systemd_mode = true;
true
} else {
false
}
};
if systemd_mode {
JournalLog::new()
.context("Failed to initialize journald logging")?
.install()
.context("Failed to install journald logger")?;
log::set_max_level(verbosity.log_level_filter());
if verbosity.log_level_filter() >= log::LevelFilter::Trace {
log::warn!("{}", LOG_LEVEL_WARNING.trim());
}
if auto_detected_systemd_mode {
log::info!("Running in systemd mode, auto-detected");
} else {
log::info!("Running in systemd mode");
}
start_watchdog_thread_if_enabled();
} else {
env_logger::Builder::new()
.filter_level(verbosity.log_level_filter())
.init();
log::info!("Running in standalone mode");
}
let config = read_config_from_path_with_arg_overrides(config_path, args.config_overrides)?; let config = read_config_from_path_with_arg_overrides(config_path, args.config_overrides)?;
match args.subcmd { match args.subcmd {
ServerCommand::Listen => listen_for_incoming_connections(socket_path, config).await, ServerCommand::Listen => listen_for_incoming_connections(socket_path, config).await,
ServerCommand::SocketActivate => { ServerCommand::SocketActivate => socket_activate(config).await,
if !args.systemd {
anyhow::bail!(concat!(
"The `--systemd` flag must be used with the `socket-activate` command.\n",
"This command currently only supports socket activation under systemd."
));
}
socket_activate(config).await
}
}
}
fn start_watchdog_thread_if_enabled() {
let mut micro_seconds: u64 = 0;
let watchdog_enabled = sd_notify::watchdog_enabled(true, &mut micro_seconds);
if watchdog_enabled {
micro_seconds = micro_seconds.max(2_000_000).div_ceil(2);
tokio::spawn(async move {
log::debug!(
"Starting systemd watchdog thread with {} millisecond interval",
micro_seconds.div_ceil(1000)
);
loop {
tokio::time::sleep(tokio::time::Duration::from_micros(micro_seconds)).await;
if let Err(err) = sd_notify::notify(false, &[sd_notify::NotifyState::Watchdog]) {
log::warn!("Failed to notify systemd watchdog: {}", err);
} else {
log::trace!("Ping sent to systemd watchdog");
}
}
});
} else {
log::debug!("Systemd watchdog not enabled, skipping watchdog thread");
} }
} }
async fn socket_activate(config: ServerConfig) -> anyhow::Result<()> { async fn socket_activate(config: ServerConfig) -> anyhow::Result<()> {
let conn = get_socket_from_systemd().await?; let conn = get_socket_from_systemd().await?;
let uid = conn.peer_cred()?.uid();
let uid = match conn.peer_cred() { let unix_user = UnixUser::from_uid(uid)?;
Ok(cred) => cred.uid(),
Err(e) => {
log::error!("Failed to get peer credentials from socket: {}", e);
let mut message_stream = create_server_to_client_message_stream(conn);
message_stream
.send(Response::Error(
(concatdoc! {
"Server failed to get peer credentials from socket\n",
"Please check the server logs or contact the system administrators"
})
.to_string(),
))
.await
.ok();
anyhow::bail!("Failed to get peer credentials from socket");
}
};
log::debug!("Accepted connection from uid {}", uid);
let unix_user = match UnixUser::from_uid(uid) {
Ok(user) => user,
Err(e) => {
log::error!("Failed to get username from uid: {}", e);
let mut message_stream = create_server_to_client_message_stream(conn);
message_stream
.send(Response::Error(
(concatdoc! {
"Server failed to get user data from the system\n",
"Please check the server logs or contact the system administrators"
})
.to_string(),
))
.await
.ok();
anyhow::bail!("Failed to get username from uid");
}
};
log::info!("Accepted connection from {}", unix_user.username); log::info!("Accepted connection from {}", unix_user.username);
sd_notify::notify(false, &[sd_notify::NotifyState::Ready]).ok(); sd_notify::notify(true, &[sd_notify::NotifyState::Ready]).ok();
handle_requests_for_single_session(conn, &unix_user, &config).await?; handle_requests_for_single_session(conn, &unix_user, &config).await?;
@ -195,12 +66,7 @@ async fn get_socket_from_systemd() -> anyhow::Result<TokioUnixStream> {
.next() .next()
.context("No file descriptors received from systemd")?; .context("No file descriptors received from systemd")?;
debug_assert!(fd == 3, "Unexpected file descriptor from systemd: {}", fd); log::debug!("Received file descriptor from systemd: {}", fd);
log::debug!(
"Received file descriptor from systemd with id: '{}', assuming socket",
fd
);
let std_unix_stream = unsafe { StdUnixStream::from_raw_fd(fd) }; let std_unix_stream = unsafe { StdUnixStream::from_raw_fd(fd) };
let socket = TokioUnixStream::from_std(std_unix_stream)?; let socket = TokioUnixStream::from_std(std_unix_stream)?;

18
src/server/config.rs
View File

@ -109,16 +109,22 @@ pub fn read_config_from_path_with_arg_overrides(
pub fn read_config_from_path(config_path: Option<PathBuf>) -> anyhow::Result<ServerConfig> { pub fn read_config_from_path(config_path: Option<PathBuf>) -> anyhow::Result<ServerConfig> {
let config_path = config_path.unwrap_or_else(|| PathBuf::from(DEFAULT_CONFIG_PATH)); let config_path = config_path.unwrap_or_else(|| PathBuf::from(DEFAULT_CONFIG_PATH));
log::debug!("Reading config file at {:?}", &config_path); log::debug!("Reading config from {:?}", &config_path);
fs::read_to_string(&config_path) fs::read_to_string(&config_path)
.context(format!("Failed to read config file at {:?}", &config_path)) .context(format!(
"Failed to read config file from {:?}",
&config_path
))
.and_then(|c| toml::from_str(&c).context("Failed to parse config file")) .and_then(|c| toml::from_str(&c).context("Failed to parse config file"))
.context(format!("Failed to parse config file at {:?}", &config_path)) .context(format!(
"Failed to parse config file from {:?}",
&config_path
))
} }
fn log_config(config: &MysqlConfig) { fn log_config(config: &MysqlConfig) {
let mut display_config = config.to_owned(); let mut display_config = config.clone();
display_config.password = display_config display_config.password = display_config
.password .password
.as_ref() .as_ref()
@ -135,9 +141,7 @@ pub async fn create_mysql_connection_from_config(
) -> anyhow::Result<MySqlConnection> { ) -> anyhow::Result<MySqlConnection> {
log_config(config); log_config(config);
let mut mysql_options = MySqlConnectOptions::new() let mut mysql_options = MySqlConnectOptions::new().database("mysql");
.database("mysql")
.log_statements(log::LevelFilter::Trace);
if let Some(username) = &config.username { if let Some(username) = &config.username {
mysql_options = mysql_options.username(username); mysql_options = mysql_options.username(username);

2
src/server/input_sanitization.rs
View File

@ -24,7 +24,7 @@ pub fn validate_ownership_by_unix_user(
name: &str, name: &str,
user: &UnixUser, user: &UnixUser,
) -> Result<(), OwnerValidationError> { ) -> Result<(), OwnerValidationError> {
let prefixes = std::iter::once(user.username.to_owned()) let prefixes = std::iter::once(user.username.clone())
.chain(user.groups.iter().cloned()) .chain(user.groups.iter().cloned())
.collect::<Vec<String>>(); .collect::<Vec<String>>();

123
src/server/server_loop.rs
View File

@ -7,7 +7,6 @@ use tokio::net::{UnixListener, UnixStream};
use sqlx::prelude::*; use sqlx::prelude::*;
use sqlx::MySqlConnection; use sqlx::MySqlConnection;
use crate::core::protocol::SetPasswordError;
use crate::server::sql::database_operations::list_databases; use crate::server::sql::database_operations::list_databases;
use crate::{ use crate::{
core::{ core::{
@ -57,7 +56,7 @@ pub async fn listen_for_incoming_connections(
let listener = UnixListener::bind(socket_path)?; let listener = UnixListener::bind(socket_path)?;
sd_notify::notify(false, &[sd_notify::NotifyState::Ready]).ok(); sd_notify::notify(true, &[sd_notify::NotifyState::Ready]).ok();
while let Ok((conn, _addr)) = listener.accept().await { while let Ok((conn, _addr)) = listener.accept().await {
let uid = match conn.peer_cred() { let uid = match conn.peer_cred() {
@ -79,7 +78,7 @@ pub async fn listen_for_incoming_connections(
} }
}; };
log::debug!("Accepted connection from uid {}", uid); log::trace!("Accepted connection from uid {}", uid);
let unix_user = match UnixUser::from_uid(uid) { let unix_user = match UnixUser::from_uid(uid) {
Ok(user) => user, Ok(user) => user,
@ -174,47 +173,47 @@ pub async fn handle_requests_for_single_session_with_db_connection(
} }
}; };
// TODO: don't clone the request log::trace!("Received request: {:?}", request);
let request_to_display = match &request {
Request::PasswdUser(db_user, _) => {
Request::PasswdUser(db_user.to_owned(), "<REDACTED>".to_string())
}
request => request.to_owned(),
};
log::info!("Received request: {:#?}", request_to_display);
let response = match request { match request {
Request::CreateDatabases(databases_names) => { Request::CreateDatabases(databases_names) => {
let result = create_databases(databases_names, unix_user, db_connection).await; let result = create_databases(databases_names, unix_user, db_connection).await;
Response::CreateDatabases(result) stream.send(Response::CreateDatabases(result)).await?;
} }
Request::DropDatabases(databases_names) => { Request::DropDatabases(databases_names) => {
let result = drop_databases(databases_names, unix_user, db_connection).await; let result = drop_databases(databases_names, unix_user, db_connection).await;
Response::DropDatabases(result) stream.send(Response::DropDatabases(result)).await?;
}
Request::ListDatabases(database_names) => {
let response = match database_names {
Some(database_names) => {
let result = list_databases(database_names, unix_user, db_connection).await;
Response::ListDatabases(result)
}
None => {
let result = list_all_databases_for_user(unix_user, db_connection).await;
Response::ListAllDatabases(result)
}
};
stream.send(response).await?;
}
Request::ListPrivileges(database_names) => {
let response = match database_names {
Some(database_names) => {
let privilege_data =
get_databases_privilege_data(database_names, unix_user, db_connection)
.await;
Response::ListPrivileges(privilege_data)
}
None => {
let privilege_data =
get_all_database_privileges(unix_user, db_connection).await;
Response::ListAllPrivileges(privilege_data)
}
};
stream.send(response).await?;
} }
Request::ListDatabases(database_names) => match database_names {
Some(database_names) => {
let result = list_databases(database_names, unix_user, db_connection).await;
Response::ListDatabases(result)
}
None => {
let result = list_all_databases_for_user(unix_user, db_connection).await;
Response::ListAllDatabases(result)
}
},
Request::ListPrivileges(database_names) => match database_names {
Some(database_names) => {
let privilege_data =
get_databases_privilege_data(database_names, unix_user, db_connection)
.await;
Response::ListPrivileges(privilege_data)
}
None => {
let privilege_data =
get_all_database_privileges(unix_user, db_connection).await;
Response::ListAllPrivileges(privilege_data)
}
},
Request::ModifyPrivileges(database_privilege_diffs) => { Request::ModifyPrivileges(database_privilege_diffs) => {
let result = apply_privilege_diffs( let result = apply_privilege_diffs(
BTreeSet::from_iter(database_privilege_diffs), BTreeSet::from_iter(database_privilege_diffs),
@ -222,58 +221,50 @@ pub async fn handle_requests_for_single_session_with_db_connection(
db_connection, db_connection,
) )
.await; .await;
Response::ModifyPrivileges(result) stream.send(Response::ModifyPrivileges(result)).await?;
} }
Request::CreateUsers(db_users) => { Request::CreateUsers(db_users) => {
let result = create_database_users(db_users, unix_user, db_connection).await; let result = create_database_users(db_users, unix_user, db_connection).await;
Response::CreateUsers(result) stream.send(Response::CreateUsers(result)).await?;
} }
Request::DropUsers(db_users) => { Request::DropUsers(db_users) => {
let result = drop_database_users(db_users, unix_user, db_connection).await; let result = drop_database_users(db_users, unix_user, db_connection).await;
Response::DropUsers(result) stream.send(Response::DropUsers(result)).await?;
} }
Request::PasswdUser(db_user, password) => { Request::PasswdUser(db_user, password) => {
let result = let result =
set_password_for_database_user(&db_user, &password, unix_user, db_connection) set_password_for_database_user(&db_user, &password, unix_user, db_connection)
.await; .await;
Response::PasswdUser(result) stream.send(Response::PasswdUser(result)).await?;
}
Request::ListUsers(db_users) => {
let response = match db_users {
Some(db_users) => {
let result = list_database_users(db_users, unix_user, db_connection).await;
Response::ListUsers(result)
}
None => {
let result =
list_all_database_users_for_unix_user(unix_user, db_connection).await;
Response::ListAllUsers(result)
}
};
stream.send(response).await?;
} }
Request::ListUsers(db_users) => match db_users {
Some(db_users) => {
let result = list_database_users(db_users, unix_user, db_connection).await;
Response::ListUsers(result)
}
None => {
let result =
list_all_database_users_for_unix_user(unix_user, db_connection).await;
Response::ListAllUsers(result)
}
},
Request::LockUsers(db_users) => { Request::LockUsers(db_users) => {
let result = lock_database_users(db_users, unix_user, db_connection).await; let result = lock_database_users(db_users, unix_user, db_connection).await;
Response::LockUsers(result) stream.send(Response::LockUsers(result)).await?;
} }
Request::UnlockUsers(db_users) => { Request::UnlockUsers(db_users) => {
let result = unlock_database_users(db_users, unix_user, db_connection).await; let result = unlock_database_users(db_users, unix_user, db_connection).await;
Response::UnlockUsers(result) stream.send(Response::UnlockUsers(result)).await?;
} }
Request::Exit => { Request::Exit => {
break; break;
} }
}; }
// TODO: don't clone the response
let response_to_display = match &response {
Response::PasswdUser(Err(SetPasswordError::MySqlError(_))) => {
Response::PasswdUser(Err(SetPasswordError::MySqlError("<REDACTED>".to_string())))
}
response => response.to_owned(),
};
log::info!("Response: {:#?}", response_to_display);
stream.send(response).await?;
stream.flush().await?; stream.flush().await?;
log::debug!("Successfully processed request");
} }
Ok(()) Ok(())

41
src/server/sql/database_operations.rs
View File

@ -5,7 +5,6 @@ use sqlx::MySqlConnection;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use crate::core::protocol::MySQLDatabase;
use crate::{ use crate::{
core::{ core::{
common::UnixUser, common::UnixUser,
@ -43,7 +42,7 @@ pub(super) async fn unsafe_database_exists(
} }
pub async fn create_databases( pub async fn create_databases(
database_names: Vec<MySQLDatabase>, database_names: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> CreateDatabasesOutput { ) -> CreateDatabasesOutput {
@ -52,7 +51,7 @@ pub async fn create_databases(
for database_name in database_names { for database_name in database_names {
if let Err(err) = validate_name(&database_name) { if let Err(err) = validate_name(&database_name) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(CreateDatabaseError::SanitizationError(err)), Err(CreateDatabaseError::SanitizationError(err)),
); );
continue; continue;
@ -60,7 +59,7 @@ pub async fn create_databases(
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) { if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(CreateDatabaseError::OwnershipError(err)), Err(CreateDatabaseError::OwnershipError(err)),
); );
continue; continue;
@ -69,14 +68,14 @@ pub async fn create_databases(
match unsafe_database_exists(&database_name, &mut *connection).await { match unsafe_database_exists(&database_name, &mut *connection).await {
Ok(true) => { Ok(true) => {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(CreateDatabaseError::DatabaseAlreadyExists), Err(CreateDatabaseError::DatabaseAlreadyExists),
); );
continue; continue;
} }
Err(err) => { Err(err) => {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(CreateDatabaseError::MySqlError(err.to_string())), Err(CreateDatabaseError::MySqlError(err.to_string())),
); );
continue; continue;
@ -102,7 +101,7 @@ pub async fn create_databases(
} }
pub async fn drop_databases( pub async fn drop_databases(
database_names: Vec<MySQLDatabase>, database_names: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> DropDatabasesOutput { ) -> DropDatabasesOutput {
@ -111,7 +110,7 @@ pub async fn drop_databases(
for database_name in database_names { for database_name in database_names {
if let Err(err) = validate_name(&database_name) { if let Err(err) = validate_name(&database_name) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(DropDatabaseError::SanitizationError(err)), Err(DropDatabaseError::SanitizationError(err)),
); );
continue; continue;
@ -119,7 +118,7 @@ pub async fn drop_databases(
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) { if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(DropDatabaseError::OwnershipError(err)), Err(DropDatabaseError::OwnershipError(err)),
); );
continue; continue;
@ -128,14 +127,14 @@ pub async fn drop_databases(
match unsafe_database_exists(&database_name, &mut *connection).await { match unsafe_database_exists(&database_name, &mut *connection).await {
Ok(false) => { Ok(false) => {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(DropDatabaseError::DatabaseDoesNotExist), Err(DropDatabaseError::DatabaseDoesNotExist),
); );
continue; continue;
} }
Err(err) => { Err(err) => {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(DropDatabaseError::MySqlError(err.to_string())), Err(DropDatabaseError::MySqlError(err.to_string())),
); );
continue; continue;
@ -160,21 +159,13 @@ pub async fn drop_databases(
results results
} }
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize, FromRow)]
pub struct DatabaseRow { pub struct DatabaseRow {
pub database: MySQLDatabase, pub database: String,
}
impl FromRow<'_, sqlx::mysql::MySqlRow> for DatabaseRow {
fn from_row(row: &sqlx::mysql::MySqlRow) -> Result<Self, sqlx::Error> {
Ok(DatabaseRow {
database: row.try_get::<String, _>("database")?.into(),
})
}
} }
pub async fn list_databases( pub async fn list_databases(
database_names: Vec<MySQLDatabase>, database_names: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> ListDatabasesOutput { ) -> ListDatabasesOutput {
@ -183,7 +174,7 @@ pub async fn list_databases(
for database_name in database_names { for database_name in database_names {
if let Err(err) = validate_name(&database_name) { if let Err(err) = validate_name(&database_name) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(ListDatabasesError::SanitizationError(err)), Err(ListDatabasesError::SanitizationError(err)),
); );
continue; continue;
@ -191,7 +182,7 @@ pub async fn list_databases(
if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) { if let Err(err) = validate_ownership_by_unix_user(&database_name, unix_user) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(ListDatabasesError::OwnershipError(err)), Err(ListDatabasesError::OwnershipError(err)),
); );
continue; continue;
@ -204,7 +195,7 @@ pub async fn list_databases(
WHERE `SCHEMA_NAME` = ? WHERE `SCHEMA_NAME` = ?
"#, "#,
) )
.bind(database_name.to_string()) .bind(&database_name)
.fetch_optional(&mut *connection) .fetch_optional(&mut *connection)
.await .await
.map_err(|err| ListDatabasesError::MySqlError(err.to_string())) .map_err(|err| ListDatabasesError::MySqlError(err.to_string()))

49
src/server/sql/database_privilege_operations.rs
View File

@ -28,8 +28,7 @@ use crate::{
protocol::{ protocol::{
DiffDoesNotApplyError, GetAllDatabasesPrivilegeData, GetAllDatabasesPrivilegeDataError, DiffDoesNotApplyError, GetAllDatabasesPrivilegeData, GetAllDatabasesPrivilegeDataError,
GetDatabasesPrivilegeData, GetDatabasesPrivilegeDataError, GetDatabasesPrivilegeData, GetDatabasesPrivilegeDataError,
ModifyDatabasePrivilegesError, ModifyDatabasePrivilegesOutput, MySQLDatabase, ModifyDatabasePrivilegesError, ModifyDatabasePrivilegesOutput,
MySQLUser,
}, },
}, },
server::{ server::{
@ -64,8 +63,8 @@ pub const DATABASE_PRIVILEGE_FIELDS: [&str; 13] = [
/// This struct represents the set of privileges for a single user on a single database. /// This struct represents the set of privileges for a single user on a single database.
#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, PartialOrd, Ord)] #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize, PartialOrd, Ord)]
pub struct DatabasePrivilegeRow { pub struct DatabasePrivilegeRow {
pub db: MySQLDatabase, pub db: String,
pub user: MySQLUser, pub user: String,
pub select_priv: bool, pub select_priv: bool,
pub insert_priv: bool, pub insert_priv: bool,
pub update_priv: bool, pub update_priv: bool,
@ -116,8 +115,8 @@ fn get_mysql_row_priv_field(row: &MySqlRow, position: usize) -> Result<bool, sql
impl FromRow<'_, MySqlRow> for DatabasePrivilegeRow { impl FromRow<'_, MySqlRow> for DatabasePrivilegeRow {
fn from_row(row: &MySqlRow) -> Result<Self, sqlx::Error> { fn from_row(row: &MySqlRow) -> Result<Self, sqlx::Error> {
Ok(Self { Ok(Self {
db: try_get_with_binary_fallback(row, "Db")?.into(), db: try_get_with_binary_fallback(row, "Db")?,
user: try_get_with_binary_fallback(row, "User")?.into(), user: try_get_with_binary_fallback(row, "User")?,
select_priv: get_mysql_row_priv_field(row, 2)?, select_priv: get_mysql_row_priv_field(row, 2)?,
insert_priv: get_mysql_row_priv_field(row, 3)?, insert_priv: get_mysql_row_priv_field(row, 3)?,
update_priv: get_mysql_row_priv_field(row, 4)?, update_priv: get_mysql_row_priv_field(row, 4)?,
@ -164,8 +163,8 @@ async fn unsafe_get_database_privileges(
// NOTE: this function is unsafe because it does no input validation. // NOTE: this function is unsafe because it does no input validation.
/// Get all users + privileges for a single database-user pair. /// Get all users + privileges for a single database-user pair.
pub async fn unsafe_get_database_privileges_for_db_user_pair( pub async fn unsafe_get_database_privileges_for_db_user_pair(
database_name: &MySQLDatabase, database_name: &str,
user_name: &MySQLUser, user_name: &str,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> Result<Option<DatabasePrivilegeRow>, sqlx::Error> { ) -> Result<Option<DatabasePrivilegeRow>, sqlx::Error> {
let result = sqlx::query_as::<_, DatabasePrivilegeRow>(&format!( let result = sqlx::query_as::<_, DatabasePrivilegeRow>(&format!(
@ -175,8 +174,8 @@ pub async fn unsafe_get_database_privileges_for_db_user_pair(
.map(|field| quote_identifier(field)) .map(|field| quote_identifier(field))
.join(","), .join(","),
)) ))
.bind(database_name.as_str()) .bind(database_name)
.bind(user_name.as_str()) .bind(user_name)
.fetch_optional(connection) .fetch_optional(connection)
.await; .await;
@ -193,7 +192,7 @@ pub async fn unsafe_get_database_privileges_for_db_user_pair(
} }
pub async fn get_databases_privilege_data( pub async fn get_databases_privilege_data(
database_names: Vec<MySQLDatabase>, database_names: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> GetDatabasesPrivilegeData { ) -> GetDatabasesPrivilegeData {
@ -202,7 +201,7 @@ pub async fn get_databases_privilege_data(
for database_name in database_names.iter() { for database_name in database_names.iter() {
if let Err(err) = validate_name(database_name) { if let Err(err) = validate_name(database_name) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(GetDatabasesPrivilegeDataError::SanitizationError(err)), Err(GetDatabasesPrivilegeDataError::SanitizationError(err)),
); );
continue; continue;
@ -210,7 +209,7 @@ pub async fn get_databases_privilege_data(
if let Err(err) = validate_ownership_by_unix_user(database_name, unix_user) { if let Err(err) = validate_ownership_by_unix_user(database_name, unix_user) {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(GetDatabasesPrivilegeDataError::OwnershipError(err)), Err(GetDatabasesPrivilegeDataError::OwnershipError(err)),
); );
continue; continue;
@ -221,7 +220,7 @@ pub async fn get_databases_privilege_data(
.unwrap() .unwrap()
{ {
results.insert( results.insert(
database_name.to_owned(), database_name.clone(),
Err(GetDatabasesPrivilegeDataError::DatabaseDoesNotExist), Err(GetDatabasesPrivilegeDataError::DatabaseDoesNotExist),
); );
continue; continue;
@ -231,7 +230,7 @@ pub async fn get_databases_privilege_data(
.await .await
.map_err(|e| GetDatabasesPrivilegeDataError::MySqlError(e.to_string())); .map_err(|e| GetDatabasesPrivilegeDataError::MySqlError(e.to_string()));
results.insert(database_name.to_owned(), result); results.insert(database_name.clone(), result);
} }
debug_assert!(database_names.len() == results.len()); debug_assert!(database_names.len() == results.len());
@ -365,8 +364,8 @@ async fn validate_diff(
if privilege_row.is_some() { if privilege_row.is_some() {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply( Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowAlreadyExists( DiffDoesNotApplyError::RowAlreadyExists(
diff.get_database_name().to_owned(), diff.get_user_name().to_string(),
diff.get_user_name().to_owned(), diff.get_database_name().to_string(),
), ),
)) ))
} else { } else {
@ -376,8 +375,8 @@ async fn validate_diff(
DatabasePrivilegesDiff::Modified(_) if privilege_row.is_none() => { DatabasePrivilegesDiff::Modified(_) if privilege_row.is_none() => {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply( Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowDoesNotExist( DiffDoesNotApplyError::RowDoesNotExist(
diff.get_database_name().to_owned(), diff.get_user_name().to_string(),
diff.get_user_name().to_owned(), diff.get_database_name().to_string(),
), ),
)) ))
} }
@ -391,7 +390,7 @@ async fn validate_diff(
if error_exists { if error_exists {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply( Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowPrivilegeChangeDoesNotApply(row_diff.to_owned(), row), DiffDoesNotApplyError::RowPrivilegeChangeDoesNotApply(row_diff.clone(), row),
)) ))
} else { } else {
Ok(()) Ok(())
@ -401,8 +400,8 @@ async fn validate_diff(
if privilege_row.is_none() { if privilege_row.is_none() {
Err(ModifyDatabasePrivilegesError::DiffDoesNotApply( Err(ModifyDatabasePrivilegesError::DiffDoesNotApply(
DiffDoesNotApplyError::RowDoesNotExist( DiffDoesNotApplyError::RowDoesNotExist(
diff.get_database_name().to_owned(), diff.get_user_name().to_string(),
diff.get_user_name().to_owned(), diff.get_database_name().to_string(),
), ),
)) ))
} else { } else {
@ -420,12 +419,12 @@ pub async fn apply_privilege_diffs(
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> ModifyDatabasePrivilegesOutput { ) -> ModifyDatabasePrivilegesOutput {
let mut results: BTreeMap<(MySQLDatabase, MySQLUser), _> = BTreeMap::new(); let mut results: BTreeMap<(String, String), _> = BTreeMap::new();
for diff in database_privilege_diffs { for diff in database_privilege_diffs {
let key = ( let key = (
diff.get_database_name().to_owned(), diff.get_database_name().to_string(),
diff.get_user_name().to_owned(), diff.get_user_name().to_string(),
); );
if let Err(err) = validate_name(diff.get_database_name()) { if let Err(err) = validate_name(diff.get_database_name()) {
results.insert( results.insert(

32
src/server/sql/user_operations.rs
View File

@ -7,17 +7,18 @@ use serde::{Deserialize, Serialize};
use sqlx::prelude::*; use sqlx::prelude::*;
use sqlx::MySqlConnection; use sqlx::MySqlConnection;
use crate::server::common::try_get_with_binary_fallback;
use crate::{ use crate::{
core::{ core::{
common::UnixUser, common::UnixUser,
protocol::{ protocol::{
CreateUserError, CreateUsersOutput, DropUserError, DropUsersOutput, ListAllUsersError, CreateUserError, CreateUsersOutput, DropUserError, DropUsersOutput, ListAllUsersError,
ListAllUsersOutput, ListUsersError, ListUsersOutput, LockUserError, LockUsersOutput, ListAllUsersOutput, ListUsersError, ListUsersOutput, LockUserError, LockUsersOutput,
MySQLUser, SetPasswordError, SetPasswordOutput, UnlockUserError, UnlockUsersOutput, SetPasswordError, SetPasswordOutput, UnlockUserError, UnlockUsersOutput,
}, },
}, },
server::{ server::{
common::{create_user_group_matching_regex, try_get_with_binary_fallback}, common::create_user_group_matching_regex,
input_sanitization::{quote_literal, validate_name, validate_ownership_by_unix_user}, input_sanitization::{quote_literal, validate_name, validate_ownership_by_unix_user},
}, },
}; };
@ -51,7 +52,7 @@ async fn unsafe_user_exists(
} }
pub async fn create_database_users( pub async fn create_database_users(
db_users: Vec<MySQLUser>, db_users: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> CreateUsersOutput { ) -> CreateUsersOutput {
@ -97,7 +98,7 @@ pub async fn create_database_users(
} }
pub async fn drop_database_users( pub async fn drop_database_users(
db_users: Vec<MySQLUser>, db_users: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> DropUsersOutput { ) -> DropUsersOutput {
@ -143,7 +144,7 @@ pub async fn drop_database_users(
} }
pub async fn set_password_for_database_user( pub async fn set_password_for_database_user(
db_user: &MySQLUser, db_user: &str,
password: &str, password: &str,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
@ -166,7 +167,7 @@ pub async fn set_password_for_database_user(
format!( format!(
"ALTER USER {}@'%' IDENTIFIED BY {}", "ALTER USER {}@'%' IDENTIFIED BY {}",
quote_literal(db_user), quote_literal(db_user),
quote_literal(password).as_str(), quote_literal(password).as_str()
) )
.as_str(), .as_str(),
) )
@ -175,10 +176,11 @@ pub async fn set_password_for_database_user(
.map(|_| ()) .map(|_| ())
.map_err(|err| SetPasswordError::MySqlError(err.to_string())); .map_err(|err| SetPasswordError::MySqlError(err.to_string()));
if result.is_err() { if let Err(err) = &result {
log::error!( log::error!(
"Failed to set password for database user '{}': <REDACTED>", "Failed to set password for database user '{}': {:?}",
&db_user, &db_user,
err
); );
} }
@ -218,7 +220,7 @@ async fn database_user_is_locked_unsafe(
} }
pub async fn lock_database_users( pub async fn lock_database_users(
db_users: Vec<MySQLUser>, db_users: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> LockUsersOutput { ) -> LockUsersOutput {
@ -278,7 +280,7 @@ pub async fn lock_database_users(
} }
pub async fn unlock_database_users( pub async fn unlock_database_users(
db_users: Vec<MySQLUser>, db_users: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> UnlockUsersOutput { ) -> UnlockUsersOutput {
@ -341,7 +343,7 @@ pub async fn unlock_database_users(
/// This can be extended if we need more information in the future. /// This can be extended if we need more information in the future.
#[derive(Debug, Clone, PartialEq, Serialize, Deserialize)] #[derive(Debug, Clone, PartialEq, Serialize, Deserialize)]
pub struct DatabaseUser { pub struct DatabaseUser {
pub user: MySQLUser, pub user: String,
#[serde(skip)] #[serde(skip)]
pub host: String, pub host: String,
pub has_password: bool, pub has_password: bool,
@ -352,7 +354,7 @@ pub struct DatabaseUser {
impl FromRow<'_, sqlx::mysql::MySqlRow> for DatabaseUser { impl FromRow<'_, sqlx::mysql::MySqlRow> for DatabaseUser {
fn from_row(row: &sqlx::mysql::MySqlRow) -> Result<Self, sqlx::Error> { fn from_row(row: &sqlx::mysql::MySqlRow) -> Result<Self, sqlx::Error> {
Ok(Self { Ok(Self {
user: try_get_with_binary_fallback(row, "User")?.into(), user: try_get_with_binary_fallback(row, "User")?,
host: try_get_with_binary_fallback(row, "Host")?, host: try_get_with_binary_fallback(row, "Host")?,
has_password: row.try_get("has_password")?, has_password: row.try_get("has_password")?,
is_locked: row.try_get("is_locked")?, is_locked: row.try_get("is_locked")?,
@ -377,7 +379,7 @@ JOIN `global_priv` ON
"#; "#;
pub async fn list_database_users( pub async fn list_database_users(
db_users: Vec<MySQLUser>, db_users: Vec<String>,
unix_user: &UnixUser, unix_user: &UnixUser,
connection: &mut MySqlConnection, connection: &mut MySqlConnection,
) -> ListUsersOutput { ) -> ListUsersOutput {
@ -397,7 +399,7 @@ pub async fn list_database_users(
let mut result = sqlx::query_as::<_, DatabaseUser>( let mut result = sqlx::query_as::<_, DatabaseUser>(
&(DB_USER_SELECT_STATEMENT.to_string() + "WHERE `mysql`.`user`.`User` = ?"), &(DB_USER_SELECT_STATEMENT.to_string() + "WHERE `mysql`.`user`.`User` = ?"),
) )
.bind(db_user.as_str()) .bind(&db_user)
.fetch_optional(&mut *connection) .fetch_optional(&mut *connection)
.await; .await;
@ -462,7 +464,7 @@ pub async fn append_databases_where_user_has_privileges(
) )
.as_str(), .as_str(),
) )
.bind(db_user.user.as_str()) .bind(db_user.user.clone())
.fetch_all(&mut *connection) .fetch_all(&mut *connection)
.await; .await;