Compare commits
6 Commits
d554280741
...
7ec2c5de20
Author | SHA1 | Date |
---|---|---|
Oystein Kristoffer Tveit | 7ec2c5de20 | |
Oystein Kristoffer Tveit | 94e0e5d6c7 | |
Oystein Kristoffer Tveit | 807017ea70 | |
Oystein Kristoffer Tveit | 0e38fbb7e9 | |
Oystein Kristoffer Tveit | 5d049390b8 | |
Oystein Kristoffer Tveit | a6f00d4313 |
|
@ -265,6 +265,15 @@ dependencies = [
|
|||
"strsim",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "clap_complete"
|
||||
version = "4.5.18"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1ee158892bd7ce77aa15c208abbdb73e155d191c287a659b57abd5adb92feb03"
|
||||
dependencies = [
|
||||
"clap",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "clap_derive"
|
||||
version = "4.5.13"
|
||||
|
@ -1055,6 +1064,7 @@ dependencies = [
|
|||
"async-bincode",
|
||||
"bincode",
|
||||
"clap",
|
||||
"clap_complete",
|
||||
"derive_more",
|
||||
"dialoguer",
|
||||
"env_logger",
|
||||
|
|
|
@ -8,6 +8,7 @@ anyhow = "1.0.86"
|
|||
async-bincode = "0.7.2"
|
||||
bincode = "1.3.3"
|
||||
clap = { version = "4.5.16", features = ["derive"] }
|
||||
clap_complete = "4.5.18"
|
||||
derive_more = { version = "1.0.0", features = ["display", "error"] }
|
||||
dialoguer = "0.11.0"
|
||||
env_logger = "0.11.5"
|
||||
|
|
12
build.rs
12
build.rs
|
@ -3,9 +3,7 @@ use anyhow::anyhow;
|
|||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
use std::{env, os::unix::fs::symlink, path::PathBuf};
|
||||
|
||||
fn main() -> anyhow::Result<()> {
|
||||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
{
|
||||
fn generate_mysql_admutils_symlinks() -> anyhow::Result<()> {
|
||||
// NOTE: This is slightly illegal, and depends on implementation details.
|
||||
// But it is only here for ease of testing the compatibility layer,
|
||||
// and not critical in any way. Considering the code is never going
|
||||
|
@ -36,7 +34,13 @@ fn main() -> anyhow::Result<()> {
|
|||
)
|
||||
.ok();
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn main() -> anyhow::Result<()> {
|
||||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
generate_mysql_admutils_symlinks()?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
|
|
@ -1,5 +1,8 @@
|
|||
# This should go to `/etc/mysqladm/config.toml`
|
||||
|
||||
[server]
|
||||
socket_path = "/var/run/mysqladm/mysqladm.sock"
|
||||
|
||||
[mysql]
|
||||
host = "localhost"
|
||||
port = 3306
|
||||
|
|
12
flake.lock
12
flake.lock
|
@ -2,11 +2,11 @@
|
|||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1713297878,
|
||||
"narHash": "sha256-hOkzkhLT59wR8VaMbh1ESjtZLbGi+XNaBN6h49SPqEc=",
|
||||
"lastModified": 1723637854,
|
||||
"narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "66adc1e47f8784803f2deb6cacd5e07264ec2d5c",
|
||||
"rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -29,11 +29,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720577957,
|
||||
"narHash": "sha256-RZuzLdB/8FaXaSzEoWLg3au/mtbuH7MGn2LmXUKT62g=",
|
||||
"lastModified": 1723947704,
|
||||
"narHash": "sha256-TcVf66N2NgGhxORFytzgqWcg0XJ+kk8uNLNsTRI5sYM=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "a434177dfcc53bf8f1f348a3c39bfb336d760286",
|
||||
"rev": "456e78a55feade2c3bc6d7bc0bf5e710c9d86120",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -52,11 +52,16 @@
|
|||
|
||||
overlays = {
|
||||
default = self.overlays.mysqladm-rs;
|
||||
greg-ng = final: prev: {
|
||||
mysqladm-rs = final: prev: {
|
||||
inherit (self.packages.${prev.system}) mysqladm-rs;
|
||||
};
|
||||
};
|
||||
|
||||
nixosModules = {
|
||||
default = self.nixosModules.mysqladm-rs;
|
||||
mysqladm-rs = import ./nix/module.nix;
|
||||
};
|
||||
|
||||
packages = let
|
||||
cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml);
|
||||
cargoLock = ./Cargo.lock;
|
||||
|
|
|
@ -4,8 +4,10 @@
|
|||
, cargoToml
|
||||
, cargoLock
|
||||
, src
|
||||
, installShellFiles
|
||||
}:
|
||||
let
|
||||
mainProgram = (lib.head cargoToml.bin).name;
|
||||
in
|
||||
rustPlatform.buildRustPackage {
|
||||
pname = cargoToml.package.name;
|
||||
|
@ -14,9 +16,20 @@ rustPlatform.buildRustPackage {
|
|||
|
||||
cargoLock.lockFile = cargoLock;
|
||||
|
||||
nativeBuildInputs = [ installShellFiles ];
|
||||
postInstall = let
|
||||
commands = lib.mapCartesianProduct ({ shell, command }: ''
|
||||
"$out/bin/${mainProgram}" generate-completions --shell "${shell}" --command "${command}" > "$TMP/mysqladm.${shell}"
|
||||
installShellCompletion "--${shell}" --cmd "${command}" "$TMP/mysqladm.${shell}"
|
||||
'') {
|
||||
shell = [ "bash" "zsh" "fish" ];
|
||||
command = [ "mysqladm" "mysql-dbadm" "mysql-useradm" ];
|
||||
};
|
||||
in lib.concatStringsSep "\n" commands;
|
||||
|
||||
meta = with lib; {
|
||||
license = licenses.mit;
|
||||
platforms = platforms.linux ++ platforms.darwin;
|
||||
mainProgram = (lib.head cargoToml.bin).name;
|
||||
inherit mainProgram;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,108 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.mysqladm-rs;
|
||||
format = pkgs.formats.toml { };
|
||||
in
|
||||
{
|
||||
options.services.mysqladm-rs = {
|
||||
enable = lib.mkEnableOption "Enable mysqladm-rs";
|
||||
|
||||
package = lib.mkPackageOption pkgs "mysqladm-rs" { };
|
||||
|
||||
createLocalUser = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = false;
|
||||
description = "Create a local database user for mysqladm-rs";
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
freeformType = format.type;
|
||||
options = {
|
||||
server = {
|
||||
socket_path = lib.mkOption {
|
||||
type = lib.types.path;
|
||||
default = "/var/run/mysqladm/mysqladm.sock";
|
||||
description = "Path to the MySQL socket";
|
||||
};
|
||||
};
|
||||
|
||||
mysql = {
|
||||
host = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "localhost";
|
||||
description = "MySQL host";
|
||||
};
|
||||
port = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 3306;
|
||||
description = "MySQL port";
|
||||
};
|
||||
username = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "root";
|
||||
description = "MySQL username";
|
||||
};
|
||||
# passwordFile = lib.mkOption {
|
||||
# type = lib.types.path;
|
||||
# default = "secret";
|
||||
# description = "Path to a file containing the MySQL password";
|
||||
# };
|
||||
password = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = "secret";
|
||||
description = "MySQL password";
|
||||
};
|
||||
timeout = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 2;
|
||||
description = "Number of seconds to wait for a response from the MySQL server";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = let
|
||||
configFile = format.generate "mysqladm-rs.conf" cfg.settings;
|
||||
in lib.mkIf config.services.mysqladm-rs.enable {
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
services.mysql.ensureUsers = lib.mkIf cfg.createLocalUser [
|
||||
{
|
||||
name = "mysqladm";
|
||||
ensurePermissions = {
|
||||
"mysql.*" = "SELECT, INSERT, UPDATE, DELETE";
|
||||
"information_schema.*" = "SELECT";
|
||||
"*.*" = "CREATE USER, GRANT OPTION";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services."mysqladm@" = {
|
||||
description = "MySQL administration tool for non-admin users";
|
||||
# after = [ "mysql.target" ];
|
||||
environment.RUST_LOG = "debug";
|
||||
serviceConfig = {
|
||||
Type = "notify";
|
||||
ExecStart = "${lib.getExe cfg.package} server socket-activate --config ${configFile}";
|
||||
User = "mysqladm";
|
||||
Group = "mysqladm";
|
||||
DynamicUser = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.sockets."mysqladm" = {
|
||||
description = "MySQL administration tool for non-admin users";
|
||||
wantedBy = [ "sockets.target" ];
|
||||
restartTriggers = [ configFile ];
|
||||
socketConfig = {
|
||||
ListenStream = cfg.settings.server.socket_path;
|
||||
Accept = "yes";
|
||||
PassCredentials = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -49,7 +49,19 @@ The Y/N-values corresponds to the following mysql privileges:
|
|||
References - Enables use of REFERENCES
|
||||
"#;
|
||||
|
||||
/// Create, drop or edit permissions for the DATABASE(s),
|
||||
/// as determined by the COMMAND.
|
||||
///
|
||||
/// This is a compatibility layer for the mysql-dbadm command.
|
||||
/// Please consider using the newer mysqladm command instead.
|
||||
#[derive(Parser)]
|
||||
#[command(
|
||||
bin_name = "mysql-dbadm",
|
||||
version,
|
||||
about,
|
||||
disable_help_subcommand = true,
|
||||
verbatim_doc_comment,
|
||||
)]
|
||||
pub struct Args {
|
||||
#[command(subcommand)]
|
||||
pub command: Option<Command>,
|
||||
|
@ -82,14 +94,7 @@ pub struct Args {
|
|||
// NOTE: mysql-dbadm explicitly calls privileges "permissions".
|
||||
// This is something we're trying to move away from.
|
||||
// See https://git.pvv.ntnu.no/Projects/mysqladm-rs/issues/29
|
||||
|
||||
/// Create, drop or edit permissions for the DATABASE(s),
|
||||
/// as determined by the COMMAND.
|
||||
///
|
||||
/// This is a compatibility layer for the mysql-dbadm command.
|
||||
/// Please consider using the newer mysqladm command instead.
|
||||
#[derive(Parser)]
|
||||
#[command(version, about, disable_help_subcommand = true, verbatim_doc_comment)]
|
||||
pub enum Command {
|
||||
/// create the DATABASE(s).
|
||||
Create(CreateArgs),
|
||||
|
|
|
@ -25,7 +25,19 @@ use crate::{
|
|||
server::sql::user_operations::DatabaseUser,
|
||||
};
|
||||
|
||||
/// Create, delete or change password for the USER(s),
|
||||
/// as determined by the COMMAND.
|
||||
///
|
||||
/// This is a compatibility layer for the mysql-useradm command.
|
||||
/// Please consider using the newer mysqladm command instead.
|
||||
#[derive(Parser)]
|
||||
#[command(
|
||||
bin_name = "mysql-useradm",
|
||||
version,
|
||||
about,
|
||||
disable_help_subcommand = true,
|
||||
verbatim_doc_comment,
|
||||
)]
|
||||
pub struct Args {
|
||||
#[command(subcommand)]
|
||||
pub command: Option<Command>,
|
||||
|
@ -51,13 +63,7 @@ pub struct Args {
|
|||
config: Option<PathBuf>,
|
||||
}
|
||||
|
||||
/// Create, delete or change password for the USER(s),
|
||||
/// as determined by the COMMAND.
|
||||
///
|
||||
/// This is a compatibility layer for the mysql-useradm command.
|
||||
/// Please consider using the newer mysqladm command instead.
|
||||
#[derive(Parser)]
|
||||
#[command(version, about, disable_help_subcommand = true, verbatim_doc_comment)]
|
||||
pub enum Command {
|
||||
/// create the USER(s).
|
||||
Create(CreateArgs),
|
||||
|
|
|
@ -6,7 +6,8 @@ use futures_util::{SinkExt, StreamExt};
|
|||
use crate::core::protocol::{
|
||||
print_create_users_output_status, print_drop_users_output_status,
|
||||
print_lock_users_output_status, print_set_password_output_status,
|
||||
print_unlock_users_output_status, ClientToServerMessageStream, Request, Response,
|
||||
print_unlock_users_output_status, ClientToServerMessageStream, ListUsersError, Request,
|
||||
Response,
|
||||
};
|
||||
|
||||
use super::common::erroneous_server_response;
|
||||
|
@ -207,6 +208,28 @@ async fn passwd_user(
|
|||
args: UserPasswdArgs,
|
||||
mut server_connection: ClientToServerMessageStream,
|
||||
) -> anyhow::Result<()> {
|
||||
// TODO: create a "user" exists check" command
|
||||
let message = Request::ListUsers(Some(vec![args.username.clone()]));
|
||||
if let Err(err) = server_connection.send(message).await {
|
||||
server_connection.close().await.ok();
|
||||
anyhow::bail!(err);
|
||||
}
|
||||
let response = match server_connection.next().await {
|
||||
Some(Ok(Response::ListUsers(users))) => users,
|
||||
response => return erroneous_server_response(response),
|
||||
};
|
||||
match response
|
||||
.get(&args.username)
|
||||
.unwrap_or(&Err(ListUsersError::UserDoesNotExist))
|
||||
{
|
||||
Ok(_) => {}
|
||||
Err(err) => {
|
||||
server_connection.send(Request::Exit).await?;
|
||||
server_connection.close().await.ok();
|
||||
anyhow::bail!("{}", err.to_error_message(&args.username));
|
||||
}
|
||||
}
|
||||
|
||||
let password = if let Some(password_file) = args.password_file {
|
||||
std::fs::read_to_string(password_file)
|
||||
.context("Failed to read password file")?
|
||||
|
|
|
@ -76,6 +76,7 @@ impl OwnerValidationError {
|
|||
indoc! {r#"
|
||||
Invalid {} name prefix: '{}' does not match your username or any of your groups.
|
||||
Are you sure you are allowed to create {} names with this prefix?
|
||||
The format should be: <prefix>_<{} name>
|
||||
|
||||
Allowed prefixes:
|
||||
- {}
|
||||
|
@ -84,6 +85,7 @@ impl OwnerValidationError {
|
|||
db_or_user.lowercased(),
|
||||
name,
|
||||
db_or_user.lowercased(),
|
||||
db_or_user.lowercased(),
|
||||
user.as_ref()
|
||||
.map(|u| u.username.clone())
|
||||
.unwrap_or("???".to_string()),
|
||||
|
|
117
src/main.rs
117
src/main.rs
|
@ -1,7 +1,8 @@
|
|||
#[macro_use]
|
||||
extern crate prettytable;
|
||||
|
||||
use clap::Parser;
|
||||
use clap::{CommandFactory, Parser, ValueEnum};
|
||||
use clap_complete::{generate, Shell};
|
||||
|
||||
use std::path::PathBuf;
|
||||
|
||||
|
@ -27,7 +28,14 @@ mod core;
|
|||
#[cfg(feature = "tui")]
|
||||
mod tui;
|
||||
|
||||
/// Database administration tool for non-admin users to manage their own MySQL databases and users.
|
||||
///
|
||||
/// This tool allows you to manage users and databases in MySQL.
|
||||
///
|
||||
/// You are only allowed to manage databases and users that are prefixed with
|
||||
/// either your username, or a group that you are a member of.
|
||||
#[derive(Parser, Debug)]
|
||||
#[command(bin_name = "mysqladm", version, about, disable_help_subcommand = true)]
|
||||
struct Args {
|
||||
#[command(subcommand)]
|
||||
command: Command,
|
||||
|
@ -57,14 +65,7 @@ struct Args {
|
|||
interactive: bool,
|
||||
}
|
||||
|
||||
// Database administration tool for non-admin users to manage their own MySQL databases and users.
|
||||
//
|
||||
// This tool allows you to manage users and databases in MySQL.
|
||||
//
|
||||
// You are only allowed to manage databases and users that are prefixed with
|
||||
// either your username, or a group that you are a member of.
|
||||
#[derive(Parser, Debug, Clone)]
|
||||
#[command(version, about, disable_help_subcommand = true)]
|
||||
enum Command {
|
||||
#[command(flatten)]
|
||||
Db(cli::database_command::DatabaseCommand),
|
||||
|
@ -74,6 +75,26 @@ enum Command {
|
|||
|
||||
#[command(hide = true)]
|
||||
Server(server::command::ServerArgs),
|
||||
|
||||
#[command(hide = true)]
|
||||
GenerateCompletions(GenerateCompletionArgs),
|
||||
}
|
||||
|
||||
#[derive(Parser, Debug, Clone)]
|
||||
struct GenerateCompletionArgs {
|
||||
#[arg(long, default_value = "bash")]
|
||||
shell: Shell,
|
||||
|
||||
#[arg(long, default_value = "mysqladm")]
|
||||
command: ToplevelCommands,
|
||||
}
|
||||
|
||||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
#[derive(ValueEnum, Debug, Clone)]
|
||||
enum ToplevelCommands {
|
||||
Mysqladm,
|
||||
MysqlDbadm,
|
||||
MysqlUseradm,
|
||||
}
|
||||
|
||||
// TODO: tag all functions that are run with elevated privileges with
|
||||
|
@ -86,28 +107,18 @@ fn main() -> anyhow::Result<()> {
|
|||
env_logger::init();
|
||||
|
||||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
{
|
||||
let argv0 = std::env::args().next().and_then(|s| {
|
||||
PathBuf::from(s)
|
||||
.file_name()
|
||||
.map(|s| s.to_string_lossy().to_string())
|
||||
});
|
||||
|
||||
match argv0.as_deref() {
|
||||
Some("mysql-dbadm") => return mysql_dbadm::main(),
|
||||
Some("mysql-useradm") => return mysql_useradm::main(),
|
||||
_ => { /* fall through */ }
|
||||
}
|
||||
if let Some(_) = handle_mysql_admutils_command()? {
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
let args: Args = Args::parse();
|
||||
match args.command {
|
||||
Command::Server(ref command) => {
|
||||
drop_privs()?;
|
||||
tokio_start_server(args.server_socket_path, args.config, command.clone())?;
|
||||
|
||||
if let Some(_) = handle_server_command(&args)? {
|
||||
return Ok(());
|
||||
}
|
||||
_ => { /* fall through */ }
|
||||
|
||||
if let Some(_) = handle_generate_completions_command(&args)? {
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
let server_connection =
|
||||
|
@ -118,6 +129,61 @@ fn main() -> anyhow::Result<()> {
|
|||
Ok(())
|
||||
}
|
||||
|
||||
fn handle_mysql_admutils_command() -> anyhow::Result<Option<()>> {
|
||||
let argv0 = std::env::args().next().and_then(|s| {
|
||||
PathBuf::from(s)
|
||||
.file_name()
|
||||
.map(|s| s.to_string_lossy().to_string())
|
||||
});
|
||||
|
||||
match argv0.as_deref() {
|
||||
Some("mysql-dbadm") => mysql_dbadm::main().map(|result| Some(result)),
|
||||
Some("mysql-useradm") => mysql_useradm::main().map(|result| Some(result)),
|
||||
_ => Ok(None),
|
||||
}
|
||||
}
|
||||
|
||||
fn handle_server_command(args: &Args) -> anyhow::Result<Option<()>> {
|
||||
match args.command {
|
||||
Command::Server(ref command) => {
|
||||
drop_privs()?;
|
||||
tokio_start_server(
|
||||
args.server_socket_path.clone(),
|
||||
args.config.clone(),
|
||||
command.clone(),
|
||||
)?;
|
||||
Ok(Some(()))
|
||||
}
|
||||
_ => Ok(None),
|
||||
}
|
||||
}
|
||||
|
||||
fn handle_generate_completions_command(args: &Args) -> anyhow::Result<Option<()>> {
|
||||
match args.command {
|
||||
Command::GenerateCompletions(ref completion_args) => {
|
||||
let mut cmd = match completion_args.command {
|
||||
ToplevelCommands::Mysqladm => Args::command(),
|
||||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
ToplevelCommands::MysqlDbadm => mysql_dbadm::Args::command(),
|
||||
#[cfg(feature = "mysql-admutils-compatibility")]
|
||||
ToplevelCommands::MysqlUseradm => mysql_useradm::Args::command(),
|
||||
};
|
||||
|
||||
let binary_name = cmd.get_bin_name().unwrap().to_owned();
|
||||
|
||||
generate(
|
||||
completion_args.shell,
|
||||
&mut cmd,
|
||||
binary_name,
|
||||
&mut std::io::stdout(),
|
||||
);
|
||||
|
||||
Ok(Some(()))
|
||||
}
|
||||
_ => Ok(None),
|
||||
}
|
||||
}
|
||||
|
||||
fn tokio_start_server(
|
||||
server_socket_path: Option<PathBuf>,
|
||||
config_path: Option<PathBuf>,
|
||||
|
@ -148,6 +214,7 @@ fn tokio_run_command(command: Command, server_connection: StdUnixStream) -> anyh
|
|||
cli::database_command::handle_command(db_args, message_stream).await
|
||||
}
|
||||
Command::Server(_) => unreachable!(),
|
||||
Command::GenerateCompletions(_) => unreachable!(),
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
@ -45,7 +45,7 @@ pub fn validate_ownership_by_prefixes(
|
|||
|
||||
if prefixes
|
||||
.iter()
|
||||
.filter(|p| name.starts_with(*p))
|
||||
.filter(|p| name.starts_with(&(p.to_string() + "_")))
|
||||
.collect::<Vec<_>>()
|
||||
.is_empty()
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue