Commit 093f661a authored by lenz@mysql.com's avatar lenz@mysql.com

- Applied patch provided by Martin Mokrejs <mmokrejs@natur.cuni.cz>

   (General code cleanup, use the GRANT statement instead of updating
   the privilege tables directly, added option to revoke privileges)
parent 8f1098fa
...@@ -16,20 +16,25 @@ ...@@ -16,20 +16,25 @@
## 1.2 begin screen now in a loop + quit is using 0 instead of 9 ## 1.2 begin screen now in a loop + quit is using 0 instead of 9
## after ideas of Paul DuBois. ## after ideas of Paul DuBois.
## 1.2a Add Grant, References, Index and Alter privilege handling (Monty) ## 1.2a Add Grant, References, Index and Alter privilege handling (Monty)
## 1.3 Applied patch provided by Martin Mokrejs <mmokrejs@natur.cuni.cz>
## (General code cleanup, use the GRANT statement instead of updating
## the privilege tables directly, added option to revoke privileges)
#### TODO #### TODO
# #
# empty ... suggestions ... mail them to me ... # empty ... suggestions ... mail them to me ...
$version="1.2"; $version="1.3";
use DBI; use DBI;
use Getopt::Long; use Getopt::Long;
use strict; use strict;
use vars qw($dbh $hostname $opt_user $opt_password $opt_help $opt_host use vars qw($dbh $sth $hostname $opt_user $opt_password $opt_help $opt_host
$opt_socket $opt_port $host $version); $opt_socket $opt_port $host $version);
my $sqlhost = "";
my $user = "";
$dbh=$host=$opt_user= $opt_password= $opt_help= $opt_host= $opt_socket= ""; $dbh=$host=$opt_user= $opt_password= $opt_help= $opt_host= $opt_socket= "";
$opt_port=0; $opt_port=0;
...@@ -42,11 +47,11 @@ usage() if ($opt_help); # the help function ...@@ -42,11 +47,11 @@ usage() if ($opt_help); # the help function
if ($opt_host eq '') if ($opt_host eq '')
{ {
$hostname = "localhost"; $sqlhost = "localhost";
} }
else else
{ {
$hostname = $opt_host; $sqlhost = $opt_host;
} }
# ask for a password if no password is set already # ask for a password if no password is set already
...@@ -62,7 +67,7 @@ if ($opt_password eq '') ...@@ -62,7 +67,7 @@ if ($opt_password eq '')
# make the connection to MySQL # make the connection to MySQL
$dbh= DBI->connect("DBI:mysql:mysql:host=$hostname:port=$opt_port:mysql_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) || $dbh= DBI->connect("DBI:mysql:mysql:host=$sqlhost:port=$opt_port:mysql_socket=$opt_socket",$opt_user,$opt_password, {PrintError => 0}) ||
die("Can't make a connection to the mysql server.\n The error: $DBI::errstr"); die("Can't make a connection to the mysql server.\n The error: $DBI::errstr");
# the start of the program # the start of the program
...@@ -86,27 +91,44 @@ sub q1 { # first question ... ...@@ -86,27 +91,44 @@ sub q1 { # first question ...
print "#"x70; print "#"x70;
print "\n"; print "\n";
print "What would you like to do:\n"; print "What would you like to do:\n";
print " 1. Set password for a user.\n"; print " 1. Set password for an existing user.\n";
print " 2. Add a database + user privilege for that database.\n"; print " 2. Create a database + user privilege for that database\n";
print " - user can do all except all admin functions\n"; print " and host combination (user can only do SELECT)\n";
print " 3. Add user privilege for an existing database.\n"; print " 3. Create/append user privilege for an existing database\n";
print " - user can do all except all admin functions\n"; print " and host combination (user can only do SELECT)\n";
print " 4. Add user privilege for an existing database.\n"; print " 4. Create/append broader user privileges for an existing\n";
print " - user can do all except all admin functions + no create/drop\n"; print " database and host combination\n";
print " 5. Add user privilege for an existing database.\n"; print " (user can do SELECT,INSERT,UPDATE,DELETE)\n";
print " - user can do only selects (no update/delete/insert etc.)\n"; print " 5. Create/append quite extended user privileges for an\n";
print " existing database and host combination (user can do\n";
print " SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,\n";
print " LOCK TABLES,CREATE TEMPORARY TABLES)\n";
print " 6. Create/append database administrative privileges for an\n";
print " existing database and host combination (user can do\n";
print " SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,LOCK TABLES,\n";
print " CREATE TEMPORARY TABLES,SHOW DATABASES,PROCESS)\n";
print " 7. Create/append full privileges for an existing database\n";
print " and host combination (user has FULL privilege)\n";
print " 8. Remove all privileges for for an existing database and\n";
print " host combination.\n";
print " (user will have all permission fields set to N)\n";
print " 0. exit this program\n"; print " 0. exit this program\n";
print "\nMake your choice [1,2,3,4,5,0]: "; print "\nMake your choice [1,2,3,4,5,6,7,0]: ";
while (<STDIN>) { while (<STDIN>) {
$answer = $_; $answer = $_;
chomp($answer); chomp($answer);
if ($answer =~ /1|2|3|4|5|0/) { if ($answer =~ /^[12345678]$/) {
&setpwd if ($answer == 1); if ($answer == 1) {
&addall($answer) if ($answer =~ /^[2345]$/); setpwd();
if ($answer == 0) { } elsif ($answer =~ /^[2345678]$/) {
print "Sorry, hope we can help you next time \n\n"; addall($answer);
} else {
print "Sorry, something went wrong. With such option number you should not get here.\n\n";
$end = 1; $end = 1;
} }
} elsif ($answer == 0) {
print "We hope we can help you next time \n\n";
$end = 1;
} else { } else {
print "Your answer was $answer\n"; print "Your answer was $answer\n";
print "and that's wrong .... Try again\n"; print "and that's wrong .... Try again\n";
...@@ -121,7 +143,7 @@ sub q1 { # first question ... ...@@ -121,7 +143,7 @@ sub q1 { # first question ...
### ###
sub setpwd sub setpwd
{ {
my ($user,$pass,$host); my ($user,$pass,$host) = "";
print "\n\nSetting a (new) password for a user.\n"; print "\n\nSetting a (new) password for a user.\n";
$user = user(); $user = user();
...@@ -168,22 +190,18 @@ sub setpwd ...@@ -168,22 +190,18 @@ sub setpwd
### ###
# all things which will be added are done here # all things which will be added are done here
### ###
sub addall sub addall {
{
my ($todo) = @_; my ($todo) = @_;
my ($answer,$good,$db,$user,$pass,$host,$priv); my ($answer,$good,$db,$user,$pass,$host,$priv);
if ($todo == 2) if ($todo == 2) {
{
$db = newdatabase(); $db = newdatabase();
} } else {
else
{
$db = database(); $db = database();
} }
$user = newuser(); $user = newuser();
$pass = newpass(); $pass = newpass("$user");
$host = newhosts(); $host = newhosts();
print "#"x70; print "#"x70;
...@@ -198,104 +216,80 @@ sub addall ...@@ -198,104 +216,80 @@ sub addall
print "Are you pretty sure you would like to implement this [yes/no]: "; print "Are you pretty sure you would like to implement this [yes/no]: ";
my $no = <STDIN>; my $no = <STDIN>;
chomp($no); chomp($no);
if ($no =~ /n/i) if ($no =~ /n/i) {
{
print "Okay .. that was it then ... See ya\n\n"; print "Okay .. that was it then ... See ya\n\n";
return(0); return(0);
} } else {
else
{
print "Okay ... let's go then ...\n\n"; print "Okay ... let's go then ...\n\n";
} }
if ($todo == 2) if ($todo == 2) {
{
# create the database # create the database
my $sth = $dbh->do("create database $db") || $dbh->errstr; if ($db) {
} my $sth = $dbh->do("CREATE DATABASE $db") || $dbh->errstr;
} else {
# select the privilege .... print STDERR "What do you want? You wanted to create new database and add new user, right?\n";
if (($todo == 2) || ($todo == 3)) die "But then specify databasename, please\n";
{
$priv = "'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y'";
}
elsif ($todo == 4)
{
$priv = "'Y','Y','Y','Y','N','N','N','Y','Y','Y'";
} }
elsif ($todo == 5)
{
$priv = "'Y','N','N','N','N','N','N','N','N','N'";
} }
else
{ if ( ( !$todo ) or not ( $todo =~ m/^[2-8]$/ ) ) {
print "Sorry, choice number $todo isn't known inside the program .. See ya\n"; print STDERR "Sorry, select option $todo isn't known inside the program .. See ya\n";
quit(); quit();
} }
my @hosts = split(/,/,$host); my @hosts = split(/,/,$host);
$user = $dbh->quote($user); if (!$user) {
$db = $dbh->quote($db); die "username not specified: $user\n";
if ($pass eq '') }
{ if (!$db) {
$pass = "''"; die "databasename is not specified nor *\n";
} }
else foreach $host (@hosts) {
{ # user privileges: SELECT
$pass = "PASSWORD(". $dbh->quote($pass) . ")"; if (($todo == 2) || ($todo == 3)) {
} $sth = $dbh->do("GRANT SELECT ON $db.* TO $user@\"$host\" IDENTIFIED BY \'$pass\'") || die $dbh->errstr;
foreach my $key (@hosts) } elsif ($todo == 4) {
{ # user privileges: SELECT,INSERT,UPDATE,DELETE
my $key1 = $dbh->quote($key); $sth = $dbh->do("GRANT SELECT,INSERT,UPDATE,DELETE ON $db.* TO $user@\"$host\" IDENTIFIED BY \'$pass\'") || die $dbh->errstr;
my $sth = $dbh->prepare("select Host,User from user where Host = $key1 and User = $user") || die $dbh->errstr; } elsif ($todo == 5) {
$sth->execute || die $dbh->errstr; # user privileges: SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,LOCK TABLES,CREATE TEMPORARY TABLES
my @r = $sth->fetchrow_array; $sth = $dbh->do("GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,LOCK TABLES,CREATE TEMPORARY TABLES ON $db.* TO $user@\"$host\" IDENTIFIED BY \'$pass\'") || die $dbh->errstr;
if ($r[0]) } elsif ($todo == 6) {
{ # admin privileges: GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,LOCK TABLES,CREATE TEMPORARY TABLES,SHOW DATABASES,PROCESS
print "WARNING WARNING SKIPPING CREATE FOR USER $user AND HOST $key\n"; $sth = $dbh->do("GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,INDEX,LOCK TABLES,CREATE TEMPORARY TABLES,SHOW DATABASES,PROCESS ON $db.* TO $user@\"$host\" IDENTIFIED BY \'$pass\'") || die $dbh->errstr;
print "Reason: entry already exists in the user table.\n"; } elsif ($todo == 7) {
} # all privileges
else $sth = $dbh->do("GRANT ALL ON $db.* TO \'$user\'\@\'$host\' IDENTIFIED BY \'$pass\'") || die $dbh->errstr;
{ } elsif ($todo == 8) {
$sth = $dbh->prepare("insert into user (Host,User,Password) values($key1,$user,$pass)") || die $dbh->errstr; # all privileges set to N
$sth->execute || die $dbh->errstr; $sth = $dbh->do("REVOKE ALL ON *.* FROM \'$user\'\@\'$host\'") || die $dbh->errstr;
$sth->finish; }
} }
$sth = $dbh->prepare("INSERT INTO db (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Grant_priv,References_priv,Index_priv,Alter_priv) VALUES ($key1,$db,$user,$priv)") || die $dbh->errstr; $dbh->do("FLUSH PRIVILEGES") || print STDERR "Can't flush privileges\n";
$sth->execute || die $dbh->errstr;
$sth->finish;
}
$dbh->do("flush privileges") || print "Can't load privileges\n";
print "Everything is inserted and mysql privileges have been reloaded.\n\n"; print "Everything is inserted and mysql privileges have been reloaded.\n\n";
} }
### ###
# ask for a new database name # ask for a new database name
### ###
sub newdatabase sub newdatabase {
{
my ($answer,$good,$db); my ($answer,$good,$db);
print "\n\nWhich database would you like to add: "; print "\n\nWhich database would you like to add: ";
while (<STDIN>) while (<STDIN>) {
{
$answer = $_; $answer = $_;
$good = 0; $good = 0;
chomp($answer); chomp($answer);
if ($answer) if ($answer) {
{ my $sth = $dbh->prepare("SHOW DATABASES") || die $dbh->errstr;
my $sth = $dbh->prepare("show databases") || die $dbh->errstr;
$sth->execute || die $dbh->errstr; $sth->execute || die $dbh->errstr;
while (my @r = $sth->fetchrow_array) while (my @r = $sth->fetchrow_array) {
{ if ($r[0] eq $answer) {
if ($r[0] eq $answer)
{
print "\n\nSorry, this database name is already in use; try something else: "; print "\n\nSorry, this database name is already in use; try something else: ";
$good = 1; $good = 1;
} }
} }
} } else {
else
{
print "You must type something ...\nTry again: "; print "You must type something ...\nTry again: ";
next; next;
} }
...@@ -309,48 +303,44 @@ sub newdatabase ...@@ -309,48 +303,44 @@ sub newdatabase
### ###
# select a database # select a database
### ###
sub database sub database {
{
my ($answer,$good,$db); my ($answer,$good,$db);
print "\n\nWhich database would you like to select: \n"; print "\n\nWhich database from existing databases would you like to select: \n";
print "You can choose from: \n"; print "You can choose from: \n";
my $sth = $dbh->prepare("show databases") || die $dbh->errstr; my $sth = $dbh->prepare("show databases") || die $dbh->errstr;
$sth->execute || die $dbh->errstr; $sth->execute || die $dbh->errstr;
while (my @r = $sth->fetchrow_array) while (my @r = $sth->fetchrow_array) {
{
print " - $r[0] \n"; print " - $r[0] \n";
} }
print "Which database will it be (case sensitive): "; print "Which database will it be (case sensitive). Type * for any: \n";
while (<STDIN>) while (<STDIN>) {
{
$answer = $_; $answer = $_;
$good = 0; $good = 0;
chomp($answer); chomp($answer);
if ($answer) if ($answer) {
{ if ($answer eq "*") {
print "OK, the user entry will NOT be limited to any database";
return("*");
}
my $sth = $dbh->prepare("show databases") || die $dbh->errstr; my $sth = $dbh->prepare("show databases") || die $dbh->errstr;
$sth->execute || die $dbh->errstr; $sth->execute || die $dbh->errstr;
while (my @r = $sth->fetchrow_array) while (my @r = $sth->fetchrow_array) {
{ if ($r[0] eq $answer) {
if ($r[0] eq $answer)
{
$good = 1; $good = 1;
$db = $r[0]; $db = $r[0];
last; last;
} }
} }
} } else {
else print "Type either database name or * meaning any databasename. That means";
{ print " any of those above but also any which will be created in future!";
print "You must type something ...\nTry again: "; print " This option gives a user chance to operate on databse mysql, which";
print " contains privilege settings. That is really risky!\n";
next; next;
} }
if ($good == 1) if ($good == 1) {
{
last; last;
} } else {
else
{
print "You must select one from the list.\nTry again: "; print "You must select one from the list.\nTry again: ";
next; next;
} }
...@@ -364,7 +354,8 @@ sub database ...@@ -364,7 +354,8 @@ sub database
### ###
sub newuser sub newuser
{ {
my ($answer,$user); my $user = "";
my $answer = "";
print "\nWhat username is to be created: "; print "\nWhat username is to be created: ";
while(<STDIN>) while(<STDIN>)
...@@ -430,7 +421,7 @@ sub user ...@@ -430,7 +421,7 @@ sub user
sub newpass sub newpass
{ {
my ($user) = @_; my ($user) = @_;
my ($answer,$good,$pass,$yes); my ($pass,$answer,$good,$yes);
print "Would you like to set a password for $user [y/n]: "; print "Would you like to set a password for $user [y/n]: ";
$yes = <STDIN>; $yes = <STDIN>;
...@@ -487,7 +478,7 @@ sub newpass ...@@ -487,7 +478,7 @@ sub newpass
### ###
sub newhosts sub newhosts
{ {
my ($answer,$good,$host); my ($host,$answer,$good);
print "We now need to know from what host(s) the user will connect.\n"; print "We now need to know from what host(s) the user will connect.\n";
print "Keep in mind that % means 'from any host' ...\n"; print "Keep in mind that % means 'from any host' ...\n";
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment