Commit 6f97fc13 authored by Marius Burkard's avatar Marius Burkard

- fixed db privileges

parent e06b59c8
......@@ -92,6 +92,9 @@ class mysql_clientdb_plugin {
$result->free();
}
}
$app->log("Calling $action for $database_name with access $user_access_mode and hosts " . implode(', ', $host_list), LOGLEVEL_DEBUG);
// loop through hostlist
foreach($host_list as $db_host) {
$db_host = trim($db_host);
......@@ -112,7 +115,10 @@ class mysql_clientdb_plugin {
$valid = false;
}
if($valid == false) continue;
if($valid == false) {
$app->log("Invalid host " . $db_host . " for GRANT to " . $database_name, LOGLEVEL_DEBUG);
continue;
}
$grants = 'ALL';
if($user_access_mode == 'r') $grants = 'SELECT';
......@@ -254,7 +260,7 @@ class mysql_clientdb_plugin {
$app->log('Unable to connect to the database: '.$link->connect_error, LOGLEVEL_ERROR);
return;
}
// get the users for this database
$db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);
......@@ -406,32 +412,32 @@ class mysql_clientdb_plugin {
if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', 'r');
}
} else if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
if($old_db_user) {
if($old_db_user['database_user'] == 'root'){
$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
} else {
// Find out users to drop and users to revoke
$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
}
} elseif($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
if($old_db_user) {
if($old_db_user['database_user'] == 'root'){
$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
} else {
// Find out users to drop and users to revoke
$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
}
if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
if($old_db_ro_user['database_user'] == 'root'){
$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
} else {
// Find out users to drop and users to revoke
$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
}
}
if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
if($old_db_ro_user['database_user'] == 'root'){
$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
} else {
// Find out users to drop and users to revoke
$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
}
// Database is not active, so stop processing here
$link->close();
return;
}
// Database is not active, so stop processing here
$link->close();
return;
}
//* selected Users have changed
if($data['new']['database_user_id'] != $data['old']['database_user_id']) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment