- fixed db privileges

Marius Burkard · Marius Burkard · commit 6f97fc13f9ad · 2016-02-18T12:00:05.000+01:00
diff --git a/server/plugins-available/mysql_clientdb_plugin.inc.php b/server/plugins-available/mysql_clientdb_plugin.inc.php
@@ -92,6 +92,9 @@ function process_host_list($action, $database_name, $database_user, $database_pa
 						$result->free();
 				}
 		}
+		
+		$app->log("Calling $action for $database_name with access $user_access_mode and hosts " . implode(', ', $host_list), LOGLEVEL_DEBUG);
+		
 		// loop through hostlist
 		foreach($host_list as $db_host) {
 			$db_host = trim($db_host);
@@ -112,7 +115,10 @@ function process_host_list($action, $database_name, $database_user, $database_pa
 				$valid = false;
 			}
 
-			if($valid == false) continue;
+			if($valid == false) {
+				$app->log("Invalid host " . $db_host . " for GRANT to " . $database_name, LOGLEVEL_DEBUG);
+				continue;
+			}
 			
 			$grants = 'ALL';
 			if($user_access_mode == 'r') $grants = 'SELECT';
@@ -254,7 +260,7 @@ function db_update($event_name, $data) {
 				$app->log('Unable to connect to the database: '.$link->connect_error, LOGLEVEL_ERROR);
 				return;
 			}
-
+			
 			// get the users for this database
 			$db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['new']['database_user_id']);
 			$old_db_user = $app->db->queryOneRecord("SELECT `database_user`, `database_password` FROM `web_database_user` WHERE `database_user_id` = ?", $data['old']['database_user_id']);
@@ -406,32 +412,32 @@ function db_update($event_name, $data) {
 					if($db_ro_user['database_user'] == 'root') $app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
 					else $this->process_host_list('GRANT', $data['new']['database_name'], $db_ro_user['database_user'], $db_ro_user['database_password'], $host_list, $link, '', 'r');
 				}
-			} else if($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
-					if($old_db_user) {
-						if($old_db_user['database_user'] == 'root'){
-							$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
-						} else {
-							// Find out users to drop and users to revoke
-							$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
-							if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
-							if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
-						}
-
+			} elseif($data['new']['active'] == 'n' && $data['old']['active'] == 'y') { // revoke database user, if inactive
+				if($old_db_user) {
+					if($old_db_user['database_user'] == 'root'){
+						$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+					} else {
+						// Find out users to drop and users to revoke
+						$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_user_id'], $old_host_list);
+						if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+						if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_user['database_user'], $old_db_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
 					}
-					if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
-						if($old_db_ro_user['database_user'] == 'root'){
-							$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
-						} else {
-							// Find out users to drop and users to revoke
-							$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
-							if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
-							if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
-						}
+
+				}
+				if($old_db_ro_user && $data['old']['database_user_id'] != $data['old']['database_ro_user_id']) {
+					if($old_db_ro_user['database_user'] == 'root'){
+						$app->log('User root not allowed for Client databases', LOGLEVEL_WARNING);
+					} else {
+						// Find out users to drop and users to revoke
+						$drop_or_revoke_user = $this->drop_or_revoke_user($data['old']['database_id'], $data['old']['database_ro_user_id'], $old_host_list);
+						if($drop_or_revoke_user['drop_hosts'] != '') $this->process_host_list('DROP', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['drop_hosts'], $link);
+						if($drop_or_revoke_user['revoke_hosts'] != '') $this->process_host_list('REVOKE', $data['old']['database_name'], $old_db_ro_user['database_user'], $old_db_ro_user['database_password'], $drop_or_revoke_user['revoke_hosts'], $link);
 					}
-					// Database is not active, so stop processing here
-					$link->close();
-					return;
 				}
+				// Database is not active, so stop processing here
+				$link->close();
+				return;
+			}
 
 			//* selected Users have changed
 			if($data['new']['database_user_id'] != $data['old']['database_user_id']) {
