Skip to content

Commit 710dabf

Browse files
author
Marius Burkard
committed
- Fixed mysql privilege REVOKE
- Fixed mysql privilege reduction
1 parent 6f97fc1 commit 710dabf

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

server/plugins-available/mysql_clientdb_plugin.inc.php

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -120,21 +120,27 @@ function process_host_list($action, $database_name, $database_user, $database_pa
120120
continue;
121121
}
122122

123-
$grants = 'ALL';
123+
$grants = 'ALL PRIVILEGES';
124124
if($user_access_mode == 'r') $grants = 'SELECT';
125125
elseif($user_access_mode == 'rd') $grants = 'SELECT, DELETE, ALTER, DROP';
126126

127127
if($action == 'GRANT') {
128-
if(!$link->query("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
129-
$app->log("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'; success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
128+
if($user_access_mode == 'r' || $user_access_mode == 'rd') {
129+
if(!$link->query("REVOKE ALL PRIVILEGES ON `".$link->escape_string($database_name)."`.* FROM '".$link->escape_string($database_user)."'@'$db_host'")) $success = false;
130+
$app->log("REVOKE ALL PRIVILEGES ON `".$link->escape_string($database_name)."`.* FROM '".$link->escape_string($database_user)."'@'$db_host' success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
131+
$success = true;
132+
}
133+
134+
if(!$link->query("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."'")) $success = false;
135+
$app->log("GRANT " . $grants . " ON `".$link->escape_string($database_name)."`.* TO '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."' success? " . ($success ? 'yes' : 'no'), LOGLEVEL_DEBUG);
130136
} elseif($action == 'REVOKE') {
131-
if(!$link->query("REVOKE ALL PRIVILEGES ON `".$link->escape_string($database_name)."`.* FROM '".$link->escape_string($database_user)."'@'$db_host' IDENTIFIED BY PASSWORD '".$link->escape_string($database_password)."';")) $success = false;
137+
if(!$link->query("REVOKE ALL PRIVILEGES ON `".$link->escape_string($database_name)."`.* FROM '".$link->escape_string($database_user)."'@'$db_host'")) $success = false;
132138
} elseif($action == 'DROP') {
133-
if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host';")) $success = false;
139+
if(!$link->query("DROP USER '".$link->escape_string($database_user)."'@'$db_host'")) $success = false;
134140
} elseif($action == 'RENAME') {
135141
if(!$link->query("RENAME USER '".$link->escape_string($database_user)."'@'$db_host' TO '".$link->escape_string($database_rename_user)."'@'$db_host'")) $success = false;
136142
} elseif($action == 'PASSWORD') {
137-
if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."';")) $success = false;
143+
if(!$link->query("SET PASSWORD FOR '".$link->escape_string($database_user)."'@'$db_host' = '".$link->escape_string($database_password)."'")) $success = false;
138144
}
139145
}
140146

0 commit comments

Comments
 (0)