n3parikh
/
pyceo
forked from public/pyceo
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Python CSC Electronic Office
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
484 Commits
5 Branches
0 Tags
1.4 MiB
 
 
 
 
 
Tag: Branch: Tree: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
pyceo/src/op-mysql

99 lines
3.5 KiB
Raw Permalink Blame History

#!/usr/bin/python
import os, sys, string, random, syslog, grp, errno, re
from ceo import ceo_pb2, members, conf, ops
from ceo.ops import response_message, get_ceo_user, check_group
import MySQLdb
CONFIG_FILE = '/etc/csc/mysql.cf'
cfg = {}
def configure():
string_fields = ['mysql_admin_username', 'mysql_admin_password']
# read configuration file
cfg_tmp = conf.read(CONFIG_FILE)
# verify configuration
conf.check_string_fields(CONFIG_FILE, string_fields, cfg_tmp)
# update the current configuration with the loaded values
cfg.update(cfg_tmp)
def random_password():
chars = string.letters + string.digits
return ''.join(random.choice(chars) for i in xrange(20))
def check_auth(remote_user, mysql_user, response):
if remote_user == mysql_user:
return response_message(response, 0, 'user %s creating database for self' % remote_user)
club = members.get(mysql_user)
if not club:
return response_message(response, errno.EPERM, 'user %s does not exist' % mysql_user)
if 'club' in club.get('objectClass', []):
if check_group(remote_user, mysql_user):
return response_message(response, 0, 'user %s is in club group %s' % (remote_user, mysql_user))
elif check_group(remote_user, 'syscom'):
return response_message(response, 0, 'user %s is on systems committee' % remote_user)
else:
return response_message(response, errno.EPERM, 'denied, user %s is not in club group %s' % (remote_user, mysql_user))
else:
if check_group(remote_user, 'syscom'):
return response_message(response, 0, 'user %s is on systems committee' % remote_user)
else:
return response_message(response, errno.EPERM, 'denied, you may not create databases for other members')
def mysql_createdb(remote_user, mysql_user, response):
if check_auth(remote_user, mysql_user, response):
return
response.password = random_password()
if not re.match('^[a-zA-Z0-9-]+$', mysql_user):
response_message(response, errno.EINVAL, 'invalid characters in username %s' % mysql_user)
return
if not re.match('^[a-zA-Z0-9-]+$', response.password):
response_message(response, errno.EINVAL, 'invalid characters in password %s' % response.password)
return
try:
connection = MySQLdb.Connect(user=cfg['mysql_admin_username'], passwd=cfg['mysql_admin_password'])
cursor = connection.cursor()
cursor.execute("GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`localhost` IDENTIFIED BY '%s'"
% (mysql_user, mysql_user, response.password))
cursor.execute("CREATE DATABASE IF NOT EXISTS `%s`" % mysql_user)
cursor.close()
connection.close()
response_message(response, 0, 'successfully created database %s' % mysql_user)
except MySQLdb.MySQLError, e:
response_message(response, 1, 'exception occured creating database: %s' % e)
def mysql_op():
input = sys.stdin.read()
request = ceo_pb2.AddMySQLUser()
request.ParseFromString(input)
remote_user = get_ceo_user()
mysql_user = request.username
response = ceo_pb2.AddMySQLUserResponse()
response_message(response, 0, 'mysql create db=%s by %s' % (mysql_user, remote_user))
mysql_createdb(remote_user, mysql_user, response)
sys.stdout.write(response.SerializeToString())
def main():
configure()
members.configure()
members.connect_anonymous()
syslog.openlog('op-mysql', syslog.LOG_PID, syslog.LOG_DAEMON)
mysql_op()
if __name__ == '__main__':
main()