Commit 0bafbad7 authored by Grazyna Jaworska's avatar Grazyna Jaworska
Browse files

Manage extra GRANTS to allow SQL remote access via SSH tunneling which depends...

Manage extra GRANTS to allow SQL remote access via SSH tunneling which depends on '127.0.0.1' and will not work with GRANTS for 'localhost'.
parent ec8fd46f
......@@ -56,6 +56,11 @@ class Provision_Service_db_mysql extends Provision_Service_db_pdo {
function grant($name, $username, $password, $host = '') {
$host = ($host) ? $host : '%';
if ($host != "127.0.0.1") {
$extra_host = "127.0.0.1";
$success_extra_host = $this->query("GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`%s` IDENTIFIED BY '%s'", $name, $username, $extra_host, $password);
}
// Issue: https://github.com/omega8cc/provision/issues/2
return $this->query("GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`%s` IDENTIFIED BY '%s'", $name, $username, $host, $password);
}
......@@ -79,6 +84,29 @@ class Provision_Service_db_mysql extends Provision_Service_db_pdo {
if (!$grant_found) {
$success = $this->query("DROP USER `%s`@`%s`", $username, $host) && $success;
}
if ($host != "127.0.0.1") {
$extra_host = "127.0.0.1";
$success_extra_host = $this->query("REVOKE ALL PRIVILEGES ON `%s`.* FROM `%s`@`%s`", $name, $username, $extra_host);
// check if there are any privileges left for the user
$grants = $this->query("SHOW GRANTS FOR `%s`@`%s`", $username, $extra_host);
$grant_found = FALSE;
if ($grants) {
while ($grant = $grants->fetch()) {
// those are empty grants: just the user line
if (!preg_match("/^GRANT USAGE ON /", array_pop($grant))) {
// real grant, we shouldn't remove the user
$grant_found = TRUE;
break;
}
}
}
if (!$grant_found) {
$success_extra_host = $this->query("DROP USER `%s`@`%s`", $username, $extra_host) && $success_extra_host;
}
}
return $success;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment