Skip to content
Snippets Groups Projects
Commit d2bcbcc8 authored by Adam Andrzej Jaworski's avatar Adam Andrzej Jaworski Committed by Herman van Rink
Browse files

Issue #2798121 by memtkmcc: Manage extra db GRANT for 127.0.0.1 to allow SSH...

Issue #2798121 by memtkmcc: Manage extra db GRANT for 127.0.0.1 to allow SSH tunneling for remote SQL access (BOA unfork)
parent 36791723
No related branches found
No related tags found
No related merge requests found
...@@ -56,6 +56,11 @@ class Provision_Service_db_mysql extends Provision_Service_db_pdo { ...@@ -56,6 +56,11 @@ class Provision_Service_db_mysql extends Provision_Service_db_pdo {
function grant($name, $username, $password, $host = '') { function grant($name, $username, $password, $host = '') {
$host = ($host) ? $host : '%'; $host = ($host) ? $host : '%';
if ($host != "127.0.0.1") {
$extra_host = "127.0.0.1";
$success_extra_host = $this->query("GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`%s` IDENTIFIED BY '%s'", $name, $username, $extra_host, $password);
}
// Issue: https://github.com/omega8cc/provision/issues/2
return $this->query("GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`%s` IDENTIFIED BY '%s'", $name, $username, $host, $password); return $this->query("GRANT ALL PRIVILEGES ON `%s`.* TO `%s`@`%s` IDENTIFIED BY '%s'", $name, $username, $host, $password);
} }
...@@ -79,6 +84,29 @@ class Provision_Service_db_mysql extends Provision_Service_db_pdo { ...@@ -79,6 +84,29 @@ class Provision_Service_db_mysql extends Provision_Service_db_pdo {
if (!$grant_found) { if (!$grant_found) {
$success = $this->query("DROP USER `%s`@`%s`", $username, $host) && $success; $success = $this->query("DROP USER `%s`@`%s`", $username, $host) && $success;
} }
if ($host != "127.0.0.1") {
$extra_host = "127.0.0.1";
$success_extra_host = $this->query("REVOKE ALL PRIVILEGES ON `%s`.* FROM `%s`@`%s`", $name, $username, $extra_host);
// check if there are any privileges left for the user
$grants = $this->query("SHOW GRANTS FOR `%s`@`%s`", $username, $extra_host);
$grant_found = FALSE;
if ($grants) {
while ($grant = $grants->fetch()) {
// those are empty grants: just the user line
if (!preg_match("/^GRANT USAGE ON /", array_pop($grant))) {
// real grant, we shouldn't remove the user
$grant_found = TRUE;
break;
}
}
}
if (!$grant_found) {
$success_extra_host = $this->query("DROP USER `%s`@`%s`", $username, $extra_host) && $success_extra_host;
}
}
return $success; return $success;
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment