[X2Go-Commits] [x2goserver] 04/04: x2goserver/sbin/x2godbadmin: split out subroutines into main namespace, call them generically with correct parameters from specialized namespace.

git-admin at x2go.org git-admin at x2go.org
Fri Feb 23 23:17:41 CET 2018


This is an automated email from the git hooks/post-receive script.

x2go pushed a commit to branch feature/mysql-backend
in repository x2goserver.

commit e495889544fa25f85ac929251e6ba78179758602
Author: Mihai Moldovan <ionic at ionic.de>
Date:   Fri Feb 23 23:10:41 2018 +0100

    x2goserver/sbin/x2godbadmin: split out subroutines into main namespace, call them generically with correct parameters from specialized namespace.
---
 debian/changelog            |   3 +
 x2goserver/sbin/x2godbadmin | 738 ++++++++++++++++++++++++++------------------
 2 files changed, 448 insertions(+), 293 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 0d6b15e..b6925f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -76,6 +76,9 @@ x2goserver (4.1.0.1-0x2go1) UNRELEASED; urgency=medium
       generates it), so we should be in the clear.
     - x2goserver/sbin/x2godbadmin: generate more secure user-level database
       passwords.
+    - x2goserver/sbin/x2godbadmin: split out subroutines into main namespace,
+      call them generically with correct parameters from specialized
+      namespace.
   * debian/{control,compat}:
     + Bump DH compat level to 9.
   * debian/:
diff --git a/x2goserver/sbin/x2godbadmin b/x2goserver/sbin/x2godbadmin
index 1173656..7de911f 100755
--- a/x2goserver/sbin/x2godbadmin
+++ b/x2goserver/sbin/x2godbadmin
@@ -357,21 +357,20 @@ if ($Config->param("backend") eq 'postgres')
 
 	if ($createdb)
 	{
-		create_database();
-		create_tables();
+		create_database($host, $port, $dbadmin, $dbadminpass, $db, $x2goadmin, $x2goadminpass, $sslmode);
+		create_tables($host, $port, $dbadmin, $dbadminpass, $db, $x2goadmin, $sslmode);
 		exit(0);
 	}
 
 	if ($listusers)
 	{
-		list_users();
+		list_users($host, $port, $dbadmin, $dbadminpass, $sslmode);
 		exit(0);
 	}
 
-	my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass",{AutoCommit => 1}) or die $_;
 	if ($adduser)
 	{
-		add_user($adduser);
+		add_user($host, $port, $dbadmin, $dbadminpass, $db, $adduser, $sslmode);
 	}
 
 	if ($addgroup)
@@ -381,13 +380,13 @@ if ($Config->param("backend") eq 'postgres')
 		foreach (@grp_members)
 		{
 			chomp($_);
-			add_user($_);
+			add_user($host, $port, $dbadmin, $dbadminpass, $db, $_, $sslmode);
 		}
 	}
 
 	if ($rmuser)
 	{
-		rm_user($rmuser);
+		rm_user($host, $port, $dbadmin, $dbadminpass, $db, $rmuser, $sslmode);
 	}
 
 	if ($rmgroup)
@@ -397,339 +396,492 @@ if ($Config->param("backend") eq 'postgres')
 		foreach (@grp_members)
 		{
 			chomp($_);
-			rm_user($_);
+			rm_user($host, $port, $dbadmin, $dbadminpass, $db, $_, $sslmode);
 		}
 	}
-	undef $dbh;
+}
 
-	sub list_users()
-	{
-		my $dbh=DBI->connect("dbi:Pg:dbname=postgres;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass",{AutoCommit => 1}) or die $_;
-		my $sth=$dbh->prepare("select rolname from pg_roles where rolname like 'x2gouser_%'");
-		$sth->execute()or die;
-		printf ("%-20s DB user\n","UNIX user");
-		print "---------------------------------------\n";
-		my @data;
-		while (@data = $sth->fetchrow_array)
-		{
-			@data[0]=~s/x2gouser_//;
-			printf ("%-20s x2gouser_ at data[0]\n", at data[0]);
-		}
-		$sth->finish();
-		undef $dbh;
-	}
+sub create_tables()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $x2goadmin = shift or die "No x2goadmin (user-level database username) parameter supplied";
 
-	sub rm_user()
+	my $sslmode = undef;
+
+	if ($Config->param("backend") eq 'postgres')
 	{
-		my $user=shift;
+		$sslmode = shift or die "No sslmode parameter supplied";
 
-		print ("rm DB user \"x2gouser_$user\"\n");
+		pg_create_tables($host, $port, $dbadmin, $dbadminpass, $db, $x2goadmin, $sslmode);
+	}
+	else
+	{
+		die "Invalid database backend";
+	}
+}
 
-		my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions, used_ports, mounts FROM \"x2gouser_$user\"");
-		$sth->execute();
+sub pg_create_tables()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $x2goadmin = shift or die "No x2goadmin (user-level database username) parameter supplied";
+	my $sslmode = shift or die "No sslmode parameter supplied";
+
+	my $dbh = DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass", {AutoCommit => 1}) or die $_;
+
+	my $sth=$dbh->prepare("
+	                      create table sessions(
+	                      session_id text primary key,
+	                      display integer not null,
+	                      uname text not null,
+	                      server text not null,
+	                      client inet,
+	                      status char(1) not null default 'R',
+	                      init_time timestamp not null default now(),
+	                      last_time timestamp not null default now(),
+	                      cookie char(33),
+	                      agent_pid int,
+	                      gr_port int,
+	                      sound_port int,
+	                      fs_port int,
+	                      tekictrl_port int,
+	                      tekidata_port int,
+	                      creator_id text NOT NULL default current_user,
+	                      unique(display))
+	                      ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create VIEW sessions_view as
+	                   SELECT
+	                   agent_pid, session_id, display, server, status, init_time, cookie, client, gr_port,
+	                   sound_port, last_time, uname, fs_port, tekictrl_port, tekidata_port from sessions
+	                   where creator_id = current_user
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create VIEW servers_view as
+	                   SELECT
+	                   server, display, status from sessions
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE update_sess_priv AS ON UPDATE
+	                   TO sessions where (OLD.creator_id <> current_user or OLD.creator_id <> NEW.creator_id) and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE insert_sess_priv AS ON INSERT
+	                   TO sessions where NEW.creator_id <> current_user and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE delete_sess_priv AS ON DELETE
+	                   TO sessions where OLD.creator_id <> current_user and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE update_sess_view AS ON UPDATE
+	                   TO sessions_view DO INSTEAD
+	                   update sessions set
+	                   status=NEW.status,
+	                   last_time=NEW.last_time,
+	                   cookie=NEW.cookie,
+	                   agent_pid=NEW.agent_pid,
+	                   client=NEW.client,
+	                   gr_port=NEW.gr_port,
+	                   sound_port=NEW.sound_port,
+	                   fs_port=NEW.fs_port,
+	                   tekictrl_port=NEW.tekictrl_port,
+	                   tekidata_port=NEW.tekidata_port
+	                   where session_id=OLD.session_id and creator_id=current_user
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("create table messages(mess_id varchar(20) primary key, message text)");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create table user_messages(
+	                   mess_id text not null,
+	                   uname text not null)
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create table used_ports(
+	                   server text not null,
+	                   session_id text references sessions on delete cascade,
+	                   creator_id text NOT NULL default current_user,
+	                   port integer primary key)
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create VIEW ports_view as
+	                   SELECT
+	                   server, port from used_ports
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE insert_port_priv AS ON INSERT
+	                   TO used_ports where NEW.creator_id <> current_user and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE update_port_priv AS ON UPDATE
+	                   TO used_ports where (NEW.creator_id <> current_user or OLD.creator_id <> current_user) and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE delete_port_priv AS ON DELETE
+	                   TO used_ports where OLD.creator_id <> current_user and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create table mounts(
+	                   session_id text references sessions on delete restrict,
+	                   path text not null,
+	                   client inet not null,
+	                   creator_id text NOT NULL default current_user,
+	                   primary key(path,client))
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create VIEW mounts_view as
+	                   SELECT
+	                   client,path, session_id from mounts
+	                   where creator_id = current_user
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE delete_mounts_view AS ON DELETE
+	                   TO mounts_view DO INSTEAD
+	                   delete from mounts
+	                   where session_id=OLD.session_id and creator_id=current_user and path=OLD.path
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE insert_mount_priv AS ON INSERT
+	                   TO mounts where NEW.creator_id <> current_user and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE update_mount_priv AS ON UPDATE
+	                   TO mounts where (NEW.creator_id <> current_user or OLD.creator_id <> current_user) and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("
+	                   create or replace RULE delete_mount_priv AS ON DELETE
+	                   TO mounts where OLD.creator_id <> current_user and current_user <> '$x2goadmin'
+	                   DO INSTEAD NOTHING
+	                   ");
+	$sth->execute() or die;
+
+	$sth=$dbh->prepare("GRANT ALL PRIVILEGES ON sessions, messages, user_messages, used_ports, mounts TO $x2goadmin");
+	$sth->execute() or die;
+	$sth->finish();
+	undef $dbh;
+}
 
-		my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions_view, mounts_view, servers_view, ports_view FROM \"x2gouser_$user\"");
-		$sth->execute();
+sub create_database()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $x2goadmin = shift or die "No x2goadmin (user-level database username) parameter supplied";
+	my $x2goadminpass = shift or die "No x2goadminpass (user-level database pasword) parameter supplied";
 
-		my $sth=$dbh->prepare("DROP OWNED BY \"x2gouser_$user\"");
-		$sth->execute();
+	my $sslmode = undef;
 
-		my $sth=$dbh->prepare("drop USER if exists \"x2gouser_$user\"");
-		$sth->execute();
-		$sth->finish();
+	if ($Config->param("backend") eq 'postgres')
+	{
+		$sslmode = shift or die "No sslmode parameter supplied";
 
-		my ($name, $pass, $uid, $pgid, $quota, $comment, $gcos, $dir, $shell, $expire) = getpwnam($user);
-		if (! $uid)
-		{
-			return;
-		}
-		if ( -e "$dir/.x2go/pgsqlpass" )
-		{
-			unlink("$dir/.x2go/pgsqlpass");
-		}
-		if ( -e "$dir/.x2go/sqlpass" )
-		{
-			unlink("$dir/.x2go/sqlpass");
-		}
+		pg_create_database($host, $port, $dbadmin, $dbadminpass, $db, $x2goadmin, $x2goadminpass, $sslmode);
 	}
-
-	sub add_user()
+	else
 	{
-		my $user=shift;
-		my ($name, $pass, $uid, $pgid, $quota, $comment, $gcos, $dir, $shell, $expire) = getpwnam($user);
-		if (! $name)
-		{
-			print "Cannot find user ($user)\n";
-			return;
-		}
-		elsif ($name eq "root")
-		{
-			print "The super-user \"root\" is not allowed to use X2Go\n";
-			return;
-		}
-		$pass=`pwgen -s -c -n 32 1`;
-		chomp($pass);
+		die "Invalid database backend";
+	}
+}
 
-		my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions, used_ports, mounts FROM \"x2gouser_$user\"");
-		$sth->{Warn}=0;
-		$sth->{PrintError}=0;
-		$sth->execute();
+sub pg_create_database
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $x2goadmin = shift or die "No x2goadmin (user-level database username) parameter supplied";
+	my $x2goadminpass = shift or die "No x2goadminpass (user-level database pasword) parameter supplied";
+	my $sslmode = shift or die "No sslmode parameter supplied";
+
+	my $dbh=DBI->connect("dbi:Pg:dbname=postgres;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass", {AutoCommit => 1}) or die $_;
+	#drop db if exists
+	my $sth=$dbh->prepare("drop database if exists $db");
+	$sth->execute();
+	#drop x2goadmin
+	$sth=$dbh->prepare("drop user if exists $x2goadmin");
+	$sth->execute();
+	#create db
+	$sth=$dbh->prepare("create database $db");
+	$sth->execute() or die;
+	#create x2goadmin
+	$sth=$dbh->prepare("create USER $x2goadmin WITH ENCRYPTED PASSWORD '$x2goadminpass'");
+	$sth->execute() or die;
+	#save x2goadmin password
+	open (FL,"> /etc/x2go/x2gosql/passwords/x2gopgadmin ") or die "Can't write password file /etc/x2go/x2gosql/passwords/x2gopgadmin";
+	print FL $x2goadminpass;
+	close(FL);
+	$sth->finish();
+	undef $dbh;
+}
 
-		my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions_view, mounts_view, servers_view, ports_view FROM \"x2gouser_$user\"");
-		$sth->{Warn}=0;
-		$sth->{PrintError}=0;
-		$sth->execute();
+sub list_users()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
 
-		my $sth=$dbh->prepare("DROP OWNED BY \"x2gouser_$user\"");
-		$sth->{Warn}=0;
-		$sth->{PrintError}=0;
-		$sth->execute();
+	my $sslmode = undef;
 
-		$sth=$dbh->prepare("drop USER if exists \"x2gouser_$user\"");
-		$sth->{Warn}=0;
-		$sth->{PrintError}=0;
-		$sth->execute();
+	if ($Config->param("backend") eq 'postgres')
+	{
+		$sslmode = shift or die "No sslmode parameter supplied";
 
-		print ("create DB user \"x2gouser_$user\"\n");
-		$sth=$dbh->prepare("create USER \"x2gouser_$user\" WITH ENCRYPTED PASSWORD '$pass'");
-		$sth->execute();
+		pg_list_users($host, $port, $dbadmin, $dbadminpass, $sslmode);
+	}
+	else
+	{
+		die "Invalid database backend";
+	}
+}
 
-		$sth=$dbh->prepare("GRANT INSERT, UPDATE, DELETE ON sessions, used_ports, mounts TO \"x2gouser_$user\"");
-		$sth->execute();
+sub pg_list_users()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $sslmode = shift or die "No sslmode parameter supplied";
+
+	my $dbh=DBI->connect("dbi:Pg:dbname=postgres;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass", {AutoCommit => 1}) or die $_;
+	my $sth=$dbh->prepare("select rolname from pg_roles where rolname like 'x2gouser_%'");
+	$sth->execute()or die;
+	printf ("%-20s DB user\n","UNIX user");
+	print "---------------------------------------\n";
+	my @data;
+	while (@data = $sth->fetchrow_array)
+	{
+		@data[0]=~s/x2gouser_//;
+		printf ("%-20s x2gouser_ at data[0]\n", at data[0]);
+	}
+	$sth->finish();
+	undef $dbh;
+}
 
-		$sth=$dbh->prepare("GRANT SELECT ON used_ports TO \"x2gouser_$user\"");
-		$sth->execute();
+sub add_user()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $user_to_add = shift or die "No user-to-add parameter supplied";
 
-		$sth=$dbh->prepare("GRANT SELECT, UPDATE, DELETE ON sessions_view, mounts_view, servers_view, ports_view TO \"x2gouser_$user\"");
-		$sth->execute();
-		$sth->finish();
+	my $sslmode = undef;
 
-		if (! -d "$dir/.x2go" )
-		{
-				if ( defined (&File::Path::make_path) )
-				{
-					File::Path::make_path("$dir/.x2go");
-				}
-				elsif ( defined (&File::Path::mkpath) )
-				{
-					File::Path::mkpath("$dir/.x2go");
-				}
-				else
-				{
-					die "Unable to create folders with File::Path";
-				}
-		}
+	if ($Config->param("backend") eq 'postgres')
+	{
+		$sslmode = shift or die "No sslmode parameter supplied";
 
-		#save user password
-		open (FL,"> $dir/.x2go/pgsqlpass") or die "Can't open password file $dir/.x2go/pgsqlpass";
-		print FL $pass;
-		close(FL);
-		chmod(0700,"$dir/.x2go");
-		chown($uid,$pgid,"$dir/.x2go");
-		chmod(0600,"$dir/.x2go/pgsqlpass");
-		chown($uid,$pgid,"$dir/.x2go/pgsqlpass");
+		pg_add_user($host, $port, $dbadmin, $dbadminpass, $db, $user_to_add, $sslmode);
 	}
+	else
+	{
+		die "Invalid database backend";
+	}
+}
 
-	sub create_tables()
+sub pg_add_user()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $user_to_add = shift or die "No user-to-add parameter supplied";
+	my $sslmode = shift or die "No sslmode parameter supplied";
+
+	my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass", {AutoCommit => 1}) or die $_;
+	my ($name, $pass, $uid, $pgid, $quota, $comment, $gcos, $dir, $shell, $expire) = getpwnam($user_to_add);
+	if (! $name)
 	{
-		$dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass",{AutoCommit => 1}) or die $_;
-		my $sth=$dbh->prepare("
-		                      create table sessions(
-		                      session_id text primary key,
-		                      display integer not null,
-		                      uname text not null,
-		                      server text not null,
-		                      client inet,
-		                      status char(1) not null default 'R',
-		                      init_time timestamp not null default now(),
-		                      last_time timestamp not null default now(),
-		                      cookie char(33),
-		                      agent_pid int,
-		                      gr_port int,
-		                      sound_port int,
-		                      fs_port int,
-		                      tekictrl_port int,
-		                      tekidata_port int,
-		                      creator_id text NOT NULL default current_user,
-		                      unique(display))
-		                      ");
-		$sth->execute() or die;
+		print "Cannot find user ($user)\n";
+		return;
+	}
+	elsif ($name eq "root")
+	{
+		print "The super-user \"root\" is not allowed to use X2Go\n";
+		return;
+	}
+	$pass=`pwgen -s -c -n 32 1`;
+	chomp($pass);
 
-		$sth=$dbh->prepare("
-		                   create VIEW sessions_view as
-		                   SELECT
-		                   agent_pid, session_id, display, server, status, init_time, cookie, client, gr_port,
-		                   sound_port, last_time, uname, fs_port, tekictrl_port, tekidata_port from sessions
-		                   where creator_id = current_user
-		                   ");
-		$sth->execute() or die;
+	my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions, used_ports, mounts FROM \"x2gouser_$user_to_add\"");
+	$sth->{Warn}=0;
+	$sth->{PrintError}=0;
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create VIEW servers_view as
-		                   SELECT
-		                   server, display, status from sessions
-		                   ");
-		$sth->execute() or die;
+	my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions_view, mounts_view, servers_view, ports_view FROM \"x2gouser_$user_to_add\"");
+	$sth->{Warn}=0;
+	$sth->{PrintError}=0;
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE update_sess_priv AS ON UPDATE
-		                   TO sessions where (OLD.creator_id <> current_user or OLD.creator_id <> NEW.creator_id) and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	my $sth=$dbh->prepare("DROP OWNED BY \"x2gouser_$user_to_add\"");
+	$sth->{Warn}=0;
+	$sth->{PrintError}=0;
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE insert_sess_priv AS ON INSERT
-		                   TO sessions where NEW.creator_id <> current_user and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	$sth=$dbh->prepare("drop USER if exists \"x2gouser_$user_to_add\"");
+	$sth->{Warn}=0;
+	$sth->{PrintError}=0;
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE delete_sess_priv AS ON DELETE
-		                   TO sessions where OLD.creator_id <> current_user and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	print ("create DB user \"x2gouser_$user_to_add\"\n");
+	$sth=$dbh->prepare("create USER \"x2gouser_$user_to_add\" WITH ENCRYPTED PASSWORD '$pass'");
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE update_sess_view AS ON UPDATE
-		                   TO sessions_view DO INSTEAD
-		                   update sessions set
-		                   status=NEW.status,
-		                   last_time=NEW.last_time,
-		                   cookie=NEW.cookie,
-		                   agent_pid=NEW.agent_pid,
-		                   client=NEW.client,
-		                   gr_port=NEW.gr_port,
-		                   sound_port=NEW.sound_port,
-		                   fs_port=NEW.fs_port,
-		                   tekictrl_port=NEW.tekictrl_port,
-		                   tekidata_port=NEW.tekidata_port
-		                   where session_id=OLD.session_id and creator_id=current_user
-		                   ");
-		$sth->execute() or die;
+	$sth=$dbh->prepare("GRANT INSERT, UPDATE, DELETE ON sessions, used_ports, mounts TO \"x2gouser_$user_to_add\"");
+	$sth->execute();
 
-		$sth=$dbh->prepare("create table messages(mess_id varchar(20) primary key, message text)");
-		$sth->execute() or die;
+	$sth=$dbh->prepare("GRANT SELECT ON used_ports TO \"x2gouser_$user_to_add\"");
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create table user_messages(
-		                   mess_id text not null,
-		                   uname text not null)
-		                   ");
-		$sth->execute() or die;
+	$sth=$dbh->prepare("GRANT SELECT, UPDATE, DELETE ON sessions_view, mounts_view, servers_view, ports_view TO \"x2gouser_$user_to_add\"");
+	$sth->execute();
+	$sth->finish();
 
-		$sth=$dbh->prepare("
-		                   create table used_ports(
-		                   server text not null,
-		                   session_id text references sessions on delete cascade,
-		                   creator_id text NOT NULL default current_user,
-		                   port integer primary key)
-		                   ");
-		$sth->execute() or die;
+	if (! -d "$dir/.x2go" )
+	{
+			if ( defined (&File::Path::make_path) )
+			{
+				File::Path::make_path("$dir/.x2go");
+			}
+			elsif ( defined (&File::Path::mkpath) )
+			{
+				File::Path::mkpath("$dir/.x2go");
+			}
+			else
+			{
+				die "Unable to create folders with File::Path";
+			}
+	}
 
-		$sth=$dbh->prepare("
-		                   create VIEW ports_view as
-		                   SELECT
-		                   server, port from used_ports
-		                   ");
-		$sth->execute() or die;
+	#save user password
+	open (FL,"> $dir/.x2go/pgsqlpass") or die "Can't open password file $dir/.x2go/pgsqlpass";
+	print FL $pass;
+	close(FL);
+	chmod(0700,"$dir/.x2go");
+	chown($uid,$pgid,"$dir/.x2go");
+	chmod(0600,"$dir/.x2go/pgsqlpass");
+	chown($uid,$pgid,"$dir/.x2go/pgsqlpass");
+}
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE insert_port_priv AS ON INSERT
-		                   TO used_ports where NEW.creator_id <> current_user and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+sub rm_user()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $user_to_remove = shift or die "No user-to-remove parameter supplied";
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE update_port_priv AS ON UPDATE
-		                   TO used_ports where (NEW.creator_id <> current_user or OLD.creator_id <> current_user) and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	my $sslmode = undef;
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE delete_port_priv AS ON DELETE
-		                   TO used_ports where OLD.creator_id <> current_user and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	if ($Config->param("backend") eq 'postgres')
+	{
+		$sslmode = shift or die "No sslmode parameter supplied";
 
-		$sth=$dbh->prepare("
-		                   create table mounts(
-		                   session_id text references sessions on delete restrict,
-		                   path text not null,
-		                   client inet not null,
-		                   creator_id text NOT NULL default current_user,
-		                   primary key(path,client))
-		                   ");
-		$sth->execute() or die;
+		pg_rm_user($host, $port, $dbadmin, $dbadminpass, $db, $user_to_remove, $sslmode);
+	}
+	else
+	{
+		die "Invalid database backend";
+	}
+}
 
-		$sth=$dbh->prepare("
-		                   create VIEW mounts_view as
-		                   SELECT
-		                   client,path, session_id from mounts
-		                   where creator_id = current_user
-		                   ");
-		$sth->execute() or die;
+sub pg_rm_user()
+{
+	my $host = shift or die "No host parameter supplied";
+	my $port = shift or die "No port parameter supplied";
+	my $dbadmin = shift or die "No dbadmin parameter supplied";
+	my $dbadminpass = shift or die "No dbadminpass (database administrator password) parameter supplied";
+	my $db = shift or die "No db parameter supplied";
+	my $user_to_remove = shift or die "No user-to-remove parameter supplied";
+	my $sslmode = shift or die "No sslmode parameter supplied";
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE delete_mounts_view AS ON DELETE
-		                   TO mounts_view DO INSTEAD
-		                   delete from mounts
-		                   where session_id=OLD.session_id and creator_id=current_user and path=OLD.path
-		                   ");
-		$sth->execute() or die;
+	my $dbh=DBI->connect("dbi:Pg:dbname=$db;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass", {AutoCommit => 1}) or die $_;
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE insert_mount_priv AS ON INSERT
-		                   TO mounts where NEW.creator_id <> current_user and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	print ("rm DB user \"x2gouser_$user_to_remove\"\n");
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE update_mount_priv AS ON UPDATE
-		                   TO mounts where (NEW.creator_id <> current_user or OLD.creator_id <> current_user) and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions, used_ports, mounts FROM \"x2gouser_$user_to_remove\"");
+	$sth->execute();
 
-		$sth=$dbh->prepare("
-		                   create or replace RULE delete_mount_priv AS ON DELETE
-		                   TO mounts where OLD.creator_id <> current_user and current_user <> '$x2goadmin'
-		                   DO INSTEAD NOTHING
-		                   ");
-		$sth->execute() or die;
+	my $sth=$dbh->prepare("REVOKE ALL PRIVILEGES ON sessions_view, mounts_view, servers_view, ports_view FROM \"x2gouser_$user_to_remove\"");
+	$sth->execute();
 
-		$sth=$dbh->prepare("GRANT ALL PRIVILEGES ON sessions, messages, user_messages, used_ports, mounts TO $x2goadmin");
-		$sth->execute() or die;
-		$sth->finish();
-		undef $dbh;
-	}
+	my $sth=$dbh->prepare("DROP OWNED BY \"x2gouser_$user_to_remove\"");
+	$sth->execute();
+
+	my $sth=$dbh->prepare("drop USER if exists \"x2gouser_$user_to_remove\"");
+	$sth->execute();
+	$sth->finish();
 
-	sub create_database
+	my ($name, $pass, $uid, $pgid, $quota, $comment, $gcos, $dir, $shell, $expire) = getpwnam($user_to_remove);
+	if (! $uid)
 	{
-		my $dbh=DBI->connect("dbi:Pg:dbname=postgres;host=$host;port=$port;sslmode=$sslmode", "$dbadmin", "$dbadminpass",{AutoCommit => 1}) or die $_;
-		#drop db if exists
-		my $sth=$dbh->prepare("drop database if exists $db");
-		$sth->execute();
-		#drop x2goadmin
-		$sth=$dbh->prepare("drop user if exists $x2goadmin");
-		$sth->execute();
-		#create db
-		$sth=$dbh->prepare("create database $db");
-		$sth->execute() or die;
-		#create x2goadmin
-		$sth=$dbh->prepare("create USER $x2goadmin WITH ENCRYPTED PASSWORD '$x2goadminpass'");
-		$sth->execute() or die;
-		#save x2goadmin password
-		open (FL,"> /etc/x2go/x2gosql/passwords/x2gopgadmin ") or die "Can't write password file /etc/x2go/x2gosql/passwords/x2gopgadmin";
-		print FL $x2goadminpass;
-		close(FL);
-		$sth->finish();
-		undef $dbh;
+		return;
+	}
+	if ( -e "$dir/.x2go/pgsqlpass" )
+	{
+		unlink("$dir/.x2go/pgsqlpass");
+	}
+	if ( -e "$dir/.x2go/sqlpass" )
+	{
+		unlink("$dir/.x2go/sqlpass");
 	}
 }

--
Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2goserver.git


More information about the x2go-commits mailing list