Files
@ 3be168914a12
Branch filter:
Location: DistRen/htdocs/sql/libraries/check_user_privileges.lib.php
3be168914a12
8.5 KiB
text/x-php
Added web interface fileshg commit -h
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 | <?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Get user's global privileges and some db-specific privileges
* ($controllink and $userlink are links to MySQL defined in the "common.inc.php" library)
* Note: if no controluser is defined, $controllink contains $userlink
*
* @version $Id: check_user_privileges.lib.php 11335 2008-06-21 14:01:54Z lem9 $
*/
if (! defined('PHPMYADMIN')) {
exit;
}
/**
*
*/
$is_create_db_priv = false;
$is_process_priv = true;
$is_reload_priv = false;
$db_to_create = '';
$dbs_where_create_table_allowed = array();
// We were trying to find if user if superuser with 'USE mysql'
// but users with the global priv CREATE TEMPORARY TABLES or LOCK TABLES
// can do a 'USE mysql' (even if they cannot see the tables)
$is_superuser = PMA_isSuperuser();
function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, &$is_reload_priv, &$dbs_where_create_table_allowed) {
$re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
$re1 = '(^|[^\])(\\\)+'; // escaped wildcards
while ($row = PMA_DBI_fetch_row($rs_usr)) {
$show_grants_dbname = substr($row[0], strpos($row[0], ' ON ') + 4, (strpos($row[0], '.', strpos($row[0], ' ON ')) - strpos($row[0], ' ON ') - 4));
$show_grants_dbname = ereg_replace('^`(.*)`', '\\1', $show_grants_dbname);
$show_grants_str = substr($row[0], 6, (strpos($row[0], ' ON ') - 6));
if ($show_grants_str == 'RELOAD') {
$is_reload_priv = true;
}
/**
* @todo if we find CREATE VIEW but not CREATE, do not offer
* the create database dialog box
*/
if (($show_grants_str == 'ALL') || ($show_grants_str == 'ALL PRIVILEGES') || ($show_grants_str == 'CREATE') || strpos($show_grants_str, 'CREATE,') !== false) {
if ($show_grants_dbname == '*') {
// a global CREATE privilege
$is_create_db_priv = true;
$is_reload_priv = true;
$db_to_create = '';
$dbs_where_create_table_allowed[] = '*';
break;
} else {
// this array may contain wildcards
$dbs_where_create_table_allowed[] = $show_grants_dbname;
// before MySQL 4.1.0, we cannot use backquotes around a dbname
// for the USE command, so the USE will fail if the dbname contains
// a "-" and we cannot detect if such a db already exists;
// since 4.1.0, we need to use backquotes if the dbname contains a "-"
// in a USE command
if (PMA_MYSQL_INT_VERSION > 40100) {
$dbname_to_test = PMA_backquote($show_grants_dbname);
} else {
$dbname_to_test = $show_grants_dbname;
}
if ((ereg($re0 . '%|_', $show_grants_dbname)
&& !ereg('\\\\%|\\\\_', $show_grants_dbname))
// does this db exist?
|| (!PMA_DBI_try_query('USE ' . ereg_replace($re1 .'(%|_)', '\\1\\3', $dbname_to_test), null, PMA_DBI_QUERY_STORE)
&& substr(PMA_DBI_getError(), 1, 4) != 1044)
) {
$db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $show_grants_dbname));
$db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
$is_create_db_priv = true;
/**
* @todo collect $db_to_create into an array, to display a
* drop-down in the "Create new database" dialog
*/
// we don't break, we want all possible databases
//break;
} // end if
} // end elseif
} // end if
} // end while
} // end function
// Detection for some CREATE privilege.
// Since MySQL 4.1.2, we can easily detect current user's grants
// using $userlink (no control user needed)
// and we don't have to try any other method for detection
if (PMA_MYSQL_INT_VERSION >= 40102) {
$rs_usr = PMA_DBI_try_query('SHOW GRANTS', $userlink, PMA_DBI_QUERY_STORE);
if ($rs_usr) {
PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed);
PMA_DBI_free_result($rs_usr);
unset($rs_usr);
}
} else {
// Before MySQL 4.1.2, we first try to find a priv in mysql.user. Hopefuly
// the controluser is correctly defined; but here, $controllink could contain
// $userlink so maybe the SELECT will fail
if (!$is_create_db_priv) {
$res = PMA_DBI_query('SELECT USER();', null, PMA_DBI_QUERY_STORE);
list($mysql_cur_user_and_host) = PMA_DBI_fetch_row($res);
$mysql_cur_user = substr($mysql_cur_user_and_host, 0, strrpos($mysql_cur_user_and_host, '@'));
$local_query = 'SELECT Create_priv, Reload_priv FROM mysql.user WHERE ' . PMA_convert_using('User') . ' = ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ';';
$rs_usr = PMA_DBI_try_query($local_query, $controllink, PMA_DBI_QUERY_STORE); // Debug: or PMA_mysqlDie('', $local_query, false);
if ($rs_usr) {
while ($result_usr = PMA_DBI_fetch_assoc($rs_usr)) {
if (!$is_create_db_priv) {
$is_create_db_priv = ($result_usr['Create_priv'] == 'Y');
}
if (!$is_reload_priv) {
$is_reload_priv = ($result_usr['Reload_priv'] == 'Y');
}
} // end while
PMA_DBI_free_result($rs_usr);
unset($rs_usr, $result_usr);
if ($is_create_db_priv) {
$dbs_where_create_table_allowed[] = '*';
}
} // end if
} // end if
// If the user has Create priv on a inexistant db, show him in the dialog
// the first inexistant db name that we find, in most cases it's probably
// the one he just dropped :)
if (!$is_create_db_priv) {
$local_query = 'SELECT DISTINCT Db FROM mysql.db WHERE ' . PMA_convert_using('Create_priv') . ' = ' . PMA_convert_using('Y', 'quoted') . ' AND (' . PMA_convert_using('User') . ' = ' .PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ' OR ' . PMA_convert_using('User') . ' = ' . PMA_convert_using('', 'quoted') . ');';
$rs_usr = PMA_DBI_try_query($local_query, $controllink, PMA_DBI_QUERY_STORE);
if ($rs_usr) {
$re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards
$re1 = '(^|[^\])(\\\)+'; // escaped wildcards
while ($row = PMA_DBI_fetch_assoc($rs_usr)) {
$dbs_where_create_table_allowed[] = $row['Db'];
if (ereg($re0 . '(%|_)', $row['Db'])
|| (!PMA_DBI_try_query('USE ' . ereg_replace($re1 . '(%|_)', '\\1\\3', $row['Db'])) && substr(PMA_DBI_getError(), 1, 4) != 1044)) {
$db_to_create = ereg_replace($re0 . '%', '\\1...', ereg_replace($re0 . '_', '\\1?', $row['Db']));
$db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create);
$is_create_db_priv = true;
break;
} // end if
} // end while
PMA_DBI_free_result($rs_usr);
unset($rs_usr, $row, $re0, $re1);
} else {
// Finally, let's try to get the user's privileges by using SHOW
// GRANTS...
// Maybe we'll find a little CREATE priv there :)
$rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . $mysql_cur_user_and_host . ';', $controllink, PMA_DBI_QUERY_STORE);
if (!$rs_usr) {
// OK, now we'd have to guess the user's hostname, but we
// only try out the 'username'@'%' case.
$rs_usr = PMA_DBI_try_query('SHOW GRANTS FOR ' . PMA_convert_using(PMA_sqlAddslashes($mysql_cur_user), 'quoted') . ';', $controllink, PMA_DBI_QUERY_STORE);
}
unset($local_query);
if ($rs_usr) {
PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed);
PMA_DBI_free_result($rs_usr);
unset($rs_usr);
} // end if
} // end elseif
} // end if
} // end else (MySQL < 4.1.2)
// If disabled, don't show it
if (!$cfg['SuggestDBName']) {
$db_to_create = '';
}
?>
|