opensource/HeidiSQL
1
0
Fork 0
mirror of https://github.com/HeidiSQL/HeidiSQL.git synced 2025-08-26 20:50:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

Issue #2014: user manager: parse SSL settings from SHOW CREATE USER, but also keep parsing SHOW GRANTS for backward compatibility

Browse Source
This commit is contained in:
Ansgar Becker
2024-08-28 10:45:33 +02:00
parent 09dbc9c926
commit 3ae63d113f
1 changed files with 76 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
source/usermanager.pas
View File

@ -19,6 +19,8 @@ type
Username, Host, Password, Cipher, Issuer, Subject: String; Username, Host, Password, Cipher, Issuer, Subject: String;
MaxQueries, MaxUpdates, MaxConnections, MaxUserConnections, SSL: Integer; MaxQueries, MaxUpdates, MaxConnections, MaxUserConnections, SSL: Integer;
Problem: TUserProblem; Problem: TUserProblem;
public
constructor Create;
function HostRequiresNameResolve: Boolean; function HostRequiresNameResolve: Boolean;
end; end;
PUser = ^TUser; PUser = ^TUser;
@ -165,6 +167,7 @@ type
procedure SetModified(Value: Boolean); procedure SetModified(Value: Boolean);
property Modified: Boolean read FModified write SetModified; property Modified: Boolean read FModified write SetModified;
function GetPrivByNode(Node: PVirtualNode): TPrivObj; function GetPrivByNode(Node: PVirtualNode): TPrivObj;
procedure ParseSSLSettings(GrantOrCreate: String; User: TUser);
public public
{ Public declarations } { Public declarations }
end; end;
@ -502,7 +505,7 @@ procedure TUserManagerForm.listUsersFocusChanged(Sender: TBaseVirtualTree; Node:
var var
P, Ptmp, PCol: TPrivObj; P, Ptmp, PCol: TPrivObj;
User: PUser; User: PUser;
UserHost, RequireClause, WithClause, Msg: String; UserHost, WithClause, Msg, CreateUser: String;
Grants, AllPNames, Cols: TStringList; Grants, AllPNames, Cols: TStringList;
rxTemp, rxGrant: TRegExpr; rxTemp, rxGrant: TRegExpr;
i, j: Integer; i, j: Integer;
@ -552,7 +555,7 @@ begin
Grants.Add('GRANT USAGE ON *.* TO '+UserHost); Grants.Add('GRANT USAGE ON *.* TO '+UserHost);
end; end;
end else try end else try
Grants := FConnection.GetCol('SHOW GRANTS FOR '+FConnection.EscapeString(User.Username)+'@'+FConnection.EscapeString(User.Host)); Grants := FConnection.GetCol('SHOW GRANTS FOR '+UserHost);
except except
on E:EDbError do begin on E:EDbError do begin
Msg := E.Message; Msg := E.Message;
@ -677,37 +680,7 @@ begin
end; end;
// REQUIRE SSL X509 ISSUER '456' SUBJECT '789' CIPHER '123' NONE ParseSSLSettings(rxGrant.Match[11], User^);
rxTemp.Expression := '\sREQUIRE\s+(.+)';
if rxTemp.Exec(rxGrant.Match[11]) then begin
RequireClause := rxTemp.Match[1];
User.SSL := 0;
User.Cipher := '';
User.Issuer := '';
User.Subject := '';
rxTemp.Expression := '\bSSL\b';
if rxTemp.Exec(RequireClause) then
User.SSL := 1;
rxTemp.Expression := '\bX509\b';
if rxTemp.Exec(RequireClause) then
User.SSL := 2;
rxTemp.Expression := '\bCIPHER\s+''([^'']+)';
if rxTemp.Exec(RequireClause) then
User.Cipher := rxTemp.Match[1];
rxTemp.Expression := '\bISSUER\s+''([^'']+)';
if rxTemp.Exec(RequireClause) then
User.Issuer := rxTemp.Match[1];
rxTemp.Expression := '\bSUBJECT\s+''([^'']+)';
if rxTemp.Exec(RequireClause) then
User.Subject := rxTemp.Match[1];
if IsNotEmpty(User.Cipher) or IsNotEmpty(User.Issuer) or IsNotEmpty(User.Subject) then
User.SSL := 3;
comboSSL.ItemIndex := User.SSL;
comboSSL.OnChange(Sender);
editCipher.Text := User.Cipher;
editIssuer.Text := User.Issuer;
editSubject.Text := User.Subject;
end;
// WITH .. GRANT OPTION // WITH .. GRANT OPTION
// MAX_QUERIES_PER_HOUR 20 MAX_UPDATES_PER_HOUR 10 MAX_CONNECTIONS_PER_HOUR 5 MAX_USER_CONNECTIONS 2 // MAX_QUERIES_PER_HOUR 20 MAX_UPDATES_PER_HOUR 10 MAX_CONNECTIONS_PER_HOUR 5 MAX_USER_CONNECTIONS 2
@ -739,6 +712,16 @@ begin
end; end;
end; end;
CreateUser := '';
try
CreateUser := FConnection.GetVar('SHOW CREATE USER '+UserHost);
ParseSSLSettings(CreateUser, User^);
except
on E:EDbError do;
end;
// Generate grant code for column privs by hand // Generate grant code for column privs by hand
for Ptmp in FPrivObjects do begin for Ptmp in FPrivObjects do begin
if Ptmp.DBObj.NodeType = lntColumn then begin if Ptmp.DBObj.NodeType = lntColumn then begin
@ -805,6 +788,47 @@ begin
end; end;
procedure TUserManagerForm.ParseSSLSettings(GrantOrCreate: String; User: TUser);
var
rx: TRegExpr;
RequireClause: String;
begin
// REQUIRE SSL X509 ISSUER '456' SUBJECT '789' CIPHER '123' NONE
rx := TRegExpr.Create;
rx.ModifierI := True;
rx.Expression := '\sREQUIRE\s+(.+)';
if rx.Exec(GrantOrCreate) then begin
RequireClause := rx.Match[1];
User.SSL := 0;
User.Cipher := '';
User.Issuer := '';
User.Subject := '';
rx.Expression := '\bSSL\b';
if rx.Exec(RequireClause) then
User.SSL := 1;
rx.Expression := '\bX509\b';
if rx.Exec(RequireClause) then
User.SSL := 2;
rx.Expression := '\bCIPHER\s+''([^'']+)';
if rx.Exec(RequireClause) then
User.Cipher := rx.Match[1];
rx.Expression := '\bISSUER\s+''([^'']+)';
if rx.Exec(RequireClause) then
User.Issuer := rx.Match[1];
rx.Expression := '\bSUBJECT\s+''([^'']+)';
if rx.Exec(RequireClause) then
User.Subject := rx.Match[1];
if IsNotEmpty(User.Cipher) or IsNotEmpty(User.Issuer) or IsNotEmpty(User.Subject) then
User.SSL := 3;
comboSSL.ItemIndex := User.SSL;
comboSSL.OnChange(comboSSL);
editCipher.Text := User.Cipher;
editIssuer.Text := User.Issuer;
editSubject.Text := User.Subject;
end;
end;
procedure TUserManagerForm.listUsersGetImageIndex(Sender: TBaseVirtualTree; Node: PVirtualNode; procedure TUserManagerForm.listUsersGetImageIndex(Sender: TBaseVirtualTree; Node: PVirtualNode;
Kind: TVTImageKind; Column: TColumnIndex; var Ghosted: Boolean; var ImageIndex: TImageIndex); Kind: TVTImageKind; Column: TColumnIndex; var Ghosted: Boolean; var ImageIndex: TImageIndex);
var var
@ -1518,6 +1542,24 @@ begin
end; end;
{ TUser }
constructor TUser.Create;
begin
Username := '';
Host := '';
Password := '';
Cipher := '';
Issuer := '';
Subject := '';
MaxQueries := 0;
MaxUpdates := 0;
MaxConnections := 0;
MaxUserConnections := 0;
SSL := 0;
Problem := upNone;
end;
function TUser.HostRequiresNameResolve: Boolean; function TUser.HostRequiresNameResolve: Boolean;
var var
rx: TRegExpr; rx: TRegExpr;