From 2bb7833f50e4d72ed9263cf4e0e1175d182dd846 Mon Sep 17 00:00:00 2001 From: Sebastian Mendel Date: Mon, 21 Jan 2008 12:50:19 +0000 Subject: [PATCH] cache user privilege information; replaced ereg_* with preg_* functions; some tweaks --- libraries/check_user_privileges.lib.php | 136 ++++++++++++++++-------- 1 file changed, 91 insertions(+), 45 deletions(-) diff --git a/libraries/check_user_privileges.lib.php b/libraries/check_user_privileges.lib.php index 7a75b7cd4..22fb4409d 100644 --- a/libraries/check_user_privileges.lib.php +++ b/libraries/check_user_privileges.lib.php @@ -9,19 +9,73 @@ /** * */ -$is_create_db_priv = false; -$is_process_priv = true; -$is_reload_priv = false; -$db_to_create = ''; -$dbs_where_create_table_allowed = array(); +$GLOBALS['is_superuser'] = PMA_isSuperuser(); -$is_superuser = PMA_isSuperuser(); - -function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, - &$is_reload_priv, &$dbs_where_create_table_allowed) +/** + * sets privilege information extracted from SHOW GRANTS result + * + * Detection for some CREATE privilege. + * + * Since MySQL 4.1.2, we can easily detect current user's grants using $userlink + * (no control user needed) and we don't have to try any other method for + * detection + * + * @todo fix to get really all privileges, not only explicitly defined for this user + * from MySQL manual: (http://dev.mysql.com/doc/refman/5.0/en/show-grants.html) + * SHOW GRANTS displays only the privileges granted explicitly to the named + * account. Other privileges might be available to the account, but they are not + * displayed. For example, if an anonymous account exists, the named account + * might be able to use its privileges, but SHOW GRANTS will not display them. + * + * @uses $_SESSION['is_create_db_priv'] for caching + * @uses $_SESSION['is_process_priv'] for caching + * @uses $_SESSION['is_reload_priv'] for caching + * @uses $_SESSION['db_to_create'] for caching + * @uses $_SESSION['dbs_where_create_table_allowed'] for caching + * @uses $GLOBALS['is_create_db_priv'] to set it + * @uses $GLOBALS['is_process_priv'] to set it + * @uses $GLOBALS['is_reload_priv'] to set it + * @uses $GLOBALS['db_to_create'] to set it + * @uses $GLOBALS['dbs_where_create_table_allowed'] to set it + * @uses PMA_DBI_try_query() + * @uses PMA_DBI_fetch_row() + * @uses PMA_DBI_free_result() + * @uses PMA_DBI_getError() + * @uses PMA_unQuote() + * @uses PMA_backquote() + * @uses preg_match() + * @uses preg_replace() + * @uses substr() + * @uses strpos() + */ +function PMA_analyseShowGrant() { + if (isset($_SESSION['is_create_db_priv'])) { + $GLOBALS['is_create_db_priv'] = $_SESSION['is_create_db_priv']; + $GLOBALS['is_process_priv'] = $_SESSION['is_create_db_priv']; + $GLOBALS['is_reload_priv'] = $_SESSION['is_create_db_priv']; + $GLOBALS['db_to_create'] = $_SESSION['is_create_db_priv']; + $GLOBALS['dbs_where_create_table_allowed'] + = $_SESSION['is_create_db_priv']; + return; + } + + // defaults + $GLOBALS['is_create_db_priv'] = false; + $GLOBALS['is_process_priv'] = true; + $GLOBALS['is_reload_priv'] = false; + $GLOBALS['db_to_create'] = ''; + $GLOBALS['dbs_where_create_table_allowed'] = array(); + + $rs_usr = PMA_DBI_try_query('SHOW GRANTS'); + + if (! $rs_usr) { + return; + } + $re0 = '(^|(\\\\\\\\)+|[^\])'; // non-escaped wildcards $re1 = '(^|[^\])(\\\)+'; // escaped wildcards + while ($row = PMA_DBI_fetch_row($rs_usr)) { // extract db from GRANT ... ON *.* or GRANT ... ON db.* $db_name_offset = strpos($row[0], ' ON ') + 4; @@ -32,8 +86,9 @@ function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, $show_grants_str = substr($row[0], 6, (strpos($row[0], ' ON ') - 6)); if ($show_grants_str == 'RELOAD') { - $is_reload_priv = true; + $GLOBALS['is_reload_priv'] = true; } + /** * @todo if we find CREATE VIEW but not CREATE, do not offer * the create database dialog box @@ -44,37 +99,39 @@ function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, || strpos($show_grants_str, 'CREATE,') !== false) { if ($show_grants_dbname == '*') { // a global CREATE privilege - $is_create_db_priv = true; - $is_reload_priv = true; - $db_to_create = ''; - $dbs_where_create_table_allowed[] = '*'; + $GLOBALS['is_create_db_priv'] = true; + $GLOBALS['is_reload_priv'] = true; + $GLOBALS['db_to_create'] = ''; + $GLOBALS['dbs_where_create_table_allowed'][] = '*'; // @todo we should not break here, cause GRANT ALL *.* // could be revoked by a later rule like GRANT SELECT ON db.* break; } else { // this array may contain wildcards - $dbs_where_create_table_allowed[] = $show_grants_dbname; + $GLOBALS['dbs_where_create_table_allowed'][] = $show_grants_dbname; $dbname_to_test = PMA_backquote($show_grants_dbname); - if ($is_create_db_priv) { + if ($GLOBALS['is_create_db_priv']) { // no need for any more tests if we already know this continue; } - if ((ereg($re0 . '%|_', $show_grants_dbname) - && ! ereg('\\\\%|\\\\_', $show_grants_dbname)) + if ((preg_match('/' . $re0 . '%|_/', $show_grants_dbname) + && ! preg_match('/\\\\%|\\\\_/', $show_grants_dbname)) // does this db exist? - || (! PMA_DBI_try_query('USE ' . ereg_replace($re1 . '(%|_)', '\\1\\3', $dbname_to_test)) + || (! PMA_DBI_try_query('USE ' . preg_replace('/' . $re1 . '(%|_)/', '\\1\\3', $dbname_to_test)) && substr(PMA_DBI_getError(), 1, 4) != 1044) ) { - $db_to_create = ereg_replace($re0 . '_', '\\1?', $show_grants_dbname); - $db_to_create = ereg_replace($re0 . '%', '\\1...', $db_to_create); - $db_to_create = ereg_replace($re1 . '(%|_)', '\\1\\3', $db_to_create); - $is_create_db_priv = true; + if ($GLOBALS['cfg']['SuggestDBName']) { + $GLOBALS['db_to_create'] = preg_replace('/' . $re0 . '_/', '\\1?', $show_grants_dbname); + $GLOBALS['db_to_create'] = preg_replace('/' . $re0 . '%/', '\\1...', $GLOBALS['db_to_create']); + $GLOBALS['db_to_create'] = preg_replace('/' . $re1 . '(%|_)/', '\\1\\3', $GLOBALS['db_to_create']); + } + $GLOBALS['is_create_db_priv'] = true; /** - * @todo collect $db_to_create into an array, to display a + * @todo collect $GLOBALS['db_to_create'] into an array, to display a * drop-down in the "Create new database" dialog */ // we don't break, we want all possible databases @@ -83,28 +140,17 @@ function PMA_analyseShowGrant($rs_usr, &$is_create_db_priv, &$db_to_create, } // end elseif } // end if } // end while + + PMA_DBI_free_result($rs_usr); + + $_SESSION['is_create_db_priv'] = $GLOBALS['is_create_db_priv']; + $_SESSION['is_process_priv'] = $GLOBALS['is_create_db_priv']; + $_SESSION['is_reload_priv'] = $GLOBALS['is_create_db_priv']; + $_SESSION['db_to_create'] = $GLOBALS['is_create_db_priv']; + $_SESSION['dbs_where_create_table_allowed'] + = $GLOBALS['is_create_db_priv']; } // end function -// Detection for some CREATE privilege. +PMA_analyseShowGrant(); -// Since MySQL 4.1.2, we can easily detect current user's grants -// using $userlink (no control user needed) -// and we don't have to try any other method for detection -// @todo fix to get really all privileges, not only explicitly defined for this user -// from MySQL manual: (http://dev.mysql.com/doc/refman/5.0/en/show-grants.html) -// SHOW GRANTS displays only the privileges granted explicitly to the named -// account. Other privileges might be available to the account, but they are not -// displayed. For example, if an anonymous account exists, the named account -// might be able to use its privileges, but SHOW GRANTS will not display them. - -if ($rs_usr = PMA_DBI_try_query('SHOW GRANTS')) { - PMA_analyseShowGrant($rs_usr, $is_create_db_priv, $db_to_create, $is_reload_priv, $dbs_where_create_table_allowed); - PMA_DBI_free_result($rs_usr); - unset($rs_usr); -} - -// If disabled, don't show it -if (!$cfg['SuggestDBName']) { - $db_to_create = ''; -} ?>