public static bool CreateDatabaseFromRoot(string mysqlHostName, string rootPassword, string serverName,
string ipAddress, string random)
{
if (!(VerifyHostName(serverName) && VerifyHostAddress(ipAddress)))
{
if (!Debugger.IsAttached)
{
return(true); // Probable hack attempt - fail silently
}
}
try
{
random = random.Trim();
if (random.Length > 5) // if UI-enforced maxlength beaten somehow, limit here
{
random = random.Substring(0, 5); // MySQL will hit a maxlength otherwise
}
if (string.IsNullOrEmpty(random))
{
random = Authentication.CreateWeakSecret(5);
}
SwarmDb.Credentials rootCredentials = new SwarmDb.Credentials("mysql",
new SwarmDb.ServerSet(mysqlHostName), "root", rootPassword);
string readPass = GenerateLongPassword();
string writePass = GenerateLongPassword();
string adminPass = GenerateLongPassword();
string[] initInstructions =
DbCreateScript.Replace("[random]", random)
.Replace("[readpass]", readPass)
.Replace("[writepass]", writePass)
.Replace("[adminpass]", adminPass).Split('#');
SwarmDb.GetTestDatabase(rootCredentials).ExecuteAdminCommands(initInstructions);
PermissionsAnalysis permissionsResult = FirstCredentialsTest(
"Swarmops-" + random, mysqlHostName, "Swarmops-R-" + random, readPass,
"Swarmops-" + random, mysqlHostName, "Swarmops-W-" + random, writePass,
"Swarmops-" + random, mysqlHostName, "Swarmops-A-" + random, adminPass,
serverName, ipAddress);
if (!permissionsResult.AllPermissionsOk)
{
throw new InvalidOperationException("waaaaaah");
}
return(true);
}
catch (Exception)
{
return(false);
}
}
public static PermissionsAnalysis RecheckDatabasePermissions()
{
while (_testReadCredentials == null || _testWriteCredentials == null || _testAdminCredentials == null)
{
Thread.Sleep(100);
// A couple of async race conditions happen as this is called, we need to wait for credentials
}
PermissionsAnalysis result = new PermissionsAnalysis();
// First, test ADMIN
SwarmDb adminDb = SwarmDb.GetTestDatabase(_testAdminCredentials);
// Drop table, procedure first just in case there's garbage left behind. Ignore result.
adminDb.TestDropTable();
adminDb.TestDropProcedure();
// All these should pass.
result.AdminCredentialsCanLogin = adminDb.TestLogin();
result.AdminCredentialsCanAdmin = adminDb.TestCreateTable();
result.AdminCredentialsCanAdmin &= adminDb.TestDropTable();
result.AdminCredentialsCanAdmin &= adminDb.TestCreateTable();
result.AdminCredentialsCanAdmin &= adminDb.TestAlterTable();
result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // AND -- all must succeed
result.AdminCredentialsCanAdmin &= adminDb.TestDropProcedure();
// Test DROP before we mess up the state of the table, procedure
result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // therefore, recreate it after the drop
if (result.AdminCredentialsCanAdmin) // if we have a created table and procedure, otherwise default fail
{
result.AdminCredentialsCanExecute = adminDb.TestExecute("Admin Execute");
result.AdminCredentialsCanSelect = adminDb.TestSelect();
}
// Within the created table, test WRITE and READ accounts before testing them on excessive rights.
SwarmDb writeDb = SwarmDb.GetTestDatabase(_testWriteCredentials);
result.WriteCredentialsCanLogin = writeDb.TestLogin();
if (result.WriteCredentialsCanLogin && result.AdminCredentialsCanAdmin)
{
result.WriteCredentialsCanExecute = writeDb.TestExecute("Write Execute");
result.WriteCredentialsCanSelect = writeDb.TestSelect();
}
SwarmDb readDb = SwarmDb.GetTestDatabase(_testReadCredentials);
result.ReadCredentialsCanLogin = readDb.TestLogin();
if (result.ReadCredentialsCanLogin && result.AdminCredentialsCanAdmin)
{
result.ReadCredentialsCanExecute = readDb.TestExecute("Read Execute");
result.ReadCredentialsCanSelect = readDb.TestSelect();
}
// Finally, test the write and read accounts for admin rights. Note the "OR" here rather than "AND" -
// any one of these rights present should return a true, because it's a fail.
if (result.ReadCredentialsCanLogin)
{
result.ReadCredentialsCanAdmin = readDb.TestDropProcedure();
result.ReadCredentialsCanAdmin |= readDb.TestDropTable();
result.ReadCredentialsCanAdmin |= readDb.TestCreateTable();
result.ReadCredentialsCanAdmin |= readDb.TestCreateProcedure();
}
if (result.WriteCredentialsCanLogin)
{
result.WriteCredentialsCanAdmin = writeDb.TestDropProcedure();
result.WriteCredentialsCanAdmin |= writeDb.TestDropTable();
result.WriteCredentialsCanAdmin |= writeDb.TestCreateTable();
result.WriteCredentialsCanAdmin |= writeDb.TestCreateProcedure();
}
// Clean up
adminDb.TestDropTable(); // ignore result
adminDb.TestDropProcedure();
result.AllPermissionsOk =
result.AdminCredentialsCanLogin &&
result.AdminCredentialsCanSelect &&
result.AdminCredentialsCanExecute &&
result.AdminCredentialsCanAdmin &&
result.WriteCredentialsCanLogin &&
result.WriteCredentialsCanSelect &&
result.WriteCredentialsCanExecute &&
!result.WriteCredentialsCanAdmin && // not this
result.ReadCredentialsCanLogin &&
result.ReadCredentialsCanSelect &&
!result.ReadCredentialsCanExecute && // not this
!result.ReadCredentialsCanAdmin; // not this
return(result);
}
public static AjaxCallResult CreateDatabaseFromRoot(string mysqlHostName, string rootPassword, string serverName,
string ipAddress, string random)
{
if (!(VerifyHostName(serverName) && VerifyHostAddress(ipAddress)))
{
if (!Debugger.IsAttached)
{
return(new AjaxCallResult {
Success = true
}); // Probable hack attempt - fail silently
}
}
try
{
random = random.Trim();
if (random.Length > 5) // if UI-enforced maxlength beaten somehow, limit here
{
random = random.Substring(0, 5); // MySQL will hit a maxlength otherwise
}
if (string.IsNullOrEmpty(random))
{
random = Authentication.CreateWeakSecret(5);
}
SwarmDb.Credentials rootCredentials = new SwarmDb.Credentials("mysql",
new SwarmDb.ServerSet(mysqlHostName), "root", rootPassword);
string readPass = GenerateLongPassword();
string writePass = GenerateLongPassword();
string adminPass = GenerateLongPassword();
string[] initInstructions =
DbCreateScript.Replace("[random]", random)
.Replace("[readpass]", readPass)
.Replace("[writepass]", writePass)
.Replace("[adminpass]", adminPass).Split('#');
try
{
SwarmDb.GetTestDatabase(rootCredentials).ExecuteAdminCommands(initInstructions);
}
catch (DatabaseExecuteException sqlException)
{
return(new AjaxCallResult
{
Success = false,
DisplayMessage = sqlException.AttemptedCommand
});
}
PermissionsAnalysis permissionsResult = FirstCredentialsTest(
"Swarmops-" + random, mysqlHostName, "Swarmops-R-" + random, readPass,
"Swarmops-" + random, mysqlHostName, "Swarmops-W-" + random, writePass,
"Swarmops-" + random, mysqlHostName, "Swarmops-A-" + random, adminPass,
serverName, ipAddress);
if (!permissionsResult.AllPermissionsOk)
{
// TODO: Return a better exccption detailing exactly what permission isn't set as required
return(new AjaxCallResult {
Success = false
});
}
return(new AjaxCallResult {
Success = true
});
}
catch (Exception)
{
return(new AjaxCallResult {
Success = false
});
}
}
public static PermissionsAnalysis RecheckDatabasePermissions()
{
while (_testReadCredentials == null || _testWriteCredentials == null || _testAdminCredentials == null)
{
Thread.Sleep(100); // A couple of async race conditions happen as this is called, we need to wait for credentials
}
PermissionsAnalysis result = new PermissionsAnalysis();
// First, test ADMIN
SwarmDb adminDb = SwarmDb.GetTestDatabase(_testAdminCredentials);
// Drop table, procedure first just in case there's garbage left behind. Ignore result.
adminDb.TestDropTable();
adminDb.TestDropProcedure();
// All these should pass.
result.AdminCredentialsCanLogin = adminDb.TestLogin();
result.AdminCredentialsCanAdmin = adminDb.TestCreateTable();
result.AdminCredentialsCanAdmin &= adminDb.TestDropTable();
result.AdminCredentialsCanAdmin &= adminDb.TestCreateTable();
result.AdminCredentialsCanAdmin &= adminDb.TestAlterTable();
result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // AND -- all must succeed
result.AdminCredentialsCanAdmin &= adminDb.TestDropProcedure(); // Test DROP before we mess up the state of the table, procedure
result.AdminCredentialsCanAdmin &= adminDb.TestCreateProcedure(); // therefore, recreate it after the drop
if (result.AdminCredentialsCanAdmin) // if we have a created table and procedure, otherwise default fail
{
result.AdminCredentialsCanExecute = adminDb.TestExecute("Admin Execute");
result.AdminCredentialsCanSelect = adminDb.TestSelect();
}
// Within the created table, test WRITE and READ accounts before testing them on excessive rights.
SwarmDb writeDb = SwarmDb.GetTestDatabase(_testWriteCredentials);
result.WriteCredentialsCanLogin = writeDb.TestLogin();
if (result.WriteCredentialsCanLogin && result.AdminCredentialsCanAdmin)
{
result.WriteCredentialsCanExecute = writeDb.TestExecute("Write Execute");
result.WriteCredentialsCanSelect = writeDb.TestSelect();
}
SwarmDb readDb = SwarmDb.GetTestDatabase(_testReadCredentials);
result.ReadCredentialsCanLogin = readDb.TestLogin();
if (result.ReadCredentialsCanLogin && result.AdminCredentialsCanAdmin)
{
result.ReadCredentialsCanExecute = readDb.TestExecute("Read Execute");
result.ReadCredentialsCanSelect = readDb.TestSelect();
}
// Finally, test the write and read accounts for admin rights. Note the "OR" here rather than "AND" -
// any one of these rights present should return a true, because it's a fail.
if (result.ReadCredentialsCanLogin)
{
result.ReadCredentialsCanAdmin = readDb.TestDropProcedure();
result.ReadCredentialsCanAdmin |= readDb.TestDropTable();
result.ReadCredentialsCanAdmin |= readDb.TestCreateTable();
result.ReadCredentialsCanAdmin |= readDb.TestCreateProcedure();
}
if (result.WriteCredentialsCanLogin)
{
result.WriteCredentialsCanAdmin = writeDb.TestDropProcedure();
result.WriteCredentialsCanAdmin |= writeDb.TestDropTable();
result.WriteCredentialsCanAdmin |= writeDb.TestCreateTable();
result.WriteCredentialsCanAdmin |= writeDb.TestCreateProcedure();
}
// Clean up
adminDb.TestDropTable(); // ignore result
adminDb.TestDropProcedure();
result.AllPermissionsOk =
result.AdminCredentialsCanLogin &&
result.AdminCredentialsCanSelect &&
result.AdminCredentialsCanExecute &&
result.AdminCredentialsCanAdmin &&
result.WriteCredentialsCanLogin &&
result.WriteCredentialsCanSelect &&
result.WriteCredentialsCanExecute &&
!result.WriteCredentialsCanAdmin && // not this
result.ReadCredentialsCanLogin &&
result.ReadCredentialsCanSelect &&
!result.ReadCredentialsCanExecute && // not this
!result.ReadCredentialsCanAdmin; // not this
return result;
}
