Beispiel #1
0
func SqlDatabasesAdd(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	db, _ := util.MySQL()
	defer db.Close()

	//    stmt, _ := db.Prepare("CREATE USER ?@'%' IDENTIFIED BY ?;")
	//    _, err := stmt.Exec(hcuser.System_username + "_" + username, password)
	db_name = util.LastResortSanitize(db_name)
	db_name = string(hcuser.System_username + "_" + db_name)

	stmt, err := db.Prepare("create database " + db_name + "")
	if err != nil {
		return "bad_characters_used "
	}
	_, err = stmt.Exec()
	if err != nil {
		return "failed_to_create_database"
	}
	stmt.Close()

	return "success"
}
Beispiel #2
0
func SqlGrantsDelete(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	db_name := util.Query(ctx, "db_name")

	if db_name == "" {
		return "db_name_required"
	}

	username := util.Query(ctx, "db_user")

	if username == "" {
		return "username_required"
	}

	dbowner := strings.Split(db_name, "_")[0]
	userowner := strings.Split(username, "_")[0]

	if dbowner != hcuser.System_username || userowner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	db_name = util.LastResortSanitize(db_name)
	username = util.LastResortSanitize(username)

	_, err := db.Exec("REVOKE ALL ON " + db_name + ".* FROM '" + username + "'@'%';")
	if err != nil {

		return "failed_to_delete_grant"
	}
	return "success"
}
Beispiel #3
0
func SqlUsersEdit(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "db_user")
	password := util.Query(ctx, "password")
	owner := strings.Split(username, "_")[0]

	if username == "" {
		return "db_user_required"
	}

	if password == "" {
		return "password_required"
	}

	if owner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	db_user := util.LastResortSanitize(username)
	password = util.LastResortSanitize(password)

	_, err := db.Exec("SET PASSWORD FOR '" + db_user + "' = PASSWORD('" + password + "');")
	if err != nil {
		return "bad_characters_used "
	}

	return "success"
}
Beispiel #4
0
func SqlUsersDelete(ctx *macaron.Context) string {
	hcuser, auth := util.Auth(ctx, "databases")

	if !auth {
		return "not_authorized"
	}

	username := util.Query(ctx, "db_user")

	if username == "" {
		return "username_required"
	}

	owner := strings.Split(username, "_")[0]

	if owner != hcuser.System_username {
		return "failed_not_yours"
	}

	db, _ := util.MySQL()
	defer db.Close()

	db_user := util.LastResortSanitize(username)
	//password = strings.Replace(password, "'", "\\'", -1)

	stmt, err := db.Prepare("DROP USER '" + db_user + "'")
	if err != nil {
		return "bad_characters_used"
	}
	_, err = stmt.Exec()
	if err != nil {
		return "failed_to_delete_user"
	}
	stmt.Close()

	return "success"
}