Source Code Cross Referenced for UserManager.java in  » Database-DBMS » mckoi » com » mckoi » database » interpret » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        /**
002:         * com.mckoi.database.interpret.UserManager  16 Aug 2002
003:         *
004:         * Mckoi SQL Database ( http://www.mckoi.com/database )
005:         * Copyright (C) 2000, 2001, 2002  Diehl and Associates, Inc.
006:         *
007:         * This program is free software; you can redistribute it and/or
008:         * modify it under the terms of the GNU General Public License
009:         * Version 2 as published by the Free Software Foundation.
010:         *
011:         * This program is distributed in the hope that it will be useful,
012:         * but WITHOUT ANY WARRANTY; without even the implied warranty of
013:         * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
014:         * GNU General Public License Version 2 for more details.
015:         *
016:         * You should have received a copy of the GNU General Public License
017:         * Version 2 along with this program; if not, write to the Free Software
018:         * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
019:         *
020:         * Change Log:
021:         * 
022:         * 
023:         */package com.mckoi.database.interpret;
024:
025:        import com.mckoi.database.*;
026:        import java.util.List;
027:
028:        /**
029:         * Handler for User commands for creating, altering and dropping user accounts
030:         * in the database.
031:         *
032:         * @author Tobias Downer
033:         */
034:
035:        public class UserManager extends Statement {
036:
037:            /**
038:             * Private method that sets the user groups and lock status.
039:             */
040:            private void internalSetUserGroupsAndLock(
041:                    DatabaseQueryContext context, String username,
042:                    Expression[] groups_list, String lock_status)
043:                    throws DatabaseException {
044:
045:                Database db = context.getDatabase();
046:
047:                // Add the user to any groups
048:                if (groups_list != null) {
049:                    // Delete all the groups the user currently belongs to
050:                    db.deleteAllUserGroups(context, username);
051:                    for (int i = 0; i < groups_list.length; ++i) {
052:                        TObject group_tob = groups_list[i].evaluate(null, null,
053:                                context);
054:                        String group_str = group_tob.getObject().toString();
055:                        db.addUserToGroup(context, username, group_str);
056:                    }
057:                }
058:
059:                // Do we lock this user?
060:                if (lock_status != null) {
061:                    if (lock_status.equals("LOCK")) {
062:                        db.setUserLock(context, user, true);
063:                    } else {
064:                        db.setUserLock(context, user, false);
065:                    }
066:                }
067:
068:            }
069:
070:            /**
071:             * Private method that creates a new user.
072:             */
073:            private void internalCreateUser(DatabaseQueryContext context,
074:                    String username, String password_str,
075:                    Expression[] groups_list, String lock_status)
076:                    throws DatabaseException {
077:
078:                // Create the user
079:                Database db = context.getDatabase();
080:                db.createUser(context, username, password_str);
081:
082:                internalSetUserGroupsAndLock(context, username, groups_list,
083:                        lock_status);
084:
085:                // Allow all localhost TCP connections.
086:                // NOTE: Permissive initial security!
087:                db.grantHostAccessToUser(context, username, "TCP", "%");
088:                // Allow all Local connections (from within JVM).
089:                db.grantHostAccessToUser(context, username, "Local", "%");
090:
091:            }
092:
093:            // ---------- Implemented from Statement ----------
094:
095:            public void prepare() throws DatabaseException {
096:                // Nothing to do here
097:            }
098:
099:            public Table evaluate() throws DatabaseException {
100:
101:                DatabaseQueryContext context = new DatabaseQueryContext(
102:                        database);
103:
104:                String command_type = (String) cmd.getObject("type");
105:                String username = (String) cmd.getObject("username");
106:
107:                // True if current user is altering their own user record.
108:                boolean modify_own_record = command_type.equals("ALTER USER")
109:                        && user.getUserName().equals(username);
110:                // True if current user is allowed to create and drop users.
111:                boolean secure_access_privs = context.getDatabase()
112:                        .canUserCreateAndDropUsers(context, user);
113:
114:                // Does the user have permissions to do this?  They must be part of the
115:                // 'secure access' priv group or they are modifying there own record.
116:                if (!(modify_own_record || secure_access_privs)) {
117:                    throw new DatabaseException(
118:                            "User is not permitted to create, alter or drop user.");
119:                }
120:
121:                if (username.equalsIgnoreCase("public")) {
122:                    throw new DatabaseException(
123:                            "Username 'public' is reserved.");
124:                }
125:
126:                // Are we creating a new user?
127:                if (command_type.equals("CREATE USER")
128:                        || command_type.equals("ALTER USER")) {
129:
130:                    Expression password = (Expression) cmd
131:                            .getObject("password_expression");
132:                    Expression[] groups_list = (Expression[]) cmd
133:                            .getObject("groups_list");
134:                    String lock_status = (String) cmd.getObject("lock_status");
135:
136:                    String password_str = null;
137:                    if (password != null) {
138:                        TObject passwd_tob = password.evaluate(null, null,
139:                                context);
140:                        password_str = passwd_tob.getObject().toString();
141:                    }
142:
143:                    if (command_type.equals("CREATE USER")) {
144:                        // -- Creating a new user ---
145:
146:                        // First try and create the new user,
147:                        Database db = context.getDatabase();
148:                        if (!db.userExists(context, username)) {
149:                            internalCreateUser(context, username, password_str,
150:                                    groups_list, lock_status);
151:                        } else {
152:                            throw new DatabaseException("User '" + username
153:                                    + "' already exists.");
154:                        }
155:
156:                    } else if (command_type.equals("ALTER USER")) {
157:                        // -- Altering a user --
158:
159:                        // If we don't have secure access privs then we need to check that the
160:                        // user is permitted to change the groups_list and lock_status.
161:                        // Altering your own password is allowed, but you can't change the
162:                        // groups you belong to, etc.
163:                        if (!secure_access_privs) {
164:                            if (groups_list != null) {
165:                                throw new DatabaseException(
166:                                        "User is not permitted to alter user groups.");
167:                            }
168:                            if (lock_status != null) {
169:                                throw new DatabaseException(
170:                                        "User is not permitted to alter user lock status.");
171:                            }
172:                        }
173:
174:                        Database db = context.getDatabase();
175:                        if (db.userExists(context, username)) {
176:                            if (password_str != null) {
177:                                db.alterUserPassword(context, username,
178:                                        password_str);
179:                            }
180:                            internalSetUserGroupsAndLock(context, username,
181:                                    groups_list, lock_status);
182:                        } else {
183:                            throw new DatabaseException("User '" + username
184:                                    + "' doesn't exist.");
185:                        }
186:                    }
187:
188:                } else if (command_type.equals("DROP USER")) {
189:                    Database db = context.getDatabase();
190:                    if (db.userExists(context, username)) {
191:                        // Delete the user
192:                        db.deleteUser(context, username);
193:                    } else {
194:                        throw new DatabaseException("User '" + username
195:                                + "' doesn't exist.");
196:                    }
197:                } else {
198:                    throw new DatabaseException(
199:                            "Unknown user manager command: " + command_type);
200:                }
201:
202:                return FunctionTable.resultTable(context, 0);
203:            }
204:
205:        }