001: /**
002: * com.mckoi.database.interpret.UserManager 16 Aug 2002
003: *
004: * Mckoi SQL Database ( http://www.mckoi.com/database )
005: * Copyright (C) 2000, 2001, 2002 Diehl and Associates, Inc.
006: *
007: * This program is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU General Public License
009: * Version 2 as published by the Free Software Foundation.
010: *
011: * This program is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
014: * GNU General Public License Version 2 for more details.
015: *
016: * You should have received a copy of the GNU General Public License
017: * Version 2 along with this program; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
019: *
020: * Change Log:
021: *
022: *
023: */package com.mckoi.database.interpret;
024:
025: import com.mckoi.database.*;
026: import java.util.List;
027:
028: /**
029: * Handler for User commands for creating, altering and dropping user accounts
030: * in the database.
031: *
032: * @author Tobias Downer
033: */
034:
035: public class UserManager extends Statement {
036:
037: /**
038: * Private method that sets the user groups and lock status.
039: */
040: private void internalSetUserGroupsAndLock(
041: DatabaseQueryContext context, String username,
042: Expression[] groups_list, String lock_status)
043: throws DatabaseException {
044:
045: Database db = context.getDatabase();
046:
047: // Add the user to any groups
048: if (groups_list != null) {
049: // Delete all the groups the user currently belongs to
050: db.deleteAllUserGroups(context, username);
051: for (int i = 0; i < groups_list.length; ++i) {
052: TObject group_tob = groups_list[i].evaluate(null, null,
053: context);
054: String group_str = group_tob.getObject().toString();
055: db.addUserToGroup(context, username, group_str);
056: }
057: }
058:
059: // Do we lock this user?
060: if (lock_status != null) {
061: if (lock_status.equals("LOCK")) {
062: db.setUserLock(context, user, true);
063: } else {
064: db.setUserLock(context, user, false);
065: }
066: }
067:
068: }
069:
070: /**
071: * Private method that creates a new user.
072: */
073: private void internalCreateUser(DatabaseQueryContext context,
074: String username, String password_str,
075: Expression[] groups_list, String lock_status)
076: throws DatabaseException {
077:
078: // Create the user
079: Database db = context.getDatabase();
080: db.createUser(context, username, password_str);
081:
082: internalSetUserGroupsAndLock(context, username, groups_list,
083: lock_status);
084:
085: // Allow all localhost TCP connections.
086: // NOTE: Permissive initial security!
087: db.grantHostAccessToUser(context, username, "TCP", "%");
088: // Allow all Local connections (from within JVM).
089: db.grantHostAccessToUser(context, username, "Local", "%");
090:
091: }
092:
093: // ---------- Implemented from Statement ----------
094:
095: public void prepare() throws DatabaseException {
096: // Nothing to do here
097: }
098:
099: public Table evaluate() throws DatabaseException {
100:
101: DatabaseQueryContext context = new DatabaseQueryContext(
102: database);
103:
104: String command_type = (String) cmd.getObject("type");
105: String username = (String) cmd.getObject("username");
106:
107: // True if current user is altering their own user record.
108: boolean modify_own_record = command_type.equals("ALTER USER")
109: && user.getUserName().equals(username);
110: // True if current user is allowed to create and drop users.
111: boolean secure_access_privs = context.getDatabase()
112: .canUserCreateAndDropUsers(context, user);
113:
114: // Does the user have permissions to do this? They must be part of the
115: // 'secure access' priv group or they are modifying there own record.
116: if (!(modify_own_record || secure_access_privs)) {
117: throw new DatabaseException(
118: "User is not permitted to create, alter or drop user.");
119: }
120:
121: if (username.equalsIgnoreCase("public")) {
122: throw new DatabaseException(
123: "Username 'public' is reserved.");
124: }
125:
126: // Are we creating a new user?
127: if (command_type.equals("CREATE USER")
128: || command_type.equals("ALTER USER")) {
129:
130: Expression password = (Expression) cmd
131: .getObject("password_expression");
132: Expression[] groups_list = (Expression[]) cmd
133: .getObject("groups_list");
134: String lock_status = (String) cmd.getObject("lock_status");
135:
136: String password_str = null;
137: if (password != null) {
138: TObject passwd_tob = password.evaluate(null, null,
139: context);
140: password_str = passwd_tob.getObject().toString();
141: }
142:
143: if (command_type.equals("CREATE USER")) {
144: // -- Creating a new user ---
145:
146: // First try and create the new user,
147: Database db = context.getDatabase();
148: if (!db.userExists(context, username)) {
149: internalCreateUser(context, username, password_str,
150: groups_list, lock_status);
151: } else {
152: throw new DatabaseException("User '" + username
153: + "' already exists.");
154: }
155:
156: } else if (command_type.equals("ALTER USER")) {
157: // -- Altering a user --
158:
159: // If we don't have secure access privs then we need to check that the
160: // user is permitted to change the groups_list and lock_status.
161: // Altering your own password is allowed, but you can't change the
162: // groups you belong to, etc.
163: if (!secure_access_privs) {
164: if (groups_list != null) {
165: throw new DatabaseException(
166: "User is not permitted to alter user groups.");
167: }
168: if (lock_status != null) {
169: throw new DatabaseException(
170: "User is not permitted to alter user lock status.");
171: }
172: }
173:
174: Database db = context.getDatabase();
175: if (db.userExists(context, username)) {
176: if (password_str != null) {
177: db.alterUserPassword(context, username,
178: password_str);
179: }
180: internalSetUserGroupsAndLock(context, username,
181: groups_list, lock_status);
182: } else {
183: throw new DatabaseException("User '" + username
184: + "' doesn't exist.");
185: }
186: }
187:
188: } else if (command_type.equals("DROP USER")) {
189: Database db = context.getDatabase();
190: if (db.userExists(context, username)) {
191: // Delete the user
192: db.deleteUser(context, username);
193: } else {
194: throw new DatabaseException("User '" + username
195: + "' doesn't exist.");
196: }
197: } else {
198: throw new DatabaseException(
199: "Unknown user manager command: " + command_type);
200: }
201:
202: return FunctionTable.resultTable(context, 0);
203: }
204:
205: }
|