From 839d42c39b7cbe3e54e489d68e0af4a95bfb5a6e Mon Sep 17 00:00:00 2001
From: Martin Winkler <efelon@winklerfamilie.eu>
Date: Thu, 27 Jan 2022 10:17:52 +0100
Subject: [PATCH] Multiple enhancements about database creation

New steps to revoke and show privileges
---
 seqs/mysql.sh | 175 ++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 155 insertions(+), 20 deletions(-)

diff --git a/seqs/mysql.sh b/seqs/mysql.sh
index 1d43af6..3f32f66 100755
--- a/seqs/mysql.sh
+++ b/seqs/mysql.sh
@@ -6,6 +6,7 @@ databaseName="mariadb"
 databasePackages="mariadb-server mariadb-client"
 dbName=
 dbUser=
+dbRemote=localhost
 dbPass=
 
 step_1_info() { 
@@ -52,14 +53,16 @@ step_8() {
   exep "curl -sS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --skip-maxscale --skip-tools"
 }
 
-step_10_info() { 
+step_10_info() {
   echoinfoArgs "[OPTIONS]"
   echo "Create mysql database without specific characterset"
   echoinfo " [OPTIONS]"
   echoinfo "   --charset,-c <utf8|utf8mb4> : character set and collate"
   echoinfo "   --database, -d              : database name"
+  echoinfo " [OPTIONS] used in following steps"
   echoinfo "   --user, -u                  : user name"
   echoinfo "                                 Manual password entry for non existing user"
+  echoinfo "   --remote, -r                : ip of allowed remote host"
 }
 step_10_alias() { ALIAS="createdb"; }
 step_10() {
@@ -78,6 +81,9 @@ step_10() {
       --user|-u)
         dbUser="$2"
         shift 2 ;;
+      --remote|-r)
+        dbRemote="$2"
+        shift 2 ;; 
        *)
         break ;;
     esac
@@ -101,6 +107,39 @@ step_10() {
   endCheckEmpty dbName "database name"
   exe mysql -u root -e 'CREATE DATABASE '$dbName' '"$dbOption"';'
   endReturn -o $? "Cannot create database $dbName"
+}
+
+step_11_info() { 
+  echoinfoArgs "[OPTIONS]"
+  echo "Create mysql user"
+  echoinfo " [OPTIONS]"
+  echoinfo "   --user, -u    : user name"
+  echoinfo "                   with manual password entry for non existing user"
+  echoinfo "   --remote, -r  : ip of allowed remote host"
+}
+step_11_alias() { ALIAS="createuser"; }
+step_11() {
+  local arg
+  
+  shift
+  for arg in "$@" ; do
+    case "$1" in
+      --charset|-c)
+        dbOption="$2"
+        shift 2;;
+      --database|-d)
+        dbName="$2"
+        shift 2 ;;
+      --user|-u)
+        dbUser="$2"
+        shift 2 ;;
+      --remote|-r)
+        dbRemote="$2"
+        shift 2 ;; 
+       *)
+        break ;;
+    esac
+  done
 
   if [ -z "$dbUser" ] ; then
     echo " [I] Existing mysql user:"
@@ -109,40 +148,136 @@ step_10() {
   fi
   endCheckEmpty dbUser "user name"
 
-  if ! echo "SELECT COUNT(*) FROM mysql.user WHERE user = '$dbUser';" | mysql | grep 1 &>/dev/null; then
+  if ! echo "SELECT COUNT(*) FROM mysql.user WHERE user = '$dbUser' AND host = '$dbRemote';" | mysql | grep 1 &>/dev/null; then
     # User does not exist
-    read -s -p "Enter mysql user password: " dbPass
-    endCheckEmpty dbPass "password"
-    exe mysql -u root -e 'CREATE USER '"'"$dbUser"'"'@'"'"'localhost'"'"' IDENTIFIED BY '"'"$dbPass"'"';'
+    if [ $DRY -eq 0 ]; then
+      read -s -p "Enter mysql user password: " dbPass
+      endCheckEmpty dbPass "password"
+    else
+      echoseq "Enter mysql password: ...skipped..."
+    fi
+    exe mysql -u root -e 'CREATE USER '"'"$dbUser"'"'@'"'"$dbRemote"'"' IDENTIFIED BY '"'"$dbPass"'"';'
     endReturn -o $? "Error creating mysql user"
   fi
+}
 
-  exe mysql -u root -e 'GRANT ALL PRIVILEGES ON '$dbName'.* TO '"'"$dbUser"'"'@'"'"'localhost'"'"';'
+step_12_info() { 
+  echoinfoArgs "[OPTIONS]"
+  echo "Grant privileges"
+  echoinfo " [OPTIONS]"
+  echoinfo "   --database, -d  : 'database name'.*"
+  echoinfo "   --user, -u      : user name"
+  echoinfo "   --remote, -r    : ip of allowed remote host"
+}
+step_12_alias() { ALIAS="grant"; }
+step_12() {
+  local arg
+  
+  shift
+  for arg in "$@" ; do
+    case "$1" in
+      --charset|-c)
+        dbOption="$2"
+        shift 2;;
+      --database|-d)
+        dbName="$2"
+        shift 2 ;;
+      --user|-u)
+        dbUser="$2"
+        shift 2 ;;
+      --remote|-r)
+        dbRemote="$2"
+        shift 2 ;; 
+       *)
+        break ;;
+    esac
+  done
+
+  exe mysql -u root -e 'GRANT ALL PRIVILEGES ON '$dbName'.* TO '"'"$dbUser"'"'@'"'"$dbRemote"'"';'
   endReturn -o $? "Error assigning privileges on database"
 
   exe mysql -u root -e 'FLUSH PRIVILEGES;'
 }
 
-step_14_info() { echo "List mysql databases"; }
-step_14_alias() { ALIAS="listdb"; }
+step_14_info() { 
+  echoinfoArgs "[OPTIONS]"
+  echo "Revoke all granted privilegs"
+  echoinfo " [OPTIONS]"
+  echoinfo "   --user, -u    : user name"
+  echoinfo "   --remote, -r  : ip of allowed remote host"
+}
+step_14_alias() { ALIAS="revokeall"; }
 step_14() {
+  local arg
+  
+  shift
+  for arg in "$@" ; do
+    case "$1" in
+      --user|-u)
+        dbUser="$2"
+        shift 2 ;;
+      --remote|-r)
+        dbRemote="$2"
+        shift 2 ;; 
+       *)
+        break ;;
+    esac
+  done
+
+  exe mysql -u root -e 'REVOKE ALL, GRANT OPTION FROM '"'"$dbUser"'"'@'"'"$dbRemote"'"';'
+  endReturn -o $? "Error revoking privileges for user $dbUser"
+
+  exe mysql -u root -e 'FLUSH PRIVILEGES;'
+}
+
+step_30_info() { echo "List mysql databases"; }
+step_30_alias() { ALIAS="listdb"; }
+step_30() {
   exe mysql -u root -e 'SHOW DATABASES;'
   echo -e "\nDrop userdb by: mysql -u root -e 'DROP DATABASE userdb;'"
 }
 
-step_16_info() { echo "List mysql user"; }
-step_16_alias() { ALIAS="listuser"; }
-step_16() {
+step_32_info() { echo "List mysql user"; }
+step_32_alias() { ALIAS="listuser"; }
+step_32() {
   exe mysql -u root -e 'SELECT User, Host FROM mysql.user;'
   echo -e "\nDrop dbuser by: mysql -u root -e 'DROP USER dbuser@localhost;'"
 }
 
-step_18_info() { 
+step_34_info() { 
+  echoinfoArgs "[OPTIONS]"
+  echo "Show privileges"
+  echoinfo " [OPTIONS]"
+  echoinfo "   --user, -u      : user name"
+  echoinfo "   --remote, -r    : ip of allowed remote host"
+}
+step_34_alias() { ALIAS="listprivileges"; }
+step_34() {
+  local arg
+  
+  shift
+  for arg in "$@" ; do
+    case "$1" in
+      --user|-u)
+        dbUser="$2"
+        shift 2 ;;
+      --remote|-r)
+        dbRemote="$2"
+        shift 2 ;; 
+       *)
+        break ;;
+    esac
+  done
+
+  exe mysql -u root -e 'SHOW GRANTS FOR '"'"$dbUser"'"'@'"'"$dbRemote"'"';'
+}
+
+step_36_info() { 
   echoinfoArgs "[DATABASE_NAME]"
   echo "Size of database"
 }
-step_18_alias() { ALIAS="sizedb"; }
-step_18() {
+step_36_alias() { ALIAS="sizedb"; }
+step_36() {
   if [ -z "$2" ]; then
     echo "Please provide a database name. e.g. $0 sizedb mydb_db"
   else
@@ -154,12 +289,12 @@ step_18() {
   fi
 }
 
-step_20_info() { 
+step_50_info() { 
   echoinfoArgs "<DATABASE NAME> <TARGET DIR>"
   echo "Backup (dump) a mysql database"
 }
-step_20_alias() { ALIAS="backup"; }
-step_20() {
+step_50_alias() { ALIAS="backup"; }
+step_50() {
   shift # step number not used
   if [ -z $1 ] ; then
     echoerr " [E] No database name provided"
@@ -177,9 +312,9 @@ step_20() {
   endReturn -o $? "Error creating $dbName backup"
 }
 
-step_22_info() { echo "Restore a mysql database"; }
-step_22_alias() { ALIAS="restore"; }
-step_22() {
+step_52_info() { echo "Restore a mysql database"; }
+step_52_alias() { ALIAS="restore"; }
+step_52() {
   echo "Restore with:"
   echo "  mysql -e \"DROP DATABASE nextcloud_db\""
   echo "  mysql -e \"CREATE DATABASE nextcloud_db\""