[dak/master] convert import_users_from_passwd to new DB API
Signed-off-by: Mark Hymers <mhy@debian.org>
---
dak/import_users_from_passwd.py | 45 ++++++++++++++++++++++----------------
1 files changed, 26 insertions(+), 19 deletions(-)
diff --git a/dak/import_users_from_passwd.py b/dak/import_users_from_passwd.py
index d38a3c9..07c6193 100755
--- a/dak/import_users_from_passwd.py
+++ b/dak/import_users_from_passwd.py
@@ -29,14 +29,15 @@
################################################################################
-import pg, pwd, sys
+import pwd
+import sys
+import re
import apt_pkg
-from daklib import utils
-################################################################################
+from daklib.config import Config
+from daklib.dbconn import *
+from daklib import utils
-Cnf = None
-projectB = None
################################################################################
def usage (exit_code=0):
@@ -52,20 +53,18 @@ Sync PostgreSQL's users with system users.
################################################################################
def main ():
- global Cnf, projectB
-
- Cnf = utils.get_conf()
+ cnf = Config()
Arguments = [('n', "no-action", "Import-Users-From-Passwd::Options::No-Action"),
('q', "quiet", "Import-Users-From-Passwd::Options::Quiet"),
('v', "verbose", "Import-Users-From-Passwd::Options::Verbose"),
('h', "help", "Import-Users-From-Passwd::Options::Help")]
for i in [ "no-action", "quiet", "verbose", "help" ]:
- if not Cnf.has_key("Import-Users-From-Passwd::Options::%s" % (i)):
- Cnf["Import-Users-From-Passwd::Options::%s" % (i)] = ""
+ if not cnf.has_key("Import-Users-From-Passwd::Options::%s" % (i)):
+ cnf["Import-Users-From-Passwd::Options::%s" % (i)] = ""
- arguments = apt_pkg.ParseCommandLine(Cnf,Arguments,sys.argv)
- Options = Cnf.SubTree("Import-Users-From-Passwd::Options")
+ arguments = apt_pkg.ParseCommandLine(cnf.Cnf, Arguments, sys.argv)
+ Options = cnf.SubTree("Import-Users-From-Passwd::Options")
if Options["Help"]:
usage()
@@ -73,8 +72,8 @@ def main ():
utils.warn("dak import-users-from-passwd takes no non-option arguments.")
usage(1)
- projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"]))
- valid_gid = int(Cnf.get("Import-Users-From-Passwd::ValidGID",""))
+ session = DBConn().session()
+ valid_gid = int(cnf.get("Import-Users-From-Passwd::ValidGID",""))
passwd_unames = {}
for entry in pwd.getpwall():
@@ -87,14 +86,13 @@ def main ():
passwd_unames[uname] = ""
postgres_unames = {}
- q = projectB.query("SELECT usename FROM pg_user")
- ql = q.getresult()
- for i in ql:
+ q = session.execute("SELECT usename FROM pg_user")
+ for i in q.fetchall():
uname = i[0]
postgres_unames[uname] = ""
known_postgres_unames = {}
- for i in Cnf.get("Import-Users-From-Passwd::KnownPostgres","").split(","):
+ for i in cnf.get("Import-Users-From-Passwd::KnownPostgres","").split(","):
uname = i.strip()
known_postgres_unames[uname] = ""
@@ -106,12 +104,21 @@ def main ():
keys = passwd_unames.keys()
keys.sort()
+ safe_name = re.compile('^[A-Za-z0-9]+$')
for uname in keys:
if not postgres_unames.has_key(uname):
if not Options["Quiet"]:
print "Creating %s user in Postgres." % (uname)
if not Options["No-Action"]:
- q = projectB.query('CREATE USER "%s"' % (uname))
+ if safe_name.match(uname):
+ # NB: I never figured out how to use a bind parameter for this query
+ # XXX: Fix this as it looks like a potential SQL injection attack to me
+ # (hence the safe_name match we do)
+ q = session.execute('CREATE USER "%s"' % (uname))
+ else:
+ print "NOT CREATING USER %s. Doesn't match safety regex" % uname
+
+ session.commit()
#######################################################################################
--
1.5.6.5
Reply to: