Feb-18-2019, 03:39 PM
I'm creating a script called rootrun, it runs things as root that were put in a MySQL database but only if they match regular expressions in the database. It should be telling me "hello word" but it doesn't.
The database is pretty simple:
Here is the script which uses that database, but doesn't seem to be working. It doesn't return any output like it should.
The database is pretty simple:
MariaDB [rootrun]> SHOW TABLES; +-------------------+ | Tables_in_rootrun | +-------------------+ | allowed | | operations | +-------------------+ 2 rows in set (0.001 sec) MariaDB [rootrun]> SELECT * FROM allowed; +----+------+ | id | rule | +----+------+ | 1 | (.*) | +----+------+ 1 row in set (0.000 sec) MariaDB [rootrun]> SELECT * FROM operations; +----+------------------+ | id | oper | +----+------------------+ | 1 | echo hello world | +----+------------------+ 1 row in set (0.000 sec)Keep in mind the regexp there is meant to just let everything through for now.
Here is the script which uses that database, but doesn't seem to be working. It doesn't return any output like it should.
#!/usr/bin/python3 import mysql.connector import re import os global mydb mydb = mysql.connector.connect( host="localhost", user="rootrun", passwd="4tFZYUfey8Lv5Vg3Gc7q8XE4", database="rootrun") def allowExec(rootcmd): global mydb; cursor = mydb.cursor() cursor.execute("SELECT rule FROM allowed") result = cursor.fetchall() itran = False for rule in result: if (re.match(str(rule), str(rootcmd))): if (itran == False): os.system(rootcmd) itran = True def runOperations(): cursor = mydb.cursor() cursor.execute("SELECT id FROM operations") result = cursor.fetchall() for operid in result: cursor.execute("SELECT oper FROM operations WHERE id=\'" + str(operid) +"'") operation = cursor.fetchall() allowExec(operation) cursor.execute("DELETE FROM operations WHERE id=\'" + str(operid) +"'") runOperations()