Now the challenge is: there are 2 functions. And there is a user who can only execute one of them. The question is how to do it?
If you just write: box.schema.user.grant ('user', 'execute', 'function', 'dima', nil, {if_not_exists = true}) then the user 'user' cannot connect at all. An error message is displayed: Execute access to universe '' is denied for user 'user'. How to provide access correctly?
box.once("schema", function()
box.schema.user.create('superuser', {password = '11111111'})
box.schema.user.create('user', {password = '11111111'})
box.schema.user.grant('superuser', 'read,write,execute','universe', nil, {if_not_exists = true})
box.schema.user.grant('user','execute','function','dima',nil, {if_not_exists = true})
end)
function reload(proc)
package.loaded[proc]=nil return require(proc)
end
ws = reload('project/init')
Function dima:
local obj={}
function obj.open()
return 'dima'
end
return obj
Function dima2:
local obj={}
function obj.open()
return 'dima2'
end
return obj
Init.lua:
obj = {}
collectgarbage('collect')
net = require('net.box')
fiber = require('fiber')
uuid = require('uuid')
-- modules
obj.dima = reload('project/dima')
obj.dima2 = reload('project/dima2')
return obj
In order to give access to only one function, you can do the following:
box.cfg({listen=3301})
foo = function() print("bar") end
box.schema.user.create('myuser', {if_not_exists=true, password = 'secret'})
-- setuid is required here so that the function, when called by user with
-- restricted rights, will have access to everything
box.schema.func.create('foo', {if_not_exists=true, setuid=true})
box.schema.user.grant('myuser', 'execute', 'function',
'foo', {if_not_exists=true})
Then open a separate tarantool prompt (not tarantoolctl! explanation below) and type this:
net_box = require('net.box')
c = net_box.connect('myuser:secret#localhost:3301')
c:call('foo')
Then you'll see "bar" printed in the first console.
The reason you see "Execute access to universe '' is denied for user 'user'" is because you try to connect with tarantoolctl, which requires read access to the whole database. It will be fine when called via connectors or net.box.
Related
Okay I am coding in lua a cheat for Roblox (just for fun).
But I created a function and the function got called!
I used the Library Kavo UI for the window.
But...
There is everything looks like in my code just that I change function() to combat()!
If I run this it doesn't show the UI!
But if I delete the function and the section it shows!
How do I fix it?
local Library = loadstring(game:HttpGet("https://raw.githubusercontent.com/xHeptc/Kavo-UI-Library/main/source.lua"))()
local Window = Library.CreateLib("Ghoster", "Synapse")
local Combat = Window:NewTab("Combat")
local Movement = Window:NewTab("Movement")
local Exploit = Window:NewTab("Exploits")
local CombatSection = Combat:NewSection("Combat Options")
local MovementSection = Movement:NewSection("Movement Options")
local ExploitSection = Exploit:NewSection("Exploit Options")
function aimbot()
loadstring(game:HttpGet(('https://gitlab.com/marsscripts/marsscripts/-/raw/master/CCAimbotV2'),true))()
end
CombatSection:NewButton("Aimbot", "Aims your enemies", aimbot()
print("Loaded Aimbot")
end
The problem lies in misunderstanding the following syntax:
CombatSection:NewButton("Aimbot", "Aims your enemies", function()
print("Loaded Aimbot")
end
CombatSection:NewButton receives 3 arguments, "Aimbot", "Aims your enemies" and an anonymous function.
Just to ilustrate what you did, let's put that anonymous function into a variable instead:
local yourFunction = function()
print("Loaded Aimbot")
end
And you changed that to (the invalid code)
local yourFunction = aimbot()
print("Loaded Aimbot")
end
What you actually wanted is to pass aimbot as a function:
CombatSection:NewButton("Aimbot", "Aims your enemies", aimbot)
Or call aimbot from within that anomynous function:
CombatSection:NewButton("Aimbot", "Aims your enemies", function()
aimbot()
print("Loaded Aimbot")
end
This is my code and I'm trying to get it so when a user does the add command, it stores their id and number they have used the command, but this isn't working, please can someone help.
num = 0
#client.command()
async def add(ctx):
global num
num += 1
await ctx.send('non')
mongo_url = "mongodb+=true&w=majority"
cluster = MongoClient(mongo_url)
db = cluster["mongo_url "]
collection = db["mongo_url "]
ping_cm = {"bank":num}
collection.insert_one(ping_cm)
I assume your mongo_url token is incorrect, it should have your name and password and db that you are storing it to, but you are accessing your token currently instead of your bank name, whatever that is called,
for example,
db = cluster["mongo_url "] #This has been set to your token, your mongo_url which won't do anything
You have used "bank" in other parts of your code, which is really confusing but I assume thats what you want to do and access, this will then store it in different rows for each user id who uses the command
num = 0
#client.command()
async def add(ctx):
global num
num += 1
await ctx.send('non')
mongo_url = "YOUR_MONGO_DATABASE_URL"
cluster = MongoClient(mongo_url)
db = cluster["bank"]
collection = db["bank"]
ping_cm = {"bank":num}
collection.insert_one(ping_cm)
await ctx.channel.send("Bank Updated!")
Make sure you are providing your mongo url "properly" otherwise the code won't be working at all they should look like this: eg.
EXAMPLE ONLY
mongo_url = "mongodb+srv://name:password#bank.9999000.mongodb.net/bank?retryWrites=true&w=majority" #EXAMPLE
You can get the URL when you go to the database you want to connect to, the click manage > db_url and copy that where I have included “YOUR_MONGO_DATABASE_URL" that should work if it is correct
I have two python files and each have one function :
a.py (This function is for oracle db connection)
def db_conection(username,password,dbname,encoding):
# print(username,password,dbname,encoding)
try:
connection = cx_Oracle.connect(username, password, dbname, encoding=encoding)
# show the version of the Oracle Database
print(connection.version)
except cx_Oracle.Error as error:
print(error)
finally:
# release the connection
if connection:
connection.close()
b.py
from a import *
def set_schema(user):
con = db_conection(username,password,dbname,encoding)
cur = con.cursor()
print(user)
cur.execute("""alter session set current_schema = {}""".format(user))
cur.close()
user = "ABCDE"
set_schema(user)
The problem/error i am facing when i try to execute set_schema function(b.py)
cur = con.cursor()
AttributeError: 'NoneType' object has no attribute 'cursor'
if i just run below statment in b.py for set_schema function it works
db_conection(username,password,dbname,encoding)
The direct "solution" is:
# a.py
def db_conection(username,password,dbname,encoding):
try:
connection = cx_Oracle.connect(username, password, dbname, encoding=encoding)
# show the version of the Oracle Database
print(connection.version)
return connection
except cx_Oracle.Error as error:
print(error)
and
# b.py
from a import *
def set_schema(user):
con = db_conection(username,password,dbname,encoding)
con.current_schema = user # more efficient then executing ALTER
user = "ABCDE"
set_schema(user)
Of course, once db_connection() has finished the connection will be closed, but hopefully you just gave example code to show your problem. You may want to look at subclassing.
If you are running multi-user, you could use a connection pool and use a session callback to set session attributes.
here is a part of my perl cgi script (which is working..):
use Net::LDAP;
use Net::LDAP::Entry;
...
$edn = "DC=xyz,DC=com";
$quser ="(&(objectClass=user)(cn=$username))";
$ad = Net::LDAP->new("ip_address...");
$ldap_msg=$ad->bind("$username\#xyz.com", password=>$password);
my $result = $ad->search( base=>$edn,
scope=>"sub",
filter=>$quser);
my $entry;
my $myname;
my $emailad;
my #entries = $result->entries;
foreach $entry (#entries) {
$myname = $entry->get_value("givenName");
$emailad = $entry->get_value("mail");
}
So basically, there is no admin/manager account for AD, users credentials are used for binding. I need to implement the same thing in grails..
+Is there a way to configure the plugin to search several ADs, I know I can add more ldap IPs in context.server but for each server I need a different search base...
++ I dont wanna use my DB, just AD. User logins through ldap > I get his email, and use the email for another ldap query but that will probably be another topic :)
Anyway the code so far is:
grails.plugin.springsecurity.ldap.context.managerDn = ''
grails.plugin.springsecurity.ldap.context.managerPassword = ''
grails.plugin.springsecurity.ldap.context.server = 'ldap://address:389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'DC=xyz,DC=com'
grails.plugin.springsecurity.ldap.authenticator.useBind=true
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugin.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn =
['mail', 'givenName']
grails.plugin.springsecurity.providerNames=
['ldapAuthProvider',anonymousAuthenticationProvider']
grails.plugin.springsecurity.ldap.useRememberMe = false
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchBase ='DC=xyz,DC=com'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
And the error code is: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1
And it's the same code for any user/pass I try :/
Heeeeelp! :)
The most important thing with grails and AD is to use ActiveDirectoryLdapAuthenticationProvider rather than LdapAuthenticationProvider as it will save a world of pain. To do this, just make the following changes:
In resources.groovy:
// Domain 1
ldapAuthProvider1(ActiveDirectoryLdapAuthenticationProvider,
"mydomain.com",
"ldap://mydomain.com/"
)
// Domain 2
ldapAuthProvider2(ActiveDirectoryLdapAuthenticationProvider,
"mydomain2.com",
"ldap://mydomain2.com/"
)
In Config.groovy:
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider1', 'ldapAuthProvider2']
This is all the code you need. You can pretty much remove all other grails.plugin.springsecurity.ldap.* settings in Config.groovy as they don't apply to this AD setup.
Documentation:
http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ldap-active-directory
My app needs to write (and move) files to a folder from a non-admin user, and that user has no permission to use that folder.
I tried changing the permissions for the folder but it doesn't appear to have an effect.
Are there built-in restrictions from allowing me to do that?
What I do is write to Documents and then attempt to move file to final folder, which fails...
Thanks for any answers!
Here is the code:
Dim t as TextOutputStream
Dim tempfile as FolderItem = SpecialFolder.Documents.Child(filePath.Name)
t = tempfile.CreateTextFile
t.Write fileData
t.close
Dim p as New Permissions( 0 )
p.OthersExecute = True
p.OthersWrite = True
p.OthersRead = True
filePath.Parent.Permissions = p
tempfile.MoveFileTo filePath.Parent
The OS is designed to STOP this sort of thing as it's a huge security hole otherwise
You could use one of the functions in the Monkeybread Software plugin, AuthorizationMBS, to allow authorization, assuming the user can elevate the security level. In a class of mine that has to get into a System location, I have this:
Protected Function mbsAuthorize() As boolean
dim a as AuthorizationMBS
dim s(2) as String
if mbsAuthorized then
mbsForm = mbsAuth.ExternalForm
Return true
else
a = New AuthorizationMBS
If a.NewAuthorization(nil, a.kAuthorizationFlagPreAuthorize) Then
a.SimpleAuthorize
if a.Authorized then
mbsAuth=a // save so the externalform doesn't get invalid
mbsForm=a.ExternalForm // copy to string for later use.
Return true
end if
else
break
End if
end
return false
End Function
The class has these properties:
mbsForm as string
mbsAuth as AuthorizationMBS