/**
* Add a new user to MedSavant.
*
* @param sessID the session we're logged in as
* @param user the user to add
* @param pass the password
* @param level the user's level
* @throws SQLException
*/
@Override
public synchronized void addUser(String sessID, String user, char[] pass, UserLevel level)
throws SQLException, SessionExpiredException {
PooledConnection conn = ConnectionController.connectPooled(sessID);
try {
if (user.startsWith(DATABASE_USER_KEY_PREFIX)) {
throw new SQLException("Can't create user " + user + " -- illegal username");
}
// TODO: Transactions aren't supported for MyISAM, so this has no effect.
conn.setAutoCommit(false);
conn.executePreparedUpdate("CREATE USER ?@'%' IDENTIFIED BY ?", user, new String(pass));
grantPrivileges(sessID, user, level);
conn.commit();
} catch (SQLException sqlx) {
conn.rollback();
throw sqlx;
} finally {
for (int i = 0; i < pass.length; i++) {
pass[i] = 0;
}
conn.setAutoCommit(true);
conn.close();
}
}
@Override
public synchronized void changePassword(
String sessID, String userName, char[] oldPass, char[] newPass)
throws SQLException, RemoteException, SessionExpiredException {
PooledConnection conn = ConnectionController.connectPooled(sessID);
try {
conn.setAutoCommit(true);
// Check that old password is valid.
ConnectionController.revalidate(userName, new String(oldPass), sessID);
// TODO: Check the new password against the current mysql password policy.
// Change the password
conn.executePreparedUpdate("SET PASSWORD FOR ? = PASSWORD(?)", userName, new String(newPass));
} finally {
for (int i = 0; i < oldPass.length; ++i) {
oldPass[i] = 0;
}
for (int i = 0; i < newPass.length; ++i) {
newPass[i] = 0;
}
conn.close();
}
}
