•  20-07-2023
  •  | 
  •  

Question

In general, I am familiar with MySQL but not with Python. I try to generate .py script which inserts an user with a hashed password into a mysql-database of the radius-server.

That's my script so far:

#!/usr/bin/python2.7

import sys
import MySQLdb
from passlib.hash import django_pbkdf2_sha256 as cryptohandler


def adduser(username, password_plain):
    password = cryptohandler.encrypt(password_plain)

    conn = MySQLdb.connect(host="localhost", port=3306, user="radius", passwd="radpass", db="radius")
    cursor = conn.cursor()
    if cursor.execute("SELECT op FROM radcheck WHERE username = %s", (username)):
        print 'FEHLER: User existiert bereits und kann daher nicht angelegt werden.'
        sys.exit(1)
    else:
        try:
            cursor.execute("INSERT INTO radcheck(username, attribute, op, value) VALUES(%s, 'Password', ':=', %s)", (username, password))
            conn.commit()
            print 'OK user '+ username +' successfully added with hash'+ password
            sys.exit(0)
        except:
            conn.rollback()
            print 'FEHLER query failed'
            sys.exit(1)

def main():
    adduser(sys.argv[1], sys.argv[2])


main()

The output is always "FEHLER query failed", the first query which looks up if an username is existing works fine.

The radcheck table:

id int(11) unsigned Null=No Key=Pri Default=Null Extra=auto_increment
username varchar(64) Null=No Key=Mul
attribute varchar(64) Null=No
op char(2) Null=No Default="=="
value varchar(253) Null=No

Executing the query in the mysql-command-line works fine.

Where is the error in my script? I thought it may be a too long hash, but the hash is only < 100 chars long. (But contains special characters such as the dollar $). Additionally I'd appreciate help how to debug python-sql-scripts in general!

Was it helpful?

Solution

The issue here is not your MySQL code but it is this try/except block:

try:
    cursor.execute("INSERT INTO radcheck(username, attribute, op, value) VALUES(%s, 'Password', ':=', %s)", (username, password))
    conn.commit()
    print 'OK user '+ username +' successfully added with hash'+ password
    sys.exit(0)
except:
    conn.rollback()
    print 'FEHLER query failed'
    sys.exit(1)

When you call sys.exit(0), it raises an exception called SystemExit. Since a bare except: catch statement catches SystemExit, this block will always be executed when you call sys.exit(0). To prevent this from happening, change your except: catch to:

except Exception as e:
    conn.rollback()
    print 'FEHLER query failed'
    sys.exit(1)

Even better is if you catch only MySQL errors with:

except MySQLdb.Error as e:
    conn.rollback()
    print 'FEHLER query failed'
    sys.exit(1)
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top