From 0890aab41b8eaa12e7752e165fb8344bef98896a Mon Sep 17 00:00:00 2001 From: Mark van Driel Date: Tue, 29 Sep 2015 12:37:44 +0200 Subject: [PATCH] Fixes require ssl in combination with other privileges Fixes require ssl in combination with grant option Refactoring: code cleanup to make it easier to understand Code rewritten inspired by @willthames Added WITH GRANT OPTION as exception; when only REQUIRESSL and/or GRANT are specified we have to add USAGE --- database/mysql/mysql_user.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/database/mysql/mysql_user.py b/database/mysql/mysql_user.py index 1ea54b41b3a..79dee70a3f0 100644 --- a/database/mysql/mysql_user.py +++ b/database/mysql/mysql_user.py @@ -339,9 +339,9 @@ def privileges_unpack(priv): if '*.*' not in output: output['*.*'] = ['USAGE'] - # if we are only specifying something like REQUIRESSL in *.* we still need - # to add USAGE as a privilege to avoid syntax errors - if priv.find('REQUIRESSL') != -1 and 'USAGE' not in output['*.*']: + # if we are only specifying something like REQUIRESSL and/or GRANT (=WITH GRANT OPTION) in *.* + # we still need to add USAGE as a privilege to avoid syntax errors + if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set('GRANT', 'REQUIRESSL')): output['*.*'].append('USAGE') return output @@ -367,10 +367,10 @@ def privileges_grant(cursor, user,host,db_table,priv): priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')]) query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))] query.append("TO %s@%s") - if 'GRANT' in priv: - query.append("WITH GRANT OPTION") if 'REQUIRESSL' in priv: query.append("REQUIRE SSL") + if 'GRANT' in priv: + query.append("WITH GRANT OPTION") query = ' '.join(query) cursor.execute(query, (user, host))