|
|
|
@ -245,7 +245,7 @@ def user_mod(cursor, user, host, password, new_priv, append_privs):
|
|
|
|
grant_option = True
|
|
|
|
grant_option = True
|
|
|
|
if db_table not in new_priv:
|
|
|
|
if db_table not in new_priv:
|
|
|
|
if user != "root" and "PROXY" not in priv and not append_privs:
|
|
|
|
if user != "root" and "PROXY" not in priv and not append_privs:
|
|
|
|
privileges_revoke(cursor, user,host,db_table,grant_option)
|
|
|
|
privileges_revoke(cursor, user,host,db_table,priv,grant_option)
|
|
|
|
changed = True
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
|
|
|
|
# If the user doesn't currently have any privileges on a db.table, then
|
|
|
|
# If the user doesn't currently have any privileges on a db.table, then
|
|
|
|
@ -262,7 +262,7 @@ def user_mod(cursor, user, host, password, new_priv, append_privs):
|
|
|
|
priv_diff = set(new_priv[db_table]) ^ set(curr_priv[db_table])
|
|
|
|
priv_diff = set(new_priv[db_table]) ^ set(curr_priv[db_table])
|
|
|
|
if (len(priv_diff) > 0):
|
|
|
|
if (len(priv_diff) > 0):
|
|
|
|
if not append_privs:
|
|
|
|
if not append_privs:
|
|
|
|
privileges_revoke(cursor, user,host,db_table,grant_option)
|
|
|
|
privileges_revoke(cursor, user,host,db_table,curr_priv[db_table],grant_option)
|
|
|
|
privileges_grant(cursor, user,host,db_table,new_priv[db_table])
|
|
|
|
privileges_grant(cursor, user,host,db_table,new_priv[db_table])
|
|
|
|
changed = True
|
|
|
|
changed = True
|
|
|
|
|
|
|
|
|
|
|
|
@ -342,7 +342,7 @@ def privileges_unpack(priv):
|
|
|
|
|
|
|
|
|
|
|
|
return output
|
|
|
|
return output
|
|
|
|
|
|
|
|
|
|
|
|
def privileges_revoke(cursor, user,host,db_table,grant_option):
|
|
|
|
def privileges_revoke(cursor, user,host,db_table,priv,grant_option):
|
|
|
|
# Escape '%' since mysql db.execute() uses a format string
|
|
|
|
# Escape '%' since mysql db.execute() uses a format string
|
|
|
|
db_table = db_table.replace('%', '%%')
|
|
|
|
db_table = db_table.replace('%', '%%')
|
|
|
|
if grant_option:
|
|
|
|
if grant_option:
|
|
|
|
@ -350,7 +350,8 @@ def privileges_revoke(cursor, user,host,db_table,grant_option):
|
|
|
|
query.append("FROM %s@%s")
|
|
|
|
query.append("FROM %s@%s")
|
|
|
|
query = ' '.join(query)
|
|
|
|
query = ' '.join(query)
|
|
|
|
cursor.execute(query, (user, host))
|
|
|
|
cursor.execute(query, (user, host))
|
|
|
|
query = ["REVOKE ALL PRIVILEGES ON %s" % mysql_quote_identifier(db_table, 'table')]
|
|
|
|
priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')])
|
|
|
|
|
|
|
|
query = ["REVOKE %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))]
|
|
|
|
query.append("FROM %s@%s")
|
|
|
|
query.append("FROM %s@%s")
|
|
|
|
query = ' '.join(query)
|
|
|
|
query = ' '.join(query)
|
|
|
|
cursor.execute(query, (user, host))
|
|
|
|
cursor.execute(query, (user, host))
|
|
|
|
@ -359,7 +360,7 @@ def privileges_grant(cursor, user,host,db_table,priv):
|
|
|
|
# Escape '%' since mysql db.execute uses a format string and the
|
|
|
|
# Escape '%' since mysql db.execute uses a format string and the
|
|
|
|
# specification of db and table often use a % (SQL wildcard)
|
|
|
|
# specification of db and table often use a % (SQL wildcard)
|
|
|
|
db_table = db_table.replace('%', '%%')
|
|
|
|
db_table = db_table.replace('%', '%%')
|
|
|
|
priv_string = ",".join(filter(lambda x: x not in [ 'GRANT', 'REQUIRESSL' ], priv))
|
|
|
|
priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')])
|
|
|
|
query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))]
|
|
|
|
query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))]
|
|
|
|
query.append("TO %s@%s")
|
|
|
|
query.append("TO %s@%s")
|
|
|
|
if 'GRANT' in priv:
|
|
|
|
if 'GRANT' in priv:
|
|
|
|
|
Toshio Kuratomi
10 years ago