From 0890aab41b8eaa12e7752e165fb8344bef98896a Mon Sep 17 00:00:00 2001
From: Mark van Driel <mvdriel@nlware.com>
Date: Tue, 29 Sep 2015 12:37:44 +0200
Subject: [PATCH 1/2] Fixes require ssl in combination with other privileges

Fixes require ssl in combination with grant option

Refactoring: code cleanup to make it easier to understand

Code rewritten inspired by @willthames

Added WITH GRANT OPTION as exception; when only REQUIRESSL and/or GRANT are specified we have to add USAGE
---
 database/mysql/mysql_user.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/database/mysql/mysql_user.py b/database/mysql/mysql_user.py
index 1ea54b41b3a..79dee70a3f0 100644
--- a/database/mysql/mysql_user.py
+++ b/database/mysql/mysql_user.py
@@ -339,9 +339,9 @@ def privileges_unpack(priv):
     if '*.*' not in output:
         output['*.*'] = ['USAGE']
 
-    # if we are only specifying something like REQUIRESSL in *.* we still need
-    # to add USAGE as a privilege to avoid syntax errors
-    if priv.find('REQUIRESSL') != -1 and 'USAGE' not in output['*.*']:
+    # if we are only specifying something like REQUIRESSL and/or GRANT (=WITH GRANT OPTION) in *.*
+    # we still need to add USAGE as a privilege to avoid syntax errors
+    if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set('GRANT', 'REQUIRESSL')):
         output['*.*'].append('USAGE')
 
     return output
@@ -367,10 +367,10 @@ def privileges_grant(cursor, user,host,db_table,priv):
     priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')])
     query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))]
     query.append("TO %s@%s")
-    if 'GRANT' in priv:
-        query.append("WITH GRANT OPTION")
     if 'REQUIRESSL' in priv:
         query.append("REQUIRE SSL")
+    if 'GRANT' in priv:
+        query.append("WITH GRANT OPTION")
     query = ' '.join(query)
     cursor.execute(query, (user, host))
 

From 9da92bfba0824eacc6955125eae18ba590efd855 Mon Sep 17 00:00:00 2001
From: Mark van Driel <mvdriel@nlware.com>
Date: Wed, 6 Jan 2016 11:53:06 +0100
Subject: [PATCH 2/2] Fixed "invalid privileges string: set expected at most 1
 arguments, got 2"

---
 database/mysql/mysql_user.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/database/mysql/mysql_user.py b/database/mysql/mysql_user.py
index 79dee70a3f0..06509fdf18b 100644
--- a/database/mysql/mysql_user.py
+++ b/database/mysql/mysql_user.py
@@ -341,7 +341,7 @@ def privileges_unpack(priv):
 
     # if we are only specifying something like REQUIRESSL and/or GRANT (=WITH GRANT OPTION) in *.*
     # we still need to add USAGE as a privilege to avoid syntax errors
-    if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set('GRANT', 'REQUIRESSL')):
+    if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set(['GRANT', 'REQUIRESSL'])):
         output['*.*'].append('USAGE')
 
     return output