From 733693ffdc6af7dd62553e7eb0ca14e1bec14206 Mon Sep 17 00:00:00 2001
From: Stijn Opheide <stijn@webcomrades.com>
Date: Wed, 24 Oct 2012 14:32:49 +0200
Subject: [PATCH] - removed space escapes from MySQL SHOW GRANTS regex - proper
 checking for with grant option (if this is not the only option the user has)
 - added revoking of grant option

---
 library/mysql_user | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/library/mysql_user b/library/mysql_user
index 0f3b8b6897d..9b6e7946b5a 100755
--- a/library/mysql_user
+++ b/library/mysql_user
@@ -170,12 +170,12 @@ def privileges_get(cursor, user,host):
     cursor.execute("SHOW GRANTS FOR %s@%s", (user,host))
     grants = cursor.fetchall()
     for grant in grants:
-        res = re.match("GRANT\ (.+)\ ON\ (.+)\ TO\ '.+'@'.+'[\ IDENTIFIED\ BY\ PASSWORD\ '.+']?\ ?(.*)", grant[0])
+        res = re.match("GRANT (.+) ON (.+) TO '.+'@'.+'( IDENTIFIED BY PASSWORD '.+')? ?(.*)", grant[0])
         if res is None:
             module.fail_json(msg="unable to parse the MySQL grant string")
         privileges = res.group(1).split(", ")
         privileges = ['ALL' if x=='ALL PRIVILEGES' else x for x in privileges]
-        if res.group(3) == "WITH GRANT OPTION":
+        if "WITH GRANT OPTION" in res.group(4):
           privileges.append('GRANT')
         db = res.group(2).replace('`', '')
         output[db] = privileges
@@ -205,6 +205,8 @@ def privileges_unpack(priv):
 def privileges_revoke(cursor, user,host,db_table):
     query = "REVOKE ALL PRIVILEGES ON %s FROM '%s'@'%s'" % (db_table,user,host)
     cursor.execute(query)
+    query = "REVOKE GRANT OPTION ON %s FROM '%s'@'%s'" % (db_table,user,host)
+    cursor.execute(query)
 
 def privileges_grant(cursor, user,host,db_table,priv):