Fixes require ssl in combination with other privileges

Fixes require ssl in combination with grant option

Refactoring: code cleanup to make it easier to understand

Code rewritten inspired by @willthames

Added WITH GRANT OPTION as exception; when only REQUIRESSL and/or GRANT are specified we have to add USAGE
This commit is contained in:
Mark van Driel 2015-09-29 12:37:44 +02:00
parent 653b55bf68
commit 0890aab41b

View file

@ -339,9 +339,9 @@ def privileges_unpack(priv):
if '*.*' not in output: if '*.*' not in output:
output['*.*'] = ['USAGE'] output['*.*'] = ['USAGE']
# if we are only specifying something like REQUIRESSL in *.* we still need # if we are only specifying something like REQUIRESSL and/or GRANT (=WITH GRANT OPTION) in *.*
# to add USAGE as a privilege to avoid syntax errors # we still need to add USAGE as a privilege to avoid syntax errors
if priv.find('REQUIRESSL') != -1 and 'USAGE' not in output['*.*']: if 'REQUIRESSL' in priv and not set(output['*.*']).difference(set('GRANT', 'REQUIRESSL')):
output['*.*'].append('USAGE') output['*.*'].append('USAGE')
return output return output
@ -367,10 +367,10 @@ def privileges_grant(cursor, user,host,db_table,priv):
priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')]) priv_string = ",".join([p for p in priv if p not in ('GRANT', 'REQUIRESSL')])
query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))] query = ["GRANT %s ON %s" % (priv_string, mysql_quote_identifier(db_table, 'table'))]
query.append("TO %s@%s") query.append("TO %s@%s")
if 'GRANT' in priv:
query.append("WITH GRANT OPTION")
if 'REQUIRESSL' in priv: if 'REQUIRESSL' in priv:
query.append("REQUIRE SSL") query.append("REQUIRE SSL")
if 'GRANT' in priv:
query.append("WITH GRANT OPTION")
query = ' '.join(query) query = ' '.join(query)
cursor.execute(query, (user, host)) cursor.execute(query, (user, host))