From 049e14e7d17120d2d50f9252ebd98ac0a27e9b99 Mon Sep 17 00:00:00 2001 From: Stijn Opheide Date: Thu, 18 Oct 2012 19:27:18 +0200 Subject: [PATCH 1/2] added the GRANT privilege for a mysql user (WITH GRANT OPTION) --- mysql_user | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/mysql_user b/mysql_user index 7194b9f3606..0f3b8b6897d 100755 --- a/mysql_user +++ b/mysql_user @@ -170,11 +170,13 @@ def privileges_get(cursor, user,host): cursor.execute("SHOW GRANTS FOR %s@%s", (user,host)) grants = cursor.fetchall() for grant in grants: - res = re.match("GRANT\ (.+)\ ON\ (.+)\ TO", grant[0]) + res = re.match("GRANT\ (.+)\ ON\ (.+)\ TO\ '.+'@'.+'[\ IDENTIFIED\ BY\ PASSWORD\ '.+']?\ ?(.*)", grant[0]) if res is None: module.fail_json(msg="unable to parse the MySQL grant string") privileges = res.group(1).split(", ") privileges = ['ALL' if x=='ALL PRIVILEGES' else x for x in privileges] + if res.group(3) == "WITH GRANT OPTION": + privileges.append('GRANT') db = res.group(2).replace('`', '') output[db] = privileges return output @@ -205,8 +207,12 @@ def privileges_revoke(cursor, user,host,db_table): cursor.execute(query) def privileges_grant(cursor, user,host,db_table,priv): - priv_string = ",".join(priv) + + priv_string = ",".join(filter(lambda x: x != 'GRANT', priv)) query = "GRANT %s ON %s TO '%s'@'%s'" % (priv_string,db_table,user,host) + if 'GRANT' in priv: + query = query + " WITH GRANT OPTION" + cursor.execute(query) def load_mycnf(): From a090d6cef7d90c4634fc7d11bde971428d442035 Mon Sep 17 00:00:00 2001 From: Stijn Opheide Date: Wed, 24 Oct 2012 14:32:49 +0200 Subject: [PATCH 2/2] - removed space escapes from MySQL SHOW GRANTS regex - proper checking for with grant option (if this is not the only option the user has) - added revoking of grant option --- mysql_user | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mysql_user b/mysql_user index 0f3b8b6897d..9b6e7946b5a 100755 --- a/mysql_user +++ b/mysql_user @@ -170,12 +170,12 @@ def privileges_get(cursor, user,host): cursor.execute("SHOW GRANTS FOR %s@%s", (user,host)) grants = cursor.fetchall() for grant in grants: - res = re.match("GRANT\ (.+)\ ON\ (.+)\ TO\ '.+'@'.+'[\ IDENTIFIED\ BY\ PASSWORD\ '.+']?\ ?(.*)", grant[0]) + res = re.match("GRANT (.+) ON (.+) TO '.+'@'.+'( IDENTIFIED BY PASSWORD '.+')? ?(.*)", grant[0]) if res is None: module.fail_json(msg="unable to parse the MySQL grant string") privileges = res.group(1).split(", ") privileges = ['ALL' if x=='ALL PRIVILEGES' else x for x in privileges] - if res.group(3) == "WITH GRANT OPTION": + if "WITH GRANT OPTION" in res.group(4): privileges.append('GRANT') db = res.group(2).replace('`', '') output[db] = privileges @@ -205,6 +205,8 @@ def privileges_unpack(priv): def privileges_revoke(cursor, user,host,db_table): query = "REVOKE ALL PRIVILEGES ON %s FROM '%s'@'%s'" % (db_table,user,host) cursor.execute(query) + query = "REVOKE GRANT OPTION ON %s FROM '%s'@'%s'" % (db_table,user,host) + cursor.execute(query) def privileges_grant(cursor, user,host,db_table,priv):