From a090d6cef7d90c4634fc7d11bde971428d442035 Mon Sep 17 00:00:00 2001 From: Stijn Opheide Date: Wed, 24 Oct 2012 14:32:49 +0200 Subject: [PATCH] - removed space escapes from MySQL SHOW GRANTS regex - proper checking for with grant option (if this is not the only option the user has) - added revoking of grant option --- mysql_user | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/mysql_user b/mysql_user index 0f3b8b6897d..9b6e7946b5a 100755 --- a/mysql_user +++ b/mysql_user @@ -170,12 +170,12 @@ def privileges_get(cursor, user,host): cursor.execute("SHOW GRANTS FOR %s@%s", (user,host)) grants = cursor.fetchall() for grant in grants: - res = re.match("GRANT\ (.+)\ ON\ (.+)\ TO\ '.+'@'.+'[\ IDENTIFIED\ BY\ PASSWORD\ '.+']?\ ?(.*)", grant[0]) + res = re.match("GRANT (.+) ON (.+) TO '.+'@'.+'( IDENTIFIED BY PASSWORD '.+')? ?(.*)", grant[0]) if res is None: module.fail_json(msg="unable to parse the MySQL grant string") privileges = res.group(1).split(", ") privileges = ['ALL' if x=='ALL PRIVILEGES' else x for x in privileges] - if res.group(3) == "WITH GRANT OPTION": + if "WITH GRANT OPTION" in res.group(4): privileges.append('GRANT') db = res.group(2).replace('`', '') output[db] = privileges @@ -205,6 +205,8 @@ def privileges_unpack(priv): def privileges_revoke(cursor, user,host,db_table): query = "REVOKE ALL PRIVILEGES ON %s FROM '%s'@'%s'" % (db_table,user,host) cursor.execute(query) + query = "REVOKE GRANT OPTION ON %s FROM '%s'@'%s'" % (db_table,user,host) + cursor.execute(query) def privileges_grant(cursor, user,host,db_table,priv):