From 353888767484f2c6a53d7c71a81da7ab645c4bbd Mon Sep 17 00:00:00 2001 From: Kirill Solomko Date: Sun, 1 Oct 2017 18:23:53 +0200 Subject: [PATCH] TT#22501 escape revoke/grant for users with special chars * users with special chars, like debian-sys-maint require revoke/grant to be escaped as 'user'@'host' * [default.user.host] "parent" is printed in the log if without debug but only when there is something to change Change-Id: I63065b5df37eea9136c6e61d15c329b978ba62dd --- sbin/ngcp-sync-grants | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sbin/ngcp-sync-grants b/sbin/ngcp-sync-grants index deba3c07..1ba12c1a 100755 --- a/sbin/ngcp-sync-grants +++ b/sbin/ngcp-sync-grants @@ -83,6 +83,7 @@ sub logger { return if $mode == 1 && $debug <= 0; my $offset = $log_offset*2; $offset -= 2 if $debug < 1; + $offset = 0 if $offset < 0; my $prefix = $mode < 2 ? "-->" : "Warning:"; printf { $mode == 2 ? *STDERR : *STDOUT } "%s%s %s\n", $prefix, " "x$offset, $str; @@ -173,14 +174,16 @@ sub apply_grants { log_debug(sprintf "[%s]%s", join('.', @$data), $as ? " as $as" : ''); normalise_grants($ptr->{$key}, $user, $host); return 0 unless check_grants($ptr->{$key}, $user, $host); + log_info(sprintf "[%s]%s", join('.', @$data), $as ? " as $as" : '') unless $debug; $log_offset = 2; log_info(sprintf "revoke all from: %s\@%s", $user, $host); - $dbh->do("REVOKE ALL PRIVILEGES, GRANT OPTION FROM $user\@$host"); + $dbh->do("REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$user'\@'$host'"); if ($DBI::errstr) { if ($DBI::errstr =~ /revoke all privileges for one or more of the requested users/) { $new_user = 1; } elsif ($DBI::errstr !~ /There is no such grant defined/) { + print "USER: $user HOST: $host\n"; die sprintf "Cannot revoke privileges from %s\@%s: %s", $user, $host, $DBI::errstr; } @@ -192,7 +195,7 @@ sub apply_grants { my ($s_grant, $s_suffix) = split_grant_suffix($grant); log_info(sprintf "grant %s to %s\@%s %s", $s_grant, $user, $host, $s_suffix); - $dbh->do("GRANT $s_grant TO $user\@$host $s_suffix"); + $dbh->do("GRANT $s_grant TO '$user'\@'$host' $s_suffix"); if ($DBI::errstr && $DBI::errstr !~ /Table\s+'\S+\.\S+'\s+doesn't\s+exist/) { die "Cannot grant privileges: ".$DBI::errstr;