|
|
|
|
@ -20,6 +20,7 @@ my $grants = {};
|
|
|
|
|
my $dbh;
|
|
|
|
|
my $debug = 0;
|
|
|
|
|
my $log_offset = 0;
|
|
|
|
|
my $password_length = 20;
|
|
|
|
|
|
|
|
|
|
my $recreate_user = 0;
|
|
|
|
|
|
|
|
|
|
@ -145,10 +146,12 @@ sub apply_grants {
|
|
|
|
|
my ($top, $user, $host) = @$data;
|
|
|
|
|
$host = $as if $as;
|
|
|
|
|
$log_offset = 1;
|
|
|
|
|
my $new_user = 0;
|
|
|
|
|
log_debug(sprintf "[%s]%s", join('.', @$data), $as ? " as $as" : '');
|
|
|
|
|
if (!$as && $recreate_user) {
|
|
|
|
|
if (apply_drop_users($user)) {
|
|
|
|
|
flush_privs();
|
|
|
|
|
$new_user = 1;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
return 0 unless check_grants($ptr->{$key}, $user, $host);
|
|
|
|
|
@ -158,14 +161,14 @@ sub apply_grants {
|
|
|
|
|
$log_offset = 2;
|
|
|
|
|
log_info(sprintf "revoke all from: %s\@%s", $user, $host);
|
|
|
|
|
$dbh->do("REVOKE ALL PRIVILEGES, GRANT OPTION FROM $user\@$host");
|
|
|
|
|
if ($DBI::errstr
|
|
|
|
|
&&
|
|
|
|
|
($DBI::errstr !~ /There is no such grant defined/ &&
|
|
|
|
|
$DBI::errstr !~
|
|
|
|
|
/revoke all privileges for one or more of the requested users/
|
|
|
|
|
)) {
|
|
|
|
|
if ($DBI::errstr) {
|
|
|
|
|
if ($DBI::errstr =~
|
|
|
|
|
/revoke all privileges for one or more of the requested users/) {
|
|
|
|
|
$new_user = 1;
|
|
|
|
|
} elsif ($DBI::errstr !~ /There is no such grant defined/) {
|
|
|
|
|
die sprintf "Cannot revoke privileges from %s\@%s: %s",
|
|
|
|
|
$user, $host, $DBI::errstr;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$rc++;
|
|
|
|
|
@ -182,6 +185,13 @@ sub apply_grants {
|
|
|
|
|
$log_offset = 2;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($new_user) {
|
|
|
|
|
$dbh->do("UPDATE user SET Password = '!'
|
|
|
|
|
WHERE User = ? AND Host = ?",
|
|
|
|
|
undef, $user, $host);
|
|
|
|
|
die sprintf "Cannot update %s@%s with disabled password, %s",
|
|
|
|
|
$user, $host, $DBI::errstr if $DBI::err;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
die "Unparsable grants structure elemenent: $key";
|
|
|
|
|
}
|
|
|
|
|
|
Kirill Solomko
10 years ago