From 7d04c6e638c344f303ed0abb16cbf018ee8b921c Mon Sep 17 00:00:00 2001 From: Mykola Malkov Date: Fri, 6 Jul 2018 22:18:21 +0300 Subject: [PATCH] TT#37113 Use safe 'DROP USER' syntax Replace unsafe 'DELETE FROM mysql.user' with recommended 'DROP USER' statement to avoid problems with DROP/CREATE USER due to missing 'FLUSH PRIVILEGES' like: Error: Cannot create grant temp user: Operation CREATE USER failed for 'ngcp-sync-db'@'localhost' at /usr/sbin/ngcp-sync-grants line 322. Execute 'FLUSH PRIVILEGES' before creating and after dropping of temp user 'ngcp-sync-db'. Change-Id: I49c29b6c39353d4a47f086851a915af1469ebcdd --- sbin/ngcp-sync-grants | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/sbin/ngcp-sync-grants b/sbin/ngcp-sync-grants index 5ddbbcdc..32226c39 100755 --- a/sbin/ngcp-sync-grants +++ b/sbin/ngcp-sync-grants @@ -261,10 +261,6 @@ sub apply_copy_grants { sub apply_drop_users { my $forced_user = shift; # to drop a specific user - my $ch = $dbh->prepare(<prepare(<execute($user, $host_rx) or die "Cannot select user $user -- $host_rx: ".$DBI::errstr; while (my ($host) = $ch_sel->fetchrow_array) { - $ch->execute($user, $host_rx) + $dbh->do("DROP USER '$user'\@'$host_rx'") or die "Cannot drop user $user -- $host_rx: ".$DBI::errstr; log_info(sprintf "drop: %s\@%s", $user, $host); $rc++; @@ -293,7 +289,6 @@ SQL } } - $ch->finish; $ch_sel->finish; return $rc; @@ -347,6 +342,7 @@ sub grants_helper { my $user = $TEMP_GRANT_USER; my $host = $TEMP_GRANT_HOST; + flush_privs(); set_user_protected_password($user, $host); $dbh->do("REVOKE ALL PRIVILEGES, GRANT OPTION FROM '$user'\@'$host'"); @@ -378,6 +374,7 @@ sub grants_helper { $dbh->do("DROP USER '$user'\@'$host'"); die "Cannot drop grant temp user: ".$DBI::errstr if $DBI::err; + flush_privs(); @$grants = ( map { $_->[0] } @$temp_grants );