Stop granting users GRANT OPTION by default.
Fixes Bug #1180041 Change-Id: Ib2eb40bca70ac45e10560264ebfba86548cf621f
This commit is contained in:
Ed Cranford
parent
0f6744e882
commit
743e455b72
@ -81,6 +81,7 @@ class Query(object):
|
||||
self._group_by,
|
||||
self._limit,
|
||||
]
|
||||
query = [q for q in query if q]
|
||||
return " ".join(query) + ";"
|
||||
|
||||
|
||||
@ -119,7 +120,7 @@ class Grant(object):
|
||||
]
|
||||
|
||||
def __init__(self, permissions=None, database=None, table=None, user=None,
|
||||
host=None, clear=None, hashed=None, grant_option=True):
|
||||
host=None, clear=None, hashed=None, grant_option=False):
|
||||
self.permissions = permissions or []
|
||||
self.database = database
|
||||
self.table = table
|
||||
@ -192,6 +193,7 @@ class Grant(object):
|
||||
whom = [("TO %s" % self._user_host),
|
||||
self._identity,
|
||||
]
|
||||
whom = [w for w in whom if w]
|
||||
return " ".join(whom)
|
||||
|
||||
@property
|
||||
@ -212,6 +214,7 @@ class Grant(object):
|
||||
self._whom,
|
||||
self._with,
|
||||
]
|
||||
query = [q for q in query if q]
|
||||
return " ".join(query) + ";"
|
||||
|
||||
|
||||
@ -232,6 +235,7 @@ class Revoke(Grant):
|
||||
self._where,
|
||||
self._whom,
|
||||
]
|
||||
query = [q for q in query if q]
|
||||
return " ".join(query) + ";"
|
||||
|
||||
@property
|
||||
@ -258,6 +262,7 @@ class Revoke(Grant):
|
||||
whom = [("FROM %s" % self._user_host),
|
||||
self._identity,
|
||||
]
|
||||
whom = [w for w in whom if w]
|
||||
return " ".join(whom)
|
||||
|
||||
|
||||
@ -288,6 +293,7 @@ class CreateDatabase(object):
|
||||
self._charset,
|
||||
self._collate,
|
||||
]
|
||||
query = [q for q in query if q]
|
||||
return " ".join(query) + ";"
|
||||
|
||||
|
||||
@ -335,9 +341,10 @@ class CreateUser(object):
|
||||
return ""
|
||||
|
||||
def __str__(self):
|
||||
query = ["CREATE USER :user@:host"]
|
||||
if self._identity:
|
||||
query.append(self._identity)
|
||||
query = ["CREATE USER :user@:host",
|
||||
self._identity,
|
||||
]
|
||||
query = [q for q in query if q]
|
||||
return " ".join(query) + ";"
|
||||
|
||||
|
||||
@ -377,6 +384,7 @@ class UpdateUser(object):
|
||||
self._set_password,
|
||||
self._where,
|
||||
]
|
||||
query = [q for q in query if q]
|
||||
return " ".join(query) + ";"
|
||||
|
||||
|
||||
|
||||
@ -77,7 +77,7 @@ class QueryTest(testtools.TestCase):
|
||||
grant = query.Grant()
|
||||
self.assertIsNotNone(grant)
|
||||
self.assertEqual("GRANT USAGE ON *.* "
|
||||
"TO ``@`%` WITH GRANT OPTION;",
|
||||
"TO ``@`%`;",
|
||||
str(grant))
|
||||
|
||||
def test_grant_all_with_grant_option(self):
|
||||
@ -90,7 +90,8 @@ class QueryTest(testtools.TestCase):
|
||||
grant = query.Grant(permissions=permissions,
|
||||
user=user_name,
|
||||
host=host,
|
||||
clear=user_password)
|
||||
clear=user_password,
|
||||
grant_option=True)
|
||||
|
||||
self.assertEqual("GRANT ALL PRIVILEGES ON *.* TO "
|
||||
"`root`@`localhost` "
|
||||
@ -106,7 +107,8 @@ class QueryTest(testtools.TestCase):
|
||||
grant = query.Grant(permissions=permissions,
|
||||
user=user_name,
|
||||
host=host,
|
||||
clear=user_password)
|
||||
clear=user_password,
|
||||
grant_option=True)
|
||||
|
||||
self.assertEqual("GRANT ALL PRIVILEGES ON *.* TO "
|
||||
"`root`@`localhost` "
|
||||
@ -170,7 +172,7 @@ class QueryTest(testtools.TestCase):
|
||||
"USAGE ON *.* TO "
|
||||
"`root`@`localhost` "
|
||||
"IDENTIFIED BY "
|
||||
"'password123' WITH GRANT OPTION;",
|
||||
"'password123';",
|
||||
str(grant))
|
||||
|
||||
def test_grant_specify_duplicate_permissions(self):
|
||||
@ -233,5 +235,5 @@ class QueryTest(testtools.TestCase):
|
||||
"USAGE ON *.* TO "
|
||||
"`root`@`localhost` "
|
||||
"IDENTIFIED BY "
|
||||
"'password123' WITH GRANT OPTION;",
|
||||
"'password123';",
|
||||
str(grant))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user