@Qc @sddlmZmZmZmZmZmZmZmZm Z m Z m Z m Z m Z mZmZddlZddlZddlZddlmZddlmZmZmZmZmZddlmZdddd d d gZd d dddddddg ZdddgZdZiidd6dd6e d6e d6d6idd6dd6e d6e d6e!6idd6dd6e d6e d6d 6id!d6d"ej"pd#d6e d6e#d6d$6id%d6d&d6e d6e#d6d'6id(d6dd6e d6e d6d)6ie!d6d*d6e d6e d6d+6Z$d,Z%d-Z&d.ej'fd/YZ(d0ej)fd1YZ*d2ej)fd3YZ+d4ej)fd5YZ,dS(6i(tnewBoxtnewLabelt newButtont newTextEntrytnewTreeNodeViewtnewTabletnewRadioButtont newListBoxt newSelectortnewPanelt newTabViewt Utilitiest newCheckBoxt newImageBoxtAppN(tnot_running_warning_label(t AdminSecurityt PrivilegeInfotPrivilegeReverseDicttSecurityAdminRolestWBSecurityValidationError(tPermissionDeniedErrort Select_privt Insert_privt Update_privt Delete_privt Execute_privtShow_view_privt Create_privt Alter_privtReferences_privt Index_privtCreate_view_privtCreate_routine_privtAlter_routine_privt Drop_privt Trigger_privt Grant_privtCreate_tmp_table_privtLock_tables_privtmysql_native_passwordtStandardtnamettauth_string_labelt enable_hosttenable_passwordsStandard (old)tmysql_old_passwordsWindows NativesSupply the Windows username and/or group names that are allowed to use this account, separated by a comma (,) This account will be usable by these users whenever they are logged into Windows, without additional passwords. Example: Administrator, %stjoetauthentication_windowstPAMsSyntax: [,= [,= ...]] See documentation for details.tauthentication_pamsSHA256 Passwordtsha256_passwords:See the plugin documentation for valid values and details.t*cCs t|}|jtj|S(N(Rtset_text_aligntmformst MiddleRight(ttexttl((s..\modules\wb_admin_security.pytrLabel`s cCs t|}|jtj|S(N(Rt set_styleR7tSmallHelpTextStyle(R9R:((s..\modules\wb_admin_security.pytdLabeles tAddSchemaPrivilegeFormcBs/eZddZdZdZdZRS(R+c Cstjj|dtjtjB|jd||_tt }|j d|j d|j |t d|jd}|j|t tttj}|jd|j|t tt}|j||j d|jd|jd|jd|jdttjj|_|jjt|jj|j|jjd |j|jd d d d tj |jt!d d dd d tj t|jj"|_#|j#jd|j#j|j|j|j#d d d d tj |jt!dd dd d tj t$|_%|j|j%d d d d tj tj&Bt|jj"|_'|j'jd|j'j|j|j|j'd d d dtj |jt!dd dd dtj t(|_)|j|j)d d d dtj tj&Bg|j*D]\}}||kr%|^q%} |j)j+| ttj}|jd|j|ttt}|j||j d|jd|jd|jdttjj|_,|j,jt|j,j|j-|j,jd|j|j,d d d d tj |jt!dd dd d tj t|j,j"|_.|j.j|j-|j.jd|j|j.d d d d tj |jt!dd dd d tj t$|_/|j|j/d d d d tj tj&Bt|j,j"|_0|j0j|j-|j0jd|j|j0d d d dtj |jt!dd dd dtj t1t |_2|j|j2d d d dtj tj&Btj3Btj4B|j2j+|jj5tt} |j| t t| j dt6|_7|j7jd| j8|j7t tt6|_9|j9jd| j8|j9t t|j:dd|j|j-|j;dS(NsNew Schema Privilege Definitioni iscSelect the Host and the Schema for which the user '%s' will have the privileges you want to define.sutf-8tHostiis Any Host (%)iis~This rule will apply to connections from any host, in case other rules don't match the host from where the user connects from.isHosts matching pattern or name:sA hostname or a hostname pattern to match multiple hosts. You may use _ and % as wildcards in a pattern. Escape these characters with \ in case you want their literal value.sSelected host:s/Select a specific host or pattern for the rule.tSchemasAny Schema (%)s(This rule will apply to any schema name.s!Schemas matching pattern or name:sThis rule will apply to schemas that match the given name or pattern. You may use _ and % as wildcards in a pattern. Escape these characters with \ in case you want their literal value.sSelected schema:s7Select a specific schema name for the rule to apply to.tOKtCanceli i(<R7tFormt__init__tNonet FormResizabletFormMinimizablet set_titletsecmanRtFalset set_paddingt set_spacingt set_contentRtencodetaddtTrueR tTitledBoxPanelRt set_row_counttset_column_counttset_row_spacingtset_column_spacingRt RadioButtontnew_idthost1t set_activetadd_clicked_callbackthost_radio_changedtset_textt HFillFlagR>tgroup_idthost2Rt host2entryt HExpandFlagthost3Rthost3selt account_namest add_itemstschema1tschema_radio_changedtschema2t schema2entrytschema3Rt schema3selt VFillFlagt VExpandFlagtescaped_schema_namesRtoktadd_endtcanceltset_sizetcenter( tselfRJtusertboxtlabeltpanelttabletuththoststbbox((s..\modules\wb_admin_security.pyREls               "%"% )"% ).       "%"% )"%7      cCs6|jj|jj|jj|jjdS(N(Rat set_enabledR`t get_activeRdRc(Ru((s..\modules\wb_admin_security.pyR\scCs6|jj|jj|jj|jjdS(N(RjRRiRRlRk(Ru((s..\modules\wb_admin_security.pyRhscCs|j|j|jr|jjr0d}n0|jjrQ|jj}n|jj}|j jrxd}n0|j jr|j j}n|j j}||fSdS(Nt%(NN(t run_modalRpRrRYRR`Ratget_string_valueRdRgRiRjRlRF(Ruthosttschema((s..\modules\wb_admin_security.pytruns   (t__name__t __module__RER\RhR(((s..\modules\wb_admin_security.pyR?ks p  tSecurityAccountcBs eZdZedZdZdZdZdZdZ dZ dZ d Z d Z d Zd Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZedZRS(cCs]tjj|t|j|j||_d|_d|_ |j |j d|j dt t}|j d|j|ttt t}|j dt|_|jjd|j|jtt|jj|jt|_|jjd|jj|jt|_|jjd|j|jtt|jj|jt|_|jjd|jj|jj|j|jttt|_|jjd|j|jtt|jj|jt|_|jjd|j|jtt|jj|j|jj j!d@krt|_"|j"jd |j"j#d |j|j"tt|j"j|j$n d|_"t|_%|j%jd |j|j%tt|j%j|j&|j%j#d|j|ttt t}|j d|j'dd|j|ttt(d}|j|ttt)tj*|_+|j+j,tj-ddt|j+j,tj-ddt|j+j.|j+j/|j0|j+j1t|j|j+ttt t|_2}|j d|j|ttt(d|_3|j3j4tj5|j|j3ttt6t}|j|ttt t}|j d|j d|j7|dt8} |j| tt| j9d| j:d| j;d| j<dt=|_>|j>j'dd|j>j/|j?|j>j@dt=tjA|_B|jBj'dd|jBj/|jCt=tjA|_D|jDj'dd|jDj/|j?t=|_E|jEj/|jF| jtGdddddtjH| j|j>ddddtjH| jtId ddddtjHtjJBtKg|jLD] } | ^q`dk|_M|jMrtGd!|_N| j|jNddddtjHtO|_P| j|jPddddtjHtjJB| jtId"ddddtjH|jPj/|jQg|_Rxp|jLD]P} tSjT| rh|jPjUtS| d#n|jPjU| |jRjV| q8Wnd|_Rd|_WtGd$|_X| j|jXddddtjH| j|jEddddtjHt t|_YtZ|_[|jYj|j[tttId%|_\|jYj|j\tt| j|jYddddtjHtjJBtGd&|_]| j|j]dddd'tjH| j|jBdddd'tjHtId(|_\| j|j\dddd'tjHtjJBd)|_^tI|j^|__| j|j_ddd'dtjHtjJBtGd*|_`| j|j`dddd tjH| j|jDdddd tjHtId+|_a| j|jadddd tjHtjJB| jt(d,ddd d tjH|jMr t=|_W|jWj/|j?tGd-|_btId.|_c| j|jbddd dtjH| j|jWddd dtjHtjJB| j|jcddd dtjHt(d,|_d|j|jdttnt t} |j7| d/t t} | j| tt| j d| j dt)tj*|_e|jej,tjfd,d0t|jej,tj-d1dt|jej,tj-d2d3t|jej.| j|jett|jejg|jht)tj*|_i|jij,tjfd,d0t|jij,tj-d4d5t|jij.|jij'dd|jijg|jj| j|jittt8} |j7| d6| j d| j<d| j;d| j9d'| j:d| jtGd7ddddtjHt=|_k|jkj'd8d|jkj/|j?| j|jkddddtjH| jtId9ddddtjHtjJB| jtGd:ddddtjHt=|_l|jlj'd8d|jlj/|j?| j|jlddddtjH| jtId;ddddtjHtjJB| jtGd<ddddtjHt=|_m|jmj'd8d|jmj/|j?| j|jmddddtjH| jtId=ddddtjHtjJB| jtGd>dddd'tjHt=|_n|jnj'd8d|jnj/|j?| j|jndddd'tjH| jtId?dddd'tjHtjJB|jo|j0dS(ANis Add Accountt DuplicatetDroptRefreshtApplytRevertiiisExpire PasswordsuForce user to change password after next login. The user will be unable to issue any command other than SET PASSWORD.sRevoke All PrivilegessImmediately remove all privileges from the account, from every object at all levels. The account itself will be left untouched and logins will still be possible.iis User AccountstUseriPs From HostixsBSelect an account to edit or click Add Account to create a new onei tLoginiiis Login Name:iiisTYou may create multiple accounts with the same name to connect from different hosts.sAuthentication Type:sP For the standard password and/or host based authentication, select 'Standard'. R*s%Limit Connectivity to Hosts Matching:s% and _ wildcards may be useds Password:isType a password to reset it.skConsider using a password with 8 or more characters with mixed case letters, numbers and punctuation marks.sConfirm Password:s Enter password again to confirm.R+sAuthentication String:s*Authentication plugin specific parameters.sAdministrative RolesitRolet Descriptioni,sGlobal PrivilegesisAccount Limitss Max. Queries:i<s:Number of queries the account can execute within one hour.s Max. Updates:s:Number of updates the account can execute within one hour.sMax. Connections:sCThe number of times the account can connect to the server per hour.sConcurrent Connections:sJThe number of simultaneous connections to the server the account can have.(iii(pR7tBoxRERKt set_managedtset_release_on_addtownerRFt_selected_usert_selected_user_originaltsuspend_layoutRLRMRRQRPRt add_buttonR]R[t add_accountt dup_buttont dup_accountt del_buttont del_accounttrefresh_buttontrefreshRqt save_buttontcommitt revert_buttontreverttctrl_betserver_versiont expire_buttont set_tooltiptexpiretrevoke_all_buttont revoke_allRsRRt TreeFlatListt user_listt add_columntStringColumnTypet end_columnstadd_changed_callbackt user_selectedtset_allow_sortingt content_boxt account_labelR<t BoldStyleR tadd_pageRRSRTRURVRtusernamet set_dirtytset_max_lengtht PasswordEntrytpasswordtpassword_callbacktconfirmt hostlimithostthostlimithost_changedR;R^R>Rbtlentactive_pluginsthas_extra_pluginstauth_type_labelRt auth_type_seltauth_type_changedtauth_type_listtAUTHENTICATION_PLUGIN_TYPESthas_keytadd_itemtappendtauth_string_paramthostlimithost_captiont hostlimit_boxR thostlimithost_valid_icontpassword_caption2tpassword_captiontpassword_advicetpassword_labeltconfirm_captiontconfirm_caption2R,tauth_string_desctauth_string_helpt role_listtCheckColumnTypetset_cell_edited_callbacktrole_list_toggledtrole_priv_listtrole_priv_list_toggledt max_questionst max_updatestmax_connectionstmax_uconnectionst resume_layout(RuRttop_boxt bottom_boxtaccount_list_boxRxtaboxttabViewtvboxRztptpluginRwtlbox((s..\modules\wb_admin_security.pyREs                                     %",+ " )%   "" )"") )"")%  ")"            % ",% ",% ",% ", cCs2g|jjjD]\}}|dkr|^qS(NtAUTHENTICATION(RRtserver_active_plugins(RuR*tptype((s..\modules\wb_admin_security.pyRscCs*|jr&|jt|jjdSdS(Ni(RtmaxRtget_selected_indexRF(Ru((s..\modules\wb_admin_security.pytselected_plugin_types cCstj|}|s"td}n|r|jj|d|jj|d|jj|d|jj|d|jj|d|jj|d|j j|d|j j|d|j j|d|j r|dr|j jt|j j|d|jjt|j jt|jjt|rl|jjt|j jtq|jjt|j jtq|j jt|jjt|j jt|jjtqndS(NR5R.R-R,(RtgetRRRRRRRRRRRRtshowRQR]R,RRK(Rut auth_typet is_new_usertinfo((s..\modules\wb_admin_security.pyt!update_enable_state_for_auth_type s:   cCs|jj||jdS(N(Rt set_valuetvalidate_hostlimithost(Rutvalue((s..\modules\wb_admin_security.pytset_hostlimithost-scCs|j|jdS(N(RR(Ru((s..\modules\wb_admin_security.pyR1s cCs|js dS|j}|j|ttj|}|sKtd}n|r|ds~|jjd|jjdn|ds|j dqn|j dS(NR5R.R+R-R( RRRRQRRRRRRR(RuRR((s..\modules\wb_admin_security.pyR6s     cCs|jr|jj|jj}|jjs4tntddgfg}x_|D]T\}}}|jj}|jd||k|jd||jd|qQWndS(NtCustoms custom roleiii( RRtcleart admin_rolestis_custom_role_neededRtadd_nodetset_boolt set_string(RutrolestTheRolesR*tdesctprivstrow((s..\modules\wb_admin_security.pytrefresh_role_listLs   (cCsf|jrb|j||dk|jd}|jjt||dk|j|jndS(Nt1i(RRt get_stringt toggle_privRR R(RutnodetcolRtpriv((s..\modules\wb_admin_security.pyRYs   cCsl|jrh|j|t||jd}|jj||dk|j|j|jndS(NiR (Rtset_inttintR t toggle_roleR Rtrefresh_priv_list(RuR RRtrole((s..\modules\wb_admin_security.pyRcs   cCs'|jj|jj|jdS(N(RRt hostlimitRR(Ru((s..\modules\wb_admin_security.pythost_limit_clickedqscCs|jj}d|_d|_|jd|jjt|j jt|rt |j \}}|j j d||f|jjj|j||n|j j ddS(NsDetails for account %s@%ssBSelect an account to edit or click Add Account to create a new one(Rtget_selected_nodeRFRRt show_userRRRKRtevaltget_tagRR]RRJtasync_get_account(RutselRvR((s..\modules\wb_admin_security.pyRvs   c Cs|jj}| r |r dS|rIt|jd|jkrIdS|jj|dk|jj|dkoz|j |j ||_ |o|j |_ |r|jjt|jjt|jr|jj|j n|jj|j|jj|jpd|jj|jp-d|j|j|jr y|jj|jpbt}WnAtk rtjjdd|j |jfddddSX|j!j"||j!j|j |j#j|j$pd|j%|jpd|j n|j&jt'|j&|j(jt'|j(|j)jt'|j)|j*jt'|j+|j,|j-n |jjd|jjd|jjd|jr|jjt.n|jd|j#r|j#jdn|j&jd|j(jd|j)jd|j*jdxTt/|j0j1D]=}|j0j2|}|rP|j0j2|j3dt.qPqPW|r|jr|j4j5d|j4j6dn#|j4j5|j7|j4j6ddS( NiR+sInvalid Authentication Plugins_User %s has plugin type %s, which is not listed as a known authentication plugin by the server.RBsBPassword is expired. User must change password to use the account.s#aa3333s#000000(8RRRRRRRRFRt is_commitedt unset_dirtyRtsnapshot_for_revertRRRQRRtpassword_expiredRRRRRRtindext auth_plugintDEFAULT_AUTH_PLUGINt ValueErrorR7R t show_warningtformatted_nameRt set_selectedRt auth_stringRRtstrRRRtmax_user_connectionsRR RKtrangeRtcountt node_at_rowRRR]t set_colorR(RuRvRR!titrole_list_node((s..\modules\wb_admin_security.pyRst %             #cCstt|jjj}xTt|D]F}|jj|}||f|jd|jdfkr"|Sq"W|dS(Nii(RRRJReR+RR-R (RuRvRt users_countRR ((s..\modules\wb_admin_security.pyt_find_user_positions *cCs|jjj}|j|j|j|j}|dk rk|dkrk|jj |jj |n|j |j dS(Ni( RRJtcreate_accountRR2RRRFRt select_nodeR-RR(Rutaccounttpos((s..\modules\wb_admin_security.pyRs  cCs|jr|jjj|j}|j|j|j|j}|rt|dkrt|jj |jj |n|j ndS(Ni( RRRJt copy_accountRR2RRRR4R-R(RuR5R6((s..\modules\wb_admin_security.pyRs  cCs&|jr"|jj sGtjdd|jjdddtjkr"|jj}y|jjj |jWnft k r}t |j dkr|j d ndt |f\}}tj||d ddnXd|_d|_|jj|jtjjjd |q"ndS( Ns Drop Accounts=The account '%s' will be permanently removed. Please confirm.RRCR+iisError:RBsAccount '%s' was deleted(RRR t show_messageR&R7tResultOkRRJtdelete_accountt ExceptionRtargsR)t show_errorRFRt do_refreshRRRtset_status_text(Rutthe_nametettitletmessage((s..\modules\wb_admin_security.pyRs :    cCsnd}|j}|j}|jj|jjx|jjjD]\}}|jj }|j d|pod|j d||j t ||f|rB||j krB||jkrB|}qBqBW|jj||_||_|dk r|jj||jn|rG|jrG|jjd|jjdn#|jj|j|jjddS(Nis isBPassword is expired. User must change password to use the account.s#aa3333s#000000(RFRRRtfreeze_refreshRRRJReRRtset_tagtreprRRt thaw_refreshR4RR RR]R.R(Rut selected_rowtsutsuoRvRR((s..\modules\wb_admin_security.pyRs.    $      cCs|jj|jrtgtjD]+\}}||jjjkr&|d^q&}|jj }xF|D];}|jj }|j d||k|j d|qmWndS(Nii( RRRtsortedRt iteritemsRRJtglobal_privilege_namestraw_privilege_namesRRR(Rutkeytvaltall_supported_privsRRR((s..\modules\wb_admin_security.pyR%s  D  cs{|jj}t|_t|dkr6t|_nd}|ddkrY|d }nId|jdddkr|jd\}}}|st|_qn|jrtj dtj t fd|j dD|_n|jr.|r.|j o%d t|ko#d kn|_n|jrJ|jjtn-|jjd |jj|jjd dS( NiR+it.t/is(?!-)[A-Z%_\d-]{1,63}(??sii smini_error.pngs'Host name contains incorrect characters(RRRQt valid_nameRRKtrsplitt rpartitiontretcompilet IGNORECASEtalltsplittisdigitRRRt set_imageR(RuRt subnet_maskt_((RWs..\modules\wb_admin_security.pyR/s*    +4  cCs4|jjt|jjt|jjtdS(N(RRRQRRRK(Ru((s..\modules\wb_admin_security.pyRNscCs4|jjt|jjt|jjtdS(N(RRRKRRRQ(Ru((s..\modules\wb_admin_security.pyRTscCs'|jr|jjn|jdS(N(Rtexpire_passwordR(Ru((s..\modules\wb_admin_security.pyRZs cCs|jrtjdd|jj|jjfdddtjkry@|jj|jj|jj|jj|j |jWqt k r}t |j dkr|j d ndt |f\}}tj||d ddqXqndS( NsRevoke All PrivilegesssPlease confirm revokation of all privileges for the account '%s'@'%s'. Note: the account itself will be maintained.tRevokeRCR+iisError:RB(RR R8RRR7R9RtloadRR;RR<R)R=(RuRARBRC((s..\modules\wb_admin_security.pyR`s   :cCsd|jr1|j|jjj|j|jn|jjsV|jjj|jn|jdS(N( RRRRJtrevert_accountRRR:R(Ru((s..\modules\wb_admin_security.pyRns  ( c Cs|jr|jj}|jj}|jsPtjdd|dddn|jj }t}|j j |jj r~dn|j t j|ji}|jr|jdt rt}n|r|jj r| rtjdd||fd d dtjkrdSn|jj|j_|jj|j_|jj|j_|jj|j_y:t|jj|j_|jjd krtnWn8tk rtjd d |jjddddSXy:t|jj|j_|jjd krtnWn8tk rTtjdd |jjddddSXy:t|jj|j_|jjd krtnWn8tk rtjdd |jjddddSXy:t|jj|j_|jjd krtnWn8tk r>tjdd |jjddddSX|rc|jrc|j|j_ nd|j_"|jj rt |jj dr|j#j|j_"ny|jj$Wnt%k r}tjdt&|ddddSt'k r}tjdt&|ddddSt(k rQ}tjdt&|ddddSX|jj)}|jj*|jj|jj|j+j,|rtj-jj.d|qtj-jj.d|ndS(NsInvalid host specificationsJThe host specification "%s" is not valid. Please correct it and try again.RBR+sBPassword is expired. User must change password to use the account.R.sSave Account ChangessuIt is a security hazard to create an account with no password. Please confirm creation of '%s'@'%s' with no password.tCreateRCisWrong Value for Max. Queriess]Cannot convert "%s" to a valid non-negative integer. Please correct this value and try again.sWrong Value for Max. Updatess Wrong Value for Max. Connectionss&Wrong Value for Concurrent ConnectionsR,sPermission ErrorssError Saving AccountsCreated account '%s'sUpdated account '%s'(/RRRRRXR R=RRKRR]R RRRRRRQRR%R7R9Rtconfirm_passwordRRRR$RRRR*R"RFR(RtsaveRR)RR;R&RfRRRR?(RuRRRtpassword_unneededt plugin_infotexcR@((s..\modules\wb_admin_security.pyRvs    %                         cCs4|jjd|jj|j|jdS(Ns#aa3333(RR.R]testimate_password_strengthR(Ru((s..\modules\wb_admin_security.pyRscCs/|dk r|n |jj}ddddg}d}|dkrM|dSt|dkrk||d Sd }t|d kr|d 7}ntjd |r|d 7}ntjd |rtjd |r|d 7}ntjd|r|d 7}n|||dkrd n|dkr)dndS(NtBlanktWeaksMedium strengthtStrongs %s password.R+iiii s\d+s[a-z]s[A-Z]s(\W|_)+iii(RFRRRR[tsearch(RuRtpasswdtstrengthRCtestimate((s..\modules\wb_admin_security.pyRns&!    $  ( RRREtpropertyRRRRRRR RRRRRR2RRRRRRRRRRRRRRFRn(((s..\modules\wb_admin_security.pyRs:   #       N         a tSecuritySchemaPrivilegescBseZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZRS(c Cstjj|t|j|j||_d|_d|_ |j |j d|j dt t}|j d|jdd|j|ttttj|_|jjtjddt|jj|jj|j|jjt|j|jtti|_t t|_}|j d|j|tt|jtdttttj|_|jjtjddt|jjtjd dt|jjtjd d t|jj|jj|j|j|jttt t}|j d|jtd ttt |_!|j!j"d |j#|j!tt|j!j$|j%t |_&|j&j"d|j#|j&tt|j&j$|j'|j|tttd|_(|j|j(ttt t}|j d|j|ttt)tj*|_+}|j,dt t}|j dxt-D]z}t.} t/j0|d\} } | j"| | r| j1| n| j$|j2|j| tt| |j||j| tt|j?dS(NiiitUsersisUSelect a user and pick the privileges it has for a given Schema and Host combination.R@idRAt Privilegesi spSchema and Host fields may use % and _ wildcards. The server will match specific entries before wildcarded ones.s Add Entry...s Delete EntryR+s Object Rightss DDL Rightss Other Rightss Select "ALL"s Unselect Alls Save ChangesR(R+N(R+N(R+N(@R7RRERQRRRRFRRRRMRLRRKRsRPRRRRRRRRRtschema_rights_checksRRt privs_listtschema_priv_selectedR>Rtadd_entry_buttonR]RqR[t add_entrytdel_entry_buttont del_entrytschema_priv_labelR RRtschema_object_privs_panelRItSCHEMA_OBJECT_RIGHTSR RRRtschema_priv_checkedtschema_ddl_privs_paneltSCHEMA_DDL_RIGHTStschema_other_privs_paneltSCHEMA_OTHER_RIGHTSt grant_alltgrant_all_schema_privsRtrevoke_all_schema_privsRRRRR( RuRtschema_list_boxt priv_vboxR~thboxRyRwR*tcbRxRR((s..\modules\wb_admin_security.pyREs                                               cCs4|jjt|jjt|jjtdS(N(RRRQRRRK(Ru((s..\modules\wb_admin_security.pyRscCs4|jjt|jjt|jjtdS(N(RRRKRRRQ(Ru((s..\modules\wb_admin_security.pyRscCsg}x9|jjD](\}}|jr|j|qqW|jj}|dkrt||jj|_ g|D]}t j |dd^q}}|j |jj |jddj|pdn|jdS(Nit is, tnone(RzRLRRR{tget_selected_rowtsetRtentriest privilegesRRtsortR-RtjoinR(RuRR*RRRtplist((s..\modules\wb_admin_security.pyRs  ) .cCs|js dSt|jj|jj}|j\}}|dk r|dk r|jj||t}|j |j|j ||j j |j j t|jjd|j|jndS(Ni(RR?RRJRRRFR~Rtrefresh_entry_listtshow_privilegesR{R4R-RRR|R(RutaddformRRtentry((s..\modules\wb_admin_security.pyR~s  , cCsT|jj}|sdS|jj|jj|=|j|j|jdS(N(R{RRRt row_for_nodetremove_from_parentR|R(RuR((s..\modules\wb_admin_security.pyRs  cCs|jj}d|_d|_|jd|jjt|jjt|j d|r|j }|j j j |j|ndS(N(RRRFRRRR}RRKRRRRJtasync_get_user_schema_privs(RuRRv((s..\modules\wb_admin_security.pyRs     cCs]|jj}| s |j r0|jdn)|jj|jj|}|j|dS(N(R{RRRRFRR(RuRR((s..\modules\wb_admin_security.pyR|s cCsaxF|jjD]5\}}|dkr8|jtq|jtqW|j|jdS(NR%(RzRLRZRQRKRR(RuR*R((s..\modules\wb_admin_security.pyRs   cCs?x$|jjD]}|jtqW|j|jdS(N(Rzt itervaluesRZRKRR(RuR((s..\modules\wb_admin_security.pyRs cCs|jj}| r |r dS|r?|j|jkr?dS||_|oW|j|_|jj|dk|j |j ||dk r|j jt |jjtn|jddS(N(RRRRRRRRRRFRRR}RQRRKR(RuRvR((s..\modules\wb_admin_security.pyRs     cCs|jjx|r|jp"gD]}|jj}|jd|j|jd|jg|jD]}tj |dd^qh}|j |jddj |pdq#WdS(NiiRis, R( R{RRRRRtdbRRRRR(RuRvRRRR((s..\modules\wb_admin_security.pyRs , cCs|jj|dk|jj|dk|jj|dk|r|j|j|j}}}d|jj }d|ksd|kr|dkr|d7}q|d|7}n|d|7}d|ksd|kr|dkr|d7}q|d|7}n|d |7}|j j ||j jt |jjt |jjt x|jjD]\}}|j||kqeWnm|j j d |j jt|jjt|jjtx*|jjD]\}}|jtqWdS( NsThe user '%s', RcRswhen connecting from any host, s*when connecting from hosts matching '%s', s$when connecting from the host '%s', s4will have the following access rights to any schema:s?will have the following access rights to schemas matching '%s':s9will have the following access rights to the schema '%s':R+(RRRFRRRRRRRRR]RRQRRRzRLRZRK(RuRRRRR9Rtcheck((s..\modules\wb_admin_security.pyR!s8    cCs|jjxftg|jjjD]}|d^q#D]8}|jj}|jd|pad|j|q:W|j ddS(Nis ( RRRRRJReRRRERRF(RutaRvR((s..\modules\wb_admin_security.pyRLs  3cCs5|jr1|j|jjj|j|jndS(N(RRRRJtrevert_user_schema_privsR(Ru((s..\modules\wb_admin_security.pyRVs cCs|jry|jjWntk rO}tjdt|ddddStk r}t|jdkr|jd ndt|f\}}tj||dddnX|j ndS(NsSave Account ChangesRBR+iisError:( RRjRR R=R)R;RR<R(RuRmRARBRC((s..\modules\wb_admin_security.pyR[s  :(RRRERRRR~RRR|RRRRRRRR(((s..\modules\wb_admin_security.pyRws         + tWbAdminSecuritycBsJeZgZeZdZdZdZdZdZ dZ RS(cCsrtjj|t|jj|d|j|j||_d|_ ||_ |j j |ddddS(NtpagetSECURITYsUsers and Privilegestadmin_manage_privs_win( R7RRERKt ui_profilet apply_styleRRRRFRJt main_viewtadd_content_page(RuRtserver_profileR((s..\modules\wb_admin_security.pyREos     cCs|jt|_|j|jtttt|_|j|jttt||_ |jj |j dt ||_ |jj |j d|j dS(NsServer Access ManagementsSchema Privileges(RRtwarningRPRKRQR ttabviewRt account_tabRRwtschema_privs_tabR(Ru((s..\modules\wb_admin_security.pyt create_uizs  cCsq|jjrDt|j|_|jjt|jjtn)d|_|jjt|jjtdS(N( Rtis_sql_connectedRRJRRRKRRQRF(Ru((s..\modules\wb_admin_security.pyt update_uis c Cs|jjd|js/|jt|_n|j|j|jjryg|j j D]$\}}|dkrb||f^qb}|r|j j dt  r|jjjjd}|jjjj}|j j}nWqg}d|ksd|krztjdd|d d dd |d |d tjkrx3|D](\}}|j j|j j||qHWqn3tjdd|dddd |dd |d t|_qXndS(Ns Users and PrivilegesR+talready_asked_for_anon_accountstuserNametDELETEs CREATE USERsAnonymous accounts detectedsAnonymous accounts were detected in the server %s. Anonymous accounts can cause great confusion and are also a potential security issue and are advised to be removed. Would you like Workbench to delete them now?.tDeletesLeave Accountss#wb.admin.delete_anonymous_accounts:t@sDon't show this message againsAnonymous accounts were detected in the server %s. Anonymous accounts can cause great confusion and are also a potential security issue and are advised to be removed. Please ask a DBA to delete them.RBs|no_privileges|(Rtset_content_labelt ui_createdRRQRRRRRJRet__dict__RRKRtdb_connection_paramstparameterValuesthostIdentifiertget_valid_privilegesR tshow_message_and_rememberR7R9RR:R(RuRvRt anon_accountstlogged_usernametlogged_servernameRR*((s..\modules\wb_admin_security.pytpage_activateds:     7  &  cCsb|jjr^y|jj|jWq^tk rZ}tjdt|dddq^XndS(Ns Access DeniedRBR+( RRRJt async_refreshR>RR R=R)(RuRA((s..\modules\wb_admin_security.pyRs cCs|jj|jjdS(N(RRR(Ru((s..\modules\wb_admin_security.pyR>s ( RRt_schema_priv_entriesRKRRERRRRR>(((s..\modules\wb_admin_security.pyRks   % (-R7RRRRRRRRRR R R R R RR[tgetpasstwb_admin_utilsRtwb_admin_security_beRRRRRt wb_commonRRRRR#RQRFtgetuserRKRR;R>RDR?RRRwR(((s..\modules\wb_admin_security.pyts~d   (                  t