Xׯd_ddlmZmZddlmZddlmZmZddlZddl m Z ddl Z Gdde Z dZd Zd Zd Zd Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%d Z&d!Z'd"Z(d#Z)d$Z*id%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<d=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUZ+e,dVe+-DZ.dWgdXgdYdZd[fdWgd\gd]dZd[fd^Z/d_d`e0e+1fdadbgdcfddded1dCgfdfdgdhd1gfdidjgdkfdldmd5gfdndogdpfdqdrgdsfdtdugdvfdwdxgdyfg Z2dzZ3d{Z4d|Z5Gd}d~e6Z7Gdde6Z8Gdde6Z9Gdde6Z:dS)) QueryErrorescape_sql_string)Version)PermissionDeniedError to_unicodeN) log_errorceZdZdS)WBSecurityValidationErrorN)__name__ __module__ __qualname__"..\modules\wb_admin_security_be.pyr r sDrr z/SELECT User, Host FROM mysql.user ORDER BY UserSHOW DATABASESzSELECT d.User, d.Host, d.Db FROM mysql.db AS d LEFT JOIN mysql.user AS u ON d.User = u.user AND d.Host = u.Host WHERE u.User IS NULLzSELECT t.User, t.Host, t.Db, t.Table_name FROM mysql.tables_priv AS t LEFT JOIN mysql.user AS u ON t.User = u.user AND t.Host = u.Host WHERE u.User IS NULLzSELECT c.User, c.Host, c.Db, c.Table_name, c.Column_name FROM mysql.columns_priv AS c LEFT JOIN mysql.user AS u ON c.User = u.user AND c.Host = u.Host WHERE u.User IS NULLzSELECT p.User, p.Host, p.Db, p.Routine_name, p.Routine_type FROM mysql.procs_priv AS p LEFT JOIN mysql.user AS u ON p.User = u.user AND p.Host = u.Host WHERE u.User IS NULLzVSELECT * FROM mysql.user WHERE User='%(user)s' AND Host='%(host)s' ORDER BY User, HostzLSELECT * FROM mysql.db WHERE User='%(user)s' AND Host='%(host)s' ORDER BY DbzXSELECT * FROM mysql.tables_priv WHERE Host='%(host)s' AND User='%(user)s' AND Db='mysql'z>CREATE USER '%(user)s'@'%(host)s' IDENTIFIED BY '%(password)s'zXCREATE USER '%(user)s'@'%(host)s' IDENTIFIED WITH '%(auth_plugin)s' AS '%(auth_string)s'zCCREATE USER '%(user)s'@'%(host)s' IDENTIFIED WITH '%(auth_plugin)s'zUCREATE USER '%(user)s'@'%(host)s' IDENTIFIED WITH '%(auth_plugin)s' BY '%(password)s'z[CREATE USER '%(user)s'@'%(host)s' IDENTIFIED WITH 'mysql_native_password' BY '%(password)s'z ALTER USER '%(user)s'@'%(host)s'z7GRANT %(granted_privs)s ON *.* TO '%(user)s'@'%(host)s'z:REVOKE %(revoked_privs)s ON *.* FROM '%(user)s'@'%(host)s'z:GRANT USAGE ON *.* TO '%(user)s'@'%(host)s' WITH %(limit)szBRENAME USER '%(old_user)s'@'%(old_host)s' TO '%(user)s'@'%(host)s'zASET PASSWORD FOR '%(user)s'@'%(host)s' = PASSWORD('%(password)s')z+SET PASSWORD FOR '%(user)s'@'%(host)s' = ''z=ALTER USER '%(user)s'@'%(host)s' IDENTIFIED BY '%(password)s'z1ALTER USER '%(user)s'@'%(host)s' IDENTIFIED BY ''zAREVOKE %(revoked_privs)s ON `%(db)s`.* FROM '%(user)s'@'%(host)s'z>GRANT %(granted_privs)s ON `%(db)s`.* TO '%(user)s'@'%(host)s'z0ALTER USER '%(user)s'@'%(host)s' PASSWORD EXPIREFLUSH PRIVILEGESz>REVOKE ALL PRIVILEGES, GRANT OPTION FROM '%(user)s'@'%(host)s'zDROP USER '%(user)s'@'%(host)s' Select_priv)SELECTaThe SELECT privilege enables querying data from tables and views. SELECT statements require the SELECT privilege only if they actually retrieve rows from a table. Some SELECT statements do not access tables and can be executed without permission for any database. Insert_priv)INSERTzThe INSERT privilege enables the insertion of data into tables. INSERT is also required for the ANALYZE TABLE, OPTIMIZE TABLE, and REPAIR TABLE table-maintenance statements. Update_priv)UPDATEz5The UPDATE privilege enables changing data in tables. Delete_priv)DELETEz:The DELETE privilege enables deletion of data from tables. Create_priv)CREATEzPThe CREATE privilege enables creation of new databases, tables, views, and more. Drop_priv)DROPaThe DROP privilege enables you to drop (remove) existing databases, tables, views, and more. Beginning with MySQL 5.1.10, the DROP privilege is also required in order to use the statement ALTER TABLE ... DROP PARTITION on a partitioned table. Beginning with MySQL 5.1.16, the DROP privilege is required for TRUNCATE TABLE (before that, TRUNCATE TABLE required the DELETE privilege). Warning: if you grant the DROP privilege for the 'mysql' database to a user, that user can drop the database in which the MySQL access privileges are stored. Reload_priv)RELOADzThe RELOAD privilege enables use of the FLUSH statement. It also enables mysqladmin commands that are equivalent to FLUSH operations: flush-hosts, flush-logs, flush-privileges, flush-status, flush-tables, flush-threads, refresh, and reload. Shutdown_priv)SHUTDOWNzoThe SHUTDOWN privilege enables use of the mysqladmin shutdown command. There is no corresponding SQL statement. Process_priv)PROCESSaGThe PROCESS privilege pertains to display of information about the threads executing within the server (that is, information about the statements being executed by sessions). The privilege enables use of SHOW PROCESSLIST or mysqladmin processlist to see threads belonging to other accounts; you can always see your own threads. File_priv)FILEaiThe FILE privilege gives you permission to read and write files on the server host using the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. A user who has the FILE privilege can read any file on the server host that is either world-readable or readable by the MySQL server. This implies the user can read any file in any database directory, because the server can access any of those files. The FILE privilege also enables the user to create new files in any directory where the MySQL server has write access. As a security measure, the server will not overwrite existing files. Grant_priv)z GRANT OPTIONzThe GRANT OPTION privilege enables you to give to other users or remove from other users those privileges that you yourself possess.References_priv) REFERENCESz-The REFERENCES privilege currently is unused. Index_priv)INDEXzThe INDEX privilege enables you to create or drop (remove) indexes. INDEX applies to existing tables. If you have the CREATE privilege for a table, you can include index definitions in the CREATE TABLE statement. Alter_priv)ALTERzThe ALTER privilege enables use of ALTER TABLE to change the structure of or rename tables. ALTER TABLE also requires the INSERT and CREATE privileges. Show_db_priv)rasThe SHOW DATABASES privilege enables the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database option. Note that any global privilege is a privilege for the database. Super_priv)SUPERa9The SUPER privilege enables an account to use CHANGE MASTER TO, KILL or mysqladmin kill to kill threads belonging to other accounts (you can always kill your own threads), PURGE BINARY LOGS, configuration changes with SET GLOBAL to modify global system variables, the mysqladmin debug command, enabling or disabling logging, performing updates even if the read_only system variable is enabled, starting and stopping replication on slave servers, and allows you to connect (once) even if the connection limit controlled by the max_connections system variable is reached.Create_tmp_table_priv)zCREATE TEMPORARY TABLESzjThe CREATE TEMPORARY TABLES privilege enables the use of the keyword TEMPORARY in CREATE TABLE statements.)z LOCK TABLESzThe LOCK TABLES privilege enables the use of explicit LOCK TABLES statements to lock tables for which you have the SELECT privilege. This includes the use of write locks, which prevents other sessions from reading the locked table.)EXECUTEzXThe EXECUTE privilege is required to execute stored routines (procedures and functions).)zREPLICATION SLAVEzThe REPLICATION SLAVE privilege should be granted to accounts that are used by slave servers to connect to the current server as their master. Without this privilege, the slave cannot request updates that have been made to databases on the master server.)zREPLICATION CLIENTz\The REPLICATION CLIENT privilege enables the use of SHOW MASTER STATUS and SHOW SLAVE STATUS)z CREATE VIEWz5The CREATE VIEW privilege enables use of CREATE VIEW.)z SHOW VIEWz8The SHOW VIEW privilege enables use of SHOW CREATE VIEW.)zCREATE ROUTINEz\The CREATE ROUTINE privilege is needed to create stored routines (procedures and functions).)z ALTER ROUTINEzbThe ALTER ROUTINE privilege is needed to alter or drop stored routines (procedures and functions).)z CREATE USERzhThe CREATE USER privilege enables use of CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES.)EVENTzThe EVENT privilege is required to create, alter, or drop events for the Event Scheduler. This privilege was added in MySQL 5.1.6.)TRIGGERaThe TRIGGER privilege enables you to create and drop triggers. You must have this privilege for a table to create or drop triggers for that table. This privilege was added in MySQL 5.1.6. (Prior to MySQL 5.1.6, trigger operations required the SUPER privilege.))zCREATE TABLESPACEzdThe CREATE TABLESPACE privilege is needed to create, alter, or drop tablespaces and log file groups.)z* Modify Routines)z* Modify Access Controlr5)Lock_tables_priv Execute_privRepl_slave_privRepl_client_privCreate_view_privShow_view_privCreate_routine_privAlter_routine_privCreate_user_priv Event_priv Trigger_privCreate_tablespace_privRoutine_manage_attrUser_manage_attrc#0K|]\}}|d|fVdS)rNr).0keyvals r rHs.RRxsCc!fc]RRRRRRrmysql)procfuncevent)InsertSelectUpdateDeletezXGRANT INSERT, SELECT, UPDATE, DELETE ON TABLE mysql.`%(table)s` TO '%(user)s'@'%(host)s'z[REVOKE INSERT, SELECT, UPDATE, DELETE ON TABLE mysql.`%(table)s` FROM '%(user)s'@'%(host)s') columns_privdbhost procs_priv tables_privuser)rNrMrOrP)rBrCDBAz&grants the rights to perform all tasksMaintenanceAdminz'grants rights needed to maintain server)r?rr.r!r/ ProcessAdminzMrights needed to assess, monitor, and kill any user process running in server UserAdminz8grants rights to create users logins and reset passwordsr> SecurityAdminzQrights to manage logins and grant and revoke server and database level permission)r'r>rr.rC MonitorAdminz.minimum set of rights needed to monitor server DBManagerz#grants full rights on all databases)rrr'r?r,rr*rrrr1r6r@r:r;r<r=r. DBDesignerz9rights to create and reverse engineer any database schema) rr,r*r@r:r;r<r=r.rBReplicationAdminz-rights needed to setup and manage replication)r9r8r/ BackupAdminz,minimal rights needed to backup any database)r?rr6r.c0t|tur|f}d}d}d}|D]s}t|turtt|D]#}||}|dkrn|dks|dkr|}nd}$|dz|rt |dp|z}t|S)Nr\%_)typestrrangelenmin)tuporderwild_poscharstics r get_acl_sortrts CyyCd EH E  J J 77#   s1vv  A!ADyycQ#XXEE! ?S3-?-? H5I Lrc@t|t|z SN)rt)t1t2s r acl_comparerys   l2.. ..rc~|ddddddS)Nrbz\\rdz\_rcz\%)replace)ss rescape_schema_namer}s6 99T6 " " * *3 5 5 = =c4 H HHrceZdZdZdZdZedZedZedZ dZ dZ d Z d Z d Zd Zd ZdZdZdS) AdminSecurityc||_g|_g|_i|_i|_i|_d|_d|_d|_d|_ g|_ g|_ g|_ dS)NF) ctrl_be _accounts _schema_names _zombie_privs_account_info_cache_schema_privileges_cache has_pluginhas_authentication_stringhas_max_user_connectionshas_password_expiredschema_privilege_namesglobal_privilege_namesuser_table_fields)selfrs r__init__zAdminSecurity.__init__ss #% (*%).&(-%$)!')#')#"$rcg}|jD]7}t|d\}}|r||8|S)NNN)r PrivilegeInfogetappend)rprivsnameprivdescs rget_valid_privilegesz"AdminSecurity.get_valid_privilegessT/ # #D(,,T<@@LT4 # T""" rcL js jd}n1#t$r$}|jdkrt d|z|d}~wwxYw|l|rX|d}|drj ||Xj s jd}n1#t$r$}|jdkrt d|z|d}~wwxYw||r|d}j ||drj |n7|dkrd_ n)|d krd_ n|d krd_n |d krd_|g} jt }nP#t$r$}|jdkrt d|z|d}~wt"$r}t#d |zd}~wwxYw|_|rKt%|d }| ||K||_g} jt*}n$#t"$r}t#d |zd}~wwxYw|r|rpt%|d}t%|d} | || df|pfd} | t,dg} | | t.ddgz } | | t0gdz } | | t2ddgz } i} | D]:\} }| d| ddf} | | vrg| | <| |  |;| _|t7| z }|t;jt>|_ i_!i_"|dS)NzDESCRIBE mysql.dbvzJPlease make sure the account used has rights to the MySQL grant tables. %sField_privzDESCRIBE mysql.usermax_user_connectionsTpluginauthentication_stringpassword_expiredz(Error querying privilege information: %sDatabaseUserHostc j|n/#t$r"}td|d|dgcYd}~Sd}~wwxYwg}rrt d}t d}fd|D}|||fd|fr|S)Nz%Could not get list of invalid privs: z Query:  rrcTg|]$}t|%Sr)r stringByName)rEfresults r zDAdminSecurity.async_refresh..get_zombies..\s/LLLF$7$7$:$:;;LLLr.) r exec_query ExceptionrnextRowrrrjoin) queryfieldserrVrSpartsrrs @r get_zombiesz0AdminSecurity.async_refresh..get_zombiesRs' 0077    TUTUTUW\W\W\]^^^  E >V^^-- >!&"5"5f"="=>>!&"5"5f"="=>>LLLLVLLL tTlCHHUOO<===  >V^^-- > Ls A AA A Db Table_name)rr Column_name Routine_namerrF)#rrrrerrorrrrendswithrrrrrrrLIST_SCHEMAS_QUERYrrsortrLIST_ACCOUNTS_QUERYZOMBIE_SCHEMA_PRIVS_QUERYZOMBIE_TABLE_PRIVS_QUERYZOMBIE_COLUMN_PRIVS_QUERYZOMBIE_PROCS_PRIVS_QUERYrlistkeys functools cmp_to_keyryrr_schema_privileges_by_user)rcallbackrrfield schema_namesraccountsrVrSrrzombiesaccountrs` r async_refreshzAdminSecurity.async_refresh s}* B 001DEE   7d??/0}AB1BCCC  !nn&&B!..w77E~~g..B3::5AAAnn&&B % 9 001FGG   7d??/0}AB1BCCC  !nn&& 9!..w77E*11%888~~g.. 93::5AAAA"8888<55(***."9999=66"444481nn&& 9  L\,,-?@@FF   w$+,y|},}~~~G L L LFJKK K L  .."" *!&"5"5j"A"ABB##D))).."" * ) L\,,-@AAFF L L LFJKK K L  4.."" 4!&"5"5f"="=>>!&"5"5f"="=>>tT 2333.."" 4     " 5v>> 5l7KLLL 68[8[8[\\\ 5n7MNNN" * *MGTqz71:t4Gg%%#% G  # #D ) ) ) )$D((( ).{;; <<<!#% *,' sh% AAA C(( D2DDG<< I H%% I 2II  K++ L 5LL c|jSrvrrs rrzAdminSecurity.schema_namesys !!rc$d|jDS)Nc,g|]}t|Sr)r}rEr|s rrz6AdminSecurity.escaped_schema_names..s!BBB!"1%%BBBrrrs rescaped_schema_namesz"AdminSecurity.escaped_schema_names}sBBt/ABBBBrcB|j|jSrv)rrrs r account_nameszAdminSecurity.account_namess ~rc ttt|t|dz} |jd|j|dS#t$rN}t d|d|dt ||jdkrtd|d|dd |d}~wwxYw) NrVrS use mysqlzError removing account @z: zError removing the account :z]You must have the global CREATE USER privilege or the DELETE privilege for the mysql database) REMOVE_USERrrexec_sqlrrrirr)rusernamerSrrs rdo_delete_accountzAdminSecurity.do_delete_accounts&7&A&AJ[\`JaJabbb  L ! !+ . . . L ! !% ( ( ( ( (    IXXXtttSQRVVVT U U Uw$iRVRVRV W!+,,,G  s4A B7)A B22B7c|jr ||j|j|j|jdf|jvr|j|jdz|jz=||j|jr|j|j|jdf=|j|jdf|jvr)|j|j|jdfdSdS)NTr) is_commitedrrrSr is_zombierrremove)rrs rdelete_accountzAdminSecurity.delete_accounts   C  " "7#3W\ B B B  glD 1T5M M M()9#)=gl)JK >>'*GL 9 9 K"G$4glD#IJ  glD 1T^ C C N ! !7#3W\4"H I I I I I D Crc8 |j|j|jf}|j|jf|j|<|jdz|jz|jvr|j|jdz|jz=n#t $rYnwxYw||j|jdz|jz<|SNr)rindexrrSr ValueError)rrbackuprrs rrevert_accountzAdminSecurity.revert_accounts P$$g&6 %EFFA#)/6;!?DN1 #GL0D4LLL,W-=c-A',-NO     D  EK !4V[!@A s&A00 A=<A=c|}d|_|xjdz c_||j|jdz|jz<|j|j|jdf|S)NF_copyr)copyrrrrSrr)rrrs r copy_accountzAdminSecurity.copy_accountsh||~~   @D s!249!<= t}di?@@@ rc dfd t}d|_td|j|_|j|jdz|jz<j|j|jdf|S)Nc ||rt|ndz}jD];\}}}||kr/||kr)||t|tr|dznd}n<|S)Nr5r)rir isinstanceint) rVrScounterrnhloadedr unique_names rrz1AdminSecurity.create_account..unique_names{G;CLLL=D"&.  Av199&;tT 7TW@X@X3_7199^_``DEKrrcnewuserrFrv) AdminAccountrSrrrrr)racctrs` @rcreate_accountzAdminSecurity.create_accounts       D!! ";;y$)#D#DEE @D s!249!<= t}di?@@@ rc||df|jvSNT)rrrVrSs rrzAdminSecurity.is_zombiesT4 D$666rc>|j||dfdSr)rrrs rget_zombie_privszAdminSecurity.get_zombie_privss"!%%tD$&7>>>rc |dz|z}||jvr||j|dSt|}|||||j|<||dS#tjxYwr)rrloadmforms Utilitiesdriver_shutdown)rrrrSrFrs rasync_get_accountzAdminSecurity.async_get_accounts S # D, , ,ht/4555f &&' ,,tT " " "*1$ "3 ' (7         * * , , , s'A':A''!BcZ|j|jvr |j|j=||j|j<|Srv)rr)rrrs rrevert_user_schema_privsz&AdminSecurity.revert_user_schema_privss3 >T: : :-en=9?%fo6 rN)r r r rrrpropertyrrrrrrrrrrr r rrrrrs#$$$4   mmm`""X"CCXCX    J J J   "777???(rrc2eZdZdZeZdZdZdS)AdminUserDbPrivEntryNcVt|tksJ||_||_dSrv)rhsetrR privileges)rrRrs rrzAdminUserDbPrivEntry.__init__s-J3&&&&$rcZt|j|jSrv)rrRrrrs rrzAdminUserDbPrivEntry.copys"#DGT_-A-A-C-CDDDr)r r r rRrrrrrrrrrsG BJ%%% EEEEErrcLeZdZdZdZedZdZdZdZ dZ dZ dS) AdminUserDbPrivsNc0||_g|_g|_dSrv)_ownerentries_deleted_entriesrowners rrzAdminUserDbPrivs.__init__s  "rc$|jjjSrv)rrrs rrz'AdminUserDbPrivs.schema_privilege_names s{!88rct|j}d|jD|_|jdd|_|S)Nc6g|]}|Sr)rrErs rrz)AdminUserDbPrivs.copy..s 777Q777r)rrrrrrs rrzAdminUserDbPrivs.copy sA ,,77$,777 $ 5aaa 8 rcZt||}|j||Srv)rrr)rrRrentrys r add_entryzAdminUserDbPrivs.add_entrys,$R44 E""" rc`|j|j||j|=dSrv)rrr)rrs r del_entryzAdminUserDbPrivs.del_entrys0 $$T\%%8999 L   rctt|jjt|jjdz} |jj|}n$#t$r}td|zd}~wwxYwg|_| rt}|j D]2}| |}|dkr| |3t| d}|jt!||| |jt%jdg|_dS)Nr'Error querying security information: %sYrc6t|j|jSrv)ryrR)abs rz'AdminUserDbPrivs.load..4s ADRSRV@W@Wrr)GET_ACCOUNT_SCHEMA_PRIVS_QUERYrrrrSrrrrrrrraddrrrrrrr)rrrrrrvalueschemas rrzAdminUserDbPrivs.loads.:KDKL`:a:ak|~B~I~NlOlO2P2PP K[(33E::FF K K KEIJJ J K nn EEEE3 $ $++D11C<<IIdOOO 3 3D 9 9::F L   4VU C C D D Dnn E i23W3WXXYYY "sA A>'A99A>c|jjdd|jDd|jDzD]\}}t |jjt |jj|jd}g}g}|j D]`}t |d\}}|s#|s ||j vs|j s| |K| |a|rs|sqd||d< |jjt|zn0#t $r#} | jdvrt%d |zd | d} ~ wwxYw|rrd||d < |jjt&|zd#t $r#} | jdvrt%d |zd | d} ~ wwxYwdS)Nrcg|]}d|fS)Trrs rrz)AdminUserDbPrivs.save..<sHHHQayHHHrcg|]}d|fS)Frrs rrz)AdminUserDbPrivs.save..<sKmKmKm[\UTUJKmKmKmr)rVrSrRr, granted_privs)izAError assigning privileges for %(user)s@%(host)s in schema %(db)sz`You must have the GRANT OPTION privilege, and you must have the privileges that you are granting revoked_privsz@Error revoking privileges for %(user)s@%(host)s in schema %(db)sz`You must have the GRANT OPTION privilege, and you must have the privileges that you are revoking)rrrrrrrrSrRrrrrrrGRANT_SCHEMA_PRIVILEGES_QUERYrrrREVOKE_SCHEMA_PRIVILEGES_QUERY) rdeletedr"rr5r7r priv_name descriptionrs rsavezAdminUserDbPrivs.save8sd $$[111HH$2GHHHKmKm`d`lKmKmKmm# # NGU/ 0DEE/ 0@AA!HF MM3 4 4+8+<+'F'' G1GG) r r r rrr rrr#r%rr=rrrrrs F### 99X9    ###2'''''rrcReZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZdZdZdZdZdZdZdZeZeZeZeZiZdZdZedZdZ dZ!dZ"d Z#ed Z$d Z%d Z&ed Z'edZ(dZ)dZ*dZ+dZ,dZ-dS)rNFrc<||_t||_dSrv)rr schema_privsrs rrzAdminAccount.__init__s ,T22rc|jjSrv)rrrs rrzAdminAccount.ctrl_bes {""rc@|j|jd|jS|jSr)rSrrs rformatted_namezAdminAccount.formatted_names' 9 "mmmTYY7 7= rct|j}|j|_|j|_|j|_|j|_|j|_|j|_|j |_ |j |_ |j |_ |j |_ |j |_ |j|_|j|_|j|_|j|_|Srv)rrr@rrpasswordconfirm_passwordrrS max_questions max_updatesmax_connectionsr auth_plugin auth_stringr _global_privs_custom_checked_privsr s rrzAdminAccount.copysDK(( -2244    $  $ 5I !/+#3$($=!+++!/4466%)%?%D%D%F%F" rc|}|j|_|j|_|j|_|j|_|Srv)r_orig_username_orig_password_orig_auth_string _orig_hostr s rsnapshot_for_revertz AdminAccount.snapshot_for_reverts>yy{{"1"1!%!7/ rc|r|j|gdS|j|g|j|gdSrv)rLupdatedifference_update_remembered_custom_privs)rrflags r toggle_privzAdminAccount.toggle_privsb  D   % %tf - - - - -   0 0$ 8 8 8  ) ; ;TF C C C C Crc8t|jp|jSrv)boolrWrMrs ris_custom_role_neededz"AdminAccount.is_custom_role_neededsD1OT5OPPPrc,t|_dSrv)rrWrs rforget_custom_privsz AdminAccount.forget_custom_privss(+%%%rcfd}||}|r:|rj|dSj|dSdS)Nc|dkrjStD]:\}}}||kr.t|jjcS;tSNCustom)rWSecurityAdminRolesr intersectionrr)rolernamerdescrprivsrs rprivs_for_rolez0AdminAccount.toggle_role..privs_for_roleskx44(: X X$ufD==v;;33DK4VWWWWW!55Lr)rLrUrV)rrerXrirs` r toggle_rolezAdminAccount.toggle_roles     t$$  < <"))%00000"44U;;;;;  < .s/III !!!aS))!,IIIr)rLrs rraw_privilege_namesz AdminAccount.raw_privilege_namessIId6HIIIIrcJtt|j|jdz} |jjd|jj|dS#t$r2}|jdkr!td|jd|jddd}~wwxYw)Nrrrz+Error revoking privileges for the account rrz]You must have the global CREATE USER privilege or the UPDATE privilege for the mysql database) REVOKE_ALLrrrSrrrrrrrcommandrs r revoke_allzAdminAccount.revoke_alls'8'G'GtyYYY  K  ( ( 5 5 5 K  ( ( 1 1 1 1 1   w$iW[WdWdWdfjfofofo p!+,,,  s>A&& B"0-BB"c Dtt|j|jdz} |jjd|jj|n4#t$r'}td|jd|jd|d}~wwxYwd|_ dS)Nrrz%Error expiring password for account r: T) EXPIRE_PASSWORDrrrSrrrrrrrys rexpire_passwordzAdminAccount.expire_passwords!,=dm,L,LTXT]$^$^^ n K  ( ( 5 5 5 K  ( ( 1 1 1 1 n n n)PTP]P]P]_c_h_h_hjkjklmm m n $s>A%% B/"BBc (g}jjkrtd|djstdjr_jjksjjkr?jjfj j vr$td znFjs?jjdfj j vr$td zjrtjnjjrtjnjtjpdtjpdtjpdj rtj ndjrtjndd}d }jsj rzjt}ntj d krEj jjr,j jjt%d d d krt}n,t&}n$j dkrt(}nt*}n t,}d}||zg|dd <n@jjJjjksjjkrt.|zg|dd <gdj jrdgpgz}djjjgj jrjgpgzD}t;t=t?||}|j k}dtCfdj j"D} j#j$z | z} | j$z } | j#z | z } | s|rZd| vrd|d<| %d| | z tCdgkrdg} n d| D} d&| pd|d<tN|z}d}|(D]W\}}|j )|kr4|dkr|dkr||dzH|sd}||d|dz }Xj jjrZj jjt%dd d kr6|||tT|z|zn|||z| rd| | z rBd | D} d&| |d!<|tV|zn|tX|zjj-kr-|s*j jjr+j jjt%d d d"krt\nt^}j jjr+j jjt%d d d"krt`nt`}j jjrZj jjt%dd d kr6j d#kr|d$n|d%|d&r|||zn|||zjrd'nd(}|D]} j j1|##td$r}|j3d)kr#tid*|d+jd,jd-|j3d.kr#tid*|d+jd,jd/tid*|d+jd,jd0|j5p|d}~wth$r*}tid*|d+jd,jd0|d}~wwxYwtCd1j#D}tCd2j$D}fd3}fd4}|6|D] }|||6|D] }||d_j78dS)5NHThe new password and its confirmation don't match. Please re-enter them.rHost name must not be blankz4The '%s' account already exists and cannot be saved.TNULLr5)old_userold_hostrVrSrErJrKFmysql_native_passwordrcaching_sha2_passwordMAX_QUERIES_PER_HOURMAX_UPDATES_PER_HOURMAX_CONNECTIONS_PER_HOURMAX_USER_CONNECTIONSc,g|]}t|Sr)rirs rrz%AdminAccount.save..2s0oooQ#a&&ooorct|ddo*t|ddddkS)Nrr*rs)rs rr,z#AdminAccount.save..6sH):):4)M)Ma)P*[)6):):4)M)Ma)PQR)SWZ)Zrc32K|]}| |VdSrvr)rEris_normal_privs rrHz$AdminAccount.save..:s5mmWeWefjWkWkmmmmmmmrr'OPTIONGRANTzALL PRIVILEGESc4g|]}t|dSrrrrErs rrz%AdminAccount.save..G"TTTmD1!4TTTrr4USAGEr5zWITH GRANT OPTIONz WITH  rfc4g|]}t|dSrrrrs rrz%AdminAccount.save..]rrr7sha256_passwordzSET old_passwords = 2SET old_passwords = 0rEchangingcreatingrError account r*: Insufficient rights to perform operationr6 : Missing GRANT OPTION privileger}c<g|]}|d|S_attrrrts rrz%AdminAccount.save..s)NNNq!**W:M:MNNNNrc<g|]}|d|Srrrts rrz%AdminAccount.save..s)SSSqqzz'?R?RSSSSrc t|\}}}}}d|vr9|D]4}||jjdz}jj|5dS||jjdz}jj|dSNz %(table)s)tablerVrSAdminAttributesrrSrrr rrRtablesrgrantrevokerrrs r grant_specialz(AdminAccount.save..grant_specials/>t/D ,Bufe###88E!U4=QUQZ$[$[[EK'00777788t}TY W WW #,,U33333rc t|\}}}}}d|vr9|D]4}||jjdz}jj|5dS||jjdz}jj|dSrrrs rrevoke_specialz)AdminAccount.save..revoke_specials/>t/D ,Buff$$#88E"eDMRVR[%\%\\EK'00777788t}TY W WW #,,U33333r)9rErFr rrSrrrOrRrrrCrrJrKCREATE_USER_QUERY_PLUGINrtarget_versionr$CREATE_USER_QUERY_PLUGIN_AUTH_NATIVE%CREATE_USER_QUERY_PLUGIN_AUTH_CACHING$CREATE_USER_QUERY_PLUGIN_AUTH_STRINGCREATE_USER_QUERYRENAME_USER_QUERYrrGrHrIrdictrzip_orig_account_limitsrrrL_orig_global_privsrrGRANT_GLOBAL_PRIVILEGES_QUERYitemsrALTER_USER_RESOURCESREVOKE_GLOBAL_PRIVILEGES_QUERYrxrPCHANGE_PASSWORD_QUERYCHANGE_PASSWORD_QUERY_576BLANK_PASSWORD_QUERYrrrr errortext differencer@r=)rqueriesrpassword_already_set create_querynamesvaluesaccount_limitslimits_changedall_normal_privsnew_granted_privsorig_revoked_privsnew_revoked_privs priv_list grant_query with_clauserFr/ change_pwblank_pwactionrr new_attrs old_attrsrrrrs` @rr=zAdminAccount.savesX  =D1 1 1+,vww w {### y K+,IJJ J   B$2E!E!EVZVeIeIe ty)T[-FFF/0fjnj}j}jj1ABBBG! B ty$/4;3LLL/0fjnj}j}jj1ABBBDHCVo*4+>???\`\o?Cc*4?;;;TXTc&t}55?&ty117R*4=+>B??CGCS]-d.>???Y]CGCS]-d.>???Y]   % = ,#+#;LL%)@@@ +:Lt{?R?adklmoprsdtdt?t?t'? 'K %)@@@#HLL#GLL0 '+$(613GBQBKK&2t7R7R7R"dm33t$)7S7S 1F :< \\\`d`kaEabKaJbahfhioo4#5t7GI]"^bfbmcGcgMQMfLgcmkm#noood3uf#5#56677'4+DD))mmmm1Smmmmm!/$2IIM]].1HH,t/AADVV  : :000*2w'!((666 #44l^9L9LLL-. TTARTTT &*ii &:&:&EgF? #7&@KK,2244 9 9 UD599#>>>>g~~%8*;*;{5H'HIII &/&. SSS%%%#88K{"1 :dk6I6X\cdeghjk\l\l6l6l{+++ 4v =LMMMM{[8999  4"33 4TTARTTT *.))I*>*>'=FGGGGzF2333 =D/ / /8L /151D1SkX\XcXkXz~EFGHIJK~L~LYLYL--RkI/3{/B/QdVZVaViVx|CDEFGHI|J|JWJWJ++PdH{"1 #>?? v226::;; 3+ "m)!%!1#--o>>!++M::%//0ABB*-d.@*A*A*-d.>*?*?*-d.B*C*C%&%&! ; / _(.(8(89O(P(PD %@CDD]@^@^D %&< = ; ! =%228<OPX>Y>Yars{a|a|6}6}} B[(33E::FF B B B|jjj ddd r|d |z|d |jjj r+|jjj tdd d krtnt}|||z|d d }|D]} |jj|##t$r}|jdkr#t#d|d|jd|jd|jdkr#t#d|d|jd|jdt#d|d|jd|jd|jp|d}~wt"$r*}t#d|d|jd|jd|d}~wwxYwdS)Nrrrrr5)rVrSrErrrzdUPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = '%(user)s' AND host = '%(host)s'rrrrrrrrr6rr})rErFr rrSrrrrr#is_supported_mysql_version_at_leastrrrrrrrr)rrrrrrrs rupgrade_password_formatz$AdminAccount.upgrade_password_format sB =D1 1 1+,vww w{###y K+,IJJ J't}55?&ty117R*4=+>B??   ./// ;  - L$+2E2T2x2xyz|}@A3B3B L NNBEKK L L L)***-1[-@-OgTXT_TgTvzABCDEFGzHzHUHUH))Ng y6)***)*** d dE d #,,U3333 w w w7d??#)hnhnhnptp}p}p}@D@I@I@I%JKKKW__#)^d^d^dfjfsfsfsuyu~u~u~$AAA#)&&&$---Y]YbYbYbdedodtstdt$uvvv d d difffdmmmUYU^U^U^`a`a bccc d d ds%?F I()BH11 I(>%I##I().r r r rrOrRrPrQrrErFrrSr@rGrHrIrrJrKrrrrLrMrWrrrrr rrCrrSrYr\r^rjrorvr{rr=rrrrrrrbs FNJNHH DLMKOKKNCEEMCEE"suuK333##X#!!! &DDDQQXQ...<<<   X  JJXJ   %%%l!l!l!`a!a!a!F$d$d$d$d$drr);workbench.db_utilsrrworkbench.utilsr wb_commonrrr workbench.logrrrr rrrrrrrr-rrrrrrrrrGRANT_LIMITS_QUERYrrrrBLANK_PASSWORD_QUERY_576r9r8r~FLUSH_PRIVILEGESrxrrrrPrivilegeReverseDictrrrrcrtryr}objectrrrrrrrrsL,=<<<<<<<######77777777 ######        H%cyJJm!o'A#U(B$`(%(E$9 Y!]QX[D[N!d `D% M / 6 f6 L6R6W 6 m 6  b 6P6Q6i6 I6& g'6(R)6* q+6, t-6.e/66 n76DcE6FPwmK\[JNP^eX24i666 ptRR=;N;N;P;PRRRRR!'''666hk mQQQ666hk m:0D     >PPPR`L!# H')eYYY[A 3wwwxJjjjkD999;>EEEG-:,///IIIIIIIIFIII\ E E E E E6 E E E ^^^^^v^^^BLdLdLdLdLd6LdLdLdLdLdr