You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2016/03/19 12:46:01 UTC
incubator-ranger git commit: RANGER-875: Restrict Grantor privileges
of Ranger db user for Oracle DB Flavor
Repository: incubator-ranger
Updated Branches:
refs/heads/ranger-0.5 de2f17ee7 -> 9578a683a
RANGER-875: Restrict Grantor privileges of Ranger db user for Oracle DB Flavor
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/9578a683
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/9578a683
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/9578a683
Branch: refs/heads/ranger-0.5
Commit: 9578a683a022a1406b0067d525bef5e7f0591f1f
Parents: de2f17e
Author: Pradeep Agrawal <pr...@freestoneinfotech.com>
Authored: Mon Mar 7 15:40:17 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Sat Mar 19 17:15:43 2016 +0530
----------------------------------------------------------------------
kms/scripts/dba_script.py | 20 +++---
security-admin/scripts/db_setup.py | 35 +++++++---
security-admin/scripts/dba_script.py | 103 +++---------------------------
3 files changed, 45 insertions(+), 113 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578a683/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index 1e039e5..99ca3cf 100755
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -403,11 +403,11 @@ class OracleConf(BaseDB):
log("[I] User " + db_user + " created", "info")
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
@@ -502,11 +502,11 @@ class OracleConf(BaseDB):
if ret == 0:
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
@@ -520,18 +520,18 @@ class OracleConf(BaseDB):
sys.exit(1)
else:
logFile("alter user %s DEFAULT Tablespace %s;" %(db_user, db_name))
- logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;" % (db_user))
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode):
if dryMode == False:
get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
@@ -541,15 +541,15 @@ class OracleConf(BaseDB):
log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;" % (db_user))
def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name):
logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.")
logFile('create user %s identified by "%s";'%(db_user, db_password))
- logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'%(db_user))
logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
logFile('alter user %s DEFAULT Tablespace %s;'%(db_user, db_name))
- logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'%(db_user))
class PostgresConf(BaseDB):
# Constructor
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578a683/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 4b328d0..9732442 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -450,16 +450,6 @@ class OracleConf(BaseDB):
def grant_audit_db_user(self, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password):
get_cmd = self.get_jisql_cmd(db_user, db_password)
if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user)
- jisql_log(query, db_password)
- ret = subprocess.call(shlex.split(query))
- elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" % (audit_db_user)
- jisql_log(query, db_password)
- ret = subprocess.call(query)
- if ret != 0:
- sys.exit(1)
- if os_name == "LINUX":
query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user)
jisql_log(query, db_password)
ret = subprocess.call(shlex.split(query))
@@ -809,7 +799,31 @@ class PostgresConf(BaseDB):
log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error")
sys.exit(1)
+ def create_language_plpgsql(self,db_user, db_password, db_name):
+ get_cmd = self.get_jisql_cmd(db_user, db_password, db_name)
+ if os_name == "LINUX":
+ query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\""
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\" -c ;"
+ jisql_log(query, db_password)
+ output = check_output(query)
+ if not output.strip('1 |'):
+ if os_name == "LINUX":
+ query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\""
+ jisql_log(query, db_password)
+ ret = subprocess.call(shlex.split(query))
+ elif os_name == "WINDOWS":
+ query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\" -c ;"
+ jisql_log(query, db_password)
+ ret = subprocess.call(query)
+ if ret == 0:
+ log("[I] LANGUAGE plpgsql created successfully", "info")
+ else:
+ log("[E] LANGUAGE plpgsql creation failed", "error")
+ sys.exit(1)
+
def import_db_patches(self, db_name, db_user, db_password, file_name):
+ self.create_language_plpgsql(db_user, db_password, db_name)
name = basename(file_name)
if os.path.isfile(file_name):
version = name.split('-')[0]
@@ -853,6 +867,7 @@ class PostgresConf(BaseDB):
def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME):
log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info")
+ self.create_language_plpgsql(db_user, db_password, audit_db_name)
output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME)
if output == True:
name = basename(file_name)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/9578a683/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index 66b2848..0ebd90b 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -429,11 +429,11 @@ class OracleConf(BaseDB):
log("[I] User " + db_user + " created", "info")
log("[I] Granting permission to " + db_user, "info")
if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
@@ -527,27 +527,12 @@ class OracleConf(BaseDB):
jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
- log("[I] Granting permission to " + db_user, "info")
- if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- jisql_log(query, db_root_password)
- ret = subprocess.call(shlex.split(query))
- elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
- jisql_log(query, db_root_password)
- ret = subprocess.call(query)
- if ret == 0:
- log("[I] Granting Oracle user '" + db_user + "' done", "info")
- return status
- else:
- log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
- sys.exit(1)
+ log("[I] Assigning default tablespace to user '" + db_user + "' done..", "info")
else:
log("[E] Assigning default tablespace to user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
logFile("alter user %s DEFAULT Tablespace %s;" %(db_user, db_name))
- logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,dryMode):
@@ -578,45 +563,8 @@ class OracleConf(BaseDB):
else:
logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name))
- if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name,dryMode):
- if dryMode == False:
- log("[I] Tablespace " + db_name + " already exists.","info")
- status2 = True
- else:
+ if (status1 == True):
if dryMode == False:
- log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info")
- get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password)
- if os_name == "LINUX":
- query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name)
- jisql_log(query, audit_db_root_password)
- ret = subprocess.call(shlex.split(query))
- elif os_name == "WINDOWS":
- query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name)
- jisql_log(query, audit_db_root_password)
- ret = subprocess.call(query)
- if ret != 0:
- log("[E] Tablespace creation failed..","error")
- sys.exit(1)
- else:
- log("[I] Creating tablespace "+ db_name + " succeeded", "info")
- status2 = True
- else:
- logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
-
- if (status1 == True and status2 == True):
- if dryMode == False:
- log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info")
- # Assign default tablespace db_name
- get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
- if os_name == "LINUX":
- query = get_cmd +" -c \; -query 'alter user %s DEFAULT Tablespace %s;'" %(audit_db_user, db_name)
- jisql_log(query, audit_db_root_password)
- ret1 = subprocess.call(shlex.split(query))
- elif os_name == "WINDOWS":
- query = get_cmd +" -query \"alter user %s DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, db_name)
- jisql_log(query, audit_db_root_password)
- ret1 = subprocess.call(query)
-
log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info")
# Assign default tablespace audit_db_name
get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password)
@@ -629,37 +577,22 @@ class OracleConf(BaseDB):
jisql_log(query, audit_db_root_password)
ret2 = subprocess.call(query)
- if (ret1 == 0 and ret2 == 0):
- log("[I] Granting permission to " + db_user, "info")
- if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- jisql_log(query, audit_db_root_password)
- ret = subprocess.call(shlex.split(query))
- elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
- jisql_log(query, audit_db_root_password)
- ret = subprocess.call(query)
- if ret == 0:
- return True
- else:
- log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
- sys.exit(1)
+ if (ret2 == 0):
+ log("[I] Assigning default tablespace to user '" + audit_db_user + "' done..", "info")
else:
return False
else:
- logFile("alter user %s DEFAULT Tablespace %s;" %(audit_db_user, db_name))
logFile("alter user %s DEFAULT Tablespace %s;" %(audit_db_user, audit_db_name))
- logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode):
if dryMode == False:
get_cmd = self.get_jisql_cmd(root_user ,db_root_password)
if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
+ query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(shlex.split(query))
elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
+ query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user)
jisql_log(query, db_root_password)
ret = subprocess.call(query)
if ret == 0:
@@ -669,7 +602,7 @@ class OracleConf(BaseDB):
log("[E] Granting Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
else:
- logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
+ logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;" % (db_user))
def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode):
if DBA_MODE == "TRUE":
@@ -694,20 +627,6 @@ class OracleConf(BaseDB):
if ret == 0:
if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode):
log("[I] User " + db_user + " created", "info")
- log("[I] Granting permission to " + db_user, "info")
- if os_name == "LINUX":
- query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user)
- jisql_log(query, audit_db_root_password)
- ret = subprocess.call(shlex.split(query))
- elif os_name == "WINDOWS":
- query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user)
- jisql_log(query, audit_db_root_password)
- ret = subprocess.call(query)
- if ret == 0:
- log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info")
- else:
- log("[E] Granting permissions to Oracle user '" + db_user + "' failed..", "error")
- sys.exit(1)
else:
log("[E] Creating Oracle user '" + db_user + "' failed..", "error")
sys.exit(1)
@@ -716,7 +635,6 @@ class OracleConf(BaseDB):
sys.exit(1)
else:
logFile("create user %s identified by \"%s\";" %(db_user, db_password))
- logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user))
if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode):
if dryMode == False:
@@ -760,7 +678,7 @@ class OracleConf(BaseDB):
def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name):
logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.")
logFile('create user %s identified by "%s";'%(db_user, db_password))
- logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user))
+ logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s;'%(db_user))
logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name))
logFile('alter user %s DEFAULT tablespace %s;'%(db_user, db_name))
if not db_user == audit_db_user:
@@ -768,7 +686,6 @@ class OracleConf(BaseDB):
logFile('GRANT CREATE SESSION TO %s;' %(audit_db_user))
logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name))
logFile('alter user %s DEFAULT tablespace %s;' %(audit_db_user, audit_db_name))
- logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user))
class PostgresConf(BaseDB):
# Constructor