From 7e429405c46fb8f9c5e19682db275be5a308a171 Mon Sep 17 00:00:00 2001 From: Pradeep Agrawal Date: Mon, 7 Mar 2016 15:40:17 +0530 Subject: [PATCH] RANGER-875:Restrict Grantor privileges of Ranger db user for Oracle DB Flavor Signed-off-by: Velmurugan Periasamy --- kms/scripts/dba_script.py | 20 +++--- security-admin/scripts/db_setup.py | 35 ++++++--- security-admin/scripts/dba_script.py | 103 +++------------------------ 3 files changed, 45 insertions(+), 113 deletions(-) diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py index 1e039e5356..99ca3cf864 100755 --- a/kms/scripts/dba_script.py +++ b/kms/scripts/dba_script.py @@ -403,11 +403,11 @@ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password log("[I] User " + db_user + " created", "info") log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -502,11 +502,11 @@ def assign_tablespace(self, root_user, db_root_password, db_user, db_password, d if ret == 0: log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -520,18 +520,18 @@ def assign_tablespace(self, root_user, db_root_password, db_user, db_password, d sys.exit(1) else: logFile("alter user %s DEFAULT Tablespace %s;" %(db_user, db_name)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;" % (db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode): if dryMode == False: get_cmd = self.get_jisql_cmd(root_user ,db_root_password) if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -541,15 +541,15 @@ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_pas log("[E] Granting Oracle user '" + db_user + "' failed..", "error") sys.exit(1) else: - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;" % (db_user)) def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name): logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.") logFile('create user %s identified by "%s";'%(db_user, db_password)) - logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user)) + logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'%(db_user)) logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) logFile('alter user %s DEFAULT Tablespace %s;'%(db_user, db_name)) - logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'%(db_user)) + logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'%(db_user)) class PostgresConf(BaseDB): # Constructor diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index 1a74b4ab46..f2cc9b9aa9 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -449,16 +449,6 @@ def check_connection(self, db_name, db_user, db_password): def grant_audit_db_user(self, audit_db_name ,db_user,audit_db_user,db_password,audit_db_password): get_cmd = self.get_jisql_cmd(db_user, db_password) - if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION TO %s;'" % (audit_db_user) - jisql_log(query, db_password) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" % (audit_db_user) - jisql_log(query, db_password) - ret = subprocess.call(query) - if ret != 0: - sys.exit(1) if os_name == "LINUX": query = get_cmd + " -c \; -query 'GRANT SELECT ON %s.XA_ACCESS_AUDIT_SEQ TO %s;'" % (db_user,audit_db_user) jisql_log(query, db_password) @@ -809,7 +799,31 @@ def grant_audit_db_user(self, audit_db_name , db_user, audit_db_user, db_passwor log("[E] Granting insert privileges to Postgres user '" + audit_db_user + "' failed", "error") sys.exit(1) + def create_language_plpgsql(self,db_user, db_password, db_name): + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1 FROM pg_catalog.pg_language WHERE lanname='plpgsql';\" -c ;" + jisql_log(query, db_password) + output = check_output(query) + if not output.strip('1 |'): + if os_name == "LINUX": + query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\"" + jisql_log(query, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE LANGUAGE plpgsql;\" -c ;" + jisql_log(query, db_password) + ret = subprocess.call(query) + if ret == 0: + log("[I] LANGUAGE plpgsql created successfully", "info") + else: + log("[E] LANGUAGE plpgsql creation failed", "error") + sys.exit(1) + def import_db_patches(self, db_name, db_user, db_password, file_name): + self.create_language_plpgsql(db_user, db_password, db_name) name = basename(file_name) if os.path.isfile(file_name): version = name.split('-')[0] @@ -853,6 +867,7 @@ def import_db_patches(self, db_name, db_user, db_password, file_name): def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info") + self.create_language_plpgsql(db_user, db_password, audit_db_name) output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME) if output == True: name = basename(file_name) diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 66b28482ae..0ebd90bdab 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -429,11 +429,11 @@ def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password log("[I] User " + db_user + " created", "info") log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -527,27 +527,12 @@ def assign_tablespace(self, root_user, db_root_password, db_user, db_password, d jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: - log("[I] Granting permission to " + db_user, "info") - if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - jisql_log(query, db_root_password) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) - jisql_log(query, db_root_password) - ret = subprocess.call(query) - if ret == 0: - log("[I] Granting Oracle user '" + db_user + "' done", "info") - return status - else: - log("[E] Granting Oracle user '" + db_user + "' failed..", "error") - sys.exit(1) + log("[I] Assigning default tablespace to user '" + db_user + "' done..", "info") else: log("[E] Assigning default tablespace to user '" + db_user + "' failed..", "error") sys.exit(1) else: logFile("alter user %s DEFAULT Tablespace %s;" %(db_user, db_name)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, audit_db_user, db_password, audit_db_password, audit_db_root_password,dryMode): @@ -578,45 +563,8 @@ def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, au else: logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name)) - if self.verify_tablespace(audit_db_root_user, audit_db_root_password, db_name,dryMode): - if dryMode == False: - log("[I] Tablespace " + db_name + " already exists.","info") - status2 = True - else: + if (status1 == True): if dryMode == False: - log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info") - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - if os_name == "LINUX": - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) - jisql_log(query, audit_db_root_password) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name) - jisql_log(query, audit_db_root_password) - ret = subprocess.call(query) - if ret != 0: - log("[E] Tablespace creation failed..","error") - sys.exit(1) - else: - log("[I] Creating tablespace "+ db_name + " succeeded", "info") - status2 = True - else: - logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) - - if (status1 == True and status2 == True): - if dryMode == False: - log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info") - # Assign default tablespace db_name - get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) - if os_name == "LINUX": - query = get_cmd +" -c \; -query 'alter user %s DEFAULT Tablespace %s;'" %(audit_db_user, db_name) - jisql_log(query, audit_db_root_password) - ret1 = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd +" -query \"alter user %s DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, db_name) - jisql_log(query, audit_db_root_password) - ret1 = subprocess.call(query) - log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info") # Assign default tablespace audit_db_name get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) @@ -629,37 +577,22 @@ def create_auditdb(self, audit_db_root_user, db_name ,audit_db_name, db_user, au jisql_log(query, audit_db_root_password) ret2 = subprocess.call(query) - if (ret1 == 0 and ret2 == 0): - log("[I] Granting permission to " + db_user, "info") - if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - jisql_log(query, audit_db_root_password) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) - jisql_log(query, audit_db_root_password) - ret = subprocess.call(query) - if ret == 0: - return True - else: - log("[E] Granting Oracle user '" + db_user + "' failed..", "error") - sys.exit(1) + if (ret2 == 0): + log("[I] Assigning default tablespace to user '" + audit_db_user + "' done..", "info") else: return False else: - logFile("alter user %s DEFAULT Tablespace %s;" %(audit_db_user, db_name)) logFile("alter user %s DEFAULT Tablespace %s;" %(audit_db_user, audit_db_name)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode): if dryMode == False: get_cmd = self.get_jisql_cmd(root_user ,db_root_password) if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;'" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;\" -c ;" % (db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -669,7 +602,7 @@ def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_pas log("[E] Granting Oracle user '" + db_user + "' failed..", "error") sys.exit(1) else: - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) + logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s;" % (db_user)) def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): if DBA_MODE == "TRUE": @@ -694,20 +627,6 @@ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_nam if ret == 0: if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode): log("[I] User " + db_user + " created", "info") - log("[I] Granting permission to " + db_user, "info") - if os_name == "LINUX": - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - jisql_log(query, audit_db_root_password) - ret = subprocess.call(shlex.split(query)) - elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) - jisql_log(query, audit_db_root_password) - ret = subprocess.call(query) - if ret == 0: - log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info") - else: - log("[E] Granting permissions to Oracle user '" + db_user + "' failed..", "error") - sys.exit(1) else: log("[E] Creating Oracle user '" + db_user + "' failed..", "error") sys.exit(1) @@ -716,7 +635,6 @@ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_nam sys.exit(1) else: logFile("create user %s identified by \"%s\";" %(db_user, db_password)) - logFile("GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;" % (db_user)) if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode): if dryMode == False: @@ -760,7 +678,7 @@ def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_nam def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.") logFile('create user %s identified by "%s";'%(db_user, db_password)) - logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user)) + logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s;'%(db_user)) logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) logFile('alter user %s DEFAULT tablespace %s;'%(db_user, db_name)) if not db_user == audit_db_user: @@ -768,7 +686,6 @@ def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root logFile('GRANT CREATE SESSION TO %s;' %(audit_db_user)) logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name)) logFile('alter user %s DEFAULT tablespace %s;' %(audit_db_user, audit_db_name)) - logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user)) class PostgresConf(BaseDB): # Constructor