Repository: incubator-ranger Updated Branches: refs/heads/master b3b773216 -> cb2dc3146
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cb2dc314/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 8b790ba..ad220f2 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -18,6 +18,7 @@ import sys import errno import shlex import logging +import platform import subprocess import fileinput import getpass @@ -26,8 +27,14 @@ from subprocess import Popen,PIPE from datetime import date globalDict = {} +os_name = platform.system() +os_name = os_name.upper() + def check_output(query): - p = subprocess.Popen(query, stdout=subprocess.PIPE) + if os_name == "LINUX": + p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE) + elif os_name == "WINDOWS": + p = subprocess.Popen(query, stdout=subprocess.PIPE, shell=True) output = p.communicate ()[0] return output @@ -51,7 +58,6 @@ def populate_global_dict(): if re.search('=', each_line): key , value = each_line.strip().split("=",1) key = key.strip() - if 'PASSWORD' in key: jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks') statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get') @@ -78,6 +84,7 @@ def logFile(msg): else: print("Invalid input! Provide file path to write DBA scripts:") sys.exit() + class BaseDB(object): def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): @@ -89,7 +96,7 @@ class BaseDB(object): def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): log("[I] ---------- Verifying database ----------", "info") - def create_auditdb_user(self, xa_db_host , audit_db_host , db_name ,audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): + def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE, dryMode): log("[I] ---------- Create audit user ----------", "info") @@ -102,14 +109,22 @@ class MysqlConf(BaseDB): def get_jisql_cmd(self, user, password ,db_name): #TODO: User array for forming command - jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) + path = os.getcwd() + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,self.host,db_name,user,password) + elif os_name == "WINDOWS": + self.JAVA_BIN = self.JAVA_BIN.strip("'") + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode): if dryMode == False: log("[I] Verifying user " + db_user+ " for Host "+ host, "info") - query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host) + output = check_output(query) if output.strip(db_user + " |"): return True else: @@ -118,8 +133,11 @@ class MysqlConf(BaseDB): def check_connection(self, db_name, db_user, db_password): #log("[I] Checking connection..", "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) - query = get_cmd + " -query \"SELECT version();\"" - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT version();\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT version();\" -c ;" + output = check_output(query) if output.strip('Production |'): #log("[I] Checking connection passed.", "info") return True @@ -139,8 +157,12 @@ class MysqlConf(BaseDB): if db_password == "": if dryMode == False: log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") - query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host) + ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, host, db_user, get_cmd): log("[I] MySQL user " + db_user +" created for host " + host ,"info") @@ -152,8 +174,12 @@ class MysqlConf(BaseDB): else: if dryMode == False: log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") - query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user,host,db_password) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\" -c ;" %(db_user, host, db_password) + ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode): log("[I] MySQL user " + db_user +" created for host " + host ,"info") @@ -171,8 +197,11 @@ class MysqlConf(BaseDB): if dryMode == False: log("[I] Verifying database " + db_name , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name) + output = check_output(query) if output.strip(db_name + " |"): return True else: @@ -185,10 +214,16 @@ class MysqlConf(BaseDB): log("[I] Database "+db_name + " already exists.","info") else: get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"create database %s;\"" %(db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"create database %s;\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name) if dryMode == False: log("[I] Database does not exist, Creating database " + db_name,"info") - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + ret = subprocess.call(query) if ret != 0: log("[E] Database creation failed..","error") sys.exit(1) @@ -210,10 +245,10 @@ class MysqlConf(BaseDB): for host in hosts_arr: get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) - ret = subprocess.check_call(shlex.split(query)) + ret = subprocess.call(shlex.split(query)) if ret == 0: query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) + ret = subprocess.call(shlex.split(query)) if ret != 0: sys.exit(1) else: @@ -224,12 +259,20 @@ class MysqlConf(BaseDB): if dryMode == False: log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host) + ret = subprocess.call(query) if ret == 0: log("[I] ---------- FLUSH PRIVILEGES ----------" , "info") - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;" + ret = subprocess.call(query) if ret == 0: log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info") else: @@ -253,10 +296,10 @@ class MysqlConf(BaseDB): for host in hosts_arr: get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql') query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host) - ret = subprocess.check_call(shlex.split(query)) + ret = subprocess.call(shlex.split(query)) if ret == 0: query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.check_call(shlex.split(query)) + ret = subprocess.call(shlex.split(query)) if ret != 0: sys.exit(1) else: @@ -276,14 +319,21 @@ class OracleConf(BaseDB): def get_jisql_cmd(self, user, password): #TODO: User array for forming command - jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password) + path = os.getcwd() + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, user, password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password) return jisql_cmd def check_connection(self, db_name, db_user, db_password): log("[I] Checking connection", "info") get_cmd = self.get_jisql_cmd(db_user, db_password) - query = get_cmd + " -c \; -query \"select * from v$version;\"" - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select * from v$version;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select * from v$version;\" -c ;" + output = check_output(query) if output.strip('Production |'): log("[I] Connection success", "info") return True @@ -295,8 +345,11 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] Verifying user " + db_user ,"info") get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select username from all_users where upper(username)=upper('%s');\" -c ;" %(db_user) + output = check_output(query) if output.strip(db_user + " |"): return True else: @@ -311,14 +364,22 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] User does not exists, Creating user : " + db_user, "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password) + ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_user, db_root_password,dryMode): log("[I] User " + db_user + " created", "info") log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) if ret == 0: log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info") else: @@ -338,8 +399,11 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] Verifying tablespace " + db_name, "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\" -c ;" %(db_name) + output = check_output(query) if output.strip(db_name+' |'): return True else: @@ -351,8 +415,11 @@ class OracleConf(BaseDB): log("[I] Tablespace " + db_name + " already exists.","info") if self.verify_user(root_user, db_user, db_root_password,dryMode): get_cmd = self.get_jisql_cmd(db_user ,db_password) - query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" - output = check_output(shlex.split(query)).strip() + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;" + output = check_output(query).strip() db_name = db_name.upper() +' |' if output == db_name: log("[I] User name " + db_user + " and tablespace " + db_name + " already exists.","info") @@ -365,8 +432,12 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info") get_cmd = self.get_jisql_cmd(root_user, db_root_password) - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name) + ret = subprocess.call(query) if ret == 0: if self.verify_tablespace(root_user, db_root_password, db_name,dryMode): log("[I] Creating tablespace "+db_name+" succeeded", "info") @@ -387,12 +458,20 @@ class OracleConf(BaseDB): log("[I] Assign default tablespace " +db_name + " to " + db_user, "info") # Assign default tablespace db_name get_cmd = self.get_jisql_cmd(root_user , db_root_password) - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name) + ret = subprocess.call(query) if ret == 0: log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) if ret == 0: log("[I] Granting Oracle user '" + db_user + "' done", "info") return status @@ -418,8 +497,12 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] Tablespace does not exist. Creating tablespace: " + audit_db_name,"info") get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(audit_db_name, audit_db_name) + ret = subprocess.call(query) if ret != 0: log("[E] Tablespace creation failed..","error") sys.exit(1) @@ -437,8 +520,12 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] Tablespace does not exist. Creating tablespace: " + db_name,"info") get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name) + ret = subprocess.call(query) if ret != 0: log("[E] Tablespace creation failed..","error") sys.exit(1) @@ -453,19 +540,31 @@ class OracleConf(BaseDB): log("[I] Assign default tablespace " + db_name + " to : " + audit_db_user, "info") # Assign default tablespace db_name get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name) - ret1 = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name) + ret1 = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, db_name) + ret1 = subprocess.call(query) log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info") # Assign default tablespace audit_db_name get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) - query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name) - ret2 = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name) + ret2 = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, audit_db_name) + ret2 = subprocess.call(query) if (ret1 == 0 and ret2 == 0): log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) if ret == 0: return True else: @@ -481,8 +580,12 @@ class OracleConf(BaseDB): def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, invoke,dryMode): if dryMode == False: get_cmd = self.get_jisql_cmd(root_user ,db_root_password) - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) if ret == 0: log("[I] Granted permission to " + db_user, "info") return True @@ -504,14 +607,22 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] User does not exists, Creating user " + db_user, "info") get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password) + ret = subprocess.call(query) if ret == 0: if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode): log("[I] User " + db_user + " created", "info") log("[I] Granting permission to " + db_user, "info") - query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + ret = subprocess.call(query) if ret == 0: log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info") else: @@ -534,12 +645,20 @@ class OracleConf(BaseDB): if dryMode == False: log("[I] Audit user does not exists, Creating audit user " + audit_db_user, "info") get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) - query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(audit_db_user, audit_db_password) + ret = subprocess.call(query) if ret == 0: if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode): - query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" %(audit_db_user) + ret = subprocess.call(query) if ret == 0: log("[I] Granting permission to " + audit_db_user + " done", "info") else: @@ -562,18 +681,25 @@ class PostgresConf(BaseDB): self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR self.JAVA_BIN = JAVA_BIN - def get_jisql_cmd(self, user, password, db_name): #TODO: User array for forming command - jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password) + path = os.getcwd() + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): if dryMode == False: log("[I] Verifying user " + db_user , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\" -c ;" %(db_user) + output = check_output(query) if output.strip(db_user + " |"): return True else: @@ -582,8 +708,11 @@ class PostgresConf(BaseDB): def check_connection(self, db_name, db_user, db_password): #log("[I] Checking connection", "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) - query = get_cmd + " -query \"SELECT 1;\"" - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) if output.strip('1 |'): #log("[I] connection success", "info") return True @@ -600,8 +729,12 @@ class PostgresConf(BaseDB): if dryMode == False: log("[I] User does not exists, Creating user : " + db_user, "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) + ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, db_user,dryMode): log("[I] Postgres user " + db_user + " created", "info") @@ -618,8 +751,11 @@ class PostgresConf(BaseDB): if dryMode == False: log("[I] Verifying database " + db_name , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\" -c ;" %(db_name) + output = check_output(query) if output.strip(db_name + " |"): return True else: @@ -634,8 +770,12 @@ class PostgresConf(BaseDB): if dryMode == False: log("[I] Database does not exist, Creating database : " + db_name,"info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') - query = get_cmd + " -query \"CREATE DATABASE %s WITH OWNER %s;\"" %(db_name, db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user) + ret = subprocess.call(query) if ret != 0: log("[E] Database creation failed..","error") sys.exit(1) @@ -653,26 +793,42 @@ class PostgresConf(BaseDB): if dryMode == False: log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user) + ret = subprocess.call(query) if ret != 0: log("[E] Granting privileges on tables in schema public failed..", "error") sys.exit(1) - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user) + ret = subprocess.call(query) if ret != 0: log("[E] Granting privileges on schema public failed..", "error") sys.exit(1) - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\" -c ;" %(db_user) + ret = subprocess.call(query) if ret != 0: log("[E] Granting privileges on database "+db_name+ " failed..", "error") sys.exit(1) - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\" -c ;" %(db_user) + ret = subprocess.call(query) if ret != 0: log("[E] Granting privileges on database "+db_name+ " failed..", "error") sys.exit(1) @@ -702,18 +858,25 @@ class SqlServerConf(BaseDB): self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR self.JAVA_BIN = JAVA_BIN - def get_jisql_cmd(self, user, password, db_name): #TODO: User array for forming command - jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name) + path = os.getcwd() + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, user, password, self.host,db_name) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): if dryMode == False: log("[I] Verifying user " + db_user , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select loginname from master.dbo.syslogins where loginname = '%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select loginname from master.dbo.syslogins where loginname = '%s';\" -c ;" %(db_user) + output = check_output(query) if output.strip(db_user + " |"): return True else: @@ -722,8 +885,11 @@ class SqlServerConf(BaseDB): def check_connection(self, db_name, db_user, db_password): log("[I] Checking connection", "info") get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) - query = get_cmd + " -c \; -query \"SELECT 1;\"" - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) if output.strip('1 |'): log("[I] Connection success", "info") return True @@ -740,8 +906,12 @@ class SqlServerConf(BaseDB): if dryMode == False: get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') log("[I] User does not exists, Creating Login user " + db_user, "info") - query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\" -c ;" %(db_user,db_password) + ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, db_user,dryMode): log("[I] SQL Server user " + db_user + " created", "info") @@ -758,8 +928,11 @@ class SqlServerConf(BaseDB): if dryMode == False: log("[I] Verifying database " + db_name, "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT name from sys.databases where name='%s';\" -c ;" %(db_name) + output = check_output(query) if output.strip(db_name + " |"): return True else: @@ -773,8 +946,12 @@ class SqlServerConf(BaseDB): if dryMode == False: log("[I] Database does not exist. Creating database : " + db_name,"info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name) + ret = subprocess.call(query) if ret != 0: log("[E] Database creation failed..","error") sys.exit(1) @@ -792,18 +969,28 @@ class SqlServerConf(BaseDB): def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode): get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name, db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name, db_user) + output = check_output(query) if output.strip(db_user + " |"): if dryMode == False: log("[I] User "+db_user+" exist ","info") else: if dryMode == False: - query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"USE %s CREATE USER %s for LOGIN %s;\"" %(db_name ,db_user, db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"USE %s CREATE USER %s for LOGIN %s;\" -c ;" %(db_name ,db_user, db_user) + ret = subprocess.call(query) if ret == 0: - query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user) - output = check_output(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_name ,db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"USE %s SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_name ,db_user) + output = check_output(query) if output.strip(db_user + " |"): log("[I] User "+db_user+" exist ","info") else: @@ -819,13 +1006,22 @@ class SqlServerConf(BaseDB): if dryMode == False: log("[I] Granting permission to admin user '" + db_user + "' on db '" + db_name + "'" , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'msdb') - query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\"" %(db_user, db_name) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"ALTER LOGIN [%s] WITH DEFAULT_DATABASE=[%s];\" -c ;" %(db_user, db_name) + ret = subprocess.call(query) if ret != 0: sys.exit(1) - query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user) - # query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) - ret = subprocess.check_call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_name, db_user) +# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \" USE %s EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_name, db_user) +# query = get_cmd + " -c \; -query \" USE %s GRANT ALL PRIVILEGES to %s;\"" %(db_name , db_user) + ret = subprocess.call(query) if ret != 0: sys.exit(1) else: @@ -842,7 +1038,7 @@ class SqlServerConf(BaseDB): self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode) self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, audit_db_user, audit_db_password,dryMode) self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode) - self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode) + self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke, dryMode) def main(argv): @@ -893,10 +1089,15 @@ def main(argv): if os.environ['JAVA_HOME'] == "": log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") sys.exit(1) - JAVA_BIN=os.environ['JAVA_HOME']+'/bin/java' - while os.path.isfile(JAVA_BIN) == False: - log("Enter java executable path: :","info") - JAVA_BIN=raw_input() + JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') + if os_name == "WINDOWS" : + JAVA_BIN = JAVA_BIN+'.exe' + if os.path.isfile(JAVA_BIN): + pass + else : + while os.path.isfile(JAVA_BIN) == False: + log("Enter java executable path: :","info") + JAVA_BIN=raw_input() log("[I] Using Java:" + str(JAVA_BIN),"info") if (quiteMode): @@ -1006,33 +1207,33 @@ def main(argv): #log("Enter db root password:","info") #xa_db_root_password = raw_input() - mysql_dbversion_catalog = 'db/mysql/create_dbversion_catalog.sql' + mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql') #mysql_core_file = globalDict['mysql_core_file'] - mysql_core_file = 'db/mysql/xa_core_db.sql' + mysql_core_file = os.path.join('db','mysql','xa_core_db.sql') #mysql_audit_file = globalDict['mysql_audit_file'] - mysql_audit_file = 'db/mysql/xa_audit_db.sql' - mysql_patches = 'db/mysql/patches' + mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql') + mysql_patches = os.path.join('db','mysql','patches') - oracle_dbversion_catalog = 'db/oracle/create_dbversion_catalog.sql' + oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql') #oracle_core_file = globalDict['oracle_core_file'] - oracle_core_file = 'db/oracle/xa_core_db_oracle.sql' + oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql') #oracle_audit_file = globalDict['oracle_audit_file'] - oracle_audit_file = 'db/oracle/xa_audit_db_oracle.sql' - oracle_patches = 'db/oracle/patches' + oracle_audit_file = os.path.join('db','oracle','xa_audit_db_oracle.sql') + oracle_patches = os.path.join('db','oracle','patches') - postgres_dbversion_catalog = 'db/postgres/create_dbversion_catalog.sql' + postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql') #postgres_core_file = globalDict['postgres_core_file'] - postgres_core_file = 'db/postgres/xa_core_db_postgres.sql' + postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql') #postgres_audit_file = globalDict['postgres_audit_file'] - postgres_audit_file = 'db/postgres/xa_audit_db_postgres.sql' - postgres_patches = 'db/postgres/patches' + postgres_audit_file = os.path.join('db','postgres','xa_audit_db_postgres.sql') + postgres_patches = os.path.join('db','postgres','patches') - sqlserver_dbversion_catalog = 'db/sqlserver/create_dbversion_catalog.sql' + sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql') #sqlserver_core_file = globalDict['sqlserver_core_file'] - sqlserver_core_file = 'db/sqlserver/xa_core_db_sqlserver.sql' + sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql') #sqlserver_audit_file = globalDict['sqlserver_audit_file'] - sqlserver_audit_file = 'db/sqlserver/xa_audit_db_sqlserver.sql' - sqlserver_patches = 'db/sqlserver/patches' + sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql') + sqlserver_patches = os.path.join('db','sqlserver','patches') x_db_version = 'x_db_version_h' xa_access_audit = 'xa_access_audit' @@ -1051,7 +1252,10 @@ def main(argv): #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar' ORACLE_CONNECTOR_JAR=CONNECTOR_JAR - xa_db_root_user = xa_db_root_user+" AS SYSDBA" + if os_name == "LINUX": + xa_db_root_user = xa_db_root_user+" AS SYSDBA" + elif os_name == "WINDOWS": + xa_db_root_user = xa_db_root_user xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) xa_db_version_file = os.path.join(os.getcwd(),oracle_dbversion_catalog) xa_db_core_file = os.path.join(os.getcwd(),oracle_core_file) @@ -1089,7 +1293,10 @@ def main(argv): #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar' ORACLE_CONNECTOR_JAR=CONNECTOR_JAR - audit_db_root_user = audit_db_root_user+" AS SYSDBA" + if os_name == "LINUX": + audit_db_root_user = audit_db_root_user+" AS SYSDBA" + if os_name == "WINDOWS": + audit_db_root_user = audit_db_root_user audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(os.getcwd(),oracle_audit_file) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cb2dc314/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index 2d35771..c2d896f 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -18,6 +18,9 @@ # #------------------------- DB CONFIG - BEGIN ---------------------------------- +# Uncomment the below if the DBA steps need to be run separately +#setup_mode=SeparateDBA + PYTHON_COMMAND_INVOKER=python #DB_FLAVOR=MYSQL|ORACLE|POSTGRES|SQLSERVER @@ -178,6 +181,3 @@ postgres_audit_file=db/postgres/xa_audit_db_postgres.sql sqlserver_core_file=db/sqlserver/xa_core_db_sqlserver.sql sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks - -# Uncomment the below if the DBA steps need to be run separately -#setup_mode=SeparateDBA http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cb2dc314/security-admin/scripts/restrict_permissions.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/restrict_permissions.py b/security-admin/scripts/restrict_permissions.py new file mode 100644 index 0000000..a4998be --- /dev/null +++ b/security-admin/scripts/restrict_permissions.py @@ -0,0 +1,453 @@ +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. See accompanying LICENSE file. +# + +import os +import re +import sys +import errno +import shlex +import logging +import subprocess +import platform +import fileinput +import getpass +from os.path import basename +from subprocess import Popen,PIPE +from datetime import date +from datetime import datetime +globalDict = {} + +os_name = platform.system() +os_name = os_name.upper() + +def check_output(query): + if os_name == "LINUX": + p = subprocess.Popen(shlex.split(query), stdout=subprocess.PIPE) + elif os_name == "WINDOWS": + p = subprocess.Popen(query, stdout=subprocess.PIPE, shell=True) + output = p.communicate ()[0] + return output + +def log(msg,type): + if type == 'info': + logging.info(" %s",msg) + if type == 'debug': + logging.debug(" %s",msg) + if type == 'warning': + logging.warning(" %s",msg) + if type == 'exception': + logging.exception(" %s",msg) + if type == 'error': + logging.error(" %s",msg) + +def populate_global_dict(): + global globalDict + read_config_file = open(os.path.join(os.getcwd(),'install.properties')) + for each_line in read_config_file.read().split('\n') : + if len(each_line) == 0 : continue + if re.search('=', each_line): + key , value = each_line.strip().split("=",1) + key = key.strip() + + if 'PASSWORD' in key: + jceks_file_path = os.path.join(os.getenv('RANGER_HOME'), 'jceks','ranger_db.jceks') + statuscode,value = call_keystore(library_path,key,'',jceks_file_path,'get') + if statuscode == 1: + value = '' + value = value.strip() + globalDict[key] = value + +def logFile(msg): + if globalDict["dryMode"]==True: + logFileName=globalDict["dryModeOutputFile"] + if logFileName !="": + if os.path.isfile(logFileName): + if os.access(logFileName, os.W_OK): + with open(logFileName, "a") as f: + f.write(msg+"\n") + f.close() + else: + print("Unable to open file "+logFileName+" in write mode, Check file permissions.") + sys.exit() + else: + print(logFileName+" is Invalid input file name! Provide valid file path to write DBA scripts:") + sys.exit() + else: + print("Invalid input! Provide file path to write DBA scripts:") + sys.exit() + +class BaseDB(object): + + def check_connection(self, db_name, db_user, db_password): + log("[I] ---------- Verifying DB connection ----------", "info") + + def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE, dryMode): + log("[I] ---------- set audit user permissions ----------", "info") + + +class MysqlConf(BaseDB): + def __init__(self, host,SQL_CONNECTOR_JAR,JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password ,db_name): + path = os.getcwd() + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, self.host, db_name, user, password) + elif os_name == "WINDOWS": + self.JAVA_BIN = self.JAVA_BIN.strip("'") + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + return jisql_cmd + + def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode): + if dryMode == False: + log("[I] Verifying user " + db_user+ " for Host "+ host, "info") + if os_name == "LINUX": + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host) + output = check_output(query) + if output.strip(db_user + " |"): + return True + else: + return False + + def check_connection(self, db_name, db_user, db_password): + #log("[I] Checking connection..", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"SELECT version();\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT version();\" -c ;" + output = check_output(query) + if output.strip('Production |'): + #log("[I] Checking connection passed.", "info") + return True + else: + log("[E] Can't establish db connection.. Exiting.." ,"error") + sys.exit(1) + + def verify_db(self, root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Verifying database " + db_name , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if os_name == "LINUX": + query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name) + output = check_output(query) + if output.strip(db_name + " |"): + return True + else: + return False + + def revoke_permissions(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): + hosts_arr =["%", "localhost"] + if is_revoke: + for host in hosts_arr: + if dryMode == False: + log("[I] Revoking *.* privileges of user '"+db_user+"'@'"+host+"'" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if os_name == "LINUX": + query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\" -c ;" %(db_user, host) + ret = subprocess.call(query) + if ret == 0: + if os_name == "LINUX": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;" + ret = subprocess.call(query) + if ret != 0: + sys.exit(1) + else: + sys.exit(1) + else: + logFile("REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';" %(db_user, host)) + logFile("FLUSH PRIVILEGES;") + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): + hosts_arr =["%", "localhost"] + for host in hosts_arr: + if dryMode == False: + log("[I] Granting all privileges to user '"+db_user+"'@'"+host+"' on db '"+db_name+"'" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') + if os_name == "LINUX": + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host) + ret = subprocess.call(query) + if ret == 0: + log("[I] FLUSH PRIVILEGES.." , "info") + if os_name == "LINUX": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;" + ret = subprocess.call(query) + if ret == 0: + log("[I] Privileges granted to '" + db_user + "'@'"+host+"' on '"+db_name+"'", "info") + else: + log("[E] Granting privileges to '" +db_user+ "'@'"+host+"' failed on '"+db_name+"'", "error") + sys.exit(1) + else: + log("[E] Granting privileges to '" +db_user+ "'@'"+host+"' failed on '"+db_name+"'", "error") + sys.exit(1) + else: + logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;" %(db_name,db_user, host)) + logFile("FLUSH PRIVILEGES;") + + def grant_audit_db_user(self, db_user, audit_db_name, audit_db_user, audit_db_password, db_password,TABLE_NAME,dryMode): + hosts_arr =["%", "localhost"] + for host in hosts_arr: + if dryMode == False: + log("[I] Granting insert privileges to '"+ audit_db_user + "'@'"+host+"' on table '"+ audit_db_name+"."+TABLE_NAME+"'" , "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, audit_db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"GRANT INSERT ON %s.%s to '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host) + ret = subprocess.call(shlex.split(query)) + if os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT INSERT ON %s.%s to '%s'@'%s';\"" %(audit_db_name,TABLE_NAME,audit_db_user,host) + ret = subprocess.call(query) + if ret == 0: + log("[I] Insert Privileges granted to '" + audit_db_user+ "'@'"+host+"' on table '"+ audit_db_name+"."+TABLE_NAME+"'", "info") + else: + log("[E] Granting insert privileges to '" +audit_db_user+ "'@'"+host+"' failed on table '"+ audit_db_name+"."+TABLE_NAME+"'", "error") + sys.exit(1) + else: + logFile("GRANT INSERT ON %s.%s to '%s'@'%s';" %(audit_db_name,TABLE_NAME,audit_db_user,host)) + logFile("FLUSH PRIVILEGES;") + + def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): + is_revoke=True + if db_user != audit_db_user: + if dryMode == False: + log("[I] ---------- Revoking permissions from Ranger Audit db user ----------","info") + self.revoke_permissions(audit_db_root_user, audit_db_name, audit_db_user, audit_db_password, audit_db_root_password, is_revoke,dryMode) + if dryMode == False: + log("[I] ---------- Granting permissions to Ranger Admin db user on Audit DB ----------","info") + self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode) + self.grant_audit_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password,'xa_access_audit',dryMode) + + +def main(argv): + + FORMAT = '%(asctime)-15s %(message)s' + logging.basicConfig(format=FORMAT, level=logging.DEBUG) + DBA_MODE = 'TRUE' + + quiteMode = False + dryMode=False + is_revoke=True + + if len(argv) > 1: + for i in range(len(argv)): + if str(argv[i]) == "-q": + quiteMode = True + populate_global_dict() + if str(argv[i]) == "-d": + index=i+1 + try: + dba_sql_file=str(argv[index]) + if dba_sql_file == "": + log("[E] Invalid input! Provide file path to write Grant/Revoke sql scripts:","error") + sys.exit(1) + except IndexError: + log("[E] Invalid input! Provide file path to write Grant/Revoke sql scripts:","error") + sys.exit(1) + + if not dba_sql_file == "": + if not os.path.exists(dba_sql_file): + log("[I] Creating File:"+dba_sql_file,"info") + open(dba_sql_file, 'w').close() + else: + log("[I] File "+dba_sql_file+ " is available.","info") + + if os.path.isfile(dba_sql_file): + dryMode=True + globalDict["dryMode"]=True + globalDict["dryModeOutputFile"]=dba_sql_file + else: + log("[E] Invalid file Name! Unable to find file:"+dba_sql_file,"error") + sys.exit(1) + + log("[I] Running Grant/Revoke sql script. QuiteMode:" + str(quiteMode),"info") + if (quiteMode): + JAVA_BIN=globalDict['JAVA_BIN'] + else: + if os.environ['JAVA_HOME'] == "": + log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") + sys.exit(1) + JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') + if os_name == "WINDOWS" : + JAVA_BIN = JAVA_BIN+'.exe' + if os.path.isfile(JAVA_BIN): + pass + else : + while os.path.isfile(JAVA_BIN) == False: + log("Enter java executable path: :","info") + JAVA_BIN=raw_input() + log("[I] Using Java:" + str(JAVA_BIN),"info") + + if (quiteMode): + XA_DB_FLAVOR=globalDict['DB_FLAVOR'] + AUDIT_DB_FLAVOR=globalDict['DB_FLAVOR'] + else: + XA_DB_FLAVOR='' + while XA_DB_FLAVOR == "": + log("Enter db flavour{MYSQL} :","info") + XA_DB_FLAVOR=raw_input() + AUDIT_DB_FLAVOR = XA_DB_FLAVOR + XA_DB_FLAVOR = XA_DB_FLAVOR.upper() + AUDIT_DB_FLAVOR = AUDIT_DB_FLAVOR.upper() + + log("[I] DB FLAVOR:" + str(XA_DB_FLAVOR),"info") + + if (quiteMode): + CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] + else: + if XA_DB_FLAVOR == "MYSQL": + log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info") + CONNECTOR_JAR=raw_input() + while os.path.isfile(CONNECTOR_JAR) == False: + log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error") + CONNECTOR_JAR=raw_input() + else: + log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") + sys.exit(1) + + if (quiteMode): + xa_db_host = globalDict['db_host'] + audit_db_host = globalDict['db_host'] + else: + xa_db_host='' + while xa_db_host == "": + log("Enter DB Host :","info") + xa_db_host=raw_input() + audit_db_host=xa_db_host + log("[I] DB Host:" + str(xa_db_host),"info") + + if (quiteMode): + xa_db_root_user = globalDict['db_root_user'] + xa_db_root_password = globalDict['db_root_password'] + else: + xa_db_root_user='' + while xa_db_root_user == "": + log("Enter db root user:","info") + xa_db_root_user=raw_input() + log("Enter db root password:","info") + xa_db_root_password = getpass.getpass("Enter db root password:") + + if (quiteMode): + db_name = globalDict['db_name'] + else: + db_name = '' + while db_name == "": + log("Enter DB Name :","info") + db_name=raw_input() + + if (quiteMode): + db_user = globalDict['db_user'] + else: + db_user='' + while db_user == "": + log("Enter db user name:","info") + db_user=raw_input() + + if (quiteMode): + db_password = globalDict['db_password'] + else: + db_password='' + while db_password == "": + log("Enter db user password:","info") + db_password = getpass.getpass("Enter db user password:") + + if (quiteMode): + audit_db_name = globalDict['audit_db_name'] + else: + audit_db_name='' + while audit_db_name == "": + log("Enter audit db name:","info") + audit_db_name = raw_input() + + if (quiteMode): + audit_db_user = globalDict['audit_db_user'] + else: + audit_db_user='' + while audit_db_user == "": + log("Enter audit user name:","info") + audit_db_user = raw_input() + + if (quiteMode): + audit_db_password = globalDict['audit_db_password'] + else: + audit_db_password='' + while audit_db_password == "": + log("Enter audit db user password:","info") + audit_db_password = getpass.getpass("Enter audit db user password:") + + audit_db_root_user = xa_db_root_user + audit_db_root_password = xa_db_root_password + + mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql') + mysql_core_file = os.path.join('db','mysql','xa_core_db.sql') + mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql') + mysql_patches = os.path.join('db','mysql','patches') + + x_db_version = 'x_db_version_h' + xa_access_audit = 'xa_access_audit' + x_user = 'x_portal_user' + + if XA_DB_FLAVOR == "MYSQL": + MYSQL_CONNECTOR_JAR=CONNECTOR_JAR + xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN) + xa_db_version_file = os.path.join(os.getcwd(),mysql_dbversion_catalog) + xa_db_core_file = os.path.join(os.getcwd(),mysql_core_file) + xa_patch_file = os.path.join(os.getcwd(),mysql_patches) + else: + log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") + sys.exit(1) + + if AUDIT_DB_FLAVOR == "MYSQL": + MYSQL_CONNECTOR_JAR=CONNECTOR_JAR + audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN) + audit_db_file = os.path.join(os.getcwd(),mysql_audit_file) + else: + log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") + sys.exit(1) + # Methods Begin + if DBA_MODE == "TRUE" : + if (dryMode==True): + log("[I] Dry run mode:"+str(dryMode),"info") + log("[I] Logging Grant/Revoke sql script in file:"+str(globalDict["dryModeOutputFile"]),"info") + now = datetime.now() + logFile("=========="+now.strftime('%Y-%m-%d %H:%M:%S')+"==========\n") + xa_sqlObj.revoke_permissions(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) + logFile("========================================\n") + if (dryMode==False): + log("[I] ---------- Revoking permissions from Ranger Admin db user ----------","info") + xa_sqlObj.revoke_permissions(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + log("[I] ---------- Granting permissions to Ranger Admin db user ----------","info") + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + log("[I] ---------- Starting Ranger Audit db user operations ---------- ","info") + audit_sqlObj.auditdb_operation(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) + log("[I] ---------- Ranger Policy Manager DB and User Creation Process Completed.. ---------- ","info") +main(sys.argv) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cb2dc314/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index ffc8e2a..c1b5658 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -37,7 +37,7 @@ usage() { } 2>/dev/null log() { - local prefix="[$(date +%Y/%m/%d\ %H:%M:%S)]: " + local prefix="$(date +%Y-%m-%d\ %H:%M:%S,%3N) " echo "${prefix} $@" >> $LOGFILE echo "${prefix} $@" } @@ -1451,8 +1451,10 @@ if [ "$?" == "0" ] then update_properties do_authentication_setup -execute_java_patches +$PYTHON_COMMAND_INVOKER db_setup.py -javapatch +#execute_java_patches else + log "[E] DB schema setup failed! Please contact Administrator." exit 1 fi echo "Installation of Ranger PolicyManager Web Application is completed." http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cb2dc314/security-admin/src/bin/ranger_install.py ---------------------------------------------------------------------- diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py index 75b5931..68da67c 100644 --- a/security-admin/src/bin/ranger_install.py +++ b/security-admin/src/bin/ranger_install.py @@ -195,6 +195,8 @@ def populate_config_dict_from_env(): conf_dict['RANGER_ADMIN_DB_HOST'] = os.getenv("RANGER_ADMIN_DB_HOST") conf_dict['RANGER_AUDIT_DB_HOST'] = os.getenv("RANGER_AUDIT_DB_HOST") conf_dict['MYSQL_BIN'] = 'mysql.exe' #os.getenv("MYSQL_BIN") + conf_dict['XA_DB_FLAVOR'] = os.getenv("XA_DB_FLAVOR") + conf_dict['AUDIT_DB_FLAVOR'] = os.getenv("AUDIT_DB_FLAVOR") conf_dict['RANGER_ADMIN_DB_USERNAME'] = os.getenv("RANGER_ADMIN_DB_USERNAME") conf_dict['RANGER_ADMIN_DB_PASSWORD'] = os.getenv("RANGER_ADMIN_DB_PASSWORD") conf_dict['RANGER_ADMIN_DB_NAME'] = os.getenv("RANGER_ADMIN_DB_DBNAME") @@ -259,13 +261,30 @@ def init_variables(switch): conf_dict['EWS_ROOT'] = EWS_ROOT conf_dict['WEBAPP_ROOT']= WEBAPP_ROOT conf_dict['INSTALL_DIR']= INSTALL_DIR + conf_dict['JAVA_BIN']='java' + conf_dict['DB_FLAVOR']=os.getenv("XA_DB_FLAVOR") + conf_dict['SQL_CONNECTOR_JAR']=os.getenv("SQL_CONNECTOR_JAR") + conf_dict['db_host']=os.getenv("RANGER_ADMIN_DB_HOST") + conf_dict['db_name']=os.getenv("RANGER_ADMIN_DB_DBNAME") + conf_dict['db_user']=os.getenv("RANGER_ADMIN_DB_USERNAME") + conf_dict['db_password']=os.getenv("RANGER_ADMIN_DB_PASSWORD") + conf_dict['audit_db_name']=os.getenv("RANGER_AUDIT_DB_DBNAME") + conf_dict['audit_db_user']=os.getenv("RANGER_AUDIT_DB_USERNAME") + conf_dict['audit_db_password']=os.getenv("RANGER_AUDIT_DB_PASSWORD") db_dir = os.path.join(conf_dict['RANGER_ADMIN_HOME'] , "db") - conf_dict['RANGER_DB_DIR'] = db_dir - conf_dict['db_core_file'] = os.path.join(db_dir, "xa_core_db.sql") - conf_dict['db_create_user_file'] = os.path.join(db_dir, "create_dev_user.sql") - conf_dict['db_audit_file'] = os.path.join(db_dir, "xa_audit_db.sql") - conf_dict['db_asset_file'] = os.path.join(db_dir, "reset_asset.sql") + conf_dict['mysql_core_file']=os.path.join(db_dir,'mysql','xa_core_db.sql') + conf_dict['mysql_audit_file']=os.path.join(db_dir,'mysql','xa_audit_db.sql') + conf_dict['oracle_core_file']=os.path.join(db_dir,'oracle','xa_core_db_oracle.sql') + conf_dict['oracle_audit_file']=os.path.join(db_dir,'oracle','xa_audit_db_oracle.sql') + conf_dict['postgres_core_file']=os.path.join(db_dir,'postgres','xa_core_db_postgres.sql') + conf_dict['postgres_audit_file']=os.path.join(db_dir,'postgres','xa_audit_db_postgres.sql') + conf_dict['sqlserver_core_file']=os.path.join(db_dir,'sqlserver','xa_core_db_sqlserver.sql') + conf_dict['sqlserver_audit_file']=os.path.join(db_dir,'sqlserver','xa_audit_db_sqlserver.sql') + #conf_dict['db_core_file'] = os.path.join(db_dir, "xa_core_db.sql") + #conf_dict['db_create_user_file'] = os.path.join(db_dir, "create_dev_user.sql") + #conf_dict['db_audit_file'] = os.path.join(db_dir, "xa_audit_db.sql") + #conf_dict['db_asset_file'] = os.path.join(db_dir, "reset_asset.sql") #log("config is : " , "debug") #for x in conf_dict: @@ -336,7 +355,7 @@ def write_config_to_file(): for key,value in conf_dict.items(): if 'PASSWORD' in key : call_keystore(library_path,key,value,jceks_file_path,'create') - value = '' + value='' ModConfig(write_conf_to_file , key,value) @@ -653,6 +672,8 @@ def update_properties(): global conf_dict sys_conf_dict={} + XA_DB_FLAVOR = conf_dict["XA_DB_FLAVOR"] + AUDIT_DB_FLAVOR = conf_dict["AUDIT_DB_FLAVOR"] MYSQL_HOST = conf_dict["RANGER_ADMIN_DB_HOST"] WEBAPP_ROOT = conf_dict["WEBAPP_ROOT"] db_user = conf_dict["RANGER_ADMIN_DB_USERNAME"] @@ -662,17 +683,13 @@ def update_properties(): audit_db_user = conf_dict["RANGER_AUDIT_DB_USERNAME"] audit_db_password = conf_dict["RANGER_AUDIT_DB_PASSWORD"] audit_db_name = conf_dict["RANGER_AUDIT_DB_NAME"] - update_xapolicymgr_properties() - newPropertyValue='' to_file = os.path.join(WEBAPP_ROOT, "WEB-INF", "classes", "conf", "xa_system.properties") - if os.path.isfile(to_file): log("to_file: " + to_file + " file found", "info") else: log("to_file: " + to_file + " does not exists", "warning") - config = StringIO.StringIO() config.write('[dummysection]\n') config.write(open(to_file).read()) @@ -687,9 +704,39 @@ def update_properties(): sys_conf_dict[option] = value cObj.set("dummysection",option, value) - log("MYSQL_HOST is : " + MYSQL_HOST,"debug") + + log("SQL_HOST is : " + MYSQL_HOST,"debug") propertyName="jdbc.url" - newPropertyValue="jdbc:log4jdbc:mysql://" + MYSQL_HOST + ":3306/" + db_name + if XA_DB_FLAVOR == "MYSQL": + newPropertyValue="jdbc:log4jdbc:mysql://" + MYSQL_HOST + ":3306/" + db_name + elif XA_DB_FLAVOR == "ORACLE": + newPropertyValue="jdbc:oracle:thin:%s/%s@%s:1521/XE" %(db_user, db_password, MYSQL_HOST) + elif XA_DB_FLAVOR == "POSTGRES": + newPropertyValue="jdbc:postgresql://%s/%s" %(MYSQL_HOST, db_name) + elif XA_DB_FLAVOR == "SQLSERVER": + newPropertyValue="jdbc:sqlserver://%s;databaseName=%s" %(MYSQL_HOST, db_name) + cObj.set('dummysection',propertyName,newPropertyValue) + + propertyName="jdbc.dialect" + if XA_DB_FLAVOR == "MYSQL": + newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" + elif XA_DB_FLAVOR == "ORACLE": + newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" + elif XA_DB_FLAVOR == "POSTGRES": + newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform" + elif XA_DB_FLAVOR == "SQLSERVER": + newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform" + cObj.set('dummysection',propertyName,newPropertyValue) + + propertyName="jdbc.driver" + if XA_DB_FLAVOR == "MYSQL": + newPropertyValue="net.sf.log4jdbc.DriverSpy" + elif XA_DB_FLAVOR == "ORACLE": + newPropertyValue="oracle.jdbc.OracleDriver" + elif XA_DB_FLAVOR == "POSTGRES": + newPropertyValue="org.postgresql.Driver" + elif XA_DB_FLAVOR == "SQLSERVER": + newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver" cObj.set('dummysection',propertyName,newPropertyValue) propertyName="xa.webapp.url.root" @@ -702,7 +749,36 @@ def update_properties(): cObj.set('dummysection',propertyName,newPropertyValue) propertyName="auditDB.jdbc.url" - newPropertyValue="jdbc:log4jdbc:mysql://"+MYSQL_HOST+":3306/"+audit_db_name + if AUDIT_DB_FLAVOR == "MYSQL": + newPropertyValue="jdbc:log4jdbc:mysql://"+MYSQL_HOST+":3306/"+audit_db_name + elif AUDIT_DB_FLAVOR == "ORACLE": + newPropertyValue="jdbc:oracle:thin:%s/%s@%s:1521/XE" %(db_user, db_password, MYSQL_HOST) + elif AUDIT_DB_FLAVOR == "POSTGRES": + newPropertyValue="jdbc:postgresql://%s/%s" %(MYSQL_HOST, db_name) + elif AUDIT_DB_FLAVOR == "SQLSERVER": + newPropertyValue="jdbc:sqlserver://%s;databaseName=%s" % (MYSQL_HOST, audit_db_name) + cObj.set('dummysection',propertyName,newPropertyValue) + + propertyName="auditDB.jdbc.dialect" + if AUDIT_DB_FLAVOR == "MYSQL": + newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" + elif AUDIT_DB_FLAVOR == "ORACLE": + newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" + elif AUDIT_DB_FLAVOR == "POSTGRES": + newPropertyValue="org.eclipse.persistence.platform.database.PostgreSQLPlatform" + elif AUDIT_DB_FLAVOR == "SQLSERVER": + newPropertyValue="org.eclipse.persistence.platform.database.SQLServerPlatform" + cObj.set('dummysection',propertyName,newPropertyValue) + + propertyName="auditDB.jdbc.driver" + if AUDIT_DB_FLAVOR == "MYSQL": + newPropertyValue="net.sf.log4jdbc.DriverSpy" + elif AUDIT_DB_FLAVOR == "ORACLE": + newPropertyValue="oracle.jdbc.OracleDriver" + elif AUDIT_DB_FLAVOR == "POSTGRES": + newPropertyValue="org.postgresql.Driver" + elif AUDIT_DB_FLAVOR == "SQLSERVER": + newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver" cObj.set('dummysection',propertyName,newPropertyValue) propertyName="jdbc.user" @@ -1060,4 +1136,4 @@ def configure(): # copy_mysql_connector() #log(" --------- Creatin Audit DB --------- ","info") setup_admin_db_user() - setup_audit_user_db() + setup_audit_user_db() \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cb2dc314/security-admin/src/bin/service_start.py ---------------------------------------------------------------------- diff --git a/security-admin/src/bin/service_start.py b/security-admin/src/bin/service_start.py index ad2caa2..035a86c 100644 --- a/security-admin/src/bin/service_start.py +++ b/security-admin/src/bin/service_start.py @@ -24,7 +24,6 @@ app_type = 'ranger-admin' service_entry = '--service' in sys.argv -configure_entry = '--configure' in sys.argv if service_entry: @@ -32,16 +31,13 @@ if service_entry: ranger_install.run_setup(cmd) jdk_options = ranger_install.get_jdk_options() class_path = ranger_install.get_ranger_classpath() - java_class = 'org.apache.ranger.server.tomcat.EmbededServer' + java_class = 'org.apache.ranger.server.tomcat.EmbeddedServer' class_arguments = '' - from xml.dom.minidom import getDOMImplementation dom = getDOMImplementation() xmlDoc = dom.createDocument(None, 'service', None) xmlDocRoot = xmlDoc.documentElement arguments = ' '.join([''.join(jdk_options), '-cp', class_path, java_class, class_arguments]) - - def appendTextElement(name, value): elem = xmlDoc.createElement(name) elem.appendChild(xmlDoc.createTextNode(value)) @@ -63,13 +59,3 @@ if service_entry: except: print "######################## Ranger Setup failed! #######################" sys.exit(1) - - -if configure_entry: - try: - ranger_install.configure() - except: - print "######################## Ranger Configure failed! #######################" - sys.exit(1) - - sys.exit(0)
