http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 40a6c49..5564737 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -30,6 +30,8 @@ globalDict = {} os_name = platform.system() os_name = os_name.upper() +jisql_debug=True + if os_name == "LINUX": RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME") if RANGER_ADMIN_HOME is None: @@ -104,8 +106,20 @@ def password_validation(password, userType): else: log("[I] "+userType+" user password validated","info") else: - log("[E] Blank password is not allowed,please enter valid password.","error") - sys.exit(1) + if userType == "DBA root": + log("[I] "+userType+" user password validated","info") + else: + log("[E] Blank password is not allowed,please enter valid password.","error") + sys.exit(1) + +def jisql_log(query, db_root_password): + if jisql_debug == True: + if os_name == "WINDOWS": + query = query.replace(' -p "'+db_root_password+'"' , ' -p "********"') + log("[JISQL] "+query, "info") + else: + query = query.replace(" -p '"+db_root_password+"'" , " -p '********'") + log("[JISQL] "+query, "info") class BaseDB(object): @@ -133,10 +147,10 @@ class MysqlConf(BaseDB): #TODO: User array for forming command path = RANGER_ADMIN_HOME if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN,self.SQL_CONNECTOR_JAR,path,self.host,db_name,user,password) elif os_name == "WINDOWS": self.JAVA_BIN = self.JAVA_BIN.strip("'") - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def verify_user(self, root_user, db_root_password, host, db_user, get_cmd,dryMode): @@ -146,6 +160,7 @@ class MysqlConf(BaseDB): query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\"" %(db_user,host) elif os_name == "WINDOWS": query = get_cmd + " -query \"select user from mysql.user where user='%s' and host='%s';\" -c ;" %(db_user,host) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): return True @@ -159,6 +174,7 @@ class MysqlConf(BaseDB): query = get_cmd + " -query \"SELECT version();\"" elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT version();\" -c ;" + jisql_log(query, db_password) output = check_output(query) if output.strip('Production |'): #log("[I] Checking connection passed.", "info") @@ -182,9 +198,11 @@ class MysqlConf(BaseDB): log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") if os_name == "LINUX": query = get_cmd + " -query \"create user '%s'@'%s';\"" %(db_user, host) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create user '%s'@'%s';\" -c ;" %(db_user, host) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, host, db_user, get_cmd, dryMode): @@ -199,9 +217,11 @@ class MysqlConf(BaseDB): log("[I] MySQL user " + db_user + " does not exists for host " + host, "info") if os_name == "LINUX": query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\"" %(db_user, host, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create user '%s'@'%s' identified by '%s';\" -c ;" %(db_user, host, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, host, db_user, get_cmd,dryMode): @@ -224,6 +244,7 @@ class MysqlConf(BaseDB): query = get_cmd + " -query \"show databases like '%s';\"" %(db_name) elif os_name == "WINDOWS": query = get_cmd + " -query \"show databases like '%s';\" -c ;" %(db_name) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_name + " |"): return True @@ -243,6 +264,7 @@ class MysqlConf(BaseDB): query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name) if dryMode == False: log("[I] Database does not exist, Creating database " + db_name,"info") + jisql_log(query, db_root_password) if os_name == "LINUX": ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": @@ -264,38 +286,27 @@ class MysqlConf(BaseDB): def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): hosts_arr =["%", "localhost"] hosts_arr.append(self.host) - ''' - if is_revoke: - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') - query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(db_user, host) - ret = subprocess.call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.call(shlex.split(query)) - if ret != 0: - sys.exit(1) - else: - sys.exit(1) - ''' - for host in hosts_arr: if dryMode == False: log("[I] ---------- Granting privileges TO user '"+db_user+"'@'"+host+"' on db '"+db_name+"'----------" , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'mysql') if os_name == "LINUX": query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\"" %(db_name,db_user, host) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"grant all privileges on %s.* to '%s'@'%s' with grant option;\" -c ;" %(db_name,db_user, host) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] ---------- FLUSH PRIVILEGES ----------" , "info") if os_name == "LINUX": query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"FLUSH PRIVILEGES;\" -c ;" + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Privileges granted to '" + db_user + "' on '"+db_name+"'", "info") @@ -314,24 +325,28 @@ class MysqlConf(BaseDB): if dryMode == False: log("[I] ---------- Setup audit user ----------","info") self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode) - ''' - if is_revoke: - hosts_arr =["%", "localhost"] - for host in hosts_arr: - get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password ,'mysql') - query = get_cmd + " -query \"REVOKE ALL PRIVILEGES,GRANT OPTION FROM '%s'@'%s';\"" %(audit_db_user, host) - ret = subprocess.call(shlex.split(query)) - if ret == 0: - query = get_cmd + " -query \"FLUSH PRIVILEGES;\"" - ret = subprocess.call(shlex.split(query)) - if ret != 0: - sys.exit(1) - else: - sys.exit(1) - ''' self.create_db(audit_db_root_user, audit_db_root_password, audit_db_name, db_user, db_password,dryMode) self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke,dryMode) + def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): + logFile("# Login to MySQL Server from a MySQL dba user(i.e 'root') to execute below sql statements.") + hosts_arr =["%", "localhost"] + if not self.host == "localhost": hosts_arr.append(self.host) + for host in hosts_arr: + logFile("create user '%s'@'%s' identified by '%s';" %(db_user, host, db_password)) + logFile("create database %s;"%(db_name)) + for host in hosts_arr: + logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(db_name, db_user, host)) + logFile("FLUSH PRIVILEGES;") + if not db_user == audit_db_user: + for host in hosts_arr: + logFile("create user '%s'@'%s' identified by '%s';"%(audit_db_user, host, audit_db_password)) + if not db_name == audit_db_name: + logFile("create database %s;"%(audit_db_name)) + if not db_name == audit_db_name: + for host in hosts_arr: + logFile("grant all privileges on %s.* to '%s'@'%s' with grant option;"%(audit_db_name, db_user, host)) + logFile("FLUSH PRIVILEGES;") class OracleConf(BaseDB): @@ -344,13 +359,21 @@ class OracleConf(BaseDB): def get_jisql_cmd(self, user, password): #TODO: User array for forming command path = RANGER_ADMIN_HOME - #print "self.JAVA_BIN=" + self.JAVA_BIN - self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom " + if not re.search('-Djava.security.egd=file:///dev/urandom', self.JAVA_BIN): + self.JAVA_BIN = self.JAVA_BIN + " -Djava.security.egd=file:///dev/urandom " + + #if self.host.count(":") == 2: + if self.host.count(":") == 2 or self.host.count(":") == 0: + #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL + cstring="jdbc:oracle:thin:@%s" %(self.host) + else: + #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE + cstring="jdbc:oracle:thin:@//%s" %(self.host) + if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, user, password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u '%s' -p '%s' -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, cstring, user, password) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, user, password) - #print jisql_cmd + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver oraclethin -cstring %s -u \"%s\" -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, cstring, user, password) return jisql_cmd def check_connection(self, db_name, db_user, db_password): @@ -360,6 +383,7 @@ class OracleConf(BaseDB): query = get_cmd + " -c \; -query \"select * from v$version;\"" elif os_name == "WINDOWS": query = get_cmd + " -query \"select * from v$version;\" -c ;" + jisql_log(query, db_password) output = check_output(query) if output.strip('Production |'): log("[I] Connection success", "info") @@ -376,6 +400,7 @@ class OracleConf(BaseDB): query = get_cmd + " -c \; -query \"select username from all_users where upper(username)=upper('%s');\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"select username from all_users where upper(username)=upper('%s');\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): return True @@ -393,9 +418,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_user, db_root_password,dryMode): @@ -403,9 +430,11 @@ class OracleConf(BaseDB): log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Granting permissions to Oracle user '" + db_user + "' for %s done" %(self.host), "info") @@ -430,6 +459,7 @@ class OracleConf(BaseDB): query = get_cmd + " -c \; -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\"" %(db_name) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TablespaceS where UPPER(Tablespace_Name)=UPPER(\'%s\');\" -c ;" %(db_name) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_name+' |'): return True @@ -446,6 +476,7 @@ class OracleConf(BaseDB): query = get_cmd + " -c \; -query 'select default_tablespace from user_users;'" elif os_name == "WINDOWS": query = get_cmd + " -query \"select default_tablespace from user_users;\" -c ;" + jisql_log(query, db_root_password) output = check_output(query).strip() db_name = db_name.upper() +' |' if output == db_name: @@ -461,9 +492,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_tablespace(root_user, db_root_password, db_name,dryMode): @@ -487,17 +520,21 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user , db_root_password) if os_name == "LINUX": query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(db_user, db_password, db_name) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(db_user, db_password, db_name) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Granting Oracle user '" + db_user + "' done", "info") @@ -526,9 +563,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(audit_db_name, audit_db_name) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(audit_db_name, audit_db_name) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Tablespace creation failed..","error") @@ -549,9 +588,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\"" %(db_name, db_name) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create tablespace %s datafile '%s.dat' size 10M autoextend on;\" -c ;" %(db_name, db_name) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Tablespace creation failed..","error") @@ -569,9 +610,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) if os_name == "LINUX": query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, db_name) + jisql_log(query, audit_db_root_password) ret1 = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, db_name) + jisql_log(query, audit_db_root_password) ret1 = subprocess.call(query) log("[I] Assign default tablespace " + audit_db_name + " to : " + audit_db_user, "info") @@ -579,18 +622,22 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(audit_db_root_user , audit_db_root_password) if os_name == "LINUX": query = get_cmd +" -c \; -query 'alter user %s identified by \"%s\" DEFAULT Tablespace %s;'" %(audit_db_user, audit_db_password, audit_db_name) + jisql_log(query, audit_db_root_password) ret2 = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd +" -query \"alter user %s identified by \"%s\" DEFAULT Tablespace %s;\" -c ;" %(audit_db_user, audit_db_password, audit_db_name) + jisql_log(query, audit_db_root_password) ret2 = subprocess.call(query) if (ret1 == 0 and ret2 == 0): log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret == 0: return True @@ -609,9 +656,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user ,db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Granted permission to " + db_user, "info") @@ -636,9 +685,11 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(db_user, db_password) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(db_user, db_password) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(audit_db_root_user, db_user, audit_db_root_password,dryMode): @@ -646,9 +697,11 @@ class OracleConf(BaseDB): log("[I] Granting permission to " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query 'GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;'" % (db_user) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED Tablespace TO %s WITH ADMIN OPTION;\" -c ;" % (db_user) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Granting permissions to Oracle user '" + db_user + "' for %s Done" %(self.host), "info") @@ -674,17 +727,21 @@ class OracleConf(BaseDB): get_cmd = self.get_jisql_cmd(audit_db_root_user, audit_db_root_password) if os_name == "LINUX": query = get_cmd + " -c \; -query 'create user %s identified by \"%s\";'" %(audit_db_user, audit_db_password) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create user %s identified by \"%s\";\" -c ;" %(audit_db_user, audit_db_password) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(audit_db_root_user, audit_db_user, audit_db_root_password,dryMode): if os_name == "LINUX": query = get_cmd + " -c \; -query \"GRANT CREATE SESSION TO %s;\"" %(audit_db_user) + jisql_log(query, audit_db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT CREATE SESSION TO %s;\" -c ;" %(audit_db_user) + jisql_log(query, audit_db_root_password) ret = subprocess.call(query) if ret == 0: log("[I] Granting permission to " + audit_db_user + " done", "info") @@ -700,6 +757,18 @@ class OracleConf(BaseDB): if DBA_MODE == "TRUE": self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode) + def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): + logFile("# Login to ORACLE Server from a ORACLE dba user(i.e 'sys') to execute below sql statements.") + logFile('create user %s identified by "%s";'%(db_user, db_password)) + logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user)) + logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(db_name, db_name)) + logFile('alter user %s identified by "%s" DEFAULT tablespace %s;'%(db_user, db_password, db_name)) + if not db_user == audit_db_user: + logFile('create user %s identified by "%s";'%(audit_db_user, audit_db_password)) + logFile('GRANT CREATE SESSION TO %s;' %(audit_db_user)) + logFile("create tablespace %s datafile '%s.dat' size 10M autoextend on;" %(audit_db_name, audit_db_name)) + logFile('alter user %s identified by "%s" DEFAULT tablespace %s;' %(audit_db_user, audit_db_password, audit_db_name)) + logFile('GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE ANY SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO %s WITH ADMIN OPTION;'%(db_user)) class PostgresConf(BaseDB): # Constructor @@ -713,9 +782,9 @@ class PostgresConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p '%s' -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path, self.host, db_name, user, password) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) + jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring jdbc:postgresql://%s/%s -u %s -p \"%s\" -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, self.host, db_name, user, password) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): @@ -726,6 +795,7 @@ class PostgresConf(BaseDB): query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT rolname FROM pg_roles WHERE rolname='%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): return True @@ -739,6 +809,7 @@ class PostgresConf(BaseDB): query = get_cmd + " -query \"SELECT 1;\"" elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT 1;\" -c ;" + jisql_log(query, db_password) output = check_output(query) if output.strip('1 |'): #log("[I] connection success", "info") @@ -758,9 +829,11 @@ class PostgresConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') if os_name == "LINUX": query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, db_user,dryMode): @@ -782,6 +855,7 @@ class PostgresConf(BaseDB): query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\"" %(db_name) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT datname FROM pg_database where datname='%s';\" -c ;" %(db_name) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_name + " |"): return True @@ -799,9 +873,11 @@ class PostgresConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') if os_name == "LINUX": query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Database creation failed..","error") @@ -822,9 +898,11 @@ class PostgresConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Granting all privileges on database "+db_name+" to user "+db_user+" failed..", "error") @@ -832,9 +910,11 @@ class PostgresConf(BaseDB): if os_name == "LINUX": query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Granting all privileges on schema public to user "+db_user+" failed..", "error") @@ -842,9 +922,11 @@ class PostgresConf(BaseDB): if os_name == "LINUX": query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\"" + jisql_log(query, db_root_password) output = check_output(query) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT table_name FROM information_schema.tables WHERE table_schema = 'public';\" -c ;" + jisql_log(query, db_root_password) output = check_output(query) for each_line in output.split('\n'): if len(each_line) == 0 : continue @@ -853,12 +935,14 @@ class PostgresConf(BaseDB): tablename = tablename.strip() if os_name == "LINUX": query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user) + jisql_log(query1, db_root_password) ret = subprocess.call(shlex.split(query1)) if ret != 0: log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error") sys.exit(1) elif os_name == "WINDOWS": query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user) + jisql_log(query1, db_root_password) ret = subprocess.call(query1) if ret != 0: log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error") @@ -870,6 +954,7 @@ class PostgresConf(BaseDB): output = check_output(query) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT sequence_name FROM information_schema.sequences where sequence_schema='public';\" -c ;" + jisql_log(query, db_root_password) output = check_output(query) for each_line in output.split('\n'): if len(each_line) == 0 : continue @@ -878,12 +963,14 @@ class PostgresConf(BaseDB): sequence_name = sequence_name.strip() if os_name == "LINUX": query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user) + jisql_log(query1, db_root_password) ret = subprocess.call(shlex.split(query1)) if ret != 0: log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error") sys.exit(1) elif os_name == "WINDOWS": query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user) + jisql_log(query1, db_root_password) ret = subprocess.call(query1) if ret != 0: log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error") @@ -907,6 +994,25 @@ class PostgresConf(BaseDB): if DBA_MODE == "TRUE": self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, False,dryMode) + def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): + logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") + logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) + logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user)) + logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(db_name)) + logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user)) + if not db_user == audit_db_user: + logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") + logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(audit_db_user, audit_db_password)) + if not db_name == audit_db_name: + if not db_user == audit_db_user: + pass + else: + logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") + logFile("CREATE DATABASE %s WITH OWNER %s;" %(audit_db_name, db_user)) + logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(audit_db_name)) + logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(audit_db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user)) class SqlServerConf(BaseDB): # Constructor @@ -920,9 +1026,9 @@ class SqlServerConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): @@ -933,6 +1039,7 @@ class SqlServerConf(BaseDB): query = get_cmd + " -c \; -query \"select name from sys.sql_logins where name = '%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"select name from sys.sql_logins where name = '%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): return True @@ -946,6 +1053,7 @@ class SqlServerConf(BaseDB): query = get_cmd + " -c \; -query \"SELECT 1;\"" elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT 1;\" -c ;" + jisql_log(query, db_password) output = check_output(query) if output.strip('1 |'): log("[I] Connection success", "info") @@ -965,9 +1073,11 @@ class SqlServerConf(BaseDB): log("[I] User does not exists, Creating Login user " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\"" %(db_user,db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"CREATE LOGIN %s WITH PASSWORD = '%s';\" -c ;" %(db_user,db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, db_user,dryMode): @@ -989,6 +1099,7 @@ class SqlServerConf(BaseDB): query = get_cmd + " -c \; -query \"SELECT name from sys.databases where name='%s';\"" %(db_name) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT name from sys.databases where name='%s';\" -c ;" %(db_name) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_name + " |"): return True @@ -1005,9 +1116,11 @@ class SqlServerConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'master') if os_name == "LINUX": query = get_cmd + " -c \; -query \"create database %s;\"" %(db_name) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create database %s;\" -c ;" %(db_name) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Database creation failed..","error") @@ -1029,6 +1142,7 @@ class SqlServerConf(BaseDB): query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): if dryMode == False: @@ -1037,15 +1151,18 @@ class SqlServerConf(BaseDB): if dryMode == False: if os_name == "LINUX": query = get_cmd + " -c \; -query \"CREATE USER %s for LOGIN %s;\"" %(db_user, db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"CREATE USER %s for LOGIN %s;\" -c ;" %(db_user, db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if os_name == "LINUX": query = get_cmd + " -c \; -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT name FROM sys.database_principals WHERE name = N'%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): log("[I] User "+db_user+" exist ","info") @@ -1064,9 +1181,11 @@ class SqlServerConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": query = get_cmd + " -c \; -query \" EXEC sp_addrolemember N'db_owner', N'%s';\"" %(db_user) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \" EXEC sp_addrolemember N'db_owner', N'%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: sys.exit(1) @@ -1085,6 +1204,35 @@ class SqlServerConf(BaseDB): self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode) self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke, dryMode) + def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): + logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.") + logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(db_user, db_password)) + logFile("create database %s;" %(db_name)) + logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(db_name)) + logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user)) + logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user)) + if not db_user == audit_db_user: + logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.") + logFile("CREATE LOGIN %s WITH PASSWORD = '%s';" %(audit_db_user, audit_db_password)) + if not db_name == audit_db_name: + if not db_user == audit_db_user: + pass + else: + logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') to execute below sql statements.") + logFile("create database %s;"%(audit_db_name)) + if db_name == audit_db_name and db_user!=audit_db_user: + logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(audit_db_name)) + logFile("CREATE USER %s for LOGIN %s;" %(audit_db_user, audit_db_user)) + if db_name != audit_db_name: + logFile("# Login to MSSQL Server from a MSSQL dba user(i.e 'sa') on '%s' database to execute below sql statements."%(audit_db_name)) + if db_user==audit_db_user: + logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user)) + else: + logFile("CREATE USER %s for LOGIN %s;" %(audit_db_user, audit_db_user)) + logFile("CREATE USER %s for LOGIN %s;" %(db_user, db_user)) + logFile("EXEC sp_addrolemember N'db_owner', N'%s';" %(db_user)) + + class SqlAnywhereConf(BaseDB): # Constructor def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): @@ -1096,9 +1244,9 @@ class SqlAnywhereConf(BaseDB): path = RANGER_ADMIN_HOME self.JAVA_BIN = self.JAVA_BIN.strip("'") if os_name == "LINUX": - jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host) + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -p '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host) elif os_name == "WINDOWS": - jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password '%s' -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host) + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -p \"%s\" -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host) return jisql_cmd def verify_user(self, root_user, db_root_password, db_user,dryMode): @@ -1109,6 +1257,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -c \; -query \"select name from syslogins where name = '%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"select name from syslogins where name = '%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): return True @@ -1122,6 +1271,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -c \; -query \"SELECT 1;\"" elif os_name == "WINDOWS": query = get_cmd + " -query \"SELECT 1;\" -c ;" + jisql_log(query, db_password) output = check_output(query) if output.strip('1 |'): log("[I] Connection success", "info") @@ -1141,9 +1291,11 @@ class SqlAnywhereConf(BaseDB): log("[I] User does not exists, Creating Login user " + db_user, "info") if os_name == "LINUX": query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user,db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user,db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if self.verify_user(root_user, db_root_password, db_user,dryMode): @@ -1165,6 +1317,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -c \; -query \"start database '%s' autostop off;\"" %(db_name) elif os_name == "WINDOWS": query = get_cmd + " -query \"start database '%s' autostop off;\" -c ;" %(db_name) + jisql_log(query, db_root_password) output = check_output(query) def verify_db(self, root_user, db_root_password, db_name,dryMode): @@ -1175,6 +1328,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -c \; -query \"select alias from sa_db_info() where alias='%s';\"" %(db_name) elif os_name == "WINDOWS": query = get_cmd + " -query \"select alias from sa_db_info() where alias='%s';\" -c ;" %(db_name) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_name + " |"): return True @@ -1191,9 +1345,11 @@ class SqlAnywhereConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') if os_name == "LINUX": query = get_cmd + " -c \; -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\"" %(db_name,db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\" -c ;" %(db_name,db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: log("[E] Database creation failed..","error") @@ -1216,6 +1372,7 @@ class SqlAnywhereConf(BaseDB): query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): if dryMode == False: @@ -1224,15 +1381,18 @@ class SqlAnywhereConf(BaseDB): if dryMode == False: if os_name == "LINUX": query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret == 0: if os_name == "LINUX": query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user) elif os_name == "WINDOWS": query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user) + jisql_log(query, db_root_password) output = check_output(query) if output.strip(db_user + " |"): log("[I] User "+db_user+" exist ","info") @@ -1251,9 +1411,11 @@ class SqlAnywhereConf(BaseDB): get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if os_name == "LINUX": query = get_cmd + " -c \; -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password) + jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": query = get_cmd + " -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password) + jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: sys.exit(1) @@ -1271,6 +1433,21 @@ class SqlAnywhereConf(BaseDB): self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode) self.grant_xa_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password, is_revoke, dryMode) + def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): + logFile("# Login to SQL Anywhere Server from a SQLA dba user(i.e 'dba') to execute below sql statements.") + logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password)) + logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(db_name, db_user ,db_password)) + logFile("start database '%s' autostop off;" %(db_name)) + if not db_user == audit_db_user: + logFile("CREATE USER %s IDENTIFIED BY '%s';" %(audit_db_user, audit_db_password)) + if not db_name == audit_db_name: + logFile("create database '%s' dba user '%s' dba password '%s' database size 100MB;" %(audit_db_name, db_user ,db_password)) + logFile("start database '%s' autostop off;" %(audit_db_name)) + if not db_user == audit_db_user: + logFile("# Login to SQL Anywhere Server from '%s' user on '%s' database to execute below sql statements."%(db_user,audit_db_name)) + logFile("GRANT CONNECT to %s IDENTIFIED BY '%s';" %(audit_db_user, audit_db_password)) + + def main(argv): FORMAT = '%(asctime)-15s %(message)s' @@ -1281,7 +1458,7 @@ def main(argv): dryMode=False is_revoke=False - if len(argv) == 3: + if len(argv) == 4 and argv[3] == 'password_validation': password_validation(argv[1],argv[2]); return; @@ -1334,20 +1511,24 @@ def main(argv): else: log("[E] ---------- JAVA Not Found, aborting installation. ----------", "error") sys.exit(1) + log("[I] Using Java:" + str(JAVA_BIN),"info") else: - if os.environ['JAVA_HOME'] == "": - log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") - sys.exit(1) - JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') - if os_name == "WINDOWS" : - JAVA_BIN = JAVA_BIN+'.exe' - if os.path.isfile(JAVA_BIN): - pass - else : - while os.path.isfile(JAVA_BIN) == False: - log("Enter java executable path: :","info") - JAVA_BIN=raw_input() - log("[I] Using Java:" + str(JAVA_BIN),"info") + JAVA_BIN='' + if not dryMode: + if os.environ['JAVA_HOME'] == "": + log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error") + sys.exit(1) + JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java') + if os_name == "WINDOWS" : + JAVA_BIN = JAVA_BIN+'.exe' + if os.path.isfile(JAVA_BIN): + pass + else : + while os.path.isfile(JAVA_BIN) == False: + log("Enter java executable path: :","info") + JAVA_BIN=raw_input() + log("[I] Using Java:" + str(JAVA_BIN),"info") + if (quiteMode): XA_DB_FLAVOR=globalDict['DB_FLAVOR'] @@ -1366,121 +1547,135 @@ def main(argv): if (quiteMode): CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] else: - if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL": - log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info") - CONNECTOR_JAR=raw_input() - while os.path.isfile(CONNECTOR_JAR) == False: - log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error") + CONNECTOR_JAR='' + if not dryMode: + if XA_DB_FLAVOR == "MYSQL" or XA_DB_FLAVOR == "ORACLE" or XA_DB_FLAVOR == "POSTGRES" or XA_DB_FLAVOR == "MSSQL" or XA_DB_FLAVOR == "SQLA": + log("Enter JDBC connector file for :"+XA_DB_FLAVOR,"info") CONNECTOR_JAR=raw_input() - else: - log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") - sys.exit(1) + while os.path.isfile(CONNECTOR_JAR) == False: + log("JDBC connector file "+CONNECTOR_JAR+" does not exist, Please enter connector path :","error") + CONNECTOR_JAR=raw_input() + else: + log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") + sys.exit(1) if (quiteMode): xa_db_host = globalDict['db_host'] audit_db_host = globalDict['db_host'] + log("[I] DB Host:" + str(xa_db_host),"info") else: - xa_db_host='' - while xa_db_host == "": - log("Enter DB Host :","info") - xa_db_host=raw_input() - audit_db_host=xa_db_host - log("[I] DB Host:" + str(xa_db_host),"info") + if (dryMode): + xa_db_host='127.0.0.1' + audit_db_host='127.0.0.1' + else: + xa_db_host='' + while xa_db_host == "": + log("Enter DB Host :","info") + xa_db_host=raw_input() + audit_db_host=xa_db_host + log("[I] DB Host:" + str(xa_db_host),"info") if (quiteMode): xa_db_root_user = globalDict['db_root_user'] xa_db_root_password = globalDict['db_root_password'] else: - xa_db_root_user='' - while xa_db_root_user == "": - log("Enter db root user:","info") - xa_db_root_user=raw_input() - log("Enter db root password:","info") - xa_db_root_password = getpass.getpass("Enter db root password:") + if (dryMode): + xa_db_root_user='db_root_user' + xa_db_root_password='*****' + else: + xa_db_root_user='' + while xa_db_root_user == "": + log("Enter db root user:","info") + xa_db_root_user=raw_input() + log("Enter db root password:","info") + xa_db_root_password = getpass.getpass("Enter db root password:") if (quiteMode): db_name = globalDict['db_name'] else: - db_name = '' - while db_name == "": - log("Enter DB Name :","info") - db_name=raw_input() + if (dryMode): + db_name='ranger_db' + else: + db_name = '' + while db_name == "": + log("Enter DB Name :","info") + db_name=raw_input() if (quiteMode): db_user = globalDict['db_user'] else: - db_user='' - while db_user == "": - log("Enter db user name:","info") - db_user=raw_input() + if (dryMode): + db_user='ranger_admin_user' + else: + db_user='' + while db_user == "": + log("Enter db user name:","info") + db_user=raw_input() if (quiteMode): db_password = globalDict['db_password'] else: - db_password='' - while db_password == "": - log("Enter db user password:","info") - db_password = getpass.getpass("Enter db user password:") + if (dryMode): + db_password='*****' + else: + db_password='' + while db_password == "": + log("Enter db user password:","info") + db_password = getpass.getpass("Enter db user password:") if (quiteMode): audit_db_name = globalDict['audit_db_name'] else: - audit_db_name='' - while audit_db_name == "": - log("Enter audit db name:","info") - audit_db_name = raw_input() + if (dryMode): + audit_db_name='ranger_audit_db' + else: + audit_db_name='' + while audit_db_name == "": + log("Enter audit db name:","info") + audit_db_name = raw_input() if (quiteMode): audit_db_user = globalDict['audit_db_user'] else: - audit_db_user='' - while audit_db_user == "": - log("Enter audit user name:","info") - audit_db_user = raw_input() + if (dryMode): + audit_db_user='ranger_logger_user' + else: + audit_db_user='' + while audit_db_user == "": + log("Enter audit user name:","info") + audit_db_user = raw_input() if (quiteMode): audit_db_password = globalDict['audit_db_password'] else: - audit_db_password='' - while audit_db_password == "": - log("Enter audit db user password:","info") - audit_db_password = getpass.getpass("Enter audit db user password:") + if (dryMode): + audit_db_password='*****' + else: + audit_db_password='' + while audit_db_password == "": + log("Enter audit db user password:","info") + audit_db_password = getpass.getpass("Enter audit db user password:") audit_db_root_user = xa_db_root_user audit_db_root_password = xa_db_root_password - #audit_db_root_user = globalDict['db_root_user'] - #audit_db_root_password = globalDict['db_root_password'] - #print "Enter audit_db_root_password :" - #log("Enter audit db root user:","info") - #audit_db_root_user = raw_input() - #log("Enter db root password:","info") - #xa_db_root_password = raw_input() mysql_dbversion_catalog = os.path.join('db','mysql','create_dbversion_catalog.sql') - #mysql_core_file = globalDict['mysql_core_file'] mysql_core_file = os.path.join('db','mysql','xa_core_db.sql') - #mysql_audit_file = globalDict['mysql_audit_file'] mysql_audit_file = os.path.join('db','mysql','xa_audit_db.sql') mysql_patches = os.path.join('db','mysql','patches') oracle_dbversion_catalog = os.path.join('db','oracle','create_dbversion_catalog.sql') - #oracle_core_file = globalDict['oracle_core_file'] oracle_core_file = os.path.join('db','oracle','xa_core_db_oracle.sql') - #oracle_audit_file = globalDict['oracle_audit_file'] oracle_audit_file = os.path.join('db','oracle','xa_audit_db_oracle.sql') oracle_patches = os.path.join('db','oracle','patches') postgres_dbversion_catalog = os.path.join('db','postgres','create_dbversion_catalog.sql') - #postgres_core_file = globalDict['postgres_core_file'] postgres_core_file = os.path.join('db','postgres','xa_core_db_postgres.sql') - #postgres_audit_file = globalDict['postgres_audit_file'] postgres_audit_file = os.path.join('db','postgres','xa_audit_db_postgres.sql') postgres_patches = os.path.join('db','postgres','patches') sqlserver_dbversion_catalog = os.path.join('db','sqlserver','create_dbversion_catalog.sql') - #sqlserver_core_file = globalDict['sqlserver_core_file'] sqlserver_core_file = os.path.join('db','sqlserver','xa_core_db_sqlserver.sql') - #sqlserver_audit_file = globalDict['sqlserver_audit_file'] sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql') sqlserver_patches = os.path.join('db','sqlserver','patches') @@ -1494,8 +1689,6 @@ def main(argv): x_user = 'x_portal_user' if XA_DB_FLAVOR == "MYSQL": - #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] - #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar' MYSQL_CONNECTOR_JAR=CONNECTOR_JAR xa_sqlObj = MysqlConf(xa_db_host, MYSQL_CONNECTOR_JAR, JAVA_BIN) xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,mysql_dbversion_catalog) @@ -1503,21 +1696,16 @@ def main(argv): xa_patch_file = os.path.join(RANGER_ADMIN_HOME,mysql_patches) elif XA_DB_FLAVOR == "ORACLE": - #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] - #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar' ORACLE_CONNECTOR_JAR=CONNECTOR_JAR - if os_name == "LINUX": + if xa_db_root_user.upper() == "SYS" : xa_db_root_user = xa_db_root_user+" AS SYSDBA" - elif os_name == "WINDOWS": - xa_db_root_user = xa_db_root_user + xa_sqlObj = OracleConf(xa_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,oracle_dbversion_catalog) xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,oracle_core_file) xa_patch_file = os.path.join(RANGER_ADMIN_HOME,oracle_patches) elif XA_DB_FLAVOR == "POSTGRES": - #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] - #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar' db_user=db_user.lower() db_name=db_name.lower() POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR @@ -1527,8 +1715,6 @@ def main(argv): xa_patch_file = os.path.join(RANGER_ADMIN_HOME,postgres_patches) elif XA_DB_FLAVOR == "MSSQL": - #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] - #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar' SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR xa_sqlObj = SqlServerConf(xa_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN) xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_dbversion_catalog) @@ -1550,35 +1736,26 @@ def main(argv): sys.exit(1) if AUDIT_DB_FLAVOR == "MYSQL": - #MYSQL_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] - #MYSQL_CONNECTOR_JAR='/usr/share/java/mysql-connector-java.jar' MYSQL_CONNECTOR_JAR=CONNECTOR_JAR audit_sqlObj = MysqlConf(audit_db_host,MYSQL_CONNECTOR_JAR,JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME,mysql_audit_file) elif AUDIT_DB_FLAVOR == "ORACLE": - #ORACLE_CONNECTOR_JAR=globalDict['SQL_CONNECTOR_JAR'] - #ORACLE_CONNECTOR_JAR='/usr/share/java/ojdbc6.jar' ORACLE_CONNECTOR_JAR=CONNECTOR_JAR - if os_name == "LINUX": + if audit_db_root_user.upper() == "SYS": audit_db_root_user = audit_db_root_user+" AS SYSDBA" - if os_name == "WINDOWS": - audit_db_root_user = audit_db_root_user + audit_sqlObj = OracleConf(audit_db_host, ORACLE_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file) elif AUDIT_DB_FLAVOR == "POSTGRES": - #POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] - #POSTGRES_CONNECTOR_JAR='/usr/share/java/postgresql.jar' audit_db_user=audit_db_user.lower() - audit_db_name=audit_db_name.lower() + audit_db_name=audit_db_name.lower() POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR audit_sqlObj = PostgresConf(audit_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file) elif AUDIT_DB_FLAVOR == "MSSQL": - #SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] - #SQLSERVER_CONNECTOR_JAR='/usr/share/java/sqljdbc4-2.0.jar' SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_audit_file) @@ -1599,22 +1776,19 @@ def main(argv): if audit_store is None or audit_store == "": audit_store = "db" audit_store=audit_store.lower() - - log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info") - password_validation(db_password,"admin"); - log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info") - password_validation(audit_db_password,"audit"); + if not dryMode: + log("[I] ---------- Verifing DB root password ---------- ","info") + password_validation(xa_db_root_password,"DBA root"); + log("[I] ---------- Verifing Ranger Admin db user password ---------- ","info") + password_validation(db_password,"admin"); + log("[I] ---------- Verifing Ranger Audit db user password ---------- ","info") + password_validation(audit_db_password,"audit"); # Methods Begin if DBA_MODE == "TRUE" : if (dryMode==True): - log("[I] Dry run mode:"+str(dryMode),"info") log("[I] Logging DBA Script in file:"+str(globalDict["dryModeOutputFile"]),"info") logFile("===============================================\n") - xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode) - xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode) - if not XA_DB_FLAVOR == "SQLA": - xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) - audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) + xa_sqlObj.writeDrymodeCmd(xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name) logFile("===============================================\n") if (dryMode==False): log("[I] ---------- Creating Ranger Admin db user ---------- ","info")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index eb0c7ec..f3af716 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -26,11 +26,6 @@ PYTHON_COMMAND_INVOKER=python #DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLA DB_FLAVOR=MYSQL # -# The executable path to be used to invoke command-line MYSQL -# -#SQL_COMMAND_INVOKER='mysql' -#SQL_COMMAND_INVOKER='sqlplus' -SQL_COMMAND_INVOKER='mysql' # # Location of DB client library (please check the location of the jar file) @@ -51,6 +46,9 @@ SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # ************************************************************************** # #db_root_user=root|SYS|postgres|sa|dba +#db_host=host:port # for DB_FLAVOR=MYSQL|POSTGRES|SQLA|MSSQL #for example: db_host=localhost:3306 +#db_host=host:port:SID # for DB_FLAVOR=ORACLE #for SID example: db_host=localhost:1521:ORCL +#db_host=host:port/ServiceName # for DB_FLAVOR=ORACLE #for Service example: db_host=localhost:1521/XE db_root_user=root db_root_password= db_host=localhost @@ -129,16 +127,16 @@ authServicePort=5151 # # Sample Settings # -#xa_ldap_url="ldap://127.0.0.1:389"; -#xa_ldap_userDNpattern="uid={0},ou=users,dc=xasecure,dc=net" -#xa_ldap_groupSearchBase="ou=groups,dc=xasecure,dc=net" -#xa_ldap_groupSearchFilter="(member=uid={0},ou=users,dc=xasecure,dc=net)" -#xa_ldap_groupRoleAttribute="cn" -#xa_ldap_base_dn="dc=xasecure,dc=net" -#xa_ldap_bind_dn="cn=admin,ou=users,dc=xasecure,dc=net" +#xa_ldap_url=ldap://127.0.0.1:389 +#xa_ldap_userDNpattern=uid={0},ou=users,dc=xasecure,dc=net +#xa_ldap_groupSearchBase=ou=groups,dc=xasecure,dc=net +#xa_ldap_groupSearchFilter=(member=uid={0},ou=users,dc=xasecure,dc=net) +#xa_ldap_groupRoleAttribute=cn +#xa_ldap_base_dn=dc=xasecure,dc=net +#xa_ldap_bind_dn=cn=admin,ou=users,dc=xasecure,dc=net #xa_ldap_bind_password= #xa_ldap_referral=follow|ignore -#xa_ldap_userSearchFilter="(uid={0})" +#xa_ldap_userSearchFilter=(uid={0}) xa_ldap_url= xa_ldap_userDNpattern= @@ -154,13 +152,13 @@ xa_ldap_userSearchFilter= # # Sample Settings # -#xa_ldap_ad_domain="xasecure.net" -#xa_ldap_ad_url="ldap://127.0.0.1:389"; -#xa_ldap_ad_base_dn="dc=xasecure,dc=net" -#xa_ldap_ad_bind_dn="cn=administrator,ou=users,dc=xasecure,dc=net" +#xa_ldap_ad_domain=xasecure.net +#xa_ldap_ad_url=ldap://127.0.0.1:389 +#xa_ldap_ad_base_dn=dc=xasecure,dc=net +#xa_ldap_ad_bind_dn=cn=administrator,ou=users,dc=xasecure,dc=net #xa_ldap_ad_bind_password= #xa_ldap_ad_referral=follow|ignore -#xa_ldap_ad_userSearchFilter="(sAMAccountName={0})" +#xa_ldap_ad_userSearchFilter=(sAMAccountName={0}) xa_ldap_ad_domain= xa_ldap_ad_url=
