http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 11b72b4..36696a0 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -22,7 +22,6 @@ PROPFILE=$PWD/install.properties propertyValue='' -#. $PROPFILE if [ ! $? = "0" ];then log "$PROPFILE file not found....!!"; exit 1; @@ -42,12 +41,16 @@ get_prop(){ validateProperty=$(sed '/^\#/d' $2 | grep "^$1\s*=" | tail -n 1) # for validation if test -z "$validateProperty" ; then log "[E] '$1' not found in $2 file while getting....!!"; exit 1; fi value=$(echo $validateProperty | cut -d "=" -f2-) - echo $value + if [[ $1 == *password* ]] + then + echo $value + else + echo $value | tr -d \'\" + fi } PYTHON_COMMAND_INVOKER=$(get_prop 'PYTHON_COMMAND_INVOKER' $PROPFILE) DB_FLAVOR=$(get_prop 'DB_FLAVOR' $PROPFILE) -SQL_COMMAND_INVOKER=$(get_prop 'SQL_COMMAND_INVOKER' $PROPFILE) SQL_CONNECTOR_JAR=$(get_prop 'SQL_CONNECTOR_JAR' $PROPFILE) db_root_user=$(get_prop 'db_root_user' $PROPFILE) db_root_password=$(get_prop 'db_root_password' $PROPFILE) @@ -169,18 +172,6 @@ getPropertyFromFile(){ #Update Properties to File #$1 -> propertyName $2 -> newPropertyValue $3 -> fileName -updatePropertyToFile(){ - sed -i 's@^'$1'=[^ ]*$@'$1'='$2'@g' $3 - #validate=`sed -i 's/^'$1'=[^ ]*$/'$1'='$2'/g' $3` #for validation - validate=$(sed '/^\#/d' $3 | grep "^$1" | tail -n 1 | cut -d "=" -f2-) # for validation - #echo 'V1:'$validate - if test -z "$validate" ; then log "[E] '$1' not found in $3 file while Updating....!!"; exit 1; fi - log "[I] File $3 Updated successfully : {'$1'}" -} - - -#Update Properties to File -#$1 -> propertyName $2 -> newPropertyValue $3 -> fileName updatePropertyToFilePy(){ python update_property.py $1 $2 $3 check_ret_status $? "Update property failed for: " $1 @@ -195,78 +186,18 @@ init_logfiles () { init_variables(){ curDt=`date '+%Y%m%d%H%M%S'` - VERSION=`cat ${PWD}/version` - XAPOLICYMGR_DIR=$PWD - RANGER_ADMIN_INITD=ranger-admin-initd - RANGER_ADMIN=ranger-admin - INSTALL_DIR=${XAPOLICYMGR_DIR} - WEBAPP_ROOT=${INSTALL_DIR}/ews/webapp - DB_FLAVOR=`echo $DB_FLAVOR | tr '[:lower:]' '[:upper:]'` if [ "${DB_FLAVOR}" == "" ] then DB_FLAVOR="MYSQL" fi log "[I] DB_FLAVOR=${DB_FLAVOR}" - - #getPropertyFromFile 'db_root_user' $PROPFILE db_root_user - #getPropertyFromFile 'db_root_password' $PROPFILE db_user - #getPropertyFromFile 'db_user' $PROPFILE db_user - #getPropertyFromFile 'db_password' $PROPFILE db_password - #if [ "${audit_store}" == "solr" ] - #then - # getPropertyFromFile 'audit_solr_urls' $PROPFILE audit_solr_urls - # getPropertyFromFile 'audit_solr_user' $PROPFILE audit_solr_user - # getPropertyFromFile 'audit_solr_password' $PROPFILE audit_solr_password - # getPropertyFromFile 'audit_solr_zookeepers' $PROPFILE audit_solr_zookeepers - #else - # getPropertyFromFile 'audit_db_user' $PROPFILE audit_db_user - # getPropertyFromFile 'audit_db_password' $PROPFILE audit_db_password - #fi -} - -wait_for_tomcat_shutdown() { - i=1 - touch $TMPFILE - while [ $i -le 20 ] - do - ps -ef | grep catalina.startup.Bootstrap | grep -v grep > $TMPFILE - if [ $? -eq 1 ]; then - log "[I] Tomcat stopped" - i=21 - else - log "[I] stopping Tomcat.." - i=`expr $i + 1` - sleep 1 - fi - done -} - -check_db_version() { - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - if is_command ${SQL_COMMAND_INVOKER} ; then - log "[I] '${SQL_COMMAND_INVOKER}' command found" - else - log "[E] '${SQL_COMMAND_INVOKER}' command not found" - exit 1; - fi - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - if is_command ${SQL_COMMAND_INVOKER} ; then - log "[I] '${SQL_COMMAND_INVOKER}' command found" - else - log "[E] '${SQL_COMMAND_INVOKER}' command not found" - exit 1; - fi - fi } check_python_command() { @@ -319,13 +250,6 @@ check_java_version() { log "[E] Java 1.7 is required, current java version is $version" exit 1; fi - - - #$JAVA_BIN -version 2>&1 | grep -q "$JAVA_ORACLE" - #if [ $? != 0 ] ; then - #log "[E] Oracle Java is required" - #exit 1; - #fi } sanity_check_files() { @@ -389,436 +313,6 @@ create_rollback_point() { cp "$APP" "$BAK_FILE" } -create_db_user(){ - check_db_user_password - strError="ERROR" - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] Creating ${DB_FLAVOR} user '${db_user}'" - for thost in '%' localhost - do - usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$db_user' and host = '$thost';"` - if [ ${usercount} -eq 0 ] - then - $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$db_user'@'$thost' identified by '$db_password';" - log "[I] Creating user '$db_user' for host $thost done" - fi - dbquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$db_user'@'$thost';FLUSH PRIVILEGES;" - echo "${dbquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST - check_ret_status $? "'$DB_FLAVOR' revoke *.* privileges from user '$db_user'@'$thost' failed" - done - log "[I] Creating ${DB_FLAVOR} user '${db_user}' DONE" - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - #check user exist or not - result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"` - username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'` - #if does not contains username so create user - if test "${result3#*$username}" == "$result3" - then - #create user - result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"` - result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"` - username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'` - #if user is not created print error message - if test "${result3#*$username}" == "$result3" - then - log "[E] Creating User: ${db_user} Failed"; - log "[E] $result4" - exit 1 - else - log "[I] Creating User: ${db_user} Success"; - fi - fi - result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"` - if test "${result5#*$strError}" == "$result5" - then - log "[I] Granting User: ${db_user} Success"; - else - log "[E] Granting User: ${db_user} Failed"; - log "[E] $result5" - exit 1 - fi - log "[I] Creating $DB_FLAVOR user '${db_user}' DONE" - fi -} - -check_db_admin_password () { - count=0 - msg='' - cmdStatus='' - strError="ERROR" - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] Checking ${DB_FLAVOR} $db_root_user password" - msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1` - cmdStatus=$? - fi - - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log "[I] Checking ${DB_FLAVOR} $db_root_user password" - msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA>&1` - cmdStatus=$? - fi - if test "${msg#*$strError}" != "$msg" - then - cmdStatus=1 - else - cmdStatus=0 # $substring is not in $string - fi - while : - do - if [ $cmdStatus != 0 ]; then - if [ $count != 0 ] - then - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] COMMAND: mysql -u $db_root_user --password=...... -h $DB_HOST : FAILED with error message:" - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log "[I] COMMAND: sqlplus $db_root_user/...... @$DB_HOST AS SYSDBA : FAILED with error message:" - fi - log "*******************************************${sg}*******************************************" - fi - if [ $count -gt 2 ] - then - log "[E] Unable to continue as db connectivity fails." - exit 1 - fi - trap 'stty echo; exit 1' 2 3 15 - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - printf "Please enter password for mysql user-id, $db_root_user@${DB_HOST} : " - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log="[msg] ${msg}" - printf "Please enter password for oracle user-id, $db_root_user@${DB_HOST} AS SYSDBA: " - fi - stty -echo - read db_root_password - stty echo - printf "\n" - trap '' 2 3 15 - count=`expr ${count} + 1` - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - msg=`$SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h "$DB_HOST" -s -e "select version();" 2>&1` - cmdStatus=$? - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - msg=`echo "select 1 from dual;" | $SQL_COMMAND_INVOKER -L -S "${db_root_user}"/"\"${db_root_password}\""@"{$DB_HOST}" AS SYSDBA >&1` - cmdStatus=$? - fi - if test "${msg#*$strError}" != "$msg" - then - cmdStatus=1 - else - cmdStatus=0 # $substring is not in $string - fi - else - log "[I] Checking DB password DONE" - break; - fi - done - return 0; -} - -check_db_user_password() { - count=0 - muser=${db_user}@${DB_HOST} - while [ "${db_password}" = "" ] - do - if [ $count -gt 0 ] - then - log "[I] You can not have a empty password for user: (${muser})." - fi - if [ ${count} -gt 2 ] - then - log "[E] Unable to continue as user, ${muser} does not have a non-empty password." - fi - printf "Please enter password for the Ranger schema owner (${muser}): " - trap 'stty echo; exit 1' 2 3 15 - stty -echo - read db_password - stty echo - printf "\n" - trap '' 2 3 15 - count=`expr ${count} + 1` - done -} - - -check_audit_user_password() { - count=0 - muser=${audit_db_user}@${DB_HOST} - while [ "${audit_db_password}" = "" ] - do - if [ $count -gt 0 ] - then - log "[I] You can not have a empty password for user: (${muser})." - fi - if [ ${count} -gt 2 ] - then - log "[E] Unable to continue as user, ${muser} does not have a non-empty password." - fi - printf "Please enter password for the Ranger Audit Table owner (${muser}): " - trap 'stty echo; exit 1' 2 3 15 - stty -echo - read audit_db_password - stty echo - printf "\n" - trap '' 2 3 15 - count=`expr ${count} + 1` - done -} - -upgrade_db() { - log "[I] - starting upgradedb ... " - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - DBVERSION_CATALOG_CREATION=db/mysql/create_dbversion_catalog.sql - if [ -f ${DBVERSION_CATALOG_CREATION} ] - then - log "[I] Verifying database version catalog table .... " - ${mysqlexec} < ${DBVERSION_CATALOG_CREATION} - `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${DBVERSION_CATALOG_CREATION}` - check_ret_status $? "Verifying database version catalog table Failed." - fi - - dt=`date '+%s'` - tempFile=/tmp/sql_${dt}_$$.sql - sqlfiles=`ls -1 db/mysql/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/mysql/patches/%s\n",$2) ; }'` - for sql in ${sqlfiles} - do - if [ -f ${sql} ] - then - bn=`basename ${sql}` - version=`echo ${bn} | awk -F'-' '{ print $1 }'` - if [ "${version}" != "" ] - then - c=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"` - check_ret_status $? "DBVerionCheck - ${version} Failed." - if [ ${c} -eq 0 ] - then - cat ${sql} > ${tempFile} - echo >> ${tempFile} - echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile} - log "[I] - patch [${version}] is being applied." - `${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h ${DB_HOST} -D ${db_name} < ${tempFile}` - check_ret_status $? "Update patch - ${version} Failed. See sql file : [${tempFile}]" - rm -f ${tempFile} - else - log "[I] - patch [${version}] is already applied. Skipping ..." - fi - fi - fi - done - fi - #### - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - strError="ERROR" - DBVERSION_CATALOG_CREATION=db/oracle/create_dbversion_catalog.sql - VERSION_TABLE=x_db_version_h - log "[I] Verifying table $VERSION_TABLE in database $db_name"; - if [ -f ${DBVERSION_CATALOG_CREATION} ] - then - result1=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('${db_name}') and UPPER(table_name)=UPPER('${VERSION_TABLE}');"` - tablename=`echo $VERSION_TABLE | tr '[:lower:]' '[:upper:]'` - if test "${result1#*$tablename}" == "$result1" #does not contains tablename so create table - then - log "[I] Importing Version Catalog file: $DBVERSION_CATALOG_CREATION..." - result2=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$DBVERSION_CATALOG_CREATION` - if test "${result2#*$strError}" == "$result2" - then - log "[I] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION DONE"; - else - log "[E] Importing Version Catalog file : $DBVERSION_CATALOG_CREATION Failed"; - log "[E] $result2" - fi - else - log "[I] Table $VERSION_TABLE already exists in database ${db_name}" - fi - fi - - dt=`date '+%s'` - tempFile=/tmp/sql_${dt}_$$.sql - sqlfiles=`ls -1 db/oracle/patches/*.sql 2> /dev/null | awk -F/ '{ print $NF }' | awk -F- '{ print $1, $0 }' | sort -k1 -n | awk '{ printf("db/oracle/patches/%s\n",$2) ; }'` - for sql in ${sqlfiles} - do - if [ -f ${sql} ] - then - bn=`basename ${sql}` - version=`echo ${bn} | awk -F'-' '{ print $1 }'` - if [ "${version}" != "" ] - then - result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"` - #does not contains record so insert - if test "${result2#*$version}" == "$result2" - then - cat ${sql} > ${tempFile} - echo >> ${tempFile} - echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile} - log "[I] - patch [${version}] is being applied. $tempFile" - result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile` - log "[+]$result3" - if test "${result3#*$strError}" == "$result3" - then - log "[I] Update patch - ${version} applied. See sql file : [${tempFile}]" - else - log "[E] Update patch - ${version} Failed. See sql file : [${tempFile}]" - fi - rm -f ${tempFile} - elif test "${result2#*$strError}" != "$result2" - then - log "[E] - patch [${version}] could not applied. Skipping ..." - exit 1 - else - log "[I] - patch [${version}] is already applied. Skipping ..." - fi - fi - fi - done - fi - log "[I] - upgradedb completed." -} - -import_db(){ - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] Verifying Database: ${db_name}"; - existdb=`${SQL_COMMAND_INVOKER} -u "${db_root_user}" --password="${db_root_password}" -h $DB_HOST -B --skip-column-names -e "show databases like '${db_name}' ;"` - if [ "${existdb}" = "${db_name}" ] - then - log "[I] - database ${db_name} already exists. Ignoring import_db ..." - else - log "[I] Creating Database: $db_name"; - $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $db_name" - check_ret_status $? "Creating database Failed.." - log "[I] Importing Core Database file: $mysql_core_file " - $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $db_name < $mysql_core_file - check_ret_status $? "Importing Database Failed.." - if [ -f "${mysql_asset_file}" ] - then - $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST ${db_name} < ${mysql_asset_file} - check_ret_status $? "Reset of DB repositories failed" - fi - log "[I] Importing Database file : $mysql_core_file DONE"; - fi - for thost in '%' localhost - do - mysqlquery="GRANT ALL ON $db_name.* TO '$db_user'@'$thost' ; - GRANT ALL PRIVILEGES ON $db_name.* to '$db_user'@'$thost' WITH GRANT OPTION; - FLUSH PRIVILEGES;" - echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST - check_ret_status $? "'$db_user' grant privileges on '$db_name' failed" - log "[I] Granting MYSQL user '$db_user' for host $thost DONE" - done - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log "[I] Importing TABLESPACE: ${db_name}"; - strError="ERROR" - existdb="false" - - #Verifying Users - log "[I] Verifying DB User: ${db_user}"; - result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"` - username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'` - if test "${result3#*$username}" == "$result3" #does not contains username so create user - then - #create user - result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${db_user} identified by \"${db_password}\";"` - result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"` - username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'` - if test "${result3#*$username}" == "$result3" #does not contains username so create user - then - log "[E] Creating User: ${db_user} Failed"; - log "[E] ${result4}"; - exit 1 - else - log "[I] Creating User: ${db_user} Success"; - fi - else - log "[I] User: ${db_user} exist"; - fi - - #creating db/tablespace - result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"` - tablespace=`echo ${db_name} | tr '[:lower:]' '[:upper:]'` - if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace - then - log "[I] Creating TABLESPACE: ${db_name}"; - result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace ${db_name} datafile '${db_name}.dat' size 10M autoextend on;"` - if test "${result2#*$strError}" == "$result2" - then - log "[I] TABLESPACE ${db_name} created."; - existdb="true" - else - log "[E] Creating TABLESPACE: ${db_name} Failed"; - log "[E] $result2"; - exit 1 - fi - else - log "[I] TABLESPACE ${db_name} already exists."; - fi - - #verify table space - result1a=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT DISTINCT UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${db_name}');"` - tablespace1a=`echo ${db_name} | tr '[:lower:]' '[:upper:]'` - if test "${result1a#*$tablespace1a}" == "$result1a" #does not contains tablespace so exit - then - log "[E] TABLESPACE: ${db_name} Does not exist!!"; - exit 1 - fi - - #verify user - result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${db_user}');"` - username=`echo ${db_user} | tr '[:lower:]' '[:upper:]'` - if test "${result3#*$username}" == "$result3" #does not contains username so exit - then - log "[E] User: ${db_user} Does not exist!!"; - exit 1 - fi - - # ASSIGN DEFAULT TABLESPACE ${db_name} - result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${db_user} identified by \"${db_password}\" DEFAULT TABLESPACE ${db_name};"` - - #grant user - result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION,CREATE PROCEDURE,CREATE TABLE,CREATE VIEW,CREATE SEQUENCE,CREATE PUBLIC SYNONYM,CREATE TRIGGER,UNLIMITED TABLESPACE TO ${db_user} WITH ADMIN OPTION;"` - if test "${result5#*$strError}" == "$result5" - then - log "[I] Granting User: ${db_user} Success"; - else - log "[E] Granting User: ${db_user} Failed"; - log "[E] $result5"; - exit 1 - fi - - #if does not contains tables create tables - if [ "${existdb}" == "true" ] - then - log "[I] Importing XA Database file: ${oracle_core_file}..." - result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @${oracle_core_file}` - if test "${result7#*$strError}" == "$result7" - then - log "[I] Importing XA Database file : ${oracle_core_file} DONE"; - else - log "[E] Importing XA Database file : ${oracle_core_file} Failed"; - log "[E] $result7"; - exit 1 - fi - else - log "[I] - database ${db_name} already exists. Ignoring import_db ..." ; - fi - fi -} - copy_db_connector(){ log "[I] Copying ${DB_FLAVOR} Connector to $app_home/WEB-INF/lib "; cp -f $SQL_CONNECTOR_JAR $app_home/WEB-INF/lib @@ -874,11 +368,18 @@ update_properties() { if [ "${DB_FLAVOR}" == "ORACLE" ] then propertyName=ranger.jpa.jdbc.url - newPropertyValue="jdbc:oracle:thin:@${DB_HOST}" + count=$(grep -o ":" <<< "$DB_HOST" | wc -l) + #if [[ ${count} -eq 2 ]] ; then + if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then + #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL + newPropertyValue="jdbc:oracle:thin:@${DB_HOST}" + else + #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE + newPropertyValue="jdbc:oracle:thin:@//${DB_HOST}" + fi updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger propertyName=ranger.jpa.audit.jdbc.url - newPropertyValue="jdbc:oracle:thin:@${DB_HOST}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger propertyName=ranger.jpa.jdbc.dialect @@ -994,7 +495,6 @@ update_properties() { newPropertyValue=${audit_store} updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.externalurl newPropertyValue="${policymgr_external_url}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger @@ -1022,7 +522,6 @@ update_properties() { then mkdir -p `dirname "${keystore}"` $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$db_password_alias" -v "$db_password" -c 1 - #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$db_password_alias" -value "$db_password" -provider jceks://file$keystore propertyName=ranger.credential.provider.path newPropertyValue="${keystore}" @@ -1065,18 +564,10 @@ update_properties() { if [ "${keystore}" != "" ] then $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_db_password_alias" -v "$audit_db_password" -c 1 - #$JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_db_password_alias" -value "$audit_db_password" -provider jceks://file$keystore propertyName=ranger.jpa.audit.jdbc.credential.alias newPropertyValue="${audit_db_password_alias}" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default - - #Use the same provider file for both audit/admin db - # propertyName=audit.jdbc.credential.provider.path - #propertyName=ranger.credential.provider.path - #newPropertyValue="${keystore}" - #updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger - propertyName=ranger.jpa.audit.jdbc.password newPropertyValue="_" updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger @@ -1117,7 +608,6 @@ update_properties() { audit_solr_password_alias=ranger.solr.password $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$audit_solr_password_alias" -v "$audit_solr_password" -c 1 -# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$audit_solr_password_alias" -value "$audit_solr_password" -provider jceks://file$keystore propertyName=ranger.solr.audit.credential.alias newPropertyValue="${audit_solr_password_alias}" @@ -1143,183 +633,6 @@ update_properties() { fi } -create_audit_db_user(){ - check_audit_user_password - AUDIT_DB="${audit_db_name}" - AUDIT_USER="${audit_db_user}" - AUDIT_PASSWORD="${audit_db_password}" - strError="ERROR" - #Verifying Database - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] Verifying Database: $AUDIT_DB"; - existdb=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -B --skip-column-names -e "show databases like '$AUDIT_DB' ;"` - if [ "${existdb}" = "$AUDIT_DB" ] - then - log "[I] Database $AUDIT_DB already exists." - else - log "[I] Creating Database: $audit_db_name"; - $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create database $AUDIT_DB" - check_ret_status $? "Creating database $AUDIT_DB Failed.." - fi - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log "[I] Verifying TABLESPACE: $AUDIT_DB"; - result1=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "SELECT distinct UPPER(TABLESPACE_NAME) FROM USER_TABLESPACES where UPPER(TABLESPACE_NAME)=UPPER('${AUDIT_DB}');"` - tablespace=`echo $AUDIT_DB | tr '[:lower:]' '[:upper:]'` - if test "${result1#*$tablespace}" == "$result1" #does not contains tablespace so create tablespace - then - log "[I] Creating TABLESPACE: $AUDIT_DB"; - result2=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create tablespace $AUDIT_DB datafile '$AUDIT_DB.dat' size 10M autoextend on;"` - if test "${result2#*$strError}" == "$result2" - then - log "[I] TABLESPACE $AUDIT_DB created." - else - log "[E] Creating TABLESPACE: $AUDIT_DB Failed"; - log "[E] $result2" - exit 1 - fi - else - log "[I] TABLESPACE $AUDIT_DB already exists." - fi - fi - - #Verifying Users - log "[I] Verifying Audit User: $AUDIT_USER"; - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - for thost in '%' localhost - do - usercount=`$SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST --skip-column-names -e "select count(*) from mysql.user where user = '$AUDIT_USER' and host = '$thost';"` - if [ ${usercount} -eq 0 ] - then - log "[I] Creating ${DB_FLAVOR} user '$AUDIT_USER'@'$thost'" - $SQL_COMMAND_INVOKER -B -u "$db_root_user" --password="$db_root_password" -h $DB_HOST -e "create user '$AUDIT_USER'@'$thost' identified by '$AUDIT_PASSWORD';" - check_ret_status $? "${DB_FLAVOR} create user failed" - fi - if [ "${AUDIT_USER}" != "${db_user}" ] - then - mysqlquery="REVOKE ALL PRIVILEGES,GRANT OPTION FROM '$AUDIT_USER'@'$thost' ; - FLUSH PRIVILEGES;" - echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST - check_ret_status $? "'$DB_FLAVOR' revoke privileges from user '$AUDIT_USER'@'$thost' failed" - log "[I] '$DB_FLAVOR' revoke all privileges from user '$AUDIT_USER'@'$thost' DONE" - fi - done - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - result3=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(username) from all_users where UPPER(username)=UPPER('${AUDIT_USER}');"` - username=`echo $AUDIT_USER | tr '[:lower:]' '[:upper:]'` - if test "${result3#*$username}" == "$result3" #does not contains username so create user - then - #create user - result4=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "create user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"` - if test "${result4#*$strError}" == "$result4" - then - log "[I] Creating User: ${AUDIT_USER} Success"; - else - log "[E] Creating User: ${AUDIT_USER} Failed"; - log "[E] $result4" - exit 1 - fi - else - log "[I] User: ${AUDIT_USER} exist"; - fi - result5=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT CREATE SESSION TO ${AUDIT_USER};"` - if test "${result5#*$strError}" == "$result5" - then - log "[I] Granting User: $AUDIT_USER Success"; - else - log "[E] Granting User: $AUDIT_USER Failed"; - log "[E] $result5" - exit 1 - fi - fi - - #Verifying audit table - AUDIT_TABLE=xa_access_audit - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - log "[I] Verifying table $AUDIT_TABLE in audit database $AUDIT_DB"; - existtbl=`${SQL_COMMAND_INVOKER} -u "$db_root_user" --password="$db_root_password" -D $AUDIT_DB -h $DB_HOST -B --skip-column-names -e "show tables like '$AUDIT_TABLE' ;"` - if [ "${existtbl}" != "$AUDIT_TABLE" ] - then - log "[I] Importing Audit Database file: $mysql_audit_file..." - $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST $AUDIT_DB < $mysql_audit_file - check_ret_status $? "Importing Audit Database Failed.." - log "[I] Importing Audit Database file : $mysql_audit_file DONE"; - else - log "[I] Table $AUDIT_TABLE already exists in audit database $AUDIT_DB" - fi - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - log "[I] Verifying table $AUDIT_TABLE in TABLESPACE $db_name"; - # ASSIGN DEFAULT TABLESPACE ${db_name} - result8=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "alter user ${AUDIT_USER} identified by \"${AUDIT_PASSWORD}\" DEFAULT TABLESPACE ${AUDIT_DB};"` - result6=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "select UPPER(table_name) from all_tables where UPPER(tablespace_name)=UPPER('$db_name') and UPPER(table_name)=UPPER('${AUDIT_TABLE}');"` - tablename=`echo $AUDIT_TABLE | tr '[:lower:]' '[:upper:]'` - if test "${result6#*$tablename}" == "$result6" #does not contains tablename so create table - then - log "[I] Importing Audit Database file: $oracle_audit_file..." - result7=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$oracle_audit_file` - if test "${result7#*$strError}" == "$result7" - then - log "[I] Importing Audit Database file : $oracle_audit_file DONE"; - else - log "[E] Importing Audit Database file : $oracle_audit_file failed"; - log "[E] $result7" - fi - else - log "[I] Table $AUDIT_TABLE already exists in TABLESPACE $db_name" - fi - fi - - #Granting Users - log "[I] Granting Privileges to User: $AUDIT_USER"; - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - for thost in '%' localhost - do - mysqlquery="GRANT ALL ON $AUDIT_DB.* TO '$db_user'@'$thost' ; - GRANT ALL PRIVILEGES ON $AUDIT_DB.* to '$db_user'@'$thost' WITH GRANT OPTION; - FLUSH PRIVILEGES;" - echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST - check_ret_status $? "'$db_user' grant privileges on '$AUDIT_DB' failed" - log "[I] Creating MYSQL user '$AUDIT_USER' for host $thost DONE" - - mysqlquery="GRANT INSERT ON $AUDIT_DB.$AUDIT_TABLE TO '$AUDIT_USER'@'$thost' ; - FLUSH PRIVILEGES;" - echo "${mysqlquery}" | $SQL_COMMAND_INVOKER -u "$db_root_user" --password="$db_root_password" -h $DB_HOST - check_ret_status $? "'$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE failed" - log "[I] '$DB_FLAVOR' grant INSERT privileges to user '$AUDIT_USER'@'$thost' on $AUDIT_TABLE DONE" - done - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - if [ "${AUDIT_USER}" != "${db_user}" ] - then - result11=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT SELECT ON ${db_user}.XA_ACCESS_AUDIT_SEQ TO ${AUDIT_USER};"` - result12=`${SQL_COMMAND_INVOKER} -L -S "${db_root_user}"/"\"${db_root_password}\""@"${DB_HOST}" AS SYSDBA <<< "GRANT INSERT ON ${db_user}.${AUDIT_TABLE} TO ${AUDIT_USER};"` - if test "${result11#*$strError}" != "$result11" - then - log "[E] Granting User: $AUDIT_USER Failed"; - log "[E] $result11"; - exit1 - elif test "${result12#*$strError}" != "$result12" - then - log "[E] Granting User: $AUDIT_USER Failed"; - log "[E] $result12"; - exit 1 - else - log "[I] Granting User: $AUDIT_USER Success"; - fi - fi - fi -} - do_unixauth_setup() { ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml @@ -1356,40 +669,33 @@ do_authentication_setup(){ ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml if test -f $ldap_file; then log "[I] $ldap_file file found" -# propertyName=xa_ldap_url propertyName=ranger.ldap.url newPropertyValue="${xa_ldap_url}" - updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=xa_ldap_userDNpattern propertyName=ranger.ldap.user.dnpattern newPropertyValue="${xa_ldap_userDNpattern}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=xa_ldap_groupSearchBase propertyName=ranger.ldap.group.searchbase newPropertyValue="${xa_ldap_groupSearchBase}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=xa_ldap_groupSearchFilter propertyName=ranger.ldap.group.searchfilter newPropertyValue="${xa_ldap_groupSearchFilter}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=xa_ldap_groupRoleAttribute propertyName=ranger.ldap.group.roleattribute newPropertyValue="${xa_ldap_groupRoleAttribute}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=authentication_method propertyName=ranger.authentication.method newPropertyValue="${authentication_method}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file if [ "${xa_ldap_base_dn}" != "" ] && [ "${xa_ldap_bind_dn}" != "" ] && [ "${xa_ldap_bind_password}" != "" ] then - $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP' + $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_bind_password} 'LDAP' 'password_validation' if [ "$?" != "0" ] then exit 1 @@ -1419,7 +725,6 @@ do_authentication_setup(){ ldap_password_alias=ranger.ldap.binddn.password $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ldap_password_alias" -v "$xa_ldap_bind_password" -c 1 -# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ldap_password_alias" -value "$xa_ldap_bind_password" -provider jceks://file$keystore to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml @@ -1464,24 +769,21 @@ do_authentication_setup(){ ldap_file=$app_home/WEB-INF/classes/conf/ranger-admin-site.xml if test -f $ldap_file; then log "[I] $ldap_file file found" -# propertyName=xa_ldap_ad_url propertyName=ranger.ldap.ad.url newPropertyValue="${xa_ldap_ad_url}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=xa_ldap_ad_domain propertyName=ranger.ldap.ad.domain newPropertyValue="${xa_ldap_ad_domain}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file -# propertyName=authentication_method propertyName=ranger.authentication.method newPropertyValue="${authentication_method}" updatePropertyToFilePy $propertyName $newPropertyValue $ldap_file if [ "${xa_ldap_ad_base_dn}" != "" ] && [ "${xa_ldap_ad_bind_dn}" != "" ] && [ "${xa_ldap_ad_bind_password}" != "" ] then - $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD' + $PYTHON_COMMAND_INVOKER dba_script.py ${xa_ldap_ad_bind_password} 'AD' 'password_validation' if [ "$?" != "0" ] then exit 1 @@ -1510,7 +812,6 @@ do_authentication_setup(){ ad_password_alias=ranger.ad.binddn.password $PYTHON_COMMAND_INVOKER ranger_credential_helper.py -l "cred/lib/*" -f "$keystore" -k "$ad_password_alias" -v "$xa_ldap_ad_bind_password" -c 1 -# $JAVA_HOME/bin/java -cp "cred/lib/*" org.apache.ranger.credentialapi.buildks create "$ad_password_alias" -value "$xa_ldap_ad_bind_password" -provider jceks://file$keystore to_file_default=$app_home/WEB-INF/classes/conf/ranger-admin-default-site.xml @@ -1564,18 +865,12 @@ do_authentication_setup(){ log "[I] Finished setup based on user authentication method=$authentication_method"; } - #===================================================================== - setup_unix_user_group(){ - log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group}"; - groupadd ${unix_group} check_ret_status_for_groupadd $? "Creating group ${unix_group} failed" - id -u ${unix_user} > /dev/null 2>&1 - if [ $? -ne 0 ] then log "[I] Creating new user and adding to group"; @@ -1585,14 +880,11 @@ setup_unix_user_group(){ log "[I] User already exists, adding it to group"; usermod -g ${unix_group} ${unix_user} fi - log "[I] Setting up UNIX user : ${unix_user} and group: ${unix_group} DONE"; } setup_install_files(){ - log "[I] Setting up installation files and directory"; - if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf" mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf @@ -1684,88 +976,6 @@ setup_install_files(){ fi } -execute_java_patches(){ - if [ "${DB_FLAVOR}" == "MYSQL" ] - then - dt=`date '+%s'` - tempFile=/tmp/sql_${dt}_$$.sql - #mysqlexec="${SQL_COMMAND_INVOKER} -u ${db_root_user} --password="${db_root_password}" -h ${DB_HOST} ${db_name}" - javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'` - for javaPatch in ${javaFiles} - do - if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then - className=$(basename "$javaPatch" .class) - version=`echo ${className} | awk -F'_' '{ print $2 }'` - if [ "${version}" != "" ] - then - #c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"` - c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"` - check_ret_status $? "DBVerionCheck - ${version} Failed." - #if [ ${c} -eq 0 ] - if [ "${c}" != "${version}" ] - then - log "[I] patch ${javaPatch} is being applied.."; - msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF:$SQL_CONNECTOR_JAR" org.apache.ranger.patch.${className}` - check_ret_status $? "Unable to apply patch:$javaPatch. $msg" - touch ${tempFile} - echo >> ${tempFile} - echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile} - #${mysqlexec} < ${tempFile} - c=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver mysqlconj -cstring jdbc:mysql://$DB_HOST/$db_name -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}` - check_ret_status $? "Update patch - ${javaPatch} has failed." - rm -f ${tempFile} - log "[I] patch ${javaPatch} has been applied!!"; - else - log "[I] - patch [${javaPatch}] is already applied. Skipping ..." - fi - fi - fi - done - fi - if [ "${DB_FLAVOR}" == "ORACLE" ] - then - dt=`date '+%s'` - tempFile=/tmp/sql_${dt}_$$.sql - javaFiles=`ls -1 $app_home/WEB-INF/classes/org/apache/ranger/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'` - for javaPatch in ${javaFiles} - do - if test -f "$app_home/WEB-INF/classes/org/apache/ranger/patch/$javaPatch"; then - className=$(basename "$javaPatch" .class) - version=`echo ${className} | awk -F'_' '{ print $2 }'` - if [ "${version}" != "" ] - then - #result2=`${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" <<< "select version from x_db_version_h where version = '${version}' and active = 'Y';"` - result2=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -query "select version from x_db_version_h where version = '${version}' and active = 'Y';"` - #does not contains record so insert - if test "${result2#*$version}" == "$result2" - then - log "[I] patch ${javaPatch} is being applied.."; - msg=`$JAVA_HOME/bin/java -cp "$app_home/WEB-INF/classes/conf:$app_home/WEB-INF/classes/lib/*:$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" org.apache.ranger.patch.${className}` - check_ret_status $? "Unable to apply patch:$javaPatch. $msg" - touch ${tempFile} - echo >> ${tempFile} - echo "insert into x_db_version_h (id,version, inst_at, inst_by, updated_at, updated_by) values ( X_DB_VERSION_H_SEQ.nextval,'${version}', sysdate, '${db_user}', sysdate, '${db_user}') ;" >> ${tempFile} - #result3=`echo "exit"|${SQL_COMMAND_INVOKER} -L -S "${db_user}"/"\"${db_password}\""@"${DB_HOST}" @$tempFile` - result3=`$JAVA_HOME/bin/java -cp $SQL_CONNECTOR_JAR:jisql/lib/* org.apache.util.sql.Jisql -driver oraclethin -cstring jdbc:oracle:thin:@$DB_HOST -u ${db_user} -p "${db_password}" -noheader -trim -delimiter '' -c \; -input ${tempFile}` - if test "${result3#*$strError}" == "$result3" - then - log "[I] patch ${javaPatch} has been applied!!"; - else - log "[E] patch ${javaPatch} has failed." - fi - rm -f ${tempFile} - elif test "${result2#*$strError}" != "$result2" - then - log "[E] - patch [${javaPatch}] could not applied. Skipping ..." - exit 1 - else - log "[I] - patch [${javaPatch}] is already applied. Skipping ..." - fi - fi - fi - done - fi -} init_logfiles log " --------- Running Ranger PolicyManager Web Application Install Script --------- " log "[I] uname=`uname`" @@ -1773,17 +983,11 @@ log "[I] hostname=`hostname`" init_variables get_distro check_java_version -#check_db_version check_db_connector setup_unix_user_group setup_install_files sanity_check_files -#check_db_admin_password -#create_db_user copy_db_connector -#import_db -#upgrade_db -#create_audit_db_user check_python_command run_dba_steps if [ "$?" == "0" ] @@ -1800,7 +1004,6 @@ else log "[E] DB schema setup failed! Please contact Administrator." exit 1 fi -#execute_java_patches $PYTHON_COMMAND_INVOKER db_setup.py -javapatch if [ "$?" == "0" ] then
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/bin/ranger_install.py ---------------------------------------------------------------------- diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py index 294f0da..0cbe43d 100644 --- a/security-admin/src/bin/ranger_install.py +++ b/security-admin/src/bin/ranger_install.py @@ -43,6 +43,8 @@ conf_dict={} def log(msg,type): if type == 'info': logging.info(" %s",msg) + if type == 'error': + logging.error(" %s",msg) if type == 'debug': logging.debug(" %s",msg) if type == 'warning': @@ -50,21 +52,16 @@ def log(msg,type): if type == 'exception': logging.exception(" %s",msg) -#def check_mysql_connector(): -# global MYSQL_CONNECTOR_JAR -# ### From properties file -# MYSQL_CONNECTOR_JAR = os.getenv("MYSQL_CONNECTOR_JAR") -# debugMsg = "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR -# log(debugMsg, 'debug') -# log( "Checking MYSQL CONNECTOR FILE : " + MYSQL_CONNECTOR_JAR, "debug") -# ### From properties file -# if os.path.isfile(MYSQL_CONNECTOR_JAR): -# log(" MYSQL CONNECTOR FILE :" + MYSQL_CONNECTOR_JAR + "file found",'info') -# else: -# log(" MYSQL CONNECTOR FILE : "+MYSQL_CONNECTOR_JAR+" file does not exist",'info') -#pass - - +def password_validation(password, userType): + if password: + if re.search("[\\\`'\"]",password): + log("[E] "+userType+" user password contains one of the unsupported special characters like \" ' \ `","error") + sys.exit(1) + else: + log("[I] "+userType+" user password validated","info") + else: + log("[E] Blank password is not allowed,please enter valid password.","error") + sys.exit(1) def resolve_sym_link(path): path = os.path.realpath(path) @@ -738,70 +735,78 @@ def update_properties(): log("SQL_HOST is : " + MYSQL_HOST,"debug") if RANGER_DB_FLAVOR == "MYSQL": - propertyName="ranger.jpa.jdbc.url" - newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name) - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + propertyName="ranger.jpa.jdbc.url" + newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT, db_name) + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.jdbc.user" + newPropertyValue=db_user + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - propertyName="ranger.jpa.jdbc.user" - newPropertyValue=db_user - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + propertyName="ranger.jpa.audit.jdbc.user" + newPropertyValue=audit_db_user + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.audit.jdbc.url" + newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name) + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.jdbc.dialect" + newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) + + propertyName="ranger.jpa.audit.jdbc.dialect" + newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) + + propertyName="ranger.jpa.jdbc.driver" + newPropertyValue="net.sf.log4jdbc.DriverSpy" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.audit.jdbc.driver" + newPropertyValue="net.sf.log4jdbc.DriverSpy" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - propertyName="ranger.jpa.audit.jdbc.user" - newPropertyValue=audit_db_user - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.audit.jdbc.url" - newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT, audit_db_name) - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.jdbc.dialect" - newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) - - propertyName="ranger.jpa.audit.jdbc.dialect" - newPropertyValue="org.eclipse.persistence.platform.database.MySQLPlatform" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) - - propertyName="ranger.jpa.jdbc.driver" - newPropertyValue="net.sf.log4jdbc.DriverSpy" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.audit.jdbc.driver" - newPropertyValue="net.sf.log4jdbc.DriverSpy" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - elif RANGER_DB_FLAVOR == "ORACLE": - propertyName="ranger.jpa.jdbc.url" - newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST) - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.jdbc.user" - newPropertyValue=db_user - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.audit.jdbc.user" - newPropertyValue=audit_db_user - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.audit.jdbc.url" - newPropertyValue="jdbc:oracle:thin:@%s" %(MYSQL_HOST) - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.jdbc.dialect" - newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) - - propertyName="ranger.jpa.audit.jdbc.dialect" - newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) - - propertyName="ranger.jpa.jdbc.driver" - newPropertyValue="oracle.jdbc.OracleDriver" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) - - propertyName="ranger.jpa.audit.jdbc.driver" - newPropertyValue="oracle.jdbc.OracleDriver" - updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + propertyName="ranger.jpa.jdbc.url" + #if MYSQL_HOST.count(":") == 2: + if MYSQL_HOST.count(":") == 2 or MYSQL_HOST.count(":") == 0: + #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL + cstring="jdbc:oracle:thin:@%s" %(MYSQL_HOST) + else: + #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE + cstring="jdbc:oracle:thin:@//%s" %(MYSQL_HOST) + + newPropertyValue=cstring + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.jdbc.user" + newPropertyValue=db_user + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.audit.jdbc.user" + newPropertyValue=audit_db_user + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.audit.jdbc.url" + newPropertyValue=cstring + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.jdbc.dialect" + newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) + + propertyName="ranger.jpa.audit.jdbc.dialect" + newPropertyValue="org.eclipse.persistence.platform.database.OraclePlatform" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_default) + + propertyName="ranger.jpa.jdbc.driver" + newPropertyValue="oracle.jdbc.OracleDriver" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) + + propertyName="ranger.jpa.audit.jdbc.driver" + newPropertyValue="oracle.jdbc.OracleDriver" + updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) elif RANGER_DB_FLAVOR == "POSTGRES": propertyName="ranger.jpa.jdbc.url" @@ -905,6 +910,9 @@ def update_properties(): updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) if os.getenv("RANGER_AUTHENTICATION_METHOD") == "LDAP": + + password_validation(os.getenv("RANGER_LDAP_BIND_PASSWORD"), "LDAP_BIND") + propertyName="ranger.authentication.method" newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD") updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) @@ -950,6 +958,9 @@ def update_properties(): updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) elif os.getenv("RANGER_AUTHENTICATION_METHOD") == "ACTIVE_DIRECTORY": + + password_validation(os.getenv("RANGER_LDAP_AD_BIND_PASSWORD"), "AD_BIND") + propertyName="ranger.authentication.method" newPropertyValue=os.getenv("RANGER_AUTHENTICATION_METHOD") updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger) http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 572323f..2d43379 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -175,7 +175,12 @@ public class XUserMgr extends XUserMgrBase { } public VXUser getXUserByUserName(String userName) { - return xUserService.getXUserByUserName(userName); + VXUser vXUser=null; + vXUser=xUserService.getXUserByUserName(userName); + if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ + vXUser=getMaskedVXUser(vXUser); + } + return vXUser; } public VXUser createXUser(VXUser vXUser) { @@ -533,8 +538,12 @@ public class XUserMgr extends XUserMgrBase { } public VXUser getXUser(Long id) { - return xUserService.readResourceWithOutLogin(id); - + VXUser vXUser=null; + vXUser=xUserService.readResourceWithOutLogin(id); + if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ + vXUser=getMaskedVXUser(vXUser); + } + return vXUser; } public VXGroupUser getXGroupUser(Long id) { @@ -543,8 +552,12 @@ public class XUserMgr extends XUserMgrBase { } public VXGroup getXGroup(Long id) { - return xGroupService.readResourceWithOutLogin(id); - + VXGroup vXGroup=null; + vXGroup=xGroupService.readResourceWithOutLogin(id); + if(vXGroup!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ + vXGroup=getMaskedVXGroup(vXGroup); + } + return vXGroup; } /** @@ -1305,4 +1318,94 @@ public class XUserMgr extends XUserMgrBase { return vXStringList; } + public boolean hasAccess(String loginID) { + UserSessionBase session = ContextUtil.getCurrentUserSession(); + if (session != null) { + if(session.isUserAdmin() || session.getLoginId().equalsIgnoreCase(loginID)){ + return true; + } + } + return false; + } + + public VXUser getMaskedVXUser(VXUser vXUser) { + if(vXUser!=null){ + if(vXUser.getGroupIdList()!=null && vXUser.getGroupIdList().size()>0){ + vXUser.setGroupIdList(new ArrayList<Long>()); + } + if(vXUser.getGroupNameList()!=null && vXUser.getGroupNameList().size()>0){ + vXUser.setGroupNameList(getMaskedCollection(vXUser.getGroupNameList())); + } + if(vXUser.getUserRoleList()!=null && vXUser.getUserRoleList().size()>0){ + vXUser.setUserRoleList(getMaskedCollection(vXUser.getUserRoleList())); + } + vXUser.setUpdatedBy(AppConstants.Masked_String); + } + return vXUser; + } + + public VXGroup getMaskedVXGroup(VXGroup vXGroup) { + if(vXGroup!=null){ + vXGroup.setUpdatedBy(AppConstants.Masked_String); + } + return vXGroup; + } + + @Override + public VXUserList searchXUsers(SearchCriteria searchCriteria) { + VXUserList vXUserList = new VXUserList(); + vXUserList=xUserService.searchXUsers(searchCriteria); + if(vXUserList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ + List<VXUser> vXUsers = new ArrayList<VXUser>(); + if(vXUserList!=null && vXUserList.getListSize()>0){ + for(VXUser vXUser:vXUserList.getList()){ + vXUser=getMaskedVXUser(vXUser); + vXUsers.add(vXUser); + } + vXUserList.setVXUsers(vXUsers); + } + } + return vXUserList; + } + + @Override + public VXGroupList searchXGroups(SearchCriteria searchCriteria) { + VXGroupList vXGroupList=null; + vXGroupList=xGroupService.searchXGroups(searchCriteria); + if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ + if(vXGroupList!=null && vXGroupList.getListSize()>0){ + List<VXGroup> listMasked=new ArrayList<VXGroup>(); + for(VXGroup vXGroup:vXGroupList.getList()){ + vXGroup=getMaskedVXGroup(vXGroup); + listMasked.add(vXGroup); + } + vXGroupList.setVXGroups(listMasked); + } + } + return vXGroupList; + } + + public Collection<String> getMaskedCollection(Collection<String> listunMasked){ + List<String> listMasked=new ArrayList<String>(); + if(listunMasked!=null && listunMasked.size()>0){ + for(String content:listunMasked){ + listMasked.add(AppConstants.Masked_String); + } + } + return listMasked; + } + + public boolean hasAccessToModule(String moduleName){ + UserSessionBase userSession = ContextUtil.getCurrentUserSession(); + if (userSession != null && userSession.getLoginId()!=null){ + VXUser vxUser = xUserService.getXUserByUserName(userSession.getLoginId()); + if(vxUser!=null){ + List<String> permissionList = daoManager.getXXModuleDef().findAccessibleModulesByUserId(userSession.getUserId(), vxUser.getId()); + if(permissionList!=null && permissionList.contains(moduleName)){ + return true; + } + } + } + return false; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java index 488ba8f..e47d10b 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java @@ -595,6 +595,7 @@ public class AppConstants extends RangerCommonEnums { public static final int HIST_OBJ_STATUS_DELETED = 3; public static final int MAX_HIST_OBJ_STATUS = 3; + public static final String Masked_String = "*****"; static public String getLabelFor_AssetType( int elementValue ) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java index abf4db4..40b08c4 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java +++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java @@ -505,6 +505,10 @@ public class RangerAuthenticationProvider implements AuthenticationProvider { final Authentication finalAuthentication = new UsernamePasswordAuthenticationToken(principal, userPassword, grantedAuths); authentication= authenticator.authenticate(finalAuthentication); return authentication; + }else{ + if(authentication!=null&&!authentication.isAuthenticated()){ + throw new BadCredentialsException("Bad credentials"); + } } } catch (BadCredentialsException e) { throw e; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js index 3d33d86..c226d63 100644 --- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js +++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js @@ -33,18 +33,19 @@ if (!Array.indexOf) { function doLogin() { - if ($("#username").val() === '' || $('#password').val() === '') { + var userName = $('#username').val().trim(); + var passwd = $('#password').val().trim(); + + if (userName === '' || passwd === '') { $('#errorBox').show(); $('#signInLoading').hide(); $('#signIn').removeAttr('disabled'); $('#errorBox .errorMsg').text("The username or password you entered is incorrect.."); return false; } - var userName = $('#username').val().trim(); - var passwd = $('#password').val().trim(); var regexEmail = /^([a-zA-Z0-9_\.\-\+])+\@(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/; - var regexPlain = /^([a-zA-Z0-9_\.\-\+])+$/; + var regexPlain = /^([a-zA-Z0-9_\.\-\+ ])+$/; if(!regexPlain.test(userName)){ if(!regexEmail.test(userName)){ $('#errorBox').show(); @@ -63,8 +64,8 @@ function doLogin() { $.ajax({ data : { - j_username : userName, - j_password : passwd + j_username : $('#username').val(), + j_password : $('#password').val() }, url : url, type : 'POST', http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c462d0ea/storm-agent/scripts/install.sh ---------------------------------------------------------------------- diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh index ab57bb9..955ceb5 100644 --- a/storm-agent/scripts/install.sh +++ b/storm-agent/scripts/install.sh @@ -228,7 +228,15 @@ if [ "${DB_FLAVOR}" == "ORACLE" ] then audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` propertyName=XAAUDIT.DB.JDBC_URL - newPropertyValue="jdbc:oracle:thin:\@//${audit_db_hostname}" + count=$(grep -o ":" <<< "$audit_db_hostname" | wc -l) + #if [[ ${count} -eq 2 ]] ; then + if [ ${count} -eq 2 ] || [ ${count} -eq 0 ]; then + #jdbc:oracle:thin:@[HOST][:PORT]:SID or #jdbc:oracle:thin:@GL + newPropertyValue="jdbc:oracle:thin:@${audit_db_hostname}" + else + #jdbc:oracle:thin:@//[HOST][:PORT]/SERVICE + newPropertyValue="jdbc:oracle:thin:@//${audit_db_hostname}" + fi updatePropertyToFile $propertyName $newPropertyValue $to_file propertyName=XAAUDIT.DB.JDBC_DRIVER
