http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/db_setup.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index 0d6c49b..a010e19 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -1162,6 +1162,260 @@ class SqlServerConf(BaseDB): log("[E] java patch "+ className +" failed", "error") sys.exit(1) +class SqlAnywhereConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password, db_name): + path = RANGER_ADMIN_HOME + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host) + return jisql_cmd + + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) + if output.strip('1 |'): + log("[I] Connection success", "info") + return True + else: + log("[E] Can't establish connection", "error") + sys.exit(1) + + def import_db_file(self, db_name, db_user, db_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + log("[I] Importing db schema to database " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(query) + if ret == 0: + log("[I] "+name + " DB schema imported successfully","info") + else: + log("[E] "+name + " DB Schema import failed!","error") + sys.exit(1) + + def check_table(self, db_name, db_user, db_password, TABLE_NAME): + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\"" %(TABLE_NAME) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT name FROM sysobjects where name = '%s' and type='U';\" -c ;" %(TABLE_NAME) + output = check_output(query) + if output.strip(TABLE_NAME + " |"): + log("[I] Table '" + TABLE_NAME + "' already exists in database '" + db_name + "'","info") + return True + else: + log("[I] Table '" + TABLE_NAME + "' does not exist in database '" + db_name + "'","info") + return False + + def grant_audit_db_user(self, audit_db_name, db_user, audit_db_user, db_password, audit_db_password,TABLE_NAME): + log("[I] Granting permission to audit user '" + audit_db_user + "' on db '" + audit_db_name + "'","info") + get_cmd = self.get_jisql_cmd(db_user, db_password,audit_db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\"" %(audit_db_user) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"GRANT INSERT ON XA_ACCESS_AUDIT to %s;\" -c ;" %(audit_db_user) + ret = subprocess.call(query) + if ret != 0 : + sys.exit(1) + else: + log("[I] Permission granted to audit user " + audit_db_user , "info") + + def import_db_patches(self, db_name, db_user, db_password, file_name): + name = basename(file_name) + if os.path.isfile(file_name): + version = name.split('-')[0] + log("[I] Executing patch on " + db_name + " from file: " + name,"info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Patch "+ name +" is already applied" ,"info") + else: + if os_name == "LINUX": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -input %s" %file_name + ret = subprocess.call(query) + if ret == 0: + log("[I] "+name + " patch applied","info") + if os_name == "LINUX": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c \;" %(version,db_user,xa_db_host,db_user,xa_db_host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host) + ret = subprocess.call(query) + if ret == 0: + log("[I] Patch version updated", "info") + else: + log("[E] Updating patch version failed", "error") + sys.exit(1) + else: + log("[E] "+name + " import failed!","error") + sys.exit(1) + + def import_auditdb_patches(self, xa_sqlObj,xa_db_host, audit_db_host, db_name, audit_db_name, db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): + log("[I] --------- Checking XA_ACCESS_AUDIT table to apply audit db patches --------- ","info") + self.set_options(audit_db_name, db_user, db_password, TABLE_NAME) + output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME) + if output == True: + name = basename(file_name) + if os.path.isfile(file_name): + version = name.split('-')[0] + log("[I] Executing patch on " + audit_db_name + " from file: " + name,"info") + get_cmd1 = xa_sqlObj.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\"" %(version) + elif os_name == "WINDOWS": + query = get_cmd1 + " -query \"select version from x_db_version_h where version = '%s' and active = 'Y';\" -c ;" %(version) + output = check_output(query) + if output.strip(version + " |"): + log("[I] Patch "+ name +" is already applied" ,"info") + else: + get_cmd2 = self.get_jisql_cmd(db_user, db_password, audit_db_name) + if os_name == "LINUX": + query = get_cmd2 + " -input %s" %file_name + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd2 + " -input %s" %file_name + ret = subprocess.call(query) + if ret == 0: + log("[I] "+name + " patch applied","info") + if os_name == "LINUX": + query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c \;" %(version,db_user,xa_db_host,db_user,xa_db_host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd1 + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host) + ret = subprocess.call(query) + if ret == 0: + log("[I] Patch version updated", "info") + else: + log("[E] Updating patch version failed", "error") + sys.exit(1) + else: + log("[E] "+name + " import failed!","error") + sys.exit(1) + else: + log("[I] Table XA_ACCESS_AUDIT does not exists in " +audit_db_name,"error") + sys.exit(1) + + def auditdb_operation(self, xa_db_host, audit_db_host, db_name, audit_db_name,db_user, audit_db_user, db_password, audit_db_password, file_name, TABLE_NAME): + log("[I] --------- Check admin user connection --------- ","info") + self.check_connection(audit_db_name, db_user, db_password) + log("[I] --------- Check audit user connection --------- ","info") + self.check_connection(audit_db_name, audit_db_user, audit_db_password) + log("[I] --------- Check audit table exists --------- ","info") + self.set_options(audit_db_name, db_user, db_password, TABLE_NAME) + output = self.check_table(audit_db_name, db_user, db_password, TABLE_NAME) + if output == False: + self.import_db_file(audit_db_name ,db_user, db_password, file_name) + self.grant_audit_db_user( audit_db_name ,db_user, audit_db_user, db_password,audit_db_password,TABLE_NAME) + + def execute_java_patches(self, xa_db_host, db_user, db_password, db_name): + my_dict = {} + version = "" + className = "" + app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp") + ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs") + javaFiles = os.path.join(app_home,"WEB-INF","classes","org","apache","ranger","patch") + + if not os.path.exists(javaFiles): + log("[I] No java patches to apply!","info") + else: + files = os.listdir(javaFiles) + if files: + for filename in files: + f = re.match("^Patch.*?.class$",filename) + if f: + className = re.match("(Patch.*?)_.*.class",filename) + className = className.group(1) + version = re.match("Patch.*?_(.*).class",filename) + version = version.group(1) + key3 = int(version.strip("J")) + my_dict[key3] = filename + + keylist = my_dict.keys() + keylist.sort() + for key in keylist: + #print "%s: %s" % (key, my_dict[key]) + version = str(key) + className = my_dict[key] + className = className.strip(".class") + if version != "": + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c \;" %(version) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select version from x_db_version_h where version = 'J%s' and active = 'Y';\" -c ;" %(version) + output = check_output(query) + if output.strip(version + " |"): + log("[I] java patch "+ className +" is already applied" ,"info") + else: + log ("[I] java patch "+ className +" is being applied..","info") + if os_name == "LINUX": + path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + elif os_name == "WINDOWS": + path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF;%s" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home ,self.SQL_CONNECTOR_JAR) + get_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.%s"%(self.JAVA_BIN,ranger_log,path,className) + if os_name == "LINUX": + ret = subprocess.call(shlex.split(get_cmd)) + elif os_name == "WINDOWS": + ret = subprocess.call(get_cmd) + if ret == 0: + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c \;" %(version,db_user,xa_db_host,db_user,xa_db_host) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ('J%s', GETDATE(), '%s@%s', GETDATE(), '%s@%s') ;\" -c ;" %(version,db_user,xa_db_host,db_user,xa_db_host) + ret = subprocess.call(query) + if ret == 0: + log("[I] java patch "+ className +" applied", "info") + else: + log("[E] java patch "+ className +" failed", "error") + sys.exit(1) + else: + log("[E] java patch "+ className +" failed", "error") + sys.exit(1) + + def set_options(self, db_name, db_user, db_password, TABLE_NAME): + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"set option public.reserved_keywords='LIMIT';\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"set option public.reserved_keywords='LIMIT';\" -c ;" + ret = subprocess.call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"set option public.max_statement_count=0;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"set option public.max_statement_count=0;\" -c;" + ret = subprocess.call(shlex.split(query)) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"set option public.max_cursor_count=0;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"set option public.max_cursor_count=0;\" -c;" + ret = subprocess.call(shlex.split(query)) def main(argv): populate_global_dict() @@ -1218,6 +1472,12 @@ def main(argv): sqlserver_patches = os.path.join('db','sqlserver','patches') sqlserver_auditdb_patches = os.path.join('db','sqlserver','patches','audit') + sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql') + sqlanywhere_core_file = globalDict['sqlanywhere_core_file'] + sqlanywhere_audit_file = globalDict['sqlanywhere_audit_file'] + sqlanywhere_patches = os.path.join('db','sqlanywhere','patches') + sqlanywhere_auditdb_patches = os.path.join('db','sqlanywhere','patches','audit') + db_name = globalDict['db_name'] db_user = globalDict['db_user'] db_password = globalDict['db_password'] @@ -1261,6 +1521,19 @@ def main(argv): xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_core_file) xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_patches) audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,sqlserver_auditdb_patches) + + elif XA_DB_FLAVOR == "SQLANYWHERE": + if not os_name == "WINDOWS" : + if os.environ['LD_LIBRARY_PATH'] == "": + log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error") + sys.exit(1) + SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] + xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN) + xa_db_version_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_dbversion_catalog) + xa_db_core_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_core_file) + xa_patch_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_patches) + audit_patch_file = os.path.join(RANGER_ADMIN_HOME ,sqlanywhere_auditdb_patches) + else: log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error") sys.exit(1) @@ -1284,6 +1557,11 @@ def main(argv): SQLSERVER_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME , sqlserver_audit_file) + + elif AUDIT_DB_FLAVOR == "SQLANYWHERE": + SQLANYWHERE_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] + audit_sqlObj = SqlAnywhereConf(audit_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN) + audit_db_file = os.path.join(RANGER_ADMIN_HOME , sqlanywhere_audit_file) else: log("[E] --------- NO SUCH SUPPORTED DB FLAVOUR!! ---------", "error") sys.exit(1)
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/dba_script.py ---------------------------------------------------------------------- diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index 045990d..0d5d573 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -1086,6 +1086,191 @@ class SqlServerConf(BaseDB): self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode) self.grant_xa_db_user(audit_db_root_user, audit_db_name, db_user, db_password, audit_db_root_password, is_revoke, dryMode) +class SqlAnywhereConf(BaseDB): + # Constructor + def __init__(self, host, SQL_CONNECTOR_JAR, JAVA_BIN): + self.host = host + self.SQL_CONNECTOR_JAR = SQL_CONNECTOR_JAR + self.JAVA_BIN = JAVA_BIN + + def get_jisql_cmd(self, user, password, db_name): + path = RANGER_ADMIN_HOME + self.JAVA_BIN = self.JAVA_BIN.strip("'") + if os_name == "LINUX": + jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path,user, password,db_name,self.host) + elif os_name == "WINDOWS": + jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password %s -driver sapsajdbc4 -cstring jdbc:sqlanywhere:database=%s;host=%s -noheader -trim"%(self.JAVA_BIN, self.SQL_CONNECTOR_JAR, path, user, password,db_name,self.host) + return jisql_cmd + + def verify_user(self, root_user, db_root_password, db_user,dryMode): + if dryMode == False: + log("[I] Verifying user " + db_user , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select name from syslogins where name = '%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select name from syslogins where name = '%s';\" -c ;" %(db_user) + output = check_output(query) + if output.strip(db_user + " |"): + return True + else: + return False + + def check_connection(self, db_name, db_user, db_password): + log("[I] Checking connection", "info") + get_cmd = self.get_jisql_cmd(db_user, db_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"SELECT 1;\"" + elif os_name == "WINDOWS": + query = get_cmd + " -query \"SELECT 1;\" -c ;" + output = check_output(query) + if output.strip('1 |'): + log("[I] Connection success", "info") + return True + else: + log("[E] Can't establish connection", "error") + sys.exit(1) + + def create_rangerdb_user(self, root_user, db_user, db_password, db_root_password,dryMode): + if self.check_connection('', root_user, db_root_password): + if self.verify_user(root_user, db_root_password, db_user,dryMode): + if dryMode == False: + log("[I] SQL Anywhere user " + db_user + " already exists.", "info") + else: + if dryMode == False: + get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') + log("[I] User does not exists, Creating Login user " + db_user, "info") + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user,db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user,db_password) + ret = subprocess.call(query) + if ret == 0: + if self.verify_user(root_user, db_root_password, db_user,dryMode): + log("[I] SQL Anywhere user " + db_user + " created", "info") + else: + log("[E] SQL Anywhere user " +db_user+" creation failed..", "error") + sys.exit(1) + else: + log("[E] SQL Anywhere user " +db_user+" creation failed..", "error") + sys.exit(1) + else: + logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user,db_password)) + + def start_db(self,root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Starting database " + db_name, "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"start database '%s' autostop off;\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"start database '%s' autostop off;\" -c ;" %(db_name) + output = check_output(query) + + def verify_db(self, root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Verifying database " + db_name, "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select alias from sa_db_info() where alias='%s';\"" %(db_name) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select alias from sa_db_info() where alias='%s';\" -c ;" %(db_name) + output = check_output(query) + if output.strip(db_name + " |"): + return True + else: + return False + + def create_db(self, root_user, db_root_password, db_name, db_user, db_password,dryMode): + if self.verify_db(root_user, db_root_password, db_name,dryMode): + if dryMode == False: + log("[I] Database " + db_name + " already exists.","info") + else: + if dryMode == False: + log("[I] Database does not exist. Creating database : " + db_name,"info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\"" %(db_name,db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"create database '%s' dba user '%s' dba password '%s' database size 100MB;\" -c ;" %(db_name,db_user, db_password) + ret = subprocess.call(query) + if ret != 0: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + self.start_db(root_user, db_root_password, db_name,dryMode) + if self.verify_db(root_user, db_root_password, db_name,dryMode): + self.create_user(root_user, db_name ,db_user, db_password, db_root_password,dryMode) + log("[I] Creating database " + db_name + " succeeded", "info") + return True + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + logFile("create database %s dba user '%s' dba password '%s' database size 100MB;" %(db_name,db_user, db_password)) + + def create_user(self, root_user, db_name ,db_user, db_password, db_root_password,dryMode): + get_cmd = self.get_jisql_cmd(root_user, db_root_password, '') + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user) + output = check_output(query) + if output.strip(db_user + " |"): + if dryMode == False: + log("[I] User "+db_user+" exist ","info") + else: + if dryMode == False: + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"CREATE USER %s IDENTIFIED BY '%s';\"" %(db_user, db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"CREATE USER %s IDENTIFIED BY '%s';\" -c ;" %(db_user, db_password) + ret = subprocess.call(query) + if ret == 0: + if os_name == "LINUX": + query = get_cmd + " -c \; -query \"select name from syslogins where name ='%s';\"" %(db_user) + elif os_name == "WINDOWS": + query = get_cmd + " -query \"select name from syslogins where name ='%s';\" -c ;" %(db_user) + output = check_output(query) + if output.strip(db_user + " |"): + log("[I] User "+db_user+" exist ","info") + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + log("[E] Database creation failed..","error") + sys.exit(1) + else: + logFile("CREATE USER %s IDENTIFIED BY '%s';" %(db_user, db_password)) + + def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password, is_revoke,dryMode): + if dryMode == False: + log("[I] Granting permission to user '" + db_user + "' on db '" + db_name + "'" , "info") + get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) + if os_name == "LINUX": + query = get_cmd + " -c \; -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password) + ret = subprocess.call(shlex.split(query)) + elif os_name == "WINDOWS": + query = get_cmd + " -query \" GRANT CONNECT to %s IDENTIFIED BY '%s';\"" %(db_user,db_password) + ret = subprocess.call(query) + if ret != 0: + sys.exit(1) + else: + logFile("GRANT CONNECT to %s IDENTIFIED BY '%s';" %(db_user, db_password)) + + def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): + is_revoke=False + if DBA_MODE == "TRUE": + if dryMode == False: + log("[I] ---------- Setup audit user ---------- ","info") + self.create_rangerdb_user(audit_db_root_user, db_user, db_password, audit_db_root_password,dryMode) + self.create_rangerdb_user(audit_db_root_user, audit_db_user, audit_db_password, audit_db_root_password,dryMode) + self.create_db(audit_db_root_user, audit_db_root_password ,audit_db_name, db_user, db_password,dryMode) + self.create_user(xa_db_root_user, audit_db_name ,db_user, db_password, xa_db_root_password,dryMode) + self.grant_xa_db_user(db_user, audit_db_name, audit_db_user, audit_db_password, db_password, is_revoke, dryMode) def main(argv): @@ -1167,7 +1352,7 @@ def main(argv): else: XA_DB_FLAVOR='' while XA_DB_FLAVOR == "": - log("Enter db flavour{MYSQL|ORACLE|POSTGRES|MSSQL} :","info") + log("Enter db flavour{MYSQL|ORACLE|POSTGRES|MSSQL|SQLANYWHERE} :","info") XA_DB_FLAVOR=raw_input() AUDIT_DB_FLAVOR = XA_DB_FLAVOR @@ -1296,6 +1481,11 @@ def main(argv): sqlserver_audit_file = os.path.join('db','sqlserver','xa_audit_db_sqlserver.sql') sqlserver_patches = os.path.join('db','sqlserver','patches') + sqlanywhere_dbversion_catalog = os.path.join('db','sqlanywhere','create_dbversion_catalog.sql') + sqlanywhere_core_file = os.path.join('db','sqlanywhere','xa_core_db_sqlanywhere.sql') + sqlanywhere_audit_file = os.path.join('db','sqlanywhere','xa_audit_db_sqlanywhere.sql') + sqlanywhere_patches = os.path.join('db','sqlanywhere','patches') + x_db_version = 'x_db_version_h' xa_access_audit = 'xa_access_audit' x_user = 'x_portal_user' @@ -1339,6 +1529,17 @@ def main(argv): xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_dbversion_catalog) xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_core_file) xa_patch_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_patches) + + elif XA_DB_FLAVOR == "SQLANYWHERE": + if not os_name == "WINDOWS" : + if os.environ['LD_LIBRARY_PATH'] == "": + log("[E] ---------- LD_LIBRARY_PATH environment property not defined, aborting installation. ----------", "error") + sys.exit(1) + SQLANYWHERE_CONNECTOR_JAR=CONNECTOR_JAR + xa_sqlObj = SqlAnywhereConf(xa_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN) + xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_dbversion_catalog) + xa_db_core_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_core_file) + xa_patch_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_patches) else: log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") sys.exit(1) @@ -1374,6 +1575,11 @@ def main(argv): SQLSERVER_CONNECTOR_JAR=CONNECTOR_JAR audit_sqlObj = SqlServerConf(audit_db_host, SQLSERVER_CONNECTOR_JAR, JAVA_BIN) audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlserver_audit_file) + + elif AUDIT_DB_FLAVOR == "SQLANYWHERE": + SQLANYWHERE_CONNECTOR_JAR=CONNECTOR_JAR + audit_sqlObj = SqlAnywhereConf(audit_db_host, SQLANYWHERE_CONNECTOR_JAR, JAVA_BIN) + audit_db_file = os.path.join(RANGER_ADMIN_HOME,sqlanywhere_audit_file) else: log("[E] ---------- NO SUCH SUPPORTED DB FLAVOUR.. ----------", "error") sys.exit(1) @@ -1394,7 +1600,8 @@ def main(argv): logFile("===============================================\n") xa_sqlObj.create_rangerdb_user(xa_db_root_user, db_user, db_password, xa_db_root_password,dryMode) xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode) - xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + if not XA_DB_FLAVOR == "SQLANYWHERE": + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) audit_sqlObj.create_auditdb_user(xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode) logFile("===============================================\n") if (dryMode==False): @@ -1403,7 +1610,8 @@ def main(argv): log("[I] ---------- Creating Ranger Admin database ----------","info") xa_sqlObj.create_db(xa_db_root_user, xa_db_root_password, db_name, db_user, db_password,dryMode) log("[I] ---------- Granting permission to Ranger Admin db user ----------","info") - xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) + if not XA_DB_FLAVOR == "SQLANYWHERE": + xa_sqlObj.grant_xa_db_user(xa_db_root_user, db_name, db_user, db_password, xa_db_root_password, is_revoke,dryMode) # Ranger Admin DB Host AND Ranger Audit DB Host are Different OR Same if audit_store == "db": log("[I] ---------- Verifying/Creating audit user --------- ","info") http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/install.properties ---------------------------------------------------------------------- diff --git a/security-admin/scripts/install.properties b/security-admin/scripts/install.properties index 820d9c7..294b0e8 100644 --- a/security-admin/scripts/install.properties +++ b/security-admin/scripts/install.properties @@ -14,7 +14,7 @@ # limitations under the License. # -# This file provides list of deployment variables for the Policy Manager Web Application +# This file provides list of deployment variables for the Policy Manager Web Application # #------------------------- DB CONFIG - BEGIN ---------------------------------- @@ -23,10 +23,10 @@ PYTHON_COMMAND_INVOKER=python -#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL +#DB_FLAVOR=MYSQL|ORACLE|POSTGRES|MSSQL|SQLANYWHERE DB_FLAVOR=MYSQL # -# The executable path to be used to invoke command-line MYSQL +# The executable path to be used to invoke command-line MYSQL # #SQL_COMMAND_INVOKER='mysql' #SQL_COMMAND_INVOKER='sqlplus' @@ -39,17 +39,18 @@ SQL_COMMAND_INVOKER='mysql' #SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar #SQL_CONNECTOR_JAR=/usr/share/java/postgresql.jar #SQL_CONNECTOR_JAR=/usr/share/java/sqljdbc4.jar +#SQL_CONNECTOR_JAR=/opt/sqlanywhere17/java/sajdbc4.jar SQL_CONNECTOR_JAR=/usr/share/java/mysql-connector-java.jar # # DB password for the DB admin user-id # ************************************************************************** -# ** If the password is left empty or not-defined here, -# ** it will be prompted to enter the password during installation process +# ** If the password is left empty or not-defined here, +# ** it will be prompted to enter the password during installation process # ************************************************************************** # -#db_root_user=root|SYS|postgres|sa +#db_root_user=root|SYS|postgres|sa|dba db_root_user=root db_root_password= db_host=localhost @@ -61,7 +62,7 @@ db_name=ranger db_user=rangeradmin db_password= -#Source for Audit DB +#Source for Audit DB # * audit_db is solr or db audit_store=db @@ -74,9 +75,9 @@ audit_solr_zookeepers= # # DB UserId for storing auditlog infromation -# +# # * audit_db can be same as the Ranger schema db -# * audit_db must exists in the same ${db_host} as Ranger database ${db_name} +# * audit_db must exists in the same ${db_host} as Ranger database ${db_name} # * audit_user must be a different user than db_user (as audit user has access to only audit tables) # audit_db_name=ranger_audit @@ -197,4 +198,7 @@ postgres_core_file=db/postgres/xa_core_db_postgres.sql postgres_audit_file=db/postgres/xa_audit_db_postgres.sql sqlserver_core_file=db/sqlserver/xa_core_db_sqlserver.sql sqlserver_audit_file=db/sqlserver/xa_audit_db_sqlserver.sql +# +sqlanywhere_core_file=db/sqlanywhere/xa_core_db_sqlanywhere.sql +sqlanywhere_audit_file=db/sqlanywhere/xa_audit_db_sqlanywhere.sql cred_keystore_filename=$app_home/WEB-INF/classes/conf/.jceks/rangeradmin.jceks http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index b79cba4..a88b264 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -303,6 +303,19 @@ sanity_check_files() { log "[E] ${sqlserver_core_file} does not exists" ; exit 1; fi fi + if [ "${DB_FLAVOR}" == "SQLANYWHERE" ] + then + if [ "${LD_LIBRARY_PATH}" == "" ] + then + log "[E] LD_LIBRARY_PATH environment property not defined, aborting installation." + exit 1 + fi + if test -f ${sqlanywhere_core_file}; then + log "[I] ${sqlanywhere_core_file} file found" + else + log "[E] ${sqlanywhere_core_file} does not exists" ; exit 1; + fi + fi } create_rollback_point() { @@ -874,6 +887,33 @@ update_properties() { updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger fi + if [ "${DB_FLAVOR}" == "SQLANYWHERE" ] + then + propertyName=ranger.jpa.jdbc.url + newPropertyValue="jdbc:sqlanywhere:database=${db_name};host=${DB_HOST}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + + propertyName=ranger.jpa.audit.jdbc.url + newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${DB_HOST}" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + + propertyName=ranger.jpa.jdbc.dialect + newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default + + propertyName=ranger.jpa.jdbc.dialect + newPropertyValue="org.eclipse.persistence.platform.database.SQLAnywherePlatform" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_default + + propertyName=ranger.jpa.jdbc.driver + newPropertyValue="sap.jdbc4.sqlanywhere.IDriver" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + + propertyName=ranger.jpa.audit.jdbc.driver + newPropertyValue="sap.jdbc4.sqlanywhere.IDriver" + updatePropertyToFilePy $propertyName $newPropertyValue $to_file_ranger + fi + if [ "${audit_store}" == "solr" ] then propertyName=ranger.audit.solr.urls http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java index 6ffcd66..a536a1a 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java @@ -1366,6 +1366,10 @@ public class RangerBizUtil { return AppConstants.DB_FLAVOR_POSTGRES; } else if (StringUtils.containsIgnoreCase(propertyValue, "sqlserver")) { return AppConstants.DB_FLAVOR_SQLSERVER; + } else if (StringUtils.containsIgnoreCase(propertyValue, "mssql")) { + return AppConstants.DB_FLAVOR_SQLSERVER; + } else if (StringUtils.containsIgnoreCase(propertyValue, "sqlanywhere")) { + return AppConstants.DB_FLAVOR_SQLANYWHERE; } else { if(logger.isDebugEnabled()) { logger.debug("DB Falvor could not be determined from property - " + propertyName + "=" + propertyValue); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java index bcbb2af..ccb1855 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java @@ -20,6 +20,7 @@ package org.apache.ranger.biz; import java.util.ArrayList; +import java.util.Calendar; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -135,16 +136,18 @@ public class SessionMgr { userSession.setXXPortalUser(gjUser); userSession.setXXAuthSession(gjAuthSession); resetUserSessionForProfiles(userSession); - + Calendar cal = Calendar.getInstance(); if (details != null) { logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() + ", sessionId=" + details.getSessionId() - + ", requestId=" + details.getRemoteAddress()); + + ", requestId=" + details.getRemoteAddress() + + ", epoch=" + cal.getTimeInMillis()); } else { logger.info("Login Success: loginId=" + currentLoginId + ", sessionId=" + gjAuthSession.getId() - + ", details is null"); + + ", details is null" + + ", epoch=" + cal.getTimeInMillis()); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java index 491726f..5de18f6 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java @@ -372,6 +372,7 @@ public class AppConstants extends RangerCommonEnums { * DB Favor SQLServer */ public static final int DB_FLAVOR_SQLSERVER = 4; + public static final int DB_FLAVOR_SQLANYWHERE = 5; /*************************************************************** http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java index ebdabed..5876445 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java +++ b/security-admin/src/main/java/org/apache/ranger/security/listener/SpringEventListener.java @@ -19,6 +19,7 @@ package org.apache.ranger.security.listener; +import java.util.Calendar; import org.apache.log4j.Logger; import org.apache.ranger.biz.SessionMgr; import org.apache.ranger.entity.XXAuthSession; @@ -66,9 +67,10 @@ public class SpringEventListener implements : ""; String sessionId = details != null ? details.getSessionId() : ""; - logger.info("Login Successful:" + auth.getName() + " | Ip Address:" - + remoteAddress + " | sessionId=" + sessionId); - + Calendar cal = Calendar.getInstance(); + logger.info("Login Successful:" + auth.getName() + " | Ip Address:" + + remoteAddress + " | sessionId=" + sessionId + " | Epoch=" +cal.getTimeInMillis() ); + // success logins are processed further in // AKASecurityContextFormationFilter } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/60346b0f/storm-agent/scripts/install.sh ---------------------------------------------------------------------- diff --git a/storm-agent/scripts/install.sh b/storm-agent/scripts/install.sh index d006379..5b7674a 100644 --- a/storm-agent/scripts/install.sh +++ b/storm-agent/scripts/install.sh @@ -258,6 +258,18 @@ then newPropertyValue="com.microsoft.sqlserver.jdbc.SQLServerDriver" updatePropertyToFile $propertyName $newPropertyValue $to_file fi +if [ "${DB_FLAVOR}" == "SQLANYWHERE" ] +then + audit_db_hostname=`grep '^XAAUDIT.DB.HOSTNAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` + audit_db_name=`grep '^XAAUDIT.DB.DATABASE_NAME' ${install_dir}/install.properties | awk -F= '{ print $2 }'` + propertyName=XAAUDIT.DB.JDBC_URL + newPropertyValue="jdbc:sqlanywhere:database=${audit_db_name};host=${audit_db_hostname}" + updatePropertyToFile $propertyName $newPropertyValue $to_file + + propertyName=XAAUDIT.DB.JDBC_DRIVER + newPropertyValue="sap.jdbc4.sqlanywhere.IDriver" + updatePropertyToFile $propertyName $newPropertyValue $to_file +fi for f in ${install_dir}/installer/conf/*-changes.cfg do if [ -f ${f} ]
