This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new 1a2d41c RANGER-3485: db setup scripts should not convert the db user to lowercase during setup 1a2d41c is described below commit 1a2d41ca65e821d0621f8295524c78f87dd22b56 Author: pradeep <prad...@apache.org> AuthorDate: Tue Mar 29 16:53:52 2022 +0530 RANGER-3485: db setup scripts should not convert the db user to lowercase during setup --- kms/scripts/db_setup.py | 2 -- kms/scripts/dba_script.py | 50 +++++++++++++------------- kms/scripts/setup.sh | 3 -- security-admin/scripts/db_setup.py | 4 +-- security-admin/scripts/dba_script.py | 68 +++++++++++++++++------------------- security-admin/scripts/setup.sh | 2 -- 6 files changed, 57 insertions(+), 72 deletions(-) diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py index 2548025..165e30d 100644 --- a/kms/scripts/db_setup.py +++ b/kms/scripts/db_setup.py @@ -665,8 +665,6 @@ def main(argv): xa_db_core_file = os.path.join(RANGER_KMS_HOME ,oracle_core_file) elif XA_DB_FLAVOR == "POSTGRES": - db_user=db_user.lower() - db_name=db_name.lower() POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,db_ssl_certificate_file,javax_net_ssl_trustStore_type,javax_net_ssl_keyStore_type) xa_db_core_file = os.path.join(RANGER_KMS_HOME , postgres_core_file) diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py index 14e6ff8..544c120 100755 --- a/kms/scripts/dba_script.py +++ b/kms/scripts/dba_script.py @@ -654,13 +654,13 @@ class PostgresConf(BaseDB): log("[I] User does not exists, Creating user : " + db_user, "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') if is_unix: - query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) - query_with_masked_pwd = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, masked_pwd_string) + query = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) + query_with_masked_pwd = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\"" %(db_user, masked_pwd_string) jisql_log(query_with_masked_pwd, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) - query_with_masked_pwd = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, masked_pwd_string) + query = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) + query_with_masked_pwd = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, masked_pwd_string) jisql_log(query_with_masked_pwd, db_root_password) ret = subprocess.call(query) if ret == 0: @@ -673,7 +673,7 @@ class PostgresConf(BaseDB): log("[E] Postgres user " +db_user+" creation failed..", "error") sys.exit(1) else: - logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) + logFile("CREATE USER \"%s\" WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) def verify_db(self, root_user, db_root_password, db_name,dryMode): if dryMode == False: @@ -700,11 +700,11 @@ class PostgresConf(BaseDB): log("[I] Database does not exist, Creating database : " + db_name,"info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') if is_unix: - query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user) + query = get_cmd + " -query \"create database \\\"%s\\\" with OWNER \\\"%s\\\";\"" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user) + query = get_cmd + " -query \"create database \\\"%s\\\" with OWNER \\\"%s\\\";\" -c ;" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: @@ -718,18 +718,18 @@ class PostgresConf(BaseDB): log("[E] Database creation failed..","error") sys.exit(1) else: - logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user)) + logFile("CREATE DATABASE \"%s\" WITH OWNER \"%s\";" %(db_name, db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke,dryMode): if dryMode == False: log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if is_unix: - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE \\\"%s\\\" to \\\"%s\\\";\"" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE \\\"%s\\\" to \\\"%s\\\";\" -c ;" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: @@ -737,11 +737,11 @@ class PostgresConf(BaseDB): sys.exit(1) if is_unix: - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO \\\"%s\\\";\"" %(db_user) jisql_log(query, db_root_password) ret = subprocess.call(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO \\\"%s\\\";\" -c ;" %(db_user) jisql_log(query, db_root_password) ret = subprocess.call(query) if ret != 0: @@ -762,14 +762,14 @@ class PostgresConf(BaseDB): tablename , value = each_line.strip().split(" |",1) tablename = tablename.strip() if is_unix: - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO \\\"%s\\\";\"" %(tablename,db_user) jisql_log(query1, db_root_password) ret = subprocess.call(shlex.split(query1)) if ret != 0: log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error") sys.exit(1) elif os_name == "WINDOWS": - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO \\\"%s\\\";\" -c ;" %(tablename,db_user) jisql_log(query1, db_root_password) ret = subprocess.call(query1) if ret != 0: @@ -791,14 +791,14 @@ class PostgresConf(BaseDB): sequence_name , value = each_line.strip().split(" |",1) sequence_name = sequence_name.strip() if is_unix: - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO \\\"%s\\\";\"" %(sequence_name,db_user) jisql_log(query1, db_root_password) ret = subprocess.call(shlex.split(query1)) if ret != 0: log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error") sys.exit(1) elif os_name == "WINDOWS": - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO \\\"%s\\\";\" -c ;" %(sequence_name,db_user) jisql_log(query1, db_root_password) ret = subprocess.call(query1) if ret != 0: @@ -807,18 +807,18 @@ class PostgresConf(BaseDB): log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info") else: - logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user)) - logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %( db_user)) - logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;" %(db_user)) - logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON DATABASE \"%s\" to \"%s\";" %(db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO \"%s\";" %( db_user)) + logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"%s\";" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \"%s\";" %(db_user)) def writeDrymodeCmd(self, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name): logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") - logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) - logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user)) + logFile("CREATE USER \"%s\" WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) + logFile("CREATE DATABASE \"%s\" WITH OWNER \"%s\";" %(db_name, db_user)) logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(db_name)) - logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user)) - logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON DATABASE \"%s\" to \"%s\";" %(db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO \"%s\";" %(db_user)) class SqlServerConf(BaseDB): # Constructor @@ -1442,8 +1442,6 @@ def main(argv): xa_db_core_file = os.path.join(RANGER_KMS_HOME,oracle_core_file) elif XA_DB_FLAVOR == "POSTGRES": - db_user=db_user.lower() - db_name=db_name.lower() POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type) xa_db_core_file = os.path.join(RANGER_KMS_HOME,postgres_core_file) diff --git a/kms/scripts/setup.sh b/kms/scripts/setup.sh index b5a6e71..f723e09 100755 --- a/kms/scripts/setup.sh +++ b/kms/scripts/setup.sh @@ -548,9 +548,6 @@ update_properties() { fi if [ "${DB_FLAVOR}" == "POSTGRES" ] then - db_name=`echo ${db_name} | tr '[:upper:]' '[:lower:]'` - db_user=`echo ${db_user} | tr '[:upper:]' '[:lower:]'` - if [ "${db_ssl_enabled}" == "true" ] then if test -f $db_ssl_certificate_file; then diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py index ff54956..eaae5c8 100644 --- a/security-admin/scripts/db_setup.py +++ b/security-admin/scripts/db_setup.py @@ -346,7 +346,7 @@ class BaseDB(object): sys.exit(1) isSchemaCreated=False countTries = 0 - while(isSchemaCreated==False or countTries<2): + while(isSchemaCreated==False and countTries<3): countTries=countTries+1 isFirstTableExist = self.check_table(db_name, db_user, db_password, first_table) isLastTableExist = self.check_table(db_name, db_user, db_password, last_table) @@ -1336,8 +1336,6 @@ def main(argv): last_table='X_POLICY_REF_GROUP' elif XA_DB_FLAVOR == "POSTGRES": - db_user=db_user.lower() - db_name=db_name.lower() POSTGRES_CONNECTOR_JAR = globalDict['SQL_CONNECTOR_JAR'] xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type,db_ssl_certificate_file,javax_net_ssl_trustStore_type,javax_net_ssl_keyStore_type,is_override_db_connection_string,db_override_jdbc_connection_string) xa_db_version_file = os.path.join(RANGER_ADMIN_HOME , postgres_dbversion_catalog) diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py index e7567a3..0ba3969 100644 --- a/security-admin/scripts/dba_script.py +++ b/security-admin/scripts/dba_script.py @@ -799,13 +799,13 @@ class PostgresConf(BaseDB): log("[I] User does not exists, Creating user : " + db_user, "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') if is_unix: - query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) - query_with_masked_pwd = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\"" %(db_user, masked_pwd_string) + query = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\"" %(db_user, db_password) + query_with_masked_pwd = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\"" %(db_user, masked_pwd_string) jisql_log(query_with_masked_pwd, db_root_password) ret = subprocessCallWithRetry(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) - query_with_masked_pwd = get_cmd + " -query \"CREATE USER %s WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, masked_pwd_string) + query = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, db_password) + query_with_masked_pwd = get_cmd + " -query \"CREATE USER \\\"%s\\\" WITH LOGIN PASSWORD '%s';\" -c ;" %(db_user, masked_pwd_string) jisql_log(query_with_masked_pwd, db_root_password) ret = subprocessCallWithRetry(query) if self.verify_user(root_user, db_root_password, db_user,dryMode): @@ -814,7 +814,7 @@ class PostgresConf(BaseDB): log("[E] Postgres user " +db_user+" creation failed..", "error") sys.exit(1) else: - logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) + logFile("CREATE USER \"%s\" WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) def verify_db(self, root_user, db_root_password, db_name,dryMode): if dryMode == False: @@ -841,11 +841,11 @@ class PostgresConf(BaseDB): log("[I] Database does not exist, Creating database : " + db_name,"info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, 'postgres') if is_unix: - query = get_cmd + " -query \"create database %s with OWNER %s;\"" %(db_name, db_user) + query = get_cmd + " -query \"create database \\\"%s\\\" with OWNER \\\"%s\\\";\"" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"create database %s with OWNER %s;\" -c ;" %(db_name, db_user) + query = get_cmd + " -query \"create database \\\"%s\\\" with OWNER \\\"%s\\\";\" -c ;" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(query) if self.verify_db(root_user, db_root_password, db_name,dryMode): @@ -855,18 +855,18 @@ class PostgresConf(BaseDB): log("[E] Database creation failed..","error") sys.exit(1) else: - logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user)) + logFile("CREATE DATABASE \"%s\" WITH OWNER \"%s\";" %(db_name, db_user)) def grant_xa_db_user(self, root_user, db_name, db_user, db_password, db_root_password , is_revoke,dryMode): if dryMode == False: log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"'" , "info") get_cmd = self.get_jisql_cmd(root_user, db_root_password, db_name) if is_unix: - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\"" %(db_name, db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE \\\"%s\\\" to \\\"%s\\\";\"" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE %s to %s;\" -c ;" %(db_name, db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON DATABASE \\\"%s\\\" to \\\"%s\\\";\" -c ;" %(db_name, db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(query) if ret != 0: @@ -874,11 +874,11 @@ class PostgresConf(BaseDB): sys.exit(1) if is_unix: - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\"" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO \\\"%s\\\";\"" %(db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO %s;\" -c ;" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SCHEMA public TO \\\"%s\\\";\" -c ;" %(db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(query) if ret != 0: @@ -886,11 +886,11 @@ class PostgresConf(BaseDB): sys.exit(1) if is_unix: - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\"" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \\\"%s\\\";\"" %(db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;\" -c ;" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \\\"%s\\\";\" -c ;" %(db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(query) if ret != 0: @@ -909,14 +909,14 @@ class PostgresConf(BaseDB): tablename , value = each_line.strip().split(" |",1) tablename = tablename.strip() if is_unix: - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\"" %(tablename,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO \\\"%s\\\";\"" %(tablename,db_user) jisql_log(query1, db_root_password) ret = subprocessCallWithRetry(shlex.split(query1)) if ret != 0: log("[E] Granting all privileges on tablename "+tablename+" to user "+db_user+" failed..", "error") sys.exit(1) elif os_name == "WINDOWS": - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO %s;\" -c ;" %(tablename,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON TABLE %s TO \\\"%s\\\";\" -c ;" %(tablename,db_user) jisql_log(query1, db_root_password) ret = subprocessCallWithRetry(query1) if ret != 0: @@ -925,11 +925,11 @@ class PostgresConf(BaseDB): if is_unix: - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\"" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \\\"%s\\\";\"" %(db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(shlex.split(query)) elif os_name == "WINDOWS": - query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;\" -c ;" %(db_user) + query = get_cmd + " -query \"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \\\"%s\\\";\" -c ;" %(db_user) jisql_log(query, db_root_password) ret = subprocessCallWithRetry(query) if ret!=0: @@ -947,14 +947,14 @@ class PostgresConf(BaseDB): sequence_name , value = each_line.strip().split(" |",1) sequence_name = sequence_name.strip() if is_unix: - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\"" %(sequence_name,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO \\\"%s\\\";\"" %(sequence_name,db_user) jisql_log(query1, db_root_password) ret = subprocessCallWithRetry(shlex.split(query1)) if ret != 0: log("[E] Granting all privileges on sequence "+sequence_name+" to user "+db_user+" failed..", "error") sys.exit(1) elif os_name == "WINDOWS": - query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO %s;\" -c ;" %(sequence_name,db_user) + query1 = get_cmd + " -query \"GRANT ALL PRIVILEGES ON SEQUENCE %s TO \\\"%s\\\";\" -c ;" %(sequence_name,db_user) jisql_log(query1, db_root_password) ret = subprocessCallWithRetry(query1) if ret != 0: @@ -963,10 +963,10 @@ class PostgresConf(BaseDB): log("[I] Granting privileges TO user '"+db_user+"' on db '"+db_name+"' Done" , "info") else: - logFile("GRANT ALL PRIVILEGES ON DATABASE %s to %s;" %(db_name, db_user)) - logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %( db_user)) - logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO %s;" %(db_user)) - logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO %s;" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON DATABASE %s to \"%s\";" %(db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO \"%s\";" %( db_user)) + logFile("GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO \"%s\";" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO \"%s\";" %(db_user)) def create_auditdb_user(self, xa_db_host, audit_db_host, db_name, audit_db_name, xa_db_root_user, audit_db_root_user, db_user, audit_db_user, xa_db_root_password, audit_db_root_password, db_password, audit_db_password, DBA_MODE,dryMode): if DBA_MODE == "TRUE": @@ -981,23 +981,23 @@ class PostgresConf(BaseDB): def writeDrymodeCmd(self, xa_db_host, audit_db_host, xa_db_root_user, xa_db_root_password, db_user, db_password, db_name, audit_db_root_user, audit_db_root_password, audit_db_user, audit_db_password, audit_db_name): logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") - logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) - logFile("CREATE DATABASE %s WITH OWNER %s;" %(db_name, db_user)) + logFile("CREATE USER \"%s\" WITH LOGIN PASSWORD '%s';" %(db_user, db_password)) + logFile("CREATE DATABASE \"%s\" WITH OWNER \"%s\";" %(db_name, db_user)) logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(db_name)) - logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(db_name, db_user)) - logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON DATABASE \"%s\" TO \"%s\";" %(db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO \"%s\";" %(db_user)) if not db_user == audit_db_user: logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") - logFile("CREATE USER %s WITH LOGIN PASSWORD '%s';" %(audit_db_user, audit_db_password)) + logFile("CREATE USER \"%s\" WITH LOGIN PASSWORD \"%s\";" %(audit_db_user, audit_db_password)) if not db_name == audit_db_name: if not db_user == audit_db_user: pass else: logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') to execute below sql statements.") - logFile("CREATE DATABASE %s WITH OWNER %s;" %(audit_db_name, db_user)) + logFile("CREATE DATABASE \"%s\" WITH OWNER \"%s\";" %(audit_db_name, db_user)) logFile("# Login to POSTGRES Server from a POSTGRES dba user(i.e 'postgres') on '%s' database to execute below sql statements."%(audit_db_name)) - logFile("GRANT ALL PRIVILEGES ON DATABASE %s TO %s;" %(audit_db_name, db_user)) - logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO %s;" %(db_user)) + logFile("GRANT ALL PRIVILEGES ON DATABASE \"%s\" TO \"%s\";" %(audit_db_name, db_user)) + logFile("GRANT ALL PRIVILEGES ON SCHEMA public TO \"%s\";" %(db_user)) class SqlServerConf(BaseDB): # Constructor @@ -1729,8 +1729,6 @@ def main(argv): xa_patch_file = os.path.join(RANGER_ADMIN_HOME,oracle_patches) elif XA_DB_FLAVOR == "POSTGRES": - db_user=db_user.lower() - db_name=db_name.lower() POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR xa_sqlObj = PostgresConf(xa_db_host, POSTGRES_CONNECTOR_JAR, JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type) xa_db_version_file = os.path.join(RANGER_ADMIN_HOME,postgres_dbversion_catalog) @@ -1772,8 +1770,6 @@ def main(argv): audit_db_file = os.path.join(RANGER_ADMIN_HOME,oracle_audit_file) elif AUDIT_DB_FLAVOR == "POSTGRES": - audit_db_user=audit_db_user.lower() - audit_db_name=audit_db_name.lower() POSTGRES_CONNECTOR_JAR=CONNECTOR_JAR audit_sqlObj = PostgresConf(audit_db_host,POSTGRES_CONNECTOR_JAR,JAVA_BIN,db_ssl_enabled,db_ssl_required,db_ssl_verifyServerCertificate,javax_net_ssl_keyStore,javax_net_ssl_keyStorePassword,javax_net_ssl_trustStore,javax_net_ssl_trustStorePassword,db_ssl_auth_type) audit_db_file = os.path.join(RANGER_ADMIN_HOME,postgres_audit_file) diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 8ba8e9a..7dc11d8 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -680,8 +680,6 @@ update_properties() { fi if [ "${DB_FLAVOR}" == "POSTGRES" ] then - db_name=`echo ${db_name} | tr '[:upper:]' '[:lower:]'` - db_user=`echo ${db_user} | tr '[:upper:]' '[:lower:]'` if [ "${db_ssl_enabled}" == "true" ] then