Oracle 每个session的限制,限制oracle普通用户能且只能kill自己的会话
聲明:
僅用于測試環境方便調試,不可能應用于生產環境;故請勿加入到程序源代碼來實現自動殺進程。
只需一個參數,就能kill用戶自己的會話,請小心操作,以免誤kill進程。
使用方法:
新開一個session后,執行
EXEC?SYS.P_KILL_USER_SESSION(要殺的會話的sid);
就能實現sys用戶才能操作的alter?system?kill?session(sid,serial#);
例子:04:14:46?sql1>exec?sys.p_kill_user_session(2525);
目的:
一般用戶在不具備執行alter?system權限的前提下,對于自己的所有session,能達到alter?system?kill?session功能。
原理:
普通用戶先根據(自己的)username和要kill的session的sid查找到這個session的(sid,serial#);再把這兩個變量傳到另一個存儲過程P_KILL_SESSION,該存儲過程中sys用戶會親自執行alter?system?kill?session?(sid,serial#);從而殺掉session。
背景知識:
sid是唯一的,不會重復;假設登錄了A用戶,意圖要kill?user?A的會話,結果輸入了user?B的sid,則在查找(sid,serial#)時,因為限制了username=A?and?sid=輸入的sid,則會返回0條記錄。從而限制了只能kill當前操作用戶的session。
實施步驟:
1.sys用戶先建立procedure
存儲過程P_KILL_SESSION
CREATE?OR?REPLACE?PROCEDURE?P_KILL_SESSION(P_USER?IN?VARCHAR2,
P_SID??IN?VARCHAR2)?AS
V_SQL?VARCHAR2(32767);
BEGIN
SELECT?'ALTER?SYSTEM?KILL?SESSION?'''?||?SID?||?','?||?SERIAL#?||?''''
INTO?V_SQL
FROM?V$SESSION
WHERE?USERNAME?=?P_USER
AND?SID?=?P_SID;
EXECUTE?IMMEDIATE?V_SQL;
EXCEPTION
WHEN?NO_DATA_FOUND?THEN
RAISE_APPLICATION_ERROR(-20001,
'SID:'?||?P_SID?||
'?DOES?NOT?EXISTS,?OR?THE?SESSION?USER?IS?NOT?'?||
P_USER);
END;
存儲過程P_KILL_USER_SESSION
CREATE?OR?REPLACE?PROCEDURE?P_KILL_USER_SESSION(P_SID?IN?NUMBER)?AUTHID?CURRENT_USER?AS
V_USERNAME?VARCHAR2(30);
V_SID??????NUMBER;
BEGIN
SELECT?SYS_CONTEXT('USERENV',?'SESSION_USER'),
SYS_CONTEXT('USERENV',?'SID')
INTO?V_USERNAME,?V_SID
FROM?DUAL;
IF?P_SID?!=?V_SID?THEN
P_KILL_SESSION(V_USERNAME,?P_SID);
ELSE
RAISE_APPLICATION_ERROR(-20000,?'CAN?NOT?KILL?CURRENT?SESSION!');
END?IF;
END;
2.sys再grant執行存儲過程的權限給用戶
GRANT?EXECUTE?ON?P_KILL_USER_SESSION?TO??JF_ISU;
3.獲得授權的用戶根據會話的sid就可以殺自己的任何session了;
exec?sys.p_kill_user_session(sid);
驗證
在服務器srcbdc建立3個會話;2個JF_ISU用戶sql1=(3012,751),sql2=(1070,469)1個system用戶(其它用戶)
會話1
04:14:22?192.168.210.65:1521/SRCBFIN@JF_ISU>?set?sqlp?'sql1>'
04:14:30?sql1>col?sys_context('userenv','session_user')?for?a50;
04:14:46?sql1>col?sys_context('userenv','sid')?for?a50;
04:14:46?sql1>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;
SYS_CONTEXT('USERENV','SESSION_USER')??????????????SYS_CONTEXT('USERENV','SID')
--------------------------------------------------?--------------------------------------------------
JF_ISU?????????????????????????????????????????????3012
會話2
04:14:52?192.168.210.65:1521/SRCBFIN@JF_ISU>?set?sqlp?'sql2>'
04:14:59?sql2>col?sys_context('userenv','session_user')?for?a50;
04:15:01?sql2>col?sys_context('userenv','sid')?for?a50;
04:15:01?sql2>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;
SYS_CONTEXT('USERENV','SESSION_USER')??????????????SYS_CONTEXT('USERENV','SID')
--------------------------------------------------?--------------------------------------------------
JF_ISU?????????????????????????????????????????????1070
會話3
04:15:05?192.168.210.65:1521/SRCBFIN@SYSTEM>?set?sqlp?'system3>';
04:15:23?system3>col?sys_context('userenv','session_user')?for?a50;
04:15:30?system3>col?sys_context('userenv','sid')?for?a50;
04:15:30?system3>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;
SYS_CONTEXT('USERENV','SESSION_USER')??????????????SYS_CONTEXT('USERENV','SID')
--------------------------------------------------?--------------------------------------------------
SYSTEM?????????????????????????????????????????????2525
04:15:30?system3>
04:15:32?system3>select?sid,serial#,username,type,program,machine?from?v$session?where?machine?like?'%srcbdc%';
SID????SERIAL#?USERNAME???????????????????????TYPE???????PROGRAM??????????????????????????????????????????MACHINE
----------?----------?------------------------------?----------?------------------------------------------------?--------
1070????????469?JF_ISU?????????????????????????USER???????sqlplus@srcbdc?(TNS?V1-V3)???????????????????????srcbdc
2525????????511?SYSTEM?????????????????????????USER???????sqlplus@srcbdc?(TNS?V1-V3)???????????????????????srcbdc
3012????????751?JF_ISU?????????????????????????USER???????sqlplus@srcbdc?(TNS?V1-V3)???????????????????????srcbdc
安全限制測試:
u?JF_ISU不能kill其它用戶的會話;(JF_ISU無法kill?system用戶的)
04:14:46?sql1>exec?sys.p_kill_user_session(2525);
BEGIN?sys.p_kill_user_session(2525);?END;
*
ERROR?at?line?1:
ORA-20001:?SID??2525?DOES?NOT?EXISTS,?OR?THE?SESSION?USER?IS?NOT?JF_ISU
ORA-06512:?at?"SYS.P_KILL_SESSION",?line?12
ORA-06512:?at?"SYS.P_KILL_USER_SESSION",?line?10
ORA-06512:?at?line?1
u?JF_ISU不能kill當前session;
04:16:29?sql1>exec?sys.p_kill_user_session(3012);
BEGIN?sys.p_kill_user_session(3012);?END;
*
ERROR?at?line?1:
ORA-20000:?CAN?NOT?KILL?CURRENT?SESSION!
ORA-06512:?at?"SYS.P_KILL_USER_SESSION",?line?12
ORA-06512:?at?line?1
u?未獲得存儲過程執行權限的用戶不能調用該存儲過程。
04:15:41?system3>exec?sys.p_kill_user_session(3012);
BEGIN?sys.p_kill_user_session(3012);?END;
*
ERROR?at?line?1:
ORA-06550:?line?1,?column?7:
PLS-00201:?identifier?'SYS.P_KILL_USER_SESSION'?must?be?declared
ORA-06550:?line?1,?column?7:
PL/SQL:?Statement?ignored
基本測試:
JF_ISU能kill除當前session之外的自己的所有會話(且該用戶不具備alter?system權限);
04:16:38?sql1>exec?sys.p_kill_user_session(1070);
PL/SQL?procedure?successfully?completed.
04:17:16?sql1>
04:17:18?sql1>select?*?from?session_privs;?(實際上只需要有create?session并獲得exec?on?procedure?p_kill_user_session即可完成)
PRIVILEGE
----------------------------------------
CREATE?SESSION
UNLIMITED?TABLESPACE
CREATE?TABLE
SELECT?ANY?TABLE
CREATE?CLUSTER
CREATE?SYNONYM
CREATE?VIEW
CREATE?SEQUENCE
SELECT?ANY?SEQUENCE
CREATE?DATABASE?LINK
CREATE?PROCEDURE
CREATE?TRIGGER
CREATE?TYPE
CREATE?OPERATOR
CREATE?INDEXTYPE
SELECT?ANY?DICTIONARY
DEBUG?CONNECT?SESSION
DEBUG?ANY?PROCEDURE
18?rows?selected.
04:17:44?sql1>
04:15:01?sql2>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;
select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual
*
ERROR?at?line?1:
ORA-00028:?your?session?has?been?killed
附錄:
查看當前session信息,要對視圖v$session有select權限才能獲得serial#,
col?username?for?A10;
sql1>select?sid,serial#,username?from?v$session?where?sid=(select?sys_context('userenv','sid')?from?dual);
SID????SERIAL#?USERNAME
----------?----------?----------
1457??????????3?JF_ISU
04:43:18?sql1>select?*?from?user_role_privs;
USERNAME???????????????????????GRANTED_ROLE???????????????????ADM?DEF?OS_
------------------------------?------------------------------?---?---?---
JF_ISU?????????????????????????CONNECT????????????????????????NO??YES?NO
JF_ISU?????????????????????????RESOURCE???????????????????????NO??YES?NO
04:43:24?sql1>
04:43:25?sql1>select?*?from?role_sys_privs;
ROLE???????????????????????????PRIVILEGE????????????????????????????????ADM
------------------------------?----------------------------------------?---
CONNECT????????????????????????CREATE?SESSION???????????????????????????NO
RESOURCE???????????????????????CREATE?CLUSTER???????????????????????????NO
RESOURCE???????????????????????CREATE?SEQUENCE??????????????????????????NO
RESOURCE???????????????????????CREATE?TRIGGER???????????????????????????NO
RESOURCE???????????????????????CREATE?TABLE?????????????????????????????NO
RESOURCE???????????????????????CREATE?PROCEDURE?????????????????????????NO
RESOURCE???????????????????????CREATE?TYPE??????????????????????????????NO
RESOURCE???????????????????????CREATE?OPERATOR??????????????????????????NO
RESOURCE???????????????????????CREATE?INDEXTYPE?????????????????????????NO
9?rows?selected.
04:43:34?sql1>
04:43:35?sql1>select?*?from?user_sys_privs;
USERNAME???????????????????????PRIVILEGE????????????????????????????????ADM
------------------------------?----------------------------------------?---
JF_ISU?????????????????????????SELECT?ANY?DICTIONARY????????????????????NO
JF_ISU?????????????????????????CREATE?SEQUENCE??????????????????????????NO
JF_ISU?????????????????????????DEBUG?CONNECT?SESSION????????????????????NO
JF_ISU?????????????????????????CREATE?TYPE??????????????????????????????NO
JF_ISU?????????????????????????CREATE?VIEW??????????????????????????????NO
JF_ISU?????????????????????????SELECT?ANY?TABLE?????????????????????????NO
JF_ISU?????????????????????????CREATE?DATABASE?LINK?????????????????????NO
JF_ISU?????????????????????????CREATE?TABLE?????????????????????????????NO
JF_ISU?????????????????????????UNLIMITED?TABLESPACE?????????????????????NO
JF_ISU?????????????????????????CREATE?TRIGGER???????????????????????????NO
JF_ISU?????????????????????????CREATE?SYNONYM???????????????????????????NO
JF_ISU?????????????????????????DEBUG?ANY?PROCEDURE??????????????????????NO
JF_ISU?????????????????????????SELECT?ANY?SEQUENCE??????????????????????NO
13?rows?selected.
04:43:43?sql1>
創作挑戰賽新人創作獎勵來咯,堅持創作打卡瓜分現金大獎總結
以上是生活随笔為你收集整理的Oracle 每个session的限制,限制oracle普通用户能且只能kill自己的会话的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: python写文字方法_Transcry
- 下一篇: 为软件添加全网排行榜