DECLARE v_type VARCHAR2(30) := 'FUNCTION'; v_object_name VARCHAR2(30); BEGIN dbms_output.put_line(' ' || ',' || ' ' || ',,,,,,,,,,' || 'SELECT' || ',' || 'INSERT' || ',' || 'UPDATE' || ',' || 'DELETE' || ',' || 'EXECUTE'); FOR level0 IN (SELECT obje.owner, obje.object_name, obje.object_type, (CASE WHEN obje.object_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, decode(obje.object_type, 'TABLE', ' ', ' ') AS vinsert, decode(obje.object_type, 'TABLE', ' ', ' ') AS vupdate, decode(obje.object_type, 'TABLE', ' ', ' ') AS vdelete, (CASE WHEN obje.object_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_objects obje WHERE obje.object_type = v_type AND obje.owner = 'SIFICO2') LOOP dbms_output.put_line(level0.owner || '.' || level0.object_name || ',' || level0.object_type || ',,,,,,,,,,' || level0.vselect || ',' || level0.vinsert || ',' || level0.vupdate || ',' || level0.vdelete || ',' || level0.vexecute); FOR level1 IN (SELECT depe.referenced_owner, depe.referenced_name, depe.referenced_type, (CASE WHEN depe.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe.owner AND sour.name = depe.name AND sour.type = depe.type AND sour.text LIKE '%INSERT%INTO%' AND depe.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe.owner AND sour.name = depe.name AND sour.type = depe.type AND sour.text LIKE '%UPDATE%' AND depe.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe.owner AND sour.name = depe.name AND sour.type = depe.type AND sour.text LIKE '%DELETE%' AND depe.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe WHERE depe.name = level0.object_name AND depe.type = level0.object_type AND depe.owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',' || level1.referenced_owner || '.' || level1.referenced_name || ',' || level1.referenced_type || ',,,,,,,,,' || level1.vselect || ',' || level1.vinsert || ',' || level1.vupdate || ',' || level1.vdelete || ',' || level1.vexecute); FOR level2 IN (SELECT depe2.referenced_owner, depe2.referenced_name, depe2.referenced_type, (CASE WHEN depe2.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe2.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe2.owner AND sour.name = depe2.name AND sour.type = depe2.type AND sour.text LIKE '%INSERT%INTO%' AND depe2.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe2.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe2.owner AND sour.name = depe2.name AND sour.type = depe2.type AND sour.text LIKE '%UPDATE%' AND depe2.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe2.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe2.owner AND sour.name = depe2.name AND sour.type = depe2.type AND sour.text LIKE '%DELETE%' AND depe2.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe2.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe2 WHERE depe2.name = level1.referenced_name AND depe2.owner = level1.referenced_owner AND depe2.type = level1.referenced_type AND depe2.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,' || level2.referenced_owner || '.' || level2.referenced_name || ',' || level2.referenced_type || ',,,,,,,,' || level2.vselect || ',' || level2.vinsert || ',' || level2.vupdate || ',' || level2.vdelete || ',' || level2.vexecute); FOR level3 IN (SELECT depe3.referenced_owner, depe3.referenced_name, depe3.referenced_type, (CASE WHEN depe3.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe3.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe3.owner AND sour.name = depe3.name AND sour.type = depe3.type AND sour.text LIKE '%INSERT%INTO%' AND depe3.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe3.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe3.owner AND sour.name = depe3.name AND sour.type = depe3.type AND sour.text LIKE '%UPDATE%' AND depe3.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe3.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe3.owner AND sour.name = depe3.name AND sour.type = depe3.type AND sour.text LIKE '%DELETE%' AND depe3.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe3.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe3 WHERE depe3.name = level2.referenced_name AND depe3.owner = level2.referenced_owner AND depe3.type = level2.referenced_type AND depe3.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,' || level3.referenced_owner || '.' || level3.referenced_name || ',' || level3.referenced_type || ',,,,,,,' || level3.vselect || ',' || level3.vinsert || ',' || level3.vupdate || ',' || level3.vdelete || ',' || level3.vexecute); FOR level4 IN (SELECT depe4.referenced_owner, depe4.referenced_name, depe4.referenced_type, (CASE WHEN depe4.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe4.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe4.owner AND sour.name = depe4.name AND sour.type = depe4.type AND sour.text LIKE '%INSERT%INTO%' AND depe4.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe4.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe4.owner AND sour.name = depe4.name AND sour.type = depe4.type AND sour.text LIKE '%UPDATE%' AND depe4.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe4.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe4.owner AND sour.name = depe4.name AND sour.type = depe4.type AND sour.text LIKE '%DELETE%' AND depe4.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe4.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe4 WHERE depe4.name = level3.referenced_name AND depe4.owner = level3.referenced_owner AND depe4.type = level3.referenced_type AND depe4.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,,' || level4.referenced_owner || '.' || level4.referenced_name || ',' || level4.referenced_type || ',,,,,,' || level4.vselect || ',' || level4.vinsert || ',' || level4.vupdate || ',' || level4.vdelete || ',' || level4.vexecute); FOR level5 IN (SELECT depe5.referenced_owner, depe5.referenced_name, depe5.referenced_type, (CASE WHEN depe5.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe5.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe5.owner AND sour.name = depe5.name AND sour.type = depe5.type AND sour.text LIKE '%INSERT%INTO%' AND depe5.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe5.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe5.owner AND sour.name = depe5.name AND sour.type = depe5.type AND sour.text LIKE '%UPDATE%' AND depe5.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe5.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe5.owner AND sour.name = depe5.name AND sour.type = depe5.type AND sour.text LIKE '%DELETE%' AND depe5.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe5.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe5 WHERE depe5.name = level4.referenced_name AND depe5.owner = level4.referenced_owner AND depe5.type = level4.referenced_type AND depe5.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,,,' || level5.referenced_owner || '.' || level5.referenced_name || ',' || level5.referenced_type || ',,,,,' || level5.vselect || ',' || level5.vinsert || ',' || level5.vupdate || ',' || level5.vdelete || ',' || level5.vexecute); FOR level6 IN (SELECT depe6.referenced_owner, depe6.referenced_name, depe6.referenced_type, (CASE WHEN depe6.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe6.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe6.owner AND sour.name = depe6.name AND sour.type = depe6.type AND sour.text LIKE '%INSERT%INTO%' AND depe6.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe6.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe6.owner AND sour.name = depe6.name AND sour.type = depe6.type AND sour.text LIKE '%UPDATE%' AND depe6.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe6.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe6.owner AND sour.name = depe6.name AND sour.type = depe6.type AND sour.text LIKE '%DELETE%' AND depe6.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe6.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe6 WHERE depe6.name = level5.referenced_name AND depe6.owner = level5.referenced_owner AND depe6.type = level5.referenced_type AND depe6.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,,,,' || level6.referenced_owner || '.' || level6.referenced_name || ',' || level6.referenced_type || ',,,,' || level6.vselect || ',' || level6.vinsert || ',' || level6.vupdate || ',' || level6.vdelete || ',' || level6.vexecute); FOR level7 IN (SELECT depe7.referenced_owner, depe7.referenced_name, depe7.referenced_type, (CASE WHEN depe7.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe7.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe7.owner AND sour.name = depe7.name AND sour.type = depe7.type AND sour.text LIKE '%INSERT%INTO%' AND depe7.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe7.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe7.owner AND sour.name = depe7.name AND sour.type = depe7.type AND sour.text LIKE '%UPDATE%' AND depe7.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe7.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe7.owner AND sour.name = depe7.name AND sour.type = depe7.type AND sour.text LIKE '%DELETE%' AND depe7.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe7.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe7 WHERE depe7.name = level6.referenced_name AND depe7.owner = level6.referenced_owner AND depe7.type = level6.referenced_type AND depe7.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,,,,,' || level7.referenced_type || ' ' || level7.referenced_owner || '.' || level7.referenced_name || ',,,' || level7.vselect || ',' || level7.vinsert || ',' || level7.vupdate || ',' || level7.vdelete || ',' || level7.vexecute); FOR level8 IN (SELECT depe8.referenced_owner, depe8.referenced_name, depe8.referenced_type, (CASE WHEN depe8.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe8.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe8.owner AND sour.name = depe8.name AND sour.type = depe8.type AND sour.text LIKE '%INSERT%INTO%' AND depe8.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe8.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe8.owner AND sour.name = depe8.name AND sour.type = depe8.type AND sour.text LIKE '%UPDATE%' AND depe8.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe8.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe8.owner AND sour.name = depe8.name AND sour.type = depe8.type AND sour.text LIKE '%DELETE%' AND depe8.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe8.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe8 WHERE depe8.name = level7.referenced_name AND depe8.owner = level7.referenced_owner AND depe8.type = level7.referenced_type AND depe8.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,,,,,,' || level8.referenced_owner || '.' || level8.referenced_name || ',' || level8.referenced_type || ',,' || level8.vselect || ',' || level8.vinsert || ',' || level8.vupdate || ',' || level8.vdelete || ',' || level8.vexecute); FOR level9 IN (SELECT depe9.referenced_owner, depe9.referenced_name, depe9.referenced_type, (CASE WHEN depe9.referenced_type IN ('VIEW', 'TABLE') THEN 'X' END) AS vselect, (CASE WHEN depe9.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe9.owner AND sour.name = depe9.name AND sour.type = depe9.type AND sour.text LIKE '%INSERT%INTO%' AND depe9.referenced_name = fc_insert_table_usage(sour.text)) THEN 'X' END) AS vinsert, (CASE WHEN depe9.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe9.owner AND sour.name = depe9.name AND sour.type = depe9.type AND sour.text LIKE '%UPDATE%' AND depe9.referenced_name = fc_update_table_usage(sour.text)) THEN 'X' END) AS vupdate, (CASE WHEN depe9.referenced_type = 'TABLE' AND EXISTS (SELECT 1 FROM dba_source sour WHERE sour.owner = depe9.owner AND sour.name = depe9.name AND sour.type = depe9.type AND sour.text LIKE '%DELETE%' AND depe9.referenced_name = fc_delete_table_usage(sour.text)) THEN 'X' END) AS vdelete, (CASE WHEN depe9.referenced_type IN ('PACKAGE', 'PACKAGE BODY', 'PROCEDURE', 'FUNCTION') THEN 'X' END) AS vexecute FROM all_dependencies depe9 WHERE depe9.name = level8.referenced_name AND depe9.owner = level8.referenced_owner AND depe9.type = level8.referenced_type AND depe9.referenced_owner NOT IN ('SIFICO', 'PUBLIC') ORDER BY 1, 2) LOOP dbms_output.put_line(',,,,,,,,' || level9.referenced_owner || '.' || level9.referenced_name || ',' || level9.referenced_type || ',' || level9.vselect || ',' || level9.vinsert || ',' || level9.vupdate || ',' || level9.vdelete || ',' || level9.vexecute); END LOOP; END LOOP; END LOOP; END LOOP; END LOOP; END LOOP; END LOOP; END LOOP; END LOOP; END LOOP; END; /Saludos.
martes, 14 de agosto de 2012
Todas las dependencias
sábado, 26 de mayo de 2012
SQL Parser
Con este codigo se pueden extraer los privilegios y los objetos.
Les paso uno hecho en SL.
Ejemplo: sql_examples.sql
select * from tabla1;Ojala que les sirva.
select *
from tabla2
where columna1=1;
select columna1,columna2
,columna3
from tabla3;
select columna1, (select columna1 from tabla4) as columna2
from tabla5 tab
where exists (select 1 from tabla6 tab6 where tab.columna1 = tab6.columna3);
update tabla7 set columna1 = 1000;
delete from tabla8;
insert into tabla9 (columna1) values (1);
insert into tabla10 values (1,2,3);
-----------------------------
------ sql_parser.sl -----
-----------------------------
var
linea ="";
cant_lineas = 0;
nro_caracteres = 0;
v_caracter = "";
v_palabra = "";
cant_palabra_reservada = 0;
line_indice = 0;
const
ARCH_ENTRADA = "sql_examples.sql";
ARCH_SALIDA = "object.txt";
inicio
si ( not set_stdin (ARCH_ENTRADA) ) {
imprimir ("\nNo se pudo abrir el archivo "+ ARCH_ENTRADA);
terminar ("\nEl programa no puede continuar.");
}
set_ifs ("\n");
si ( not set_stdout (ARCH_SALIDA) ) {
terminar ("\nNo se pudo abrir el archivo "+ ARCH_SALIDA);
}
leer (linea);
mientras ( not eof() ) {
linea=upper(linea);
nro_caracteres=strlen(linea);
desde line_indice= 1 hasta nro_caracteres {
v_caracter = substr(linea,line_indice,1);
si ( v_palabra=='(SELECT') { v_palabra = 'SELECT';}
si ( es_delimitador_sr(v_caracter) ) {
si ( es_privilegio_sr(v_palabra) ) {
v_palabra = substr(lpad(' ', (cant_palabra_reservada - 1) * 3, '- ') + v_palabra, 1, 60);
imprimir("\n",v_palabra);
}
si ( cant_palabra_reservada > 0 ) {
v_palabra = substr(lpad(' ', (cant_palabra_reservada - 1) * 3, '- ') + v_palabra, 1, 60);
imprimir("\n",v_palabra);
dec(cant_palabra_reservada);
}
si ( es_palabra_clave_sr(v_palabra) ) {
inc(cant_palabra_reservada);
}
v_palabra = "";
sino
v_palabra = v_palabra+v_caracter;
}
}
leer(linea);
}
set_stdout("");
fin;
subrutina es_privilegio_sr(p_palabra : cadena) retorna logico
var
es_privilegio : logico;
privilegios : vector [4] cadena;
priv_indice : numerico;
inicio
privilegios = {'SELECT','INSERT','UPDATE','DELETE'};
desde priv_indice= 1 hasta alen(privilegios) {
si (p_palabra == privilegios[priv_indice]) {
es_privilegio = SI;
priv_indice = alen(privilegios);
sino
es_privilegio = NO;
}
}
retorna ( es_privilegio );
fin;
subrutina es_delimitador_sr(p_caracter : cadena) retorna logico
var
es_delimitador : logico;
delimitadores : vector [5] cadena;
deli_indice : numerico;
inicio
delimitadores = {';','/',')',',',' '};
desde deli_indice= 1 hasta alen(delimitadores) {
si ( p_caracter == delimitadores[deli_indice] ) {
es_delimitador = SI;
deli_indice=alen(delimitadores);
sino
es_delimitador = NO;
}
}
retorna ( es_delimitador );
fin;
subrutina es_palabra_clave_sr(p_clave : cadena) retorna logico
var
es_palabra_clave : logico;
palabra_clave : vector [3] cadena;
plcl_indice : numerico;
inicio
palabra_clave = {'UPDATE','FROM','INTO'};
desde plcl_indice= 1 hasta alen(palabra_clave) {
si (p_clave == palabra_clave[plcl_indice]) {
es_palabra_clave = SI;
plcl_indice = alen(palabra_clave);
sino
es_palabra_clave = NO;
}
}
retorna ( es_palabra_clave );
fin;
subrutina lpad(p_palabra:cadena; p_cantidad :numerico; p_caracter_rellenar: cadena) retorna cadena
var
indice : numerico;
v_cant_caracteres : numerico;
inicio
v_cant_caracteres = strlen(p_palabra);
desde indice = 1 hasta p_cantidad - v_cant_caracteres {
p_palabra = p_caracter_rellenar+p_palabra;
}
retorna p_palabra;
fin;
-----------------------------
------ object.txt --------
-----------------------------
SELECT
TABLA1
SELECT
TABLA2
SELECT
TABLA3
SELECT
SELECT
TABLA4
TABLA5
SELECT
TABLA6
UPDATE
DELETE
TABLA8
INSERT
TABLA9
INSERT
TABLA10
sábado, 14 de abril de 2012
Vulnerabilidad en SAMBA
Ejecución de código remoto en Samba (una vulnerabilidad "como las de antes")
----------------------------------------------------------------------------
Se ha anunciado una grave vulnerabilidad en Samba que podría permitir la ejecución remota de código como usuario root a través de una conexión anónima (sin autenticar). Samba es un software libre que permite compartir ficheros e impresoras entre cliente y servidor con diferentes sistemas operativos, tales como DOS, Microsoft Windows, OS/2, Linux, o MacOS, mediante el protocolo SMB/CIFS. Samba es ampliamente utilizado tanto entre particulares como por parte de empresas, y se encuentra en prácticamente la totalidad de las distribuciones Linux, y en un gran número de dispositivos con GNU/Linux en su interior.
La vulnerabilidad está causada por un error en el generador de código utilizado para empaquetar y desempaquetar las llamadas de procedimiento remoto (RPC) a través de la red. Este error se debe a la falta de comprobación de concordancia entre la variable que contiene la longitud de un array y la variable usada para reservar memoria para dicho array.
Un atacante remoto no autenticado podría explotar esta vulnerabilidad a través de una llamada RPC especialmente manipulada para lograr ejecutar código arbitrario en el servidor como usuario root. En la práctica, significa que con solo lanzar un comando contra un servidor Samba vulnerable en la red, se tendría total control sobre la máquina afectada. El error ha sido descubierto por el investigador Brian Gorenc y una persona anónima de Zero Day Initiative (ZDI) quienes, además, han demostrado su explotabilidad mediante una prueba de concepto. Se ha asignado el identificador CVE-2012-1182 a esta vulnerabilidad. Su gravedad es máxima, y recuerda a vulnerabilidades de otro tiempo, donde resultaban más comunes fallos de este tipo en una red mucho más insegura.
El fallo se encuentra en el código desde la versión 3.0.25 de Samba, de mayo de 2007. Lo que significa que lleva cinco años en el código fuente del programa. Aunque las distribuciones ya están publicando nuevos paquetes para actualizar Samba y corregir el fallo, se puede mitigar el problema para aquellos dispositivos o servidores que no puedan actualizar de inmediato. Es posible utilizar la opción "host allow" en el fichero de configuración smb.conf para restringir los clientes que pueden acceder, o hacerlo a través de un cortafuegos adicional. Para solucionar la vulnerabilidad, Samba ha lanzado las versiones 3.4.16, 3.5.14, y 3.6.4, así como parches para otras versiones más antiguas.
Se pueden descargar desde la página oficial.
Más información: "root" credential remote code execution.
http://www.samba.org/samba/
Samba Security Releases
martes, 3 de abril de 2012
Y proximamente los subtitulos de este y los demas capitulos!!
miércoles, 28 de marzo de 2012
Presentacion
En este blog podrán encontrar todo sobre seguridad informática, pen testing, hacking ético, etc.
Y como soy fanático de Hak5, y se que muchos desean una version en espanol. Esta realizando los subtitulos de cada capítulo, para que todos puedan disfrutarlo.
Saludos.