Oracle rdbms Brush password

Restore database user history account password

1. 用户状态

select * from user_astatus_map;

复制代码
select * from user_astatus_map;
   STATUS# STATUS
---------- --------------------------------
     0     OPEN
     1     EXPIRED
     2     EXPIRED(GRACE)
     4     LOCKED(TIMED)
     8     LOCKED
     5     EXPIRED & LOCKED(TIMED)
     6     EXPIRED(GRACE) & LOCKED(TIMED)
     9     EXPIRED & LOCKED
    10     EXPIRED(GRACE) & LOCKED
复制代码

 

2.  password_versions

2.1)在oracle 10g, 密码记录在sys.user$.PASSWORD列,其长度为16字符,且不区分大小写;

2.2)在oracle 11g版本后,其复杂度得到了加强,将密码同时写入到sys.user$.spare4列,并且sys.user$.spare4对大小敏感。

2.3)dba_users.password_versions的优先级大于sec_case_sensitive_logon参数,11g默认为true。

 

3. 下面通过语句进行刷密码操作

3.1)创建序列

CREATE SEQUENCE seq_refpwd increment by 1 start with 1 nomaxvalue nocycle nocache;

3.2)创建操作记录表

create table tb_refpwd_log(
  id number not null,                        -- 引用seq_refpwd.nextval
  oper_time date,                            -- 记录操作时间
  oper_command varchar2(1000)                -- 记录操作命令内容
);

3.3)执行语句

复制代码
declare
  v_datetime varchar2(12) := to_char(sysdate, 'yyyymmddHH24MI');
  v_tbname   varchar2(32) := trim(concat('tb_userpwd_', v_datetime)); -- 备份表名称
  v_pf_sql   varchar2(1000) := 'create profile temp_profile limit PASSWORD_REUSE_MAX UNLIMITED PASSWORD_REUSE_TIME UNLIMITED'; -- 构造创建profile语句
  v_sql      varchar2(1000);
  TYPE RECORD_TYPE_USERS IS RECORD(
    v_username sys.user$.name%TYPE,
    v_user_pwd VARCHAR2(1000),
    v_profile  VARCHAR2(30),
    v_status   sys.user$.ASTATUS%TYPE);
  user_rec RECORD_TYPE_USERS;
  cursor c_pwd_cursor is
    select t2.name,
           case trim(t1.password_versions)
             when '10G' then
              t2.password
             else
              nvl(t2.spare4, t2.password)
           end,
           t1.profile,
           t2.astatus
      from sys.dba_users t1, sys.user$ t2
     where t1.user_id = t2.user#
       and t2.astatus in (0, 1, 2, 5, 6, 10);
  invalid_option EXCEPTION;

begin
  -- select to_char(sysdate, 'yyyymmddHH24MI') into v_datetime from dual;
  -- select trim(concat('tb_userpwd_',v_datetime)) into v_tbname from dual;
  select 'create table ' || v_tbname ||
         ' as select name,type#,password,datats#,tempts#,ctime,ptime,exptime,ltime,resource$,astatus,lcount,spare4 from sys.user$ where astatus <> 9'
    into v_sql
    from dual;

  open c_pwd_cursor;
  fetch c_pwd_cursor
    into user_rec;
  if c_pwd_cursor%ROWCOUNT > 0 then
    -- 1. create unlimited temporary profile
    execute immediate v_pf_sql;
      IF SQL%NOTFOUND THEN
        RAISE invalid_option;
      end IF;
    -- 2. backup user$ tables
    execute immediate v_sql;
      IF SQL%NOTFOUND THEN
        RAISE invalid_option;
      end IF;
  end if;
  while c_pwd_cursor%FOUND LOOP
    -- 3. reflash user password
    /*
    dbms_output.put_line('alter user ' || user_rec.v_username ||
                         ' profile temp_profile');
    dbms_output.put_line('alter user ' || user_rec.v_username ||
                         ' identified by values ' || chr(39) ||
                         user_rec.v_user_pwd || chr(39));
    dbms_output.put_line('alter user ' || user_rec.v_username ||
                         ' profile ' || user_rec.v_profile);
    */
    execute immediate 'alter user ' || user_rec.v_username ||
                      ' profile temp_profile';
    execute immediate 'alter user ' || user_rec.v_username ||
                      ' identified by values ' || chr(39) ||
                      user_rec.v_user_pwd || chr(39);
    insert into tb_refpwd_log(id, oper_time, oper_command) values(seq_refpwd.nextval,v_datetime,'alter user ' || user_rec.v_username || ' identified by values ' || chr(39) || user_rec.v_user_pwd || chr(39));
    execute immediate 'alter user ' || user_rec.v_username || ' profile ' ||
                      user_rec.v_profile;
    fetch c_pwd_cursor
      into user_rec;
  end loop;
  -- 4. delete temporary profile
  execute immediate 'drop profile temp_profile cascade';
  insert into tb_refpwd_log(id, oper_time, oper_command) values(seq_refpwd.nextval,v_datetime,'drop profile temp_profile cascade');
  commit;
  close c_pwd_cursor;
  EXCEPTION
    when invalid_option then
      insert into tb_refpwd_log(id, oper_time, oper_command) values(-1, v_datetime, 'invalid opertaion, please check.');
    when others then
      null;
end;
/
复制代码

 

4. 结果确认

复制代码
select count(1) cnt
  from (select t1.name, t1.password, t1.spare4
          from sys.user$ t1
         where t1.type# = 1
        minus
        select t2.name, t2.password, t2.spare4
          from &v_datetime t2
         where t2.type# = 1);

select username, account_status, lock_date, expiry_date, created, profile, password_versions,default_tablespace, temporary_tablespace from dba_users;
复制代码

 

posted @   KuBee  阅读(213)  评论(0编辑  收藏  举报
编辑推荐:
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 理解Rust引用及其生命周期标识(上)
· 浏览器原生「磁吸」效果!Anchor Positioning 锚点定位神器解析
阅读排行:
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布:重大改进与新特性概览!
· AI与.NET技术实操系列(二):开始使用ML.NET
· .NET10 - 预览版1新功能体验(一)
点击右上角即可分享
微信分享提示
AI FOR CODE 大赛

目录导航