Oracle rdbms Brush password

Restore database user history account password

1. 用户状态

select * from user_astatus_map;

select * from user_astatus_map;
   STATUS# STATUS
---------- --------------------------------
     0     OPEN
     1     EXPIRED
     2     EXPIRED(GRACE)
     4     LOCKED(TIMED)
     8     LOCKED
     5     EXPIRED & LOCKED(TIMED)
     6     EXPIRED(GRACE) & LOCKED(TIMED)
     9     EXPIRED & LOCKED
    10     EXPIRED(GRACE) & LOCKED

 

2.  password_versions

2.1)在oracle 10g, 密码记录在sys.user$.PASSWORD列,其长度为16字符,且不区分大小写;

2.2)在oracle 11g版本后,其复杂度得到了加强,将密码同时写入到sys.user$.spare4列,并且sys.user$.spare4对大小敏感。

2.3)dba_users.password_versions的优先级大于sec_case_sensitive_logon参数,11g默认为true。

 

3. 下面通过语句进行刷密码操作

3.1)创建序列

CREATE SEQUENCE seq_refpwd increment by 1 start with 1 nomaxvalue nocycle nocache;

3.2)创建操作记录表

create table tb_refpwd_log(
  id number not null,                        -- 引用seq_refpwd.nextval
  oper_time date,                            -- 记录操作时间
  oper_command varchar2(1000)                -- 记录操作命令内容
);

3.3)执行语句

declare
  v_datetime varchar2(12) := to_char(sysdate, 'yyyymmddHH24MI');
  v_tbname   varchar2(32) := trim(concat('tb_userpwd_', v_datetime)); -- 备份表名称
  v_pf_sql   varchar2(1000) := 'create profile temp_profile limit PASSWORD_REUSE_MAX UNLIMITED PASSWORD_REUSE_TIME UNLIMITED'; -- 构造创建profile语句
  v_sql      varchar2(1000);
  TYPE RECORD_TYPE_USERS IS RECORD(
    v_username sys.user$.name%TYPE,
    v_user_pwd VARCHAR2(1000),
    v_profile  VARCHAR2(30),
    v_status   sys.user$.ASTATUS%TYPE);
  user_rec RECORD_TYPE_USERS;
  cursor c_pwd_cursor is
    select t2.name,
           case trim(t1.password_versions)
             when '10G' then
              t2.password
             else
              nvl(t2.spare4, t2.password)
           end,
           t1.profile,
           t2.astatus
      from sys.dba_users t1, sys.user$ t2
     where t1.user_id = t2.user#
       and t2.astatus in (0, 1, 2, 5, 6, 10);
  invalid_option EXCEPTION;

begin
  -- select to_char(sysdate, 'yyyymmddHH24MI') into v_datetime from dual;
  -- select trim(concat('tb_userpwd_',v_datetime)) into v_tbname from dual;
  select 'create table ' || v_tbname ||
         ' as select name,type#,password,datats#,tempts#,ctime,ptime,exptime,ltime,resource$,astatus,lcount,spare4 from sys.user$ where astatus <> 9'
    into v_sql
    from dual;

  open c_pwd_cursor;
  fetch c_pwd_cursor
    into user_rec;
  if c_pwd_cursor%ROWCOUNT > 0 then
    -- 1. create unlimited temporary profile
    execute immediate v_pf_sql;
      IF SQL%NOTFOUND THEN
        RAISE invalid_option;
      end IF;
    -- 2. backup user$ tables
    execute immediate v_sql;
      IF SQL%NOTFOUND THEN
        RAISE invalid_option;
      end IF;
  end if;
  while c_pwd_cursor%FOUND LOOP
    -- 3. reflash user password
    /*
    dbms_output.put_line('alter user ' || user_rec.v_username ||
                         ' profile temp_profile');
    dbms_output.put_line('alter user ' || user_rec.v_username ||
                         ' identified by values ' || chr(39) ||
                         user_rec.v_user_pwd || chr(39));
    dbms_output.put_line('alter user ' || user_rec.v_username ||
                         ' profile ' || user_rec.v_profile);
    */
    execute immediate 'alter user ' || user_rec.v_username ||
                      ' profile temp_profile';
    execute immediate 'alter user ' || user_rec.v_username ||
                      ' identified by values ' || chr(39) ||
                      user_rec.v_user_pwd || chr(39);
    insert into tb_refpwd_log(id, oper_time, oper_command) values(seq_refpwd.nextval,v_datetime,'alter user ' || user_rec.v_username || ' identified by values ' || chr(39) || user_rec.v_user_pwd || chr(39));
    execute immediate 'alter user ' || user_rec.v_username || ' profile ' ||
                      user_rec.v_profile;
    fetch c_pwd_cursor
      into user_rec;
  end loop;
  -- 4. delete temporary profile
  execute immediate 'drop profile temp_profile cascade';
  insert into tb_refpwd_log(id, oper_time, oper_command) values(seq_refpwd.nextval,v_datetime,'drop profile temp_profile cascade');
  commit;
  close c_pwd_cursor;
  EXCEPTION
    when invalid_option then
      insert into tb_refpwd_log(id, oper_time, oper_command) values(-1, v_datetime, 'invalid opertaion, please check.');
    when others then
      null;
end;
/

 

4. 结果确认

select count(1) cnt
  from (select t1.name, t1.password, t1.spare4
          from sys.user$ t1
         where t1.type# = 1
        minus
        select t2.name, t2.password, t2.spare4
          from &v_datetime t2
         where t2.type# = 1);

select username, account_status, lock_date, expiry_date, created, profile, password_versions,default_tablespace, temporary_tablespace from dba_users;

 

posted @ 2018-09-11 23:06  KuBee  阅读(213)  评论(0编辑  收藏  举报