File: check_demo.sql

package info (click to toggle)
virtuoso-opensource 6.1.4%2Bdfsg1-7
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 245,116 kB
  • sloc: ansic: 639,631; sql: 439,225; xml: 287,085; java: 61,048; sh: 38,723; cpp: 36,889; cs: 25,240; php: 12,562; yacc: 9,036; lex: 7,149; makefile: 6,093; jsp: 4,447; awk: 1,643; perl: 1,017; ruby: 1,003; python: 329
file content (89 lines) | stat: -rw-r--r-- 4,604 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
--  
--  $Id: check_demo.sql,v 1.4 2007/11/19 13:33:36 source Exp $
--  
--  This file is part of the OpenLink Software Virtuoso Open-Source (VOS)
--  project.
--  
--  Copyright (C) 1998-2006 OpenLink Software
--  
--  This project is free software; you can redistribute it and/or modify it
--  under the terms of the GNU General Public License as published by the
--  Free Software Foundation; only version 2 of the License, dated June 1991.
--  
--  This program is distributed in the hope that it will be useful, but
--  WITHOUT ANY WARRANTY; without even the implied warranty of
--  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
--  General Public License for more details.
--  
--  You should have received a copy of the GNU General Public License along
--  with this program; if not, write to the Free Software Foundation, Inc.,
--  51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
--  
--  
ECHO BOTH "STARTED: Checking security objects on Demo DB\n";

SET ARGV[0] 0;
SET ARGV[1] 0;

select count(*) from SYS_USERS where U_ACCOUNT_DISABLED = 0 and U_IS_ROLE = 0 and U_NAME not in ('dba', 'dav', 'demo', 'nobody', 'tutorial_demo');
ECHO BOTH $IF $EQU $LAST[1] 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $LAST[1] " Users enabled different than dba,dav,demo.\n";

select G_OBJECT, U_NAME from SYS_GRANTS, SYS_USERS where G_USER = U_ID and U_NAME = 'demo';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
ECHO BOTH ": " $ROWCNT " grants to demo.\n";

select res_name from WS.WS.SYS_DAV_RES where RES_OWNER <> http_dav_uid () and (RES_PERMS like '__1%' or RES_PERMS like '_____1%' or RES_PERMS like '________1%');
select G_OBJECT, U_NAME from SYS_GRANTS, SYS_USERS where G_USER = U_ID and U_NAME = 'demo';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with executable permissions and owner <> dav.\n";

select res_name from WS.WS.SYS_DAV_RES where RES_OWNER = http_dav_uid () and (RES_PERMS like '____1%' or RES_PERMS like '_______1%');
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources owner is dav and writable to public or group.\n";

select res_name, res_group from WS.WS.SYS_DAV_RES where RES_GROUP is not null and res_group <> http_dav_uid () + 1;
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with group different than administrators.\n";

select res_full_path, res_group from WS.WS.SYS_DAV_RES where RES_GROUP is not null and not exists (select 1 from SYS_USERS where U_ID = RES_GROUP);
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with non-matching group id.\n";

select res_full_path, res_group from WS.WS.SYS_DAV_RES where RES_OWNER is null or not exists (select 1 from SYS_USERS where U_ID = RES_OWNER);
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " resources with non-matching user id.\n";

-- tutorial_demo user from setup_tutorial.sql
select WS.WS.COL_PATH(COL_ID), COL_OWNER from WS.WS.SYS_DAV_COL where COL_OWNER <> http_dav_uid ()
    and COL_OWNER <> coalesce ((select U_ID from SYS_USERS where U_NAME = 'tutorial_demo'), http_dav_uid ())
    and COL_OWNER <> coalesce ((select U_ID from SYS_USERS where U_NAME = 'demo'), http_dav_uid ())
    and COL_OWNER <> 0;
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections belonging to non dav user.\n";

select WS.WS.COL_PATH(COL_ID) from WS.WS.SYS_DAV_COL where COL_GROUP <> http_dav_uid () + 1 and COL_GROUP <> 0;
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections belonging to non administrators group.\n";

select WS.WS.COL_PATH(COL_ID) from WS.WS.SYS_DAV_COL where COL_PERMS like '____1%' or COL_PERMS like '_______1%';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections writable to public or group.\n";

select WS.WS.COL_PATH(COL_ID) from WS.WS.SYS_DAV_COL where COL_PERMS like '_____1%' or COL_PERMS like '________1%';
ECHO BOTH $IF $EQU $ROWCNT 0 "PASSED" "***FAILED";
SET ARGV[$LIF] $+ $ARGV[$LIF] 1;
ECHO BOTH ": " $ROWCNT " collections with execute bit on.\n";

$IF $GTE $ARGV[0] 1 "raw_exit ()" "";

ECHO BOTH "COMPLETED WITH " $ARGV[0] " FAILED, " $ARGV[1] " PASSED: Checking security objects on Demo DB\n";