开发者

How Can I Script Oracle Wallet Changes?

I use the Oracle wallet to store passwords for the databases I connect to. Our password policy requires us to change our passwords frequently enough that I would like to script the changes. I have a batch file that can change the database passwords themselves, but I would like to script the changes to the wallet as well. The problem is that a wallet password must be entered after calling mkstore and the password can't be passed as a parameter. Is there a way to script credential change开发者_开发知识库s in the wallet?


Get the passwd for the store thru echo, so you can script it.

echo "$passwd" |

echo "WalletPasswd" | mkstore -wrl . -listCredential

This will list the output,likewise commands for all mkstore, orapki will work


Here is a Powershell script I came up with. Requirements:

  1. PowerShell is installed.
  2. Scripting is enabled (Set-ExecutionPolicy RemoteSigned run as administrator).
  3. The script is in c:\oracle\WalletCreator.
  4. Wasp.dll from Windows Automation Snapin for PowerShell is located in the script folder.

The wallet will be created in c:\oracle\Wallets. Here is the script.

Import-Module c:\oracle\WalletCreator\WASP.dll

$WalletCreated = 0

cls
Write-Host "                                                           " -foregroundcolor White -backgroundcolor DarkRed
Write-Host "   Warning: This script will delete your current wallet.   " -foregroundcolor White -backgroundcolor DarkRed
Write-Host "                                                           " -foregroundcolor White -backgroundcolor DarkRed

do {
    #Get credentials
    Write-Host " " 
    Write-Host " New Wallet Entry                                          " -foregroundcolor White -backgroundcolor DarkGreen
    Write-Host "    To exit press return without entering anything.        " -foregroundcolor White -backgroundcolor DarkGreen
    $DB = Read-Host "Connection Name"
    if ($DB -eq "") {
       Return
    }
    $Username = Read-Host "       Username"
    if ($Username -eq "") {
       Return
    }
    $Password = Read-Host -AsSecureString "       Password" 

    #Convert from SecureString to String.
    $BasicString = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($Password)
    $Password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BasicString)
    if ($Password -eq "") {
       Return
    }

    if ($WalletCreated -eq 0) {
        #Create folder in case it doesn't exist.
        md c:\oracle\Wallets -Force | Out-Null

        #Delete any wallet in the folder now.
        del c:\oracle\Wallets\*.* | Out-Null

        #Get GUID for wallet password.
        $WalletPassword = [guid]::NewGuid().toString()
        $WalletPassword = $WalletPassword + "`r"

        #Create Wallet.
        Start-Process -FilePath mkstore -ArgumentList "-wrl c:\oracle\Wallets\ -create"
        Start-Sleep -Milliseconds 500
        Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
        Start-Sleep -Milliseconds 300
        Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword

        $WalletCreated = 1
        Start-Sleep -Milliseconds 1000
    }

    #Create Credential.
    $CC = "-wrl c:\oracle\Wallets\ -createCredential " + $DB + " " 
    $CC = $CC + $Username + " " + $Password
    Start-Process -FilePath mkstore -ArgumentList $CC
    Start-Sleep -Milliseconds 300
    Select-Window -ProcessName cmd | Select -First 1 | Send-Keys -keys $WalletPassword
    Start-Sleep -Milliseconds 1000
} 
until ($DB -eq "")


With 11g at least:

orapki wallet change_pwd -wallet {wallet directory}  \
              -oldpwd {old password}   -newpwd  {new password}

I have not tested whether the passwords get obfuscated in the process line visible from a ps -fe|grep.


AutoHotKey Solution:

; CreateWallet.ahk

#NoEnv
SetWorkingDir %A_ScriptDir%
CoordMode, Mouse, Window
SendMode Input
#SingleInstance Force
SetTitleMatchMode 2
#WinActivateForce
SetControlDelay 1
SetWinDelay 0
SetKeyDelay -1
SetMouseDelay -1
SetBatchLines -1


Macro1:
Random, WalletPassword, 10000000000, 9999999999999999999999999
WalletPassword := WalletPassword "ExtraCharacters"
InputBox, Username, Username, Please enter your database username, , , , , , , , lriffel
InputBox, DatabasePassword, Database Password, Please enter the database password., HIDE
Run, c:\windows\system32\cmd.exe, c:\
Sleep, 500
Send, md c{:}\oracle\Wallet{enter}
Sleep, 200
Send, cd c{:}\oracle\Wallet{enter}
Sleep, 200
Send, del -s c{:}\oracle\Wallet\*.*{enter}
Sleep, 200
Send, Y{enter}
Sleep, 200
Send, mkstore -wrl c:\oracle\Wallet\ -create{enter}
Sleep, 200
Send, %WalletPassword%{enter}
Sleep, 200
Send, %WalletPassword%{enter}
Sleep, 200
Loop, Read, F:\Programs\CreateWallet\dbs.txt
{
    WinHide, ahk_class ConsoleWindowClass
    Sleep, 333
    Send, mkstore -wrl c:\oracle\Wallet\ -createCredential %A_LoopReadLine% %Username% %DatabasePassword%{enter}
    Send, %WalletPassword%{enter}
    Sleep, 200
    Send, cls{enter}
    Sleep, 200
    WinShow, ahk_class ConsoleWindowClass
    Sleep, 550
}
Send, exit{enter}
MsgBox, 64, Wallet Created, Wallet Created
Return

; This script was created using Pulover's Macro Creator
; www.macrocreator.com


Windows piping from a file works. I put the wallet password on 2 separate lines so it works for creating the wallet as well as -createCredential:

set PW=\MySecureFolder\MyWalletPasswordOn2Lines.txt
mkstore -wrl . -create < %PW%

The script could, of course, prompt and create the file initially, and delete the file when done. Put it in an admin-only folder, in case the script terminates abnormally.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜