DBA Tips Archive for Oracle

  


[an error occurred while processing this directive]

No Title

[an error occurred while processing this directive]

by Michael New, MichaelNew@earthlink.net, Gradation LLC

Contents

Introduction

Oracle started support for making external procedure calls from PL/SQL code in Oracle8. An example would be a PL/SQL program calling one or more C routines that are required to perform special-purpose processing. This option remained practically unchanged until Oracle9i (9.2.0).

In version 9.2.0, Oracle decided it was time to tighten up security and make several modifications to this feature. It wasn't until I tried to run several C routines under 9.2.0 that I came up with the following error:


SQL> exec mailx('jhunter@idevelopment.info', 'Testing', 'Testing the extroc configuration'); BEGIN mailx('jhunter@idevelopment.info', 'Testing', 'This is a test from the extproc system'); END; * ERROR at line 1: ORA-28595: Extproc agent : Invalid DLL Path ORA-06512: at "EXTPROC.MAILX", line 0 ORA-06512: at line 1

I finally broke down and starting reading over the Oracle9i Net Services Administrator's Guide Release 2 (9.2) and found the answer as to why this was not working.

This article simply explains some of the changes made in 9.2.0 and what changes you will need to make to your environment to call external procedures.

For a detailed overview on configuring PL/SQL to call external procedures, take a look at my article, "Calling OS Commands from PL/SQL using External Procedures".

Changes in Oracle 9.2.0

In short, Oracle changed the default behavior in 9.2.0 to disallow any external procedure other than those in %ORACLE_HOME%\bin (for Windows) and $ORACLE_HOME/lib (for UNIX).

You can use external procedures in other directories, but you have to add an environment variable called EXTPROC_DLLS to your listener.ora. This environment variable will contain the names of the DDLs (delimited by a colon) that you wish Oracle to have access to.

You will not need to make any modifications to your tnsnames.ora entry for the EXTPROC_CONNECTION_DATA entry.

Allow External Procedures in ANY Directory (Development)

In the case of my development machines, I can set the "ANY" option - meaning my external procedure can be in any DLL in any part of the file system.


SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) (PROGRAM = extproc) (ENVS="EXTPROC_DLLS=ANY") ) (SID_DESC = (GLOBAL_DBNAME = alexdb.idevelopment.info) (SID_NAME = alexdb) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) ) ) INBOUND_CONNECT_TIMEOUT_LISTENER = 0 LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = alex.idevelopment.info)(PORT = 1521)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0)) ) )

Allow Directories in Addition to $ORACLE_HOME/lib (Production)

In a production environment, you may want to allow DDLs to be loaded not just from $ORACLE_HOME/lib or %ORACLE_HOME%\bin but also allow specific DDLs in other directories.

The example below will allow DDL loads from $ORACLE_HOME/lib or %ORACLE_HOME%\bin and the DDL /u01/app/oracle/dba_scripts/extproc/shell.so.


SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) (PROGRAM = extproc) (ENVS="EXTPROC_DLLS=/u01/app/oracle/dba_scripts/extproc/shell.so") ) (SID_DESC = (GLOBAL_DBNAME = alexdb.idevelopment.info) (SID_NAME = alexdb) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) ) ) INBOUND_CONNECT_TIMEOUT_LISTENER = 0 LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = alex.idevelopment.info)(PORT = 1521)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0)) ) )

Restrict External Procedures to ONLY Specific DDLs (Production)

To achieve a higher level of security in a production environment, you may want to restrict the DLLs that the extproc agent can load by listing them explicitly in the listener.ora file with the ONLY option.

In this configuration, Oracle will only load the DDLs listed. It WILL NOT load from $ORACLE_HOME/lib (UNIX) or %ORACLE_HOME%\bin (Windows). The example below will ONLY be able to load /u01/app/oracle/dba_scripts/extproc/shell.so.


SID_LIST_LISTENER = (SID_LIST = (SID_DESC = (SID_NAME = PLSExtProc) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) (PROGRAM = extproc) (ENVS="EXTPROC_DLLS=ONLY:/u01/app/oracle/dba_scripts/extproc/shell.so") ) (SID_DESC = (GLOBAL_DBNAME = alexdb.idevelopment.info) (SID_NAME = alexdb) (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1) ) ) INBOUND_CONNECT_TIMEOUT_LISTENER = 0 LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = alex.idevelopment.info)(PORT = 1521)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC0)) ) )

About the Author

Jeffrey Hunter is an Oracle Certified Professional, Java Development Certified Professional, Author, and an Oracle ACE. Jeff currently works as a Senior Database Administrator for The DBA Zone, Inc. located in Pittsburgh, Pennsylvania. His work includes advanced performance tuning, Java and PL/SQL programming, developing high availability solutions, capacity planning, database security, and physical / logical database design in a UNIX / Linux server environment. Jeff's other interests include mathematical encryption theory, tutoring advanced mathematics, programming language processors (compilers and interpreters) in Java and C, LDAP, writing web-based database administration tools, and of course Linux. He has been a Sr. Database Administrator and Software Engineer for over 20 years and maintains his own website site at: http://www.iDevelopment.info. Jeff graduated from Stanislaus State University in Turlock, California, with a Bachelor's degree in Computer Science and Mathematics.



Copyright (c) 1998-2017 Jeffrey M. Hunter. All rights reserved.

All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express, prior, written permission. Application to host any of the material elsewhere can be made by contacting me at jhunter@idevelopment.info.

I have made every effort and taken great care in making sure that the material included on my web site is technically accurate, but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.

Last modified on
Sunday, 18-Mar-2012 22:29:32 EDT
Page Count: 41641