Oracle DBA Tips Corner
Return to the Oracle DBA Tips Corner.
|
Oracle DBA Tips Corner
|
|
Changes in Configuring External Procedures in Oracle 9.2.0
by Jeff Hunter, Sr. Database Administrator
Contents
Overview
In version 9.2.0, Oracle decided it was time to tighten up security and make several modifications
to this feature. It wasn't until I tried to run several C routines under 9.2.0 that I came up with
the following error:
This article simply explains some of the changes made in 9.2.0 and what changes you will need
to make to your environment to call external procedures.
For a detailed overview on configuring PL/SQL to call external procedures, take a look at
my article,
"Calling OS Commands from PL/SQL using External Procedures".
Changes in 9.2.0
You can use external procedures in other directories, but you have to add
an environment variable called EXTPROC_DLLS to your listener.ora. This environment
variable will contain the names of the DDLs (delimited by a colon) that you wish
Oracle to have access to.
You will not
need to make any modifications to your tnsnames.ora entry for the
EXTPROC_CONNECTION_DATA entry.
Allow external procedures in ANY directory (Development)
Allow directories in addition to $ORACLE_HOME/lib (Production)
The example below
will allow DDL loads from $ORACLE_HOME/lib or %ORACLE_HOME%\bin
and the DDL /u01/app/oracle/common/extproc/shell.so.
Restrict external procedures to ONLY specific DDLs (Production)
In this configuration, Oracle will only load the DDLs listed. It WILL NOT
load from $ORACLE_HOME/lib
(UNIX) or %ORACLE_HOME%\bin (Windows). The example below
will ONLY be able to load /u01/app/oracle/common/extproc/shell.so.
All articles, scripts and material located at the Internet address of http://www.idevelopment.info is the copyright of Jeffrey M. Hunter
and is protected under copyright laws of the United States. This document may not be hosted on any other site without my express,
prior, written permission. Application to host any of the material elsewhere can be made by contacting me at jhunter@idevelopment.info.
I have made every effort and taken great care in making sure that the material included on my web site is technically accurate,
but I disclaim any and all responsibility for any loss, damage or destruction of data or any other property which may arise from
relying on it. I will in no case be liable for any monetary damages arising from such loss, damage or destruction.
Oracle started support for making external procedure calls from PL/SQL code in Oracle8.
An example would be a PL/SQL program calling one or more C routines that are required to perform
special-purpose processing. This option remained practically unchanged until Oracle9i (9.2.0).
SQL> exec mailx('JeffreyH@comanage.net', 'Testing', 'Testing the extroc configuration');
BEGIN mailx('JeffreyH@comanage.net', 'Testing', 'This is a test from the extproc system'); END;
*
ERROR at line 1:
ORA-28595: Extproc agent : Invalid DLL Path
ORA-06512: at "EXTPROC.MAILX", line 0
ORA-06512: at line 1
I finally broke down and starting reading over the Oracle9i Net Services Administrator's
Guide Release 2 (9.2) and found the answer as to why this was not working.
In short, Oracle changed the default behavior in 9.2.0 to disallow
any external procedure other than those in %ORACLE_HOME%\bin (for Windows)
and $ORACLE_HOME/lib (for UNIX).
In the case of my development machines, I can set the "ANY" option -
meaning my external procedure can be in any DLL in any part of the file system.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = sunbuild1.comanage.net)(PORT = 1521))
)
(PROTOCOL_STACK =
(PRESENTATION = TTC)
(SESSION = NS)
)
)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = sunbuild1.comanage.net)(PORT = 2481))
)
(PROTOCOL_STACK =
(PRESENTATION = GIOP)
(SESSION = RAW)
)
)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(ADDRESS = (PROTOCOL = IPC)(KEY = TSBUILD_SUNBUILD1.COMANAGE.NET))
(ADDRESS = (PROTOCOL = IPC)(KEY = TSBUILD_SUNBUILD1))
(ADDRESS = (PROTOCOL = IPC)(KEY = ORA901_SUNBUILD1.COMANAGE.NET))
(ADDRESS = (PROTOCOL = IPC)(KEY = ORA901_SUNBUILD1))
)
(PROTOCOL_STACK =
(PRESENTATION = TTC)
(SESSION = NS)
)
)
)
CONNECT_TIMEOUT_LISTENER = 10
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /u01/app/oracle/product/9.2.0)
(PROGRAM = extproc)
(ENVS="EXTPROC_DLLS=ANY")
)
(SID_DESC =
(GLOBAL_DBNAME = TSBUILD_SUNBUILD1.COMANAGE.NET)
(SID_NAME = TSBUILD)
(ORACLE_HOME = /u01/app/oracle/product/8.1.7)
)
(SID_DESC =
(GLOBAL_DBNAME = ORA920_SUNBUILD1.COMANAGE.NET)
(SID_NAME = ORA920)
(ORACLE_HOME = /u01/app/oracle/product/9.2.0)
)
)
In a production environment, you may want to allow DDLs to be loaded
not just from $ORACLE_HOME/lib or %ORACLE_HOME%\bin
but also allow specific DDLs in other directories.
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = sunbuild1.comanage.net)(PORT = 1521))
)
(PROTOCOL_STACK =
(PRESENTATION = TTC)
(SESSION = NS)
)
)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = sunbuild1.comanage.net)(PORT = 2481))
)
(PROTOCOL_STACK =
(PRESENTATION = GIOP)
(SESSION = RAW)
)
)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(ADDRESS = (PROTOCOL = IPC)(KEY = TSBUILD_SUNBUILD1.COMANAGE.NET))
(ADDRESS = (PROTOCOL = IPC)(KEY = TSBUILD_SUNBUILD1))
(ADDRESS = (PROTOCOL = IPC)(KEY = ORA901_SUNBUILD1.COMANAGE.NET))
(ADDRESS = (PROTOCOL = IPC)(KEY = ORA901_SUNBUILD1))
)
(PROTOCOL_STACK =
(PRESENTATION = TTC)
(SESSION = NS)
)
)
)
CONNECT_TIMEOUT_LISTENER = 10
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /u01/app/oracle/product/9.2.0)
(PROGRAM = extproc)
(ENVS="EXTPROC_DLLS=/u01/app/oracle/common/extproc/shell.so")
)
(SID_DESC =
(GLOBAL_DBNAME = TSBUILD_SUNBUILD1.COMANAGE.NET)
(SID_NAME = TSBUILD)
(ORACLE_HOME = /u01/app/oracle/product/8.1.7)
)
(SID_DESC =
(GLOBAL_DBNAME = ORA920_SUNBUILD1.COMANAGE.NET)
(SID_NAME = ORA920)
(ORACLE_HOME = /u01/app/oracle/product/9.2.0)
)
)
To achieve a higher level of security in a production environment,
you may want to restrict the DLLs that the extproc agent can load
by listing them explicitly in the listener.ora file with the ONLY
option
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = sunbuild1.comanage.net)(PORT = 1521))
)
(PROTOCOL_STACK =
(PRESENTATION = TTC)
(SESSION = NS)
)
)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = sunbuild1.comanage.net)(PORT = 2481))
)
(PROTOCOL_STACK =
(PRESENTATION = GIOP)
(SESSION = RAW)
)
)
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC))
(ADDRESS = (PROTOCOL = IPC)(KEY = TSBUILD_SUNBUILD1.COMANAGE.NET))
(ADDRESS = (PROTOCOL = IPC)(KEY = TSBUILD_SUNBUILD1))
(ADDRESS = (PROTOCOL = IPC)(KEY = ORA901_SUNBUILD1.COMANAGE.NET))
(ADDRESS = (PROTOCOL = IPC)(KEY = ORA901_SUNBUILD1))
)
(PROTOCOL_STACK =
(PRESENTATION = TTC)
(SESSION = NS)
)
)
)
CONNECT_TIMEOUT_LISTENER = 10
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = /u01/app/oracle/product/9.2.0)
(PROGRAM = extproc)
(ENVS="EXTPROC_DLLS=ONLY:/u01/app/oracle/common/extproc/shell.so")
)
(SID_DESC =
(GLOBAL_DBNAME = TSBUILD_SUNBUILD1.COMANAGE.NET)
(SID_NAME = TSBUILD)
(ORACLE_HOME = /u01/app/oracle/product/8.1.7)
)
(SID_DESC =
(GLOBAL_DBNAME = ORA920_SUNBUILD1.COMANAGE.NET)
(SID_NAME = ORA920)
(ORACLE_HOME = /u01/app/oracle/product/9.2.0)
)
)
Saturday, 01-Nov-2003 00:00:00 EST
Page Count: 22010