聲明：

僅用于測試環境方便調試，不可能應用于生產環境；故請勿加入到程序源代碼來實現自動殺進程。

只需一個參數，就能kill用戶自己的會話，請小心操作，以免誤kill進程。

使用方法：

新開一個session后，執行

EXEC?SYS.P_KILL_USER_SESSION(要殺的會話的sid)；

就能實現sys用戶才能操作的alter?system?kill?session(sid,serial#);

例子：04:14:46?sql1>exec?sys.p_kill_user_session(2525);

目的：

一般用戶在不具備執行alter?system權限的前提下，對于自己的所有session，能達到alter?system?kill?session功能。

原理：

普通用戶先根據(自己的)username和要kill的session的sid查找到這個session的(sid,serial#)；再把這兩個變量傳到另一個存儲過程P_KILL_SESSION,該存儲過程中sys用戶會親自執行alter?system?kill?session?(sid,serial#);從而殺掉session。

背景知識：

sid是唯一的，不會重復；假設登錄了A用戶，意圖要kill?user?A的會話，結果輸入了user?B的sid，則在查找(sid,serial#)時，因為限制了username=A?and?sid=輸入的sid，則會返回0條記錄。從而限制了只能kill當前操作用戶的session。

實施步驟：

1.sys用戶先建立procedure

存儲過程P_KILL_SESSION

CREATE?OR?REPLACE?PROCEDURE?P_KILL_SESSION(P_USER?IN?VARCHAR2,

P_SID??IN?VARCHAR2)?AS

V_SQL?VARCHAR2(32767);

BEGIN

SELECT?'ALTER?SYSTEM?KILL?SESSION?'''?||?SID?||?','?||?SERIAL#?||?''''

INTO?V_SQL

FROM?V$SESSION

WHERE?USERNAME?=?P_USER

AND?SID?=?P_SID;

EXECUTE?IMMEDIATE?V_SQL;

EXCEPTION

WHEN?NO_DATA_FOUND?THEN

RAISE_APPLICATION_ERROR(-20001,

'SID：'?||?P_SID?||

'?DOES?NOT?EXISTS,?OR?THE?SESSION?USER?IS?NOT?'?||

P_USER);

END;

存儲過程P_KILL_USER_SESSION

CREATE?OR?REPLACE?PROCEDURE?P_KILL_USER_SESSION(P_SID?IN?NUMBER)?AUTHID?CURRENT_USER?AS

V_USERNAME?VARCHAR2(30);

V_SID??????NUMBER;

BEGIN

SELECT?SYS_CONTEXT('USERENV',?'SESSION_USER'),

SYS_CONTEXT('USERENV',?'SID')

INTO?V_USERNAME,?V_SID

FROM?DUAL;

IF?P_SID?!=?V_SID?THEN

P_KILL_SESSION(V_USERNAME,?P_SID);

ELSE

RAISE_APPLICATION_ERROR(-20000,?'CAN?NOT?KILL?CURRENT?SESSION!');

END?IF;

END;

2.sys再grant執行存儲過程的權限給用戶

GRANT?EXECUTE?ON?P_KILL_USER_SESSION?TO??JF_ISU;

3.獲得授權的用戶根據會話的sid就可以殺自己的任何session了；

exec?sys.p_kill_user_session(sid)；

驗證

在服務器srcbdc建立3個會話；2個JF_ISU用戶sql1=(3012，751)，sql2=(1070,469)1個system用戶(其它用戶)

會話1

04:14:22?192.168.210.65:1521/SRCBFIN@JF_ISU>?set?sqlp?'sql1>'

04:14:30?sql1>col?sys_context('userenv','session_user')?for?a50;

04:14:46?sql1>col?sys_context('userenv','sid')?for?a50;

04:14:46?sql1>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;

SYS_CONTEXT('USERENV','SESSION_USER')??????????????SYS_CONTEXT('USERENV','SID')

--------------------------------------------------?--------------------------------------------------

JF_ISU?????????????????????????????????????????????3012

會話2

04:14:52?192.168.210.65:1521/SRCBFIN@JF_ISU>?set?sqlp?'sql2>'

04:14:59?sql2>col?sys_context('userenv','session_user')?for?a50;

04:15:01?sql2>col?sys_context('userenv','sid')?for?a50;

04:15:01?sql2>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;

SYS_CONTEXT('USERENV','SESSION_USER')??????????????SYS_CONTEXT('USERENV','SID')

--------------------------------------------------?--------------------------------------------------

JF_ISU?????????????????????????????????????????????1070

會話3

04:15:05?192.168.210.65:1521/SRCBFIN@SYSTEM>?set?sqlp?'system3>';

04:15:23?system3>col?sys_context('userenv','session_user')?for?a50;

04:15:30?system3>col?sys_context('userenv','sid')?for?a50;

04:15:30?system3>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;

SYS_CONTEXT('USERENV','SESSION_USER')??????????????SYS_CONTEXT('USERENV','SID')

--------------------------------------------------?--------------------------------------------------

SYSTEM?????????????????????????????????????????????2525

04:15:30?system3>

04:15:32?system3>select?sid,serial#,username,type,program,machine?from?v$session?where?machine?like?'%srcbdc%';

SID????SERIAL#?USERNAME???????????????????????TYPE???????PROGRAM??????????????????????????????????????????MACHINE

----------?----------?------------------------------?----------?------------------------------------------------?--------

1070????????469?JF_ISU?????????????????????????USER???????sqlplus@srcbdc?(TNS?V1-V3)???????????????????????srcbdc

2525????????511?SYSTEM?????????????????????????USER???????sqlplus@srcbdc?(TNS?V1-V3)???????????????????????srcbdc

3012????????751?JF_ISU?????????????????????????USER???????sqlplus@srcbdc?(TNS?V1-V3)???????????????????????srcbdc

安全限制測試：

u?JF_ISU不能kill其它用戶的會話；(JF_ISU無法kill?system用戶的)

04:14:46?sql1>exec?sys.p_kill_user_session(2525);

BEGIN?sys.p_kill_user_session(2525);?END;

*

ERROR?at?line?1:

ORA-20001:?SID??2525?DOES?NOT?EXISTS,?OR?THE?SESSION?USER?IS?NOT?JF_ISU

ORA-06512:?at?"SYS.P_KILL_SESSION",?line?12

ORA-06512:?at?"SYS.P_KILL_USER_SESSION",?line?10

ORA-06512:?at?line?1

u?JF_ISU不能kill當前session；

04:16:29?sql1>exec?sys.p_kill_user_session(3012);

BEGIN?sys.p_kill_user_session(3012);?END;

*

ERROR?at?line?1:

ORA-20000:?CAN?NOT?KILL?CURRENT?SESSION!

ORA-06512:?at?"SYS.P_KILL_USER_SESSION",?line?12

ORA-06512:?at?line?1

u?未獲得存儲過程執行權限的用戶不能調用該存儲過程。

04:15:41?system3>exec?sys.p_kill_user_session(3012);

BEGIN?sys.p_kill_user_session(3012);?END;

*

ERROR?at?line?1:

ORA-06550:?line?1,?column?7:

PLS-00201:?identifier?'SYS.P_KILL_USER_SESSION'?must?be?declared

ORA-06550:?line?1,?column?7:

PL/SQL:?Statement?ignored

基本測試：

JF_ISU能kill除當前session之外的自己的所有會話(且該用戶不具備alter?system權限)；

04:16:38?sql1>exec?sys.p_kill_user_session(1070);

PL/SQL?procedure?successfully?completed.

04:17:16?sql1>

04:17:18?sql1>select?*?from?session_privs;?(實際上只需要有create?session并獲得exec?on?procedure?p_kill_user_session即可完成)

PRIVILEGE

----------------------------------------

CREATE?SESSION

UNLIMITED?TABLESPACE

CREATE?TABLE

SELECT?ANY?TABLE

CREATE?CLUSTER

CREATE?SYNONYM

CREATE?VIEW

CREATE?SEQUENCE

SELECT?ANY?SEQUENCE

CREATE?DATABASE?LINK

CREATE?PROCEDURE

CREATE?TRIGGER

CREATE?TYPE

CREATE?OPERATOR

CREATE?INDEXTYPE

SELECT?ANY?DICTIONARY

DEBUG?CONNECT?SESSION

DEBUG?ANY?PROCEDURE

18?rows?selected.

04:17:44?sql1>

04:15:01?sql2>select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual;

select?sys_context('userenv','session_user')?,sys_context('userenv','sid')?from?dual

*

ERROR?at?line?1:

ORA-00028:?your?session?has?been?killed

附錄：

查看當前session信息，要對視圖v$session有select權限才能獲得serial#,

col?username?for?A10;

sql1>select?sid,serial#,username?from?v$session?where?sid=(select?sys_context('userenv','sid')?from?dual);

SID????SERIAL#?USERNAME

----------?----------?----------

1457??????????3?JF_ISU

04:43:18?sql1>select?*?from?user_role_privs;

USERNAME???????????????????????GRANTED_ROLE???????????????????ADM?DEF?OS_

------------------------------?------------------------------?---?---?---

JF_ISU?????????????????????????CONNECT????????????????????????NO??YES?NO

JF_ISU?????????????????????????RESOURCE???????????????????????NO??YES?NO

04:43:24?sql1>

04:43:25?sql1>select?*?from?role_sys_privs;

ROLE???????????????????????????PRIVILEGE????????????????????????????????ADM

------------------------------?----------------------------------------?---

CONNECT????????????????????????CREATE?SESSION???????????????????????????NO

RESOURCE???????????????????????CREATE?CLUSTER???????????????????????????NO

RESOURCE???????????????????????CREATE?SEQUENCE??????????????????????????NO

RESOURCE???????????????????????CREATE?TRIGGER???????????????????????????NO

RESOURCE???????????????????????CREATE?TABLE?????????????????????????????NO

RESOURCE???????????????????????CREATE?PROCEDURE?????????????????????????NO

RESOURCE???????????????????????CREATE?TYPE??????????????????????????????NO

RESOURCE???????????????????????CREATE?OPERATOR??????????????????????????NO

RESOURCE???????????????????????CREATE?INDEXTYPE?????????????????????????NO

9?rows?selected.

04:43:34?sql1>

04:43:35?sql1>select?*?from?user_sys_privs;

USERNAME???????????????????????PRIVILEGE????????????????????????????????ADM

------------------------------?----------------------------------------?---

JF_ISU?????????????????????????SELECT?ANY?DICTIONARY????????????????????NO

JF_ISU?????????????????????????CREATE?SEQUENCE??????????????????????????NO

JF_ISU?????????????????????????DEBUG?CONNECT?SESSION????????????????????NO

JF_ISU?????????????????????????CREATE?TYPE??????????????????????????????NO

JF_ISU?????????????????????????CREATE?VIEW??????????????????????????????NO

JF_ISU?????????????????????????SELECT?ANY?TABLE?????????????????????????NO

JF_ISU?????????????????????????CREATE?DATABASE?LINK?????????????????????NO

JF_ISU?????????????????????????CREATE?TABLE?????????????????????????????NO

JF_ISU?????????????????????????UNLIMITED?TABLESPACE?????????????????????NO

JF_ISU?????????????????????????CREATE?TRIGGER???????????????????????????NO

JF_ISU?????????????????????????CREATE?SYNONYM???????????????????????????NO

JF_ISU?????????????????????????DEBUG?ANY?PROCEDURE??????????????????????NO

JF_ISU?????????????????????????SELECT?ANY?SEQUENCE??????????????????????NO

13?rows?selected.

04:43:43?sql1>

創作挑戰賽新人創作獎勵來咯，堅持創作打卡瓜分現金大獎

總結

以上是生活随笔為你收集整理的Oracle 每个session的限制,限制oracle普通用户能且只能kill自己的会话的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。