diff options
-rw-r--r-- | NEWS | 9 | ||||
-rw-r--r-- | doc/anubis.texi | 99 | ||||
-rw-r--r-- | src/mysql.c | 23 | ||||
-rw-r--r-- | src/usr.opt | 7 |
4 files changed, 117 insertions, 21 deletions
@@ -1,7 +1,7 @@ -GNU Anubis NEWS -- history of user-visible changes. 2014-05-16 +GNU Anubis NEWS -- history of user-visible changes. 2014-05-18 Copyright (C) 2001-2014 The Anubis Team. See the end of file for copying conditions. Please send your bug reports to <bug-anubis@gnu.org>. @@ -68,12 +68,19 @@ END * Guile output By default Scheme's standard error and output ports are redirected to syslog, using priorities `err' and `warning' correspondingly. +* MySQL options file + +When using MySQL for Anubis user database, the database parameters and +access credentials are read from the file /etc/my.cnf, section +"anubis". Additionally, two URL parameters are provided: +"options-file", which sets the name of the options file, and +"options-group", which sets the name of the group. * Version 4.1.1, 2008-12-20 ** Automatic correction of MAIL and RCPT SMTP commands. diff --git a/doc/anubis.texi b/doc/anubis.texi index 2167225..eec5cfc 100644 --- a/doc/anubis.texi +++ b/doc/anubis.texi @@ -606,51 +606,81 @@ The database name is specified by the @var{dbname} element. Any further details needed for connecting to the database are given by @acronym{URL} parameters. All of them have reasonable default values, so you'll have to specify only those parameters that differ from the default. The following parameters are defined: -@table @var -@item @var{port}=@var{number} +@table @option +@item port=@var{number} Specifies port number the database server is listening on. -If it is not given, the behavior depends on the value of -@var{socket} parameter (see below). If @var{socket} is not present, the +If it is not given, the behavior depends on the value of the +@option{socket} parameter (see below). If @option{socket} is not present, the program will use the default port number for the given protocol (i.e. 3306 for @samp{mysql} and 5432 for @samp{pgsql}. -@item @var{socket}=@var{string} +@item socket=@var{string} Specifies the UNIX file name of the socket to connect to. This -parameter cannot be used together with @var{port} (see above). +parameter cannot be used together with @option{port} (see above). -@item @var{bufsize}=@var{number} +@item bufsize=@var{number} Sets length of the buffer for storing SQL queries. Default is 1024 bytes. -@item @var{table}=@var{string} +@item table=@var{string} Specifies name of the database table with the authentication data. Default is @samp{users}. -@item @var{authid}=@var{string} -Specifies the name of a column in @var{table} which holds +@item authid=@var{string} +Specifies the name of a column in @option{table} which holds @samp{AUTHID} value. Default is @samp{authid}. -@item @var{passwd}=@var{string} -Specifies the name of a column in @var{table} which holds +@item passwd=@var{string} +Specifies the name of a column in @option{table} which holds the user password. Default is @samp{passwd}. -@item @var{account}=@var{string} -Specifies the name of a column in @var{table} which holds +@item account=@var{string} +Specifies the name of a column in @option{table} which holds the name of system account to be used for this @samp{AUTHID}. Default is @samp{account}. -@item @var{rcfile}=@var{string} -Specifies the name of a column in @var{table} which holds +@item rcfile=@var{string} +Specifies the name of a column in @option{table} which holds the path to the user's configuration file. Default is @samp{rcfile}. @FIXME{An example, please.} +@end table + +@cindex options file, MySQL +@findex my.cnf +@findex /etc/my.cnf +When using a MySQL database (@samp{mysql://}), database parameters and +access credentials are first read from the file @file{/etc/my.cnf}, if +it exists. This file called @dfn{option file} in @samp{MySQL} parlance +@ifhtml +(see @uref{http://dev.mysql.com/doc/refman/5.0/en/option-files.html, +option files}). +@end ifhtml +@ifnothtml +(@pxref{option-files, Using Option Files,,mysql,MySQL Manual}) +@end ifnothtml +is organized in groups, each group beginning with the group name in +square brackets on a separate line. Within a group, each non-empty +line consists of a MySQL option name, optionally followed by an equal +sign and the value. By default, the values from the @samp{anubis} +group are read. + +Two additional parameters are provided to fine-tune this behavior: +@table @option +@item options-file=@var{file} +Read options from @var{file} instead of @file{/etc/my.cnf}. An +empty value (@samp{options-file=}), disables using the options file. + +@item options-group=@var{name} +Set the name of the group in the MySQL configuration file, from +which to read configuration options. @end table @node Managing the Database @section Managing the Database Managing the user database is a complex task, which looks differently @@ -950,17 +980,52 @@ found, it will prompt you to supply them. @table @option @item -m @var{mech} @itemx --mechanism @var{mech} Use the SASL mechanism @var{mech}. Give this option several times to set a list of allowed mechanisms. +@item --file=@var{file} +@itemx -f @var{file} +Sets the user configuration file name (default is @file{.anubisrc}). + +@item --netrc+@var{file} +@itemx -n @var{file} +Sets the name of the automatic login configuration file (default is +@file{.netrc}). + @item -v @itemx --verbose Verbose output. Multiple options increase verbosity. Maximum verbosity level is 3. +@end table + +Options controlling encryption: + +@table @option +@item --disable-tls +@itemx -d +Disable the use of TLS encryption. + +@item --tls-cafile=@var{file} +@itemx -C @var{file} +Sets the name of certificate authority file to use when verifying the +server certificate. +@item --tls-priorities=@var{list} +Sets cipher suite preferences to use. The @var{list} argument may +contain a single initial keyword or be a colon-separated list of TLS +keywords. The description of TLS keywords is well beyond the scope of +this document. Please refer to @ref{Priority Strings,Priority +Strings,,gnutls,GnuTLS Manual}, for a detailed discussion. + +Default priority list is @samp{NORMAL}. +@end table + +Informational options: + +@table @option @item --version Display program version number and exit. @item --help Display short usage summary and exit. @end table @@ -1576,12 +1641,14 @@ this option does not require setting the @samp{ssl-key} and @deffn Option ssl-priorities @var{list} Sets cipher suite preferences to use. The @var{list} argument may contain a single initial keyword or be a colon-separated list of TLS keywords. The description of TLS keywords is well beyond the scope of this document. Please refer to @ref{Priority Strings,Priority Strings,,gnutls,GnuTLS Manual}, for a detailed discussion. + +Default priority list is @samp{NORMAL}. @end deffn @deffn Option ssl-cert @var{file-name} Specify the certificate for the @acronym{TLS/SSL} encryption. Default for @var{file-name} is @file{anubis.pem}. diff --git a/src/mysql.c b/src/mysql.c index 676618a..81ea62c 100644 --- a/src/mysql.c +++ b/src/mysql.c @@ -120,14 +120,14 @@ mysql_db_open (void **dp, ANUBIS_URL * url, enum anubis_db_mode mode, struct anubis_sql_db *amp = NULL; const char *table = anubis_url_get_arg (url, "table"); const char *authid = anubis_url_get_arg (url, "authid"); const char *passwd = anubis_url_get_arg (url, "passwd"); const char *user = anubis_url_get_arg (url, "account"); const char *rcfile = anubis_url_get_arg (url, "rcfile"); - const char *portstr = anubis_url_get_arg (url, "port"); - const char *s = anubis_url_get_arg (url, "bufsize"); + const char *s; + char *optfile; int port = 0; size_t bufsize = 1024; struct mysql_db_data *mdata; /* Provide reasonable defaults */ if (!table) @@ -138,27 +138,29 @@ mysql_db_open (void **dp, ANUBIS_URL * url, enum anubis_db_mode mode, passwd = "passwd"; if (!user) user = "account"; if (!rcfile) rcfile = "rcfile"; + s = anubis_url_get_arg (url, "bufsize"); if (s) { char *p; bufsize = strtoul (s, &p, 10); if (*p) { *errp = sql_open_error_text (ERR_BADBUFSIZE); return ANUBIS_DB_FAIL; } } - if (portstr) + s = anubis_url_get_arg (url, "port"); + if (s) { char *p; - port = strtoul (portstr, &p, 10); + port = strtoul (s, &p, 10); if (*p) { *errp = sql_open_error_text (ERR_BADPORT); return ANUBIS_DB_FAIL; } } @@ -166,12 +168,25 @@ mysql_db_open (void **dp, ANUBIS_URL * url, enum anubis_db_mode mode, amp = xzalloc (sizeof (*amp)); amp->buf = xmalloc (bufsize); amp->bufsize = bufsize; mdata = xmalloc (sizeof (*mdata)); amp->data = mdata; mysql_init (&mdata->mysql); + + s = anubis_url_get_arg (url, "options-file"); + if (!s) { + if (access ("/etc/my.cnf", F_OK) == 0) + s = "/etc/my.cnf"; + } + + if (s && *s) { + mysql_options (&mdata->mysql, MYSQL_READ_DEFAULT_FILE, s); + mysql_options(&mdata->mysql, MYSQL_READ_DEFAULT_GROUP, + s ? s : "anubis"); + } + if (!mysql_real_connect (&mdata->mysql, url->host, url->user, url->passwd, url->path, port, anubis_url_get_arg (url, "socket"), 0)) { free (amp->data); diff --git a/src/usr.opt b/src/usr.opt index 72ab222..fa9d859 100644 --- a/src/usr.opt +++ b/src/usr.opt @@ -34,12 +34,19 @@ OPTION(tls-cafile,C,FILE, BEGIN #ifdef HAVE_TLS secure.cafile = optarg; #endif END +OPTION(tls-priorities,,PRIO,Set TLS priorities) +BEGIN +#ifdef HAVE_TLS + secure.prio = optarg; +#endif +END + OPTION(file,f,FILE, Set user configuration file name.) BEGIN rcfile_name = optarg; END |