summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2010-01-06 11:25:39 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2010-01-06 11:25:39 (GMT)
commit1a0f319a747220e48bde4fae8b80c0b00d22e69c (patch) (side-by-side diff)
tree5912bfb14ac3d26b29eff947ded1eefa008e80be
parentfa78a9f21ff4fd85fb568232c9bee957b9c83497 (diff)
downloadwydawca-1a0f319a747220e48bde4fae8b80c0b00d22e69c.tar.gz
wydawca-1a0f319a747220e48bde4fae8b80c0b00d22e69c.tar.bz2
Improve SQL configuration.
* src/config.c (sql_kw): New statements: config-file and config-group. * src/sql.c (sql_init_dictionary): Handle config-file and config-group. Set CLIENT_MULTI_RESULTS option. * src/sql.h (struct sqlconn): New members: config_file and config_group. * NEWS, doc/wydawca.texi: Update.
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--NEWS20
-rw-r--r--doc/wydawca.texi73
-rw-r--r--src/config.c5
-rw-r--r--src/sql.c10
-rw-r--r--src/sql.h2
5 files changed, 106 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 588a3d2..d4de3c3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,2 +1,2 @@
-Wydawca NEWS -- history of user-visible changes. 2010-01-02
+Wydawca NEWS -- history of user-visible changes. 2010-01-06
Copyright (C) 2007, 2008, 2009, 2010 Sergey Poznyakoff
@@ -38,2 +38,20 @@ verify the submitted tarball. See the documentation, section
+* New configuration statements
+
+sql default {
+ config-file "file";
+ config-group "grp";
+}
+
+The `config-file' statement specifies the SQL configuration file
+to use. The `config-group' statement indicates the group in that
+file to read. The defaults for both statements depend on the
+underlying database implementation. Currently only MySQL is supported,
+so the defaults are "/etc/my.cnf" for "file", and "client" for
+"group".
+
+These options can be used to store security-sensitive information
+in another file, and thus to relax permission requirements for
+wydawca.rc.
+
* New meta-variables
diff --git a/doc/wydawca.texi b/doc/wydawca.texi
index ab18e47..7e69831 100644
--- a/doc/wydawca.texi
+++ b/doc/wydawca.texi
@@ -1191,2 +1191,4 @@ releases).
sql @var{id} @{
+ config-file @var{file};
+ config-group @var{group};
host @var{hostname};
@@ -1201,3 +1203,3 @@ sql @var{id} @{
Here, @var{id} is a string uniquely identifying this
-database. It is used by another configuration statements (e.g. by
+database. It is used by other configuration statements (e.g. by
dictionaries, see the next section) to refer to this
@@ -1206,2 +1208,48 @@ database.
+@deffn {Config: sql} config-file @var{name}
+ Set the name of the @acronym{SQL} configuration file to read.
+@end deffn
+
+@deffn {Config: sql} config-group @var{name}
+ Set the name of the group in the @acronym{SQL} configuration file,
+from where to read configuration options.
+@end deffn
+
+ The statements above allow to keep all security-sensitive
+information, such as @acronym{SQL} username and password, in an
+external configuration file and thus to relax permission requirements
+for @file{wydawca.rc}. The exact format of such external configuration
+file depends on the flavor of @acronym{SQL} @acronym{DBMS} in use.
+As of version @value{VERSION} @command{wydawca} supports only
+@samp{MySQL}, so the configuration file is what is called @dfn{option
+file} in @samp{MySQL} parlance (@pxref{option-files, Using Option
+Files,,mysql,MySQL Manual}).
+
+ For example, suppose your @file{wydawca.rc} contains the following:
+
+@smallexample
+sql default @{
+ config-file /etc/wydawca.mysql;
+ config-group wydawca;
+@}
+@end smallexample
+
+@noindent
+ Then, the @file{/etc/wydawca.mysql} would contain the actual
+parameters for accessing the database, e.g.:
+
+@smallexample
+[wydawca]
+socket = /var/db/mysql.sock
+database = savane
+user = savane
+pass = guessme
+@end smallexample
+
+ Another way to specify database credentials is by using the
+statements described below. If you prefer this way, you will have to
+tighten the permissions of @file{wydawca.rc} so that no third person
+could see the @acronym{SQL} password. The recommended permissions are
+@samp{0600}.
+
@deffn {Config: sql} host @var{hostname}[:@var{port-or-socket}]
@@ -1245,2 +1293,18 @@ sql default @{
+ It is possible to combine both methods, e.g.:
+
+@smallexample
+@group
+sql default @{
+ config-file /etc/wydawca.sql;
+ host project.database.com:3306;
+ database savane;
+@}
+@end group
+@end smallexample
+
+ Then, @command{wydawca} will attempt to obtain the missing
+information (username and password, in this case) from the
+@file{/etc/wydawca.sql} file.
+
@node dictionaries
@@ -1929,3 +1993,3 @@ The top-level Makefile.in in $@{WYDAWCA_DIST_FILE@} changes mode of
all the directories below the build tree to 777 before creating
-the tarball. This constitutes a security hole (see CVE-2009-4029[1],
+the tarball. This constitutes a security hole (see CVE-2009-4029[1],
for more details).
@@ -2824,2 +2888,7 @@ gpg-homedir @var{arg:@i{string}};
sql @var{id:@i{string}} @{
+ # @r{Set the name of the configuration file to read.}
+ config-file @var{name:@i{string}};
+ # @r{Set the name of the configuration file group to use.}
+ config-group @var{name:@i{string}};
+
# @r{Set SQL server hostname or IP address.}
diff --git a/src/config.c b/src/config.c
index 28734d0..e46c2f5 100644
--- a/src/config.c
+++ b/src/config.c
@@ -632,2 +632,7 @@ cb_sql (enum grecs_callback_command cmd,
static struct grecs_keyword sql_kw[] = {
+ { "config-file", N_("file"), N_("Read MySQL configuration from <file>"),
+ grecs_type_string, NULL, offsetof(struct sqlconn, config_file) },
+ { "config-group", N_("name"),
+ N_("Read the named group from the SQL configuration file"),
+ grecs_type_string, NULL, offsetof(struct sqlconn, config_group) },
{ "host", N_("host"), N_("Set SQL server hostname or IP address"),
diff --git a/src/sql.c b/src/sql.c
index 0ccc2e7..a4b311e 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -72,2 +72,10 @@ sql_init_dictionary (struct dictionary *dict)
mysql_init (&conn->mysql);
+
+ if (conn->config_file)
+ mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_FILE,
+ conn->config_file);
+ if (conn->config_group)
+ mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_GROUP,
+ conn->config_group);
+
if (conn->cacert)
@@ -77,3 +85,3 @@ sql_init_dictionary (struct dictionary *dict)
conn->password, conn->database, conn->port,
- conn->socket, 0))
+ conn->socket, CLIENT_MULTI_RESULTS))
{
diff --git a/src/sql.h b/src/sql.h
index cf7d636..a4ab2ee 100644
--- a/src/sql.h
+++ b/src/sql.h
@@ -21,2 +21,4 @@ struct sqlconn
char *ident;
+ char *config_file;
+ char *config_group;
char *host;

Return to:

Send suggestions and report system problems to the System administrator.