diff options
-rw-r--r-- | NEWS | 20 | ||||
-rw-r--r-- | doc/wydawca.texi | 73 | ||||
-rw-r--r-- | src/config.c | 5 | ||||
-rw-r--r-- | src/sql.c | 10 | ||||
-rw-r--r-- | src/sql.h | 2 |
5 files changed, 106 insertions, 4 deletions
@@ -1,2 +1,2 @@ -Wydawca NEWS -- history of user-visible changes. 2010-01-02 +Wydawca NEWS -- history of user-visible changes. 2010-01-06 Copyright (C) 2007, 2008, 2009, 2010 Sergey Poznyakoff @@ -38,2 +38,20 @@ verify the submitted tarball. See the documentation, section +* New configuration statements + +sql default { + config-file "file"; + config-group "grp"; +} + +The `config-file' statement specifies the SQL configuration file +to use. The `config-group' statement indicates the group in that +file to read. The defaults for both statements depend on the +underlying database implementation. Currently only MySQL is supported, +so the defaults are "/etc/my.cnf" for "file", and "client" for +"group". + +These options can be used to store security-sensitive information +in another file, and thus to relax permission requirements for +wydawca.rc. + * New meta-variables diff --git a/doc/wydawca.texi b/doc/wydawca.texi index ab18e47..7e69831 100644 --- a/doc/wydawca.texi +++ b/doc/wydawca.texi @@ -1191,2 +1191,4 @@ releases). sql @var{id} @{ + config-file @var{file}; + config-group @var{group}; host @var{hostname}; @@ -1201,3 +1203,3 @@ sql @var{id} @{ Here, @var{id} is a string uniquely identifying this -database. It is used by another configuration statements (e.g. by +database. It is used by other configuration statements (e.g. by dictionaries, see the next section) to refer to this @@ -1206,2 +1208,48 @@ database. +@deffn {Config: sql} config-file @var{name} + Set the name of the @acronym{SQL} configuration file to read. +@end deffn + +@deffn {Config: sql} config-group @var{name} + Set the name of the group in the @acronym{SQL} configuration file, +from where to read configuration options. +@end deffn + + The statements above allow to keep all security-sensitive +information, such as @acronym{SQL} username and password, in an +external configuration file and thus to relax permission requirements +for @file{wydawca.rc}. The exact format of such external configuration +file depends on the flavor of @acronym{SQL} @acronym{DBMS} in use. +As of version @value{VERSION} @command{wydawca} supports only +@samp{MySQL}, so the configuration file is what is called @dfn{option +file} in @samp{MySQL} parlance (@pxref{option-files, Using Option +Files,,mysql,MySQL Manual}). + + For example, suppose your @file{wydawca.rc} contains the following: + +@smallexample +sql default @{ + config-file /etc/wydawca.mysql; + config-group wydawca; +@} +@end smallexample + +@noindent + Then, the @file{/etc/wydawca.mysql} would contain the actual +parameters for accessing the database, e.g.: + +@smallexample +[wydawca] +socket = /var/db/mysql.sock +database = savane +user = savane +pass = guessme +@end smallexample + + Another way to specify database credentials is by using the +statements described below. If you prefer this way, you will have to +tighten the permissions of @file{wydawca.rc} so that no third person +could see the @acronym{SQL} password. The recommended permissions are +@samp{0600}. + @deffn {Config: sql} host @var{hostname}[:@var{port-or-socket}] @@ -1245,2 +1293,18 @@ sql default @{ + It is possible to combine both methods, e.g.: + +@smallexample +@group +sql default @{ + config-file /etc/wydawca.sql; + host project.database.com:3306; + database savane; +@} +@end group +@end smallexample + + Then, @command{wydawca} will attempt to obtain the missing +information (username and password, in this case) from the +@file{/etc/wydawca.sql} file. + @node dictionaries @@ -1929,3 +1993,3 @@ The top-level Makefile.in in $@{WYDAWCA_DIST_FILE@} changes mode of all the directories below the build tree to 777 before creating -the tarball. This constitutes a security hole (see CVE-2009-4029[1], +the tarball. This constitutes a security hole (see CVE-2009-4029[1], for more details). @@ -2824,2 +2888,7 @@ gpg-homedir @var{arg:@i{string}}; sql @var{id:@i{string}} @{ + # @r{Set the name of the configuration file to read.} + config-file @var{name:@i{string}}; + # @r{Set the name of the configuration file group to use.} + config-group @var{name:@i{string}}; + # @r{Set SQL server hostname or IP address.} diff --git a/src/config.c b/src/config.c index 28734d0..e46c2f5 100644 --- a/src/config.c +++ b/src/config.c @@ -632,2 +632,7 @@ cb_sql (enum grecs_callback_command cmd, static struct grecs_keyword sql_kw[] = { + { "config-file", N_("file"), N_("Read MySQL configuration from <file>"), + grecs_type_string, NULL, offsetof(struct sqlconn, config_file) }, + { "config-group", N_("name"), + N_("Read the named group from the SQL configuration file"), + grecs_type_string, NULL, offsetof(struct sqlconn, config_group) }, { "host", N_("host"), N_("Set SQL server hostname or IP address"), @@ -72,2 +72,10 @@ sql_init_dictionary (struct dictionary *dict) mysql_init (&conn->mysql); + + if (conn->config_file) + mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_FILE, + conn->config_file); + if (conn->config_group) + mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_GROUP, + conn->config_group); + if (conn->cacert) @@ -77,3 +85,3 @@ sql_init_dictionary (struct dictionary *dict) conn->password, conn->database, conn->port, - conn->socket, 0)) + conn->socket, CLIENT_MULTI_RESULTS)) { @@ -21,2 +21,4 @@ struct sqlconn char *ident; + char *config_file; + char *config_group; char *host; |