aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--NEWS20
-rw-r--r--doc/wydawca.texi73
-rw-r--r--src/config.c5
-rw-r--r--src/sql.c10
-rw-r--r--src/sql.h2
5 files changed, 106 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 588a3d2..d4de3c3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
1Wydawca NEWS -- history of user-visible changes. 2010-01-02 1Wydawca NEWS -- history of user-visible changes. 2010-01-06
2Copyright (C) 2007, 2008, 2009, 2010 Sergey Poznyakoff 2Copyright (C) 2007, 2008, 2009, 2010 Sergey Poznyakoff
3See the end of file for copying conditions. 3See the end of file for copying conditions.
4 4
@@ -36,6 +36,24 @@ The new keyword `check-script' defines a shell script to
36verify the submitted tarball. See the documentation, section 36verify the submitted tarball. See the documentation, section
374.12 "Distribution Verification", for details. 374.12 "Distribution Verification", for details.
38 38
39* New configuration statements
40
41sql default {
42 config-file "file";
43 config-group "grp";
44}
45
46The `config-file' statement specifies the SQL configuration file
47to use. The `config-group' statement indicates the group in that
48file to read. The defaults for both statements depend on the
49underlying database implementation. Currently only MySQL is supported,
50so the defaults are "/etc/my.cnf" for "file", and "client" for
51"group".
52
53These options can be used to store security-sensitive information
54in another file, and thus to relax permission requirements for
55wydawca.rc.
56
39* New meta-variables 57* New meta-variables
40 58
41 email:admin Full email address of the systems administrator. 59 email:admin Full email address of the systems administrator.
diff --git a/doc/wydawca.texi b/doc/wydawca.texi
index ab18e47..7e69831 100644
--- a/doc/wydawca.texi
+++ b/doc/wydawca.texi
@@ -1189,6 +1189,8 @@ releases).
1189@smallexample 1189@smallexample
1190@group 1190@group
1191sql @var{id} @{ 1191sql @var{id} @{
1192 config-file @var{file};
1193 config-group @var{group};
1192 host @var{hostname}; 1194 host @var{hostname};
1193 database @var{dbname}; 1195 database @var{dbname};
1194 user @var{username}; 1196 user @var{username};
@@ -1199,11 +1201,57 @@ sql @var{id} @{
1199@end smallexample 1201@end smallexample
1200 1202
1201 Here, @var{id} is a string uniquely identifying this 1203 Here, @var{id} is a string uniquely identifying this
1202database. It is used by another configuration statements (e.g. by 1204database. It is used by other configuration statements (e.g. by
1203dictionaries, see the next section) to refer to this 1205dictionaries, see the next section) to refer to this
1204database. 1206database.
1205@end deffn 1207@end deffn
1206 1208
1209@deffn {Config: sql} config-file @var{name}
1210 Set the name of the @acronym{SQL} configuration file to read.
1211@end deffn
1212
1213@deffn {Config: sql} config-group @var{name}
1214 Set the name of the group in the @acronym{SQL} configuration file,
1215from where to read configuration options.
1216@end deffn
1217
1218 The statements above allow to keep all security-sensitive
1219information, such as @acronym{SQL} username and password, in an
1220external configuration file and thus to relax permission requirements
1221for @file{wydawca.rc}. The exact format of such external configuration
1222file depends on the flavor of @acronym{SQL} @acronym{DBMS} in use.
1223As of version @value{VERSION} @command{wydawca} supports only
1224@samp{MySQL}, so the configuration file is what is called @dfn{option
1225file} in @samp{MySQL} parlance (@pxref{option-files, Using Option
1226Files,,mysql,MySQL Manual}).
1227
1228 For example, suppose your @file{wydawca.rc} contains the following:
1229
1230@smallexample
1231sql default @{
1232 config-file /etc/wydawca.mysql;
1233 config-group wydawca;
1234@}
1235@end smallexample
1236
1237@noindent
1238 Then, the @file{/etc/wydawca.mysql} would contain the actual
1239parameters for accessing the database, e.g.:
1240
1241@smallexample
1242[wydawca]
1243socket = /var/db/mysql.sock
1244database = savane
1245user = savane
1246pass = guessme
1247@end smallexample
1248
1249 Another way to specify database credentials is by using the
1250statements described below. If you prefer this way, you will have to
1251tighten the permissions of @file{wydawca.rc} so that no third person
1252could see the @acronym{SQL} password. The recommended permissions are
1253@samp{0600}.
1254
1207@deffn {Config: sql} host @var{hostname}[:@var{port-or-socket}] 1255@deffn {Config: sql} host @var{hostname}[:@var{port-or-socket}]
1208 Set the hostname or @acronym{IP} address of the host running the 1256 Set the hostname or @acronym{IP} address of the host running the
1209database. Optional @var{port-or-socket} specifies port number (for 1257database. Optional @var{port-or-socket} specifies port number (for
@@ -1243,6 +1291,22 @@ sql default @{
1243@end group 1291@end group
1244@end smallexample 1292@end smallexample
1245 1293
1294 It is possible to combine both methods, e.g.:
1295
1296@smallexample
1297@group
1298sql default @{
1299 config-file /etc/wydawca.sql;
1300 host project.database.com:3306;
1301 database savane;
1302@}
1303@end group
1304@end smallexample
1305
1306 Then, @command{wydawca} will attempt to obtain the missing
1307information (username and password, in this case) from the
1308@file{/etc/wydawca.sql} file.
1309
1246@node dictionaries 1310@node dictionaries
1247@section Dictionaries 1311@section Dictionaries
1248@cindex dictionaries 1312@cindex dictionaries
@@ -1927,7 +1991,7 @@ case $@{WYDAWCA_DIST_FILE@} in
1927 fmt <<_EOF_ 1991 fmt <<_EOF_
1928The top-level Makefile.in in $@{WYDAWCA_DIST_FILE@} changes mode of 1992The top-level Makefile.in in $@{WYDAWCA_DIST_FILE@} changes mode of
1929all the directories below the build tree to 777 before creating 1993all the directories below the build tree to 777 before creating
1930the tarball. This constitutes a security hole (see CVE-2009-4029[1], 1994the tarball. This constitutes a security hole (see CVE-2009-4029[1],
1931for more details). 1995for more details).
1932 1996
1933Please, rebuild the package using a newer Automake (at least v. 1.11.1) 1997Please, rebuild the package using a newer Automake (at least v. 1.11.1)
@@ -2822,6 +2886,11 @@ gpg-homedir @var{arg:@i{string}};
2822# @r{Define SQL database}. 2886# @r{Define SQL database}.
2823# @xref{sql}. 2887# @xref{sql}.
2824sql @var{id:@i{string}} @{ 2888sql @var{id:@i{string}} @{
2889 # @r{Set the name of the configuration file to read.}
2890 config-file @var{name:@i{string}};
2891 # @r{Set the name of the configuration file group to use.}
2892 config-group @var{name:@i{string}};
2893
2825 # @r{Set SQL server hostname or IP address.} 2894 # @r{Set SQL server hostname or IP address.}
2826 host @var{host:@i{string}}; 2895 host @var{host:@i{string}};
2827 2896
diff --git a/src/config.c b/src/config.c
index 28734d0..e46c2f5 100644
--- a/src/config.c
+++ b/src/config.c
@@ -630,6 +630,11 @@ cb_sql (enum grecs_callback_command cmd,
630} 630}
631 631
632static struct grecs_keyword sql_kw[] = { 632static struct grecs_keyword sql_kw[] = {
633 { "config-file", N_("file"), N_("Read MySQL configuration from <file>"),
634 grecs_type_string, NULL, offsetof(struct sqlconn, config_file) },
635 { "config-group", N_("name"),
636 N_("Read the named group from the SQL configuration file"),
637 grecs_type_string, NULL, offsetof(struct sqlconn, config_group) },
633 { "host", N_("host"), N_("Set SQL server hostname or IP address"), 638 { "host", N_("host"), N_("Set SQL server hostname or IP address"),
634 grecs_type_string, NULL, 0, cb_sql_host }, 639 grecs_type_string, NULL, 0, cb_sql_host },
635 { "database", N_("dbname"), N_("Set database name"), 640 { "database", N_("dbname"), N_("Set database name"),
diff --git a/src/sql.c b/src/sql.c
index 0ccc2e7..a4b311e 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -70,12 +70,20 @@ sql_init_dictionary (struct dictionary *dict)
70 if (conn->initcount++ == 0) 70 if (conn->initcount++ == 0)
71 { 71 {
72 mysql_init (&conn->mysql); 72 mysql_init (&conn->mysql);
73
74 if (conn->config_file)
75 mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_FILE,
76 conn->config_file);
77 if (conn->config_group)
78 mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_GROUP,
79 conn->config_group);
80
73 if (conn->cacert) 81 if (conn->cacert)
74 mysql_ssl_set (&conn->mysql, NULL, NULL, conn->cacert, 82 mysql_ssl_set (&conn->mysql, NULL, NULL, conn->cacert,
75 NULL, NULL); 83 NULL, NULL);
76 if (!mysql_real_connect (&conn->mysql, conn->host, conn->user, 84 if (!mysql_real_connect (&conn->mysql, conn->host, conn->user,
77 conn->password, conn->database, conn->port, 85 conn->password, conn->database, conn->port,
78 conn->socket, 0)) 86 conn->socket, CLIENT_MULTI_RESULTS))
79 { 87 {
80 logmsg (LOG_ERR, _("failed to connect to database %s: error: %s\n"), 88 logmsg (LOG_ERR, _("failed to connect to database %s: error: %s\n"),
81 dict->parmv[0], mysql_error (&conn->mysql)); 89 dict->parmv[0], mysql_error (&conn->mysql));
diff --git a/src/sql.h b/src/sql.h
index cf7d636..a4ab2ee 100644
--- a/src/sql.h
+++ b/src/sql.h
@@ -19,6 +19,8 @@
19struct sqlconn 19struct sqlconn
20{ 20{
21 char *ident; 21 char *ident;
22 char *config_file;
23 char *config_group;
22 char *host; 24 char *host;
23 char *socket; 25 char *socket;
24 short port; 26 short port;

Return to:

Send suggestions and report system problems to the System administrator.