diff options
authorSergey Poznyakoff <gray@gnu.org.ua>2010-01-06 13:25:39 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2010-01-06 13:25:39 +0200
commit1a0f319a747220e48bde4fae8b80c0b00d22e69c (patch)
parentfa78a9f21ff4fd85fb568232c9bee957b9c83497 (diff)
Improve SQL configuration.
* src/config.c (sql_kw): New statements: config-file and config-group. * src/sql.c (sql_init_dictionary): Handle config-file and config-group. Set CLIENT_MULTI_RESULTS option. * src/sql.h (struct sqlconn): New members: config_file and config_group. * NEWS, doc/wydawca.texi: Update.
5 files changed, 106 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 588a3d2..d4de3c3 100644
--- a/NEWS
+++ b/NEWS
@@ -1,4 +1,4 @@
-Wydawca NEWS -- history of user-visible changes. 2010-01-02
+Wydawca NEWS -- history of user-visible changes. 2010-01-06
Copyright (C) 2007, 2008, 2009, 2010 Sergey Poznyakoff
See the end of file for copying conditions.
@@ -36,6 +36,24 @@ The new keyword `check-script' defines a shell script to
verify the submitted tarball. See the documentation, section
4.12 "Distribution Verification", for details.
+* New configuration statements
+sql default {
+ config-file "file";
+ config-group "grp";
+The `config-file' statement specifies the SQL configuration file
+to use. The `config-group' statement indicates the group in that
+file to read. The defaults for both statements depend on the
+underlying database implementation. Currently only MySQL is supported,
+so the defaults are "/etc/my.cnf" for "file", and "client" for
+These options can be used to store security-sensitive information
+in another file, and thus to relax permission requirements for
* New meta-variables
email:admin Full email address of the systems administrator.
diff --git a/doc/wydawca.texi b/doc/wydawca.texi
index ab18e47..7e69831 100644
--- a/doc/wydawca.texi
+++ b/doc/wydawca.texi
@@ -1189,6 +1189,8 @@ releases).
sql @var{id} @{
+ config-file @var{file};
+ config-group @var{group};
host @var{hostname};
database @var{dbname};
user @var{username};
@@ -1199,11 +1201,57 @@ sql @var{id} @{
@end smallexample
Here, @var{id} is a string uniquely identifying this
-database. It is used by another configuration statements (e.g. by
+database. It is used by other configuration statements (e.g. by
dictionaries, see the next section) to refer to this
@end deffn
+@deffn {Config: sql} config-file @var{name}
+ Set the name of the @acronym{SQL} configuration file to read.
+@end deffn
+@deffn {Config: sql} config-group @var{name}
+ Set the name of the group in the @acronym{SQL} configuration file,
+from where to read configuration options.
+@end deffn
+ The statements above allow to keep all security-sensitive
+information, such as @acronym{SQL} username and password, in an
+external configuration file and thus to relax permission requirements
+for @file{wydawca.rc}. The exact format of such external configuration
+file depends on the flavor of @acronym{SQL} @acronym{DBMS} in use.
+As of version @value{VERSION} @command{wydawca} supports only
+@samp{MySQL}, so the configuration file is what is called @dfn{option
+file} in @samp{MySQL} parlance (@pxref{option-files, Using Option
+Files,,mysql,MySQL Manual}).
+ For example, suppose your @file{wydawca.rc} contains the following:
+sql default @{
+ config-file /etc/wydawca.mysql;
+ config-group wydawca;
+@end smallexample
+ Then, the @file{/etc/wydawca.mysql} would contain the actual
+parameters for accessing the database, e.g.:
+socket = /var/db/mysql.sock
+database = savane
+user = savane
+pass = guessme
+@end smallexample
+ Another way to specify database credentials is by using the
+statements described below. If you prefer this way, you will have to
+tighten the permissions of @file{wydawca.rc} so that no third person
+could see the @acronym{SQL} password. The recommended permissions are
@deffn {Config: sql} host @var{hostname}[:@var{port-or-socket}]
Set the hostname or @acronym{IP} address of the host running the
database. Optional @var{port-or-socket} specifies port number (for
@@ -1243,6 +1291,22 @@ sql default @{
@end group
@end smallexample
+ It is possible to combine both methods, e.g.:
+sql default @{
+ config-file /etc/wydawca.sql;
+ host project.database.com:3306;
+ database savane;
+@end group
+@end smallexample
+ Then, @command{wydawca} will attempt to obtain the missing
+information (username and password, in this case) from the
+@file{/etc/wydawca.sql} file.
@node dictionaries
@section Dictionaries
@cindex dictionaries
@@ -1927,7 +1991,7 @@ case $@{WYDAWCA_DIST_FILE@} in
fmt <<_EOF_
The top-level Makefile.in in $@{WYDAWCA_DIST_FILE@} changes mode of
all the directories below the build tree to 777 before creating
-the tarball. This constitutes a security hole (see CVE-2009-4029[1],
+the tarball. This constitutes a security hole (see CVE-2009-4029[1],
for more details).
Please, rebuild the package using a newer Automake (at least v. 1.11.1)
@@ -2822,6 +2886,11 @@ gpg-homedir @var{arg:@i{string}};
# @r{Define SQL database}.
# @xref{sql}.
sql @var{id:@i{string}} @{
+ # @r{Set the name of the configuration file to read.}
+ config-file @var{name:@i{string}};
+ # @r{Set the name of the configuration file group to use.}
+ config-group @var{name:@i{string}};
# @r{Set SQL server hostname or IP address.}
host @var{host:@i{string}};
diff --git a/src/config.c b/src/config.c
index 28734d0..e46c2f5 100644
--- a/src/config.c
+++ b/src/config.c
@@ -630,6 +630,11 @@ cb_sql (enum grecs_callback_command cmd,
static struct grecs_keyword sql_kw[] = {
+ { "config-file", N_("file"), N_("Read MySQL configuration from <file>"),
+ grecs_type_string, NULL, offsetof(struct sqlconn, config_file) },
+ { "config-group", N_("name"),
+ N_("Read the named group from the SQL configuration file"),
+ grecs_type_string, NULL, offsetof(struct sqlconn, config_group) },
{ "host", N_("host"), N_("Set SQL server hostname or IP address"),
grecs_type_string, NULL, 0, cb_sql_host },
{ "database", N_("dbname"), N_("Set database name"),
diff --git a/src/sql.c b/src/sql.c
index 0ccc2e7..a4b311e 100644
--- a/src/sql.c
+++ b/src/sql.c
@@ -70,12 +70,20 @@ sql_init_dictionary (struct dictionary *dict)
if (conn->initcount++ == 0)
mysql_init (&conn->mysql);
+ if (conn->config_file)
+ mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_FILE,
+ conn->config_file);
+ if (conn->config_group)
+ mysql_options (&conn->mysql, MYSQL_READ_DEFAULT_GROUP,
+ conn->config_group);
if (conn->cacert)
mysql_ssl_set (&conn->mysql, NULL, NULL, conn->cacert,
if (!mysql_real_connect (&conn->mysql, conn->host, conn->user,
conn->password, conn->database, conn->port,
- conn->socket, 0))
+ conn->socket, CLIENT_MULTI_RESULTS))
logmsg (LOG_ERR, _("failed to connect to database %s: error: %s\n"),
dict->parmv[0], mysql_error (&conn->mysql));
diff --git a/src/sql.h b/src/sql.h
index cf7d636..a4ab2ee 100644
--- a/src/sql.h
+++ b/src/sql.h
@@ -19,6 +19,8 @@
struct sqlconn
char *ident;
+ char *config_file;
+ char *config_group;
char *host;
char *socket;
short port;

Return to:

Send suggestions and report system problems to the System administrator.