Changeset 2117 for alternc/trunk/bureau/class/local.php

Timestamp:

04/13/08 06:35:19 (8 months ago)

Author:

anarcat

Message:

Major redesign of the MySQL backend interface to fix a security issue.
See: #318.

As of now, the MySQL configuration used everywhere by AlternC is not
stored in the main configuration file (/etc/alternc/local.sh) but in a
MySQL configuration file in /etc/alternc/my.cnf, which enables us to
call mysql without exposing the password on the commandline.

The changes here are quite invasive but will allow us to factor out
the MySQL configuration better. See #364.

This includes a partial rewrite of the mysql.sh logic, which is now ran
from the postinst script (and not alternc.install) which will allow us
to actually change the MySQL root user properly. See #601.

This commit was tested like this:

• clean install on etch (working)
  
• upgrade from a clean 0.9.7 (working)
  

Files:

• alternc/trunk/bureau/class/local.php (modified) (2 diffs)

alternc/trunk/bureau/class/local.php

@@ -14 +14 @@
-$config_file = fopen('/etc/alternc/local.sh', 'r');
-while (FALSE !== ($line = fgets($config_file))) {
-ereg('^([A-Z0-9_]*)="([^"]*)"', $line
+preg_match('/^([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line)
-        $GLOBALS['L_'.$regs[1]] = $regs[2];
-        if (isset($compat[$regs[1]])) {
@@ -23 +23 @@
-
-fclose($config_file);
+
+$config_file = fopen('/etc/alternc/my.cnf', 'r');
+while (FALSE !== ($line = fgets($config_file))) {
+    if (preg_match('/^([A-Za-z0-9_]*) *= *"?(.*?)"?$/', trim($line), $regs)) {
+        switch ($regs[1]) {
+        case "user":
+            $GLOBALS['L_MYSQL_LOGIN'] = $regs[2];
+            break;
+        case "password":
+            $GLOBALS['L_MYSQL_PWD'] = $regs[2];
+            break;
+        case "host":
+            $GLOBALS['L_MYSQL_HOST'] = $regs[2];
+            break;
+        case "database":
+            $GLOBALS['L_MYSQL_DATABASE'] = $regs[2];
+            break;
+        }
+    }
+}
+
+fclose($config_file);