Show
Ignore:
Timestamp:
04/13/08 06:35:19 (8 months ago)
Author:
anarcat
Message:

Major redesign of the MySQL backend interface to fix a security issue.
See: #318.

As of now, the MySQL configuration used everywhere by AlternC is not
stored in the main configuration file (/etc/alternc/local.sh) but in a
MySQL configuration file in /etc/alternc/my.cnf, which enables us to
call mysql without exposing the password on the commandline.

The changes here are quite invasive but will allow us to factor out
the MySQL configuration better. See #364.

This includes a partial rewrite of the mysql.sh logic, which is now ran
from the postinst script (and not alternc.install) which will allow us
to actually change the MySQL root user properly. See #601.

This commit was tested like this:

  • clean install on etch (working)
  • upgrade from a clean 0.9.7 (working)
Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • alternc/trunk/debian/postinst

    r2108 r2117  
    8484DEFAULT_MX="" 
    8585 
    86 # MySQL configuration 
    87 MYSQL_HOST="" 
    88 MYSQL_DATABASE="" 
    89 MYSQL_USER="" 
    90 MYSQL_PASS="" 
     86# Note: MySQL username/password configuration now stored in /etc/alternc/my.cnf 
     87 
    9188# quels clients mysql sont permis (%, localhost, etc) 
    9289MYSQL_CLIENT="" 
     
    120117    update_var alternc/bind_internal BIND_INTERNAL 
    121118    update_var alternc/default_mx DEFAULT_MX  
    122     update_var alternc/mysql/host MYSQL_HOST  
    123     update_var alternc/mysql/db MYSQL_DATABASE  
    124     update_var alternc/mysql/user MYSQL_USER  
    125     update_var alternc/mysql/password MYSQL_PASS  
    126119    update_var alternc/mysql/client MYSQL_CLIENT  
    127120    update_var alternc/alternc_location ALTERNC_LOC 
     
    130123    mv -f $CONFIGFILE.tmp $CONFIGFILE 
    131124 
     125    # Setup grants 
     126    db_get "alternc/mysql/host" 
     127    MYSQL_HOST="$RET" 
     128    if [ "$MYSQL_HOST" != "localhost" -o -e /usr/sbin/mysqld ]; then 
     129        # compatibility shims with my.cnf 
     130        host="$RET" 
     131        db_get "alternc/mysql/db" 
     132        database="$RET" 
     133        db_get "alternc/mysql/user" 
     134        user="$RET" 
     135        db_get "alternc/mysql/password" 
     136        password="$RET" 
     137         
     138        # we source (instead of forking) mysql.sh so that it gets the local environment above 
     139        . /usr/share/alternc/install/mysql.sh 
     140    fi 
     141 
    132142    # forget the password 
    133143    db_reset alternc/mysql/password || true