Show
Ignore:
Timestamp:
04/13/08 06:35:19 (9 months ago)
Author:
anarcat
Message:

Major redesign of the MySQL backend interface to fix a security issue.
See: #318.

As of now, the MySQL configuration used everywhere by AlternC is not
stored in the main configuration file (/etc/alternc/local.sh) but in a
MySQL configuration file in /etc/alternc/my.cnf, which enables us to
call mysql without exposing the password on the commandline.

The changes here are quite invasive but will allow us to factor out
the MySQL configuration better. See #364.

This includes a partial rewrite of the mysql.sh logic, which is now ran
from the postinst script (and not alternc.install) which will allow us
to actually change the MySQL root user properly. See #601.

This commit was tested like this:

  • clean install on etch (working)
  • upgrade from a clean 0.9.7 (working)
Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • alternc/trunk/tools/get_account_by_domain

    r877 r2117  
    7676# Have to get AlternC conf file : 
    7777! [ -f "$ALTERNC_CONF_FILE" ] && { echo $MISSING_CONF_FILE ; exit 1 ; } || . $ALTERNC_CONF_FILE 
    78 # Must have access to mysql to retreive accounts owning domains : 
    79 [ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost 
    80 $mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1 
    81 [ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } || mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e " 
     78mysql="$mysql --defaults-file=/etc/alternc/my.cnf" 
     79$mysql -e "select count(*) from domaines_standby;" > /dev/null 2>&1 
     80[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } 
    8281 
    8382# Does the stuff 
    84 $mysql "select concat(a.login, \" (\", a.mail, \")\") from membres a, sub_domaines b where a.uid = b.compte and concat(if(sub=\"\", \"\", concat(sub, \".\")), domaine)  = \"${1}\";" 
     83$mysql -B -N -e "select concat(a.login, \" (\", a.mail, \")\") from membres a, sub_domaines b where a.uid = b.compte and concat(if(sub=\"\", \"\", concat(sub, \".\")), domaine)  = \"${1}\";" 
    8584 
    8685 

  • alternc/trunk/tools/get_domains_by_account

    r877 r2117  
    7575! [ -f "$ALTERNC_CONF_FILE" ] && { echo $MISSING_CONF_FILE ; exit 1 ; } || . $ALTERNC_CONF_FILE 
    7676# Must have access to mysql to retreive accounts owning domains : 
    77 [ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost 
    78 $mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1 
    79 [ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } || mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e " 
     77mysql="$mysql --defaults-file=/etc/alternc/my.cnf -B -N -e" 
     78$mysql "select count(*) from domaines_standby;" > /dev/null 2>&1 
     79[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } 
    8080 
    8181# Does the stuff 

  • alternc/trunk/tools/top_http_users

    r1605 r2117  
    169169[ -f "$ALTERNC_CONF_FILE" ] || { echo $MISSING_CONF_FILE ; exit 1 ; } && . $ALTERNC_CONF_FILE 
    170170# Must have access to mysql to retreive accounts owning domains : 
    171 [ -z "$MYSQL_HOST" ] && MYSQL_HOST=localhost 
    172 $mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -e "select count(*) from domaines_standby;" > /dev/null 2>&1 
    173 [ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } || mysql="$mysql -h$MYSQL_HOST -u$MYSQL_USER -p$MYSQL_PASS -D$MYSQL_DATABASE -B -N -e " 
    174  
     171mysql="$mysql --defaults-file=/etc/alternc/my.cnf -B -N -e" 
     172$mysql "select count(*) from domaines_standby;" > /dev/null 2>&1 
     173[ "$?" != 0 ] && { echo "$MYSQL_UNREACHABLE_DATABASE" ; exit 1 ; } 
    175174# Prevents executing more than one shell at the same time 
    176175$lockfilecreate --retry 1 $LOCK_FILE