diff --git a/config/example-administration.yml b/config/example-administration.yml new file mode 100644 index 00000000..c6948932 --- /dev/null +++ b/config/example-administration.yml @@ -0,0 +1,38 @@ +# +# Administration Configuration file (sample) +# +# This file is only used by command-line programs accessing the DAViCal +# database for maintenance. It should be as secure as you can make it +# since it contains passwords and connection details for a more powerful +# database connection. Mode 600 is recommended. +# +# This file should be called 'administration.cfg' in the config directory. +# + +## +## The database username for connecting with sufficient rights to create +## tables, functions and granting access to other users. +admin_db_user: davical_dba + +## +## The password. Leading and trailling spaces are stripped, so don't do that +#admin_db_pass: very, very 5ecret + +## +## The hostname/IP. Not needed if using unix sockets to a local server. +#admin_db_host: 2401:170:20:17::1024:0 +#admin_db_host: 172.17.217.2 +#admin_db_host: dbserver.davical.net + +## +## The database name +admin_db_name: davical + +## +## The database port. Not needed if it is the default '5432' +#admin_db_port: 5432 + + +## +## The name of the database user the web application uses to connect +app_db_user: davical_app diff --git a/dba/update-rscds-database b/dba/update-rscds-database index 9883415a..c038cd3a 100755 --- a/dba/update-rscds-database +++ b/dba/update-rscds-database @@ -10,9 +10,11 @@ use DBI; use POSIX qw(floor); use Getopt::Long qw(:config permute); # allow mixed args. +use YAML qw( LoadFile ); + # Options variables my $debug = 0; -my $dbname = "davical"; +my $dbname = "rscds"; my $dbport = 5432; my $dbuser = ""; my $dbpass = ""; @@ -20,13 +22,33 @@ my $dbhost = ""; my $appuser = "general"; my $helpmeplease = 0; my $apply_patches = 1; -my $revoke_list = "general"; -my $config_file = ""; +my $revoke_list = ""; +my $config_file = "config/administration.yml"; my $dbadir = $0; $dbadir =~ s#/[^/]*$##; my $patchdir = $dbadir . "/patches"; +# +# We look in a few places for the config file. First relative to +# where we are, then relative to the code we are running, then we +# start to look in absolute locations. Then we give up :-) +if ( ! -f $config_file ) { + $config_file = $0; + $config_file =~ s{[^/]+/update-[a-z]+-database}{config/administration.yml}; +} +if ( ! -f $config_file ) { + $config_file = "/etc/davical/administration.yml"; +} +if ( -f $config_file ) { + my ($ycfg) = LoadFile($config_file); + $dbuser = $ycfg->{'admin_db_user'} if ( defined($ycfg->{'admin_db_user'})); + $dbpass = $ycfg->{'admin_db_pass'} if ( defined($ycfg->{'admin_db_pass'})); + $dbhost = $ycfg->{'admin_db_host'} if ( defined($ycfg->{'admin_db_host'})); + $dbname = $ycfg->{'admin_db_name'} if ( defined($ycfg->{'admin_db_name'})); + $dbport = $ycfg->{'admin_db_port'} if ( defined($ycfg->{'admin_db_port'})); + $appuser = $ycfg->{'app_db_user'} if ( defined($ycfg->{'app_db_user'})); +} GetOptions ('debug!' => \$debug, 'dbname=s' => \$dbname, @@ -37,11 +59,13 @@ GetOptions ('debug!' => \$debug, 'appuser=s' => \$appuser, 'patch!' => \$apply_patches, 'revoke=s' => \$revoke_list, - 'config=s' => \$config_file, 'help' => \$helpmeplease ); show_usage() if ( $helpmeplease ); +$revoke_list = ", ". $revoke_list if ( $revoke_list ne "" ); + + ############################################################ # Open database connection. Note that the standard PostgreSQL # environment variables will also work with DBD::Pg. @@ -50,6 +74,8 @@ my $dsn = "dbi:Pg:dbname=$dbname"; $dsn .= ";host=$dbhost" if ( "$dbhost" ne "" ); $dsn .= ";port=$dbport" if ( $dbport != 5432 ); +print "Using database: $dbuser".'%'.$dbpass.'@'.$dsn."\n" if ( $debug ); + my $current_revision; my $last_results = ''; # Will hold the last SQL result from applying a patch @@ -264,7 +290,7 @@ sub apply_permissions { defined($current_grant) or die "No GRANT before ON in $permsfile\n"; my $doohickeys = $1; - $sql = sprintf( "REVOKE ALL ON %s FROM %s, %s", $doohickeys, $appuser, $revoke_list ); + $sql = sprintf( "REVOKE ALL ON %s FROM %s %s", $doohickeys, $appuser, $revoke_list ); print $sql, "\n" if ( $debug ); $dbh->do($sql);