Commits

Zhang Huangbin committed a47193f

* Store mysql username/password for client program in temporary file, used with option '--defaults-file='. It prevents leaking password by using password in command line interface.
* Fix typo error in samples/cluebringer_extra.sql.

Comments (0)

Files changed (10)

iRedMail/conf/global

         export DISTRO_VERSION="$(grep 'VERSION' /etc/SuSE-release | awk '{print $3}')"
 
         # code name
-        #   - 12.2: mantis
         #   - 12.3: dartmouth
+        #   - 13.1: bottle
         export DISTRO_CODENAME="$(grep 'CODENAME' /etc/SuSE-release | awk '{print $3}' |tr [A-Z] [a-z])"
 
         # Unsupported releases: 10.x, 11.x, 12.1 (asparagus), 12.2.

iRedMail/conf/mysql

 if [ X"${BACKEND}" == X"MYSQL" ]; then
     export MYSQL_BACKUP_DATABASES="${MYSQL_BACKUP_DATABASES} ${VMAIL_DB}"
 fi
+
+# A temporary file to store MySQL root password to avoid MySQL client warning:
+# "Warning: Using a password on the command line interface can be insecure."
+# File will be removed automatically after iRedMail installation.
+export MYSQL_DEFAULTS_FILE="${ROOTDIR}/.mysql-defaults-file"
+export MYSQL_CLIENT_ROOT="mysql --defaults-file=${MYSQL_DEFAULTS_FILE}"

iRedMail/functions/amavisd.sh

     ECHO_DEBUG "Import Amavisd database and privileges."
 
     if [ X"${BACKEND}" == X"OPENLDAP" -o X"${BACKEND}" == X"MYSQL" ]; then
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        ${MYSQL_CLIENT_ROOT} <<EOF
 -- Create database
 CREATE DATABASE ${AMAVISD_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 

iRedMail/functions/cleanup.sh

 ${PROG_VERSION}
 EOF
 
+    rm -f ${MYSQL_DEFAULTS_FILE} &>/dev/null
+
     cat <<EOF
 
 *************************************************************************

iRedMail/functions/cluebringer.sh

 
         if [ X"${BACKEND}" == X'OPENLDAP' -o X"${BACKEND}" == X'MYSQL' ]; then
             perl -pi -e 's#TYPE=#ENGINE=#g' ${DB_SAMPLE_FILE}
+
+            # Required by MySQL-5.6: 'NOT NULL' must has a default value.
+            perl -pi -e 's#(.*Track.*NOT.*NULL)(.*)#${1} DEFAULT ""${2}#g' ${DB_SAMPLE_FILE}
         elif [ X"${BACKEND}" == X'PGSQL' ]; then
             perl -pi -e 's=^(#.*)=/*${1}*/=' ${DB_SAMPLE_FILE}
         fi
     # Initial cluebringer db.
     # Enable greylisting on all inbound emails by default.
     if [ X"${BACKEND}" == X"OPENLDAP" -o X"${BACKEND}" == X"MYSQL" ]; then
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        ${MYSQL_CLIENT_ROOT} <<EOF
 $(cat ${tmp_sql})
 EOF
 

iRedMail/functions/dovecot2.sh

     # which used to store realtime quota.
     if [ X"${BACKEND}" == X"OPENLDAP" -a X"${USE_IREDADMIN}" != X"YES" ]; then
         # If iRedAdmin is not used, create database and import table here.
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        ${MYSQL_CLIENT_ROOT} <<EOF
 # Create databases.
 CREATE DATABASE IF NOT EXISTS ${IREDADMIN_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
     # which used to store realtime quota.
     if [ X"${BACKEND}" == X"OPENLDAP" -a X"${USE_IREDADMIN}" != X"YES" ]; then
         # If iRedAdmin is not used, create database and import table here.
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        ${MYSQL_CLIENT_ROOT} <<EOF
 # Create databases.
 CREATE DATABASE IF NOT EXISTS ${IREDADMIN_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 

iRedMail/functions/iredadmin.sh

 
     ECHO_DEBUG "Import iredadmin database template."
     if [ X"${BACKEND}" == X'OPENLDAP' -o X"${BACKEND}" == X'MYSQL' ]; then
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        # Required by MySQL-5.6: TEXT/BLOB column cannot have a default value.
+        perl -pi -e 's#(.*maildir.*)TEXT(.*)#${1}VARCHAR\(255\)${2}#g' ${IREDADMIN_HTTPD_ROOT}/docs/samples/iredadmin.sql;
+
+        ${MYSQL_CLIENT_ROOT} <<EOF
 # Create databases.
 CREATE DATABASE ${IREDADMIN_DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 
 
         # Import addition tables.
         if [ X"${BACKEND}" == X"OPENLDAP" ]; then
-            mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+            ${MYSQL_CLIENT_ROOT} <<EOF
 USE ${IREDADMIN_DB_NAME};
 SOURCE ${SAMPLE_DIR}/dovecot/used_quota.mysql;
 SOURCE ${SAMPLE_DIR}/dovecot/imap_share_folder.sql;

iRedMail/functions/mysql.sh

     ECHO_DEBUG "Sleep 5 seconds for MySQL daemon initialize ..."
     sleep 5
 
+    # Generate temporary file for MySQL client option --defaults-file.
+    cat >> ${MYSQL_DEFAULTS_FILE} <<EOF
+[client]
+host=${SQL_SERVER}
+port=${SQL_SERVER_PORT}
+user=${MYSQL_ROOT_USER}
+password=${MYSQL_ROOT_PASSWD}
+EOF
+
     if [ X"${LOCAL_ADDRESS}" == X'127.0.0.1' ]; then
         ECHO_DEBUG "Setting password for MySQL admin (${MYSQL_ROOT_USER})."
         mysqladmin --user=root password "${MYSQL_ROOT_PASSWD}"
 EOF
 
     ECHO_DEBUG "Initialize MySQL database."
-    mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+    ${MYSQL_CLIENT_ROOT} <<EOF
 SOURCE ${MYSQL_INIT_SQL};
 FLUSH PRIVILEGES;
 EOF
 EOF
 
     ECHO_DEBUG "Import postfix virtual hosts/users: ${MYSQL_VMAIL_SQL}."
-    mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+    ${MYSQL_CLIENT_ROOT} <<EOF
 SOURCE ${MYSQL_VMAIL_SQL};
 FLUSH PRIVILEGES;
 EOF

iRedMail/functions/roundcubemail.sh

 
     # Initial roundcube db.
     if [ X"${BACKEND}" == X"OPENLDAP" -o X"${BACKEND}" == X"MYSQL" ]; then
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        ${MYSQL_CLIENT_ROOT} <<EOF
 -- Create database and grant privileges
 CREATE DATABASE ${RCM_DB} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 GRANT SELECT,INSERT,UPDATE,DELETE ON ${RCM_DB}.* TO "${RCM_DB_USER}"@"${SQL_HOSTNAME}" IDENTIFIED BY '${RCM_DB_PASSWD}';
 
     # Do not grant privileges while backend is not MySQL.
     if [ X"${BACKEND}" == X"MYSQL" ]; then
-        mysql -h${SQL_SERVER} -P${SQL_SERVER_PORT} -u${MYSQL_ROOT_USER} -p"${MYSQL_ROOT_PASSWD}" <<EOF
+        ${MYSQL_CLIENT_ROOT} <<EOF
 -- Grant privileges for Roundcubemail, so that user can change
 -- their own password and setting mail forwarding.
 GRANT UPDATE,SELECT ON ${VMAIL_DB}.mailbox TO "${RCM_DB_USER}"@"${SQL_HOSTNAME}";

iRedMail/samples/cluebringer_extra.sql

     FROM policies WHERE name='whitelisted_ips' LIMIT 1;
 
 -- Sample: Add whitelisted sender, domain, IP
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, 'user@domain.com', 0 FROM policy_groups WHERE name='whitelisted_senders' LIMIT 1;
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, '@domain.com', 0 FROM policy_groups WHERE name='whitelisted_domains' LIMIT 1;
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, '123.123.123.123', 0 FROM policy_groups WHERE name='whitelisted_ips' LIMIT 1;
 
 -- ------------------------------
     FROM policies WHERE name='blacklisted_ips' LIMIT 1;
 
 -- Sample: Add blacklisted sender, domain, IP
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, 'user@domain.com', 0 FROM policy_groups WHERE name='blacklisted_senders' LIMIT 1;
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, '@domain.com', 0 FROM policy_groups WHERE name='blacklisted_domains' LIMIT 1;
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, '123.123.123.123', 0 FROM policy_groups WHERE name='blacklisted_ips' LIMIT 1;
 
 -- ------------------------------------
     FROM policies WHERE name='no_greylisting' LIMIT 1;
 
 -- Disable greylisting for certain domain/users:
---INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
+-- INSERT INTO policy_group_members (PolicyGroupID, Member, Disabled)
 --    SELECT id, '@domain.com', 0 FROM policy_groups WHERE name='no_greylisting' LIMIT 1;
 
 -- TODO Add necessary indexes with index name