Fixes the following things:
1. Sanitizes log output to prevent an attacker from using a specially
crafted POST to add extra lines to the log
2. Simplify a regular expression since "..file" cannot be used to
escape the current directory
3. Makes sure directories are consistent
4. Correct logic issues in misc/cronjobs/backup.sh
Thanks to Frere Sebastien Marie for catching these issues.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This patch builds on work by Lars Wirzenius for the Koha packages.
To date, the only way for a Koha librarian to obtain a complete backup
of their system has been to log into the system via SSH (or FTP) to
download the mysqldump file. This patch makes it possible for
superlibrarians in properly configured systems to download night backups
via the staff client's Export tool.
Recognizing that this is functionality with potentially very grave
security implications, system administrators must manually enable these
features in the koha-conf.xml configuration file.
The following configuration settings have been added to the koha-conf.xml
file:
* backupdir => directory where backups should be stored.
* backup_db_via_tools => whether to allow superlibrarians to download
database backups via the Export tool. The default is disabled, and
there is no way -- by design -- to enable this option without manually
editing koha-conf.xml.
* backup_conf_via_tools => whether to allow superlibrarians to download
configuration backups via the Export tool (this may be applicable to
packages only). The default is disabled, and there is no way -- by
design -- to enable this option without manually editing koha-conf.xml.
This commit modifies the following scripts to make use of the new
backupdir configuration option:
* koha-dump and koha-run-backups in the Debian packages
* The sample backup script misc/cronjobs/backup.sh
Note that for security reasons, superlibrarians will not be allowed
to download files that are not owned by the web server's effective user.
This imposes a de facto dependency on ITK (for Apache) or running the
web server as the Koha user (as is done with Plack).
To test:
1. Apply patch.
2. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
3. Add <backupdir>$KOHADEV/var/spool</backup> to the <config> section
of your koha-conf.xml (note that you will need to adjust that so that
it is pointing at a logical directory).
4. Create the aforementioned directory.
5. Go to export page as a superlibrarian. Notice that no additional
export options appear because they have not been enabled.
6. Add <backup_db_via_tools>1</backup_db_via_tools> to the <config>
section of your koha-conf.xml
7. Go to the export page as a superlibrarian. Notice the new tab.
8. Go to the export page as a non-superlibrarian. Notice there is no
new tab.
9. Run: mysqldump -u koha -p koha | gzip > $BACKUPDIR/backup.sql.gz
(substituting appropriate user, password, and database name)
10. Go to the export page as a superlibrarian, and look at the "Export
database" tab. If you are running the web server as your Koha user,
and ran the above command as your Koha user, you should now see the
file listed as an option for download.
11. If you *did* see the file listed, change the ownership to something
else: sudo chown root:root $BACKUPDIR/backup.sql.gz
11a. Confirm that you no longer see the file listed when you look at the
"Export database" tab.
12. Change the ownership on the file to your web server (or Koha) user:
sudo chown www-data:www-data backup.sql.gz
13. Go to the export page as a superlibrarian, and look at the "Export
database" tab. You should now see backup.sql.gz listed.
14. Choose to download backup.sql.gz
15. Confirm that the downloaded file is what you were expecting.
If you are interested, you can repeat the above steps but replace
<backup_db_via_tools> with <backup_conf_via_tools>, and instead of
creating an sql file, create a tar file.
To test packaging: run koha-dump, confirm that it still creates a
usable backup.
------
This signoff contains two changes:
10-1. If no backup/conf files were present, then the message telling you
so doesn't appear and the download button does. Made them behave
correctly.
10-2. The test for a file existing required it to be owned by the
webserver UID. This change makes it so it only has to be readable.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
This allows modules that aren't in the main debian repos to be handled
by the list-deps script when building a control file.
Signed-off-by: Chris Cormack <chris@bigballofwax.co.nz>
This patch adds t/db_dependent/00-strict.pl which tests that all Perl
scripts compile. I chose to use Test::Strict so that in the future we
can also have the test check that "use strict" and "use warnings" are
enabled.
To test:
1. Run t/db_dependent/00-strict.pl.
2. Run around waving your arms in the air that we have a couple of
scripts that don't compile.
3. Actually, that's about it. You could test my patch for bug 8384 next.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Moved test to t/db_dependent
Signed-off-by: Frédéric Demians <f.demians@tamil.fr>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Patch introduces a new module Text::Unaccent.
To test:
1) Add a new patron with diacritics in surname and first name, leave userid empty.
2) Save user and check the created userid has only the base characters and
diacritics have been removed correctly.
3) Create another user with the same surname and first name, check userid
is generated correctly.
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Fixes bugs 6684 6997 4880:
6684 koha-remove should check the number of arguments it gets
6997 koha-remove leaves system in inconsistent state if there is an error
4880 koha-remove sometimes fails because user is logged in
Amended by chrisc@catalyst.net.nz
Trying to resolve conflicts.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Rebased on top of bug 7924.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Minor change in the koha packages : that is having perldeps and third party softwares installable as stand alone packages
in other words, create meta-packages to simplify installation of koha.
2 packages was created : koha-deps and koha-perldeps which install general dependencies of koha.
I modified the file control.in and executed the update-control script to generate the file control. Whith the control file,
I launched the build-git-snapshot script (see http://wiki.koha-community.org/wiki/Building_Debian_Packages_-_The_Easy_Way)
to generate packages.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
I've removed the 'Version' and 'Maintainer' lines, as they don't belong
in package sections. They apply to the source declaration only.
Otherwise, it seems fine and useful.
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
koha-remove would fail with a message like this:
Removing Koha instance --
ERROR 1396 (HY000) at line 1: Operation DROP USER failed for 'koha_--'@'%'
After fixing this, the --keep-mysql option made the script exit without doing
anything.
To test:
Alt 1
- Build package with build-git-snapshot
- Install package
Alt 2
- Replicate the changes in the patch in an existing installation
Then:
- Add instance1 and instance2
- koha-remove instance1
-- Check that script completes and the databse is gone
- koha-remove --keep-mysql instance2
-- Check that the script completes but the database is not removed
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Line 121 had "/etc/koha/koha-site.conf" instead of "/etc/koha/koha-sites.conf"
To test:
I don't think this needs any actual testing, just read the patch and check
that it looks sensible...
Signed-off-by: Marc Veron <veron@veron.ch>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This adds some dependencies to the control file that are required.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
The apache accesslogs suggested by the default config files are called
*_log, which results in them not getting picked up by logrotate, which
looks for *.log. This patch changes the suggested filenames to *.log.
To test:
Not much to test here, just apply the patch and check that all
occurences of TransferLog and CustomLog are now on the form *.log
All the lines where these occur are commented out, so this will
not actually change any behaviour.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
This removes the dependency on Date::ICal (which is largely
unmaintained) and replaces it with DateTime::Format::ICal which can do
the same job. It also updates all the docs and installation scripts to
handle this change.
Note that this causes a minor behaviour change: previously the generated
times were converted to UTC, now they are left "floating" (that is, have
no timezone attached) and so will appear as the local time when imported
into a calendar. I don't anticipate this'll cause any issues however.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This moves the SIP config to the templates directory (on package
building) in anticipation of making it configurable with package tools.
Prevents it being installed into /etc.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
This commit makes koha-create more flexible by adding a number of command-line
and configuration options.
The biggest change is to add support for pre-determined MySQL credentials using
a file in /etc/koha/passwd (for security reasons, if you use this feature, make
sure the file is not world-readable). The configuration file has the following
format:
instance:user:password:database
The database is optional, but the other two are both required if you want to
specify MySQL credentials. If no credentials are specified for a given instance,
the standard koha_instance username and an auto-generated password are used.
The following additional command line options are now available:
* --use-db - use a pre-existing database, see also --database
* --database - specify the name of the mysql database (still defaults to
koha_instance)
* --passwdfile - specify a custom (Koha) passwd file for MySQL credentials
The following additional variables are now available (for use in
koha-sites.conf or a custom config file):
* OPACPORT (previously added but not documented) - port on which the OPAC
should be served
* OPACPREFIX - prefix for the OPAC's virtual host
* OPACSUFFIX - suffix for the OPAC's virtual host
This commit also adds the --keep-mysql option to koha-remove, which, if
specified, will prevent koha-remove from deleting the database or MySQL user
when removing an instance.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This does two things:
* Allows OPACPORT to be specified to change the default OPAC port,
* removes the port number from the ServerName directive, as it's already
handled by the VirtualHost declaration.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Julian Maurice <julian.maurice@biblibre.com>
Signed-off-by: Katrin Fischer <Katrin.Fischer.83@web.de>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
I don't speak spanish, so my signoff is just a technical view of the patch
Now it more closely matches the one that's distributed in /etc
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
(not tested. I confirm the code is clean, and tests are not broken)
Prior to this patch, the koha-restore Debian script did not set the home
directory properly for the system users it created, causing problems down the
line for koha-rebuild-zebra. This patch fixes that by specifying the home
directory.
http://bugs.koha-community.org/show_bug.cgi?id=7216
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Sometimes zebra needs a tmp dir in order to work. This ensures that it
is created both by koha-create-dirs in the packages, and by
rebuild_zebra when it runs.
--
tested ok, signing off
Signed-off-by: Mason James <mtj@kohaaloha.com>
If you accidentally delete one of the files that koha-remove is supposed to
remove, when koha-remove reaches that point in the script, it will die, leaving
later removal steps undone. This patch fixes the problem by checking for the
existence of each file prior to deleting it, so that short of an actual problem
with removing the file, the script can continue. Note that the fix for bug 6929
is also needed to prevent any problems with stopping Zebra from killing
koha-remove.
Signed-off-by: Dobrica Pavlinusic <dpavlin@rot13.org>
This brings all the changelog entries for releases up to what has been
included in the packages
Signed-off-by: Mason James <mtj@kohaaloha.com>
Signed-off-by: Paul Poulain <paul.poulain@biblibre.com>
This updates the default version number that packages are build with to
be 3.7. This should be applied to master only.
Signed-off-by: Mason James <mtj@kohaaloha.com>
Add DocBook manual pages for commands that do not have a manual page yet. Also
add a page for koha-common itself, listing all the available commands.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Minor change: I fixed a typo I spotted
Currently, if it attempts to stop a zebra process that doesn't exist,
the script will abort, which leaves things running. This patch prevents
it from aborting.
Signed-off-by: Jared Camins-Esakov <jcamins@cpbibliography.com>
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Also fix the example so that it is there.
Signed-off-by: Ian Walls <ian.walls@bywatersolutions.com>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This uses the docbook source files to generate the man pages, and
installs them to their correct location when the packages are being
built.
This will make it easier for people to write man pages, thereby ensuring
that people join in keeping documentation up to date.
Note: adds docbook-xsl and xsltproc to the dependencies.
Note2: applies on top of Magnus' other patch on this ticket.
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This patch
- deletes debian/scripts/koha-create.8
- adds debian/docs/koha-create.xml and koha-remove.xml
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This affects only koha package installations that have multiple
instances running. After this patch, it's worth running the upgrade
again to ensure that everything happened correctly the first time.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
The revised patch quotes the variable $mysqldb, as suggested by Frère
Sébastien Marie.
This patch makes sure that pointing DEFAULTSQL in /etc/koha/koha-sites.conf
to any (gzip'ed) file produced by mysqldump works, by adding the name of the
database to the end of the call to mysql, when the specified SQL file is
loaded. Files produced with koha-dump-defaults should still work too.
To test:
- Apply the patch
- Create a new package with build-git-snapshot
- Install the package
- Create an SQL file from an existing installation with mysqldump
- gzip the SQL file
- point DEFAULTSQL to the file in /etc/koha/koha-sites.conf
- create a new site with koha-create --create-db
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
(to be followed by another patch that I think helps too)
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
Sets the default borrowernumber of staff user to 1 and makes it possible
to override this with ADMINUSER in /etc/koha/koha-sites.conf or with the
--adminuser and -a command line options.
Remember to update the wiki if this gets pushed!
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This allows the build information to not be suppressed when using
build-git-snapshot. This makes seeing where problems are substantially
easier.
Signed-off-by: Magnus Enger <magnus@enger.priv.no>
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
koha-create would fail to check that --configfile was set on the
commandline, before either including it if it existed or dying if
it did not. This patch should make sure the existence of a
configfile is only tested if --config is set.
Signed-off-by: Robin Sheat <robin@catalyst.net.nz>
This should apply against 3.4 and master.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This lets you get into the mysql session for this library instance
really easily. Probably most useful for developers.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
This allows the database details (username and database name in
particular) to be modified in between a koha-create --request-db and
--populate-db. Most useful when you discover that the username is too
long or something. Now, when populating the database, the connection
information is reloaded from the koha-conf.xml rather than being
generated from the instance name.
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>
