Koha/etc/zebradb/zebra-biblios.cfg
Mason James f2196a2e4f Bug 17035 - Koha allows system-wide 'read' access to all Koha zebra databases, by default
to test bug...
 1/ make a random user
 2/ change to random user
 3/ access any zebra database with random user and no authentication
 4/ read zebra database

here is a transcript of the bug...
---------------------------
root@xen1:~# adduser bob
root@xen1:~# su -l bob

bob@xen1:~$ cd /var/lib/koha
bob@xen1:/var/lib/koha$ ls
topsecret

bob@xen1:/var/lib/koha$ yaz-client  unix:/var/run/koha/topsecret/bibliosocket
Connecting...OK.
Sent initrequest.
Connection accepted by v3 target.
ID     : 81
Name   : Zebra Information Server/GFS/YAZ
Version: 4.2.30 98864b44c654645bc16b2c54f822dc2e45a93031
Options: search present delSet triggerResourceCtrl scan sort extendedServices namedResultSets
Elapsed: 0.001002

Z> base biblios;

Z> find the
Sent searchRequest.
Received SearchResponse.
Search was a success.
Number of hits: 1130, setno 2
SearchResult-1: term=the cnt=1130
records returned: 0
Elapsed: 0.005518

Z> show
Sent presentRequest (1+1).
Records: 1
[biblios]Record type: USmarc
01824cam a2200397 a 4500
001 000045782309
003 AuCNLKIN
005 20111013213222.0
008 100707s2011    maua          001 0 e
...
---------------------------

5/ apply changes to a Koha instance's config files, that you plan to test

6/ restart zebra for instance
 # sudo koha-restart-zebra topsecret

7/ repeat steps 2 and 3, but receive a 'bad user/passwd ' error from zebra

bob@xen1:~$ yaz-client unix:/var/run/koha/topsecret/bibliosocket
Connecting...OK.
Sent initrequest.
Connection rejected by v3 target.
    1: code=1011 (Init/AC: Bad Userid and/or Password),

NOTE: this patch currently will only fixes newly created instances, it wont fix existing instances
Signed-off-by: Chris Cormack <chrisc@catalyst.net.nz>

Good catch Mason

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

Signed-off-by: Brendan Gallagher <brendan@bywatersolutions.com>
2016-10-10 12:20:12 +00:00

64 lines
2.1 KiB
INI

# Simple Zebra configuration file that defines
# a database with MARCXML records.
# $Id: zebra.cfg,v 1.1.2.2 2006/05/09 12:03:16 rangi Exp $
#
# Where are the config files located?
profilePath:__ZEBRA_CONF_DIR__/biblios/etc:__ZEBRA_CONF_DIR__/etc:__ZEBRA_CONF_DIR__/marc_defs/__ZEBRA_MARC_FORMAT__/biblios:__ZEBRA_CONF_DIR__/lang_defs/__ZEBRA_LANGUAGE__
# modulePath - where to look for loadable zebra modules
modulePath: /usr/lib/idzebra-2.0/modules:/usr/lib64/idzebra-2.0/modules:/usr/lib/x86_64-linux-gnu/idzebra-2.0/modules/
encoding: UTF-8
# Files that describe the attribute sets supported.
attset: bib1.att
attset: explain.att
attset: gils.att
# systag sysno rank
# Specify record type
# group .recordType[ .name ]: type
# type is split into fundamental type. file-read-type . argument
# http://www.indexdata.dk/zebra/doc/zebra-cfg.tkl
# http://www.indexdata.dk/zebra/doc/grs.tkl
# Can use -g iso2709 to batch index raw iso2709 records in a single or
# multiple files, or marcxml records that are split into separate files
# the trailing .record tells zebraidx to use record.abs
iso2709.recordType:grs.marcxml.record
# Can use -g marcxml to batch index marcxml files
# zebraidx uses record.abs because of <record> is the root element
marcxml.recordType:grs.sgml
# Koha uses grs.xml internally when updating a single record, no idea
# why it knows to use record.abs
recordType:grs.xml
recordId: (bib1,Local-number)
storeKeys:1
storeData:1
# Lock File Area
lockDir: __ZEBRA_LOCK_DIR__/biblios
#perm.anonymous:ar
perm.__ZEBRA_USER__:rw
passwd: __ZEBRA_CONF_DIR__/etc/passwd
register: __ZEBRA_DATA_DIR__/biblios/register:20G
shadow: __ZEBRA_DATA_DIR__/biblios/shadow:20G
# Temp File area for result sets
setTmpDir: __ZEBRA_DATA_DIR__/biblios/tmp
# Temp File area for index program
keyTmpDir: __ZEBRA_DATA_DIR__/biblios/key
# Approx. Memory usage during indexing
memMax: 50M
rank:rank-1
truncmax: 1000000000
# Specifies the maximum number of records that will be sorted in a result set.
# If the result set contains more than that limit, the records after the limit
# will not be sorted. If omitted, the default value is 1,000.
sortmax: 1000