With respect to mysql support for the use of "tcp wrappers" I wish to
report a bug in the documentation and two suggestions for improvement
to the source code. All comments pertain to version 3.23.43.
First, the following information in section 2.6.3 (Solaris Notes) of
the MySQL manual is totally incorrect and should be deleted from the
manual.
When using the --with-libwrap configure option, you must also include
the libraries that `libwrap.a' needs:
--with-libwrap="/opt/NUtcpwrapper-7.6/lib/libwrap.a -lnsl -lsocket
In fact, "--with-libwrap" must point at the tcp wrapper install
directory (eg. /opt/NUtcpwrapper-7.6), since the configure script will
attempt to locate the tcpd.h include file using code similar to the
following
gcc -E -I/opt/NUtcp_wrappers_7.6/include conftest.c >/dev/null 2>conftest.out
and in like fashion the existence of the library will be checked for
using a configuration test which includes the above "-I" clause and an
appropriate "-L" clause pointing to the appropriate lib directory
"/opt/NUtcp_wrappers_7.6/lib" with a "-lwrap" option and with the
appropriate ancilliary libraries (eg. -lnsl -lsocket) automatically
included in the compilation of the test.
In other words, the intuitively obvious setting is correct, and the
setting suggested in the manual is totally incorrect.
Also, on the subject of using tcp wrappers it would help if there was
some way to control the syslog facility at configure/compile time as in
#ifdef HAVE_LIBWRAP
libwrapName= my_progname+dirname_length(my_progname);
openlog(libwrapName, LOG_PID, TCPD_FACILITY);
#endif
where TCPD_FACILITY could be set to LOG_AUTH by default to provide
current behaviour or to some other facility such as LOG_LOCAL7 which
is what it has to be in my situation.
I also recommend that the code be amended to include a log entry on
successful connection in addition to connection refusal, since it is
common for programs which use tcp wrappers to exhibit this behaviour.
This would require an "else" clause on the "if (!hosts_access(&req))"
statement in mysqld.cc (see WITH_LIBWRAP) with the following as the
sole entry in the "else"
syslog(allow_severity, "connect from %s", eval_client(&req));
This will not bloat the syslog file, BTW, since it only applies to
connections from other machines and not to connections via "localhost"
which would be predominant in most installations, IMO.
- rick mallett
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
