[Rt-commit] rt branch 5.0/improve-db-connection-handling created. rt-5.0.2-221-ge9b17c5527
BPS Git Server
git at git.bestpractical.com
Fri May 6 20:06:37 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/improve-db-connection-handling has been created
at e9b17c55276c805501d59e8bdacb108a30ba2e76 (commit)
- Log -----------------------------------------------------------------
commit e9b17c55276c805501d59e8bdacb108a30ba2e76
Author: Jason Crome <jcrome at bestpractical.com>
Date: Fri May 6 16:03:17 2022 -0400
Try to avoid connecting to DB if password missing
For some installs of RT, too many failed database connections will lock
account access. Regardless of whether this is a permission error,
configuration error, etc., try to mitigate this by not attempting to
connect if the database password is blank or missing.
Add a configuration option, AllowEmptyDatabasePassword, to skip the
requirement of having a non-empty database password to start RT.
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 1b7720241e..4a72c5b2ec 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -281,6 +281,14 @@ during upgrades.
Set($DatabaseAdmin, "@DB_DBA@");
+=item C<$AllowEmptyDatabasePassword>
+
+Allow RT to use an empty database password. B<NOT> recommended!
+
+=cut
+
+Set($AllowEmptyDatabasePassword, 0);
+
=back
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 034ca84b28..662e8c1430 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -765,6 +765,9 @@ our %META;
Immutable => 1,
Widget => '/Widgets/Form/String',
},
+ AllowEmptyDatabasePassword => {
+ Widget => '/Widgets/Form/Boolean',
+ },
FullTextSearch => {
Type => 'HASH',
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 3f741fa7ff..9195278624 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -120,9 +120,33 @@ sub Connect {
$ENV{'NLS_NCHAR'} = "AL32UTF8";
}
+ # Prevent RT from connecting without a password. For some installations, an empty
+ # password might indicate that we couldn't read our RT config, and repeated attempts
+ # to connect to the database without a password may lock the db account RT uses.
+ # Here we attempt to mitigate that outcome, and determine why we have no password.
+ #
+ # Sometimes, you might want to allow this. If so, you'll need to specifically enable
+ # AllowEmptyDatabasePassword in your RT config to account for this.
+
+ my $dbpassword = RT->Config->Get('DatabasePassword');
+ if( !$dbpassword or $dbpassword eq '' ) {
+ if( !RT->Config->Get('AllowEmptyDatabasePassword') ) {
+ # Password is empty, and it's not supposed to be.
+ if( !RT->Config->LoadedConfigs ) {
+ # No configs are loaded, so try to load them again. If this was because of permissions,
+ # we should have already, but for the sake of being paranoid, try to load them again.
+ # Either they will load, or fail and we'll get told why.
+ RT->LoadConfig;
+ } else {
+ die "Cannot start RT with an empty password. Check your RT configuration\n" .
+ "and make sure you've provided a database password.\n";
+ }
+ }
+ }
+
$self->SUPER::Connect(
User => RT->Config->Get('DatabaseUser'),
- Password => RT->Config->Get('DatabasePassword'),
+ Password => $dbpassword,
DisconnectHandleOnDestroy => 1,
%args,
);
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list