mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-12 23:14:18 +01:00
N°1260 MySQL TLS connection : apply Hardis patch (many thanks !)
SVN:trunk[5306]
This commit is contained in:
Pierre Goiffon
@@ -88,6 +88,10 @@ class CMDBSource
|
||||
protected static $m_sDBUser;
|
||||
protected static $m_sDBPwd;
|
||||
protected static $m_sDBName;
|
||||
protected static $m_sDBSSLKey;
|
||||
protected static $m_sDBSSLCert;
|
||||
protected static $m_sDBSSLCA;
|
||||
protected static $m_sDBSSLCipher;
|
||||
/** @var mysqli */
|
||||
protected static $m_oMysqli;
|
||||
|
||||
@@ -99,12 +103,16 @@ class CMDBSource
|
||||
*
|
||||
* @throws \MySQLException
|
||||
*/
|
||||
public static function Init($sServer, $sUser, $sPwd, $sSource = '')
|
||||
public static function Init($sServer, $sUser, $sPwd, $sSource = '', $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL )
|
||||
{
|
||||
self::$m_sDBHost = $sServer;
|
||||
self::$m_sDBUser = $sUser;
|
||||
self::$m_sDBPwd = $sPwd;
|
||||
self::$m_sDBName = $sSource;
|
||||
self::$m_sDBSSLKey = $sSSLKey;
|
||||
self::$m_sDBSSLCert = $sSSLCert;
|
||||
self::$m_sDBSSLCA = $sSSLCA;
|
||||
self::$m_sDBSSLCipher = $sSSLCipher;
|
||||
self::$m_oMysqli = null;
|
||||
|
||||
mysqli_report(MYSQLI_REPORT_STRICT); // *some* errors (like connection errors) will throw mysqli_sql_exception instead
|
||||
@@ -118,11 +126,31 @@ class CMDBSource
|
||||
// Override the default port
|
||||
$sServer = $aConnectInfo[0];
|
||||
$iPort = (int)$aConnectInfo[1];
|
||||
self::$m_oMysqli = new mysqli($sServer, self::$m_sDBUser, self::$m_sDBPwd, '', $iPort);
|
||||
self::$m_oMysqli = new mysqli();
|
||||
self::$m_oMysqli->init();
|
||||
if ( empty(self::$m_sDBSSLKey) || empty(self::$m_sDBSSLCert) || empty(self::$m_sDBSSLCA) )
|
||||
{
|
||||
self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd,'',$iPort);
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey,self::$m_sDBSSLCert,self::$m_sDBSSLCA,NULL,self::$m_sDBSSLCipher);
|
||||
self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd,'',$iPort, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$m_oMysqli = new mysqli(self::$m_sDBHost, self::$m_sDBUser, self::$m_sDBPwd);
|
||||
self::$m_oMysqli = new mysqli();
|
||||
self::$m_oMysqli->init();
|
||||
if ( empty(self::$m_sDBSSLKey) || empty(self::$m_sDBSSLCert) || empty(self::$m_sDBSSLCA) )
|
||||
{
|
||||
self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd);
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey,self::$m_sDBSSLCert,self::$m_sDBSSLCA,NULL,self::$m_sDBSSLCipher);
|
||||
self::$m_oMysqli->real_connect('p:'.self::$m_sDBHost,self::$m_sDBUser,self::$m_sDBPwd,'',NULL, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL );
|
||||
}
|
||||
}
|
||||
}
|
||||
catch(mysqli_sql_exception $e)
|
||||
@@ -897,4 +925,4 @@ class CMDBSource
|
||||
}
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1019,6 +1019,10 @@ class Config
|
||||
protected $m_sDBPwd;
|
||||
protected $m_sDBName;
|
||||
protected $m_sDBSubname;
|
||||
protected $m_sDBSSLKey;
|
||||
protected $m_sDBSSLCert;
|
||||
protected $m_sDBSSLCA;
|
||||
protected $m_sDBSSLCipher;
|
||||
protected $m_sDBCharacterSet;
|
||||
protected $m_sDBCollation;
|
||||
|
||||
@@ -1108,6 +1112,10 @@ class Config
|
||||
$this->m_sDBPwd = '';
|
||||
$this->m_sDBName = '';
|
||||
$this->m_sDBSubname = '';
|
||||
$this->m_sDBSSLKey = '';
|
||||
$this->m_sDBSSLCert = '';
|
||||
$this->m_sDBSSLCA = '';
|
||||
$this->m_sDBSSLCipher = '';
|
||||
$this->m_sDBCharacterSet = DEFAULT_CHARACTER_SET;
|
||||
$this->m_sDBCollation = DEFAULT_COLLATION;
|
||||
$this->m_bLogGlobal = DEFAULT_LOG_GLOBAL;
|
||||
@@ -1228,6 +1236,10 @@ class Config
|
||||
$this->m_sDBPwd = trim($MySettings['db_pwd']);
|
||||
$this->m_sDBName = trim($MySettings['db_name']);
|
||||
$this->m_sDBSubname = trim($MySettings['db_subname']);
|
||||
$this->m_sDBSSLKey = trim($MySettings['db_ssl_key']);
|
||||
$this->m_sDBSSLCert = trim($MySettings['db_ssl_cert']);
|
||||
$this->m_sDBSSLCA = trim($MySettings['db_ssl_ca']);
|
||||
$this->m_sDBSSLCipher = trim($MySettings['db_ssl_cipher']);
|
||||
|
||||
$this->m_sDBCharacterSet = isset($MySettings['db_character_set']) ? trim($MySettings['db_character_set']) : DEFAULT_CHARACTER_SET;
|
||||
$this->m_sDBCollation = isset($MySettings['db_collation']) ? trim($MySettings['db_collation']) : DEFAULT_COLLATION;
|
||||
@@ -1312,6 +1324,23 @@ class Config
|
||||
return $this->m_sDBSubname;
|
||||
}
|
||||
|
||||
public function GetDBSSLKey()
|
||||
{
|
||||
return $this->m_sDBSSLKey;
|
||||
}
|
||||
|
||||
public function GetDBSSLCert()
|
||||
{
|
||||
return $this->m_sDBSSLCert;
|
||||
}
|
||||
public function GetDBSSLCA()
|
||||
{
|
||||
return $this->m_sDBSSLCA;
|
||||
}
|
||||
public function GetDBSSLCipher()
|
||||
{
|
||||
return $this->m_sDBSSLCipher;
|
||||
}
|
||||
public function GetDBCharacterSet()
|
||||
{
|
||||
return $this->m_sDBCharacterSet;
|
||||
@@ -1427,6 +1456,26 @@ class Config
|
||||
$this->m_sDBSubname = $sDBSubName;
|
||||
}
|
||||
|
||||
public function SetDBSSLKey($sDBSSLKey)
|
||||
{
|
||||
$this->m_sDBSSLKey = $sDBSSLKey;
|
||||
}
|
||||
|
||||
public function SetDBSSLCert($sDBSSLCert)
|
||||
{
|
||||
$this->m_sDBSSLCert = $sDBSSLCert;
|
||||
}
|
||||
|
||||
public function SetDBSSLCA($sDBSSLCA)
|
||||
{
|
||||
$this->m_sDBSSLCA = $sDBSSLCA;
|
||||
}
|
||||
|
||||
public function SetDBSSLCipher($sDBSSLCipher)
|
||||
{
|
||||
$this->m_sDBSSLCipher = $sDBSSLCipher;
|
||||
}
|
||||
|
||||
public function SetDBCharacterSet($sDBCharacterSet)
|
||||
{
|
||||
$this->m_sDBCharacterSet = $sDBCharacterSet;
|
||||
@@ -1550,6 +1599,10 @@ class Config
|
||||
$aSettings['db_pwd'] = $this->m_sDBPwd;
|
||||
$aSettings['db_name'] = $this->m_sDBName;
|
||||
$aSettings['db_subname'] = $this->m_sDBSubname;
|
||||
$aSettings['db_ssl_key'] = $this->m_sDBSSLKey;
|
||||
$aSettings['db_ssl_cert'] = $this->m_sDBSSLCert;
|
||||
$aSettings['db_ssl_ca'] = $this->m_sDBSSLCA;
|
||||
$aSettings['db_ssl_cipher'] = $this->m_sDBSSLCipher;
|
||||
$aSettings['db_character_set'] = $this->m_sDBCharacterSet;
|
||||
$aSettings['db_collation'] = $this->m_sDBCollation;
|
||||
$aSettings['log_global'] = $this->m_bLogGlobal;
|
||||
@@ -1649,6 +1702,10 @@ class Config
|
||||
'db_pwd' => $this->m_sDBPwd,
|
||||
'db_name' => $this->m_sDBName,
|
||||
'db_subname' => $this->m_sDBSubname,
|
||||
'db_ssl_key' => $this->m_sDBSSLKey,
|
||||
'db_ssl_cert' => $this->m_sDBSSLCert,
|
||||
'db_ssl_ca' => $this->m_sDBSSLCA,
|
||||
'db_ssl_cipher' => $this->m_sDBSSLCipher,
|
||||
'db_character_set' => $this->m_sDBCharacterSet,
|
||||
'db_collation' => $this->m_sDBCollation,
|
||||
'default_language' => $this->m_sDefaultLanguage,
|
||||
@@ -1771,6 +1828,10 @@ class Config
|
||||
}
|
||||
$this->SetDBName($sDBName);
|
||||
$this->SetDBSubname($aParamValues['db_prefix']);
|
||||
$this->SetDBSSLKey($aParamValues['db_ssl_key']);
|
||||
$this->SetDBSSLCert($aParamValues['db_ssl_cert']);
|
||||
$this->SetDBSSLCA($aParamValues['db_ssl_ca']);
|
||||
$this->SetDBSSLCipher($aParamValues['db_ssl_cipher']);
|
||||
}
|
||||
|
||||
if (isset($aParamValues['selected_modules']))
|
||||
|
||||
@@ -5805,6 +5805,10 @@ abstract class MetaModel
|
||||
$sUser = self::$m_oConfig->GetDBUser();
|
||||
$sPwd = self::$m_oConfig->GetDBPwd();
|
||||
$sSource = self::$m_oConfig->GetDBName();
|
||||
$sSSLKey = self::$m_oConfig->GetDBSSLKey();
|
||||
$sSSLCert = self::$m_oConfig->GetDBSSLCert();
|
||||
$sSSLCA = self::$m_oConfig->GetDBSSLCA();
|
||||
$sSSLCipher = self::$m_oConfig->GetDBSSLCipher();
|
||||
$sTablePrefix = self::$m_oConfig->GetDBSubname();
|
||||
$sCharacterSet = self::$m_oConfig->GetDBCharacterSet();
|
||||
$sCollation = self::$m_oConfig->GetDBCollation();
|
||||
@@ -5884,7 +5888,7 @@ abstract class MetaModel
|
||||
self::$m_sDBName = $sSource;
|
||||
self::$m_sTablePrefix = $sTablePrefix;
|
||||
|
||||
CMDBSource::Init($sServer, $sUser, $sPwd); // do not select the DB (could not exist)
|
||||
CMDBSource::Init($sServer, $sUser, $sPwd, '', $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher); // do not select the DB (could not exist)
|
||||
CMDBSource::SetCharacterSet($sCharacterSet, $sCollation);
|
||||
// Later when timezone implementation is correctly done: CMDBSource::SetTimezone($sDBTimezone);
|
||||
}
|
||||
|
||||
@@ -32,6 +32,10 @@ class iTopMutex
|
||||
protected $sName;
|
||||
protected $hDBLink;
|
||||
protected $bLocked; // Whether or not this instance of the Mutex is locked
|
||||
protected $sDBSSLKey;
|
||||
protected $sDBSSLCert;
|
||||
protected $sDBSSLCA;
|
||||
protected $sDBSSLCipher;
|
||||
static protected $aAcquiredLocks = array(); // Number of instances of the Mutex, having the lock, in this page
|
||||
|
||||
public function __construct($sName, $sDBHost = null, $sDBUser = null, $sDBPwd = null)
|
||||
@@ -45,6 +49,11 @@ class iTopMutex
|
||||
}
|
||||
$sDBName = $oConfig->GetDBName();
|
||||
$sDBSubname = $oConfig->GetDBSubname();
|
||||
$this->sDBSSLKey = $oConfig->GetDBSSLKey();
|
||||
$this->sDBSSLCert = $oConfig->GetDBSSLCert();
|
||||
$this->sDBSSLCA = $oConfig->GetDBSSLCA();
|
||||
$this->sDBSSLCipher = $oConfig->GetDBSSLCipher();
|
||||
$this->sName = 'itop.'.$sName;
|
||||
$this->sName = $sName;
|
||||
if (substr($sName, -strlen($sDBName.$sDBSubname)) != $sDBName.$sDBSubname)
|
||||
{
|
||||
@@ -212,11 +221,30 @@ class iTopMutex
|
||||
// Override the default port
|
||||
$sServer = $aConnectInfo[0];
|
||||
$iPort = $aConnectInfo[1];
|
||||
$this->hDBLink = @mysqli_connect($sServer, $sUser, $sPwd, '', $iPort);
|
||||
$this->hDBLink = mysqli_init();
|
||||
if ( empty($this->sDBSSLKey) || empty($this->sDBSSLCert) || empty($this->sDBSSLCA) )
|
||||
{
|
||||
$this->hDBLink->real_connect($sServer,$sUser,$sPwd,'',$iPort);
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->hDBLink->ssl_set($this->sDBSSLKey,$this->sDBSSLCert,$this->sDBSSLCA,NULL,$this->sDBSSLCipher);
|
||||
$this->hDBLink->real_connect($sServer,$sUser,$sPwd,'',$iPort, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->hDBLink = @mysqli_connect($sHost, $sUser, $sPwd);
|
||||
$this->hDBLink = new mysqli();
|
||||
$this->hDBLink->init();
|
||||
if ( empty($this->sDBSSLKey) || empty($this->sDBSSLCert) || empty($this->sDBSSLCA) )
|
||||
{
|
||||
$this->hDBLink->real_connect($sHost,$sUser,$sPwd);
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->hDBLink->ssl_set($this->sDBSSLKey,$this->sDBSSLCert,$this->sDBSSLCA,NULL,$this->sDBSSLCipher);
|
||||
$this->hDBLink->real_connect('p:'.$sHost,$sUser,$sPwd,'',NULL, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL );
|
||||
}
|
||||
}
|
||||
|
||||
if (!$this->hDBLink)
|
||||
|
||||
@@ -243,7 +243,7 @@ class RunTimeEnvironment
|
||||
try
|
||||
{
|
||||
require_once(APPROOT.'/core/cmdbsource.class.inc.php');
|
||||
CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName());
|
||||
CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName(), $oConfig->GetDBSSLKey(), $oConfig->GetDBSSLCert(), $oConfig->GetDBSSLCA(), $oConfig->GetDBSSLCipher());
|
||||
CMDBSource::SetCharacterSet($oConfig->GetDBCharacterSet(), $oConfig->GetDBCollation());
|
||||
$aSelectInstall = CMDBSource::QueryToArray("SELECT * FROM ".$oConfig->GetDBSubname()."priv_module_install");
|
||||
}
|
||||
@@ -836,7 +836,7 @@ class RunTimeEnvironment
|
||||
try
|
||||
{
|
||||
require_once(APPROOT.'/core/cmdbsource.class.inc.php');
|
||||
CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName());
|
||||
CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName(), $oConfig->GetDBSSLKey(), $oConfig->GetDBSSLCert(), $oConfig->GetDBSSLCA(), $oConfig->GetDBSSLCipher());
|
||||
CMDBSource::SetCharacterSet($oConfig->GetDBCharacterSet(), $oConfig->GetDBCollation());
|
||||
$sSQLQuery = "SELECT * FROM ".$oConfig->GetDBSubname()."priv_module_install";
|
||||
$aSelectInstall = CMDBSource::QueryToArray($sSQLQuery);
|
||||
|
||||
@@ -1026,13 +1026,13 @@ EOF
|
||||
*
|
||||
* @return mixed false if the connection failed or array('checks' => Array of CheckResult, 'databases' => Array of database names (as strings) or null if not allowed)
|
||||
*/
|
||||
static function CheckDbServer($sDBServer, $sDBUser, $sDBPwd)
|
||||
static function CheckDbServer($sDBServer, $sDBUser, $sDBPwd, $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL)
|
||||
{
|
||||
$aResult = array('checks' => array(), 'databases' => null);
|
||||
try
|
||||
{
|
||||
$oDBSource = new CMDBSource;
|
||||
$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd);
|
||||
$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher);
|
||||
$aResult['checks'][] = new CheckResult(CheckResult::INFO, "Connection to '$sDBServer' as '$sDBUser' successful.");
|
||||
$aResult['checks'][] = new CheckResult(CheckResult::INFO, "Info - User privileges: ".($oDBSource->GetRawPrivileges()));
|
||||
|
||||
@@ -1112,10 +1112,10 @@ EOF
|
||||
return false;
|
||||
}
|
||||
|
||||
static public function GetMySQLVersion($sDBServer, $sDBUser, $sDBPwd)
|
||||
static public function GetMySQLVersion($sDBServer, $sDBUser, $sDBPwd, $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL )
|
||||
{
|
||||
$oDBSource = new CMDBSource;
|
||||
$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd);
|
||||
$oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher);
|
||||
$sDBVersion = $oDBSource->GetDBVersion();
|
||||
return $sDBVersion;
|
||||
}
|
||||
@@ -1126,10 +1126,15 @@ EOF
|
||||
$sDBUser = $aParameters['db_user'];
|
||||
$sDBPwd = $aParameters['db_pwd'];
|
||||
$sDBName = $aParameters['db_name'];
|
||||
$sSSLKey = $aParameters['db_ssl_key'];
|
||||
$sSSLCert = $aParameters['db_ssl_cert'];
|
||||
$sSSLCA = $aParameters['db_ssl_ca'];
|
||||
$sSSLCipher = $aParameters['db_ssl_cipher'];
|
||||
|
||||
$oPage->add_ready_script('oXHRCheckDB = null;');
|
||||
|
||||
$checks = SetupUtils::CheckDbServer($sDBServer, $sDBUser, $sDBPwd);
|
||||
$checks = SetupUtils::CheckDbServer($sDBServer, $sDBUser, $sDBPwd, $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher);
|
||||
|
||||
if ($checks === false)
|
||||
{
|
||||
// Connection failed, disable the "Next" button
|
||||
|
||||
Reference in New Issue
Block a user