From 08d9d5889405f2b779e36091d792aa961074bb04 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 8 Feb 2018 14:20:58 +0000 Subject: [PATCH] =?UTF-8?q?N=C2=B01260=20MySQL=20TLS=20connection=20:=20ap?= =?UTF-8?q?ply=20Hardis=20patch=20(many=20thanks=20!)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SVN:trunk[5306] --- core/cmdbsource.class.inc.php | 36 +++++++++++++++++--- core/config.class.inc.php | 61 ++++++++++++++++++++++++++++++++++ core/metamodel.class.php | 6 +++- core/mutex.class.inc.php | 32 ++++++++++++++++-- setup/runtimeenv.class.inc.php | 4 +-- setup/setuputils.class.inc.php | 15 ++++++--- 6 files changed, 140 insertions(+), 14 deletions(-) diff --git a/core/cmdbsource.class.inc.php b/core/cmdbsource.class.inc.php index ad3ee41b4..51a12994e 100644 --- a/core/cmdbsource.class.inc.php +++ b/core/cmdbsource.class.inc.php @@ -88,6 +88,10 @@ class CMDBSource protected static $m_sDBUser; protected static $m_sDBPwd; protected static $m_sDBName; + protected static $m_sDBSSLKey; + protected static $m_sDBSSLCert; + protected static $m_sDBSSLCA; + protected static $m_sDBSSLCipher; /** @var mysqli */ protected static $m_oMysqli; @@ -99,12 +103,16 @@ class CMDBSource * * @throws \MySQLException */ - public static function Init($sServer, $sUser, $sPwd, $sSource = '') + public static function Init($sServer, $sUser, $sPwd, $sSource = '', $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL ) { self::$m_sDBHost = $sServer; self::$m_sDBUser = $sUser; self::$m_sDBPwd = $sPwd; self::$m_sDBName = $sSource; + self::$m_sDBSSLKey = $sSSLKey; + self::$m_sDBSSLCert = $sSSLCert; + self::$m_sDBSSLCA = $sSSLCA; + self::$m_sDBSSLCipher = $sSSLCipher; self::$m_oMysqli = null; mysqli_report(MYSQLI_REPORT_STRICT); // *some* errors (like connection errors) will throw mysqli_sql_exception instead @@ -118,11 +126,31 @@ class CMDBSource // Override the default port $sServer = $aConnectInfo[0]; $iPort = (int)$aConnectInfo[1]; - self::$m_oMysqli = new mysqli($sServer, self::$m_sDBUser, self::$m_sDBPwd, '', $iPort); + self::$m_oMysqli = new mysqli(); + self::$m_oMysqli->init(); + if ( empty(self::$m_sDBSSLKey) || empty(self::$m_sDBSSLCert) || empty(self::$m_sDBSSLCA) ) + { + self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd,'',$iPort); + } + else + { + self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey,self::$m_sDBSSLCert,self::$m_sDBSSLCA,NULL,self::$m_sDBSSLCipher); + self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd,'',$iPort, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL ); + } } else { - self::$m_oMysqli = new mysqli(self::$m_sDBHost, self::$m_sDBUser, self::$m_sDBPwd); + self::$m_oMysqli = new mysqli(); + self::$m_oMysqli->init(); + if ( empty(self::$m_sDBSSLKey) || empty(self::$m_sDBSSLCert) || empty(self::$m_sDBSSLCA) ) + { + self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd); + } + else + { + self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey,self::$m_sDBSSLCert,self::$m_sDBSSLCA,NULL,self::$m_sDBSSLCipher); + self::$m_oMysqli->real_connect('p:'.self::$m_sDBHost,self::$m_sDBUser,self::$m_sDBPwd,'',NULL, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL ); + } } } catch(mysqli_sql_exception $e) @@ -897,4 +925,4 @@ class CMDBSource } return false; } -} \ No newline at end of file +} diff --git a/core/config.class.inc.php b/core/config.class.inc.php index b01460142..514f5a4a2 100644 --- a/core/config.class.inc.php +++ b/core/config.class.inc.php @@ -1019,6 +1019,10 @@ class Config protected $m_sDBPwd; protected $m_sDBName; protected $m_sDBSubname; + protected $m_sDBSSLKey; + protected $m_sDBSSLCert; + protected $m_sDBSSLCA; + protected $m_sDBSSLCipher; protected $m_sDBCharacterSet; protected $m_sDBCollation; @@ -1108,6 +1112,10 @@ class Config $this->m_sDBPwd = ''; $this->m_sDBName = ''; $this->m_sDBSubname = ''; + $this->m_sDBSSLKey = ''; + $this->m_sDBSSLCert = ''; + $this->m_sDBSSLCA = ''; + $this->m_sDBSSLCipher = ''; $this->m_sDBCharacterSet = DEFAULT_CHARACTER_SET; $this->m_sDBCollation = DEFAULT_COLLATION; $this->m_bLogGlobal = DEFAULT_LOG_GLOBAL; @@ -1228,6 +1236,10 @@ class Config $this->m_sDBPwd = trim($MySettings['db_pwd']); $this->m_sDBName = trim($MySettings['db_name']); $this->m_sDBSubname = trim($MySettings['db_subname']); + $this->m_sDBSSLKey = trim($MySettings['db_ssl_key']); + $this->m_sDBSSLCert = trim($MySettings['db_ssl_cert']); + $this->m_sDBSSLCA = trim($MySettings['db_ssl_ca']); + $this->m_sDBSSLCipher = trim($MySettings['db_ssl_cipher']); $this->m_sDBCharacterSet = isset($MySettings['db_character_set']) ? trim($MySettings['db_character_set']) : DEFAULT_CHARACTER_SET; $this->m_sDBCollation = isset($MySettings['db_collation']) ? trim($MySettings['db_collation']) : DEFAULT_COLLATION; @@ -1312,6 +1324,23 @@ class Config return $this->m_sDBSubname; } + public function GetDBSSLKey() + { + return $this->m_sDBSSLKey; + } + + public function GetDBSSLCert() + { + return $this->m_sDBSSLCert; + } + public function GetDBSSLCA() + { + return $this->m_sDBSSLCA; + } + public function GetDBSSLCipher() + { + return $this->m_sDBSSLCipher; + } public function GetDBCharacterSet() { return $this->m_sDBCharacterSet; @@ -1427,6 +1456,26 @@ class Config $this->m_sDBSubname = $sDBSubName; } + public function SetDBSSLKey($sDBSSLKey) + { + $this->m_sDBSSLKey = $sDBSSLKey; + } + + public function SetDBSSLCert($sDBSSLCert) + { + $this->m_sDBSSLCert = $sDBSSLCert; + } + + public function SetDBSSLCA($sDBSSLCA) + { + $this->m_sDBSSLCA = $sDBSSLCA; + } + + public function SetDBSSLCipher($sDBSSLCipher) + { + $this->m_sDBSSLCipher = $sDBSSLCipher; + } + public function SetDBCharacterSet($sDBCharacterSet) { $this->m_sDBCharacterSet = $sDBCharacterSet; @@ -1550,6 +1599,10 @@ class Config $aSettings['db_pwd'] = $this->m_sDBPwd; $aSettings['db_name'] = $this->m_sDBName; $aSettings['db_subname'] = $this->m_sDBSubname; + $aSettings['db_ssl_key'] = $this->m_sDBSSLKey; + $aSettings['db_ssl_cert'] = $this->m_sDBSSLCert; + $aSettings['db_ssl_ca'] = $this->m_sDBSSLCA; + $aSettings['db_ssl_cipher'] = $this->m_sDBSSLCipher; $aSettings['db_character_set'] = $this->m_sDBCharacterSet; $aSettings['db_collation'] = $this->m_sDBCollation; $aSettings['log_global'] = $this->m_bLogGlobal; @@ -1649,6 +1702,10 @@ class Config 'db_pwd' => $this->m_sDBPwd, 'db_name' => $this->m_sDBName, 'db_subname' => $this->m_sDBSubname, + 'db_ssl_key' => $this->m_sDBSSLKey, + 'db_ssl_cert' => $this->m_sDBSSLCert, + 'db_ssl_ca' => $this->m_sDBSSLCA, + 'db_ssl_cipher' => $this->m_sDBSSLCipher, 'db_character_set' => $this->m_sDBCharacterSet, 'db_collation' => $this->m_sDBCollation, 'default_language' => $this->m_sDefaultLanguage, @@ -1771,6 +1828,10 @@ class Config } $this->SetDBName($sDBName); $this->SetDBSubname($aParamValues['db_prefix']); + $this->SetDBSSLKey($aParamValues['db_ssl_key']); + $this->SetDBSSLCert($aParamValues['db_ssl_cert']); + $this->SetDBSSLCA($aParamValues['db_ssl_ca']); + $this->SetDBSSLCipher($aParamValues['db_ssl_cipher']); } if (isset($aParamValues['selected_modules'])) diff --git a/core/metamodel.class.php b/core/metamodel.class.php index ed0f2f651..6fdc2f61f 100644 --- a/core/metamodel.class.php +++ b/core/metamodel.class.php @@ -5805,6 +5805,10 @@ abstract class MetaModel $sUser = self::$m_oConfig->GetDBUser(); $sPwd = self::$m_oConfig->GetDBPwd(); $sSource = self::$m_oConfig->GetDBName(); + $sSSLKey = self::$m_oConfig->GetDBSSLKey(); + $sSSLCert = self::$m_oConfig->GetDBSSLCert(); + $sSSLCA = self::$m_oConfig->GetDBSSLCA(); + $sSSLCipher = self::$m_oConfig->GetDBSSLCipher(); $sTablePrefix = self::$m_oConfig->GetDBSubname(); $sCharacterSet = self::$m_oConfig->GetDBCharacterSet(); $sCollation = self::$m_oConfig->GetDBCollation(); @@ -5884,7 +5888,7 @@ abstract class MetaModel self::$m_sDBName = $sSource; self::$m_sTablePrefix = $sTablePrefix; - CMDBSource::Init($sServer, $sUser, $sPwd); // do not select the DB (could not exist) + CMDBSource::Init($sServer, $sUser, $sPwd, '', $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher); // do not select the DB (could not exist) CMDBSource::SetCharacterSet($sCharacterSet, $sCollation); // Later when timezone implementation is correctly done: CMDBSource::SetTimezone($sDBTimezone); } diff --git a/core/mutex.class.inc.php b/core/mutex.class.inc.php index 124f2303b..daf82fd02 100644 --- a/core/mutex.class.inc.php +++ b/core/mutex.class.inc.php @@ -32,6 +32,10 @@ class iTopMutex protected $sName; protected $hDBLink; protected $bLocked; // Whether or not this instance of the Mutex is locked + protected $sDBSSLKey; + protected $sDBSSLCert; + protected $sDBSSLCA; + protected $sDBSSLCipher; static protected $aAcquiredLocks = array(); // Number of instances of the Mutex, having the lock, in this page public function __construct($sName, $sDBHost = null, $sDBUser = null, $sDBPwd = null) @@ -45,6 +49,11 @@ class iTopMutex } $sDBName = $oConfig->GetDBName(); $sDBSubname = $oConfig->GetDBSubname(); + $this->sDBSSLKey = $oConfig->GetDBSSLKey(); + $this->sDBSSLCert = $oConfig->GetDBSSLCert(); + $this->sDBSSLCA = $oConfig->GetDBSSLCA(); + $this->sDBSSLCipher = $oConfig->GetDBSSLCipher(); + $this->sName = 'itop.'.$sName; $this->sName = $sName; if (substr($sName, -strlen($sDBName.$sDBSubname)) != $sDBName.$sDBSubname) { @@ -212,11 +221,30 @@ class iTopMutex // Override the default port $sServer = $aConnectInfo[0]; $iPort = $aConnectInfo[1]; - $this->hDBLink = @mysqli_connect($sServer, $sUser, $sPwd, '', $iPort); + $this->hDBLink = mysqli_init(); + if ( empty($this->sDBSSLKey) || empty($this->sDBSSLCert) || empty($this->sDBSSLCA) ) + { + $this->hDBLink->real_connect($sServer,$sUser,$sPwd,'',$iPort); + } + else + { + $this->hDBLink->ssl_set($this->sDBSSLKey,$this->sDBSSLCert,$this->sDBSSLCA,NULL,$this->sDBSSLCipher); + $this->hDBLink->real_connect($sServer,$sUser,$sPwd,'',$iPort, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL ); + } } else { - $this->hDBLink = @mysqli_connect($sHost, $sUser, $sPwd); + $this->hDBLink = new mysqli(); + $this->hDBLink->init(); + if ( empty($this->sDBSSLKey) || empty($this->sDBSSLCert) || empty($this->sDBSSLCA) ) + { + $this->hDBLink->real_connect($sHost,$sUser,$sPwd); + } + else + { + $this->hDBLink->ssl_set($this->sDBSSLKey,$this->sDBSSLCert,$this->sDBSSLCA,NULL,$this->sDBSSLCipher); + $this->hDBLink->real_connect('p:'.$sHost,$sUser,$sPwd,'',NULL, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL ); + } } if (!$this->hDBLink) diff --git a/setup/runtimeenv.class.inc.php b/setup/runtimeenv.class.inc.php index 947e9f707..015386c3b 100644 --- a/setup/runtimeenv.class.inc.php +++ b/setup/runtimeenv.class.inc.php @@ -243,7 +243,7 @@ class RunTimeEnvironment try { require_once(APPROOT.'/core/cmdbsource.class.inc.php'); - CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName()); + CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName(), $oConfig->GetDBSSLKey(), $oConfig->GetDBSSLCert(), $oConfig->GetDBSSLCA(), $oConfig->GetDBSSLCipher()); CMDBSource::SetCharacterSet($oConfig->GetDBCharacterSet(), $oConfig->GetDBCollation()); $aSelectInstall = CMDBSource::QueryToArray("SELECT * FROM ".$oConfig->GetDBSubname()."priv_module_install"); } @@ -836,7 +836,7 @@ class RunTimeEnvironment try { require_once(APPROOT.'/core/cmdbsource.class.inc.php'); - CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName()); + CMDBSource::Init($oConfig->GetDBHost(), $oConfig->GetDBUser(), $oConfig->GetDBPwd(), $oConfig->GetDBName(), $oConfig->GetDBSSLKey(), $oConfig->GetDBSSLCert(), $oConfig->GetDBSSLCA(), $oConfig->GetDBSSLCipher()); CMDBSource::SetCharacterSet($oConfig->GetDBCharacterSet(), $oConfig->GetDBCollation()); $sSQLQuery = "SELECT * FROM ".$oConfig->GetDBSubname()."priv_module_install"; $aSelectInstall = CMDBSource::QueryToArray($sSQLQuery); diff --git a/setup/setuputils.class.inc.php b/setup/setuputils.class.inc.php index 307d4b8b4..ba05dffab 100644 --- a/setup/setuputils.class.inc.php +++ b/setup/setuputils.class.inc.php @@ -1026,13 +1026,13 @@ EOF * * @return mixed false if the connection failed or array('checks' => Array of CheckResult, 'databases' => Array of database names (as strings) or null if not allowed) */ - static function CheckDbServer($sDBServer, $sDBUser, $sDBPwd) + static function CheckDbServer($sDBServer, $sDBUser, $sDBPwd, $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL) { $aResult = array('checks' => array(), 'databases' => null); try { $oDBSource = new CMDBSource; - $oDBSource->Init($sDBServer, $sDBUser, $sDBPwd); + $oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher); $aResult['checks'][] = new CheckResult(CheckResult::INFO, "Connection to '$sDBServer' as '$sDBUser' successful."); $aResult['checks'][] = new CheckResult(CheckResult::INFO, "Info - User privileges: ".($oDBSource->GetRawPrivileges())); @@ -1112,10 +1112,10 @@ EOF return false; } - static public function GetMySQLVersion($sDBServer, $sDBUser, $sDBPwd) + static public function GetMySQLVersion($sDBServer, $sDBUser, $sDBPwd, $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL ) { $oDBSource = new CMDBSource; - $oDBSource->Init($sDBServer, $sDBUser, $sDBPwd); + $oDBSource->Init($sDBServer, $sDBUser, $sDBPwd, '', $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher); $sDBVersion = $oDBSource->GetDBVersion(); return $sDBVersion; } @@ -1126,10 +1126,15 @@ EOF $sDBUser = $aParameters['db_user']; $sDBPwd = $aParameters['db_pwd']; $sDBName = $aParameters['db_name']; + $sSSLKey = $aParameters['db_ssl_key']; + $sSSLCert = $aParameters['db_ssl_cert']; + $sSSLCA = $aParameters['db_ssl_ca']; + $sSSLCipher = $aParameters['db_ssl_cipher']; $oPage->add_ready_script('oXHRCheckDB = null;'); - $checks = SetupUtils::CheckDbServer($sDBServer, $sDBUser, $sDBPwd); + $checks = SetupUtils::CheckDbServer($sDBServer, $sDBUser, $sDBPwd, $sSSLKey, $sSSLCert, $sSSLCA, $sSSLCipher); + if ($checks === false) { // Connection failed, disable the "Next" button