mirror of
https://github.com/Combodo/iTop.git
synced 2026-02-13 07:24:13 +01:00
N°1260 MySQL TLS patch improvements :
* mysql connexion opening : simplify code * rename DB_SSL_* variables to DB_SSL.* * fix warnings when new param are not set * persistent connection (host "p:" prefix) is used for every TLS connection * add some missing @var SVN:trunk[5307]
This commit is contained in:
Pierre Goiffon
@@ -99,59 +99,48 @@ class CMDBSource
|
||||
* @param string $sServer
|
||||
* @param string $sUser
|
||||
* @param string $sPwd
|
||||
* @param string $sSource
|
||||
* @param string $sSource database to use
|
||||
* @param string $sSSLKey
|
||||
* @param string $sSSLCert
|
||||
* @param string $sSSLCA
|
||||
* @param string $sSSLCipher
|
||||
*
|
||||
* @throws \MySQLException
|
||||
*/
|
||||
public static function Init($sServer, $sUser, $sPwd, $sSource = '', $sSSLKey = NULL, $sSSLCert = NULL, $sSSLCA = NULL, $sSSLCipher = NULL )
|
||||
{
|
||||
self::$m_oMysqli = null;
|
||||
|
||||
self::$m_sDBHost = $sServer;
|
||||
self::$m_sDBUser = $sUser;
|
||||
self::$m_sDBPwd = $sPwd;
|
||||
self::$m_sDBName = $sSource;
|
||||
self::$m_sDBSSLKey = $sSSLKey;
|
||||
self::$m_sDBSSLCert = $sSSLCert;
|
||||
self::$m_sDBSSLCA = $sSSLCA;
|
||||
self::$m_sDBSSLCipher = $sSSLCipher;
|
||||
self::$m_oMysqli = null;
|
||||
self::$m_sDBSSLKey = empty($sSSLKey) ? null : $sSSLKey;
|
||||
self::$m_sDBSSLCert = empty($sSSLCert) ? null : $sSSLCert;
|
||||
self::$m_sDBSSLCA = empty($sSSLCA) ? null : $sSSLCA;
|
||||
self::$m_sDBSSLCipher = empty($sSSLCipher) ? null : $sSSLCipher;
|
||||
|
||||
$sServer = null;
|
||||
$iPort = null;
|
||||
self::InitServerAndPort($sServer, $iPort);
|
||||
$iFlags = null;
|
||||
|
||||
mysqli_report(MYSQLI_REPORT_STRICT); // *some* errors (like connection errors) will throw mysqli_sql_exception instead
|
||||
// of generating warnings printed to the output but some other errors will still
|
||||
// cause the query() method to return false !!!
|
||||
try
|
||||
{
|
||||
$aConnectInfo = explode(':', self::$m_sDBHost);
|
||||
if (count($aConnectInfo) > 1)
|
||||
self::$m_oMysqli = new mysqli();
|
||||
self::$m_oMysqli->init();
|
||||
|
||||
if (!empty(self::$m_sDBSSLKey) && !empty(self::$m_sDBSSLCert) && !empty(self::$m_sDBSSLCA))
|
||||
{
|
||||
// Override the default port
|
||||
$sServer = $aConnectInfo[0];
|
||||
$iPort = (int)$aConnectInfo[1];
|
||||
self::$m_oMysqli = new mysqli();
|
||||
self::$m_oMysqli->init();
|
||||
if ( empty(self::$m_sDBSSLKey) || empty(self::$m_sDBSSLCert) || empty(self::$m_sDBSSLCA) )
|
||||
{
|
||||
self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd,'',$iPort);
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey,self::$m_sDBSSLCert,self::$m_sDBSSLCA,NULL,self::$m_sDBSSLCipher);
|
||||
self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd,'',$iPort, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$m_oMysqli = new mysqli();
|
||||
self::$m_oMysqli->init();
|
||||
if ( empty(self::$m_sDBSSLKey) || empty(self::$m_sDBSSLCert) || empty(self::$m_sDBSSLCA) )
|
||||
{
|
||||
self::$m_oMysqli->real_connect($sServer,self::$m_sDBUser,self::$m_sDBPwd);
|
||||
}
|
||||
else
|
||||
{
|
||||
self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey,self::$m_sDBSSLCert,self::$m_sDBSSLCA,NULL,self::$m_sDBSSLCipher);
|
||||
self::$m_oMysqli->real_connect('p:'.self::$m_sDBHost,self::$m_sDBUser,self::$m_sDBPwd,'',NULL, ini_get("mysqli.default_socket"),MYSQLI_CLIENT_SSL );
|
||||
}
|
||||
$iFlags = MYSQLI_CLIENT_SSL;
|
||||
self::$m_oMysqli->ssl_set(self::$m_sDBSSLKey, self::$m_sDBSSLCert, self::$m_sDBSSLCA, null,
|
||||
self::$m_sDBSSLCipher);
|
||||
}
|
||||
self::$m_oMysqli->real_connect($sServer, self::$m_sDBUser, self::$m_sDBPwd, '', $iPort,
|
||||
ini_get("mysqli.default_socket"), $iFlags);
|
||||
}
|
||||
catch(mysqli_sql_exception $e)
|
||||
{
|
||||
@@ -172,6 +161,35 @@ class CMDBSource
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Initialize variables from the static attribute (containing "domain:port" syntax)
|
||||
*
|
||||
* @param string $sServer
|
||||
* @param int $iPort
|
||||
*/
|
||||
private static function InitServerAndPort(&$sServer, &$iPort)
|
||||
{
|
||||
$aConnectInfo = explode(':', self::$m_sDBHost);
|
||||
if (count($aConnectInfo) > 1)
|
||||
{
|
||||
// Override the default port
|
||||
$sServer = $aConnectInfo[0];
|
||||
$iPort = (int)$aConnectInfo[1];
|
||||
}
|
||||
else
|
||||
{
|
||||
$sServer = self::$m_sDBHost;
|
||||
$iPort = null;
|
||||
}
|
||||
|
||||
if (!empty(self::$m_sDBSSLKey) && !empty(self::$m_sDBSSLCert) && !empty(self::$m_sDBSSLCA))
|
||||
{
|
||||
// use persistent connexions to limit TLS overhead
|
||||
// see http://php.net/manual/en/mysqli.persistconns.php
|
||||
$sServer = 'p:'.self::$m_sDBHost;
|
||||
}
|
||||
}
|
||||
|
||||
public static function SetCharacterSet($sCharset = 'utf8', $sCollation = 'utf8_general_ci')
|
||||
{
|
||||
if (strlen($sCharset) > 0)
|
||||
|
||||
@@ -1176,6 +1176,14 @@ class Config
|
||||
|
||||
$sConfigCode = trim(file_get_contents($sConfigFile));
|
||||
|
||||
// Variables created when doing an eval() on the config file
|
||||
/** @var array $MySettings */
|
||||
$MySettings = null;
|
||||
/** @var array $MyModuleSettings */
|
||||
$MyModuleSettings = null;
|
||||
/** @var array $MyModules */
|
||||
$MyModules = null;
|
||||
|
||||
// This does not work on several lines
|
||||
// preg_match('/^<\\?php(.*)\\?'.'>$/', $sConfigCode, $aMatches)...
|
||||
// So, I've implemented a solution suggested in the PHP doc (search for phpWrapper)
|
||||
@@ -1236,10 +1244,10 @@ class Config
|
||||
$this->m_sDBPwd = trim($MySettings['db_pwd']);
|
||||
$this->m_sDBName = trim($MySettings['db_name']);
|
||||
$this->m_sDBSubname = trim($MySettings['db_subname']);
|
||||
$this->m_sDBSSLKey = trim($MySettings['db_ssl_key']);
|
||||
$this->m_sDBSSLCert = trim($MySettings['db_ssl_cert']);
|
||||
$this->m_sDBSSLCA = trim($MySettings['db_ssl_ca']);
|
||||
$this->m_sDBSSLCipher = trim($MySettings['db_ssl_cipher']);
|
||||
$this->m_sDBSSLKey = isset($MySettings['db_ssl.key']) ? (trim($MySettings['db_ssl.key'])) : '';
|
||||
$this->m_sDBSSLCert = isset($MySettings['db_ssl.cert']) ? (trim($MySettings['db_ssl.cert'])) : '';
|
||||
$this->m_sDBSSLCA = isset($MySettings['db_ssl.ca']) ? (trim($MySettings['db_ssl.ca'])) : '';
|
||||
$this->m_sDBSSLCipher = isset($MySettings['db_ssl.cipher']) ? trim($MySettings['db_ssl.cipher']) : '';
|
||||
|
||||
$this->m_sDBCharacterSet = isset($MySettings['db_character_set']) ? trim($MySettings['db_character_set']) : DEFAULT_CHARACTER_SET;
|
||||
$this->m_sDBCollation = isset($MySettings['db_collation']) ? trim($MySettings['db_collation']) : DEFAULT_COLLATION;
|
||||
@@ -1824,14 +1832,17 @@ class Config
|
||||
if ($sDBName == '')
|
||||
{
|
||||
// Todo - obsolete after the transition to the new setup (2.0) is complete (WARNING: used by the designer)
|
||||
$sDBName = $aParamValues['new_db_name'];
|
||||
if (isset($aParamValues['new_db_name']))
|
||||
{
|
||||
$sDBName = $aParamValues['new_db_name'];
|
||||
}
|
||||
}
|
||||
$this->SetDBName($sDBName);
|
||||
$this->SetDBSubname($aParamValues['db_prefix']);
|
||||
$this->SetDBSSLKey($aParamValues['db_ssl_key']);
|
||||
$this->SetDBSSLCert($aParamValues['db_ssl_cert']);
|
||||
$this->SetDBSSLCA($aParamValues['db_ssl_ca']);
|
||||
$this->SetDBSSLCipher($aParamValues['db_ssl_cipher']);
|
||||
if (isset($aParamValues['db_ssl_key'])) { $this->SetDBSSLKey($aParamValues['db_ssl_key']);}
|
||||
if (isset($aParamValues['db_ssl_key'])) { $this->SetDBSSLCert($aParamValues['db_ssl_cert']);}
|
||||
if (isset($aParamValues['db_ssl_ca'])) { $this->SetDBSSLCA($aParamValues['db_ssl_ca']);}
|
||||
if (isset($aParamValues['db_ssl_cipher'])) { $this->SetDBSSLCipher($aParamValues['db_ssl_cipher']);}
|
||||
}
|
||||
|
||||
if (isset($aParamValues['selected_modules']))
|
||||
@@ -1936,6 +1947,8 @@ class Config
|
||||
$sNiceExport = str_replace(array("\r\n", "\n", "\r"), "\n".$sIndentation, trim($sExport));
|
||||
if (!$bForceIndentation)
|
||||
{
|
||||
/** @var array $aImported */
|
||||
$aImported = null;
|
||||
eval('$aImported='.$sNiceExport.';');
|
||||
// Check if adding the identations at the beginning of each line
|
||||
// did not modify the values (in case of a string containing a line break)
|
||||
|
||||
@@ -1126,10 +1126,10 @@ EOF
|
||||
$sDBUser = $aParameters['db_user'];
|
||||
$sDBPwd = $aParameters['db_pwd'];
|
||||
$sDBName = $aParameters['db_name'];
|
||||
$sSSLKey = $aParameters['db_ssl_key'];
|
||||
$sSSLCert = $aParameters['db_ssl_cert'];
|
||||
$sSSLCA = $aParameters['db_ssl_ca'];
|
||||
$sSSLCipher = $aParameters['db_ssl_cipher'];
|
||||
$sSSLKey = (isset($aParameters['db_ssl_key'])) ? $aParameters['db_ssl_key'] : null;
|
||||
$sSSLCert = isset($aParameters['db_ssl_cert']) ? $aParameters['db_ssl_cert'] : null;
|
||||
$sSSLCA = (isset($aParameters['db_ssl_ca'])) ? $aParameters['db_ssl_ca'] : null;
|
||||
$sSSLCipher = (isset($aParameters['db_ssl_cipher'])) ? $aParameters['db_ssl_cipher'] : null;
|
||||
|
||||
$oPage->add_ready_script('oXHRCheckDB = null;');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user