From 8577ad128059f4c508f03df4e5566c09fe161be5 Mon Sep 17 00:00:00 2001 From: John Date: Thu, 3 Aug 2017 19:37:01 +0800 Subject: [PATCH] NEW Added SSL support for MySQLi Connector (fixes #7242) Modified MySQLiConnector.php to parse SSL environment variables Modifed MySQLDatabaseConfigurationHelper.php to check SSL variables when testing initial connection Minor: Modified PDOConnector.php to change typo TODO: Add Documentation --- .../MySQLDatabaseConfigurationHelper.php | 33 +++++++++++-- model/connect/MySQLiConnector.php | 48 +++++++++++++------ model/connect/PDOConnector.php | 4 +- 3 files changed, 65 insertions(+), 20 deletions(-) diff --git a/dev/install/MySQLDatabaseConfigurationHelper.php b/dev/install/MySQLDatabaseConfigurationHelper.php index 8815fcc03..807f1d0dd 100644 --- a/dev/install/MySQLDatabaseConfigurationHelper.php +++ b/dev/install/MySQLDatabaseConfigurationHelper.php @@ -18,13 +18,39 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper { * @param string $error Error message passed by value * @return mixed|null Either the connection object, or null if error */ + protected function createConnection($databaseConfig, &$error) { $error = null; try { switch($databaseConfig['type']) { case 'MySQLDatabase': - $conn = @new MySQLi($databaseConfig['server'], $databaseConfig['username'], - $databaseConfig['password']); + + + $conn = mysqli_init(); + + // Set SSL parameters if they exist. All parameters are required. + if( + array_key_exists('ssl_key', $databaseConfig) && + array_key_exists('ssl_cert', $databaseConfig) && + array_key_exists('ssl_ca', $databaseConfig)) { + + $conn->ssl_set( + $databaseConfig['ssl_key'], + $databaseConfig['ssl_cert'], + $databaseConfig['ssl_ca'], + dirname($databaseConfig['ssl_ca']), + array_key_exists('ssl_cipher', $databaseConfig) ? $databaseConfig['ssl_cipher'] : Config::inst()->get('MySQLiConnector', 'ssl_cipher_default') + ); + + } + + + @$conn->real_connect( + $databaseConfig['server'], + $databaseConfig['username'], + $databaseConfig['password'] + ); + if($conn && empty($conn->connect_errno)) { $conn->query("SET sql_mode = 'ANSI'"); return $conn; @@ -39,7 +65,6 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper { // Set SSL parameters $ssl = null; - $defaultCipher = 'DHE-RSA-AES256-SHA'; if( array_key_exists('ssl_key', $databaseConfig) && @@ -55,7 +80,7 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper { } // use default cipher if not provided - $ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : $defaultCipher; + $ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : Config::inst()->get('PDOConnector', 'ssl_cipher_default'); } diff --git a/model/connect/MySQLiConnector.php b/model/connect/MySQLiConnector.php index f56a6649b..13af37003 100644 --- a/model/connect/MySQLiConnector.php +++ b/model/connect/MySQLiConnector.php @@ -7,6 +7,14 @@ */ class MySQLiConnector extends DBConnector { + /** + * Default strong SSL cipher to be used + * + * @config + * @var string + */ + private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA'; + /** * Connection to the MySQL database * @@ -60,23 +68,35 @@ class MySQLiConnector extends DBConnector { $connCharset = Config::inst()->get('MySQLDatabase', 'connection_charset'); $connCollation = Config::inst()->get('MySQLDatabase', 'connection_collation'); - if(!empty($parameters['port'])) { - $this->dbConn = new MySQLi( - $parameters['server'], - $parameters['username'], - $parameters['password'], - $selectedDB, - $parameters['port'] - ); - } else { - $this->dbConn = new MySQLi( - $parameters['server'], - $parameters['username'], - $parameters['password'], - $selectedDB + $this->dbConn = mysqli_init(); + + // Set SSL parameters if they exist. All parameters are required. + + if( + array_key_exists('ssl_key', $parameters) && + array_key_exists('ssl_cert', $parameters) && + array_key_exists('ssl_ca', $parameters)) { + + $this->dbConn->ssl_set( + $parameters['ssl_key'], + $parameters['ssl_cert'], + $parameters['ssl_ca'], + dirname($parameters['ssl_ca']), + array_key_exists('ssl_cipher', $parameters) ? $parameters['ssl_cipher'] : Config::inst()->get('MySQLiConnector', 'ssl_cipher_default') ); + } + + $this->dbConn->real_connect( + $parameters['server'], + $parameters['username'], + $parameters['password'], + $selectedDB, + !empty($parameters['port']) ? $parameters['port'] : ini_get("mysqli.default_port") + + ); + if ($this->dbConn->connect_error) { $this->databaseError("Couldn't connect to MySQL database | " . $this->dbConn->connect_error); } diff --git a/model/connect/PDOConnector.php b/model/connect/PDOConnector.php index fd5b6d3b8..8b36a52e5 100644 --- a/model/connect/PDOConnector.php +++ b/model/connect/PDOConnector.php @@ -19,7 +19,7 @@ class PDOConnector extends DBConnector { * Default strong SSL cipher to be used * * @config - * @var boolean + * @var string */ private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA'; @@ -181,7 +181,7 @@ class PDOConnector extends DBConnector { } // use default cipher if not provided - $options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: $this->config()->ssl_cipher_default; + $options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: Config::inst()->get('PDOConnector', 'ssl_cipher_default'); }