NEW Added SSL support for MySQLi Connector (fixes #7242)

Modified MySQLiConnector.php to parse SSL environment variables
Modifed MySQLDatabaseConfigurationHelper.php to check SSL variables when testing initial connection

Minor: Modified PDOConnector.php to change typo

TODO: Add Documentation
This commit is contained in:
John 2017-08-03 19:37:01 +08:00
parent 723ae37b7d
commit 8577ad1280
3 changed files with 65 additions and 20 deletions

View File

@ -18,13 +18,39 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
* @param string $error Error message passed by value * @param string $error Error message passed by value
* @return mixed|null Either the connection object, or null if error * @return mixed|null Either the connection object, or null if error
*/ */
protected function createConnection($databaseConfig, &$error) { protected function createConnection($databaseConfig, &$error) {
$error = null; $error = null;
try { try {
switch($databaseConfig['type']) { switch($databaseConfig['type']) {
case 'MySQLDatabase': case 'MySQLDatabase':
$conn = @new MySQLi($databaseConfig['server'], $databaseConfig['username'],
$databaseConfig['password']);
$conn = mysqli_init();
// Set SSL parameters if they exist. All parameters are required.
if(
array_key_exists('ssl_key', $databaseConfig) &&
array_key_exists('ssl_cert', $databaseConfig) &&
array_key_exists('ssl_ca', $databaseConfig)) {
$conn->ssl_set(
$databaseConfig['ssl_key'],
$databaseConfig['ssl_cert'],
$databaseConfig['ssl_ca'],
dirname($databaseConfig['ssl_ca']),
array_key_exists('ssl_cipher', $databaseConfig) ? $databaseConfig['ssl_cipher'] : Config::inst()->get('MySQLiConnector', 'ssl_cipher_default')
);
}
@$conn->real_connect(
$databaseConfig['server'],
$databaseConfig['username'],
$databaseConfig['password']
);
if($conn && empty($conn->connect_errno)) { if($conn && empty($conn->connect_errno)) {
$conn->query("SET sql_mode = 'ANSI'"); $conn->query("SET sql_mode = 'ANSI'");
return $conn; return $conn;
@ -39,7 +65,6 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
// Set SSL parameters // Set SSL parameters
$ssl = null; $ssl = null;
$defaultCipher = 'DHE-RSA-AES256-SHA';
if( if(
array_key_exists('ssl_key', $databaseConfig) && array_key_exists('ssl_key', $databaseConfig) &&
@ -55,7 +80,7 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
} }
// use default cipher if not provided // use default cipher if not provided
$ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : $defaultCipher; $ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : Config::inst()->get('PDOConnector', 'ssl_cipher_default');
} }

View File

@ -7,6 +7,14 @@
*/ */
class MySQLiConnector extends DBConnector { class MySQLiConnector extends DBConnector {
/**
* Default strong SSL cipher to be used
*
* @config
* @var string
*/
private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA';
/** /**
* Connection to the MySQL database * Connection to the MySQL database
* *
@ -60,23 +68,35 @@ class MySQLiConnector extends DBConnector {
$connCharset = Config::inst()->get('MySQLDatabase', 'connection_charset'); $connCharset = Config::inst()->get('MySQLDatabase', 'connection_charset');
$connCollation = Config::inst()->get('MySQLDatabase', 'connection_collation'); $connCollation = Config::inst()->get('MySQLDatabase', 'connection_collation');
if(!empty($parameters['port'])) { $this->dbConn = mysqli_init();
$this->dbConn = new MySQLi(
$parameters['server'], // Set SSL parameters if they exist. All parameters are required.
$parameters['username'],
$parameters['password'], if(
$selectedDB, array_key_exists('ssl_key', $parameters) &&
$parameters['port'] array_key_exists('ssl_cert', $parameters) &&
); array_key_exists('ssl_ca', $parameters)) {
} else {
$this->dbConn = new MySQLi( $this->dbConn->ssl_set(
$parameters['server'], $parameters['ssl_key'],
$parameters['username'], $parameters['ssl_cert'],
$parameters['password'], $parameters['ssl_ca'],
$selectedDB dirname($parameters['ssl_ca']),
array_key_exists('ssl_cipher', $parameters) ? $parameters['ssl_cipher'] : Config::inst()->get('MySQLiConnector', 'ssl_cipher_default')
); );
} }
$this->dbConn->real_connect(
$parameters['server'],
$parameters['username'],
$parameters['password'],
$selectedDB,
!empty($parameters['port']) ? $parameters['port'] : ini_get("mysqli.default_port")
);
if ($this->dbConn->connect_error) { if ($this->dbConn->connect_error) {
$this->databaseError("Couldn't connect to MySQL database | " . $this->dbConn->connect_error); $this->databaseError("Couldn't connect to MySQL database | " . $this->dbConn->connect_error);
} }

View File

@ -19,7 +19,7 @@ class PDOConnector extends DBConnector {
* Default strong SSL cipher to be used * Default strong SSL cipher to be used
* *
* @config * @config
* @var boolean * @var string
*/ */
private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA'; private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA';
@ -181,7 +181,7 @@ class PDOConnector extends DBConnector {
} }
// use default cipher if not provided // use default cipher if not provided
$options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: $this->config()->ssl_cipher_default; $options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: Config::inst()->get('PDOConnector', 'ssl_cipher_default');
} }