tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow disabling MySQL server certificate validation by setting ssl_do_not_verify_server_cert 

Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
This commit is contained in:
Marian Rainer-Harbach 2018-07-13 19:50:18 +02:00 committed by Eric Lippmann
parent 84e0c0c4fb
commit 5e40405a12
8 changed files with 71 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
application/forms/Config/Resource/DbResourceForm.php
View File

@ -170,6 +170,18 @@ class DbResourceForm extends Form
) )
); );
if (isset($formData['use_ssl']) && $formData['use_ssl']) { if (isset($formData['use_ssl']) && $formData['use_ssl']) {
if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')) {
$this->addElement(
'checkbox',
'ssl_do_not_verify_server_cert',
array(
'label' => $this->translate('SSL Do Not Verify Server Certificate'),
'description' => $this->translate(
'Whether to disable verification of the server certificate'
)
)
);
}
$this->addElement( $this->addElement(
'text', 'text',
'ssl_key', 'ssl_key',

BIN
application/locale/de_DE/LC_MESSAGES/icinga.mo
View File

Binary file not shown.

8
application/locale/de_DE/LC_MESSAGES/icinga.po
View File

@ -3868,3 +3868,11 @@ msgstr "umschalten"
#~ msgid "for" #~ msgid "for"
#~ msgstr "für" #~ msgstr "für"
#: ../../../../application/forms/Config/Resource/DbResourceForm.php:176
msgid "SSL Do Not Verify Server Certificate"
msgstr "SSL-Serverzertifikat nicht verifizieren"
#: ../../../../application/forms/Config/Resource/DbResourceForm.php:178
msgid "Whether to disable verification of the server certificate"
msgstr "Die Verifikation des Serverzertifikats deaktivieren"

3
doc/04-Resources.md
View File

@ -24,7 +24,7 @@ A Database resource defines a connection to a SQL database which
can contain users and groups to handle authentication and authorization, monitoring data or user preferences. can contain users and groups to handle authentication and authorization, monitoring data or user preferences.
Option | Description Option | Description
-------------------------|----------------------------------------------- ------------------------------------|------------
type | **Required.** Specifies the resource type. Must be set to `db`. type | **Required.** Specifies the resource type. Must be set to `db`.
db | **Required.** Database type. In most cases `mysql` or `pgsql`. db | **Required.** Database type. In most cases `mysql` or `pgsql`.
host | **Required.** Connect to the database server on the given host. For using unix domain sockets, specify `localhost` for MySQL and the path to the unix domain socket directory for PostgreSQL. host | **Required.** Connect to the database server on the given host. For using unix domain sockets, specify `localhost` for MySQL and the path to the unix domain socket directory for PostgreSQL.
@ -33,6 +33,7 @@ username | **Required.** The database username.
password | **Required.** The database password. password | **Required.** The database password.
dbname | **Required.** The database name. dbname | **Required.** The database name.
charset | **Optional.** The character set for the database connection. charset | **Optional.** The character set for the database connection.
ssl\_do\_not\_verify\_server\_cert | **Optional.** Disable validation of the server certificate. Only available for the `mysql` database and on PHP versions > 5.6.
ssl\_cert | **Optional.** The file path to the SSL certificate. Only available for the `mysql` database. ssl\_cert | **Optional.** The file path to the SSL certificate. Only available for the `mysql` database.
ssl\_key | **Optional.** The file path to the SSL key. Only available for the `mysql` database. ssl\_key | **Optional.** The file path to the SSL key. Only available for the `mysql` database.
ssl\_ca | **Optional.** The file path to the SSL certificate authority. Only available for the `mysql` database. ssl\_ca | **Optional.** The file path to the SSL certificate authority. Only available for the `mysql` database.

5
library/Icinga/Data/Db/DbConnection.php
View File

@ -185,6 +185,11 @@ class DbConnection implements Selectable, Extensible, Updatable, Reducible, Insp
if ($this->config->ssl_cipher) { if ($this->config->ssl_cipher) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config->ssl_cipher; $adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config->ssl_cipher;
} }
if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& $this->config->ssl_do_not_verify_server_cert
) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
}
} }
/* /*
* Set MySQL server SQL modes to behave as closely as possible to Oracle and PostgreSQL. Note that the * Set MySQL server SQL modes to behave as closely as possible to Oracle and PostgreSQL. Note that the

10
modules/monitoring/library/Monitoring/BackendStep.php
View File

@ -114,6 +114,16 @@ class BackendStep extends Step
. '<td>' . str_repeat('*', strlen($this->data['resourceConfig']['password'])) . '</td>' . '<td>' . str_repeat('*', strlen($this->data['resourceConfig']['password'])) . '</td>'
. '</tr>'; . '</tr>';
if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& isset($this->data['resourceConfig']['ssl_do_not_verify_server_cert'])
&& $this->data['resourceConfig']['ssl_do_not_verify_server_cert']
) {
$resourceHtml .= ''
. '<tr>'
. '<td><strong>' . t('SSL Do Not Verify Server Certificate') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_do_not_verify_server_cert'] . '</td>'
. '</tr>';
}
if (isset($this->data['resourceConfig']['ssl_key']) && $this->data['resourceConfig']['ssl_key']) { if (isset($this->data['resourceConfig']['ssl_key']) && $this->data['resourceConfig']['ssl_key']) {
$resourceHtml .= '' $resourceHtml .= ''
.'<tr>' .'<tr>'

10
modules/setup/library/Setup/Steps/ResourceStep.php
View File

@ -91,6 +91,16 @@ class ResourceStep extends Step
. '<td>' . str_repeat('*', strlen($this->data['dbResourceConfig']['password'])) . '</td>' . '<td>' . str_repeat('*', strlen($this->data['dbResourceConfig']['password'])) . '</td>'
. '</tr>'; . '</tr>';
if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& isset($this->data['resourceConfig']['ssl_do_not_verify_server_cert'])
&& $this->data['resourceConfig']['ssl_do_not_verify_server_cert']
) {
$dbHtml .= ''
. '<tr>'
. '<td><strong>' . t('SSL Do Not Verify Server Certificate') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_do_not_verify_server_cert'] . '</td>'
. '</tr>';
}
if (isset($this->data['dbResourceConfig']['ssl_key']) && $this->data['dbResourceConfig']['ssl_key']) { if (isset($this->data['dbResourceConfig']['ssl_key']) && $this->data['dbResourceConfig']['ssl_key']) {
$dbHtml .= '' $dbHtml .= ''
.'<tr>' .'<tr>'

10
modules/setup/library/Setup/Utils/DbTool.php
View File

@ -280,6 +280,11 @@ class DbTool
if ($this->config['ssl_cipher']) { if ($this->config['ssl_cipher']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher']; $config['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
} }
if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& $this->config['ssl_do_not_verify_server_cert']
) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
}
} }
$this->zendConn = new Zend_Db_Adapter_Pdo_Mysql($config); $this->zendConn = new Zend_Db_Adapter_Pdo_Mysql($config);
} elseif ($this->config['db'] === 'pgsql') { } elseif ($this->config['db'] === 'pgsql') {
@ -330,6 +335,11 @@ class DbTool
if ($this->config['ssl_cipher']) { if ($this->config['ssl_cipher']) {
$driverOptions[PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher']; $driverOptions[PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
} }
if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& $this->config['ssl_do_not_verify_server_cert']
) {
$driverOptions[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
}
} }
$this->pdoConn = new PDO( $this->pdoConn = new PDO(