tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add SSL Support to MySQL resources 

Signed-off-by: Johannes Meyer <johannes.meyer@netways.de>
This commit is contained in:
Lee Clemens 2016-03-06 13:55:04 -05:00 committed by Johannes Meyer
parent 1be8e14772
commit 87e774cb88
4 changed files with 165 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
application/forms/Config/Resource/DbResourceForm.php
View File

@ -138,6 +138,53 @@ class DbResourceForm extends Form
'description' => $this->translate('The password to use for authentication')
)
);
if ($offerMysql) {
$this->addElement(
'text',
'ssl_key',
array(
'required' => false,
'label' => $this->translate('SSL Key'),
'description' => $this->translate('The SSL client key file path')
)
);
$this->addElement(
'text',
'ssl_cert',
array(
'required' => false,
'label' => $this->translate('SSL Certificate'),
'description' => $this->translate('The SSL certificate file path')
)
);
$this->addElement(
'text',
'ssl_ca',
array(
'required' => false,
'label' => $this->translate('SSL CA'),
'description' => $this->translate('The SSL Certificate Authority certificate file path')
)
);
$this->addElement(
'text',
'ssl_capath',
array(
'required' => false,
'label' => $this->translate('SSL CA Path'),
'description' => $this->translate('The SSL trusted SSL CA certificates in PEM format directory path')
)
);
$this->addElement(
'text',
'ssl_cipher',
array(
'required' => false,
'label' => $this->translate('SSL Cipher'),
'description' => $this->translate('The SSL list of permissible ciphers')
)
);
}
$this->addElement(
'text',
'charset',

39
library/Icinga/Data/Db/DbConnection.php
View File

@ -143,6 +143,30 @@ class DbConnection implements Selectable, Extensible, Updatable, Reducible, Insp
break;
case 'mysql':
$adapter = 'Pdo_Mysql';
// If any SSL options are set, add them to driver_options
if ($this->config->ssl_key
|| $this->config->ssl_cert
|| $this->config->ssl_ca
|| $this->config->ssl_capath
|| $this->config->ssl_cipher
) {
# The presence of these keys as empty strings or null cause non-ssl connections to fail
if ($this->config->ssl_key) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_KEY] = $this->config->ssl_key;
}
if ($this->config->ssl_cert) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CERT] = $this->config->ssl_cert;
}
if ($this->config->ssl_ca) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CA] = $this->config->ssl_ca;
}
if ($this->config->ssl_capath) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CAPATH] = $this->config->ssl_capath;
}
if ($this->config->ssl_cipher) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config->ssl_cipher;
}
}
/*
* Set MySQL server SQL modes to behave as closely as possible to Oracle and PostgreSQL. Note that the
* ONLY_FULL_GROUP_BY mode is left on purpose because MySQL requires you to specify all non-aggregate
@ -490,11 +514,24 @@ class DbConnection implements Selectable, Extensible, Updatable, Reducible, Insp
case 'mysql':
$rows = $this->dbAdapter->query(
'SHOW VARIABLES WHERE variable_name ' .
'IN (\'version\', \'protocol_version\', \'version_compile_os\');'
'IN (\'version\', \'protocol_version\', \'version_compile_os\', \'have_ssl\');'
)->fetchAll();
$sqlinsp = new Inspection('MySQL');
$have_ssl = false;
foreach ($rows as $row) {
$sqlinsp->write($row->variable_name . ': ' . $row->value);
if ($row->variable_name === 'have_ssl' && $row->value === 'YES') {
$have_ssl = true;
}
}
if ($have_ssl) {
$ssl_rows = $this->dbAdapter->query(
'SHOW STATUS WHERE variable_name ' .
'IN (\'Ssl_Cipher\');'
)->fetchAll();
foreach ($ssl_rows as $ssl_row) {
$sqlinsp->write($ssl_row->variable_name . ': ' . $ssl_row->value);
}
}
$insp->write($sqlinsp);
break;

24
modules/monitoring/library/Monitoring/BackendStep.php
View File

@ -112,7 +112,31 @@ class BackendStep extends Step
. '<tr>'
. '<td><strong>' . t('Password') . '</strong></td>'
. '<td>' . str_repeat('*', strlen($this->data['resourceConfig']['password'])) . '</td>'
. '</tr>';
if ($this->data['resourceConfig']['db'] === 'mysql') {
$resourceHtml .= ''
.'<tr>'
. '<td><strong>' . t('SSL Key') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_key'] . '</td>'
. '</tr>'
. '<tr>'
. '<td><strong>' . t('SSL Cert') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_cert'] . '</td>'
. '</tr>'
. '<tr>'
. '<td><strong>' . t('CA') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_ca'] . '</td>'
. '</tr>'
. '<tr>'
. '<td><strong>' . t('CA Path') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_capath'] . '</td>'
. '</tr>'
. '<tr>'
. '<td><strong>' . t('Cipher') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_cipher'] . '</td>'
. '</tr>';
};
$resourceHtml .= ''
. '</tbody>'
. '</table>';
} else { // $this->data['resourceConfig']['type'] === 'livestatus'

56
modules/setup/library/Setup/Utils/DbTool.php
View File

@ -262,6 +262,30 @@ class DbTool
);
if ($this->config['db'] === 'mysql') {
if ($this->config['ssl_key']
|| $this->config['ssl_cert']
|| $this->config['ssl_ca']
|| $this->config['ssl_capath']
|| $this->config['ssl_cipher']
) {
$this->config['driver_options'] = array();
# The presence of these keys as empty strings or null cause non-ssl connections to fail
if ($this->config['ssl_key']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_KEY] = $this->config['ssl_key'];
}
if ($this->config['ssl_cert']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CERT] = $this->config['ssl_cert'];
}
if ($this->config['ssl_ca']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CA] = $this->config['ssl_ca'];
}
if ($this->config['ssl_capath']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CAPATH] = $this->config['ssl_capath'];
}
if ($this->config['ssl_cipher']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
}
}
$this->zendConn = new Zend_Db_Adapter_Pdo_Mysql($config);
} elseif ($this->config['db'] === 'pgsql') {
$this->zendConn = new Zend_Db_Adapter_Pdo_Pgsql($config);
@ -286,11 +310,41 @@ class DbTool
return;
}
$driver_options = array(
PDO::ATTR_TIMEOUT => 1,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
);
if ($this->config['db'] == 'mysql'
&& ($this->config['ssl_key']
|| $this->config['ssl_cert']
|| $this->config['ssl_ca']
|| $this->config['ssl_capath']
|| $this->config['ssl_cipher'])
) {
# The presence of these keys as empty strings or null cause non-ssl connections to fail
if ($this->config['ssl_key']) {
$driver_options[PDO::MYSQL_ATTR_SSL_KEY] = $this->config['ssl_key'];
}
if ($this->config['ssl_cert']) {
$driver_options[PDO::MYSQL_ATTR_SSL_CERT] = $this->config['ssl_cert'];
}
if ($this->config['ssl_ca']) {
$driver_options[PDO::MYSQL_ATTR_SSL_CA] = $this->config['ssl_ca'];
}
if ($this->config['ssl_capath']) {
$driver_options[PDO::MYSQL_ATTR_SSL_CAPATH] = $this->config['ssl_capath'];
}
if ($this->config['ssl_cipher']) {
$driver_options[PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
}
}
$this->pdoConn = new PDO(
$this->buildDsn($this->config['db'], $dbname),
$this->config['username'],
$this->config['password'],
array(PDO::ATTR_TIMEOUT => 1, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION)
$driver_options
);
}