ent 9154 SSL MySQL console connection

2025-07-31 01:35:36 +02:00 · 2022-09-14 14:19:47 +02:00 · 2022-09-14 14:19:47 +02:00 · 544f337181
commit 544f337181
parent 3a1ec66bfb
4 changed files with 336 additions and 293 deletions
--- a/pandora_console/godmode/setup/setup_general.php
+++ b/pandora_console/godmode/setup/setup_general.php
@ -1,4 +1,5 @@
 <?php
+
 /**
 * General setup.
 *
@ -771,6 +772,10 @@ $(document).ready (function () {
            $('#ssl-path-tr').show();
        }

+        if ($("input[name=mysql_use_cert]").is(':checked')) {
+            $('#mysql-ssl-path-tr').show();
+        }
+
        $("input[name=use_cert]").change(function() {
            if ($(this).is(":checked"))
                $('#ssl-path-tr').show();
@ -778,20 +783,27 @@ $(document).ready (function () {
                $('#ssl-path-tr').hide();

        });
+
+        $("input[name=mysql_use_cert]").change(function() {
+            if ($(this).is(":checked"))
+                $('#mysql-ssl-path-tr').show();
+            else
+                $('#mysql-ssl-path-tr').hide();
+
+        });
+
        $("input[name=https]").change(function() {
            if ($("input[name=https]").prop('checked')) {
                $("#dialog").dialog({
                    modal: true,
                    width: 500,
-            buttons:[
-                {
+                    buttons: [{
                        class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-next',
                        text: "<?php echo __('OK'); ?>",
                        click: function() {
                            $(this).dialog("close");
                        }
-                }
-            ]
+                    }]
                });
            }
        })
@ -801,15 +813,13 @@ $(document).ready (function () {
                $("#force_public_url_dialog").dialog({
                    modal: true,
                    width: 500,
-            buttons: [
-                {
+                    buttons: [{
                        class: 'ui-widget ui-state-default ui-corner-all ui-button-text-only sub upd submit-next',
                        text: "<?php echo __('OK'); ?>",
                        click: function() {
                            $(this).dialog("close");
                        }
-                }
-            ]
+                    }]
                });
            }
        })
--- a/pandora_console/include/config.inc.php
+++ b/pandora_console/include/config.inc.php
@ -1,4 +1,5 @@
 <?php
+
 /**
 * Configuraton sample file.
 *
@ -38,6 +39,11 @@
 *   $config["homedir"]="/var/www/pandora_console/";
 *   $config["homeurl"]="/pandora_console/";
 *   $config["auth"]["scheme"] = "mysql";
+ *
+ * This is used to configure MySQL SSL console connection
+ *   $config["dbssl"]=0;
+ *   $config["dbsslcafile"]="/path/ca-cert.pem";
+ *   $config["sslverifyservercert"]=0;
 */

 // By default report any error but notices.
--- a/pandora_console/include/db/mysql.php
+++ b/pandora_console/include/db/mysql.php
@ -31,7 +31,9 @@ function mysql_connect_db(
    $user=null,
    $pass=null,
    $port=null,
-    $charset=null
+    $charset=null,
+    $ssl=null,
+    $verify=null
 ) {
    global $config;

@ -55,6 +57,14 @@ function mysql_connect_db(
        $port = $config['dbport'];
    }

+    if ($ssl === null && (bool) $config['dbssl'] === true) {
+        $ssl = $config['dbsslcafile'];
+    }
+
+    if ($verify === null && (bool) $config['sslverifyservercert'] === true) {
+        $verify = 'ignore verify';
+    }
+
    // Check if mysqli is available
    if (!isset($config['mysqli'])) {
        $config['mysqli'] = extension_loaded(mysqli);
@ -63,6 +73,7 @@ function mysql_connect_db(
    // Non-persistent connection: This will help to avoid mysql errors like "has gone away" or locking problems
    // If you want persistent connections change it to mysql_pconnect().
    if ($config['mysqli']) {
+        if (empty($ssl)) {
            $connect_id = mysqli_connect($host, $user, $pass, $db, $port);
            if (mysqli_connect_errno() > 0) {
                include 'general/mysqlerr.php';
@ -76,6 +87,22 @@ function mysql_connect_db(
            }

            mysqli_select_db($connect_id, $db);
+        } else {
+            $connect_id = mysqli_init();
+
+            mysqli_ssl_set($connect_id, null, null, $ssl, null, null);
+
+            if ($verify === null) {
+                mysqli_real_connect($connect_id, $host, $user, $pass, $db, $port, null, MYSQLI_CLIENT_SSL);
+            } else {
+                mysqli_real_connect($connect_id, $host, $user, $pass, $db, $port, null, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
+            }
+
+            if (mysqli_connect_errno() > 0) {
+                include 'general/mysqlerr.php';
+                return false;
+            }
+        }
    } else {
        $connect_id = @mysql_connect($host.':'.$port, $user, $pass, true);
        if (!$connect_id) {
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@ -1,4 +1,5 @@
 <?php
+
 /**
 * Main configuration of Pandora FMS
 *
@ -30,6 +31,7 @@
 require_once __DIR__.'/../vendor/autoload.php';
 require_once __DIR__.'/functions.php';
 enterprise_include_once('include/functions_config.php');
+
 use PandoraFMS\Core\DBMaintainer;
 use PandoraFMS\Core\Config;

@ -3399,7 +3401,6 @@ function config_check()
        $supervisor = new ConsoleSupervisor(false);
        $supervisor->runBasic();
    }
-
 }


@ -3424,7 +3425,6 @@ function get_um_url()
    }

    return $url;
-
 }