From 494b8b51b1689d3e2cde4cf0bcef4def275e50f7 Mon Sep 17 00:00:00 2001 From: Tyler Anthony Romeo Date: Wed, 15 Aug 2012 16:44:41 -0400 Subject: [PATCH] (bug 32774) Added config options and flags for SSL and compression in DB. Added configuration options ($wgDBssl, $wgDBcompress) and related connection flags (DBO_SSL, DBO_COMPRESS) to allow SSL/TLS and compression on database connections. The flags are only observed if the functionality is supported for that type of database (e.g., SQLite will ignore both flags as neither are supported). Currently, only MySQL and PgSQL have support for at least one of these flags in their PHP extensions. MySQL supports both flags and PgSQL supports the SSL flag only. Change-Id: I7b4d3ba82ccab0eed4a19e3b4e7bc0b4eb881262 Signed-off-by: Tyler Anthony Romeo --- RELEASE-NOTES-1.20 | 2 ++ includes/DefaultSettings.php | 6 ++++++ includes/Defines.php | 2 ++ includes/db/DatabaseMysql.php | 12 ++++++++++-- includes/db/DatabasePostgres.php | 4 ++++ includes/db/LBFactory.php | 12 +++++++++++- 6 files changed, 35 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES-1.20 b/RELEASE-NOTES-1.20 index 54554c94e2..2dea396f44 100644 --- a/RELEASE-NOTES-1.20 +++ b/RELEASE-NOTES-1.20 @@ -25,6 +25,8 @@ upgrade PHP if you have not done so prior to upgrading MediaWiki. * Removed f-prot support from $wgAntivirusSetup. * New variable $wgDBerrorLogTZ to provide dates in the error log in a different timezone than the wiki timezone set by $wgLocalTimezone. +* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database + connections, if either are available for the selected DB type. === New features in 1.20 === * Added TitleIsAlwaysKnown hook which gets called when determining if a page exists. diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index a6244ed94e..1ccf5a9ece 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -1308,6 +1308,10 @@ $wgDBuser = 'wikiuser'; $wgDBpassword = ''; /** Database type */ $wgDBtype = 'mysql'; +/** Whether to use SSL in DB connection. */ +$wgDBssl = false; +/** Whether to use compression in DB connection. */ +$wgDBcompress = false; /** Separate username for maintenance tasks. Leave as null to use the default. */ $wgDBadminuser = null; @@ -1393,6 +1397,8 @@ $wgSharedTables = array( 'user', 'user_properties' ); * - DBO_IGNORE -- ignore errors (not useful in LocalSettings.php) * - DBO_NOBUFFER -- turn off buffering (not useful in LocalSettings.php) * - DBO_PERSISTENT -- enables persistent database connections + * - DBO_SSL -- uses SSL/TLS encryption in database connections, if available + * - DBO_COMPRESS -- uses internal compression in database connections, if available * * - max lag: (optional) Maximum replication lag before a slave will taken out of rotation * - max threads: (optional) Maximum number of running threads diff --git a/includes/Defines.php b/includes/Defines.php index 56218d6aee..55d9a7a238 100644 --- a/includes/Defines.php +++ b/includes/Defines.php @@ -44,6 +44,8 @@ define( 'DBO_DEFAULT', 16 ); define( 'DBO_PERSISTENT', 32 ); define( 'DBO_SYSDBA', 64 ); //for oracle maintenance define( 'DBO_DDLMODE', 128 ); // when using schema files: mostly for Oracle +define( 'DBO_SSL', 256 ); +define( 'DBO_COMPRESS', 512 ); /**@}*/ /**@{ diff --git a/includes/db/DatabaseMysql.php b/includes/db/DatabaseMysql.php index e27d3db448..4b34310b09 100644 --- a/includes/db/DatabaseMysql.php +++ b/includes/db/DatabaseMysql.php @@ -83,6 +83,14 @@ class DatabaseMysql extends DatabaseBase { $this->mPassword = $password; $this->mDBname = $dbName; + $connFlags = 0; + if ( $this->mFlags & DBO_SSL ) { + $connFlags |= MYSQL_CLIENT_SSL; + } + if ( $this->mFlags & DBO_COMPRESS ) { + $connFlags |= MYSQL_CLIENT_COMPRESS; + } + wfProfileIn("dbconnect-$server"); # The kernel's default SYN retransmission period is far too slow for us, @@ -100,10 +108,10 @@ class DatabaseMysql extends DatabaseBase { usleep( 1000 ); } if ( $this->mFlags & DBO_PERSISTENT ) { - $this->mConn = mysql_pconnect( $realServer, $user, $password ); + $this->mConn = mysql_pconnect( $realServer, $user, $password, $connFlags ); } else { # Create a new connection... - $this->mConn = mysql_connect( $realServer, $user, $password, true ); + $this->mConn = mysql_connect( $realServer, $user, $password, true, $connFlags ); } #if ( $this->mConn === false ) { #$iplus = $i + 1; diff --git a/includes/db/DatabasePostgres.php b/includes/db/DatabasePostgres.php index 3504892e0a..8f8f5e83e4 100644 --- a/includes/db/DatabasePostgres.php +++ b/includes/db/DatabasePostgres.php @@ -356,6 +356,10 @@ class DatabasePostgres extends DatabaseBase { if ( $port != false && $port != '' ) { $connectVars['port'] = $port; } + if ( $this->mFlags & DBO_SSL ) { + $connectVars['sslmode'] = 1; + } + $this->connectString = $this->makeConnectionString( $connectVars, PGSQL_CONNECT_FORCE_NEW ); $this->close(); $this->installErrorHandler(); diff --git a/includes/db/LBFactory.php b/includes/db/LBFactory.php index aaca12cbc3..e82c54ba3d 100644 --- a/includes/db/LBFactory.php +++ b/includes/db/LBFactory.php @@ -191,6 +191,16 @@ class LBFactory_Simple extends LBFactory { $servers = $wgDBservers; } else { global $wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname, $wgDBtype, $wgDebugDumpSql; + global $wgDBssl, $wgDBcompress; + + $flags = ( $wgDebugDumpSql ? DBO_DEBUG : 0 ) | DBO_DEFAULT; + if ( $wgDBssl ) { + $flags |= DBO_SSL; + } + if ( $wgDBcompress ) { + $flags |= DBO_COMPRESS; + } + $servers = array(array( 'host' => $wgDBserver, 'user' => $wgDBuser, @@ -198,7 +208,7 @@ class LBFactory_Simple extends LBFactory { 'dbname' => $wgDBname, 'type' => $wgDBtype, 'load' => 1, - 'flags' => ($wgDebugDumpSql ? DBO_DEBUG : 0) | DBO_DEFAULT + 'flags' => $flags )); } -- 2.20.1