From de5f7ededeb7fdf87c7218196e611b6a9df225df Mon Sep 17 00:00:00 2001
From: myuzhobcplidtkieno
 <62526817+myuzhobcplidtkieno@users.noreply.github.com>
Date: Wed, 8 Apr 2020 08:08:28 +1200
Subject: Added the ability to use TLS when connecting to a database. (#24348)

* Added the ability to use TLS when connecting to a database.

* Trying to kickstart CI checks

* Revert the kickstart change

Co-authored-by: myuzhobcplidtkieno <myuzhobcplidtkieno@github.com>
Co-authored-by: Giacomo Pozzoni <giacomopoz@gmail.com>
(cherry picked from commit ae553f89664a4baade80020856c9ff66323de963)
---
 src/server/database/Database/MySQLConnection.cpp | 15 ++++++++++++++-
 src/server/database/Database/MySQLConnection.h   |  1 +
 src/server/database/Updater/DBUpdater.cpp        | 10 +++++++---
 src/server/database/Updater/DBUpdater.h          |  3 ++-
 4 files changed, 24 insertions(+), 5 deletions(-)

(limited to 'src/server/database')

diff --git a/src/server/database/Database/MySQLConnection.cpp b/src/server/database/Database/MySQLConnection.cpp
index c197850ba11..acb96fa5d71 100644
--- a/src/server/database/Database/MySQLConnection.cpp
+++ b/src/server/database/Database/MySQLConnection.cpp
@@ -34,7 +34,7 @@ MySQLConnectionInfo::MySQLConnectionInfo(std::string const& infoString)
 {
     Tokenizer tokens(infoString, ';');
 
-    if (tokens.size() != 5)
+    if (tokens.size() != 5 && tokens.size() != 6)
         return;
 
     uint8 i = 0;
@@ -44,6 +44,9 @@ MySQLConnectionInfo::MySQLConnectionInfo(std::string const& infoString)
     user.assign(tokens[i++]);
     password.assign(tokens[i++]);
     database.assign(tokens[i++]);
+
+    if (tokens.size() == 6)
+        ssl.assign(tokens[i++]);
 }
 
 MySQLConnection::MySQLConnection(MySQLConnectionInfo& connInfo) :
@@ -129,6 +132,16 @@ uint32 MySQLConnection::Open()
     }
     #endif
 
+    if (m_connectionInfo.ssl != "")
+    {
+        my_bool opt_use_ssl = false;
+        if (m_connectionInfo.ssl == "ssl")
+        {
+            opt_use_ssl = true;
+        }
+        mysql_options(mysqlInit, MYSQL_OPT_SSL_ENFORCE, (char const*)&opt_use_ssl);
+    }
+
     m_Mysql = reinterpret_cast<MySQLHandle*>(mysql_real_connect(mysqlInit, m_connectionInfo.host.c_str(), m_connectionInfo.user.c_str(),
         m_connectionInfo.password.c_str(), m_connectionInfo.database.c_str(), port, unix_socket, 0));
 
diff --git a/src/server/database/Database/MySQLConnection.h b/src/server/database/Database/MySQLConnection.h
index e4368db44ba..ea41ce3e0aa 100644
--- a/src/server/database/Database/MySQLConnection.h
+++ b/src/server/database/Database/MySQLConnection.h
@@ -49,6 +49,7 @@ struct TC_DATABASE_API MySQLConnectionInfo
     std::string database;
     std::string host;
     std::string port_or_socket;
+    std::string ssl;
 };
 
 class TC_DATABASE_API MySQLConnection
diff --git a/src/server/database/Updater/DBUpdater.cpp b/src/server/database/Updater/DBUpdater.cpp
index d0ddfcaf9ab..61b82e91099 100644
--- a/src/server/database/Updater/DBUpdater.cpp
+++ b/src/server/database/Updater/DBUpdater.cpp
@@ -220,7 +220,7 @@ bool DBUpdater<T>::Create(DatabaseWorkerPool<T>& pool)
     try
     {
         DBUpdater<T>::ApplyFile(pool, pool.GetConnectionInfo()->host, pool.GetConnectionInfo()->user, pool.GetConnectionInfo()->password,
-            pool.GetConnectionInfo()->port_or_socket, "", temp);
+            pool.GetConnectionInfo()->port_or_socket, "", pool.GetConnectionInfo()->ssl, temp);
     }
     catch (UpdateException&)
     {
@@ -355,12 +355,13 @@ template<class T>
 void DBUpdater<T>::ApplyFile(DatabaseWorkerPool<T>& pool, Path const& path)
 {
     DBUpdater<T>::ApplyFile(pool, pool.GetConnectionInfo()->host, pool.GetConnectionInfo()->user, pool.GetConnectionInfo()->password,
-        pool.GetConnectionInfo()->port_or_socket, pool.GetConnectionInfo()->database, path);
+        pool.GetConnectionInfo()->port_or_socket, pool.GetConnectionInfo()->database, pool.GetConnectionInfo()->ssl, path);
 }
 
 template<class T>
 void DBUpdater<T>::ApplyFile(DatabaseWorkerPool<T>& pool, std::string const& host, std::string const& user,
-    std::string const& password, std::string const& port_or_socket, std::string const& database, Path const& path)
+    std::string const& password, std::string const& port_or_socket, std::string const& database, std::string const& ssl,
+    Path const& path)
 {
     std::vector<std::string> args;
     args.reserve(8);
@@ -404,6 +405,9 @@ void DBUpdater<T>::ApplyFile(DatabaseWorkerPool<T>& pool, std::string const& hos
     // Set max allowed packet to 1 GB
     args.push_back("--max-allowed-packet=1GB");
 
+    if (ssl == "ssl")
+        args.push_back("--ssl");
+
     // Database
     if (!database.empty())
         args.push_back(database);
diff --git a/src/server/database/Updater/DBUpdater.h b/src/server/database/Updater/DBUpdater.h
index 6bb052b36ce..691777e39e0 100644
--- a/src/server/database/Updater/DBUpdater.h
+++ b/src/server/database/Updater/DBUpdater.h
@@ -89,7 +89,8 @@ private:
     static void Apply(DatabaseWorkerPool<T>& pool, std::string const& query);
     static void ApplyFile(DatabaseWorkerPool<T>& pool, Path const& path);
     static void ApplyFile(DatabaseWorkerPool<T>& pool, std::string const& host, std::string const& user,
-        std::string const& password, std::string const& port_or_socket, std::string const& database, Path const& path);
+        std::string const& password, std::string const& port_or_socket, std::string const& database, std::string const& ssl,
+        Path const& path);
 };
 
 #endif // DBUpdater_h__
-- 
cgit v1.2.3