mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
Minor MS SQL improvements
Support 'sql_ssl' option for MS SQL - set Encryption=required and Encrypt=yes in ODBC connection string to require SSL using default FreeTDS driver and Microsoft ODBC Driver for SQL Server repectively. Allow setting full ODBC connection string in 'sql_server' for MS SQL, allowing custom connection configuration beyond what is possible with just 'sql_odbc_driver' option.
This commit is contained in:
parent
06ffe995e1
commit
6fc67d83f4
@ -1293,9 +1293,9 @@ doc() ->
|
|||||||
note => "added in 20.12",
|
note => "added in 20.12",
|
||||||
desc =>
|
desc =>
|
||||||
?T("Path to the ODBC driver to use to connect to a Microsoft SQL "
|
?T("Path to the ODBC driver to use to connect to a Microsoft SQL "
|
||||||
"Server database. This option is only valid if the _`sql_type`_ "
|
"Server database. This option only applies if the _`sql_type`_ "
|
||||||
"option is set to 'mssql'. "
|
"option is set to 'mssql' and _`sql_server`_ is not an ODBC "
|
||||||
"The default value is: 'libtdsodbc.so'")}},
|
"connection string. The default value is: 'libtdsodbc.so'")}},
|
||||||
{sql_password,
|
{sql_password,
|
||||||
#{value => ?T("Password"),
|
#{value => ?T("Password"),
|
||||||
desc =>
|
desc =>
|
||||||
@ -1334,14 +1334,15 @@ doc() ->
|
|||||||
{sql_server,
|
{sql_server,
|
||||||
#{value => ?T("Host"),
|
#{value => ?T("Host"),
|
||||||
desc =>
|
desc =>
|
||||||
?T("A hostname or an IP address of the SQL server. "
|
?T("The hostname or IP address of the SQL server. For _`sql_type`_ "
|
||||||
|
"'mssql' or 'odbc' this can also be an ODBC connection string. "
|
||||||
"The default value is 'localhost'.")}},
|
"The default value is 'localhost'.")}},
|
||||||
{sql_ssl,
|
{sql_ssl,
|
||||||
#{value => "true | false",
|
#{value => "true | false",
|
||||||
note => "improved in 20.03",
|
note => "improved in 20.03",
|
||||||
desc =>
|
desc =>
|
||||||
?T("Whether to use SSL encrypted connections to the "
|
?T("Whether to use SSL encrypted connections to the "
|
||||||
"SQL server. The option is only available for MySQL and "
|
"SQL server. The option is only available for MySQL, MS SQL and "
|
||||||
"PostgreSQL. The default value is 'false'.")}},
|
"PostgreSQL. The default value is 'false'.")}},
|
||||||
{sql_ssl_cafile,
|
{sql_ssl_cafile,
|
||||||
#{value => ?T("Path"),
|
#{value => ?T("Path"),
|
||||||
@ -1350,7 +1351,8 @@ doc() ->
|
|||||||
"be used to verify SQL connections. Implies _`sql_ssl`_ "
|
"be used to verify SQL connections. Implies _`sql_ssl`_ "
|
||||||
"and _`sql_ssl_verify`_ options are set to 'true'. "
|
"and _`sql_ssl_verify`_ options are set to 'true'. "
|
||||||
"There is no default which means "
|
"There is no default which means "
|
||||||
"certificate verification is disabled.")}},
|
"certificate verification is disabled. "
|
||||||
|
"This option has no effect for MS SQL.")}},
|
||||||
{sql_ssl_certfile,
|
{sql_ssl_certfile,
|
||||||
#{value => ?T("Path"),
|
#{value => ?T("Path"),
|
||||||
desc =>
|
desc =>
|
||||||
@ -1358,13 +1360,15 @@ doc() ->
|
|||||||
"for SSL connections to the SQL server. Implies _`sql_ssl`_ "
|
"for SSL connections to the SQL server. Implies _`sql_ssl`_ "
|
||||||
"option is set to 'true'. There is no default which means "
|
"option is set to 'true'. There is no default which means "
|
||||||
"ejabberd won't provide a client certificate to the SQL "
|
"ejabberd won't provide a client certificate to the SQL "
|
||||||
"server.")}},
|
"server. "
|
||||||
|
"This option has no effect for MS SQL.")}},
|
||||||
{sql_ssl_verify,
|
{sql_ssl_verify,
|
||||||
#{value => "true | false",
|
#{value => "true | false",
|
||||||
desc =>
|
desc =>
|
||||||
?T("Whether to verify SSL connection to the SQL server against "
|
?T("Whether to verify SSL connection to the SQL server against "
|
||||||
"CA root certificates defined in _`sql_ssl_cafile`_ option. "
|
"CA root certificates defined in _`sql_ssl_cafile`_ option. "
|
||||||
"Implies _`sql_ssl`_ option is set to 'true'. "
|
"Implies _`sql_ssl`_ option is set to 'true'. "
|
||||||
|
"This option has no effect for MS SQL. "
|
||||||
"The default value is 'false'.")}},
|
"The default value is 'false'.")}},
|
||||||
{sql_start_interval,
|
{sql_start_interval,
|
||||||
#{value => "timeout()",
|
#{value => "timeout()",
|
||||||
|
@ -1159,9 +1159,19 @@ db_opts(Host) ->
|
|||||||
SSLOpts = get_ssl_opts(Transport, Host),
|
SSLOpts = get_ssl_opts(Transport, Host),
|
||||||
case Type of
|
case Type of
|
||||||
mssql ->
|
mssql ->
|
||||||
[mssql, <<"DRIVER=ODBC;SERVER=", Server/binary, ";UID=", User/binary,
|
case odbc_server_is_connstring(Server) of
|
||||||
";DATABASE=", DB/binary ,";PWD=", Pass/binary,
|
true ->
|
||||||
";PORT=", (integer_to_binary(Port))/binary ,";CLIENT_CHARSET=UTF-8;">>, Timeout];
|
[mssql, Server, Timeout];
|
||||||
|
false ->
|
||||||
|
Encryption = case Transport of
|
||||||
|
tcp -> <<"">>;
|
||||||
|
ssl -> <<";ENCRYPTION=require;ENCRYPT=yes">>
|
||||||
|
end,
|
||||||
|
[mssql, <<"DRIVER=ODBC;SERVER=", Server/binary, ";DATABASE=", DB/binary,
|
||||||
|
";UID=", User/binary, ";PWD=", Pass/binary,
|
||||||
|
";PORT=", (integer_to_binary(Port))/binary, Encryption/binary,
|
||||||
|
";CLIENT_CHARSET=UTF-8;">>, Timeout]
|
||||||
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
[Type, Server, Port, DB, User, Pass, Timeout, Transport, SSLOpts]
|
[Type, Server, Port, DB, User, Pass, Timeout, Transport, SSLOpts]
|
||||||
end
|
end
|
||||||
@ -1171,6 +1181,8 @@ warn_if_ssl_unsupported(tcp, _) ->
|
|||||||
ok;
|
ok;
|
||||||
warn_if_ssl_unsupported(ssl, pgsql) ->
|
warn_if_ssl_unsupported(ssl, pgsql) ->
|
||||||
ok;
|
ok;
|
||||||
|
warn_if_ssl_unsupported(ssl, mssql) ->
|
||||||
|
ok;
|
||||||
warn_if_ssl_unsupported(ssl, mysql) ->
|
warn_if_ssl_unsupported(ssl, mysql) ->
|
||||||
ok;
|
ok;
|
||||||
warn_if_ssl_unsupported(ssl, Type) ->
|
warn_if_ssl_unsupported(ssl, Type) ->
|
||||||
@ -1203,7 +1215,7 @@ get_ssl_opts(ssl, Host) ->
|
|||||||
get_ssl_opts(tcp, _) ->
|
get_ssl_opts(tcp, _) ->
|
||||||
[].
|
[].
|
||||||
|
|
||||||
init_mssql(Host) ->
|
init_mssql_odbcinst(Host) ->
|
||||||
Driver = ejabberd_option:sql_odbc_driver(Host),
|
Driver = ejabberd_option:sql_odbc_driver(Host),
|
||||||
ODBCINST = io_lib:fwrite("[ODBC]~n"
|
ODBCINST = io_lib:fwrite("[ODBC]~n"
|
||||||
"Driver = ~s~n", [Driver]),
|
"Driver = ~s~n", [Driver]),
|
||||||
@ -1225,6 +1237,19 @@ init_mssql(Host) ->
|
|||||||
Err
|
Err
|
||||||
end.
|
end.
|
||||||
|
|
||||||
|
init_mssql(Host) ->
|
||||||
|
Server = ejabberd_option:sql_server(Host),
|
||||||
|
case odbc_server_is_connstring(Server) of
|
||||||
|
true -> ok;
|
||||||
|
false -> init_mssql_odbcinst(Host)
|
||||||
|
end.
|
||||||
|
|
||||||
|
odbc_server_is_connstring(Server) ->
|
||||||
|
case binary:match(Server, <<"=">>) of
|
||||||
|
nomatch -> false;
|
||||||
|
_ -> true
|
||||||
|
end.
|
||||||
|
|
||||||
write_file_if_new(File, Payload) ->
|
write_file_if_new(File, Payload) ->
|
||||||
case filelib:is_file(File) of
|
case filelib:is_file(File) of
|
||||||
true -> ok;
|
true -> ok;
|
||||||
|
Loading…
Reference in New Issue
Block a user