Skip to content

Commit

Permalink
dir: send the tls_policy to passive client
Browse files Browse the repository at this point in the history
  • Loading branch information
@franku
franku committed Jan 16, 2019
1 parent f0d8d25 commit 0f04aa4
Show file tree
Hide file tree
Showing 14 changed files with 194 additions and 74 deletions.
2 changes: 1 addition & 1 deletion core/src/dird/backup.cc
View file
Expand Up @@ -491,7 +491,7 @@ bool DoNativeBackup(JobControlRecord *jcr)
goto bail_out;
}
Dmsg1(120, "jobid: %d: connected\n", jcr->JobId);
SendJobInfo(jcr);
SendJobInfoToFileDaemon(jcr);
fd = jcr->file_bsock;

/*
Expand Down
28 changes: 25 additions & 3 deletions core/src/dird/fd_cmds.cc
View file
Expand Up @@ -55,6 +55,8 @@ static char filesetcmd[] =
"fileset%s\n"; /* set full fileset */
static char jobcmd[] =
"JobId=%s Job=%s SDid=%u SDtime=%u Authorization=%s\n";
static char jobcmdssl[] =
"JobId=%s Job=%s SDid=%u SDtime=%u Authorization=%s ssl=%d\n";
/* Note, mtime_only is not used here -- implemented as file option */
static char levelcmd[] =
"level = %s%s%s mtime_only=%d %s%s\n";
Expand Down Expand Up @@ -308,7 +310,7 @@ bool ConnectToFileDaemon(JobControlRecord *jcr, int retry_interval, int max_retr
return success;
}

int SendJobInfo(JobControlRecord *jcr)
int SendJobInfoToFileDaemon(JobControlRecord *jcr)
{
BareosSocket *fd = jcr->file_bsock;
char ed1[30];
Expand All @@ -320,8 +322,28 @@ int SendJobInfo(JobControlRecord *jcr)
jcr->sd_auth_key = bstrdup("dummy");
}

fd->fsend(jobcmd, edit_int64(jcr->JobId, ed1), jcr->Job, jcr->VolSessionId,
jcr->VolSessionTime, jcr->sd_auth_key);
StorageResource *storage;
if (jcr->res.write_storage) {
storage = jcr->res.write_storage;
} else if (jcr->res.read_storage) {
storage = jcr->res.read_storage;
} else {
Jmsg(jcr, M_FATAL, 0, _("No read or write storage defined\n"));
jcr->setJobStatus(JS_ErrorTerminated);
return 0;
}

if (jcr->res.client->connection_successful_handshake_ != ClientConnectionHandshakeMode::kTlsFirst) {
/* client before Bareos 18.2 */
fd->fsend(jobcmd, edit_int64(jcr->JobId, ed1), jcr->Job, jcr->VolSessionId,
jcr->VolSessionTime, jcr->sd_auth_key);
} else {
/* client onwards Bareos 18.2 */
TlsPolicy tls_policy;
tls_policy = storage->IsTlsConfigured() ? TlsPolicy::kBnetTlsAuto : TlsPolicy::kBnetTlsNone;
fd->fsend(jobcmdssl, edit_int64(jcr->JobId, ed1), jcr->Job, jcr->VolSessionId,
jcr->VolSessionTime, jcr->sd_auth_key, tls_policy);
}

if (!jcr->keep_sd_auth_key && !bstrcmp(jcr->sd_auth_key, "dummy")) {
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
Expand Down
2 changes: 1 addition & 1 deletion core/src/dird/fd_cmds.h
View file
Expand Up @@ -26,7 +26,7 @@ namespace directordaemon {

bool ConnectToFileDaemon(JobControlRecord *jcr, int retry_interval, int max_retry_time, bool verbose,
UaContext *ua = nullptr);
int SendJobInfo(JobControlRecord *jcr);
int SendJobInfoToFileDaemon(JobControlRecord *jcr);
bool SendIncludeList(JobControlRecord *jcr);
bool SendExcludeList(JobControlRecord *jcr);
bool SendLevelCommand(JobControlRecord *jcr);
Expand Down
2 changes: 1 addition & 1 deletion core/src/dird/restore.cc
View file
Expand Up @@ -199,7 +199,7 @@ static inline bool DoNativeRestoreBootstrap(JobControlRecord *jcr)
if (!ConnectToFileDaemon(jcr, 10, me->FDConnectTimeout, true)) {
goto bail_out;
}
SendJobInfo(jcr);
SendJobInfoToFileDaemon(jcr);
fd = jcr->file_bsock;

if (!SendSecureEraseReqToFd(jcr)) {
Expand Down
2 changes: 1 addition & 1 deletion core/src/dird/ua_cmds.cc
View file
Expand Up @@ -1768,7 +1768,7 @@ static bool EstimateCmd(UaContext *ua, const char *cmd)
return false;
}

if (!SendJobInfo(jcr)) {
if (!SendJobInfoToFileDaemon(jcr)) {
ua->ErrorMsg(_("Failed to connect to Client.\n"));
return false;
}
Expand Down
4 changes: 2 additions & 2 deletions core/src/dird/verify.cc
View file
Expand Up @@ -280,7 +280,7 @@ bool DoVerify(JobControlRecord *jcr)
if (!ConnectToFileDaemon(jcr, 10, me->FDConnectTimeout, true)) {
goto bail_out;
}
SendJobInfo(jcr);
SendJobInfoToFileDaemon(jcr);
fd = jcr->file_bsock;

/*
Expand All @@ -302,7 +302,7 @@ bool DoVerify(JobControlRecord *jcr)
if (!ConnectToFileDaemon(jcr, 10, me->FDConnectTimeout, true)) {
goto bail_out;
}
SendJobInfo(jcr);
SendJobInfoToFileDaemon(jcr);
fd = jcr->file_bsock;
break;
}
Expand Down
7 changes: 4 additions & 3 deletions core/src/filed/CMakeLists.txt
View file
Expand Up @@ -26,9 +26,10 @@ IF(HAVE_WIN32)
)
ENDIF()

set(FDSRCS accurate.cc authenticate.cc crypto.cc fd_plugins.cc fileset.cc sd_cmds.cc verify.cc
accurate_htable.cc backup.cc dir_cmd.cc filed.cc filed_globals.cc heartbeat.cc socket_server.cc
verify_vol.cc accurate_lmdb.cc compression.cc estimate.cc filed_conf.cc restore.cc status.cc)
set(FDSRCS accurate.cc authenticate.cc crypto.cc evaluate_job_command.cc fd_plugins.cc fileset.cc
sd_cmds.cc verify.cc accurate_htable.cc backup.cc dir_cmd.cc filed.cc filed_globals.cc heartbeat.cc
socket_server.cc verify_vol.cc accurate_lmdb.cc compression.cc estimate.cc filed_conf.cc
restore.cc status.cc)

IF(HAVE_WIN32)
LIST(APPEND FDSRCS
Expand Down
32 changes: 20 additions & 12 deletions core/src/filed/dir_cmd.cc
View file
Expand Up @@ -35,6 +35,7 @@
#include "filed/authenticate.h"
#include "filed/dir_cmd.h"
#include "filed/estimate.h"
#include "filed/evaluate_job_command.h"
#include "filed/heartbeat.h"
#include "filed/fileset.h"
#include "filed/socket_server.h"
Expand Down Expand Up @@ -191,7 +192,6 @@ static char setbandwidthcmd[] = "setbandwidth=%lld Job=%127s";
static char setdebugv0cmd[] = "setdebug=%d trace=%d";
static char setdebugv1cmd[] = "setdebug=%d trace=%d hangup=%d";
static char setdebugv2cmd[] = "setdebug=%d trace=%d hangup=%d timestamp=%d";
static char jobcmd[] = "JobId=%d Job=%127s SDid=%d SDtime=%d Authorization=%100s";
static char storaddrv0cmd[] = "storage address=%s port=%d ssl=%d";
static char storaddrv1cmd[] = "storage address=%s port=%d ssl=%d Authorization=%100s";
static char sessioncmd[] = "session %127s %ld %ld %ld %ld %ld %ld\n";
Expand Down Expand Up @@ -917,23 +917,31 @@ static bool EstimateCmd(JobControlRecord *jcr)
static bool job_cmd(JobControlRecord *jcr)
{
BareosSocket *dir = jcr->dir_bsock;
PoolMem sd_auth_key(PM_MESSAGE);
sd_auth_key.check_size(dir->message_length);
const char *os_version;

if (sscanf(dir->msg, jobcmd, &jcr->JobId, jcr->Job, &jcr->VolSessionId, &jcr->VolSessionTime,
sd_auth_key.c_str()) != 5) {
PmStrcpy(jcr->errmsg, dir->msg);
Jmsg(jcr, M_FATAL, 0, _("Bad Job Command: %s"), jcr->errmsg);
dir->fsend(BADjob);
return false;
JobCommand command(dir->msg);

if (!command.EvaluationSuccesful()) {
PmStrcpy(jcr->errmsg, dir->msg);
Jmsg(jcr, M_FATAL, 0, _("Bad Job Command: %s"), jcr->errmsg);
dir->fsend(BADjob);
return false;
}
SetStorageAuthKeyAndTlsPolicy(jcr, sd_auth_key.c_str(), jcr->sd_tls_policy);
Dmsg2(120, "JobId=%d Auth=%s\n", jcr->JobId, jcr->sd_auth_key);

jcr->JobId = command.job_id_;
strncpy(jcr->Job, command.job_, sizeof(jcr->Job));
jcr->VolSessionId = command.vol_session_id_;
jcr->VolSessionTime = command.vol_session_time_;

TlsPolicy tls_policy = command.protocol_version_ == JobCommand::ProtocolVersion::KVersionBefore_18_2 ?
TlsPolicy::kBnetTlsNone : command.tls_policy_;

SetStorageAuthKeyAndTlsPolicy(jcr, command.sd_auth_key_, tls_policy);
Dmsg3(120, "JobId=%d Auth=%s TlsPolicy=%d\n", jcr->JobId, jcr->sd_auth_key, tls_policy);
Mmsg(jcr->errmsg, "JobId=%d Job=%s", jcr->JobId, jcr->Job);
NewPlugins(jcr); /* instantiate plugins for this jcr */
GeneratePluginEvent(jcr, bEventJobStart, (void *)jcr->errmsg);

const char *os_version;
#ifdef HAVE_WIN32
os_version = win_os;
#else
Expand Down
4 changes: 3 additions & 1 deletion core/src/filed/dir_cmd.h
View file
Expand Up @@ -22,14 +22,16 @@
#ifndef BAREOS_FILED_DIR_CMD_H_
#define BAREOS_FILED_DIR_CMD_H_ 1

class JobControlRecord;
class BareosSocket;

namespace filedaemon {

JobControlRecord *create_new_director_session(BareosSocket *dir);
void *process_director_commands(JobControlRecord *jcr, BareosSocket *dir);
void *handle_director_connection(BareosSocket *dir);
bool StartConnectToDirectorThreads();
bool StopConnectToDirectorThreads(bool wait=false);

} /* namespace filedaemon */

#endif /* BAREOS_FILED_DIR_CMD_H_ */
78 changes: 29 additions & 49 deletions core/src/filed/evaluate_job_command.cc
View file
Expand Up @@ -19,68 +19,48 @@
02110-1301, USA.
*/

#include "filed/dir_cmd.h"
#include "filed/evaluate_job_command.h"
#include "include/bareos.h"

const std::string EvaluateJobcommand::jobcmd { "JobId=%d Job=%127s SDid=%u SDtime=%u Authorization=%100s" };
const std::string EvaluateJobcommand::jobcmdssl { "JobId=%d Job=%127s SDid=%u SDtime=%u Authorization=%100s ssl=%d\n" };

namespace filedaemon {

class EvaluateJobcommand
{
public:
EvaluateJobcommand();
: uint32_t JobId(0)
, Job[24]
, VolSessionId(0)
, VolSessionTime(0)
PoolMem sd_auth_key;
, tls_policy(TlsPolicy::kBnetTlsUnknown)


uint32_t JobId;
char Job[24];
uint32_t VolSessionId;
uint32_t VolSessionTime;
PoolMem sd_auth_key;
TlsPolicy tls_policy = TlsPolicy::kBnetTlsUnknown;

private:
std::string jobcmd { "JobId=%d Job=%127s SDid=%u SDtime=%u Authorization=%100s" };
std::string jobcmdssl { "JobId=%d Job=%127s SDid=%u SDtime=%u Authorization=%100s ssl=%d\n" };
};
const std::string JobCommand::jobcmd_{"JobId=%d Job=%127s SDid=%u SDtime=%u Authorization=%100s"};
const std::string JobCommand::jobcmdssl_{
"JobId=%d Job=%127s SDid=%u SDtime=%u Authorization=%100s ssl=%d\n"};

JobMessageProtocolVersion EvaluateJobcommand(const POOLMEM *msg,
uint32_t &JobId,
char *Job,
uint32_t &VolSessionId,
uint32_t &VolSessionTime,
PoolMem &sd_auth_key,
TlsPolicy &tls_policy)
JobCommand::JobCommand(const char *msg) : job_{0}, sd_auth_key_{0}
{
int tries = 2;
JobMessageProtocolVersion successful_protocol = JobMessageProtocolVersion::kVersionUndefinded;
ProtocolVersion protocol = ProtocolVersion::kVersionUndefinded;

for (int protocol_try = 1; !successful_protocol && protocol_try <= tries; protocol_try++) {
std::vector<ProtocolVersion> implemented_protocols{ProtocolVersion::kVersionFrom_18_2,
ProtocolVersion::KVersionBefore_18_2};

for (auto protocol_try : implemented_protocols) {
switch (protocol_try) {
case JobMessageProtocolVersion::kVersionFrom_18_2:
if (sscanf(msg, jobcmdssl, &JobId, Job, &VolSessionId, &VolSessionTime,
sd_auth_key.c_str(), &tls_policy) == 6) {
successful_protocol = static_cast<JobMessageProtocolVersion>(protocol_try);
case ProtocolVersion::kVersionFrom_18_2:
if (sscanf(msg, jobcmdssl_.c_str(), &job_id_, job_, &vol_session_id_, &vol_session_time_, sd_auth_key_,
&tls_policy_) == 6) {
protocol = protocol_try;
}
break;
case JobMessageProtocolVersion::KVersionBefore_18_2:
if (sscanf(msg, jobcmd, &JobId, Job, &VolSessionId, &VolSessionTime,
sd_auth_key.c_str()) == 5) {
successful_protocol = static_cast<JobMessageProtocolVersion>(protocol_try);
case ProtocolVersion::KVersionBefore_18_2:
if (sscanf(msg, jobcmd_.c_str(), &job_id_, job_, &vol_session_id_, &vol_session_time_, sd_auth_key_) ==
5) {
protocol = protocol_try;
}
break;
default:
/* never */
break;
}
}
return successful_protocol;
} /* switch () */
if (protocol != ProtocolVersion::kVersionUndefinded) { break; }
} /* for ( auto.. */
protocol_version_ = protocol;
}

bool JobCommand::EvaluationSuccesful() const
{
return protocol_version_ != ProtocolVersion::kVersionUndefinded;
}

} /* namespace filedamon */
} // namespace filedaemon
58 changes: 58 additions & 0 deletions core/src/filed/evaluate_job_command.h
View file
@@ -0,0 +1,58 @@
/**
BAREOS® - Backup Archiving REcovery Open Sourced
Copyright (C) 2019-2019 Bareos GmbH & Co. KG
This program is Free Software; you can redistribute it and/or
modify it under the terms of version three of the GNU Affero General Public
License as published by the Free Software Foundation and included
in the file LICENSE.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/

#ifndef BAREOS_FILED_EVALUATE_JOB_COMMAND_H_
#define BAREOS_FILED_EVALUATE_JOB_COMMAND_H_

#include "include/bareos.h"

namespace filedaemon {

class JobCommand {
public:
enum class ProtocolVersion
{
kVersionUndefinded,
kVersionFrom_18_2,
KVersionBefore_18_2
};

public:
JobCommand(const char *msg);
JobCommand(const JobCommand &) = delete;
bool EvaluationSuccesful() const;

uint32_t job_id_ = 0;
char job_[MAX_NAME_LENGTH];
uint32_t vol_session_id_ = 0;
uint32_t vol_session_time_ = 0;
char sd_auth_key_[MAX_NAME_LENGTH];
TlsPolicy tls_policy_ = TlsPolicy::kBnetTlsUnknown;

ProtocolVersion protocol_version_ = ProtocolVersion::kVersionUndefinded;

private:
static const std::string jobcmd_;
static const std::string jobcmdssl_;
};
} /* namespace filedaemon */

#endif /* BAREOS_FILED_EVALUATE_JOB_COMMAND_H_ */
3 changes: 3 additions & 0 deletions core/src/lib/bsock.cc
View file
Expand Up @@ -34,6 +34,8 @@
#include "lib/util.h"
#include "lib/bstringlist.h"

#include <algorithm>

static constexpr int debuglevel = 50;

BareosSocket::BareosSocket()
Expand Down Expand Up @@ -606,6 +608,7 @@ bool BareosSocket::EvaluateCleartextBareosHello(bool &cleartext_hello,
std::string code;
BareosVersionNumber version = BareosVersionNumber::kUndefined;
if (GetNameAndResourceTypeAndVersionFromHello(received, name, code, version)) {
name.erase(std::remove(name.begin(), name.end(), '\n'), name.end());
if (version > BareosVersionNumber::kUndefined) {
BareosVersionToMajorMinor v(version);
Dmsg4(200, "Identified from Bareos handshake: %s-%s recognized version: %d.%d\n",
Expand Down
1 change: 1 addition & 0 deletions core/src/tests/CMakeLists.txt
View file
Expand Up @@ -60,6 +60,7 @@ add_executable(test_lib
htable_test.cc
qualified_resource_name_type_converter_test.cc
lib_tests.cc
${PROJECT_SOURCE_DIR}/src/filed/evaluate_job_command.cc
)

target_link_libraries(test_lib
Expand Down

0 comments on commit 0f04aa4

Please sign in to comment.