console: prevent console from a crash when doing cleartext connection

bareos · Sep 24, 2018 · 25b4da7 · 25b4da7
1 parent 5f3281f
commit 25b4da7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/core/src/console/console.cc b/core/src/console/console.cc
@@ -889,20 +889,23 @@ BareosSocket *ConnectToDirector(JobControlRecord &jcr, utime_t heart_beat, char
     ConsoleOutput("Could not generate qualified resource name\n");
     TerminateConsole(0);
     return nullptr;
-      }
+  }
 
-  if (!UA_sock->DoTlsHandshake(TlsConfigBase::BNET_TLS_AUTO, local_tls_resource, false,
+  int tls_policy = local_tls_resource->tls_psk.IsActivated() || local_tls_resource->tls_cert.IsActivated()
+                 ? TlsConfigBase::BNET_TLS_AUTO : TlsConfigBase::BNET_TLS_NONE;
+
+  if (!UA_sock->DoTlsHandshake(tls_policy, local_tls_resource, false,
                                qualified_resource_name.c_str(), password->value, &jcr)) {
     ConsoleOutput(errmsg);
     TerminateConsole(0);
     return nullptr;
-   }
+  }
 
   if (!UA_sock->AuthenticateWithDirector(&jcr, name, *password, errmsg, errmsg_len, director_resource)) {
     ConsoleOutput(errmsg);
     TerminateConsole(0);
     return nullptr;
-      }
+  }
   return UA_sock;
 }
 

diff --git a/core/src/lib/tls_conf_base.cc b/core/src/lib/tls_conf_base.cc
@@ -26,7 +26,7 @@ uint32_t GetLocalTlsPolicyFromConfiguration(TlsResource *tls_resource)
   uint32_t local_policy = TlsConfigBase::BNET_TLS_NONE;
 
 #if defined(HAVE_TLS)
-  local_policy = tls_resource->tls_cert.GetPolicy();
+  local_policy = tls_resource->tls_cert.GetPolicy(); /* backward compatibility: before 18.2 never psk */
   Dmsg1(100, "GetLocalTlsPolicyFromConfiguration: %u\n", local_policy);
 #else
   Dmsg1(100, "Ignore configuration no tls compiled in: %u\n", local_policy);