stored: initialize jcr->sd_tls_policy

Fixes #1192: Authorization key rejected by Storage daemon since upgrading director and storage daemons Previously the sd_tls_policy member of the JCR in the sd was not initialized properly. By using the uninitialized value, the SD may close a valid non-TLS connection which eventually leads to a failing job. This patch initializes sd_tls_policy to kBnetTlsNone (0) which lets the SD accept every connection on a job that was not configured otherwise by the director. (cherry picked from commit 884a31e)
bareos · Feb 27, 2020 · 38045e7 · 38045e7
1 parent c11f488
commit 38045e7
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/core/src/include/jcr.h b/core/src/include/jcr.h
@@ -179,7 +179,7 @@ class JobControlRecord {
   POOLMEM* RestoreBootstrap{};  /**< Bootstrap file to restore */
   POOLMEM* stime{};             /**< start time for incremental/differential */
   char* sd_auth_key{};          /**< SD auth key */
-  TlsPolicy sd_tls_policy;      /**< SD Tls Policy */
+  TlsPolicy sd_tls_policy{kBnetTlsNone};      /**< SD Tls Policy */
   MessagesResource* jcr_msgs{}; /**< Copy of message resource -- actually used */
   uint32_t ClientId{};          /**< Client associated with Job */
   char* where{};                /**< Prefix to restore files to */

diff --git a/core/src/lib/try_tls_handshake_as_a_server.cc b/core/src/lib/try_tls_handshake_as_a_server.cc
@@ -58,6 +58,7 @@ static ConnectionHandshakeMode GetHandshakeMode(
       Dmsg0(200, "Could not read out cleartext configuration\n");
       return ConnectionHandshakeMode::CloseConnection;
     }
+    Dmsg0(200, "TlsPolicy for %s is %u\n", client_name.c_str(), tls_policy);
     if (r_code_str == std::string("R_CLIENT")) {
       if (tls_policy == kBnetTlsRequired) {
         return ConnectionHandshakeMode::CloseConnection;