tls: use TlsPolicy instead of pure integer

- tls_need is now TlsPolicy variable tls_policy
bareos · Nov 27, 2018 · 85b454b · 85b454b
1 parent 167a31d
commit 85b454b
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 15 deletions.
diff --git a/core/src/dird/restore.cc b/core/src/dird/restore.cc
@@ -235,8 +235,6 @@ static inline bool DoNativeRestoreBootstrap(JobControlRecord *jcr)
       }
 
       if (!jcr->passive_client) {
-         uint32_t tls_need = 0;
-
          /*
           * When the client is not in passive mode we can put the SD in
           * listen mode for the FD connection. And ask the FD to connect
@@ -266,20 +264,19 @@ static inline bool DoNativeRestoreBootstrap(JobControlRecord *jcr)
          /*
           * TLS Requirement
           */
-         tls_need = store->IsTlsConfigured() ? TlsPolicy::kBnetTlsAuto : TlsPolicy::kBnetTlsNone;
+         TlsPolicy tls_policy = store->IsTlsConfigured() ? TlsPolicy::kBnetTlsAuto : TlsPolicy::kBnetTlsNone;
 
          connection_target_address = StorageAddressToContact(client, store);
 
          fd->fsend(storaddrcmd, connection_target_address,
-                   store->SDDport, tls_need, jcr->sd_auth_key);
+                   store->SDDport, tls_policy, jcr->sd_auth_key);
          memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
 
          Dmsg1(6, "dird>filed: %s", fd->msg);
          if (!response(jcr, fd, OKstore, "Storage", DISPLAY_ERROR)) {
             goto bail_out;
          }
       } else {
-          uint32_t tls_need = 0;
             /*
           * In passive mode we tell the FD what authorization key to use
           * and the ask the SD to initiate the connection.
@@ -292,17 +289,19 @@ static inline bool DoNativeRestoreBootstrap(JobControlRecord *jcr)
             goto bail_out;
          }
 
+         TlsPolicy tls_policy;
+
          if (jcr->res.client->connection_successful_handshake_ != ClientConnectionHandshakeMode::kTlsFirst) {
-            tls_need = client->GetPolicy();
+            tls_policy = client->GetPolicy();
          } else {
-            tls_need = client->IsTlsConfigured() ? TlsPolicy::kBnetTlsAuto : TlsPolicy::kBnetTlsNone;
+            tls_policy = client->IsTlsConfigured() ? TlsPolicy::kBnetTlsAuto : TlsPolicy::kBnetTlsNone;
          }
 
          connection_target_address = ClientAddressToContact(client, store);
          /*
           * Tell the SD to connect to the FD.
           */
-         sd->fsend(passiveclientcmd, connection_target_address, client->FDport, tls_need);
+         sd->fsend(passiveclientcmd, connection_target_address, client->FDport, tls_policy);
          Bmicrosleep(2,0);
          if (!response(jcr, sd, OKpassiveclient, "Passive client", DISPLAY_ERROR)) {
             goto bail_out;

diff --git a/core/src/filed/dir_cmd.cc b/core/src/filed/dir_cmd.cc
@@ -1586,7 +1586,7 @@ static bool StorageCmd(JobControlRecord *jcr)
 
    jcr->store_bsock = storage_daemon_socket;
 
-   if (me->IsTlsConfigured() || tls_policy == TlsPolicy::kBnetTlsAuto) {
+   if (tls_policy == TlsPolicy::kBnetTlsAuto) {
     std::string qualified_resource_name;
     if (!my_config->GetQualifiedResourceNameTypeConverter()->ResourceToString(
             jcr->Job, R_JOB, jcr->JobId, qualified_resource_name)) {

diff --git a/core/src/include/jcr.h b/core/src/include/jcr.h
@@ -681,7 +681,7 @@ extern JobControlRecord *get_jcr_by_session(uint32_t SessionId, uint32_t Session
 extern JobControlRecord *get_jcr_by_partial_name(char *Job);
 extern JobControlRecord *get_jcr_by_full_name(char *Job);
 extern const char *JcrGetAuthenticateKey(uint32_t job_id, const char *unified_job_name);
-TlsPolicy JcrGetTlsPolicy(const char *unified_job_name);
+TlsPolicy JcrGetTlsPolicy(uint32_t job_id, const char *unified_job_name);
 extern JobControlRecord *get_next_jcr(JobControlRecord *jcr);
 extern void SetJcrJobStatus(JobControlRecord *jcr, int JobStatus);
 extern int num_jobs_run;

diff --git a/core/src/lib/jcr.cc b/core/src/lib/jcr.cc
@@ -843,7 +843,7 @@ const char *JcrGetAuthenticateKey(uint32_t job_id, const char *unified_job_name)
   return auth_key;
 }
 
-TlsPolicy JcrGetTlsPolicy(const char *unified_job_name)
+TlsPolicy JcrGetTlsPolicy(uint32_t job_id, const char *unified_job_name)
 {
   if (!unified_job_name) { return kBnetTlsUnknown; }
 

diff --git a/core/src/lib/parse_conf.cc b/core/src/lib/parse_conf.cc
@@ -55,6 +55,8 @@
 #include "lib/edit.h"
 #include "lib/parse_conf.h"
 #include "lib/qualified_resource_name_type_converter.h"
+#include "lib/bstringlist.h"
+#include "lib/ascii_control_characters.h"
 
 #if defined(HAVE_WIN32)
 #include "shlobj.h"
@@ -1026,11 +1028,22 @@ bool ConfigurationParser::GetConfiguredTlsPolicy(const std::string &r_code_str,
     }
     tls_policy = own_tls_resource->GetPolicy();
   } else if(r_code_str == std::string("R_JOB")) {
-    TlsPolicy policy = JcrGetTlsPolicy(name.c_str());
-    if (policy == kBnetTlsUnknown) {
-      return false;
+    BStringList job_information(name, AsciiControlCharacters::RecordSeparator());
+    if (job_information.size() >= 3) {
+      uint32_t job_id;
+      try {
+        job_id = stoi(job_information[2]);
+      }
+      catch(const std::exception &e) {
+        return false;
+      }
+      TlsPolicy policy = JcrGetTlsPolicy(job_id, job_information[1].c_str());
+      if (policy != kBnetTlsUnknown) {
+        tls_policy = policy;
+        return true;
+      }
     }
-    tls_policy = policy;
+    return false;
   }
   else {
     uint32_t r_code = qualified_resource_name_type_converter_->StringToResourceType(r_code_str);