diff --git a/core/src/dird/authenticate.cc b/core/src/dird/authenticate.cc index 22025ff6253..0e763880ee5 100644 --- a/core/src/dird/authenticate.cc +++ b/core/src/dird/authenticate.cc @@ -33,6 +33,7 @@ #include "include/bareos.h" #include "dird.h" #include "dird/fd_cmds.h" +#include "dird/client_connection_handshake_mode.h" #include "dird/dird_globals.h" #include "lib/bnet.h" #include "lib/qualified_resource_name_type_converter.h" @@ -131,7 +132,7 @@ bool AuthenticateWithFileDaemon(JobControlRecord *jcr) BareosSocket *fd = jcr->file_bsock; ClientResource *client = jcr->res.client; - if (jcr->connection_handshake_try_ == JobControlRecord::ConnectionHandshakeMode::kTlsFirst) { + if (jcr->connection_handshake_try_ == ClientConnectionHandshakeMode::kTlsFirst) { std::string qualified_resource_name; if (!my_config->GetQualifiedResourceNameTypeConverter()->ResourceToString(me->hdr.name, my_config->r_own_, qualified_resource_name)) { diff --git a/core/src/dird/backup.cc b/core/src/dird/backup.cc index c348947b989..01b16b3ac0a 100644 --- a/core/src/dird/backup.cc +++ b/core/src/dird/backup.cc @@ -567,7 +567,7 @@ bool DoNativeBackup(JobControlRecord *jcr) } } else { - if (jcr->connection_successful_handshake_ != JobControlRecord::ConnectionHandshakeMode::kTlsFirst) { + if (jcr->connection_successful_handshake_ != ClientConnectionHandshakeMode::kTlsFirst) { tls_need = GetLocalTlsPolicyFromConfiguration(client); } else { tls_need = TlsConfigBase::BNET_TLS_AUTO; diff --git a/core/src/dird/client_connection_handshake_mode.h b/core/src/dird/client_connection_handshake_mode.h new file mode 100644 index 00000000000..c399503598a --- /dev/null +++ b/core/src/dird/client_connection_handshake_mode.h @@ -0,0 +1,29 @@ +/* + BAREOSĀ® - Backup Archiving REcovery Open Sourced + + Copyright (C) 2018-2018 Bareos GmbH & Co. KG + + This program is Free Software; you can redistribute it and/or + modify it under the terms of version three of the GNU Affero General Public + License as published by the Free Software Foundation and included + in the file LICENSE. + + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301, USA. +*/ +#ifndef BAREOS_DIR_CLIENT_CONNECTION_HANDSHAKE_MODE_H_ +#define BAREOS_DIR_CLIENT_CONNECTION_HANDSHAKE_MODE_H_ + +namespace directordaemon { + +enum class ClientConnectionHandshakeMode { kUndefined, kTlsFirst, kCleartextFirst, kFailed }; + +} /* namespace directordaemon */ +#endif /* BAREOS_DIR_CLIENT_CONNECTION_HANDSHAKE_MODE_H_ */ diff --git a/core/src/dird/dird_conf.h b/core/src/dird/dird_conf.h index 17c3c273f40..8aaf97192d4 100644 --- a/core/src/dird/dird_conf.h +++ b/core/src/dird/dird_conf.h @@ -279,6 +279,7 @@ class ClientResource: public TlsResource { bool ndmp_use_lmdb; /* NDMP Protocol specific use LMDB for the FHDB or not */ int64_t max_bandwidth; /* Limit speed on this client */ runtime_client_status_t *rcs; /* Runtime Client Status */ + ClientResource() : TlsResource() {} }; diff --git a/core/src/dird/fd_cmds.cc b/core/src/dird/fd_cmds.cc index 5285867d8fd..a4beaf409f9 100644 --- a/core/src/dird/fd_cmds.cc +++ b/core/src/dird/fd_cmds.cc @@ -167,8 +167,8 @@ bool ConnectToFileDaemon(JobControlRecord *jcr, int retry_interval, int max_retr /* try the connection mode in case a client that cannot do Tls * immediately without cleartext md5-handshake first */ - jcr->connection_handshake_try_ = JobControlRecord::ConnectionHandshakeMode::kTlsFirst; - jcr->connection_successful_handshake_ = JobControlRecord::ConnectionHandshakeMode::kUndefined; + jcr->connection_handshake_try_ = ClientConnectionHandshakeMode::kTlsFirst; + jcr->connection_successful_handshake_ = ClientConnectionHandshakeMode::kUndefined; do { /* while (tcp_connect_failed ...) */ /* connect the tcp socket */ @@ -194,20 +194,20 @@ bool ConnectToFileDaemon(JobControlRecord *jcr, int retry_interval, int max_retr * - if an old client cannot do tls- before md5-handshake * */ switch(jcr->connection_handshake_try_) { - case JobControlRecord::ConnectionHandshakeMode::kTlsFirst: + case ClientConnectionHandshakeMode::kTlsFirst: if (jcr->file_bsock) { jcr->file_bsock->close(); delete jcr->file_bsock; jcr->file_bsock = nullptr; } jcr->resetJobStatus(JS_Running); - jcr->connection_handshake_try_ = JobControlRecord::ConnectionHandshakeMode::kCleartextFirst; + jcr->connection_handshake_try_ = ClientConnectionHandshakeMode::kCleartextFirst; break; - case JobControlRecord::ConnectionHandshakeMode::kCleartextFirst: - jcr->connection_handshake_try_ = JobControlRecord::ConnectionHandshakeMode::kFailed; + case ClientConnectionHandshakeMode::kCleartextFirst: + jcr->connection_handshake_try_ = ClientConnectionHandshakeMode::kFailed; break; - case JobControlRecord::ConnectionHandshakeMode::kFailed: - default: /* should bei one of class ConnectionHandshakeMode */ + case ClientConnectionHandshakeMode::kFailed: + default: /* should bei one of class ClientConnectionHandshakeMode */ ASSERT(false); break; } @@ -218,7 +218,7 @@ bool ConnectToFileDaemon(JobControlRecord *jcr, int retry_interval, int max_retr connect_tries--; } while (!tcp_connect_failed && connect_tries && !success - && jcr->connection_handshake_try_ != JobControlRecord::ConnectionHandshakeMode::kFailed); + && jcr->connection_handshake_try_ != ClientConnectionHandshakeMode::kFailed); if (!success) { jcr->setJobStatus(JS_ErrorTerminated); diff --git a/core/src/dird/restore.cc b/core/src/dird/restore.cc index 25f64333648..e6b3cfb1298 100644 --- a/core/src/dird/restore.cc +++ b/core/src/dird/restore.cc @@ -292,7 +292,7 @@ static inline bool DoNativeRestoreBootstrap(JobControlRecord *jcr) goto bail_out; } - if (jcr->connection_successful_handshake_ != JobControlRecord::ConnectionHandshakeMode::kTlsFirst) { + if (jcr->connection_successful_handshake_ != ClientConnectionHandshakeMode::kTlsFirst) { tls_need = GetLocalTlsPolicyFromConfiguration(client); } else { tls_need = TlsConfigBase::BNET_TLS_AUTO; diff --git a/core/src/dird/verify.cc b/core/src/dird/verify.cc index 9b9c33f9ab7..7c341f6402a 100644 --- a/core/src/dird/verify.cc +++ b/core/src/dird/verify.cc @@ -360,7 +360,7 @@ bool DoVerify(JobControlRecord *jcr) uint32_t tls_need = 0; ClientResource *client = jcr->res.client; - if (jcr->connection_successful_handshake_ != JobControlRecord::ConnectionHandshakeMode::kTlsFirst) { + if (jcr->connection_successful_handshake_ != ClientConnectionHandshakeMode::kTlsFirst) { tls_need = GetLocalTlsPolicyFromConfiguration(client); } else { tls_need = TlsConfigBase::BNET_TLS_AUTO; diff --git a/core/src/include/jcr.h b/core/src/include/jcr.h index 9ced437495f..cdc3eaf820b 100644 --- a/core/src/include/jcr.h +++ b/core/src/include/jcr.h @@ -42,6 +42,7 @@ #ifdef DIRECTOR_DAEMON #include "cats/cats.h" +#include "dird/client_connection_handshake_mode.h" #endif namespace directordaemon { @@ -453,9 +454,6 @@ class JobControlRecord { POOLMEM *comment; /**< Comment for this Job */ int64_t max_bandwidth; /**< Bandwidth limit for this Job */ htable *path_list; /**< Directory list (used by findlib) */ - enum class ConnectionHandshakeMode { kUndefined, kTlsFirst, kCleartextFirst, kFailed }; - ConnectionHandshakeMode connection_handshake_try_; - ConnectionHandshakeMode connection_successful_handshake_; /* * Daemon specific part of JobControlRecord @@ -534,6 +532,8 @@ class JobControlRecord { bool RescheduleIncompleteJobs; /**< Set if incomplete can be rescheduled */ bool HasQuota; /**< Client has quota limits */ bool HasSelectedJobs; /**< Migration/Copy Job did actually select some JobIds */ + directordaemon::ClientConnectionHandshakeMode connection_handshake_try_; + directordaemon::ClientConnectionHandshakeMode connection_successful_handshake_; #endif /* DIRECTOR_DAEMON */ #ifdef FILE_DAEMON