-
Notifications
You must be signed in to change notification settings - Fork 256
/
try_tls_handshake_as_a_server.cc
77 lines (64 loc) · 2.5 KB
/
try_tls_handshake_as_a_server.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
/*
BAREOS® - Backup Archiving REcovery Open Sourced
Copyright (C) 2018-2018 Bareos GmbH & Co. KG
This program is Free Software; you can redistribute it and/or
modify it under the terms of version three of the GNU Affero General Public
License as published by the Free Software Foundation and included
in the file LICENSE.
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*/
#include "include/bareos.h"
#include "try_tls_handshake_as_a_server.h"
#include "lib/bsock_tcp.h"
static bool CheckForCleartextConnection(BareosSocket *bs, ConfigurationParser *config, bool &do_cleartext)
{
bool cleartext_requested;
std::string client_name;
uint32_t r_code;
QualifiedResourceNameTypeConverter *converter = config->GetQualifiedResourceNameTypeConverter();
if (!converter) { return false; }
if (!bs->EvaluateCleartextBareosHello(*converter,
cleartext_requested,
client_name,
r_code)) {
Dmsg0(100, "Could not read out cleartext hello\n");
return false;
}
bool cleartext_configured;
if (!config->GetCleartextConfigured(cleartext_configured)) {
Dmsg0(100, "Could not read out cleartext configuration\n");
return false;
}
if (cleartext_requested && !cleartext_configured) {
Dmsg0(100, "Client wants cleartext connection but tls is configured\n");
return false;
}
if (!cleartext_requested && cleartext_configured) {
Dmsg0(100, "Client wants tls connection but cleartext is configured\n");
return false;
}
do_cleartext = cleartext_configured; /* this covers the other two cases */
Dmsg1(100, "Client and Server want %s connection\n", do_cleartext ? "cleartext" : "tls");
return true;
}
bool TryTlsHandshakeAsAServer(BareosSocket *bs, ConfigurationParser *config)
{
bool cleartext;
if (!CheckForCleartextConnection(bs, config, cleartext)) {
return false;
}
if (!cleartext) {
if (!bs->DoTlsHandshakeAsAServer(config)) {
return false;
}
}
/* cleartext - no Tls Handshake */
return true;
}