filed: enabled immediate tls connection from director

bareos · Sep 5, 2018 · 6aed341 · 6aed341
1 parent 005366e
commit 6aed341
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 12 deletions.
diff --git a/core/src/dird/authenticate.cc b/core/src/dird/authenticate.cc
@@ -127,21 +127,28 @@ bool AuthenticateWithStorageDaemon(JobControlRecord *jcr, StorageResource *store
  */
 bool AuthenticateWithFileDaemon(JobControlRecord *jcr)
 {
-  BareosSocket *fd       = jcr->file_bsock;
-  ClientResource *client = jcr->res.client;
-  char dirname[MAX_NAME_LENGTH];
-  bool auth_success = false;
-
   if (jcr->authenticated) {
-    /*
-     * already authenticated
-     */
     return true;
   }
 
-  /**
-   * Send my name to the File daemon then do authentication
-   */
+  std::string qualified_resource_name;
+  if (!my_config->GetQualifiedResourceNameTypeConverter()->ResourceToString(me->hdr.name, my_config->r_own_,
+                                                                            qualified_resource_name)) {
+    Dmsg0(100, "Could not generate qualified resource name for a storage resource\n");
+    return false;
+  }
+
+  ClientResource *client = jcr->res.client;
+  TlsResource *tls_configuration = dynamic_cast<TlsResource *>(client);
+  BareosSocket *fd       = jcr->file_bsock;
+
+  if (!fd->DoTlsHandshake(4, tls_configuration, false, qualified_resource_name.c_str(), client->password.value,
+                          jcr)) {
+    Dmsg0(100, "Could not DoTlsHandshake() with a storage daemon\n");
+    return false;
+  }
+
+  char dirname[MAX_NAME_LENGTH];
   bstrncpy(dirname, me->name(), sizeof(dirname));
   BashSpaces(dirname);
 
@@ -152,6 +159,7 @@ bool AuthenticateWithFileDaemon(JobControlRecord *jcr)
   }
   Dmsg1(debuglevel, "Sent: %s", fd->msg);
 
+  bool auth_success;
   auth_success = fd->AuthenticateOutboundConnection(jcr, "File Daemon", dirname, client->password, client);
 
   if (!auth_success) {

diff --git a/core/src/filed/filed_conf.cc b/core/src/filed/filed_conf.cc
@@ -253,6 +253,12 @@ static void ParseConfigCb(LEX *lc, ResourceItem *item, int index, int pass)
 
 static void ConfigReadyCallback(ConfigurationParser &my_config)
 {
+  std::map<int, std::string> map;
+  map.insert(std::make_pair(R_DIRECTOR, "R_DIRECTOR"));
+  map.insert(std::make_pair(R_CLIENT, "R_CLIENT"));
+//  map.insert(std::make_pair(R_STORAGE, "R_STORAGE"));
+  map.insert(std::make_pair(R_MSGS, "R_MSGS"));
+  my_config.InitializeQualifiedResourceNameTypeConverter(map);
 
 }
 

diff --git a/core/src/filed/socket_server.cc b/core/src/filed/socket_server.cc
@@ -57,7 +57,8 @@ static alist *sock_fds = NULL;
 static void *HandleConnectionRequest(ConfigurationParser *config, void *arg)
 {
    BareosSocket *bs = (BareosSocket *)arg;
-   char tbuf[100];
+
+   if (!bs->IsCleartextBareosHello()) { bs->DoTlsHandshakeAsAServer(config); }
 
    if (bs->recv() <= 0) {
       Emsg1(M_ERROR, 0, _("Connection request from %s failed.\n"), bs->who());
@@ -72,6 +73,7 @@ static void *HandleConnectionRequest(ConfigurationParser *config, void *arg)
    /*
     * See if its a director making a connection.
     */
+   char tbuf[100];
    if (bstrncmp(bs->msg, "Hello Director", 14)) {
       Dmsg1(110, "Got a DIR connection at %s\n", bstrftimes(tbuf, sizeof(tbuf), (utime_t)time(NULL)));
       return handle_director_connection(bs);