From 7cc587532094619d0a4d6fb67ce76a6ff9e370eb Mon Sep 17 00:00:00 2001
From: Frank Ueberschar <frank.ueberschar@bareos.com>
Date: Mon, 15 Oct 2018 18:28:31 +0200
Subject: [PATCH] console: refactored AuthenticateWithDirector

- no failure messages sent back to the user
- only the starting message id "1000" is evaluated
---
 core/src/console/console.cc      | 12 ++++-----
 core/src/console/console_conf.cc |  1 -
 core/src/console/console_conf.h  |  1 -
 core/src/dird/auth_pam.cc        |  4 ---
 core/src/lib/bnet.cc             | 45 ++++++++++++++++++--------------
 core/src/lib/bnet.h              | 18 ++++++-------
 core/src/lib/bsock.cc            | 42 +++++++----------------------
 core/src/tests/lib_tests.cc      | 29 +++++++++++++-------
 8 files changed, 71 insertions(+), 81 deletions(-)

diff --git a/core/src/console/console.cc b/core/src/console/console.cc
index 185b04b7e37..9cb12190f67 100644
--- a/core/src/console/console.cc
+++ b/core/src/console/console.cc
@@ -1093,17 +1093,17 @@ int main(int argc, char *argv[])
 
    ConsoleOutput(errmsg);
 
+#if 0 // Ueb
 #if defined(HAVE_PAM)
-   if (console_resource && console_resource->use_pam_authentication_) {
 //     UA_sock->fsend("@@username:bareos-pam");
 //     UA_sock->fsend("@@password:linuxlinux");
-     Bmicrosleep(1,0);
-     if (!ConsolePamAuthenticate(stdin, UA_sock)) {
-       TerminateConsole(0);
-       return 1;
-     }
+   Bmicrosleep(1,0);
+   if (!ConsolePamAuthenticate(stdin, UA_sock)) {
+     TerminateConsole(0);
+     return 1;
    }
 #endif /* HAVE_PAM */
+#endif
 
    Dmsg0(40, "Opened connection with Director daemon\n");
 
diff --git a/core/src/console/console_conf.cc b/core/src/console/console_conf.cc
index 98b4463c646..daf5ea76fe9 100644
--- a/core/src/console/console_conf.cc
+++ b/core/src/console/console_conf.cc
@@ -91,7 +91,6 @@ static ResourceItem cons_items[] = {
    { "Password", CFG_TYPE_MD5PASSWORD, ITEM(res_cons.password), 0, CFG_ITEM_REQUIRED, NULL, NULL, NULL },
    { "Director", CFG_TYPE_STR, ITEM(res_cons.director), 0, 0, NULL, NULL, NULL },
    { "HeartbeatInterval", CFG_TYPE_TIME, ITEM(res_cons.heartbeat_interval), 0, CFG_ITEM_DEFAULT, "0", NULL, NULL },
-   { "UsePamAuthentication", CFG_TYPE_BOOL, ITEM(res_cons.use_pam_authentication_), 0, CFG_ITEM_DEFAULT, "true", NULL, NULL },
    TLS_COMMON_CONFIG(res_dir),
    TLS_CERT_CONFIG(res_dir),
    TLS_PSK_CONFIG(res_dir),
diff --git a/core/src/console/console_conf.h b/core/src/console/console_conf.h
index 95918b45f10..0616f38e5ef 100644
--- a/core/src/console/console_conf.h
+++ b/core/src/console/console_conf.h
@@ -71,7 +71,6 @@ class ConsoleResource : public TlsResource {
       uint32_t history_length;           /**< readline history length */
       char *director;                    /**< bind to director */
       utime_t heartbeat_interval;        /**< Interval to send heartbeats to Dir */
-      bool use_pam_authentication_;      /**< Use this console as a PAM console */
       ConsoleResource() : TlsResource() {}
 };
 
diff --git a/core/src/dird/auth_pam.cc b/core/src/dird/auth_pam.cc
index 1d781e01f29..53ef9a8876c 100644
--- a/core/src/dird/auth_pam.cc
+++ b/core/src/dird/auth_pam.cc
@@ -40,10 +40,6 @@ struct PamData {
     , passwd_(passwd) { }
 };
 
-/*
- * PAM-Callback called by Bareos PAM-Handler
- *
- */
 static bool PamConvSendMessage(BareosSocket *UA_sock, const char *msg, int msg_style)
 {
    char buf = msg_style;
diff --git a/core/src/lib/bnet.cc b/core/src/lib/bnet.cc
index d29ed9c5587..1bbfdb01a55 100644
--- a/core/src/lib/bnet.cc
+++ b/core/src/lib/bnet.cc
@@ -590,43 +590,50 @@ const char *BnetSigToAscii(BareosSocket * bs)
    }
 }
 
-uint32_t ReadoutCommandIdFromString(std::string message)
+bool ReadoutCommandIdFromString(const std::string &message, uint32_t &id_out)
 {
-  size_t pos = message.find(' ');
+  const char delimiter = ' ';
+  size_t pos = message.find(delimiter);
   if (pos == std::string::npos) {
-    return kProtokollError;
+    id_out = kMessageIdProtokollError;
+    return false;
   }
-  std::string id_string;
-  id_string = message.substr(0,pos);
 
   uint32_t id;
+  size_t pos1;
+
   try {
-    id = std::stoul(id_string);
+    id = std::stoul(message, &pos1);
   } catch (const std::exception &e) {
-    id = kProtokollError;
+    id_out = kMessageIdProtokollError;
+    return false;
+  }
+  if (pos == pos1) {
+    id_out = id;
+    return true;
+  } else {
+    id_out = kMessageIdProtokollError;
+    return false;
   }
-  return id;
 }
 
-uint32_t ReceiveAndEvaluateResponse(BareosSocket *bsock, std::string &message_output)
+bool ReceiveAndEvaluateResponse(BareosSocket *bsock, uint32_t &id_out, std::string &message_out)
 {
   int recv_return_value = bsock->recv();
   bsock->StopTimer();
 
   if (recv_return_value <= 0) {
-    return kReceiveError;
+    return false;
   }
 
   Dmsg1(10, "<bsockd: %s", bsock->msg);
 
-  std::string message(bsock->msg);
-  uint32_t id = ReadoutCommandIdFromString(message);
+  const std::string message(bsock->msg);
+  uint32_t id;
+  bool ok = ReadoutCommandIdFromString(message, id);
+
+  id_out = id;
+  message_out = message;
 
-//  if (!bstrncmp(bsock->msg, OKhello, sizeof(OKhello) - 1)) {
-//    Bsnprintf(response, response_len, _("bsockector at \"%s:%d\" rejected Hello command\n"), bsock->host(),
-//              bsock->port());
-//    return false;
-//  } else {
-//    Bsnprintf(response, response_len, "%s", bsock->msg);
-//  }
+  return ok;
 }
diff --git a/core/src/lib/bnet.h b/core/src/lib/bnet.h
index c3a4f8a71a0..85bddf0c939 100644
--- a/core/src/lib/bnet.h
+++ b/core/src/lib/bnet.h
@@ -50,16 +50,16 @@ BareosSocket *BnetBind(int port);
 BareosSocket *BnetAccept(BareosSocket *bsock, char *who);
 
 enum : uint32_t {
-  kUnknown = 0,
-  kProtokollError = 1,
-  kReceiveError = 2,
-  kOk = 1000,
-  kPamRequired = 1001,
-  kPamInteractive = 4001,
-  kPamUserCredentials = 4002
+  kMessageIdUnknown = 0,
+  kMessageIdProtokollError = 1,
+  kMessageIdReceiveError = 2,
+  kMessageIdOk = 1000,
+  kMessageIdPamRequired = 1001,
+  kMessageIdPamInteractive = 4001,
+  kMessageIdPamUserCredentials = 4002
 };
 
-uint32_t ReadoutCommandIdFromString(std::string message);
-uint32_t ReceiveAndEvaluateResponse(BareosSocket *bsock, std::string &message);
+bool ReadoutCommandIdFromString(const std::string &message, uint32_t &id_out);
+bool ReceiveAndEvaluateResponse(BareosSocket *bsock, uint32_t &id_out, std::string &message_out);
 
 #endif // BAREOS_LIB_BNET_H_
diff --git a/core/src/lib/bsock.cc b/core/src/lib/bsock.cc
index 376c52dec59..0e201858d37 100644
--- a/core/src/lib/bsock.cc
+++ b/core/src/lib/bsock.cc
@@ -323,9 +323,6 @@ static char hello[] = "Hello %s calling\n";
 /** Response from Director */
 static char OKhello[] = "1000 OK:";
 
-/**
- * Authenticate with Director
- */
 bool BareosSocket::AuthenticateWithDirector(JobControlRecord *jcr,
                                             const char *identity,
                                             s_password &password,
@@ -350,40 +347,21 @@ bool BareosSocket::AuthenticateWithDirector(JobControlRecord *jcr,
   dir->StartTimer(60 * 5);
   dir->fsend(hello, bashed_name);
 
-  if (!AuthenticateOutboundConnection(jcr, "Director", identity, password, tls_resource)) { goto bail_out; }
-
-  Dmsg1(6, ">dird: %s", dir->msg);
-  if (dir->recv() <= 0) {
+  if (!AuthenticateOutboundConnection(jcr, "Director", identity, password, tls_resource)) {
     dir->StopTimer();
-    Bsnprintf(response, response_len,
-              _("Bad response to Hello command: ERR=%s\n"
-                "The Director at \"%s:%d\" is probably not running.\n"),
-              dir->bstrerror(), dir->host(), dir->port());
     return false;
   }
 
-  dir->StopTimer();
-  Dmsg1(10, "<dird: %s", dir->msg);
-  if (!bstrncmp(dir->msg, OKhello, sizeof(OKhello) - 1)) {
-    Bsnprintf(response, response_len, _("Director at \"%s:%d\" rejected Hello command\n"), dir->host(),
-              dir->port());
-    return false;
-  } else {
-    Bsnprintf(response, response_len, "%s", dir->msg);
-  }
-
-  return true;
-
-bail_out:
-  dir->StopTimer();
-  Bsnprintf(response, response_len,
-            _("Authorization problem with Director at \"%s:%d\"\n"
-              "Most likely the passwords do not agree.\n"
-              "If you are using TLS, there may have been a certificate "
-              "validation error during the TLS handshake.\n"
-              "Please see %s for help.\n"),
-            dir->host(), dir->port(), MANUAL_AUTH_URL);
+  Dmsg1(6, ">dird: %s", dir->msg);
 
+  uint32_t message_id;
+  std::string received_message;
+  if (ReceiveAndEvaluateResponse(dir, message_id, received_message)) {
+    if (message_id == kMessageIdOk) {
+      Bsnprintf(response, response_len, "%s\n", received_message.c_str());
+      return true;
+    }
+  }
   return false;
 }
 
diff --git a/core/src/tests/lib_tests.cc b/core/src/tests/lib_tests.cc
index e85ace70412..cd38c36692c 100644
--- a/core/src/tests/lib_tests.cc
+++ b/core/src/tests/lib_tests.cc
@@ -23,14 +23,25 @@
 #include "include/bareos.h"
 #include "lib/bnet.h"
 
-TEST(ReadoutCommandIdFromStringTest, BNet)
+TEST(BNet, ReadoutCommandIdFromStringTest)
 {
-  int id;
-  std::string message1 {"1000 OK: <director-name> Version: <version>"};
-  id = ReadoutCommandIdFromString(message1);
-  EXPECT_EQ(id, 1000);
-
-  std::string message2 {"1001 OK: <director-name> Version: <version>"};
-  id = ReadoutCommandIdFromString(message2);
-  EXPECT_NE(id, 1000);
+  bool ok;
+  uint32_t id;
+
+  const std::string message1 {"1000 OK: <director-name> Version: <version>"};
+  ok = ReadoutCommandIdFromString(message1, id);
+  EXPECT_EQ(id, kMessageIdOk);
+  EXPECT_EQ(ok, true);
+
+  const std::string message2 {"1001 OK: <director-name> Version: <version>"};
+  ok = ReadoutCommandIdFromString(message2, id);
+  EXPECT_NE(id, kMessageIdOk);
+  EXPECT_EQ(ok, true);
+
+  const char *m3 {"10A1 OK: <director-name> Version: <version>"};
+  const std::string message3 (m3);
+  ok = ReadoutCommandIdFromString(message3, id);
+  EXPECT_EQ(id, kMessageIdProtokollError);
+  EXPECT_EQ(ok, false);
+  EXPECT_STREQ(message3.c_str(), m3);
 }