tls_conf: cleanup

- added a separate file for TlsConfigAuto
- removed not needed member variables
- changed a parameter from TlsConfigBase to explicit TlsConfigCert because
  a base class interface does not make sense at this point

core/src/lib/bsock.cc

@@ -470,15 +470,14 @@ bool BareosSocket::DoTlsHandshake(uint32_t remote_tls_policy,
     return false;
   }
   if (selected_local_tls->GetPolicy() != TlsConfigBase::BNET_TLS_NONE) { /* no tls configuration is ok */
-
     if (!ParameterizeAndInitTlsConnection(tls_resource, identity, password, initiated_by_remote)) {
       return false;
     }
 
     if (initiated_by_remote) {
-      if (!DoTlsHandshakeWithClient(selected_local_tls, jcr)) { return false; }
+      if (!DoTlsHandshakeWithClient(&tls_resource->tls_cert, jcr)) { return false; }
     } else {
-      if (!DoTlsHandshakeWithServer(selected_local_tls, identity, password, jcr)) { return false; }
+      if (!DoTlsHandshakeWithServer(&tls_resource->tls_cert, identity, password, jcr)) { return false; }
     }
 
     if (selected_local_tls->GetAuthenticate()) { /* tls authentication only? */
@@ -527,12 +526,14 @@ bool BareosSocket::ParameterizeAndInitTlsConnection(TlsResource *tls_resource,
   return true;
 }
 
-bool BareosSocket::DoTlsHandshakeWithClient(TlsConfigBase *selected_local_tls, JobControlRecord *jcr)
+bool BareosSocket::DoTlsHandshakeWithClient(TlsConfigCert *tls_config_cert, JobControlRecord *jcr)
 {
   std::vector<std::string> verify_list;
 
-  if (selected_local_tls->GetVerifyPeer()) {
-    verify_list = selected_local_tls->AllowedCertificateCommonNames();
+  if (tls_config_cert) {
+    if (tls_config_cert->GetVerifyPeer()) {
+      verify_list = tls_config_cert->AllowedCertificateCommonNames();
+    }
   }
   if (BnetTlsServer(this, verify_list)) {
     return true;
@@ -543,14 +544,16 @@ bool BareosSocket::DoTlsHandshakeWithClient(TlsConfigBase *selected_local_tls, J
   return false;
 }
 
-bool BareosSocket::DoTlsHandshakeWithServer(TlsConfigBase *selected_local_tls,
+bool BareosSocket::DoTlsHandshakeWithServer(TlsConfigCert *tls_config_cert,
                                             const char *identity,
                                             const char *password,
                                             JobControlRecord *jcr)
 {
-  if (BnetTlsClient(this, selected_local_tls->GetVerifyPeer(),
-                    selected_local_tls->AllowedCertificateCommonNames())) {
-    return true;
+  if (tls_config_cert) {
+    if (BnetTlsClient(this, tls_config_cert->GetVerifyPeer(),
+                      tls_config_cert->AllowedCertificateCommonNames())) {
+      return true;
+    }
   }
   tls_conn.reset();
   Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));

core/src/lib/bsock.h

@@ -117,9 +117,9 @@ class BareosSocket : public SmartAlloc {
                           s_password &password,
                           TlsResource *tls_configuration,
                           bool initiated_by_remote);
-  bool DoTlsHandshakeWithClient(TlsConfigBase *selected_local_tls,
+  bool DoTlsHandshakeWithClient(TlsConfigCert *tls_config_cert,
                                 JobControlRecord *jcr);
-  bool DoTlsHandshakeWithServer(TlsConfigBase *selected_local_tls,
+  bool DoTlsHandshakeWithServer(TlsConfigCert *tls_config_cert,
                                 const char *identity,
                                 const char *password,
                                 JobControlRecord *jcr);

core/src/lib/tls_conf.h

@@ -28,6 +28,7 @@
 #include "lib/tls_conf_psk.h"
 #include "lib/tls_conf_none.h"
 #include "lib/tls_conf_deny.h"
+#include "lib/tls_conf_auto.h"
 
 class TlsResource;
 

core/src/lib/tls_conf_auto.h

@@ -0,0 +1,31 @@
+/*
+   BAREOS® - Backup Archiving REcovery Open Sourced
+
+   Copyright (C) 2018-2018 Bareos GmbH & Co. KG
+
+   This program is Free Software; you can redistribute it and/or
+   modify it under the terms of version three of the GNU Affero General Public
+   License as published by the Free Software Foundation and included
+   in the file LICENSE.
+
+   This program is distributed in the hope that it will be useful, but
+   WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+   Affero General Public License for more details.
+
+   You should have received a copy of the GNU Affero General Public License
+   along with this program; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301, USA.
+*/
+
+#ifndef BAREOS_LIB_TLS_CONF_AUTO_H_
+#define BAREOS_LIB_TLS_CONF_AUTO_H_
+
+class TlsConfigAuto : public TlsConfigBase {
+ public:
+   TlsConfigAuto() : TlsConfigBase() {}
+   virtual uint32_t GetPolicy() const override { return BNET_TLS_AUTO; }
+};
+
+#endif /* BAREOS_LIB_TLS_CONF_AUTO_H_ */

core/src/lib/tls_conf_cert.h

@@ -51,9 +51,6 @@ class TlsConfigCert : public TlsConfigBase {
    bool GetVerifyPeer() const override { return VerifyPeer; }
    std::vector<std::string> AllowedCertificateCommonNames() const override;
    bool GetAuthenticate() const override { return authenticate; }
-
-private:
-   static u_int32_t const policy_offset = 0;
 };
 
 #endif /* BAREOS_LIB_TLS_CONF_CERT_H_ */

core/src/lib/tls_conf_none.h

@@ -28,11 +28,4 @@ class TlsConfigNone : public TlsConfigBase {
    virtual uint32_t GetPolicy() const override { return BNET_TLS_NONE; }
 };
 
-class TlsConfigAuto : public TlsConfigBase {
- public:
-   TlsConfigAuto() : TlsConfigBase() {}
-   virtual uint32_t GetPolicy() const override { return BNET_TLS_AUTO; }
-};
-
-
 #endif /* BAREOS_LIB_TLS_CONF_NONE_H_ */

core/src/lib/tls_conf_psk.h

@@ -37,9 +37,6 @@ class TlsConfigPsk : public TlsConfigBase {
   ~TlsConfigPsk();
 
   virtual uint32_t GetPolicy() const override;
-
- private:
-  static u_int32_t const policy_offset = 2;
 };
 
 #endif /* BAREOS_LIB_TLS_CONF_PSK_H */