tls_openssl: add shared_ptr to config resources to tls_openssl_private

This avoids freeing the resource table while the tls psk callback still
needs to access it.

core/src/lib/parse_conf.cc

@@ -487,17 +487,13 @@ bool ConfigurationParser::FindConfigPath(PoolMem& full_path)
   return found;
 }
 
-// swap the previously saved configuration_resources_previous_ with
-// configuration_resources_ and release the configuration_resources_previous_
 void ConfigurationParser::RestoreResourceTable(
     std::shared_ptr<ConfigResourcesContainer>&& backup_table)
 {
   std::swap(config_resources_container_, backup_table);
   backup_table.reset();
 }
 
-// copy the current resource table to configuration_resources_backup_
-// and create a new empty config_resources_container_
 std::shared_ptr<ConfigResourcesContainer>
 ConfigurationParser::BackupResourceTable()
 {
@@ -507,6 +503,13 @@ ConfigurationParser::BackupResourceTable()
   return backup_table;
 }
 
+std::shared_ptr<ConfigResourcesContainer>
+ConfigurationParser::GetResourcesTable()
+{
+  return config_resources_container_;
+}
+
+
 bool ConfigurationParser::RemoveResource(int rcode, const char* name)
 {
   int rindex = rcode;

core/src/lib/parse_conf.h

@@ -256,6 +256,7 @@ class ConfigurationParser {
   const std::string& get_base_config_path() const { return used_config_path_; }
   void FreeResources();
 
+  std::shared_ptr<ConfigResourcesContainer> GetResourcesTable();
   std::shared_ptr<ConfigResourcesContainer> BackupResourceTable();
   void RestoreResourceTable(std::shared_ptr<ConfigResourcesContainer>&&);
 

core/src/lib/tls_openssl.cc

@@ -75,7 +75,9 @@ void TlsOpenSsl::SetTlsPskServerContext(ConfigurationParser* config)
   } else if (!config) {
     Dmsg0(50, "Could not prepare TLS_PSK SERVER callback (no config)\n");
   } else {
-    Dmsg0(50, "Preparing TLS_PSK SERVER callback\n");
+    // keep a shared_ptr to the current config, so a reload won't
+    // free the memory we're going to use in the private context
+    d_->config_table_ = config->GetResourcesTable();
     SSL_CTX_set_ex_data(
         d_->openssl_ctx_,
         TlsOpenSslPrivate::SslCtxExDataIndex::kConfigurationParserPtr,

core/src/lib/tls_openssl.h

@@ -27,6 +27,7 @@
 #include <memory>
 
 class TlsOpenSslPrivate;
+class ConfigResourcesContainer;
 
 class TlsOpenSsl : public Tls {
  public:

core/src/lib/tls_openssl_private.cc

@@ -54,13 +54,6 @@ const std::string TlsOpenSslPrivate::tls_default_ciphers_{
 
 
 TlsOpenSslPrivate::TlsOpenSslPrivate()
-    : openssl_(nullptr)
-    , openssl_ctx_(nullptr)
-    , openssl_conf_ctx_(nullptr)
-    , tcp_file_descriptor_(0)
-    , pem_callback_(nullptr)
-    , pem_userdata_(nullptr)
-    , verify_peer_(false)
 {
   Dmsg0(100, "Construct TlsOpenSslPrivate\n");
 

core/src/lib/tls_openssl_private.h

@@ -68,9 +68,9 @@ class TlsOpenSslPrivate {
                                     unsigned int max_psk_len);
 
   /* each TCP connection has its own SSL_CTX object and SSL object */
-  SSL* openssl_;
-  SSL_CTX* openssl_ctx_;
-  SSL_CONF_CTX* openssl_conf_ctx_;
+  SSL* openssl_{};
+  SSL_CTX* openssl_ctx_{};
+  SSL_CONF_CTX* openssl_conf_ctx_{};
 
   /* PskCredentials lookup map for all connections */
   static std::map<const SSL_CTX*, PskCredentials> psk_client_credentials_;
@@ -84,18 +84,19 @@ class TlsOpenSslPrivate {
   std::string protocol_;
 
   /* cert attributes */
-  int tcp_file_descriptor_;
+  int tcp_file_descriptor_{};
   std::string ca_certfile_;
   std::string ca_certdir_;
   std::string crlfile_;
   std::string certfile_;
   std::string keyfile_;
-  CRYPTO_PEM_PASSWD_CB* pem_callback_;
-  void* pem_userdata_;
+  CRYPTO_PEM_PASSWD_CB* pem_callback_{};
+  void* pem_userdata_{};
   std::string dhfile_;
   std::string cipherlist_;
-  bool verify_peer_;
-  /* *************** */
+  bool verify_peer_{};
+  std::shared_ptr<ConfigResourcesContainer>
+      config_table_{};  // config table being used
 };
 
 #endif  // BAREOS_LIB_TLS_OPENSSL_PRIVATE_H_