lib: make TLS Enable = no imply TLS Require = no

Previously, when setting `TLS Require = yes` this would implicitly also set `TLS Enable = yes`. Since both, `TLS Enable` and `TLS Require` now default to yes, this would mean that to disable TLS you have to set both `TLS Enable = no` and `TLS Require = no`. Thus patch changes the behaviour, to make `TLS Enable = no` also imply `TLS Require = no`. The most common scenarios don't require any configuration change, as the effect is unchanged. In the improbable case where you had configured Bareos like this: ``` TLS Enable = no TLS Require = yes ``` The old behaviour was to have TLS enabled and required, while the new behaviour is now to have TLS disabled.
bareos · Sep 22, 2023 · ef36530 · ef36530
1 parent faa8066
commit ef36530
Show file tree

Hide file tree

Showing 26 changed files with 5 additions and 34 deletions.
diff --git a/core/src/lib/tls_conf.cc b/core/src/lib/tls_conf.cc
@@ -1,7 +1,7 @@
 /*
    BAREOS® - Backup Archiving REcovery Open Sourced
 
-   Copyright (C) 2018-2020 Bareos GmbH & Co. KG
+   Copyright (C) 2018-2023 Bareos GmbH & Co. KG
 
    This program is Free Software; you can redistribute it and/or
    modify it under the terms of version three of the GNU Affero General Public
@@ -22,17 +22,13 @@
 #include "include/bareos.h"
 #include "lib/tls_conf.h"
 
-bool TlsResource::IsTlsConfigured() const
-{
-  return tls_enable_ || tls_require_;
-}
+bool TlsResource::IsTlsConfigured() const { return tls_enable_; }
 
 TlsPolicy TlsResource::GetPolicy() const
 {
-  TlsPolicy result = TlsPolicy::kBnetTlsNone;
-  if (tls_enable_) { result = TlsPolicy::kBnetTlsEnabled; }
-  if (tls_require_) { result = TlsPolicy::kBnetTlsRequired; }
-  return result;
+  if (!tls_enable_) { return TlsPolicy::kBnetTlsNone; }
+  if (!tls_require_) { return TlsPolicy::kBnetTlsEnabled; }
+  return TlsPolicy::kBnetTlsRequired;
 }
 
 int TlsResource::SelectTlsPolicy(TlsPolicy remote_policy) const

diff --git a/.../src/tests/configs/console-director/tls_disabled/bareos-dir.d/director/bareos-dir.conf.in b/.../src/tests/configs/console-director/tls_disabled/bareos-dir.d/director/bareos-dir.conf.in
@@ -6,7 +6,6 @@ Director {                            # define myself
   Auditing = yes
   DirPort = 32663
   TlsEnable = no
-  TlsRequire = no
 
   # Enable the Heartbeat if you experience connection losses
   # (eg. because of your router or firewall configuration).

diff --git a/core/src/tests/configs/console-director/tls_disabled/bconsole.conf b/core/src/tests/configs/console-director/tls_disabled/bconsole.conf
@@ -9,5 +9,4 @@ Director {
   Description = "Bareos Console credentials for local Director"
   DirPort = 32663
   TlsEnable = no
-  TlsRequire = no
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-dir.d/client/bareos-fd.conf.in b/systemtests/tests/notls/etc/bareos/bareos-dir.d/client/bareos-fd.conf.in
@@ -5,5 +5,4 @@ Client {
   Password = "@fd_password@"          # password for FileDaemon
   FD PORT = @fd_port@
   TLS Enable = no
-  TLS Require = no
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-dir.d/director/bareos-dir.conf.in b/systemtests/tests/notls/etc/bareos/bareos-dir.d/director/bareos-dir.conf.in
@@ -21,5 +21,4 @@ Director {                            # define myself
   Working Directory =  "@working_dir@"
   DirPort = @dir_port@
   Tls Enable = No
-  Tls Require = No
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-dir.d/storage/File.conf.in b/systemtests/tests/notls/etc/bareos/bareos-dir.d/storage/File.conf.in
@@ -6,5 +6,4 @@ Storage {
   Media Type = File
   SD Port = @sd_port@
   Tls Enable = No
-  Tls Require = No
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-fd.d/client/myself.conf.in b/systemtests/tests/notls/etc/bareos/bareos-fd.d/client/myself.conf.in
@@ -12,5 +12,4 @@ Client {
   Working Directory =  "@working_dir@"
   FD Port = @fd_port@
   TLS Enable = no
-  TLS Require = no
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-fd.d/director/bareos-dir.conf.in b/systemtests/tests/notls/etc/bareos/bareos-fd.d/director/bareos-dir.conf.in
@@ -3,5 +3,4 @@ Director {
   Password = "@fd_password@"
   Description = "Allow the configured Director to access this file daemon."
   TLS Enable = no
-  TLS Require = no
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-sd.d/director/bareos-dir.conf.in b/systemtests/tests/notls/etc/bareos/bareos-sd.d/director/bareos-dir.conf.in
@@ -3,5 +3,4 @@ Director {
   Password = "@sd_password@"
   Description = "Director, who is permitted to contact this storage daemon."
   Tls Enable = No
-  Tls Require = No
 }
diff --git a/systemtests/tests/notls/etc/bareos/bareos-sd.d/storage/bareos-sd.conf.in b/systemtests/tests/notls/etc/bareos/bareos-sd.d/storage/bareos-sd.conf.in
@@ -12,5 +12,4 @@ Storage {
   SD Port = @sd_port@
   @sd_backend_config@
   Tls Enable = No
-  Tls Require = No
 }
diff --git a/systemtests/tests/notls/etc/bareos/bconsole.conf.in b/systemtests/tests/notls/etc/bareos/bconsole.conf.in
@@ -8,5 +8,4 @@ Director {
   Address = @hostname@
   Password = "@dir_password@"
   Tls Enable = no
-  Tls Require = no
 }
diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/admin-notls.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/admin-notls.conf
@@ -2,7 +2,6 @@ Console {
    Name = admin-notls
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    Profile = all
 }
diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/admin-tls.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/admin-tls.conf
@@ -3,6 +3,5 @@ Console {
    Password = secret
    TLS Enable = yes
    TLS Require = no
-
    Profile = all
 }
diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/client-bareos-fd.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/client-bareos-fd.conf
@@ -2,7 +2,6 @@ Console {
    Name = client-bareos-fd
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    # Command ACL from operator profile.
    Command ACL = !.bvfs_clear_cache, !.exit, !.sql

diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/job-backup-bareos-fd.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/job-backup-bareos-fd.conf
@@ -2,7 +2,6 @@ Console {
    Name = job-backup-bareos-fd
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    Command ACL = *all*
    Catalog ACL = *all*

diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/noapicommand.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/noapicommand.conf
@@ -2,7 +2,6 @@ Console {
    Name = noapicommand
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    Command ACL = !.api, *all*
 

diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/noautodisplaycommand.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/noautodisplaycommand.conf
@@ -2,7 +2,6 @@ Console {
    Name = noautodisplaycommand
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    Command ACL = !autodisplay, *all*
 

diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/poolfull.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/poolfull.conf
@@ -2,7 +2,6 @@ Console {
    Name = poolfull
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    Command ACL = *all*
    Catalog ACL = *all*

diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/poolnotfull.conf b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/console/poolnotfull.conf
@@ -2,7 +2,6 @@ Console {
    Name = poolnotfull
    Password = secret
    TLS Enable = no
-   TLS Require = no
 
    Command ACL = *all*
    Catalog ACL = *all*

diff --git a/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/director/bareos-dir.conf.in b/systemtests/tests/python-bareos/etc/bareos/bareos-dir.d/director/bareos-dir.conf.in
@@ -22,5 +22,4 @@ Director {                            # define myself
   DirPort = @dir_port@
 
   Subscriptions = 10
-  TLS Require = no
 }
diff --git a/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/console/PamConsole-notls.conf b/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/console/PamConsole-notls.conf
@@ -3,5 +3,4 @@ Console {
    Password = "secret"
    UsePamAuthentication = yes
    TLS Enable = no
-   Tls Require = no
 }
diff --git a/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/console/PamConsole.conf b/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/console/PamConsole.conf
@@ -2,5 +2,4 @@ Console {
    Name = "PamConsole"
    Password = "secret"
    UsePamAuthentication = yes
-   Tls Require = no
 }
diff --git a/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/console/admin.conf b/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/console/admin.conf
@@ -2,5 +2,4 @@ Console {
    Name = "admin"
    Password = "secret"
    Profile = "operator"
-   Tls Require = no
 }
diff --git a/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/director/bareos-dir.conf.in b/systemtests/tests/python-pam/etc/bareos/bareos-dir.d/director/bareos-dir.conf.in
@@ -20,5 +20,4 @@ Director {                            # define myself
   # Plugin Names = ""
   Working Directory =  "@working_dir@"
   DirPort = @dir_port@
-  Tls Require = no
 }
diff --git a/systemtests/tests/webui-common/etc/bareos/bareos-dir.d/console/admin.conf b/systemtests/tests/webui-common/etc/bareos/bareos-dir.d/console/admin.conf
@@ -14,5 +14,4 @@ Console {
   #
   # For testing purposes we disable it here
   TLS Enable = No
-  TLS Require = No
 }
diff --git a/systemtests/tests/webui-common/etc/bareos/bareos-dir.d/console/readonly.conf b/systemtests/tests/webui-common/etc/bareos/bareos-dir.d/console/readonly.conf
@@ -14,5 +14,4 @@ Console {
   #
   # For testing purposes we disable it here
   TLS Enable = No
-  TLS Require = No
 }