1 /*
2    BAREOS® - Backup Archiving REcovery Open Sourced
3 
4    Copyright (C) 2000-2010 Free Software Foundation Europe e.V.
5    Copyright (C) 2011-2012 Planets Communications B.V.
6    Copyright (C) 2013-2018 Bareos GmbH & Co. KG
7 
8    This program is Free Software; you can redistribute it and/or
9    modify it under the terms of version three of the GNU Affero General Public
10    License as published by the Free Software Foundation and included
11    in the file LICENSE.
12 
13    This program is distributed in the hope that it will be useful, but
14    WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16    Affero General Public License for more details.
17 
18    You should have received a copy of the GNU Affero General Public License
19    along with this program; if not, write to the Free Software
20    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
21    02110-1301, USA.
22 */
23 
24 #include "lib/configured_tls_policy_getter.h"
25 #include "lib/parse_conf.h"
26 
27 #include "include/jcr.h"
28 #include "lib/ascii_control_characters.h"
29 #include "lib/bstringlist.h"
30 #include "lib/qualified_resource_name_type_converter.h"
31 #include "include/make_unique.h"
32 
33 #include <algorithm>
34 
35 class ConfiguredTlsPolicyGetterPrivate {
36  public:
ConfiguredTlsPolicyGetterPrivate(const ConfigurationParser & my_config)37   ConfiguredTlsPolicyGetterPrivate(const ConfigurationParser& my_config)
38       : my_config_(my_config)
39   {
40     return;
41   }
42   ~ConfiguredTlsPolicyGetterPrivate() = default;
43 
44   TlsPolicy GetTlsPolicyForRootConsole() const;
45   TlsPolicy GetTlsPolicyForJob(const std::string& name) const;
46   TlsPolicy GetTlsPolicyForResourceCodeAndName(const std::string& r_code_str,
47                                                const std::string& name) const;
48   const ConfigurationParser& my_config_;
49 };
50 
ConfiguredTlsPolicyGetter(const ConfigurationParser & my_config)51 ConfiguredTlsPolicyGetter::ConfiguredTlsPolicyGetter(
52     const ConfigurationParser& my_config)
53     : impl_(std::make_unique<ConfiguredTlsPolicyGetterPrivate>(my_config))
54 {
55   return;
56 }
57 
58 ConfiguredTlsPolicyGetter::~ConfiguredTlsPolicyGetter() = default;
59 
GetTlsPolicyForRootConsole() const60 TlsPolicy ConfiguredTlsPolicyGetterPrivate::GetTlsPolicyForRootConsole() const
61 {
62   TlsResource* own_tls_resource = dynamic_cast<TlsResource*>(
63       my_config_.GetNextRes(my_config_.r_own_, nullptr));
64   if (!own_tls_resource) {
65     Dmsg1(100, "Could not find own tls resource: %d\n", my_config_.r_own_);
66     return kBnetTlsUnknown;
67   }
68   return own_tls_resource->GetPolicy();
69 }
70 
GetTlsPolicyForJob(const std::string & name) const71 TlsPolicy ConfiguredTlsPolicyGetterPrivate::GetTlsPolicyForJob(
72     const std::string& name) const
73 {
74   BStringList job_information(name, AsciiControlCharacters::RecordSeparator());
75   std::string unified_job_name;
76   if (job_information.size() == 2) {
77     unified_job_name = job_information[1].c_str();
78   } else if (job_information.size() == 1) { /* client before Release 18.2 */
79     unified_job_name = job_information[0];
80     unified_job_name.erase(
81         std::remove(unified_job_name.begin(), unified_job_name.end(), '\n'),
82         unified_job_name.end());
83   } else {
84     Dmsg1(100, "Could not get unified job name: %s\n", name.c_str());
85     return TlsPolicy::kBnetTlsUnknown;
86   }
87   return JcrGetTlsPolicy(unified_job_name.c_str());
88 }
89 
GetTlsPolicyForResourceCodeAndName(const std::string & r_code_str,const std::string & name) const90 TlsPolicy ConfiguredTlsPolicyGetterPrivate::GetTlsPolicyForResourceCodeAndName(
91     const std::string& r_code_str,
92     const std::string& name) const
93 {
94   int r_code =
95       my_config_.qualified_resource_name_type_converter_->StringToResourceType(
96           r_code_str);
97   if (r_code < 0) { return TlsPolicy::kBnetTlsUnknown; }
98 
99   TlsResource* foreign_tls_resource = dynamic_cast<TlsResource*>(
100       my_config_.GetResWithName(r_code, name.c_str()));
101   if (!foreign_tls_resource) {
102     Dmsg2(100, "Could not find foreign tls resource: %s-%s\n",
103           r_code_str.c_str(), name.c_str());
104     return TlsPolicy::kBnetTlsUnknown;
105   }
106   return foreign_tls_resource->GetPolicy();
107 }
108 
GetConfiguredTlsPolicyFromCleartextHello(const std::string & r_code_str,const std::string & name,TlsPolicy & tls_policy_out) const109 bool ConfiguredTlsPolicyGetter::GetConfiguredTlsPolicyFromCleartextHello(
110     const std::string& r_code_str,
111     const std::string& name,
112     TlsPolicy& tls_policy_out) const
113 {
114   TlsPolicy tls_policy;
115   if (name == std::string("*UserAgent*")) {
116     tls_policy = impl_->GetTlsPolicyForRootConsole();
117   } else if (r_code_str == std::string("R_JOB")) {
118     tls_policy = impl_->GetTlsPolicyForJob(name);
119   } else {
120     tls_policy = impl_->GetTlsPolicyForResourceCodeAndName(r_code_str, name);
121   }
122   if (tls_policy == TlsPolicy::kBnetTlsUnknown) {
123     Dmsg2(100, "Could not find foreign tls resource: %s-%s\n",
124           r_code_str.c_str(), name.c_str());
125     return false;
126   } else {
127     tls_policy_out = tls_policy;
128     return true;
129   }
130 }
131