BEE Backport bacula/src/dird/bdirjson.c

This commit is the result of the squash of the following main commits:

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Wed Feb 5 12:00:41 2020 +0100

    Fix *json segfault on OpenBSD

    In memcpy(&res_all, res, sizeof(res_all));

    The res_all is likely bigger than res itself. We
    copy too much data, and on OpenBSD, we get segfaults.

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Tue Jan 14 15:09:05 2020 +0100

    Add specific checks when TLS PSK is not available in SSL library

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Wed Dec 11 16:20:59 2019 +0100

    Fix #5660 about Runscript issue with RunsWhen=Always

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Mon May 27 17:06:45 2019 +0200

    Fix #5092 about a segfault in bdirjson with Runscripts defined in JobDefs

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Mon Mar 25 18:32:11 2019 +0100

    Rename MaximumConnectionTime to ReconnectionTime, Run to Connect and ConnectToDir to AllowFDConnections

Author: Eric Bollengier <eric@baculasystems.com>
Date:   Mon Mar 25 17:43:09 2019 +0100

    Make Director:Client:Address field optionnal when ConnectToDirector=yes

diff --git a/bacula/src/dird/bdirjson.c b/bacula/src/dird/bdirjson.c
index ccfbe7257b7158d5aea23c54b7895b20eaaaa5d4..74c01f1014d0bdfa154777e0959a5fb0f1ec55e7 100644 (file)
--- a/bacula/src/dird/bdirjson.c
+++ b/bacula/src/dird/bdirjson.c
@@ -82,7 +82,7 @@ PROG_COPYRIGHT
 "       -s          output in show text format\n"
 "       -v          verbose user messages\n"
 "       -?          print this message.\n"
-"\n"), 2012, "", VERSION, BDATE);
+"\n"), 2012, BDEMO, VERSION, BDATE);
 
    exit(1);
 }
@@ -659,7 +659,7 @@ static bool display_runscript(HPKT &hpkt)
          sendit(NULL, ",\n      {\n");
       }
       if (script->when == SCRIPT_Any) {
-         sendit(NULL, "        \"RunsWhen\": \"Any\",\n");
+         sendit(NULL, "        \"RunsWhen\": \"Always\",\n");
 
       } else if (script->when == SCRIPT_After) {
          sendit(NULL, "        \"RunsWhen\": \"After\",\n");
@@ -764,7 +764,6 @@ static void display_run(HPKT &hpkt)
                      sendit(NULL, "      \"%s\": \"%s\"", RunFields[i].name,
                         joblevels[j].level_name);
                      first = false;
-                     break;
                   }
                }
             //}
@@ -898,7 +897,7 @@ static void display_run(HPKT &hpkt)
  */
 static void dump_json(display_filter *filter)
 {
-   int resinx, item, first_directive, name_pos=0;
+   int resinx, item, first_directive, name_pos=0, sz;
    bool first_res;
    RES_ITEM *items;
    RES *res;
@@ -942,8 +941,14 @@ static void dump_json(display_filter *filter)
             continue;
          }
 
+         sz = get_resource_size(resinx + r_first);
+         if (sz < 0) {
+            Dmsg1(0, "Unknown resource type %d\n", resinx);
+            continue;
+         }
+
          /* Copy the resource into res_all */
-         memcpy(&res_all, res, sizeof(res_all));
+         memcpy(&res_all, res, sz);
 
          /* If needed, skip this resource type */
          if (filter->resource_name) {
@@ -1186,7 +1191,9 @@ static bool check_resources(bool apply_jobdefs)
       /* tls_require implies tls_enable */
       if (director->tls_require) {
          if (have_tls) {
-            director->tls_enable = true;
+            if (director->tls_certfile || director->tls_keyfile) {
+               director->tls_enable = true;
+            }
          } else {
             Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
             OK = false;
@@ -1224,7 +1231,9 @@ static bool check_resources(bool apply_jobdefs)
       /* tls_require implies tls_enable */
       if (cons->tls_require) {
          if (have_tls) {
-            cons->tls_enable = true;
+            if (cons->tls_certfile || cons->tls_keyfile) {
+               cons->tls_enable = true;
+            }
          } else {
             Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
             OK = false;
@@ -1256,7 +1265,7 @@ static bool check_resources(bool apply_jobdefs)
          OK = false;
       }
       /* If everything is well, attempt to initialize our per-resource TLS context */
-      if (OK && (need_tls || cons->tls_require)) {
+      if (OK && need_tls) {
          /* Initialize TLS context:
           * Args: CA certfile, CA certdir, Certfile, Keyfile,
           * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
@@ -1270,16 +1279,22 @@ static bool check_resources(bool apply_jobdefs)
             OK = false;
          }
       }
-
    }
 
    /* Loop over Clients */
    CLIENT *client;
    foreach_res(client, R_CLIENT) {
+      if (!client->client_address && !client->allow_fd_connections) {
+         Jmsg(NULL, M_FATAL, 0, _("Config error: Address directive is required in Client resource \"%s\", but not found.\n"), client->hdr.name);
+         OK = false;
+         continue;
+      }
       /* tls_require implies tls_enable */
       if (client->tls_require) {
          if (have_tls) {
-            client->tls_enable = true;
+            if (client->tls_ca_certfile || client->tls_ca_certdir) {
+               client->tls_enable = true;
+            }
          } else {
             Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
             OK = false;
@@ -1382,20 +1397,20 @@ static bool check_resources(bool apply_jobdefs)
 
                   def_avalue = (alist **)((char *)(job->jobdefs) + offset);
                   avalue = (alist **)((char *)job + offset);
-
+                  
                   *avalue = New(alist(10, owned_by_alist));
 
                   foreach_alist(elt, (*def_avalue)) {
                      (*avalue)->append(bstrdup(elt));
                   }
                   set_bit(i, job->hdr.item_present);
-
+                  
                } else if (job_items[i].handler == store_alist_res) {
                   void *elt;
 
                   def_avalue = (alist **)((char *)(job->jobdefs) + offset);
                   avalue = (alist **)((char *)job + offset);
-
+                  
                   *avalue = New(alist(10, not_owned_by_alist));
 
                   foreach_alist(elt, (*def_avalue)) {
@@ -1443,6 +1458,9 @@ static bool check_resources(bool apply_jobdefs)
                   *bvalue = *def_bvalue;
                   set_bit(i, job->hdr.item_present);
 
+               } else if (job_items[i].handler == store_runscript) {
+                  /* nothing special to do, already handled */
+
                } else {
                   Dmsg1(10, "Handler missing for job_items[%d]\n", i);
                   ASSERTD(0, "JobDefs -> Job handler missing\n");