char *m_db_driverdir; /* database driver dir */
int m_ref_count; /* reference count */
int m_db_port; /* port for host name address */
+ char *m_db_ssl_mode; /* security mode of the connection to the server */
char *m_db_ssl_key; /* path name to the key file */
char *m_db_ssl_cert; /* path name to the certificate file */
char *m_db_ssl_ca; /* path name to the certificate authority file */
return db_init_database(jcr, mdb->m_db_driver, mdb->m_db_name,
mdb->m_db_user, mdb->m_db_password, mdb->m_db_address,
mdb->m_db_port, mdb->m_db_socket,
- mdb->m_db_ssl_key, mdb->m_db_ssl_cert,
- mdb->m_db_ssl_ca, mdb->m_db_ssl_capath,
- mdb->m_db_ssl_cipher, true,
- mdb->m_disabled_batch_insert);
+ mdb->m_db_ssl_mode, mdb->m_db_ssl_key,
+ mdb->m_db_ssl_cert, mdb->m_db_ssl_ca,
+ mdb->m_db_ssl_capath, mdb->m_db_ssl_cipher,
+ true, mdb->m_disabled_batch_insert);
}
const char *BDB::bdb_get_engine_name(void)
BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name,
const char *db_user, const char *db_password, const char *db_address,
- int db_port, const char *db_socket, const char *db_ssl_key,
+ int db_port, const char *db_socket,
+ const char *db_ssl_mode, const char *db_ssl_key,
const char *db_ssl_cert, const char *db_ssl_ca,
const char *db_ssl_capath, const char *db_ssl_cipher,
bool mult_db_connections, bool disable_batch_insert)
*/
BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user,
const char *db_password, const char *db_address, int db_port, const char *db_socket,
- const char *db_ssl_key, const char *db_ssl_cert, const char *db_ssl_ca,
+ const char *db_ssl_mode, const char *db_ssl_key,
+ const char *db_ssl_cert, const char *db_ssl_ca,
const char *db_ssl_capath, const char *db_ssl_cipher,
bool mult_db_connections, bool disable_batch_insert)
{
if (db_socket) {
mdb->m_db_socket = bstrdup(db_socket);
}
+ if (db_ssl_mode) {
+ mdb->m_db_ssl_mode = bstrdup(db_ssl_mode);
+ } else {
+ mdb->m_db_ssl_mode = bstrdup("preferred");
+ }
if (db_ssl_key) {
mdb->m_db_ssl_key = bstrdup(db_ssl_key);
}
if (mdb->m_db_socket) {
free(mdb->m_db_socket);
}
+ if (mdb->m_db_ssl_mode) {
+ free(mdb->m_db_ssl_mode);
+ }
if (mdb->m_db_ssl_key) {
free(mdb->m_db_ssl_key);
}
*/
BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user,
const char *db_password, const char *db_address, int db_port, const char *db_socket,
- const char *db_ssl_key, const char *db_ssl_cert, const char *db_ssl_ca,
- const char *db_ssl_capath, const char *db_ssl_cipher,
+ const char *db_ssl_mode, const char *db_ssl_key, const char *db_ssl_cert,
+ const char *db_ssl_ca, const char *db_ssl_capath, const char *db_ssl_cipher,
bool mult_db_connections, bool disable_batch_insert)
{
BDB_POSTGRESQL *mdb = NULL;
}
if (db_socket) {
mdb->m_db_socket = bstrdup(db_socket);
- }
+ }
+ if (db_ssl_mode) {
+ mdb->m_db_ssl_mode = bstrdup(db_ssl_mode);
+ } else {
+ mdb->m_db_ssl_mode = bstrdup("prefer");
+ }
+ if (db_ssl_key) {
+ mdb->m_db_ssl_key = bstrdup(db_ssl_key);
+ }
+ if (db_ssl_cert) {
+ mdb->m_db_ssl_cert = bstrdup(db_ssl_cert);
+ }
+ if (db_ssl_ca) {
+ mdb->m_db_ssl_ca = bstrdup(db_ssl_ca);
+ }
mdb->m_db_port = db_port;
if (disable_batch_insert) {
port = NULL;
}
+ /* Tells libpq that the SSL library has already been initialized */
+ PQinitSSL(0);
+
/* If connection fails, try at 5 sec intervals for 30 seconds. */
for (int retry=0; retry < 6; retry++) {
/* connect to the database */
- mdb->m_db_handle = PQsetdbLogin(
- mdb->m_db_address, /* default = localhost */
- port, /* default port */
- NULL, /* pg options */
- NULL, /* tty, ignored */
- mdb->m_db_name, /* database name */
- mdb->m_db_user, /* login name */
- mdb->m_db_password); /* password */
+ const char *keywords[10] = {"host", "port",
+ "dbname", "user",
+ "password", "sslmode",
+ "sslkey", "sslcert",
+ "sslrootcert", NULL };
+ const char *values[10] = {mdb->m_db_address, /* default localhost */
+ port, /* default port */
+ mdb->m_db_name,
+ mdb->m_db_user,
+ mdb->m_db_password,
+ mdb->m_db_ssl_mode,
+ mdb->m_db_ssl_key,
+ mdb->m_db_ssl_cert,
+ mdb->m_db_ssl_ca,
+ NULL };
+ mdb->m_db_handle = PQconnectdbParams(keywords,
+ values, 0);
/* If no connect, try once more in case it is a timing problem */
if (PQstatus(mdb->m_db_handle) == CONNECTION_OK) {
Dmsg3(dbglvl_info, "db_user=%s db_name=%s db_password=%s\n", mdb->m_db_user, mdb->m_db_name,
mdb->m_db_password==NULL?"(NULL)":mdb->m_db_password);
+#ifdef HAVE_OPENSSL
+ #define USE_OPENSSL 1
+ SSL *ssl;
+ if (PQgetssl(mdb->m_db_handle) != NULL) {
+ Dmsg0(dbglvl_info, "SSL in use\n");
+ ssl = (SSL *)PQgetssl(mdb->m_db_handle);
+ Dmsg2(dbglvl_info, "Version:%s Cipher:%s\n", SSL_get_version(ssl), SSL_get_cipher(ssl));
+ } else {
+ Dmsg0(dbglvl_info, "SSL not in use\n");
+ }
+#endif
+
if (PQstatus(mdb->m_db_handle) != CONNECTION_OK) {
Mmsg2(&mdb->errmsg, _("Unable to connect to PostgreSQL server. Database=%s User=%s\n"
"Possible causes: SQL server not running; password incorrect; max_connections exceeded.\n"),
}
if (mdb->m_db_socket) {
free(mdb->m_db_socket);
- }
+ }
+ if (mdb->m_db_ssl_mode) {
+ free(mdb->m_db_ssl_mode);
+ }
+ if (mdb->m_db_ssl_key) {
+ free(mdb->m_db_ssl_key);
+ }
+ if (mdb->m_db_ssl_cert) {
+ free(mdb->m_db_ssl_cert);
+ }
+ if (mdb->m_db_ssl_ca) {
+ free(mdb->m_db_ssl_ca);
+ }
delete mdb;
if (db_list->size() == 0) {
delete db_list;
BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name,
const char *db_user, const char *db_password,
const char *db_address, int db_port,
- const char *db_socket, const char *db_ssl_key,
+ const char *db_socket,
+ const char *db_ssl_mode, const char *db_ssl_key,
const char *db_ssl_cert, const char *db_ssl_ca,
const char *db_ssl_capath, const char *db_ssl_cipher,
bool mult_db_connections, bool disable_batch_insert);
*/
BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user,
const char *db_password, const char *db_address, int db_port, const char *db_socket,
- const char *db_ssl_key, const char *db_ssl_cert, const char *db_ssl_ca,
+ const char *db_ssl_mode, const char *db_ssl_key,
+ const char *db_ssl_cert, const char *db_ssl_ca,
const char *db_ssl_capath, const char *db_ssl_cipher,
bool mult_db_connections, bool disable_batch_insert)
{
catalog->db_user,
catalog->db_password, catalog->db_address,
catalog->db_port, catalog->db_socket,
- catalog->db_ssl_key, catalog->db_ssl_cert, catalog->db_ssl_ca,
+ catalog->db_ssl_mode, catalog->db_ssl_key,
+ catalog->db_ssl_cert, catalog->db_ssl_ca,
catalog->db_ssl_capath, catalog->db_ssl_cipher,
catalog->mult_db_connections,
catalog->disable_batch_insert);
{"User", store_str, ITEM(res_cat.db_user), 0, 0, 0},
{"DbName", store_str, ITEM(res_cat.db_name), 0, ITEM_REQUIRED, 0},
{"dbdriver", store_str, ITEM(res_cat.db_driver), 0, 0, 0},
+ {"DbSocket", store_str, ITEM(res_cat.db_socket), 0, 0, 0},
+ {"dbsslmode", store_str, ITEM(res_cat.db_ssl_mode), 0, 0, 0},
{"dbsslkey", store_str, ITEM(res_cat.db_ssl_key), 0, 0, 0},
{"dbsslcert", store_str, ITEM(res_cat.db_ssl_cert), 0, 0, 0},
{"dbsslca", store_str, ITEM(res_cat.db_ssl_ca), 0, 0, 0},
if (res->res_cat.db_password) {
free(res->res_cat.db_password);
}
+ if (res->res_cat.db_ssl_mode) {
+ free(res->res_cat.db_ssl_mode);
+ }
if (res->res_cat.db_ssl_key) {
free(res->res_cat.db_ssl_key);
}
char *db_user;
char *db_name;
char *db_driver; /* Select appropriate driver */
+ char *db_ssl_mode; /* specifies the security state of the connection to the server */
char *db_ssl_key; /* the path name to the key file */
char *db_ssl_cert; /* the path name to the certificate file */
char *db_ssl_ca; /* the path name to the certificate authority file */
jcr->db = db_init_database(jcr, jcr->catalog->db_driver, jcr->catalog->db_name,
jcr->catalog->db_user, jcr->catalog->db_password,
jcr->catalog->db_address, jcr->catalog->db_port,
- jcr->catalog->db_socket, jcr->catalog->db_ssl_key,
- jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca,
- jcr->catalog->db_ssl_capath, jcr->catalog->db_ssl_cipher,
+ jcr->catalog->db_socket, jcr->catalog->db_ssl_mode,
+ jcr->catalog->db_ssl_key, jcr->catalog->db_ssl_cert,
+ jcr->catalog->db_ssl_ca, jcr->catalog->db_ssl_capath,
+ jcr->catalog->db_ssl_cipher,
jcr->catalog->mult_db_connections,
jcr->catalog->disable_batch_insert);
if (!jcr->db || !db_open_database(jcr, jcr->db)) {
jcr->db = db_init_database(jcr, jcr->catalog->db_driver, jcr->catalog->db_name,
jcr->catalog->db_user, jcr->catalog->db_password,
jcr->catalog->db_address, jcr->catalog->db_port,
- jcr->catalog->db_socket, jcr->catalog->db_ssl_key,
- jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca,
- jcr->catalog->db_ssl_capath, jcr->catalog->db_ssl_cipher,
+ jcr->catalog->db_socket, jcr->catalog->db_ssl_mode,
+ jcr->catalog->db_ssl_key, jcr->catalog->db_ssl_cert,
+ jcr->catalog->db_ssl_ca, jcr->catalog->db_ssl_capath,
+ jcr->catalog->db_ssl_cipher,
jcr->catalog->mult_db_connections,
jcr->catalog->disable_batch_insert);
if (!jcr->db || !db_open_database(jcr, jcr->db)) {
ua->catalog->db_user,
ua->catalog->db_password, ua->catalog->db_address,
ua->catalog->db_port, ua->catalog->db_socket,
- ua->catalog->db_ssl_key, ua->catalog->db_ssl_cert,
- ua->catalog->db_ssl_ca, ua->catalog->db_ssl_capath,
- ua->catalog->db_ssl_cipher,
- mult_db_conn, ua->catalog->disable_batch_insert);
+ ua->catalog->db_ssl_mode, ua->catalog->db_ssl_key,
+ ua->catalog->db_ssl_cert, ua->catalog->db_ssl_ca,
+ ua->catalog->db_ssl_capath, ua->catalog->db_ssl_cipher,
+ mult_db_conn, ua->catalog->disable_batch_insert);
if (!ua->db || !db_open_database(ua->jcr, ua->db)) {
ua->error_msg(_("Could not open catalog database \"%s\".\n"),
ua->catalog->db_name);
jcr->catalog->db_user,
jcr->catalog->db_password, jcr->catalog->db_address,
jcr->catalog->db_port, jcr->catalog->db_socket,
- jcr->catalog->db_ssl_key, jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca,
+ jcr->catalog->db_ssl_mode, jcr->catalog->db_ssl_key,
+ jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca,
jcr->catalog->db_ssl_capath, jcr->catalog->db_ssl_cipher,
jcr->catalog->mult_db_connections,
jcr->catalog->disable_batch_insert);
static const char *db_user = "bacula";
static const char *db_password = "";
static const char *db_host = NULL;
+static const char *db_ssl_mode = NULL;
static const char *db_ssl_key = NULL;
static const char *db_ssl_cert = NULL;
static const char *db_ssl_ca = NULL;
OSDependentInit();
- while ((ch = getopt(argc, argv, "b:c:d:D:h:p:mn:pP:rsSt:u:vV:w:?")) != -1) {
+ while ((ch = getopt(argc, argv, "b:c:d:D:h:o:k:e:a:p:mn:pP:rsSt:u:vV:w:?")) != -1) {
switch (ch) {
case 'S' :
showProgress = true;
db_host = optarg;
break;
+ case 'o':
+ db_ssl_mode = optarg;
+ break;
+
+ case 'k':
+ db_ssl_key = optarg;
+ break;
+
+ case 'e':
+ db_ssl_cert = optarg;
+ break;
+
+ case 'a':
+ db_ssl_ca = optarg;
+ break;
+
case 't':
db_port = atoi(optarg);
break;
}
db = db_init_database(NULL, db_driver, db_name, db_user, db_password,
- db_host, db_port, NULL,
- db_ssl_key, db_ssl_cert, db_ssl_ca,
+ db_host, db_port, NULL,
+ db_ssl_mode, db_ssl_key,
+ db_ssl_cert, db_ssl_ca,
db_ssl_capath, db_ssl_cipher,
false, false);
if (!db || !db_open_database(NULL, db)) {
static const char *db_user = "bacula";
static const char *db_password = "";
static const char *db_host = NULL;
-static const char *db_ssl_key= NULL;
-static const char *db_ssl_cert= NULL;
-static const char *db_ssl_ca= NULL;
-static const char *db_ssl_capath= NULL;
-static const char *db_ssl_cipher= NULL;
+static const char *db_ssl_mode = NULL;
+static const char *db_ssl_key = NULL;
+static const char *db_ssl_cert = NULL;
+static const char *db_ssl_ca = NULL;
+static const char *db_ssl_capath = NULL;
+static const char *db_ssl_cipher = NULL;
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
OSDependentInit();
- while ((ch = getopt(argc, argv, "bBh:k:e:a:c:d:n:P:Su:vf:w:r:?")) != -1) {
+ while ((ch = getopt(argc, argv, "bBh:o:k:e:a:c:d:n:P:Su:vf:w:r:?")) != -1) {
switch (ch) {
case 'r':
restore_list=bstrdup(optarg);
db_host = optarg;
break;
+ case 'o':
+ db_ssl_mode = optarg;
+ break;
+
case 'k':
db_ssl_key = optarg;
break;
/* To use the -r option, the catalog should already contains records */
if ((db = db_init_database(NULL, NULL, db_name, db_user, db_password,
- db_host, 0, NULL, db_ssl_key, db_ssl_cert,
- db_ssl_ca, db_ssl_capath, db_ssl_cipher,
+ db_host, 0, NULL,
+ db_ssl_mode, db_ssl_key,
+ db_ssl_cert, db_ssl_ca,
+ db_ssl_capath, db_ssl_cipher,
false, !use_batch_insert)) == NULL) {
Emsg0(M_ERROR_TERM, 0, _("Could not init Bacula database\n"));
}
pm_strcpy(bjcr->fileset_md5, "Dummy.fileset.md5");
if ((db = db_init_database(NULL, NULL, db_name, db_user, db_password,
- db_host, 0, NULL, db_ssl_key, db_ssl_cert,
- db_ssl_ca, db_ssl_capath, db_ssl_cipher,
+ db_host, 0, NULL,
+ db_ssl_mode, db_ssl_key,
+ db_ssl_cert, db_ssl_ca,
+ db_ssl_capath, db_ssl_cipher,
false, false)) == NULL) {
Emsg0(M_ERROR_TERM, 0, _("Could not init Bacula database\n"));
}
static const char *db_user = "regress";
static const char *db_password = "";
static const char *db_host = NULL;
+static const char *db_ssl_mode = NULL;
static const char *db_ssl_key = NULL;
static const char *db_ssl_cert = NULL;
static const char *db_ssl_ca = NULL;
OSDependentInit();
- while ((ch = getopt(argc, argv, "h:k:e:a:c:l:d:n:P:Su:vf:w:?j:p:f:T")) != -1) {
+ while ((ch = getopt(argc, argv, "h:o:k:e:a:c:l:d:n:P:Su:vf:w:?j:p:f:T")) != -1) {
switch (ch) {
case 'd': /* debug level */
if (*optarg == 't') {
db_host = optarg;
break;
+ case 'o':
+ db_ssl_mode = optarg;
+ break;
+
case 'k':
db_ssl_key= optarg;
break;
if ((db = db_init_database(NULL, NULL, db_name, db_user, db_password,
db_host, 0, NULL,
- db_ssl_key, db_ssl_cert, db_ssl_ca,
+ db_ssl_mode, db_ssl_key,
+ db_ssl_cert, db_ssl_ca,
db_ssl_capath, db_ssl_cipher,
false, false)) == NULL) {
Emsg0(M_ERROR_TERM, 0, _("Could not init Bacula database\n"));
NULL /* dbi driver */,
db_name, db_user, db_password, db_address, db_port + 100,
NULL /* db_socket */,
- db_ssl_key, db_ssl_cert, db_ssl_ca,
- db_ssl_capath, db_ssl_cipher,
+ db_ssl_mode, db_ssl_key, db_ssl_cert,
+ db_ssl_ca, db_ssl_capath, db_ssl_cipher,
0 /* mult_db_connections */, false);
ok(db != NULL, "Test bad connection");
if (!db) {
NULL /* dbi driver */,
db_name, db_user, db_password, db_address, db_port,
NULL /* db_socket */,
- db_ssl_key, db_ssl_cert, db_ssl_ca,
- db_ssl_capath, db_ssl_cipher,
+ db_ssl_mode, db_ssl_key, db_ssl_cert,
+ db_ssl_ca, db_ssl_capath, db_ssl_cipher,
false /* mult_db_connections */, false);
ok(db != NULL, "Test db connection");
fprintf(stderr,
PROG_COPYRIGHT
"\n%sVersion: %s (%s)\n\n"
-"Usage: dbcheck [-c config ] [-B] [-C catalog name] [-d debug_level] <working-directory> <bacula-database> <user> <password> [<dbhost>] [<dbport>] [<dbport>] [<dbsslkey>] [<dbsslcert>] [<dbsslca>]\n"
+"Usage: dbcheck [-c config ] [-B] [-C catalog name] [-d debug_level] <working-directory> <bacula-database> <user> <password> [<dbhost>] [<dbport>] [<dbport>] [<dbsslmode>] [<dbsslkey>] [<dbsslcert>] [<dbsslca>]\n"
" -b batch mode\n"
" -C catalog name in the director conf file\n"
" -c Director conf filename\n"
{
int ch;
const char *user, *password, *db_name, *dbhost;
- const char *dbsslkey = NULL, *dbsslcert = NULL, *dbsslca = NULL;
+ const char *dbsslmode = NULL, *dbsslkey = NULL, *dbsslcert = NULL, *dbsslca = NULL;
const char *dbsslcapath = NULL, *dbsslcipher = NULL;
int dbport = 0;
bool print_catalog=false;
db = db_init_database(NULL, catalog->db_driver, catalog->db_name, catalog->db_user,
catalog->db_password, catalog->db_address,
catalog->db_port, catalog->db_socket,
- catalog->db_ssl_key, catalog->db_ssl_cert, catalog->db_ssl_ca,
+ catalog->db_ssl_mode,
+ catalog->db_ssl_key, catalog->db_ssl_cert,
+ catalog->db_ssl_ca,
catalog->db_ssl_capath, catalog->db_ssl_cipher,
catalog->mult_db_connections,
catalog->disable_batch_insert);
dbhost = NULL;
}
dbport = catalog->db_port;
+ dbsslmode = catalog->db_ssl_mode;
dbsslkey = catalog->db_ssl_key;
dbsslcert = catalog->db_ssl_cert;
dbsslca = catalog->db_ssl_ca;
dbsslcipher = catalog->db_ssl_cipher;
}
} else {
- if (argc > 9) {
+ if (argc > 10) {
Pmsg0(0, _("Wrong number of arguments.\n"));
usage();
}
exit(1);
}
if (argc >= 7) {
- dbsslkey = argv[6];
- dbsslcert = argv[7];
- if (argc == 9) {
- dbsslca = argv[8];
- } /* if (argc == 9) */
+ dbsslmode = argv[6];
+ if (argc >= 8) {
+ dbsslkey = argv[7];
+ dbsslcert = argv[8];
+ if (argc == 10) {
+ dbsslca = argv[9];
+ } /* if (argc == 10) */
+ } /* if (argc >= 8) */
} /* if (argc >= 7) */
} /* if (argc >= 6) */
} /* if (argc >= 5) */
/* Open database */
db = db_init_database(NULL, NULL, db_name, user, password, dbhost,
- dbport, NULL, dbsslkey, dbsslcert, dbsslca, dbsslcapath, dbsslcipher, false, false);
+ dbport, NULL, dbsslmode, dbsslkey, dbsslcert, dbsslca,
+ dbsslcapath, dbsslcipher, false, false);
+
if (!db || !db_open_database(NULL, db)) {
Emsg1(M_FATAL, 0, "%s", db_strerror(db));
return 1;
return 0;
}
+static void print_catalog_details(CAT *catalog, const char *working_dir)
+{
+ POOLMEM *catalog_details = get_pool_memory(PM_MESSAGE);
+
+ /*
+ * Instantiate a BDB class and see what db_type gets assigned to it.
+ */
+ db = db_init_database(NULL, catalog->db_driver, catalog->db_name, catalog->db_user,
+ catalog->db_password, catalog->db_address,
+ catalog->db_port, catalog->db_socket,
+ catalog->db_ssl_mode, catalog->db_ssl_key,
+ catalog->db_ssl_cert, catalog->db_ssl_ca,
+ catalog->db_ssl_capath, catalog->db_ssl_cipher,
+ catalog->mult_db_connections,
+ catalog->disable_batch_insert);
+ if (db) {
+ printf("%sdb_type=%s\nworking_dir=%s\n", catalog->display(catalog_details),
+ db_get_engine_name(db), working_directory);
+ db_close_database(NULL, db);
+ }
+ free_pool_memory(catalog_details);
+}
+
static void do_interactive_mode()
{
const char *cmd;
projects / bacula / bacula / commitdiff