From 82cdf3bfc226fed55f2af4bec48da6a5d61850ba Mon Sep 17 00:00:00 2001
From: Kern Sibbald <kern@sibbald.com>
Date: Mon, 25 Jun 2007 08:13:53 +0000
Subject: [PATCH] kes  Return correct string from authenticate.cpp in bat when
 connecting      to Dir. kes  Apply patch suggested by Frank Sweetser to fix
 bug #888 --      spurious line drops when using TLS. kes  Do not file reparse
 points when restoring a file that already      exists -- Win32.

git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@5081 91ce42f0-d328-0410-95d8-f526ca767f89
---
 bacula/src/findlib/bfile.c                     |  2 +-
 bacula/src/lib/tls.c                           | 14 +++++---------
 bacula/src/qt-console/console/authenticate.cpp | 18 +++++++++---------
 bacula/src/qt-console/console/console.cpp      |  3 +++
 bacula/src/version.h                           |  4 ++--
 bacula/technotes-2.1                           | 10 +++++++++-
 6 files changed, 29 insertions(+), 22 deletions(-)

diff --git a/bacula/src/findlib/bfile.c b/bacula/src/findlib/bfile.c
index 03b51431b5..4597d42c94 100644
--- a/bacula/src/findlib/bfile.c
+++ b/bacula/src/findlib/bfile.c
@@ -442,7 +442,7 @@ int bopen(BFILE *bfd, const char *fname, int flags, mode_t mode)
    } else if (flags & O_WRONLY) {     /* Open existing for write */
       if (bfd->use_backup_api) {
          dwaccess = GENERIC_WRITE|WRITE_OWNER|WRITE_DAC;
-         dwflags = FILE_FLAG_BACKUP_SEMANTICS;                          
+         dwflags = FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT;
       } else {
          dwaccess = GENERIC_WRITE;
          dwflags = 0;
diff --git a/bacula/src/lib/tls.c b/bacula/src/lib/tls.c
index 1acb404e56..e4f74f9e23 100644
--- a/bacula/src/lib/tls.c
+++ b/bacula/src/lib/tls.c
@@ -552,14 +552,6 @@ void tls_bsock_shutdown(BSOCK *bsock)
     * The first time to initiate the shutdown handshake, and the second to
     * receive the peer's reply.
     *
-    * However, it is valid to close the SSL connection after the initial
-    * shutdown notification is sent to the peer, without waiting for the
-    * peer's reply, as long as you do not plan to re-use that particular
-    * SSL connection object.
-    *
-    * Because we do not re-use SSL connection objects, I do not bother
-    * calling SSL_shutdown a second time.
-    *
     * In addition, if the underlying socket is blocking, SSL_shutdown()
     * will not return until the current stage of the shutdown process has
     * completed or an error has occured. By setting the socket blocking
@@ -572,6 +564,10 @@ void tls_bsock_shutdown(BSOCK *bsock)
    bsock->set_blocking();
 
    err = SSL_shutdown(bsock->tls->openssl);
+   if (err = 0) {
+      /* Complete shutdown */
+      err = SSL_shutdown(bsock->tls->openssl);
+   }
 
    switch (SSL_get_error(bsock->tls->openssl, err)) {
    case SSL_ERROR_NONE:
@@ -581,7 +577,7 @@ void tls_bsock_shutdown(BSOCK *bsock)
       openssl_post_errors(M_ERROR, _("TLS shutdown failure."));
       break;
    default:
-      /* Socket Error Occured */
+      /* Socket Error Occurred */
       openssl_post_errors(M_ERROR, _("TLS shutdown failure."));
       break;
    }
diff --git a/bacula/src/qt-console/console/authenticate.cpp b/bacula/src/qt-console/console/authenticate.cpp
index 9ebdc12f33..1ffd68bdef 100644
--- a/bacula/src/qt-console/console/authenticate.cpp
+++ b/bacula/src/qt-console/console/authenticate.cpp
@@ -53,7 +53,7 @@ static char OKhello[]   = "1000 OK:";
  * Authenticate Director
  */
 bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons, 
-                char *errmsg, int errmsglen) 
+                char *errmsg, int errmsg_len) 
 {
    BSOCK *dir = jcr->dir_bsock;
    int tls_local_need = BNET_TLS_NONE;
@@ -102,14 +102,14 @@ bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons,
    if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
        /* Now challenge dir */
        !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
-      bsnprintf(errmsg, errmsglen, _("Director authorization problem at \"%s:%d\"\n"),
+      bsnprintf(errmsg, errmsg_len, _("Director authorization problem at \"%s:%d\"\n"),
          dir->host(), dir->port());
       goto bail_out;
    }
 
    /* Verify that the remote host is willing to meet our TLS requirements */
    if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
-      bsnprintf(errmsg, errmsglen, _("Authorization problem:"
+      bsnprintf(errmsg, errmsg_len, _("Authorization problem:"
              " Remote server at \"%s:%d\" did not advertise required TLS support.\n"),
              dir->host(), dir->port());
       goto bail_out;
@@ -117,7 +117,7 @@ bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons,
 
    /* Verify that we are willing to meet the remote host's requirements */
    if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
-      bsnprintf(errmsg, errmsglen, _("Authorization problem with Director at \"%s:%d\":"
+      bsnprintf(errmsg, errmsg_len, _("Authorization problem with Director at \"%s:%d\":"
                      " Remote server requires TLS.\n"),
                      dir->host(), dir->port());
 
@@ -129,7 +129,7 @@ bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons,
       if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
          /* Engage TLS! Full Speed Ahead! */
          if (!bnet_tls_client(tls_ctx, dir, NULL)) {
-            bsnprintf(errmsg, errmsglen, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
+            bsnprintf(errmsg, errmsg_len, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
                dir->host(), dir->port());
             goto bail_out;
          }
@@ -139,7 +139,7 @@ bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons,
    Dmsg1(6, ">dird: %s", dir->msg);
    if (dir->recv() <= 0) {
       dir->stop_timer();
-      bsnprintf(errmsg, errmsglen, _("Bad response to Hello command: ERR=%s\n"
+      bsnprintf(errmsg, errmsg_len, _("Bad response to Hello command: ERR=%s\n"
                       "The Director at \"%s:%d\" is probably not running.\n"),
                     dir->bstrerror(), dir->host(), dir->port());
       return false;
@@ -148,17 +148,17 @@ bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons,
    dir->stop_timer();
    Dmsg1(10, "<dird: %s", dir->msg);
    if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) {
-      bsnprintf(errmsg, errmsglen, _("Director at \"%s:%d\" rejected Hello command\n"),
+      bsnprintf(errmsg, errmsg_len, _("Director at \"%s:%d\" rejected Hello command\n"),
          dir->host(), dir->port());
       return false;
    } else {
-      bsnprintf(errmsg, errmsglen, "%s", dir->errmsg);
+      bsnprintf(errmsg, errmsg_len, "%s", dir->msg);
    }
    return true;
 
 bail_out:
    dir->stop_timer();
-   bsnprintf(errmsg, errmsglen, _("Authorization problem with Director at \"%s:%d\"\n"
+   bsnprintf(errmsg, errmsg_len, _("Authorization problem with Director at \"%s:%d\"\n"
              "Most likely the passwords do not agree.\n"
              "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
              "Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help.\n"), 
diff --git a/bacula/src/qt-console/console/console.cpp b/bacula/src/qt-console/console/console.cpp
index 6dea290108..b722e26270 100644
--- a/bacula/src/qt-console/console/console.cpp
+++ b/bacula/src/qt-console/console/console.cpp
@@ -119,6 +119,8 @@ void Console::connect_dir()
    utime_t heart_beat;
    char buf[1024];
    CONRES *cons;
+      
+   buf[0] = 0;
 
    m_textEdit = textEdit;   /* our console screen */
 
@@ -214,6 +216,7 @@ void Console::connect_dir()
       display_text(buf);
       goto bail_out;
    }
+
    if (buf[0]) {
       display_text(buf);
    }
diff --git a/bacula/src/version.h b/bacula/src/version.h
index 6315fe8404..e42fc8a832 100644
--- a/bacula/src/version.h
+++ b/bacula/src/version.h
@@ -4,8 +4,8 @@
 
 #undef  VERSION
 #define VERSION "2.1.22"
-#define BDATE   "24 June 2007"
-#define LSMDATE "24Jun07"
+#define BDATE   "25 June 2007"
+#define LSMDATE "25Jun07"
 
 #define PROG_COPYRIGHT "Copyright (C) %d-2007 Free Software Foundation Europe e.V.\n"
 #define BYEAR "2007"       /* year for copyright messages in progs */
diff --git a/bacula/technotes-2.1 b/bacula/technotes-2.1
index 6beafd1fd5..72dd599d69 100644
--- a/bacula/technotes-2.1
+++ b/bacula/technotes-2.1
@@ -1,7 +1,15 @@
               Technical notes on version 2.1
 
 General:
-Release 2.1.22 beta Win32 binaries only:
+
+Release 2.1.22 beta
+25Jun07
+kes  Return correct string from authenticate.cpp in bat when connecting
+     to Dir.
+kes  Apply patch suggested by Frank Sweetser to fix bug #888 --     
+     spurious line drops when using TLS.  
+kes  Do not file reparse points when restoring a file that already
+     exists -- Win32.
 24Jun07
 kes  Implement Windows reparse points -- similar to directories, but
      we do not descend into it. This is a first cut. They seem to 
-- 
2.39.5