From cb00f6e772795e80c6bcc44addce71096fb3a948 Mon Sep 17 00:00:00 2001 From: "Ana Emilia M. Arruda" Date: Wed, 23 Dec 2015 11:59:51 +0100 Subject: [PATCH] Patch to add MySQL ssl access --- bacula/autoconf/configure.in | 15 +++++ bacula/configure | 16 +++++ bacula/src/cats/bdb.h | 5 ++ bacula/src/cats/bvfs.c | 4 +- bacula/src/cats/cats.c | 13 ++-- bacula/src/cats/cats_null.c | 6 +- bacula/src/cats/grant_mysql_privileges.in | 10 +++- bacula/src/cats/mysql.c | 65 +++++++++++++++++++- bacula/src/cats/postgresql.c | 10 ++-- bacula/src/cats/protos.h | 5 +- bacula/src/cats/sqlite.c | 10 ++-- bacula/src/dird/dird.c | 2 + bacula/src/dird/dird_conf.c | 20 +++++++ bacula/src/dird/dird_conf.h | 5 ++ bacula/src/dird/job.c | 10 +++- bacula/src/dird/ua_cmds.c | 3 + bacula/src/dird/ua_output.c | 2 + bacula/src/stored/bscan.c | 27 ++++++++- bacula/src/tools/bbatch.c | 30 +++++++++- bacula/src/tools/bvfs_test.c | 27 ++++++++- bacula/src/tools/cats_test.c | 4 ++ bacula/src/tools/dbcheck.c | 72 +++++++++++++---------- 22 files changed, 295 insertions(+), 66 deletions(-) diff --git a/bacula/autoconf/configure.in b/bacula/autoconf/configure.in index 0843981068..39a94cf07e 100644 --- a/bacula/autoconf/configure.in +++ b/bacula/autoconf/configure.in @@ -1452,6 +1452,20 @@ AC_ARG_WITH(db_port, ) AC_SUBST(db_port) +dnl +dnl Pickup MySQL SSL options for database user connection +dnl +db_ssl_options= +AC_ARG_WITH(db_ssl_options, + AC_HELP_STRING([--with-db-ssl-options=DBSSLOPTIONS], [specify SSL options for database user connection @<:@default=null@:>@]), + [ + if test "x$withval" != "x" ; then + db_ssl_options=$withval + fi + ] +) +AC_SUBST(db_ssl_options) + # # Handle users and groups for each daemon # @@ -3490,6 +3504,7 @@ Configuration on `date`: Database port: ${db_port} Database name: ${db_name} Database user: ${db_user} + Database SSL options: ${db_ssl_options} Job Output Email: ${job_email} Traceback Email: ${dump_email} diff --git a/bacula/configure b/bacula/configure index e476645341..445dfd59f6 100755 --- a/bacula/configure +++ b/bacula/configure @@ -685,6 +685,7 @@ db_port db_password db_user db_name +db_ssl_options mon_sd_password mon_fd_password mon_dir_password @@ -986,6 +987,7 @@ with_db_name with_db_user with_db_password with_db_port +with_db_ssl_options with_dir_user with_dir_group with_sd_user @@ -23654,6 +23656,19 @@ if test "${with_db_port+set}" = set; then : fi +fi ++db_ssl_options= + + + +# Check whether --with-db_ssl_options was given. +if test "${with_db_ssl_options+set}" = set; then : + withval=$with_db_ssl_options; + if test "x$withval" != "x" ; then + db_ssl_options=$withval + fi + + fi @@ -33730,6 +33745,7 @@ Configuration on `date`: Database port: ${db_port} Database name: ${db_name} Database user: ${db_user} + Database SSL options: ${db_ssl_options} Job Output Email: ${job_email} Traceback Email: ${dump_email} diff --git a/bacula/src/cats/bdb.h b/bacula/src/cats/bdb.h index cc53b4a780..717f0dab90 100644 --- a/bacula/src/cats/bdb.h +++ b/bacula/src/cats/bdb.h @@ -42,6 +42,11 @@ public: char *m_db_driverdir; /* database driver dir */ int m_ref_count; /* reference count */ int m_db_port; /* port for host name address */ + char *m_db_ssl_key; /* path name to the key file */ + char *m_db_ssl_cert; /* path name to the certificate file */ + char *m_db_ssl_ca; /* path name to the certificate authority file */ + char *m_db_ssl_capath; /* path name to a directory that contains trusted SSL CA certificates in PEM format */ + char *m_db_ssl_cipher; /* a list of permissible ciphers to use for SSL encryption */ bool m_disabled_batch_insert; /* explicitly disabled batch insert mode ? */ bool m_dedicated; /* is this connection dedicated? */ bool m_use_fatal_jmsg; /* use Jmsg(M_FATAL) after bad queries? */ diff --git a/bacula/src/cats/bvfs.c b/bacula/src/cats/bvfs.c index 403f063c8d..09dee9803a 100644 --- a/bacula/src/cats/bvfs.c +++ b/bacula/src/cats/bvfs.c @@ -1367,7 +1367,7 @@ bool Bvfs::compute_restore_list(char *fileid, char *dirid, char *hardlink, result[i++] = str_to_int64(row[1]); /* JobId */ result[i++] = str_to_int64(row[2]); /* FilenameId */ result[i++] = str_to_int64(row[3]); /* PathId */ - } + } i=0; while (num > 0) { @@ -1440,5 +1440,5 @@ void Bvfs::insert_missing_delta(char *output_table, int64_t *res) Dmsg1(dbglevel_sql, "Can't exec q=%s\n", db->cmd); } } - + #endif /* HAVE_SQLITE3 || HAVE_MYSQL || HAVE_POSTGRESQL */ diff --git a/bacula/src/cats/cats.c b/bacula/src/cats/cats.c index 4d189d01ce..ccdedd48bc 100644 --- a/bacula/src/cats/cats.c +++ b/bacula/src/cats/cats.c @@ -1,17 +1,17 @@ /* Bacula(R) - The Network Backup Solution - + Copyright (C) 2000-2015 Kern Sibbald Copyright (C) 2000-2014 Free Software Foundation Europe e.V. - + The original author of Bacula is Kern Sibbald, with contributions from many others, a complete list can be found in the file AUTHORS. - + You may use this file and others of this release according to the license defined in the LICENSE file, which includes the Affero General Public License, v3.0 ("AGPLv3") and some additional permissions and terms pursuant to its AGPLv3 Section 7. - + This notice must be preserved when any source code is conveyed and/or propagated. @@ -71,7 +71,10 @@ BDB *BDB::bdb_clone_database_connection(JCR *jcr, bool mult_db_connections) */ return db_init_database(jcr, mdb->m_db_driver, mdb->m_db_name, mdb->m_db_user, mdb->m_db_password, mdb->m_db_address, - mdb->m_db_port, mdb->m_db_socket, true, + mdb->m_db_port, mdb->m_db_socket, + mdb->m_db_ssl_key, mdb->m_db_ssl_cert, + mdb->m_db_ssl_ca, mdb->m_db_ssl_capath, + mdb->m_db_ssl_cipher, true, mdb->m_disabled_batch_insert); } diff --git a/bacula/src/cats/cats_null.c b/bacula/src/cats/cats_null.c index df00f8eaf1..7b83ea7b16 100644 --- a/bacula/src/cats/cats_null.c +++ b/bacula/src/cats/cats_null.c @@ -27,8 +27,10 @@ BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user, const char *db_password, const char *db_address, - int db_port, const char *db_socket, bool mult_db_connections, - bool disable_batch_insert) + int db_port, const char *db_socket, const char *db_ssl_key, + const char *db_ssl_cert, const char *db_ssl_ca, + const char *db_ssl_capath, const char *db_ssl_cipher, + bool mult_db_connections, bool disable_batch_insert) { Jmsg(jcr, M_FATAL, 0, _("Please replace this null libbaccats library with a proper one.\n")); return NULL; diff --git a/bacula/src/cats/grant_mysql_privileges.in b/bacula/src/cats/grant_mysql_privileges.in index f1fcca5a4a..ab85680ade 100644 --- a/bacula/src/cats/grant_mysql_privileges.in +++ b/bacula/src/cats/grant_mysql_privileges.in @@ -12,11 +12,15 @@ db_password=@db_password@ if [ "$db_password" != "" ]; then pass="identified by '$db_password'" fi - +db_ssl_options=@db_ssl_options@ +if [ "$db_ssl_options" != "" ]; then + ssl_options="require $db_ssl_options" +fi + if $bindir/mysql $* -u root -f <m_db_address = bstrdup(db_address); } - if (db_socket) { + if (db_socket) { mdb->m_db_socket = bstrdup(db_socket); } + if (db_ssl_key) { + mdb->m_db_ssl_key = bstrdup(db_ssl_key); + } + if (db_ssl_cert) { + mdb->m_db_ssl_cert = bstrdup(db_ssl_cert); + } + if (db_ssl_ca) { + mdb->m_db_ssl_ca = bstrdup(db_ssl_ca); + } + if (db_ssl_capath) { + mdb->m_db_ssl_capath = bstrdup(db_ssl_capath); + } + if (db_ssl_cipher) { + mdb->m_db_ssl_cipher = bstrdup(db_ssl_cipher); + } mdb->m_db_port = db_port; if (disable_batch_insert) { @@ -200,6 +217,20 @@ bool BDB_MYSQL::bdb_open_database(JCR *jcr) mysql_init(&mdb->m_instance); Dmsg0(50, "mysql_init done\n"); + + /* + * Sets the appropriate certificate options for + * establishing secure connection using SSL to the database. + */ + if (mdb->m_db_ssl_key) { + mysql_ssl_set(&(mdb->m_instance), + mdb->m_db_ssl_key, + mdb->m_db_ssl_cert, + mdb->m_db_ssl_ca, + mdb->m_db_ssl_capath, + mdb->m_db_ssl_cipher); + } + /* * If connection fails, try at 5 sec intervals for 30 seconds. */ @@ -227,7 +258,7 @@ bool BDB_MYSQL::bdb_open_database(JCR *jcr) Dmsg0(50, "mysql_real_connect done\n"); Dmsg3(50, "db_user=%s db_name=%s db_password=%s\n", mdb->m_db_user, mdb->m_db_name, (mdb->m_db_password == NULL) ? "(NULL)" : mdb->m_db_password); - + if (mdb->m_db_handle == NULL) { Mmsg2(&mdb->errmsg, _("Unable to connect to MySQL server.\n" "Database=%s User=%s\n" @@ -244,6 +275,19 @@ bool BDB_MYSQL::bdb_open_database(JCR *jcr) goto get_out; } + /* get the current cipher used for SSL connection */ + if (mdb->m_db_ssl_key) { + const char *cipher; + if (mdb->m_db_ssl_cipher) { + free(mdb->m_db_ssl_cipher); + } + cipher = (const char *)mysql_get_ssl_cipher(&(mdb->m_instance)); + if (cipher) { + mdb->m_db_ssl_cipher = bstrdup(cipher); + } + Dmsg1(50, "db_ssl_ciper=%s\n", (mdb->m_db_ssl_cipher == NULL) ? "(NULL)" : mdb->m_db_ssl_cipher); + } + mdb->m_connected = true; if (!bdb_check_version(jcr)) { goto get_out; @@ -311,7 +355,22 @@ void BDB_MYSQL::bdb_close_database(JCR *jcr) } if (mdb->m_db_socket) { free(mdb->m_db_socket); - } + } + if (mdb->m_db_ssl_key) { + free(mdb->m_db_ssl_key); + } + if (mdb->m_db_ssl_cert) { + free(mdb->m_db_ssl_cert); + } + if (mdb->m_db_ssl_ca) { + free(mdb->m_db_ssl_ca); + } + if (mdb->m_db_ssl_capath) { + free(mdb->m_db_ssl_capath); + } + if (mdb->m_db_ssl_cipher) { + free(mdb->m_db_ssl_cipher); + } delete mdb; if (db_list->size() == 0) { delete db_list; diff --git a/bacula/src/cats/postgresql.c b/bacula/src/cats/postgresql.c index 76ac3ddaab..70d8e6bcb3 100644 --- a/bacula/src/cats/postgresql.c +++ b/bacula/src/cats/postgresql.c @@ -99,11 +99,11 @@ BDB_POSTGRESQL::~BDB_POSTGRESQL() * Initialize database data structure. In principal this should * never have errors, or it is really fatal. */ -BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, - const char *db_user, const char *db_password, - const char *db_address, int db_port, - const char *db_socket, bool mult_db_connections, - bool disable_batch_insert) +BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user, + const char *db_password, const char *db_address, int db_port, const char *db_socket, + const char *db_ssl_key, const char *db_ssl_cert, const char *db_ssl_ca, + const char *db_ssl_capath, const char *db_ssl_cipher, + bool mult_db_connections, bool disable_batch_insert) { BDB_POSTGRESQL *mdb = NULL; diff --git a/bacula/src/cats/protos.h b/bacula/src/cats/protos.h index cc6510c447..5a6a726c95 100644 --- a/bacula/src/cats/protos.h +++ b/bacula/src/cats/protos.h @@ -46,7 +46,10 @@ BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user, const char *db_password, const char *db_address, int db_port, - const char *db_socket, bool mult_db_connections, bool disable_batch_insert); + const char *db_socket, const char *db_ssl_key, + const char *db_ssl_cert, const char *db_ssl_ca, + const char *db_ssl_capath, const char *db_ssl_cipher, + bool mult_db_connections, bool disable_batch_insert); /* Database prototypes and defines */ diff --git a/bacula/src/cats/sqlite.c b/bacula/src/cats/sqlite.c index c47899c448..89f810ed0c 100644 --- a/bacula/src/cats/sqlite.c +++ b/bacula/src/cats/sqlite.c @@ -100,11 +100,11 @@ BDB_SQLITE::~BDB_SQLITE() * Initialize database data structure. In principal this should * never have errors, or it is really fatal. */ -BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, - const char *db_user, const char *db_password, - const char *db_address, int db_port, - const char *db_socket, bool mult_db_connections, - bool disable_batch_insert) +BDB *db_init_database(JCR *jcr, const char *db_driver, const char *db_name, const char *db_user, + const char *db_password, const char *db_address, int db_port, const char *db_socket, + const char *db_ssl_key, const char *db_ssl_cert, const char *db_ssl_ca, + const char *db_ssl_capath, const char *db_ssl_cipher, + bool mult_db_connections, bool disable_batch_insert) { BDB_SQLITE *mdb = NULL; diff --git a/bacula/src/dird/dird.c b/bacula/src/dird/dird.c index 9972341f04..f74097f840 100644 --- a/bacula/src/dird/dird.c +++ b/bacula/src/dird/dird.c @@ -960,6 +960,8 @@ static bool check_catalog(cat_op mode) catalog->db_user, catalog->db_password, catalog->db_address, catalog->db_port, catalog->db_socket, + catalog->db_ssl_key, catalog->db_ssl_cert, catalog->db_ssl_ca, + catalog->db_ssl_capath, catalog->db_ssl_cipher, catalog->mult_db_connections, catalog->disable_batch_insert); if (!db || !db_open_database(NULL, db)) { diff --git a/bacula/src/dird/dird_conf.c b/bacula/src/dird/dird_conf.c index 23cd6cbe43..53fb9a1c71 100644 --- a/bacula/src/dird/dird_conf.c +++ b/bacula/src/dird/dird_conf.c @@ -252,6 +252,11 @@ static RES_ITEM cat_items[] = { {"DbName", store_str, ITEM(res_cat.db_name), 0, ITEM_REQUIRED, 0}, {"dbdriver", store_str, ITEM(res_cat.db_driver), 0, 0, 0}, {"DbSocket", store_str, ITEM(res_cat.db_socket), 0, 0, 0}, + {"dbsslkey", store_str, ITEM(res_cat.db_ssl_key), 0, 0, 0}, + {"dbsslcert", store_str, ITEM(res_cat.db_ssl_cert), 0, 0, 0}, + {"dbsslca", store_str, ITEM(res_cat.db_ssl_ca), 0, 0, 0}, + {"dbsslcapath", store_str, ITEM(res_cat.db_ssl_capath), 0, 0, 0}, + {"dbsslcipher", store_str, ITEM(res_cat.db_ssl_cipher), 0, 0, 0}, /* Turned off for the moment */ {"MultipleConnections", store_bit, ITEM(res_cat.mult_db_connections), 0, 0, 0}, {"DisableBatchInsert", store_bool, ITEM(res_cat.disable_batch_insert), 0, ITEM_DEFAULT, false}, @@ -1311,6 +1316,21 @@ void free_resource(RES *rres, int type) if (res->res_cat.db_password) { free(res->res_cat.db_password); } + if (res->res_cat.db_ssl_key) { + free(res->res_cat.db_ssl_key); + } + if (res->res_cat.db_ssl_cert) { + free(res->res_cat.db_ssl_cert); + } + if (res->res_cat.db_ssl_ca) { + free(res->res_cat.db_ssl_ca); + } + if (res->res_cat.db_ssl_capath) { + free(res->res_cat.db_ssl_capath); + } + if (res->res_cat.db_ssl_cipher) { + free(res->res_cat.db_ssl_cipher); + } break; case R_FILESET: if ((num=res->res_fs.num_includes)) { diff --git a/bacula/src/dird/dird_conf.h b/bacula/src/dird/dird_conf.h index 90700e58b7..b1101bd04c 100644 --- a/bacula/src/dird/dird_conf.h +++ b/bacula/src/dird/dird_conf.h @@ -228,6 +228,11 @@ public: char *db_user; char *db_name; char *db_driver; /* Select appropriate driver */ + char *db_ssl_key; /* the path name to the key file */ + char *db_ssl_cert; /* the path name to the certificate file */ + char *db_ssl_ca; /* the path name to the certificate authority file */ + char *db_ssl_capath; /* the path name to a directory that contains trusted SSL CA certificates in PEM format */ + char *db_ssl_cipher; /* a list of permissible ciphers to use for SSL encryption */ uint32_t mult_db_connections; /* set for multiple db connections */ bool disable_batch_insert; /* set to disable batch inserts */ diff --git a/bacula/src/dird/job.c b/bacula/src/dird/job.c index d45f55ceca..2290a2bf1a 100644 --- a/bacula/src/dird/job.c +++ b/bacula/src/dird/job.c @@ -118,7 +118,10 @@ bool setup_job(JCR *jcr) jcr->db = db_init_database(jcr, jcr->catalog->db_driver, jcr->catalog->db_name, jcr->catalog->db_user, jcr->catalog->db_password, jcr->catalog->db_address, jcr->catalog->db_port, - jcr->catalog->db_socket, jcr->catalog->mult_db_connections, + jcr->catalog->db_socket, jcr->catalog->db_ssl_key, + jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca, + jcr->catalog->db_ssl_capath, jcr->catalog->db_ssl_cipher, + jcr->catalog->mult_db_connections, jcr->catalog->disable_batch_insert); if (!jcr->db || !db_open_database(jcr, jcr->db)) { Jmsg(jcr, M_FATAL, 0, _("Could not open database \"%s\".\n"), @@ -266,7 +269,10 @@ static bool setup_resume_job(JCR *jcr, JOB_DBR *jr) jcr->db = db_init_database(jcr, jcr->catalog->db_driver, jcr->catalog->db_name, jcr->catalog->db_user, jcr->catalog->db_password, jcr->catalog->db_address, jcr->catalog->db_port, - jcr->catalog->db_socket, jcr->catalog->mult_db_connections, + jcr->catalog->db_socket, jcr->catalog->db_ssl_key, + jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca, + jcr->catalog->db_ssl_capath, jcr->catalog->db_ssl_cipher, + jcr->catalog->mult_db_connections, jcr->catalog->disable_batch_insert); if (!jcr->db || !db_open_database(jcr, jcr->db)) { Jmsg(jcr, M_FATAL, 0, _("Could not open database \"%s\".\n"), diff --git a/bacula/src/dird/ua_cmds.c b/bacula/src/dird/ua_cmds.c index 0774d316ca..33b93afcb4 100644 --- a/bacula/src/dird/ua_cmds.c +++ b/bacula/src/dird/ua_cmds.c @@ -2211,6 +2211,9 @@ bool open_db(UAContext *ua) ua->catalog->db_user, ua->catalog->db_password, ua->catalog->db_address, ua->catalog->db_port, ua->catalog->db_socket, + ua->catalog->db_ssl_key, ua->catalog->db_ssl_cert, + ua->catalog->db_ssl_ca, ua->catalog->db_ssl_capath, + ua->catalog->db_ssl_cipher, mult_db_conn, ua->catalog->disable_batch_insert); if (!ua->db || !db_open_database(ua->jcr, ua->db)) { ua->error_msg(_("Could not open catalog database \"%s\".\n"), diff --git a/bacula/src/dird/ua_output.c b/bacula/src/dird/ua_output.c index b0fcfc388e..45fab76525 100644 --- a/bacula/src/dird/ua_output.c +++ b/bacula/src/dird/ua_output.c @@ -815,6 +815,8 @@ bool complete_jcr_for_job(JCR *jcr, JOB *job, POOL *pool) jcr->catalog->db_user, jcr->catalog->db_password, jcr->catalog->db_address, jcr->catalog->db_port, jcr->catalog->db_socket, + jcr->catalog->db_ssl_key, jcr->catalog->db_ssl_cert, jcr->catalog->db_ssl_ca, + jcr->catalog->db_ssl_capath, jcr->catalog->db_ssl_cipher, jcr->catalog->mult_db_connections, jcr->catalog->disable_batch_insert); if (!jcr->db || !db_open_database(jcr, jcr->db)) { diff --git a/bacula/src/stored/bscan.c b/bacula/src/stored/bscan.c index 3702b88d2d..4757fb0d64 100644 --- a/bacula/src/stored/bscan.c +++ b/bacula/src/stored/bscan.c @@ -76,6 +76,11 @@ static const char *db_name = "bacula"; static const char *db_user = "bacula"; static const char *db_password = ""; static const char *db_host = NULL; +static const char *db_ssl_key = NULL; +static const char *db_ssl_cert = NULL; +static const char *db_ssl_ca = NULL; +static const char *db_ssl_capath = NULL; +static const char *db_ssl_cipher = NULL; static int db_port = 0; static const char *wd = NULL; static bool update_db = false; @@ -117,6 +122,9 @@ PROG_COPYRIGHT " -u specify database user name (default bacula)\n" " -P specify database password (default none)\n" " -h specify database host (default NULL)\n" +" -k path name to the key file (default NULL)\n" +" -e path name to the certificate file (default NULL)\n" +" -a path name to the CA certificate file (default NULL)\n" " -t specify database port (default 0)\n" " -p proceed inspite of I/O errors\n" " -r list records\n" @@ -147,7 +155,7 @@ int main (int argc, char *argv[]) OSDependentInit(); - while ((ch = getopt(argc, argv, "b:c:d:D:h:p:mn:pP:rsSt:u:vV:w:?")) != -1) { + while ((ch = getopt(argc, argv, "b:c:d:D:h:k:e:a:p:mn:pP:rsSt:u:vV:w:?")) != -1) { switch (ch) { case 'S' : showProgress = true; @@ -182,6 +190,18 @@ int main (int argc, char *argv[]) db_host = optarg; break; + case 'k': + db_ssl_key = optarg; + break; + + case 'e': + db_ssl_cert = optarg; + break; + + case 'a': + db_ssl_ca = optarg; + break; + case 't': db_port = atoi(optarg); break; @@ -284,7 +304,10 @@ int main (int argc, char *argv[]) } db = db_init_database(NULL, db_driver, db_name, db_user, db_password, - db_host, db_port, NULL, false, false); + db_host, db_port, NULL, + db_ssl_key, db_ssl_cert, db_ssl_ca, + db_ssl_capath, db_ssl_cipher, + false, false); if (!db || !db_open_database(NULL, db)) { Pmsg2(000, _("Could not open Catalog \"%s\", database \"%s\".\n"), db_driver, db_name); diff --git a/bacula/src/tools/bbatch.c b/bacula/src/tools/bbatch.c index 9542648e4d..1d4ac8da1d 100644 --- a/bacula/src/tools/bbatch.c +++ b/bacula/src/tools/bbatch.c @@ -58,6 +58,11 @@ static const char *db_name = "bacula"; static const char *db_user = "bacula"; static const char *db_password = ""; static const char *db_host = NULL; +static const char *db_ssl_key= NULL; +static const char *db_ssl_cert= NULL; +static const char *db_ssl_ca= NULL; +static const char *db_ssl_capath= NULL; +static const char *db_ssl_cipher= NULL; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; @@ -78,6 +83,9 @@ PROG_COPYRIGHT " -u specify database user name (default bacula)\n" " -P specify database host (default NULL)\n" +" -k path name to the key file (default NULL)\n" +" -e path name to the certificate file (default NULL)\n" +" -a path name to the CA certificate file (default NULL)\n" " -w specify working directory\n" " -r call restore code with given jobids\n" " -v verbose\n" @@ -114,7 +122,7 @@ int main (int argc, char *argv[]) OSDependentInit(); - while ((ch = getopt(argc, argv, "bBh:c:d:n:P:Su:vf:w:r:?")) != -1) { + while ((ch = getopt(argc, argv, "bBh:k:e:a:c:d:n:P:Su:vf:w:r:?")) != -1) { switch (ch) { case 'r': restore_list=bstrdup(optarg); @@ -140,6 +148,18 @@ int main (int argc, char *argv[]) db_host = optarg; break; + case 'k': + db_ssl_key = optarg; + break; + + case 'e': + db_ssl_cert = optarg; + break; + + case 'a': + db_ssl_ca = optarg; + break; + case 'n': db_name = optarg; break; @@ -186,7 +206,9 @@ int main (int argc, char *argv[]) /* To use the -r option, the catalog should already contains records */ if ((db = db_init_database(NULL, NULL, db_name, db_user, db_password, - db_host, 0, NULL, false, disable_batch)) == NULL) { + db_host, 0, NULL, db_ssl_key, db_ssl_cert, + db_ssl_ca, db_ssl_capath, db_ssl_cipher, + false, disable_batch)) == NULL) { Emsg0(M_ERROR_TERM, 0, _("Could not init Bacula database\n")); } if (!db_open_database(NULL, db)) { @@ -235,7 +257,9 @@ int main (int argc, char *argv[]) pm_strcpy(bjcr->fileset_md5, "Dummy.fileset.md5"); if ((db = db_init_database(NULL, NULL, db_name, db_user, db_password, - db_host, 0, NULL, false, false)) == NULL) { + db_host, 0, NULL, db_ssl_key, db_ssl_cert, + db_ssl_ca, db_ssl_capath, db_ssl_cipher, + false, false)) == NULL) { Emsg0(M_ERROR_TERM, 0, _("Could not init Bacula database\n")); } if (!db_open_database(NULL, db)) { diff --git a/bacula/src/tools/bvfs_test.c b/bacula/src/tools/bvfs_test.c index b2a7ed04ee..3ac32537b7 100644 --- a/bacula/src/tools/bvfs_test.c +++ b/bacula/src/tools/bvfs_test.c @@ -39,6 +39,11 @@ static const char *db_name = "regress"; static const char *db_user = "regress"; static const char *db_password = ""; static const char *db_host = NULL; +static const char *db_ssl_key = NULL; +static const char *db_ssl_cert = NULL; +static const char *db_ssl_ca = NULL; +static const char *db_ssl_capath = NULL; +static const char *db_ssl_cipher = NULL; static void usage() { @@ -51,6 +56,9 @@ PROG_COPYRIGHT " -u specify database user name (default bacula)\n" " -P specify database host (default NULL)\n" +" -k path name to the key file (default NULL)\n" +" -e path name to the certificate file (default NULL)\n" +" -a path name to the CA certificate file (default NULL)\n" " -w specify working directory\n" " -j specify jobids\n" " -p specify path\n" @@ -119,7 +127,7 @@ int main (int argc, char *argv[]) OSDependentInit(); - while ((ch = getopt(argc, argv, "h:c:l:d:n:P:Su:vf:w:?j:p:f:T")) != -1) { + while ((ch = getopt(argc, argv, "h:k:e:a:c:l:d:n:P:Su:vf:w:?j:p:f:T")) != -1) { switch (ch) { case 'd': /* debug level */ if (*optarg == 't') { @@ -143,6 +151,18 @@ int main (int argc, char *argv[]) db_host = optarg; break; + case 'k': + db_ssl_key= optarg; + break; + + case 'e': + db_ssl_cert= optarg; + break; + + case 'a': + db_ssl_ca= optarg; + break; + case 'n': db_name = optarg; break; @@ -202,7 +222,10 @@ int main (int argc, char *argv[]) bstrncpy(bjcr->Job, "bvfs_test", sizeof(bjcr->Job)); if ((db = db_init_database(NULL, NULL, db_name, db_user, db_password, - db_host, 0, NULL, false, false)) == NULL) { + db_host, 0, NULL, + db_ssl_key, db_ssl_cert, db_ssl_ca, + db_ssl_capath, db_ssl_cipher, + false, false)) == NULL) { Emsg0(M_ERROR_TERM, 0, _("Could not init Bacula database\n")); } Dmsg1(0, "db_type=%s\n", db_get_engine_name(db)); diff --git a/bacula/src/tools/cats_test.c b/bacula/src/tools/cats_test.c index f204aa0cf0..c51f21fbe9 100644 --- a/bacula/src/tools/cats_test.c +++ b/bacula/src/tools/cats_test.c @@ -340,6 +340,8 @@ int main (int argc, char *argv[]) NULL /* dbi driver */, db_name, db_user, db_password, db_address, db_port + 100, NULL /* db_socket */, + db_ssl_key, db_ssl_cert, db_ssl_ca, + db_ssl_capath, db_ssl_cipher, 0 /* mult_db_connections */, false); ok(db != NULL, "Test bad connection"); if (!db) { @@ -354,6 +356,8 @@ int main (int argc, char *argv[]) NULL /* dbi driver */, db_name, db_user, db_password, db_address, db_port, NULL /* db_socket */, + db_ssl_key, db_ssl_cert, db_ssl_ca, + db_ssl_capath, db_ssl_cipher, false /* mult_db_connections */, false); ok(db != NULL, "Test db connection"); diff --git a/bacula/src/tools/dbcheck.c b/bacula/src/tools/dbcheck.c index 5d50e2e8cd..73ea9920d1 100644 --- a/bacula/src/tools/dbcheck.c +++ b/bacula/src/tools/dbcheck.c @@ -100,7 +100,7 @@ static void usage() fprintf(stderr, PROG_COPYRIGHT "\n%sVersion: %s (%s)\n\n" -"Usage: dbcheck [-c config ] [-B] [-C catalog name] [-d debug_level] [] []\n" +"Usage: dbcheck [-c config ] [-B] [-C catalog name] [-d debug_level] [] [] [] [] [] []\n" " -b batch mode\n" " -C catalog name in the director conf file\n" " -c Director conf filename\n" @@ -120,6 +120,8 @@ int main (int argc, char *argv[]) { int ch; const char *user, *password, *db_name, *dbhost; + const char *dbsslkey = NULL, *dbsslcert = NULL, *dbsslca = NULL; + const char *dbsslcapath = NULL, *dbsslcipher = NULL; int dbport = 0; bool print_catalog=false; char *configfile = NULL; @@ -230,9 +232,14 @@ int main (int argc, char *argv[]) dbhost = NULL; } dbport = catalog->db_port; + dbsslkey = catalog->db_ssl_key; + dbsslcert = catalog->db_ssl_cert; + dbsslca = catalog->db_ssl_ca; + dbsslcapath = catalog->db_ssl_capath; + dbsslcipher = catalog->db_ssl_cipher; } } else { - if (argc > 6) { + if (argc > 9) { Pmsg0(0, _("Wrong number of arguments.\n")); usage(); } @@ -251,42 +258,43 @@ int main (int argc, char *argv[]) password = ""; dbhost = NULL; - if (argc == 2) { + if (argc >= 2) { db_name = argv[1]; user = db_name; - } else if (argc == 3) { - db_name = argv[1]; - user = argv[2]; - } else if (argc == 4) { - db_name = argv[1]; - user = argv[2]; - password = argv[3]; - } else if (argc == 5) { - db_name = argv[1]; - user = argv[2]; - password = argv[3]; - dbhost = argv[4]; - } else if (argc == 6) { - db_name = argv[1]; - user = argv[2]; - password = argv[3]; - dbhost = argv[4]; - errno = 0; - dbport = strtol(argv[5], &endptr, 10); - if (*endptr != '\0') { - Pmsg0(0, _("Database port must be a numeric value.\n")); - exit(1); - } else if (errno == ERANGE) { - Pmsg0(0, _("Database port must be a int value.\n")); - exit(1); - } - } + if (argc >= 3) { + user = argv[2]; + if (argc >= 4) { + password = argv[3]; + if (argc >= 5) { + dbhost = argv[4]; + if (argc >= 6) { + errno = 0; + dbport = strtol(argv[5], &endptr, 10); + if (*endptr != '\0') { + Pmsg0(0, _("Database port must be a numeric value.\n")); + exit(1); + } else if (errno == ERANGE) { + Pmsg0(0, _("Database port must be a int value.\n")); + exit(1); + } + if (argc >= 7) { + dbsslkey = argv[6]; + dbsslcert = argv[7]; + if (argc == 9) { + dbsslca = argv[8]; + } /* if (argc == 9) */ + } /* if (argc >= 7) */ + } /* if (argc >= 6) */ + } /* if (argc >= 5) */ + } /* if (argc >= 4) */ + } /* if (argc >= 3) */ + } /* if (argc >= 2) */ } /* * Open database */ - db = db_init_database(NULL, NULL, db_name, user, password, dbhost, dbport, NULL, false, false); + db = db_init_database(NULL, NULL, db_name, user, password, dbhost, dbport, NULL, dbsslkey, dbsslcert, dbsslca, dbsslcapath, dbsslcipher, false, false); if (!db || !db_open_database(NULL, db)) { Emsg1(M_FATAL, 0, "%s", db_strerror(db)); return 1; @@ -337,6 +345,8 @@ static void print_catalog_details(CAT *catalog, const char *working_dir) db = db_init_database(NULL, catalog->db_driver, catalog->db_name, catalog->db_user, catalog->db_password, catalog->db_address, catalog->db_port, catalog->db_socket, + catalog->db_ssl_key, catalog->db_ssl_cert, catalog->db_ssl_ca, + catalog->db_ssl_capath, catalog->db_ssl_cipher, catalog->mult_db_connections, catalog->disable_batch_insert); if (db) { -- 2.39.5