python-bareos 23.0.2__py3-none-any.whl → 23.0.4__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- bareos/VERSION.txt +1 -1
- bareos/bsock/__init__.py +31 -18
- bareos/bsock/directorconsole.py +9 -7
- bareos/bsock/lowlevel.py +46 -28
- bareos/bsock/protocolversions.py +4 -2
- bareos/bsock/tlsversionparser.py +2 -2
- bareos/util/argparse.py +8 -0
- {python_bareos-23.0.2.data → python_bareos-23.0.4.data}/scripts/bareos-fd-connect.py +1 -1
- {python_bareos-23.0.2.dist-info → python_bareos-23.0.4.dist-info}/METADATA +40 -26
- {python_bareos-23.0.2.dist-info → python_bareos-23.0.4.dist-info}/RECORD +15 -15
- {python_bareos-23.0.2.dist-info → python_bareos-23.0.4.dist-info}/WHEEL +1 -1
- {python_bareos-23.0.2.data → python_bareos-23.0.4.data}/scripts/bconsole-json.py +0 -0
- {python_bareos-23.0.2.data → python_bareos-23.0.4.data}/scripts/bconsole.py +0 -0
- {python_bareos-23.0.2.dist-info → python_bareos-23.0.4.dist-info}/LICENSE.txt +0 -0
- {python_bareos-23.0.2.dist-info → python_bareos-23.0.4.dist-info}/top_level.txt +0 -0
bareos/VERSION.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
23.0.
|
|
1
|
+
23.0.4
|
bareos/bsock/__init__.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# BAREOS - Backup Archiving REcovery Open Sourced
|
|
2
2
|
#
|
|
3
|
-
# Copyright (C) 2016-
|
|
3
|
+
# Copyright (C) 2016-2024 Bareos GmbH & Co. KG
|
|
4
4
|
#
|
|
5
5
|
# This program is Free Software; you can redistribute it and/or
|
|
6
6
|
# modify it under the terms of version three of the GNU Affero General Public
|
|
@@ -17,17 +17,18 @@
|
|
|
17
17
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
18
18
|
# 02110-1301, USA.
|
|
19
19
|
|
|
20
|
-
"""Module to access a
|
|
20
|
+
"""Module to access a https://www.bareos.com backup system.
|
|
21
21
|
|
|
22
22
|
.. note::
|
|
23
23
|
|
|
24
|
-
By default, the Bareos Director (>= 18.2.4)
|
|
24
|
+
By default, the Bareos Director (>= 18.2.4)
|
|
25
|
+
uses TLS-PSK when communicating through the network.
|
|
25
26
|
|
|
26
|
-
|
|
27
|
-
does
|
|
28
|
-
For testing this module should be used without TLS.
|
|
27
|
+
The Python (https://github.com/python/cpython) core module ``ssl``
|
|
28
|
+
does support TLS-PSK only since Python >= 3.13.
|
|
29
29
|
The section `Transport Encryption (TLS-PSK)`_ describes
|
|
30
30
|
how to use TLS-PSK and about the limitations.
|
|
31
|
+
For testing this module can also be used without TLS.
|
|
31
32
|
|
|
32
33
|
|
|
33
34
|
Preparations
|
|
@@ -44,7 +45,7 @@ Create some named consoles for testing:
|
|
|
44
45
|
|
|
45
46
|
This creates a console user with name `user1` and the profile `operator`.
|
|
46
47
|
The `operator` profile is a default profile that comes with the Bareos Director.
|
|
47
|
-
It does allow most commands
|
|
48
|
+
It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
|
|
48
49
|
so it is well suited for this purpose.
|
|
49
50
|
Futhermore, TLS enforcement is disabled for this console user.
|
|
50
51
|
|
|
@@ -119,6 +120,7 @@ Example:
|
|
|
119
120
|
Full
|
|
120
121
|
Differential
|
|
121
122
|
|
|
123
|
+
|
|
122
124
|
The results the the `call` method is a ``dict`` object.
|
|
123
125
|
|
|
124
126
|
In case of an error, an exception, derived from :py:class:`bareos.exceptions.Error` is raised.
|
|
@@ -142,22 +144,25 @@ Transport Encryption (TLS-PSK)
|
|
|
142
144
|
|
|
143
145
|
Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
|
|
144
146
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
+
Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
|
|
148
|
+
For some older versions of Python,
|
|
149
|
+
the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
|
|
147
150
|
|
|
148
151
|
Fallback To Unencrypted Connections
|
|
149
152
|
-----------------------------------
|
|
150
153
|
|
|
151
|
-
|
|
152
|
-
|
|
154
|
+
Normally `DirectorConsole` tries to connect using the latest known protocol version.
|
|
155
|
+
In order to allow connections in more environments,
|
|
156
|
+
the `DirectorConsole` can fall back to older protocol versions.
|
|
157
|
+
Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
|
|
153
158
|
If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
|
|
154
|
-
|
|
159
|
+
Depending on your bareos-director configuration, unencrypted connections will be accepted:
|
|
155
160
|
|
|
156
161
|
.. code:: python
|
|
157
162
|
|
|
158
163
|
>>> import bareos.bsock
|
|
159
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available
|
|
160
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
|
|
164
|
+
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
|
|
165
|
+
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
|
|
161
166
|
socket error: Conversation terminated (-4)
|
|
162
167
|
Failed to connect using protocol version 2. Trying protocol version 1.
|
|
163
168
|
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
@@ -172,7 +177,7 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
|
172
177
|
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
|
|
173
178
|
Traceback (most recent call last):
|
|
174
179
|
...
|
|
175
|
-
bareos.exceptions.ConnectionError: TLS-PSK is required, but
|
|
180
|
+
bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
|
|
176
181
|
|
|
177
182
|
|
|
178
183
|
In this case, an exception is raised, if the connection can not be established via TLS-PSK.
|
|
@@ -183,10 +188,18 @@ sslpsk
|
|
|
183
188
|
The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
|
|
184
189
|
extends the core module `ssl` by TLS-PSK.
|
|
185
190
|
|
|
186
|
-
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
191
|
+
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
192
|
+
which is not working with Python >= 3.
|
|
193
|
+
|
|
194
|
+
For using `python-bareos` with TLS-PSK with
|
|
195
|
+
Python >= 3 and Python <= 3.9
|
|
196
|
+
the latest version must by installed manually.
|
|
197
|
+
At the time of writing, even the latest version
|
|
198
|
+
(https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
|
|
199
|
+
does not support Python >= 3.10.
|
|
200
|
+
However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
|
|
187
201
|
|
|
188
|
-
|
|
189
|
-
the latest version must by installed manually:
|
|
202
|
+
Installing the `sslpsk` module manually:
|
|
190
203
|
|
|
191
204
|
.. code:: shell
|
|
192
205
|
|
bareos/bsock/directorconsole.py
CHANGED
|
@@ -68,7 +68,7 @@ class DirectorConsole(LowLevel):
|
|
|
68
68
|
group.add_argument(
|
|
69
69
|
"--name",
|
|
70
70
|
default="*UserAgent*",
|
|
71
|
-
help='use this to access a specific Bareos director named console. Otherwise it connects to the default console ("
|
|
71
|
+
help='use this to access a specific Bareos director named console. Otherwise it connects to the default console ("%(default)s").',
|
|
72
72
|
dest="BAREOS_name",
|
|
73
73
|
)
|
|
74
74
|
|
|
@@ -83,7 +83,7 @@ class DirectorConsole(LowLevel):
|
|
|
83
83
|
group.add_argument(
|
|
84
84
|
"--port",
|
|
85
85
|
default=9101,
|
|
86
|
-
help="Bareos Director network port.",
|
|
86
|
+
help="Bareos Director network port. Default: %(default)s.",
|
|
87
87
|
dest="BAREOS_port",
|
|
88
88
|
)
|
|
89
89
|
|
|
@@ -91,7 +91,7 @@ class DirectorConsole(LowLevel):
|
|
|
91
91
|
group.add_argument(
|
|
92
92
|
"--address",
|
|
93
93
|
default="localhost",
|
|
94
|
-
help="Bareos Director network address.",
|
|
94
|
+
help="Bareos Director network address. Default: %(default)s.",
|
|
95
95
|
dest="BAREOS_address",
|
|
96
96
|
)
|
|
97
97
|
|
|
@@ -104,9 +104,11 @@ class DirectorConsole(LowLevel):
|
|
|
104
104
|
|
|
105
105
|
group.add_argument(
|
|
106
106
|
"--protocolversion",
|
|
107
|
-
default=ProtocolVersions.last,
|
|
108
107
|
type=int,
|
|
109
|
-
|
|
108
|
+
choices=set(protocolversion.value for protocolversion in ProtocolVersions)
|
|
109
|
+
| set([0]),
|
|
110
|
+
default=ProtocolVersions.last.value,
|
|
111
|
+
help="Specify the Bareos console protocol version (0: auto-detect, %(default)s: latest). Default: %(default)s.",
|
|
110
112
|
dest="BAREOS_protocolversion",
|
|
111
113
|
)
|
|
112
114
|
|
|
@@ -124,7 +126,7 @@ class DirectorConsole(LowLevel):
|
|
|
124
126
|
|
|
125
127
|
group.add_argument(
|
|
126
128
|
"--tls-psk-require",
|
|
127
|
-
help="Allow only encrypted connections. Default:
|
|
129
|
+
help="Allow only encrypted connections. Default: %(default)s.",
|
|
128
130
|
action="store_true",
|
|
129
131
|
dest="BAREOS_tls_psk_require",
|
|
130
132
|
)
|
|
@@ -192,7 +194,7 @@ class DirectorConsole(LowLevel):
|
|
|
192
194
|
if tls_version is not None:
|
|
193
195
|
self.tls_version = tls_version
|
|
194
196
|
self.identity_prefix = "R_CONSOLE"
|
|
195
|
-
if protocolversion is not None:
|
|
197
|
+
if protocolversion is not None and protocolversion > 0:
|
|
196
198
|
self.requested_protocol_version = int(protocolversion)
|
|
197
199
|
self.protocol_messages.set_version(self.requested_protocol_version)
|
|
198
200
|
self.connect(
|
bareos/bsock/lowlevel.py
CHANGED
|
@@ -46,17 +46,26 @@ from bareos.util.bareosbase64 import BareosBase64
|
|
|
46
46
|
from bareos.util.password import Password
|
|
47
47
|
import bareos.exceptions
|
|
48
48
|
|
|
49
|
-
#
|
|
50
|
-
#
|
|
51
|
-
#
|
|
52
|
-
#
|
|
49
|
+
# The ssl module support TLS-PSK (Transport Layer Security - Pre-Shared-Key)
|
|
50
|
+
# since Python >= 3.13.
|
|
51
|
+
# For some older Python versions, the TLS-PSK functionality
|
|
52
|
+
# can be added by the sslpsk module,
|
|
53
|
+
# with implement TLS-PSK on top of the ssl module.
|
|
54
|
+
# If it is also not available, we continue anyway,
|
|
53
55
|
# but don't use TLS-PSK.
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
56
|
+
if not getattr(ssl, "HAS_PSK", False):
|
|
57
|
+
|
|
58
|
+
def format_warning_short(message, category, filename, lineno, line=""):
|
|
59
|
+
return f"{category.__name__}: {message}\n"
|
|
60
|
+
|
|
61
|
+
warnings.formatwarning = format_warning_short
|
|
62
|
+
try:
|
|
63
|
+
import sslpsk
|
|
64
|
+
except ImportError:
|
|
65
|
+
warnings.warn(
|
|
66
|
+
"Connection encryption via TLS-PSK is not available "
|
|
67
|
+
"(not available in 'ssl' and extra module 'sslpsk' is not installed)."
|
|
68
|
+
)
|
|
60
69
|
|
|
61
70
|
|
|
62
71
|
class LowLevel(object):
|
|
@@ -182,7 +191,7 @@ class LowLevel(object):
|
|
|
182
191
|
if self.tls_psk_require:
|
|
183
192
|
if not self.is_tls_psk_available():
|
|
184
193
|
raise bareos.exceptions.ConnectionError(
|
|
185
|
-
"TLS-PSK is required, but
|
|
194
|
+
"TLS-PSK is required, but not available."
|
|
186
195
|
)
|
|
187
196
|
if not self.tls_psk_enable:
|
|
188
197
|
raise bareos.exceptions.ConnectionError(
|
|
@@ -267,23 +276,32 @@ class LowLevel(object):
|
|
|
267
276
|
else:
|
|
268
277
|
raise bareos.exceptions.ConnectionError("No password provided.")
|
|
269
278
|
self.logger.debug("identity = {0}, password = {1}".format(identity, password))
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
)
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
279
|
+
ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
|
|
280
|
+
|
|
281
|
+
if getattr(ssl, "HAS_PSK", False):
|
|
282
|
+
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
283
|
+
context.check_hostname = False
|
|
284
|
+
context.set_ciphers(ciphers)
|
|
285
|
+
context.set_psk_client_callback(lambda hint: (identity, password))
|
|
286
|
+
self.socket = context.wrap_socket(client_socket, server_side=False)
|
|
287
|
+
else:
|
|
288
|
+
try:
|
|
289
|
+
self.socket = sslpsk.wrap_socket(
|
|
290
|
+
client_socket,
|
|
291
|
+
ssl_version=self.tls_version,
|
|
292
|
+
ciphers=ciphers,
|
|
293
|
+
psk=(password, identity),
|
|
294
|
+
server_side=False,
|
|
295
|
+
)
|
|
296
|
+
except ssl.SSLError as e:
|
|
297
|
+
# raise ConnectionError(
|
|
298
|
+
# "failed to connect to host {0}, port {1}: {2}".format(self.address, self.port, str(e)))
|
|
299
|
+
# Using a general raise to keep more information about the type of error.
|
|
300
|
+
raise
|
|
283
301
|
return True
|
|
284
302
|
|
|
285
303
|
def get_tls_psk_identity(self):
|
|
286
|
-
"""Bareos TLS-PSK excepts the
|
|
304
|
+
"""Bareos TLS-PSK excepts the identity is a specific format."""
|
|
287
305
|
name = str(self.name)
|
|
288
306
|
if isinstance(self.name, bytes):
|
|
289
307
|
name = self.name.decode("utf-8")
|
|
@@ -294,8 +312,8 @@ class LowLevel(object):
|
|
|
294
312
|
|
|
295
313
|
@staticmethod
|
|
296
314
|
def is_tls_psk_available():
|
|
297
|
-
"""Checks if
|
|
298
|
-
return "sslpsk" in sys.modules
|
|
315
|
+
"""Checks if TLS-PSK is available."""
|
|
316
|
+
return getattr(ssl, "HAS_PSK", False) or ("sslpsk" in sys.modules)
|
|
299
317
|
|
|
300
318
|
def get_protocol_version(self):
|
|
301
319
|
"""Get the Bareos Console protocol version that is used.
|
|
@@ -524,7 +542,7 @@ class LowLevel(object):
|
|
|
524
542
|
msg = self.recv_submsg(length)
|
|
525
543
|
return msg
|
|
526
544
|
|
|
527
|
-
def recv_msg(self, regex=b"
|
|
545
|
+
def recv_msg(self, regex=b"^\\d\\d\\d\\d OK.*$"):
|
|
528
546
|
"""Receive a full message.
|
|
529
547
|
|
|
530
548
|
It retrieves messages (header + message text),
|
bareos/bsock/protocolversions.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# BAREOS - Backup Archiving REcovery Open Sourced
|
|
2
2
|
#
|
|
3
|
-
# Copyright (C) 2019-
|
|
3
|
+
# Copyright (C) 2019-2024 Bareos GmbH & Co. KG
|
|
4
4
|
#
|
|
5
5
|
# This program is Free Software; you can redistribute it and/or
|
|
6
6
|
# modify it under the terms of version three of the GNU Affero General Public
|
|
@@ -21,8 +21,10 @@
|
|
|
21
21
|
Bareos Protocol Versions.
|
|
22
22
|
"""
|
|
23
23
|
|
|
24
|
+
from enum import IntEnum
|
|
24
25
|
|
|
25
|
-
|
|
26
|
+
|
|
27
|
+
class ProtocolVersions(IntEnum):
|
|
26
28
|
"""
|
|
27
29
|
Bareos Protocol Versions.
|
|
28
30
|
"""
|
bareos/bsock/tlsversionparser.py
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# BAREOS - Backup Archiving REcovery Open Sourced
|
|
2
2
|
#
|
|
3
|
-
# Copyright (C) 2020-
|
|
3
|
+
# Copyright (C) 2020-2024 Bareos GmbH & Co. KG
|
|
4
4
|
#
|
|
5
5
|
# This program is Free Software; you can redistribute it and/or
|
|
6
6
|
# modify it under the terms of version three of the GNU Affero General Public
|
|
@@ -57,7 +57,7 @@ class TlsVersionParser:
|
|
|
57
57
|
def add_argument(self, argparser):
|
|
58
58
|
argparser.add_argument(
|
|
59
59
|
"--tls-version",
|
|
60
|
-
help="Use a specific TLS protocol version.",
|
|
60
|
+
help="Use a specific TLS protocol version (only used with the sslpsk module).",
|
|
61
61
|
action=ArgParserTlsVersionAction,
|
|
62
62
|
choices=OrderedDict(sorted(self.tls_version_options.items())),
|
|
63
63
|
dest="BAREOS_tls_version",
|
bareos/util/argparse.py
CHANGED
|
@@ -24,6 +24,8 @@ Uses configargparse, if available,
|
|
|
24
24
|
otherwise, falls back to argparse.
|
|
25
25
|
"""
|
|
26
26
|
|
|
27
|
+
from pprint import pformat
|
|
28
|
+
|
|
27
29
|
HAVE_CONFIG_ARG_PARSE_MODULE = False
|
|
28
30
|
try:
|
|
29
31
|
import configargparse as argparse
|
|
@@ -42,3 +44,9 @@ class ArgumentParser(argparse.ArgumentParser):
|
|
|
42
44
|
self.add_argument(
|
|
43
45
|
"-c", "--config", is_config_file=True, help="Config file path."
|
|
44
46
|
)
|
|
47
|
+
|
|
48
|
+
def format_values(self):
|
|
49
|
+
try:
|
|
50
|
+
return super().format_values()
|
|
51
|
+
except AttributeError:
|
|
52
|
+
return pformat(vars(self.parse_args()))
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: python-bareos
|
|
3
|
-
Version: 23.0.
|
|
3
|
+
Version: 23.0.4
|
|
4
4
|
Summary: Client library and tools for Bareos console access.
|
|
5
5
|
Home-page: https://github.com/bareos/bareos/
|
|
6
6
|
Author: Bareos Team
|
|
@@ -15,30 +15,29 @@ Classifier: Topic :: System :: Archiving :: Backup
|
|
|
15
15
|
Requires-Python: >=3.6
|
|
16
16
|
Description-Content-Type: text/x-rst
|
|
17
17
|
License-File: LICENSE.txt
|
|
18
|
-
Provides-Extra: tls-psk
|
|
19
|
-
Requires-Dist: sslpsk ; extra == 'tls-psk'
|
|
20
18
|
Provides-Extra: configfile
|
|
21
|
-
Requires-Dist: configargparse
|
|
19
|
+
Requires-Dist: configargparse; extra == "configfile"
|
|
22
20
|
|
|
23
21
|
python-bareos
|
|
24
22
|
=============
|
|
25
23
|
|
|
26
|
-
`python-bareos` is a Python module to access a
|
|
24
|
+
`python-bareos` is a Python module to access a https://www.bareos.com backup system.
|
|
27
25
|
|
|
28
26
|
Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
|
|
29
27
|
|
|
30
28
|
Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
|
|
31
29
|
|
|
30
|
+
|
|
32
31
|
.. note::
|
|
33
32
|
|
|
34
|
-
By default, the Bareos Director (>= 18.2.4)
|
|
33
|
+
By default, the Bareos Director (>= 18.2.4)
|
|
34
|
+
uses TLS-PSK when communicating through the network.
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
does
|
|
38
|
-
For testing ``python-bareos`` should be used without TLS.
|
|
36
|
+
The Python (https://github.com/python/cpython) core module ``ssl``
|
|
37
|
+
does support TLS-PSK only since Python >= 3.13.
|
|
39
38
|
The section `Transport Encryption (TLS-PSK)`_ describes
|
|
40
|
-
how to use
|
|
41
|
-
|
|
39
|
+
how to use TLS-PSK and about the limitations.
|
|
40
|
+
For testing this module can also be used without TLS.
|
|
42
41
|
|
|
43
42
|
|
|
44
43
|
Preparations
|
|
@@ -55,12 +54,13 @@ Create some named consoles for testing:
|
|
|
55
54
|
|
|
56
55
|
This creates a console user with name `user1` and the profile `operator`.
|
|
57
56
|
The `operator` profile is a default profile that comes with the Bareos Director.
|
|
58
|
-
It does allow most commands
|
|
57
|
+
It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
|
|
59
58
|
so it is well suited for this purpose.
|
|
60
59
|
Futhermore, TLS enforcement is disabled for this console user.
|
|
61
60
|
|
|
62
61
|
For testing with TLS-PSK, we also create the user `user-tls`.
|
|
63
62
|
|
|
63
|
+
|
|
64
64
|
Examples
|
|
65
65
|
========
|
|
66
66
|
|
|
@@ -96,7 +96,7 @@ Simple version of the bconsole in Python
|
|
|
96
96
|
>>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
|
|
97
97
|
>>> directorconsole.interactive()
|
|
98
98
|
|
|
99
|
-
Or use the
|
|
99
|
+
Or use the ``bconsole.py`` script:
|
|
100
100
|
|
|
101
101
|
.. code-block:: shell-session
|
|
102
102
|
|
|
@@ -129,9 +129,10 @@ Example:
|
|
|
129
129
|
Full
|
|
130
130
|
Differential
|
|
131
131
|
|
|
132
|
+
|
|
132
133
|
The results the the `call` method is a ``dict`` object.
|
|
133
134
|
|
|
134
|
-
In case of an error, an exception, derived from
|
|
135
|
+
In case of an error, an exception, derived from `bareos.exceptions.Error` is raised.
|
|
135
136
|
|
|
136
137
|
Example:
|
|
137
138
|
|
|
@@ -152,26 +153,30 @@ Transport Encryption (TLS-PSK)
|
|
|
152
153
|
|
|
153
154
|
Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
|
|
154
155
|
|
|
155
|
-
|
|
156
|
-
|
|
156
|
+
Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
|
|
157
|
+
For some older versions of Python,
|
|
158
|
+
the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
|
|
157
159
|
|
|
158
160
|
Fallback To Unencrypted Connections
|
|
159
161
|
-----------------------------------
|
|
160
162
|
|
|
161
|
-
|
|
162
|
-
|
|
163
|
+
Normally `DirectorConsole` tries to connect using the latest known protocol version.
|
|
164
|
+
In order to allow connections in more environments,
|
|
165
|
+
the `DirectorConsole` can fall back to older protocol versions.
|
|
166
|
+
Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
|
|
163
167
|
If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
|
|
164
|
-
|
|
168
|
+
Depending on your bareos-director configuration, unencrypted connections will be accepted:
|
|
165
169
|
|
|
166
170
|
.. code:: python
|
|
167
171
|
|
|
168
172
|
>>> import bareos.bsock
|
|
169
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available
|
|
170
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
|
|
173
|
+
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
|
|
174
|
+
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
|
|
171
175
|
socket error: Conversation terminated (-4)
|
|
172
176
|
Failed to connect using protocol version 2. Trying protocol version 1.
|
|
173
177
|
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
174
178
|
|
|
179
|
+
|
|
175
180
|
To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
176
181
|
|
|
177
182
|
.. code:: python
|
|
@@ -180,8 +185,9 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
|
180
185
|
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
|
|
181
186
|
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
|
|
182
187
|
Traceback (most recent call last):
|
|
183
|
-
|
|
184
|
-
bareos.exceptions.ConnectionError: TLS-PSK is required, but
|
|
188
|
+
...
|
|
189
|
+
bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
|
|
190
|
+
|
|
185
191
|
|
|
186
192
|
In this case, an exception is raised, if the connection can not be established via TLS-PSK.
|
|
187
193
|
|
|
@@ -191,10 +197,18 @@ sslpsk
|
|
|
191
197
|
The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
|
|
192
198
|
extends the core module `ssl` by TLS-PSK.
|
|
193
199
|
|
|
194
|
-
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
200
|
+
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
201
|
+
which is not working with Python >= 3.
|
|
202
|
+
|
|
203
|
+
For using `python-bareos` with TLS-PSK with
|
|
204
|
+
Python >= 3 and Python <= 3.9
|
|
205
|
+
the latest version must by installed manually.
|
|
206
|
+
At the time of writing, even the latest version
|
|
207
|
+
(https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
|
|
208
|
+
does not support Python >= 3.10.
|
|
209
|
+
However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
|
|
195
210
|
|
|
196
|
-
|
|
197
|
-
the latest version must by installed manually:
|
|
211
|
+
Installing the `sslpsk` module manually:
|
|
198
212
|
|
|
199
213
|
.. code:: shell
|
|
200
214
|
|
|
@@ -1,30 +1,30 @@
|
|
|
1
|
-
bareos/VERSION.txt,sha256=
|
|
1
|
+
bareos/VERSION.txt,sha256=_lnDqGzjENucmF8ZJxcWoFMoLZUPuyXKxZv9C9uN2Cg,7
|
|
2
2
|
bareos/__init__.py,sha256=WPq-fXxGDZSIwfkXZkwJAZdGcVSeVBcLsTum5qOmX2I,1423
|
|
3
3
|
bareos/exceptions.py,sha256=3oeC_jXq2imzPxiqJmGTq4TsgFRtDlzwnAwumzYsB5M,4071
|
|
4
|
-
bareos/bsock/__init__.py,sha256=
|
|
4
|
+
bareos/bsock/__init__.py,sha256=lXn5TYH3-UvwneHfLHWEzQYRSvUmUzRq5c6iSAqcnuo,8658
|
|
5
5
|
bareos/bsock/bsock.py,sha256=SIAPU7ouXOW5ScnnpgtVbcugKmzXlNhSs6lrC0ofspw,1242
|
|
6
6
|
bareos/bsock/bsockjson.py,sha256=pnnX7b83dJH86pOw140CBz5etVJgafcQhXtKhr219TE,1289
|
|
7
7
|
bareos/bsock/connectiontype.py,sha256=PNEHpqZfuAHV310NaOMgMXj6VKiZxAZwXeRIOUfHJWI,1043
|
|
8
8
|
bareos/bsock/constants.py,sha256=U9RlPy8XYNkFCG1j6B89gI5cCiODVHyfQMWNumz7pbY,5127
|
|
9
|
-
bareos/bsock/directorconsole.py,sha256=
|
|
9
|
+
bareos/bsock/directorconsole.py,sha256=ou1IYXoMxgv46zws0ERrB28VWvrs0npA3iC1b5pLMz0,10368
|
|
10
10
|
bareos/bsock/directorconsolejson.py,sha256=LdsMIwHZeaK-y9ydwOVl7EndMavqb2_v98ZRqWL0G7o,4457
|
|
11
11
|
bareos/bsock/filedaemon.py,sha256=bl8QD97R3uc5qTFV2wN0mfi2C3ePJsjaN_bKeZAclsk,6067
|
|
12
|
-
bareos/bsock/lowlevel.py,sha256=
|
|
12
|
+
bareos/bsock/lowlevel.py,sha256=iDFqyU7XS3psoYnPQuah3lr6vl6hUFpc56wWf16pHzg,29916
|
|
13
13
|
bareos/bsock/protocolmessageids.py,sha256=WKlbo8qbgSL5V48fQnFXtyvjBBgIu_lOYzvQ8vQrGaQ,1228
|
|
14
14
|
bareos/bsock/protocolmessages.py,sha256=GgtstzAwA_gjOJCYQTG_wevsA6zTMn_bbz3E2yr8TCU,3008
|
|
15
|
-
bareos/bsock/protocolversions.py,sha256=
|
|
16
|
-
bareos/bsock/tlsversionparser.py,sha256=
|
|
15
|
+
bareos/bsock/protocolversions.py,sha256=7i5AaSnG9F-8WNVds7SJcezVzJU-SyjTNryJTNWikns,1030
|
|
16
|
+
bareos/bsock/tlsversionparser.py,sha256=kvRJ5CkR1scPpQ1f8LWD8h3qa3cBxye6ya-IiXwqF7c,2852
|
|
17
17
|
bareos/util/__init__.py,sha256=6Eml_u5V3eE6luss_ZwZMXlQsCCV50bdt244QC2T-cE,1159
|
|
18
|
-
bareos/util/argparse.py,sha256=
|
|
18
|
+
bareos/util/argparse.py,sha256=ivizAADA9aZEremTfooR9gjqHdLoN51nOO4EOe5cE24,1629
|
|
19
19
|
bareos/util/bareosbase64.py,sha256=5bsv6-sxNJEnO1M3f0LyZP9CV6ZPyQ1axoi9Tfno4U8,3744
|
|
20
20
|
bareos/util/password.py,sha256=w71h7KnVHNik37oRl0ljj8krBVslz6a2tB_1jBJBJfM,2531
|
|
21
21
|
bareos/util/path.py,sha256=nycMxK3V-P9Cx-CMsWo4e-IVlnl6_Im61pFUIPQEbL0,3099
|
|
22
22
|
bareos/util/version.py,sha256=xqNm9vvkaHMKpS0xJozQs11XrQYJR1U4j5oOUCnPiMw,1201
|
|
23
|
-
python_bareos-23.0.
|
|
24
|
-
python_bareos-23.0.
|
|
25
|
-
python_bareos-23.0.
|
|
26
|
-
python_bareos-23.0.
|
|
27
|
-
python_bareos-23.0.
|
|
28
|
-
python_bareos-23.0.
|
|
29
|
-
python_bareos-23.0.
|
|
30
|
-
python_bareos-23.0.
|
|
23
|
+
python_bareos-23.0.4.data/scripts/bareos-fd-connect.py,sha256=y7Jh2A-tkQeBNjyKYo8RsA7POHyDEYuOuy8ozjCEE1o,2127
|
|
24
|
+
python_bareos-23.0.4.data/scripts/bconsole-json.py,sha256=0vFaTeQvJYt_Vk3ldGefMb1rZbPhdO16FaT7dZH0b2k,1960
|
|
25
|
+
python_bareos-23.0.4.data/scripts/bconsole.py,sha256=m7ylVGq-ibYBbi1ZdkDdMC891WLZ3Cf5mg4IIe27i64,1993
|
|
26
|
+
python_bareos-23.0.4.dist-info/LICENSE.txt,sha256=V8j_M8nAz8PvAOZQocyRDX7keai8UJ9skgmnwqETmdY,34520
|
|
27
|
+
python_bareos-23.0.4.dist-info/METADATA,sha256=mizizFC-7dOYXemb5aeSF3kG2yib4ijC_EY_2s3WhtM,8201
|
|
28
|
+
python_bareos-23.0.4.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
|
|
29
|
+
python_bareos-23.0.4.dist-info/top_level.txt,sha256=NlKJmA3FY973VTk-0zlxwwhDtFZHYVjpSNzgeMJsknY,7
|
|
30
|
+
python_bareos-23.0.4.dist-info/RECORD,,
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|