python-bareos 23.0.2__tar.gz → 23.0.4__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {python-bareos-23.0.2 → python_bareos-23.0.4}/PKG-INFO +39 -25
- python_bareos-23.0.4/README.rst +8 -0
- python_bareos-23.0.4/bareos/VERSION.txt +1 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/__init__.py +31 -18
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/directorconsole.py +9 -7
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/lowlevel.py +46 -28
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/protocolversions.py +4 -2
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/tlsversionparser.py +2 -2
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/argparse.py +8 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bin/bareos-fd-connect.py +1 -1
- {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/PKG-INFO +39 -25
- {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/requires.txt +0 -3
- {python-bareos-23.0.2 → python_bareos-23.0.4}/setup.py +17 -2
- python-bareos-23.0.2/README.rst +0 -205
- python-bareos-23.0.2/bareos/VERSION.txt +0 -1
- {python-bareos-23.0.2 → python_bareos-23.0.4}/LICENSE.txt +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/__init__.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/bsock.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/bsockjson.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/connectiontype.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/constants.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/directorconsolejson.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/filedaemon.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/protocolmessageids.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/protocolmessages.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/exceptions.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/__init__.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/bareosbase64.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/password.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/path.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/version.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bin/bconsole-json.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/bin/bconsole.py +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/SOURCES.txt +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/dependency_links.txt +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/top_level.txt +0 -0
- {python-bareos-23.0.2 → python_bareos-23.0.4}/setup.cfg +0 -0
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: python-bareos
|
|
3
|
-
Version: 23.0.
|
|
3
|
+
Version: 23.0.4
|
|
4
4
|
Summary: Client library and tools for Bareos console access.
|
|
5
5
|
Home-page: https://github.com/bareos/bareos/
|
|
6
6
|
Author: Bareos Team
|
|
@@ -15,30 +15,29 @@ Classifier: Topic :: System :: Archiving :: Backup
|
|
|
15
15
|
Requires-Python: >=3.6
|
|
16
16
|
Description-Content-Type: text/x-rst
|
|
17
17
|
License-File: LICENSE.txt
|
|
18
|
-
Provides-Extra: tls-psk
|
|
19
|
-
Requires-Dist: sslpsk; extra == "tls-psk"
|
|
20
18
|
Provides-Extra: configfile
|
|
21
19
|
Requires-Dist: configargparse; extra == "configfile"
|
|
22
20
|
|
|
23
21
|
python-bareos
|
|
24
22
|
=============
|
|
25
23
|
|
|
26
|
-
`python-bareos` is a Python module to access a
|
|
24
|
+
`python-bareos` is a Python module to access a https://www.bareos.com backup system.
|
|
27
25
|
|
|
28
26
|
Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
|
|
29
27
|
|
|
30
28
|
Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
|
|
31
29
|
|
|
30
|
+
|
|
32
31
|
.. note::
|
|
33
32
|
|
|
34
|
-
By default, the Bareos Director (>= 18.2.4)
|
|
33
|
+
By default, the Bareos Director (>= 18.2.4)
|
|
34
|
+
uses TLS-PSK when communicating through the network.
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
does
|
|
38
|
-
For testing ``python-bareos`` should be used without TLS.
|
|
36
|
+
The Python (https://github.com/python/cpython) core module ``ssl``
|
|
37
|
+
does support TLS-PSK only since Python >= 3.13.
|
|
39
38
|
The section `Transport Encryption (TLS-PSK)`_ describes
|
|
40
|
-
how to use
|
|
41
|
-
|
|
39
|
+
how to use TLS-PSK and about the limitations.
|
|
40
|
+
For testing this module can also be used without TLS.
|
|
42
41
|
|
|
43
42
|
|
|
44
43
|
Preparations
|
|
@@ -55,12 +54,13 @@ Create some named consoles for testing:
|
|
|
55
54
|
|
|
56
55
|
This creates a console user with name `user1` and the profile `operator`.
|
|
57
56
|
The `operator` profile is a default profile that comes with the Bareos Director.
|
|
58
|
-
It does allow most commands
|
|
57
|
+
It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
|
|
59
58
|
so it is well suited for this purpose.
|
|
60
59
|
Futhermore, TLS enforcement is disabled for this console user.
|
|
61
60
|
|
|
62
61
|
For testing with TLS-PSK, we also create the user `user-tls`.
|
|
63
62
|
|
|
63
|
+
|
|
64
64
|
Examples
|
|
65
65
|
========
|
|
66
66
|
|
|
@@ -96,7 +96,7 @@ Simple version of the bconsole in Python
|
|
|
96
96
|
>>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
|
|
97
97
|
>>> directorconsole.interactive()
|
|
98
98
|
|
|
99
|
-
Or use the
|
|
99
|
+
Or use the ``bconsole.py`` script:
|
|
100
100
|
|
|
101
101
|
.. code-block:: shell-session
|
|
102
102
|
|
|
@@ -129,9 +129,10 @@ Example:
|
|
|
129
129
|
Full
|
|
130
130
|
Differential
|
|
131
131
|
|
|
132
|
+
|
|
132
133
|
The results the the `call` method is a ``dict`` object.
|
|
133
134
|
|
|
134
|
-
In case of an error, an exception, derived from
|
|
135
|
+
In case of an error, an exception, derived from `bareos.exceptions.Error` is raised.
|
|
135
136
|
|
|
136
137
|
Example:
|
|
137
138
|
|
|
@@ -152,26 +153,30 @@ Transport Encryption (TLS-PSK)
|
|
|
152
153
|
|
|
153
154
|
Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
|
|
154
155
|
|
|
155
|
-
|
|
156
|
-
|
|
156
|
+
Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
|
|
157
|
+
For some older versions of Python,
|
|
158
|
+
the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
|
|
157
159
|
|
|
158
160
|
Fallback To Unencrypted Connections
|
|
159
161
|
-----------------------------------
|
|
160
162
|
|
|
161
|
-
|
|
162
|
-
|
|
163
|
+
Normally `DirectorConsole` tries to connect using the latest known protocol version.
|
|
164
|
+
In order to allow connections in more environments,
|
|
165
|
+
the `DirectorConsole` can fall back to older protocol versions.
|
|
166
|
+
Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
|
|
163
167
|
If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
|
|
164
|
-
|
|
168
|
+
Depending on your bareos-director configuration, unencrypted connections will be accepted:
|
|
165
169
|
|
|
166
170
|
.. code:: python
|
|
167
171
|
|
|
168
172
|
>>> import bareos.bsock
|
|
169
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available
|
|
170
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
|
|
173
|
+
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
|
|
174
|
+
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
|
|
171
175
|
socket error: Conversation terminated (-4)
|
|
172
176
|
Failed to connect using protocol version 2. Trying protocol version 1.
|
|
173
177
|
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
174
178
|
|
|
179
|
+
|
|
175
180
|
To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
176
181
|
|
|
177
182
|
.. code:: python
|
|
@@ -180,8 +185,9 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
|
180
185
|
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
|
|
181
186
|
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
|
|
182
187
|
Traceback (most recent call last):
|
|
183
|
-
|
|
184
|
-
bareos.exceptions.ConnectionError: TLS-PSK is required, but
|
|
188
|
+
...
|
|
189
|
+
bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
|
|
190
|
+
|
|
185
191
|
|
|
186
192
|
In this case, an exception is raised, if the connection can not be established via TLS-PSK.
|
|
187
193
|
|
|
@@ -191,10 +197,18 @@ sslpsk
|
|
|
191
197
|
The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
|
|
192
198
|
extends the core module `ssl` by TLS-PSK.
|
|
193
199
|
|
|
194
|
-
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
200
|
+
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
201
|
+
which is not working with Python >= 3.
|
|
202
|
+
|
|
203
|
+
For using `python-bareos` with TLS-PSK with
|
|
204
|
+
Python >= 3 and Python <= 3.9
|
|
205
|
+
the latest version must by installed manually.
|
|
206
|
+
At the time of writing, even the latest version
|
|
207
|
+
(https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
|
|
208
|
+
does not support Python >= 3.10.
|
|
209
|
+
However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
|
|
195
210
|
|
|
196
|
-
|
|
197
|
-
the latest version must by installed manually:
|
|
211
|
+
Installing the `sslpsk` module manually:
|
|
198
212
|
|
|
199
213
|
.. code:: shell
|
|
200
214
|
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
python-bareos
|
|
2
|
+
=============
|
|
3
|
+
|
|
4
|
+
`python-bareos` is a Python module to access a https://www.bareos.com backup system.
|
|
5
|
+
|
|
6
|
+
Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
|
|
7
|
+
|
|
8
|
+
Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
23.0.4
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# BAREOS - Backup Archiving REcovery Open Sourced
|
|
2
2
|
#
|
|
3
|
-
# Copyright (C) 2016-
|
|
3
|
+
# Copyright (C) 2016-2024 Bareos GmbH & Co. KG
|
|
4
4
|
#
|
|
5
5
|
# This program is Free Software; you can redistribute it and/or
|
|
6
6
|
# modify it under the terms of version three of the GNU Affero General Public
|
|
@@ -17,17 +17,18 @@
|
|
|
17
17
|
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
18
18
|
# 02110-1301, USA.
|
|
19
19
|
|
|
20
|
-
"""Module to access a
|
|
20
|
+
"""Module to access a https://www.bareos.com backup system.
|
|
21
21
|
|
|
22
22
|
.. note::
|
|
23
23
|
|
|
24
|
-
By default, the Bareos Director (>= 18.2.4)
|
|
24
|
+
By default, the Bareos Director (>= 18.2.4)
|
|
25
|
+
uses TLS-PSK when communicating through the network.
|
|
25
26
|
|
|
26
|
-
|
|
27
|
-
does
|
|
28
|
-
For testing this module should be used without TLS.
|
|
27
|
+
The Python (https://github.com/python/cpython) core module ``ssl``
|
|
28
|
+
does support TLS-PSK only since Python >= 3.13.
|
|
29
29
|
The section `Transport Encryption (TLS-PSK)`_ describes
|
|
30
30
|
how to use TLS-PSK and about the limitations.
|
|
31
|
+
For testing this module can also be used without TLS.
|
|
31
32
|
|
|
32
33
|
|
|
33
34
|
Preparations
|
|
@@ -44,7 +45,7 @@ Create some named consoles for testing:
|
|
|
44
45
|
|
|
45
46
|
This creates a console user with name `user1` and the profile `operator`.
|
|
46
47
|
The `operator` profile is a default profile that comes with the Bareos Director.
|
|
47
|
-
It does allow most commands
|
|
48
|
+
It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
|
|
48
49
|
so it is well suited for this purpose.
|
|
49
50
|
Futhermore, TLS enforcement is disabled for this console user.
|
|
50
51
|
|
|
@@ -119,6 +120,7 @@ Example:
|
|
|
119
120
|
Full
|
|
120
121
|
Differential
|
|
121
122
|
|
|
123
|
+
|
|
122
124
|
The results the the `call` method is a ``dict`` object.
|
|
123
125
|
|
|
124
126
|
In case of an error, an exception, derived from :py:class:`bareos.exceptions.Error` is raised.
|
|
@@ -142,22 +144,25 @@ Transport Encryption (TLS-PSK)
|
|
|
142
144
|
|
|
143
145
|
Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
|
|
144
146
|
|
|
145
|
-
|
|
146
|
-
|
|
147
|
+
Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
|
|
148
|
+
For some older versions of Python,
|
|
149
|
+
the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
|
|
147
150
|
|
|
148
151
|
Fallback To Unencrypted Connections
|
|
149
152
|
-----------------------------------
|
|
150
153
|
|
|
151
|
-
|
|
152
|
-
|
|
154
|
+
Normally `DirectorConsole` tries to connect using the latest known protocol version.
|
|
155
|
+
In order to allow connections in more environments,
|
|
156
|
+
the `DirectorConsole` can fall back to older protocol versions.
|
|
157
|
+
Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
|
|
153
158
|
If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
|
|
154
|
-
|
|
159
|
+
Depending on your bareos-director configuration, unencrypted connections will be accepted:
|
|
155
160
|
|
|
156
161
|
.. code:: python
|
|
157
162
|
|
|
158
163
|
>>> import bareos.bsock
|
|
159
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available
|
|
160
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
|
|
164
|
+
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
|
|
165
|
+
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
|
|
161
166
|
socket error: Conversation terminated (-4)
|
|
162
167
|
Failed to connect using protocol version 2. Trying protocol version 1.
|
|
163
168
|
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
@@ -172,7 +177,7 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
|
172
177
|
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
|
|
173
178
|
Traceback (most recent call last):
|
|
174
179
|
...
|
|
175
|
-
bareos.exceptions.ConnectionError: TLS-PSK is required, but
|
|
180
|
+
bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
|
|
176
181
|
|
|
177
182
|
|
|
178
183
|
In this case, an exception is raised, if the connection can not be established via TLS-PSK.
|
|
@@ -183,10 +188,18 @@ sslpsk
|
|
|
183
188
|
The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
|
|
184
189
|
extends the core module `ssl` by TLS-PSK.
|
|
185
190
|
|
|
186
|
-
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
191
|
+
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
192
|
+
which is not working with Python >= 3.
|
|
193
|
+
|
|
194
|
+
For using `python-bareos` with TLS-PSK with
|
|
195
|
+
Python >= 3 and Python <= 3.9
|
|
196
|
+
the latest version must by installed manually.
|
|
197
|
+
At the time of writing, even the latest version
|
|
198
|
+
(https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
|
|
199
|
+
does not support Python >= 3.10.
|
|
200
|
+
However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
|
|
187
201
|
|
|
188
|
-
|
|
189
|
-
the latest version must by installed manually:
|
|
202
|
+
Installing the `sslpsk` module manually:
|
|
190
203
|
|
|
191
204
|
.. code:: shell
|
|
192
205
|
|
|
@@ -68,7 +68,7 @@ class DirectorConsole(LowLevel):
|
|
|
68
68
|
group.add_argument(
|
|
69
69
|
"--name",
|
|
70
70
|
default="*UserAgent*",
|
|
71
|
-
help='use this to access a specific Bareos director named console. Otherwise it connects to the default console ("
|
|
71
|
+
help='use this to access a specific Bareos director named console. Otherwise it connects to the default console ("%(default)s").',
|
|
72
72
|
dest="BAREOS_name",
|
|
73
73
|
)
|
|
74
74
|
|
|
@@ -83,7 +83,7 @@ class DirectorConsole(LowLevel):
|
|
|
83
83
|
group.add_argument(
|
|
84
84
|
"--port",
|
|
85
85
|
default=9101,
|
|
86
|
-
help="Bareos Director network port.",
|
|
86
|
+
help="Bareos Director network port. Default: %(default)s.",
|
|
87
87
|
dest="BAREOS_port",
|
|
88
88
|
)
|
|
89
89
|
|
|
@@ -91,7 +91,7 @@ class DirectorConsole(LowLevel):
|
|
|
91
91
|
group.add_argument(
|
|
92
92
|
"--address",
|
|
93
93
|
default="localhost",
|
|
94
|
-
help="Bareos Director network address.",
|
|
94
|
+
help="Bareos Director network address. Default: %(default)s.",
|
|
95
95
|
dest="BAREOS_address",
|
|
96
96
|
)
|
|
97
97
|
|
|
@@ -104,9 +104,11 @@ class DirectorConsole(LowLevel):
|
|
|
104
104
|
|
|
105
105
|
group.add_argument(
|
|
106
106
|
"--protocolversion",
|
|
107
|
-
default=ProtocolVersions.last,
|
|
108
107
|
type=int,
|
|
109
|
-
|
|
108
|
+
choices=set(protocolversion.value for protocolversion in ProtocolVersions)
|
|
109
|
+
| set([0]),
|
|
110
|
+
default=ProtocolVersions.last.value,
|
|
111
|
+
help="Specify the Bareos console protocol version (0: auto-detect, %(default)s: latest). Default: %(default)s.",
|
|
110
112
|
dest="BAREOS_protocolversion",
|
|
111
113
|
)
|
|
112
114
|
|
|
@@ -124,7 +126,7 @@ class DirectorConsole(LowLevel):
|
|
|
124
126
|
|
|
125
127
|
group.add_argument(
|
|
126
128
|
"--tls-psk-require",
|
|
127
|
-
help="Allow only encrypted connections. Default:
|
|
129
|
+
help="Allow only encrypted connections. Default: %(default)s.",
|
|
128
130
|
action="store_true",
|
|
129
131
|
dest="BAREOS_tls_psk_require",
|
|
130
132
|
)
|
|
@@ -192,7 +194,7 @@ class DirectorConsole(LowLevel):
|
|
|
192
194
|
if tls_version is not None:
|
|
193
195
|
self.tls_version = tls_version
|
|
194
196
|
self.identity_prefix = "R_CONSOLE"
|
|
195
|
-
if protocolversion is not None:
|
|
197
|
+
if protocolversion is not None and protocolversion > 0:
|
|
196
198
|
self.requested_protocol_version = int(protocolversion)
|
|
197
199
|
self.protocol_messages.set_version(self.requested_protocol_version)
|
|
198
200
|
self.connect(
|
|
@@ -46,17 +46,26 @@ from bareos.util.bareosbase64 import BareosBase64
|
|
|
46
46
|
from bareos.util.password import Password
|
|
47
47
|
import bareos.exceptions
|
|
48
48
|
|
|
49
|
-
#
|
|
50
|
-
#
|
|
51
|
-
#
|
|
52
|
-
#
|
|
49
|
+
# The ssl module support TLS-PSK (Transport Layer Security - Pre-Shared-Key)
|
|
50
|
+
# since Python >= 3.13.
|
|
51
|
+
# For some older Python versions, the TLS-PSK functionality
|
|
52
|
+
# can be added by the sslpsk module,
|
|
53
|
+
# with implement TLS-PSK on top of the ssl module.
|
|
54
|
+
# If it is also not available, we continue anyway,
|
|
53
55
|
# but don't use TLS-PSK.
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
56
|
+
if not getattr(ssl, "HAS_PSK", False):
|
|
57
|
+
|
|
58
|
+
def format_warning_short(message, category, filename, lineno, line=""):
|
|
59
|
+
return f"{category.__name__}: {message}\n"
|
|
60
|
+
|
|
61
|
+
warnings.formatwarning = format_warning_short
|
|
62
|
+
try:
|
|
63
|
+
import sslpsk
|
|
64
|
+
except ImportError:
|
|
65
|
+
warnings.warn(
|
|
66
|
+
"Connection encryption via TLS-PSK is not available "
|
|
67
|
+
"(not available in 'ssl' and extra module 'sslpsk' is not installed)."
|
|
68
|
+
)
|
|
60
69
|
|
|
61
70
|
|
|
62
71
|
class LowLevel(object):
|
|
@@ -182,7 +191,7 @@ class LowLevel(object):
|
|
|
182
191
|
if self.tls_psk_require:
|
|
183
192
|
if not self.is_tls_psk_available():
|
|
184
193
|
raise bareos.exceptions.ConnectionError(
|
|
185
|
-
"TLS-PSK is required, but
|
|
194
|
+
"TLS-PSK is required, but not available."
|
|
186
195
|
)
|
|
187
196
|
if not self.tls_psk_enable:
|
|
188
197
|
raise bareos.exceptions.ConnectionError(
|
|
@@ -267,23 +276,32 @@ class LowLevel(object):
|
|
|
267
276
|
else:
|
|
268
277
|
raise bareos.exceptions.ConnectionError("No password provided.")
|
|
269
278
|
self.logger.debug("identity = {0}, password = {1}".format(identity, password))
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
)
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
279
|
+
ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
|
|
280
|
+
|
|
281
|
+
if getattr(ssl, "HAS_PSK", False):
|
|
282
|
+
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
|
|
283
|
+
context.check_hostname = False
|
|
284
|
+
context.set_ciphers(ciphers)
|
|
285
|
+
context.set_psk_client_callback(lambda hint: (identity, password))
|
|
286
|
+
self.socket = context.wrap_socket(client_socket, server_side=False)
|
|
287
|
+
else:
|
|
288
|
+
try:
|
|
289
|
+
self.socket = sslpsk.wrap_socket(
|
|
290
|
+
client_socket,
|
|
291
|
+
ssl_version=self.tls_version,
|
|
292
|
+
ciphers=ciphers,
|
|
293
|
+
psk=(password, identity),
|
|
294
|
+
server_side=False,
|
|
295
|
+
)
|
|
296
|
+
except ssl.SSLError as e:
|
|
297
|
+
# raise ConnectionError(
|
|
298
|
+
# "failed to connect to host {0}, port {1}: {2}".format(self.address, self.port, str(e)))
|
|
299
|
+
# Using a general raise to keep more information about the type of error.
|
|
300
|
+
raise
|
|
283
301
|
return True
|
|
284
302
|
|
|
285
303
|
def get_tls_psk_identity(self):
|
|
286
|
-
"""Bareos TLS-PSK excepts the
|
|
304
|
+
"""Bareos TLS-PSK excepts the identity is a specific format."""
|
|
287
305
|
name = str(self.name)
|
|
288
306
|
if isinstance(self.name, bytes):
|
|
289
307
|
name = self.name.decode("utf-8")
|
|
@@ -294,8 +312,8 @@ class LowLevel(object):
|
|
|
294
312
|
|
|
295
313
|
@staticmethod
|
|
296
314
|
def is_tls_psk_available():
|
|
297
|
-
"""Checks if
|
|
298
|
-
return "sslpsk" in sys.modules
|
|
315
|
+
"""Checks if TLS-PSK is available."""
|
|
316
|
+
return getattr(ssl, "HAS_PSK", False) or ("sslpsk" in sys.modules)
|
|
299
317
|
|
|
300
318
|
def get_protocol_version(self):
|
|
301
319
|
"""Get the Bareos Console protocol version that is used.
|
|
@@ -524,7 +542,7 @@ class LowLevel(object):
|
|
|
524
542
|
msg = self.recv_submsg(length)
|
|
525
543
|
return msg
|
|
526
544
|
|
|
527
|
-
def recv_msg(self, regex=b"
|
|
545
|
+
def recv_msg(self, regex=b"^\\d\\d\\d\\d OK.*$"):
|
|
528
546
|
"""Receive a full message.
|
|
529
547
|
|
|
530
548
|
It retrieves messages (header + message text),
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# BAREOS - Backup Archiving REcovery Open Sourced
|
|
2
2
|
#
|
|
3
|
-
# Copyright (C) 2019-
|
|
3
|
+
# Copyright (C) 2019-2024 Bareos GmbH & Co. KG
|
|
4
4
|
#
|
|
5
5
|
# This program is Free Software; you can redistribute it and/or
|
|
6
6
|
# modify it under the terms of version three of the GNU Affero General Public
|
|
@@ -21,8 +21,10 @@
|
|
|
21
21
|
Bareos Protocol Versions.
|
|
22
22
|
"""
|
|
23
23
|
|
|
24
|
+
from enum import IntEnum
|
|
24
25
|
|
|
25
|
-
|
|
26
|
+
|
|
27
|
+
class ProtocolVersions(IntEnum):
|
|
26
28
|
"""
|
|
27
29
|
Bareos Protocol Versions.
|
|
28
30
|
"""
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# BAREOS - Backup Archiving REcovery Open Sourced
|
|
2
2
|
#
|
|
3
|
-
# Copyright (C) 2020-
|
|
3
|
+
# Copyright (C) 2020-2024 Bareos GmbH & Co. KG
|
|
4
4
|
#
|
|
5
5
|
# This program is Free Software; you can redistribute it and/or
|
|
6
6
|
# modify it under the terms of version three of the GNU Affero General Public
|
|
@@ -57,7 +57,7 @@ class TlsVersionParser:
|
|
|
57
57
|
def add_argument(self, argparser):
|
|
58
58
|
argparser.add_argument(
|
|
59
59
|
"--tls-version",
|
|
60
|
-
help="Use a specific TLS protocol version.",
|
|
60
|
+
help="Use a specific TLS protocol version (only used with the sslpsk module).",
|
|
61
61
|
action=ArgParserTlsVersionAction,
|
|
62
62
|
choices=OrderedDict(sorted(self.tls_version_options.items())),
|
|
63
63
|
dest="BAREOS_tls_version",
|
|
@@ -24,6 +24,8 @@ Uses configargparse, if available,
|
|
|
24
24
|
otherwise, falls back to argparse.
|
|
25
25
|
"""
|
|
26
26
|
|
|
27
|
+
from pprint import pformat
|
|
28
|
+
|
|
27
29
|
HAVE_CONFIG_ARG_PARSE_MODULE = False
|
|
28
30
|
try:
|
|
29
31
|
import configargparse as argparse
|
|
@@ -42,3 +44,9 @@ class ArgumentParser(argparse.ArgumentParser):
|
|
|
42
44
|
self.add_argument(
|
|
43
45
|
"-c", "--config", is_config_file=True, help="Config file path."
|
|
44
46
|
)
|
|
47
|
+
|
|
48
|
+
def format_values(self):
|
|
49
|
+
try:
|
|
50
|
+
return super().format_values()
|
|
51
|
+
except AttributeError:
|
|
52
|
+
return pformat(vars(self.parse_args()))
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.1
|
|
2
2
|
Name: python-bareos
|
|
3
|
-
Version: 23.0.
|
|
3
|
+
Version: 23.0.4
|
|
4
4
|
Summary: Client library and tools for Bareos console access.
|
|
5
5
|
Home-page: https://github.com/bareos/bareos/
|
|
6
6
|
Author: Bareos Team
|
|
@@ -15,30 +15,29 @@ Classifier: Topic :: System :: Archiving :: Backup
|
|
|
15
15
|
Requires-Python: >=3.6
|
|
16
16
|
Description-Content-Type: text/x-rst
|
|
17
17
|
License-File: LICENSE.txt
|
|
18
|
-
Provides-Extra: tls-psk
|
|
19
|
-
Requires-Dist: sslpsk; extra == "tls-psk"
|
|
20
18
|
Provides-Extra: configfile
|
|
21
19
|
Requires-Dist: configargparse; extra == "configfile"
|
|
22
20
|
|
|
23
21
|
python-bareos
|
|
24
22
|
=============
|
|
25
23
|
|
|
26
|
-
`python-bareos` is a Python module to access a
|
|
24
|
+
`python-bareos` is a Python module to access a https://www.bareos.com backup system.
|
|
27
25
|
|
|
28
26
|
Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
|
|
29
27
|
|
|
30
28
|
Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
|
|
31
29
|
|
|
30
|
+
|
|
32
31
|
.. note::
|
|
33
32
|
|
|
34
|
-
By default, the Bareos Director (>= 18.2.4)
|
|
33
|
+
By default, the Bareos Director (>= 18.2.4)
|
|
34
|
+
uses TLS-PSK when communicating through the network.
|
|
35
35
|
|
|
36
|
-
|
|
37
|
-
does
|
|
38
|
-
For testing ``python-bareos`` should be used without TLS.
|
|
36
|
+
The Python (https://github.com/python/cpython) core module ``ssl``
|
|
37
|
+
does support TLS-PSK only since Python >= 3.13.
|
|
39
38
|
The section `Transport Encryption (TLS-PSK)`_ describes
|
|
40
|
-
how to use
|
|
41
|
-
|
|
39
|
+
how to use TLS-PSK and about the limitations.
|
|
40
|
+
For testing this module can also be used without TLS.
|
|
42
41
|
|
|
43
42
|
|
|
44
43
|
Preparations
|
|
@@ -55,12 +54,13 @@ Create some named consoles for testing:
|
|
|
55
54
|
|
|
56
55
|
This creates a console user with name `user1` and the profile `operator`.
|
|
57
56
|
The `operator` profile is a default profile that comes with the Bareos Director.
|
|
58
|
-
It does allow most commands
|
|
57
|
+
It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
|
|
59
58
|
so it is well suited for this purpose.
|
|
60
59
|
Futhermore, TLS enforcement is disabled for this console user.
|
|
61
60
|
|
|
62
61
|
For testing with TLS-PSK, we also create the user `user-tls`.
|
|
63
62
|
|
|
63
|
+
|
|
64
64
|
Examples
|
|
65
65
|
========
|
|
66
66
|
|
|
@@ -96,7 +96,7 @@ Simple version of the bconsole in Python
|
|
|
96
96
|
>>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
|
|
97
97
|
>>> directorconsole.interactive()
|
|
98
98
|
|
|
99
|
-
Or use the
|
|
99
|
+
Or use the ``bconsole.py`` script:
|
|
100
100
|
|
|
101
101
|
.. code-block:: shell-session
|
|
102
102
|
|
|
@@ -129,9 +129,10 @@ Example:
|
|
|
129
129
|
Full
|
|
130
130
|
Differential
|
|
131
131
|
|
|
132
|
+
|
|
132
133
|
The results the the `call` method is a ``dict`` object.
|
|
133
134
|
|
|
134
|
-
In case of an error, an exception, derived from
|
|
135
|
+
In case of an error, an exception, derived from `bareos.exceptions.Error` is raised.
|
|
135
136
|
|
|
136
137
|
Example:
|
|
137
138
|
|
|
@@ -152,26 +153,30 @@ Transport Encryption (TLS-PSK)
|
|
|
152
153
|
|
|
153
154
|
Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
|
|
154
155
|
|
|
155
|
-
|
|
156
|
-
|
|
156
|
+
Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
|
|
157
|
+
For some older versions of Python,
|
|
158
|
+
the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
|
|
157
159
|
|
|
158
160
|
Fallback To Unencrypted Connections
|
|
159
161
|
-----------------------------------
|
|
160
162
|
|
|
161
|
-
|
|
162
|
-
|
|
163
|
+
Normally `DirectorConsole` tries to connect using the latest known protocol version.
|
|
164
|
+
In order to allow connections in more environments,
|
|
165
|
+
the `DirectorConsole` can fall back to older protocol versions.
|
|
166
|
+
Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
|
|
163
167
|
If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
|
|
164
|
-
|
|
168
|
+
Depending on your bareos-director configuration, unencrypted connections will be accepted:
|
|
165
169
|
|
|
166
170
|
.. code:: python
|
|
167
171
|
|
|
168
172
|
>>> import bareos.bsock
|
|
169
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available
|
|
170
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
|
|
173
|
+
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
|
|
174
|
+
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
|
|
171
175
|
socket error: Conversation terminated (-4)
|
|
172
176
|
Failed to connect using protocol version 2. Trying protocol version 1.
|
|
173
177
|
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
174
178
|
|
|
179
|
+
|
|
175
180
|
To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
176
181
|
|
|
177
182
|
.. code:: python
|
|
@@ -180,8 +185,9 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
|
180
185
|
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
|
|
181
186
|
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
|
|
182
187
|
Traceback (most recent call last):
|
|
183
|
-
|
|
184
|
-
bareos.exceptions.ConnectionError: TLS-PSK is required, but
|
|
188
|
+
...
|
|
189
|
+
bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
|
|
190
|
+
|
|
185
191
|
|
|
186
192
|
In this case, an exception is raised, if the connection can not be established via TLS-PSK.
|
|
187
193
|
|
|
@@ -191,10 +197,18 @@ sslpsk
|
|
|
191
197
|
The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
|
|
192
198
|
extends the core module `ssl` by TLS-PSK.
|
|
193
199
|
|
|
194
|
-
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
200
|
+
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
|
|
201
|
+
which is not working with Python >= 3.
|
|
202
|
+
|
|
203
|
+
For using `python-bareos` with TLS-PSK with
|
|
204
|
+
Python >= 3 and Python <= 3.9
|
|
205
|
+
the latest version must by installed manually.
|
|
206
|
+
At the time of writing, even the latest version
|
|
207
|
+
(https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
|
|
208
|
+
does not support Python >= 3.10.
|
|
209
|
+
However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
|
|
195
210
|
|
|
196
|
-
|
|
197
|
-
the latest version must by installed manually:
|
|
211
|
+
Installing the `sslpsk` module manually:
|
|
198
212
|
|
|
199
213
|
.. code:: shell
|
|
200
214
|
|
|
@@ -47,6 +47,21 @@ def get_version():
|
|
|
47
47
|
return __version__
|
|
48
48
|
|
|
49
49
|
|
|
50
|
+
def get_long_description():
|
|
51
|
+
base_dir = os.path.abspath(os.path.dirname(__file__))
|
|
52
|
+
with open("README.rst") as readme_file:
|
|
53
|
+
description = readme_file.read()
|
|
54
|
+
with open(os.path.join(base_dir, "bareos", "bsock", "__init__.py")) as bsock_file:
|
|
55
|
+
bsock_content = bsock_file.read().strip()
|
|
56
|
+
# bsock_description = re.sub(r'.*"""(.*?)""".*', r'\1', bsock_content, flags=re.DOTALL)
|
|
57
|
+
bsock_description = re.sub(
|
|
58
|
+
":py:class:",
|
|
59
|
+
"",
|
|
60
|
+
re.sub(r'.*(\.\. note::.*?)""".*', r"\n\n\1", bsock_content, flags=re.DOTALL),
|
|
61
|
+
)
|
|
62
|
+
return description + bsock_description
|
|
63
|
+
|
|
64
|
+
|
|
50
65
|
setup(
|
|
51
66
|
name="python-bareos",
|
|
52
67
|
version=get_version(),
|
|
@@ -60,11 +75,11 @@ setup(
|
|
|
60
75
|
# What does your project relate to?
|
|
61
76
|
keywords="bareos",
|
|
62
77
|
description="Client library and tools for Bareos console access.",
|
|
63
|
-
long_description=
|
|
78
|
+
long_description=get_long_description(),
|
|
64
79
|
long_description_content_type="text/x-rst",
|
|
65
80
|
# RHEL7: python-3.6
|
|
66
81
|
python_requires=">=3.6",
|
|
67
|
-
extras_require={"
|
|
82
|
+
extras_require={"configfile": ["configargparse"]},
|
|
68
83
|
classifiers=[
|
|
69
84
|
"Development Status :: 5 - Production/Stable",
|
|
70
85
|
"License :: OSI Approved :: GNU Affero General Public License v3",
|
python-bareos-23.0.2/README.rst
DELETED
|
@@ -1,205 +0,0 @@
|
|
|
1
|
-
python-bareos
|
|
2
|
-
=============
|
|
3
|
-
|
|
4
|
-
`python-bareos` is a Python module to access a http://www.bareos.org backup system.
|
|
5
|
-
|
|
6
|
-
Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
|
|
7
|
-
|
|
8
|
-
Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
|
|
9
|
-
|
|
10
|
-
.. note::
|
|
11
|
-
|
|
12
|
-
By default, the Bareos Director (>= 18.2.4) uses TLS-PSK when communicating through the network.
|
|
13
|
-
|
|
14
|
-
Unfortunately the Python core module ``ssl``
|
|
15
|
-
does not support TLS-PSK.
|
|
16
|
-
For testing ``python-bareos`` should be used without TLS.
|
|
17
|
-
The section `Transport Encryption (TLS-PSK)`_ describes
|
|
18
|
-
how to use ``python-bareos`` with TLS-PSK
|
|
19
|
-
and about the limitations.
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
Preparations
|
|
23
|
-
============
|
|
24
|
-
|
|
25
|
-
Create some named consoles for testing:
|
|
26
|
-
|
|
27
|
-
.. code-block:: shell-session
|
|
28
|
-
|
|
29
|
-
root@host:~# bconsole
|
|
30
|
-
*configure add console name=user1 password=secret profile=operator TlsEnable=no
|
|
31
|
-
*configure add console name=user-tls password=secret profile=operator
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
This creates a console user with name `user1` and the profile `operator`.
|
|
35
|
-
The `operator` profile is a default profile that comes with the Bareos Director.
|
|
36
|
-
It does allow most commands. It only deny some dangerous commands (see ``show profile=operator``),
|
|
37
|
-
so it is well suited for this purpose.
|
|
38
|
-
Futhermore, TLS enforcement is disabled for this console user.
|
|
39
|
-
|
|
40
|
-
For testing with TLS-PSK, we also create the user `user-tls`.
|
|
41
|
-
|
|
42
|
-
Examples
|
|
43
|
-
========
|
|
44
|
-
|
|
45
|
-
Calling bareos-director console commands
|
|
46
|
-
----------------------------------------
|
|
47
|
-
|
|
48
|
-
.. code:: python
|
|
49
|
-
|
|
50
|
-
>>> import bareos.bsock
|
|
51
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user1', password='secret')
|
|
52
|
-
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
53
|
-
|
|
54
|
-
This creates a console connection to a Bareos Director.
|
|
55
|
-
This connection can be used to `call` commands.
|
|
56
|
-
These are the same commands as available via ``bconsole``.
|
|
57
|
-
|
|
58
|
-
To connect to the default console instead, omit the `name` parameter:
|
|
59
|
-
|
|
60
|
-
.. code:: python
|
|
61
|
-
|
|
62
|
-
>>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='defaultconsolepassword')
|
|
63
|
-
|
|
64
|
-
The result of the call method is a ``bytes`` object. In most cases, it has to be decoded to UTF-8.
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
Simple version of the bconsole in Python
|
|
69
|
-
----------------------------------------
|
|
70
|
-
|
|
71
|
-
.. code:: python
|
|
72
|
-
|
|
73
|
-
>>> import bareos.bsock
|
|
74
|
-
>>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
|
|
75
|
-
>>> directorconsole.interactive()
|
|
76
|
-
|
|
77
|
-
Or use the included ``bconsole.py`` script:
|
|
78
|
-
|
|
79
|
-
.. code-block:: shell-session
|
|
80
|
-
|
|
81
|
-
bconsole.py --debug --name=user1 --password=secret localhost
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
Use JSON objects of the API mode 2
|
|
85
|
-
----------------------------------
|
|
86
|
-
|
|
87
|
-
Requires: Bareos >= 15.2
|
|
88
|
-
|
|
89
|
-
The class `DirectorConsoleJson` is inherited from `DirectorConsole`
|
|
90
|
-
and uses the Director Console API mode 2 (JSON).
|
|
91
|
-
|
|
92
|
-
For general information about API mode 2 and what data structures to expect,
|
|
93
|
-
see https://docs.bareos.org/DeveloperGuide/api.html#api-mode-2-json
|
|
94
|
-
|
|
95
|
-
Example:
|
|
96
|
-
|
|
97
|
-
.. code:: python
|
|
98
|
-
|
|
99
|
-
>>> import bareos.bsock
|
|
100
|
-
>>> directorconsole = bareos.bsock.DirectorConsoleJson(address='localhost', port=9101, password='secret')
|
|
101
|
-
>>> pools = directorconsole.call('list pools')
|
|
102
|
-
>>> for pool in pools["pools"]:
|
|
103
|
-
... print(pool["name"])
|
|
104
|
-
...
|
|
105
|
-
Scratch
|
|
106
|
-
Incremental
|
|
107
|
-
Full
|
|
108
|
-
Differential
|
|
109
|
-
|
|
110
|
-
The results the the `call` method is a ``dict`` object.
|
|
111
|
-
|
|
112
|
-
In case of an error, an exception, derived from ``bareos.exceptions.Error`` is raised.
|
|
113
|
-
|
|
114
|
-
Example:
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
.. code:: python
|
|
118
|
-
|
|
119
|
-
>>> directorconsole.call("test it")
|
|
120
|
-
Traceback (most recent call last):
|
|
121
|
-
...
|
|
122
|
-
bareos.exceptions.JsonRpcErrorReceivedException: failed: test it: is an invalid command.
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
.. _section-python-bareos-tls-psk:
|
|
127
|
-
|
|
128
|
-
Transport Encryption (TLS-PSK)
|
|
129
|
-
==============================
|
|
130
|
-
|
|
131
|
-
Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
|
|
132
|
-
|
|
133
|
-
Unfortenatly, the Python core module `ssl` does not support TLS-PSK.
|
|
134
|
-
There is limited support by the extra module `sslpsk` (see https://github.com/drbild/sslpsk).
|
|
135
|
-
|
|
136
|
-
Fallback To Unencrypted Connections
|
|
137
|
-
-----------------------------------
|
|
138
|
-
|
|
139
|
-
In order to work in most cases, even if ``sslpsk`` is not available,
|
|
140
|
-
the `DirectorConsole` uses a fallback.
|
|
141
|
-
If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
|
|
142
|
-
In this case, a warning is issued, but the connection will work nevertheless:
|
|
143
|
-
|
|
144
|
-
.. code:: python
|
|
145
|
-
|
|
146
|
-
>>> import bareos.bsock
|
|
147
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
|
|
148
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
|
|
149
|
-
socket error: Conversation terminated (-4)
|
|
150
|
-
Failed to connect using protocol version 2. Trying protocol version 1.
|
|
151
|
-
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
152
|
-
|
|
153
|
-
To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
|
|
154
|
-
|
|
155
|
-
.. code:: python
|
|
156
|
-
|
|
157
|
-
>>> import bareos.bsock
|
|
158
|
-
/.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
|
|
159
|
-
>>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
|
|
160
|
-
Traceback (most recent call last):
|
|
161
|
-
[...]
|
|
162
|
-
bareos.exceptions.ConnectionError: TLS-PSK is required, but sslpsk module not loaded/available.
|
|
163
|
-
|
|
164
|
-
In this case, an exception is raised, if the connection can not be established via TLS-PSK.
|
|
165
|
-
|
|
166
|
-
sslpsk
|
|
167
|
-
------
|
|
168
|
-
|
|
169
|
-
The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
|
|
170
|
-
extends the core module `ssl` by TLS-PSK.
|
|
171
|
-
|
|
172
|
-
At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/), which is not working with Python >= 3.
|
|
173
|
-
|
|
174
|
-
If `python-bareos` should use TLS-PSK with Python >= 3,
|
|
175
|
-
the latest version must by installed manually:
|
|
176
|
-
|
|
177
|
-
.. code:: shell
|
|
178
|
-
|
|
179
|
-
git clone https://github.com/drbild/sslpsk.git
|
|
180
|
-
cd sslpsk
|
|
181
|
-
python setup.py build
|
|
182
|
-
python setup.py install
|
|
183
|
-
|
|
184
|
-
`python-bareos` will detect, that `sslpsk` is available and will use it automatically.
|
|
185
|
-
This can be verified by following command:
|
|
186
|
-
|
|
187
|
-
.. code:: python
|
|
188
|
-
|
|
189
|
-
>>> import bareos.bsock
|
|
190
|
-
>>> bareos.bsock.DirectorConsole.is_tls_psk_available()
|
|
191
|
-
True
|
|
192
|
-
|
|
193
|
-
Another limitation of the current `sslpsk` version is,
|
|
194
|
-
that it is not able to autodetect the TLS protocol version to use.
|
|
195
|
-
|
|
196
|
-
In order to use it, specify ``tls_version`` with an appropriate protocol version.
|
|
197
|
-
In most cases this should be ``tls_version=ssl.PROTOCOL_TLSv1_2``,
|
|
198
|
-
like in the following example:
|
|
199
|
-
|
|
200
|
-
.. code:: python
|
|
201
|
-
|
|
202
|
-
>>> import ssl
|
|
203
|
-
>>> import bareos.bsock
|
|
204
|
-
>>> directorconsole = bareos.bsock.DirectorConsoleJson(address='localhost', user='user-tls', password='secret', tls_version=ssl.PROTOCOL_TLSv1_2)
|
|
205
|
-
>>> print(directorconsole.call('help').decode("utf-8"))
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
23.0.2
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|
|
File without changes
|