python-bareos 23.0.2__tar.gz → 23.0.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. {python-bareos-23.0.2 → python_bareos-23.0.4}/PKG-INFO +39 -25
  2. python_bareos-23.0.4/README.rst +8 -0
  3. python_bareos-23.0.4/bareos/VERSION.txt +1 -0
  4. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/__init__.py +31 -18
  5. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/directorconsole.py +9 -7
  6. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/lowlevel.py +46 -28
  7. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/protocolversions.py +4 -2
  8. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/tlsversionparser.py +2 -2
  9. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/argparse.py +8 -0
  10. {python-bareos-23.0.2 → python_bareos-23.0.4}/bin/bareos-fd-connect.py +1 -1
  11. {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/PKG-INFO +39 -25
  12. {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/requires.txt +0 -3
  13. {python-bareos-23.0.2 → python_bareos-23.0.4}/setup.py +17 -2
  14. python-bareos-23.0.2/README.rst +0 -205
  15. python-bareos-23.0.2/bareos/VERSION.txt +0 -1
  16. {python-bareos-23.0.2 → python_bareos-23.0.4}/LICENSE.txt +0 -0
  17. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/__init__.py +0 -0
  18. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/bsock.py +0 -0
  19. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/bsockjson.py +0 -0
  20. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/connectiontype.py +0 -0
  21. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/constants.py +0 -0
  22. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/directorconsolejson.py +0 -0
  23. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/filedaemon.py +0 -0
  24. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/protocolmessageids.py +0 -0
  25. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/bsock/protocolmessages.py +0 -0
  26. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/exceptions.py +0 -0
  27. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/__init__.py +0 -0
  28. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/bareosbase64.py +0 -0
  29. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/password.py +0 -0
  30. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/path.py +0 -0
  31. {python-bareos-23.0.2 → python_bareos-23.0.4}/bareos/util/version.py +0 -0
  32. {python-bareos-23.0.2 → python_bareos-23.0.4}/bin/bconsole-json.py +0 -0
  33. {python-bareos-23.0.2 → python_bareos-23.0.4}/bin/bconsole.py +0 -0
  34. {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/SOURCES.txt +0 -0
  35. {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/dependency_links.txt +0 -0
  36. {python-bareos-23.0.2 → python_bareos-23.0.4}/python_bareos.egg-info/top_level.txt +0 -0
  37. {python-bareos-23.0.2 → python_bareos-23.0.4}/setup.cfg +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: python-bareos
3
- Version: 23.0.2
3
+ Version: 23.0.4
4
4
  Summary: Client library and tools for Bareos console access.
5
5
  Home-page: https://github.com/bareos/bareos/
6
6
  Author: Bareos Team
@@ -15,30 +15,29 @@ Classifier: Topic :: System :: Archiving :: Backup
15
15
  Requires-Python: >=3.6
16
16
  Description-Content-Type: text/x-rst
17
17
  License-File: LICENSE.txt
18
- Provides-Extra: tls-psk
19
- Requires-Dist: sslpsk; extra == "tls-psk"
20
18
  Provides-Extra: configfile
21
19
  Requires-Dist: configargparse; extra == "configfile"
22
20
 
23
21
  python-bareos
24
22
  =============
25
23
 
26
- `python-bareos` is a Python module to access a http://www.bareos.org backup system.
24
+ `python-bareos` is a Python module to access a https://www.bareos.com backup system.
27
25
 
28
26
  Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
29
27
 
30
28
  Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
31
29
 
30
+
32
31
  .. note::
33
32
 
34
- By default, the Bareos Director (>= 18.2.4) uses TLS-PSK when communicating through the network.
33
+ By default, the Bareos Director (>= 18.2.4)
34
+ uses TLS-PSK when communicating through the network.
35
35
 
36
- Unfortunately the Python core module ``ssl``
37
- does not support TLS-PSK.
38
- For testing ``python-bareos`` should be used without TLS.
36
+ The Python (https://github.com/python/cpython) core module ``ssl``
37
+ does support TLS-PSK only since Python >= 3.13.
39
38
  The section `Transport Encryption (TLS-PSK)`_ describes
40
- how to use ``python-bareos`` with TLS-PSK
41
- and about the limitations.
39
+ how to use TLS-PSK and about the limitations.
40
+ For testing this module can also be used without TLS.
42
41
 
43
42
 
44
43
  Preparations
@@ -55,12 +54,13 @@ Create some named consoles for testing:
55
54
 
56
55
  This creates a console user with name `user1` and the profile `operator`.
57
56
  The `operator` profile is a default profile that comes with the Bareos Director.
58
- It does allow most commands. It only deny some dangerous commands (see ``show profile=operator``),
57
+ It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
59
58
  so it is well suited for this purpose.
60
59
  Futhermore, TLS enforcement is disabled for this console user.
61
60
 
62
61
  For testing with TLS-PSK, we also create the user `user-tls`.
63
62
 
63
+
64
64
  Examples
65
65
  ========
66
66
 
@@ -96,7 +96,7 @@ Simple version of the bconsole in Python
96
96
  >>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
97
97
  >>> directorconsole.interactive()
98
98
 
99
- Or use the included ``bconsole.py`` script:
99
+ Or use the ``bconsole.py`` script:
100
100
 
101
101
  .. code-block:: shell-session
102
102
 
@@ -129,9 +129,10 @@ Example:
129
129
  Full
130
130
  Differential
131
131
 
132
+
132
133
  The results the the `call` method is a ``dict`` object.
133
134
 
134
- In case of an error, an exception, derived from ``bareos.exceptions.Error`` is raised.
135
+ In case of an error, an exception, derived from `bareos.exceptions.Error` is raised.
135
136
 
136
137
  Example:
137
138
 
@@ -152,26 +153,30 @@ Transport Encryption (TLS-PSK)
152
153
 
153
154
  Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
154
155
 
155
- Unfortenatly, the Python core module `ssl` does not support TLS-PSK.
156
- There is limited support by the extra module `sslpsk` (see https://github.com/drbild/sslpsk).
156
+ Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
157
+ For some older versions of Python,
158
+ the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
157
159
 
158
160
  Fallback To Unencrypted Connections
159
161
  -----------------------------------
160
162
 
161
- In order to work in most cases, even if ``sslpsk`` is not available,
162
- the `DirectorConsole` uses a fallback.
163
+ Normally `DirectorConsole` tries to connect using the latest known protocol version.
164
+ In order to allow connections in more environments,
165
+ the `DirectorConsole` can fall back to older protocol versions.
166
+ Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
163
167
  If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
164
- In this case, a warning is issued, but the connection will work nevertheless:
168
+ Depending on your bareos-director configuration, unencrypted connections will be accepted:
165
169
 
166
170
  .. code:: python
167
171
 
168
172
  >>> import bareos.bsock
169
- /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
170
- >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
173
+ /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
174
+ >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
171
175
  socket error: Conversation terminated (-4)
172
176
  Failed to connect using protocol version 2. Trying protocol version 1.
173
177
  >>> print(directorconsole.call('help').decode("utf-8"))
174
178
 
179
+
175
180
  To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
176
181
 
177
182
  .. code:: python
@@ -180,8 +185,9 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
180
185
  /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
181
186
  >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
182
187
  Traceback (most recent call last):
183
- [...]
184
- bareos.exceptions.ConnectionError: TLS-PSK is required, but sslpsk module not loaded/available.
188
+ ...
189
+ bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
190
+
185
191
 
186
192
  In this case, an exception is raised, if the connection can not be established via TLS-PSK.
187
193
 
@@ -191,10 +197,18 @@ sslpsk
191
197
  The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
192
198
  extends the core module `ssl` by TLS-PSK.
193
199
 
194
- At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/), which is not working with Python >= 3.
200
+ At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
201
+ which is not working with Python >= 3.
202
+
203
+ For using `python-bareos` with TLS-PSK with
204
+ Python >= 3 and Python <= 3.9
205
+ the latest version must by installed manually.
206
+ At the time of writing, even the latest version
207
+ (https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
208
+ does not support Python >= 3.10.
209
+ However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
195
210
 
196
- If `python-bareos` should use TLS-PSK with Python >= 3,
197
- the latest version must by installed manually:
211
+ Installing the `sslpsk` module manually:
198
212
 
199
213
  .. code:: shell
200
214
 
@@ -0,0 +1,8 @@
1
+ python-bareos
2
+ =============
3
+
4
+ `python-bareos` is a Python module to access a https://www.bareos.com backup system.
5
+
6
+ Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
7
+
8
+ Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
@@ -0,0 +1 @@
1
+ 23.0.4
@@ -1,6 +1,6 @@
1
1
  # BAREOS - Backup Archiving REcovery Open Sourced
2
2
  #
3
- # Copyright (C) 2016-2020 Bareos GmbH & Co. KG
3
+ # Copyright (C) 2016-2024 Bareos GmbH & Co. KG
4
4
  #
5
5
  # This program is Free Software; you can redistribute it and/or
6
6
  # modify it under the terms of version three of the GNU Affero General Public
@@ -17,17 +17,18 @@
17
17
  # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
18
18
  # 02110-1301, USA.
19
19
 
20
- """Module to access a http://www.bareos.org backup system.
20
+ """Module to access a https://www.bareos.com backup system.
21
21
 
22
22
  .. note::
23
23
 
24
- By default, the Bareos Director (>= 18.2.4) uses TLS-PSK when communicating through the network.
24
+ By default, the Bareos Director (>= 18.2.4)
25
+ uses TLS-PSK when communicating through the network.
25
26
 
26
- Unfortunately the Python core module ``ssl``
27
- does not support TLS-PSK.
28
- For testing this module should be used without TLS.
27
+ The Python (https://github.com/python/cpython) core module ``ssl``
28
+ does support TLS-PSK only since Python >= 3.13.
29
29
  The section `Transport Encryption (TLS-PSK)`_ describes
30
30
  how to use TLS-PSK and about the limitations.
31
+ For testing this module can also be used without TLS.
31
32
 
32
33
 
33
34
  Preparations
@@ -44,7 +45,7 @@ Create some named consoles for testing:
44
45
 
45
46
  This creates a console user with name `user1` and the profile `operator`.
46
47
  The `operator` profile is a default profile that comes with the Bareos Director.
47
- It does allow most commands. It only deny some dangerous commands (see ``show profile=operator``),
48
+ It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
48
49
  so it is well suited for this purpose.
49
50
  Futhermore, TLS enforcement is disabled for this console user.
50
51
 
@@ -119,6 +120,7 @@ Example:
119
120
  Full
120
121
  Differential
121
122
 
123
+
122
124
  The results the the `call` method is a ``dict`` object.
123
125
 
124
126
  In case of an error, an exception, derived from :py:class:`bareos.exceptions.Error` is raised.
@@ -142,22 +144,25 @@ Transport Encryption (TLS-PSK)
142
144
 
143
145
  Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
144
146
 
145
- Unfortenatly, the Python core module `ssl` does not support TLS-PSK.
146
- There is limited support by the extra module `sslpsk` (see https://github.com/drbild/sslpsk).
147
+ Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
148
+ For some older versions of Python,
149
+ the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
147
150
 
148
151
  Fallback To Unencrypted Connections
149
152
  -----------------------------------
150
153
 
151
- In order to work in most cases, even if ``sslpsk`` is not available,
152
- the `DirectorConsole` uses a fallback.
154
+ Normally `DirectorConsole` tries to connect using the latest known protocol version.
155
+ In order to allow connections in more environments,
156
+ the `DirectorConsole` can fall back to older protocol versions.
157
+ Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
153
158
  If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
154
- In this case, a warning is issued, but the connection will work nevertheless:
159
+ Depending on your bareos-director configuration, unencrypted connections will be accepted:
155
160
 
156
161
  .. code:: python
157
162
 
158
163
  >>> import bareos.bsock
159
- /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
160
- >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
164
+ /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
165
+ >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
161
166
  socket error: Conversation terminated (-4)
162
167
  Failed to connect using protocol version 2. Trying protocol version 1.
163
168
  >>> print(directorconsole.call('help').decode("utf-8"))
@@ -172,7 +177,7 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
172
177
  >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
173
178
  Traceback (most recent call last):
174
179
  ...
175
- bareos.exceptions.ConnectionError: TLS-PSK is required, but sslpsk module not loaded/available.
180
+ bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
176
181
 
177
182
 
178
183
  In this case, an exception is raised, if the connection can not be established via TLS-PSK.
@@ -183,10 +188,18 @@ sslpsk
183
188
  The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
184
189
  extends the core module `ssl` by TLS-PSK.
185
190
 
186
- At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/), which is not working with Python >= 3.
191
+ At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
192
+ which is not working with Python >= 3.
193
+
194
+ For using `python-bareos` with TLS-PSK with
195
+ Python >= 3 and Python <= 3.9
196
+ the latest version must by installed manually.
197
+ At the time of writing, even the latest version
198
+ (https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
199
+ does not support Python >= 3.10.
200
+ However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
187
201
 
188
- If `python-bareos` should use TLS-PSK with Python >= 3,
189
- the latest version must by installed manually:
202
+ Installing the `sslpsk` module manually:
190
203
 
191
204
  .. code:: shell
192
205
 
@@ -68,7 +68,7 @@ class DirectorConsole(LowLevel):
68
68
  group.add_argument(
69
69
  "--name",
70
70
  default="*UserAgent*",
71
- help='use this to access a specific Bareos director named console. Otherwise it connects to the default console ("*UserAgent*").',
71
+ help='use this to access a specific Bareos director named console. Otherwise it connects to the default console ("%(default)s").',
72
72
  dest="BAREOS_name",
73
73
  )
74
74
 
@@ -83,7 +83,7 @@ class DirectorConsole(LowLevel):
83
83
  group.add_argument(
84
84
  "--port",
85
85
  default=9101,
86
- help="Bareos Director network port.",
86
+ help="Bareos Director network port. Default: %(default)s.",
87
87
  dest="BAREOS_port",
88
88
  )
89
89
 
@@ -91,7 +91,7 @@ class DirectorConsole(LowLevel):
91
91
  group.add_argument(
92
92
  "--address",
93
93
  default="localhost",
94
- help="Bareos Director network address.",
94
+ help="Bareos Director network address. Default: %(default)s.",
95
95
  dest="BAREOS_address",
96
96
  )
97
97
 
@@ -104,9 +104,11 @@ class DirectorConsole(LowLevel):
104
104
 
105
105
  group.add_argument(
106
106
  "--protocolversion",
107
- default=ProtocolVersions.last,
108
107
  type=int,
109
- help="Specify the Bareos console protocol version. Default: %(default)s (current).",
108
+ choices=set(protocolversion.value for protocolversion in ProtocolVersions)
109
+ | set([0]),
110
+ default=ProtocolVersions.last.value,
111
+ help="Specify the Bareos console protocol version (0: auto-detect, %(default)s: latest). Default: %(default)s.",
110
112
  dest="BAREOS_protocolversion",
111
113
  )
112
114
 
@@ -124,7 +126,7 @@ class DirectorConsole(LowLevel):
124
126
 
125
127
  group.add_argument(
126
128
  "--tls-psk-require",
127
- help="Allow only encrypted connections. Default: False.",
129
+ help="Allow only encrypted connections. Default: %(default)s.",
128
130
  action="store_true",
129
131
  dest="BAREOS_tls_psk_require",
130
132
  )
@@ -192,7 +194,7 @@ class DirectorConsole(LowLevel):
192
194
  if tls_version is not None:
193
195
  self.tls_version = tls_version
194
196
  self.identity_prefix = "R_CONSOLE"
195
- if protocolversion is not None:
197
+ if protocolversion is not None and protocolversion > 0:
196
198
  self.requested_protocol_version = int(protocolversion)
197
199
  self.protocol_messages.set_version(self.requested_protocol_version)
198
200
  self.connect(
@@ -46,17 +46,26 @@ from bareos.util.bareosbase64 import BareosBase64
46
46
  from bareos.util.password import Password
47
47
  import bareos.exceptions
48
48
 
49
- # Try to load the sslpsk module,
50
- # with implement TLS-PSK (Transport Layer Security - Pre-Shared-Key)
51
- # on top of the ssl module.
52
- # If it is not available, we continue anyway,
49
+ # The ssl module support TLS-PSK (Transport Layer Security - Pre-Shared-Key)
50
+ # since Python >= 3.13.
51
+ # For some older Python versions, the TLS-PSK functionality
52
+ # can be added by the sslpsk module,
53
+ # with implement TLS-PSK on top of the ssl module.
54
+ # If it is also not available, we continue anyway,
53
55
  # but don't use TLS-PSK.
54
- try:
55
- import sslpsk
56
- except ImportError:
57
- warnings.warn(
58
- "Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed."
59
- )
56
+ if not getattr(ssl, "HAS_PSK", False):
57
+
58
+ def format_warning_short(message, category, filename, lineno, line=""):
59
+ return f"{category.__name__}: {message}\n"
60
+
61
+ warnings.formatwarning = format_warning_short
62
+ try:
63
+ import sslpsk
64
+ except ImportError:
65
+ warnings.warn(
66
+ "Connection encryption via TLS-PSK is not available "
67
+ "(not available in 'ssl' and extra module 'sslpsk' is not installed)."
68
+ )
60
69
 
61
70
 
62
71
  class LowLevel(object):
@@ -182,7 +191,7 @@ class LowLevel(object):
182
191
  if self.tls_psk_require:
183
192
  if not self.is_tls_psk_available():
184
193
  raise bareos.exceptions.ConnectionError(
185
- "TLS-PSK is required, but sslpsk module not loaded/available."
194
+ "TLS-PSK is required, but not available."
186
195
  )
187
196
  if not self.tls_psk_enable:
188
197
  raise bareos.exceptions.ConnectionError(
@@ -267,23 +276,32 @@ class LowLevel(object):
267
276
  else:
268
277
  raise bareos.exceptions.ConnectionError("No password provided.")
269
278
  self.logger.debug("identity = {0}, password = {1}".format(identity, password))
270
- try:
271
- self.socket = sslpsk.wrap_socket(
272
- client_socket,
273
- ssl_version=self.tls_version,
274
- ciphers="ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH",
275
- psk=(password, identity),
276
- server_side=False,
277
- )
278
- except ssl.SSLError as e:
279
- # raise ConnectionError(
280
- # "failed to connect to host {0}, port {1}: {2}".format(self.address, self.port, str(e)))
281
- # Using a general raise keep more information about the type of error.
282
- raise
279
+ ciphers = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
280
+
281
+ if getattr(ssl, "HAS_PSK", False):
282
+ context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
283
+ context.check_hostname = False
284
+ context.set_ciphers(ciphers)
285
+ context.set_psk_client_callback(lambda hint: (identity, password))
286
+ self.socket = context.wrap_socket(client_socket, server_side=False)
287
+ else:
288
+ try:
289
+ self.socket = sslpsk.wrap_socket(
290
+ client_socket,
291
+ ssl_version=self.tls_version,
292
+ ciphers=ciphers,
293
+ psk=(password, identity),
294
+ server_side=False,
295
+ )
296
+ except ssl.SSLError as e:
297
+ # raise ConnectionError(
298
+ # "failed to connect to host {0}, port {1}: {2}".format(self.address, self.port, str(e)))
299
+ # Using a general raise to keep more information about the type of error.
300
+ raise
283
301
  return True
284
302
 
285
303
  def get_tls_psk_identity(self):
286
- """Bareos TLS-PSK excepts the identiy is a specific format."""
304
+ """Bareos TLS-PSK excepts the identity is a specific format."""
287
305
  name = str(self.name)
288
306
  if isinstance(self.name, bytes):
289
307
  name = self.name.decode("utf-8")
@@ -294,8 +312,8 @@ class LowLevel(object):
294
312
 
295
313
  @staticmethod
296
314
  def is_tls_psk_available():
297
- """Checks if we have all required modules for TLS-PSK."""
298
- return "sslpsk" in sys.modules
315
+ """Checks if TLS-PSK is available."""
316
+ return getattr(ssl, "HAS_PSK", False) or ("sslpsk" in sys.modules)
299
317
 
300
318
  def get_protocol_version(self):
301
319
  """Get the Bareos Console protocol version that is used.
@@ -524,7 +542,7 @@ class LowLevel(object):
524
542
  msg = self.recv_submsg(length)
525
543
  return msg
526
544
 
527
- def recv_msg(self, regex=b"^\d\d\d\d OK.*$"):
545
+ def recv_msg(self, regex=b"^\\d\\d\\d\\d OK.*$"):
528
546
  """Receive a full message.
529
547
 
530
548
  It retrieves messages (header + message text),
@@ -1,6 +1,6 @@
1
1
  # BAREOS - Backup Archiving REcovery Open Sourced
2
2
  #
3
- # Copyright (C) 2019-2021 Bareos GmbH & Co. KG
3
+ # Copyright (C) 2019-2024 Bareos GmbH & Co. KG
4
4
  #
5
5
  # This program is Free Software; you can redistribute it and/or
6
6
  # modify it under the terms of version three of the GNU Affero General Public
@@ -21,8 +21,10 @@
21
21
  Bareos Protocol Versions.
22
22
  """
23
23
 
24
+ from enum import IntEnum
24
25
 
25
- class ProtocolVersions(object):
26
+
27
+ class ProtocolVersions(IntEnum):
26
28
  """
27
29
  Bareos Protocol Versions.
28
30
  """
@@ -1,6 +1,6 @@
1
1
  # BAREOS - Backup Archiving REcovery Open Sourced
2
2
  #
3
- # Copyright (C) 2020-2021 Bareos GmbH & Co. KG
3
+ # Copyright (C) 2020-2024 Bareos GmbH & Co. KG
4
4
  #
5
5
  # This program is Free Software; you can redistribute it and/or
6
6
  # modify it under the terms of version three of the GNU Affero General Public
@@ -57,7 +57,7 @@ class TlsVersionParser:
57
57
  def add_argument(self, argparser):
58
58
  argparser.add_argument(
59
59
  "--tls-version",
60
- help="Use a specific TLS protocol version.",
60
+ help="Use a specific TLS protocol version (only used with the sslpsk module).",
61
61
  action=ArgParserTlsVersionAction,
62
62
  choices=OrderedDict(sorted(self.tls_version_options.items())),
63
63
  dest="BAREOS_tls_version",
@@ -24,6 +24,8 @@ Uses configargparse, if available,
24
24
  otherwise, falls back to argparse.
25
25
  """
26
26
 
27
+ from pprint import pformat
28
+
27
29
  HAVE_CONFIG_ARG_PARSE_MODULE = False
28
30
  try:
29
31
  import configargparse as argparse
@@ -42,3 +44,9 @@ class ArgumentParser(argparse.ArgumentParser):
42
44
  self.add_argument(
43
45
  "-c", "--config", is_config_file=True, help="Config file path."
44
46
  )
47
+
48
+ def format_values(self):
49
+ try:
50
+ return super().format_values()
51
+ except AttributeError:
52
+ return pformat(vars(self.parse_args()))
@@ -58,6 +58,6 @@ if __name__ == "__main__":
58
58
  sys.exit(1)
59
59
  logger.debug("authentication successful")
60
60
  if args.command:
61
- print(bsock.call(args.command))
61
+ print(bsock.call(args.command).decode("utf-8"))
62
62
  else:
63
63
  bsock.interactive()
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.1
2
2
  Name: python-bareos
3
- Version: 23.0.2
3
+ Version: 23.0.4
4
4
  Summary: Client library and tools for Bareos console access.
5
5
  Home-page: https://github.com/bareos/bareos/
6
6
  Author: Bareos Team
@@ -15,30 +15,29 @@ Classifier: Topic :: System :: Archiving :: Backup
15
15
  Requires-Python: >=3.6
16
16
  Description-Content-Type: text/x-rst
17
17
  License-File: LICENSE.txt
18
- Provides-Extra: tls-psk
19
- Requires-Dist: sslpsk; extra == "tls-psk"
20
18
  Provides-Extra: configfile
21
19
  Requires-Dist: configargparse; extra == "configfile"
22
20
 
23
21
  python-bareos
24
22
  =============
25
23
 
26
- `python-bareos` is a Python module to access a http://www.bareos.org backup system.
24
+ `python-bareos` is a Python module to access a https://www.bareos.com backup system.
27
25
 
28
26
  Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
29
27
 
30
28
  Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
31
29
 
30
+
32
31
  .. note::
33
32
 
34
- By default, the Bareos Director (>= 18.2.4) uses TLS-PSK when communicating through the network.
33
+ By default, the Bareos Director (>= 18.2.4)
34
+ uses TLS-PSK when communicating through the network.
35
35
 
36
- Unfortunately the Python core module ``ssl``
37
- does not support TLS-PSK.
38
- For testing ``python-bareos`` should be used without TLS.
36
+ The Python (https://github.com/python/cpython) core module ``ssl``
37
+ does support TLS-PSK only since Python >= 3.13.
39
38
  The section `Transport Encryption (TLS-PSK)`_ describes
40
- how to use ``python-bareos`` with TLS-PSK
41
- and about the limitations.
39
+ how to use TLS-PSK and about the limitations.
40
+ For testing this module can also be used without TLS.
42
41
 
43
42
 
44
43
  Preparations
@@ -55,12 +54,13 @@ Create some named consoles for testing:
55
54
 
56
55
  This creates a console user with name `user1` and the profile `operator`.
57
56
  The `operator` profile is a default profile that comes with the Bareos Director.
58
- It does allow most commands. It only deny some dangerous commands (see ``show profile=operator``),
57
+ It does allow most commands, but deny some dangerous commands (see ``show profile=operator``),
59
58
  so it is well suited for this purpose.
60
59
  Futhermore, TLS enforcement is disabled for this console user.
61
60
 
62
61
  For testing with TLS-PSK, we also create the user `user-tls`.
63
62
 
63
+
64
64
  Examples
65
65
  ========
66
66
 
@@ -96,7 +96,7 @@ Simple version of the bconsole in Python
96
96
  >>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
97
97
  >>> directorconsole.interactive()
98
98
 
99
- Or use the included ``bconsole.py`` script:
99
+ Or use the ``bconsole.py`` script:
100
100
 
101
101
  .. code-block:: shell-session
102
102
 
@@ -129,9 +129,10 @@ Example:
129
129
  Full
130
130
  Differential
131
131
 
132
+
132
133
  The results the the `call` method is a ``dict`` object.
133
134
 
134
- In case of an error, an exception, derived from ``bareos.exceptions.Error`` is raised.
135
+ In case of an error, an exception, derived from `bareos.exceptions.Error` is raised.
135
136
 
136
137
  Example:
137
138
 
@@ -152,26 +153,30 @@ Transport Encryption (TLS-PSK)
152
153
 
153
154
  Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
154
155
 
155
- Unfortenatly, the Python core module `ssl` does not support TLS-PSK.
156
- There is limited support by the extra module `sslpsk` (see https://github.com/drbild/sslpsk).
156
+ Unfortunately the Python core module ``ssl`` does support TLS-PSK only with Python >= 3.13.
157
+ For some older versions of Python,
158
+ the extra module ``sslpsk`` (see https://github.com/drbild/sslpsk) offers limited support.
157
159
 
158
160
  Fallback To Unencrypted Connections
159
161
  -----------------------------------
160
162
 
161
- In order to work in most cases, even if ``sslpsk`` is not available,
162
- the `DirectorConsole` uses a fallback.
163
+ Normally `DirectorConsole` tries to connect using the latest known protocol version.
164
+ In order to allow connections in more environments,
165
+ the `DirectorConsole` can fall back to older protocol versions.
166
+ Specify `protocolversion = None` (or 0 as command line argument) to enable automatic fall back.
163
167
  If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
164
- In this case, a warning is issued, but the connection will work nevertheless:
168
+ Depending on your bareos-director configuration, unencrypted connections will be accepted:
165
169
 
166
170
  .. code:: python
167
171
 
168
172
  >>> import bareos.bsock
169
- /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
170
- >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
173
+ /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available (TLS-PSK is not available in the ssl module and the extra module sslpsk is not installed).
174
+ >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', protocolversion=None)
171
175
  socket error: Conversation terminated (-4)
172
176
  Failed to connect using protocol version 2. Trying protocol version 1.
173
177
  >>> print(directorconsole.call('help').decode("utf-8"))
174
178
 
179
+
175
180
  To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
176
181
 
177
182
  .. code:: python
@@ -180,8 +185,9 @@ To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
180
185
  /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
181
186
  >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
182
187
  Traceback (most recent call last):
183
- [...]
184
- bareos.exceptions.ConnectionError: TLS-PSK is required, but sslpsk module not loaded/available.
188
+ ...
189
+ bareos.exceptions.ConnectionError: TLS-PSK is required, but not available.
190
+
185
191
 
186
192
  In this case, an exception is raised, if the connection can not be established via TLS-PSK.
187
193
 
@@ -191,10 +197,18 @@ sslpsk
191
197
  The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
192
198
  extends the core module `ssl` by TLS-PSK.
193
199
 
194
- At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/), which is not working with Python >= 3.
200
+ At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/),
201
+ which is not working with Python >= 3.
202
+
203
+ For using `python-bareos` with TLS-PSK with
204
+ Python >= 3 and Python <= 3.9
205
+ the latest version must by installed manually.
206
+ At the time of writing, even the latest version
207
+ (https://github.com/drbild/sslpsk/commit/d88123a75786953f82f5e25d6c43d9d9259acb62)
208
+ does not support Python >= 3.10.
209
+ However, Python >= 3.13 has direct support for TLS-PSK in the core `ssl` module.
195
210
 
196
- If `python-bareos` should use TLS-PSK with Python >= 3,
197
- the latest version must by installed manually:
211
+ Installing the `sslpsk` module manually:
198
212
 
199
213
  .. code:: shell
200
214
 
@@ -1,6 +1,3 @@
1
1
 
2
- [TLS-PSK]
3
- sslpsk
4
-
5
2
  [configfile]
6
3
  configargparse
@@ -47,6 +47,21 @@ def get_version():
47
47
  return __version__
48
48
 
49
49
 
50
+ def get_long_description():
51
+ base_dir = os.path.abspath(os.path.dirname(__file__))
52
+ with open("README.rst") as readme_file:
53
+ description = readme_file.read()
54
+ with open(os.path.join(base_dir, "bareos", "bsock", "__init__.py")) as bsock_file:
55
+ bsock_content = bsock_file.read().strip()
56
+ # bsock_description = re.sub(r'.*"""(.*?)""".*', r'\1', bsock_content, flags=re.DOTALL)
57
+ bsock_description = re.sub(
58
+ ":py:class:",
59
+ "",
60
+ re.sub(r'.*(\.\. note::.*?)""".*', r"\n\n\1", bsock_content, flags=re.DOTALL),
61
+ )
62
+ return description + bsock_description
63
+
64
+
50
65
  setup(
51
66
  name="python-bareos",
52
67
  version=get_version(),
@@ -60,11 +75,11 @@ setup(
60
75
  # What does your project relate to?
61
76
  keywords="bareos",
62
77
  description="Client library and tools for Bareos console access.",
63
- long_description=open("README.rst").read(),
78
+ long_description=get_long_description(),
64
79
  long_description_content_type="text/x-rst",
65
80
  # RHEL7: python-3.6
66
81
  python_requires=">=3.6",
67
- extras_require={"TLS-PSK": ["sslpsk"], "configfile": ["configargparse"]},
82
+ extras_require={"configfile": ["configargparse"]},
68
83
  classifiers=[
69
84
  "Development Status :: 5 - Production/Stable",
70
85
  "License :: OSI Approved :: GNU Affero General Public License v3",
@@ -1,205 +0,0 @@
1
- python-bareos
2
- =============
3
-
4
- `python-bareos` is a Python module to access a http://www.bareos.org backup system.
5
-
6
- Packages for `python-bareos` are included in the Bareos core distribution and available via https://pypi.org/.
7
-
8
- Documentation is available at https://docs.bareos.org/DeveloperGuide/PythonBareos.html
9
-
10
- .. note::
11
-
12
- By default, the Bareos Director (>= 18.2.4) uses TLS-PSK when communicating through the network.
13
-
14
- Unfortunately the Python core module ``ssl``
15
- does not support TLS-PSK.
16
- For testing ``python-bareos`` should be used without TLS.
17
- The section `Transport Encryption (TLS-PSK)`_ describes
18
- how to use ``python-bareos`` with TLS-PSK
19
- and about the limitations.
20
-
21
-
22
- Preparations
23
- ============
24
-
25
- Create some named consoles for testing:
26
-
27
- .. code-block:: shell-session
28
-
29
- root@host:~# bconsole
30
- *configure add console name=user1 password=secret profile=operator TlsEnable=no
31
- *configure add console name=user-tls password=secret profile=operator
32
-
33
-
34
- This creates a console user with name `user1` and the profile `operator`.
35
- The `operator` profile is a default profile that comes with the Bareos Director.
36
- It does allow most commands. It only deny some dangerous commands (see ``show profile=operator``),
37
- so it is well suited for this purpose.
38
- Futhermore, TLS enforcement is disabled for this console user.
39
-
40
- For testing with TLS-PSK, we also create the user `user-tls`.
41
-
42
- Examples
43
- ========
44
-
45
- Calling bareos-director console commands
46
- ----------------------------------------
47
-
48
- .. code:: python
49
-
50
- >>> import bareos.bsock
51
- >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user1', password='secret')
52
- >>> print(directorconsole.call('help').decode("utf-8"))
53
-
54
- This creates a console connection to a Bareos Director.
55
- This connection can be used to `call` commands.
56
- These are the same commands as available via ``bconsole``.
57
-
58
- To connect to the default console instead, omit the `name` parameter:
59
-
60
- .. code:: python
61
-
62
- >>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='defaultconsolepassword')
63
-
64
- The result of the call method is a ``bytes`` object. In most cases, it has to be decoded to UTF-8.
65
-
66
-
67
-
68
- Simple version of the bconsole in Python
69
- ----------------------------------------
70
-
71
- .. code:: python
72
-
73
- >>> import bareos.bsock
74
- >>> directorconsole = bareos.bsock.DirectorConsole(address='localhost', port=9101, password='secret')
75
- >>> directorconsole.interactive()
76
-
77
- Or use the included ``bconsole.py`` script:
78
-
79
- .. code-block:: shell-session
80
-
81
- bconsole.py --debug --name=user1 --password=secret localhost
82
-
83
-
84
- Use JSON objects of the API mode 2
85
- ----------------------------------
86
-
87
- Requires: Bareos >= 15.2
88
-
89
- The class `DirectorConsoleJson` is inherited from `DirectorConsole`
90
- and uses the Director Console API mode 2 (JSON).
91
-
92
- For general information about API mode 2 and what data structures to expect,
93
- see https://docs.bareos.org/DeveloperGuide/api.html#api-mode-2-json
94
-
95
- Example:
96
-
97
- .. code:: python
98
-
99
- >>> import bareos.bsock
100
- >>> directorconsole = bareos.bsock.DirectorConsoleJson(address='localhost', port=9101, password='secret')
101
- >>> pools = directorconsole.call('list pools')
102
- >>> for pool in pools["pools"]:
103
- ... print(pool["name"])
104
- ...
105
- Scratch
106
- Incremental
107
- Full
108
- Differential
109
-
110
- The results the the `call` method is a ``dict`` object.
111
-
112
- In case of an error, an exception, derived from ``bareos.exceptions.Error`` is raised.
113
-
114
- Example:
115
-
116
-
117
- .. code:: python
118
-
119
- >>> directorconsole.call("test it")
120
- Traceback (most recent call last):
121
- ...
122
- bareos.exceptions.JsonRpcErrorReceivedException: failed: test it: is an invalid command.
123
-
124
-
125
-
126
- .. _section-python-bareos-tls-psk:
127
-
128
- Transport Encryption (TLS-PSK)
129
- ==============================
130
-
131
- Since Bareos >= 18.2.4, Bareos supports TLS-PSK (Transport-Layer-Security Pre-Shared-Key) to secure its network connections and uses this by default.
132
-
133
- Unfortenatly, the Python core module `ssl` does not support TLS-PSK.
134
- There is limited support by the extra module `sslpsk` (see https://github.com/drbild/sslpsk).
135
-
136
- Fallback To Unencrypted Connections
137
- -----------------------------------
138
-
139
- In order to work in most cases, even if ``sslpsk`` is not available,
140
- the `DirectorConsole` uses a fallback.
141
- If connecting via TLS-PSK fails, it falls back to the old, unencrypted protocol version.
142
- In this case, a warning is issued, but the connection will work nevertheless:
143
-
144
- .. code:: python
145
-
146
- >>> import bareos.bsock
147
- /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
148
- >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret')
149
- socket error: Conversation terminated (-4)
150
- Failed to connect using protocol version 2. Trying protocol version 1.
151
- >>> print(directorconsole.call('help').decode("utf-8"))
152
-
153
- To enforce a encrypted connection, use the ``tls_psk_require=True`` parameter:
154
-
155
- .. code:: python
156
-
157
- >>> import bareos.bsock
158
- /.../bareos/bsock/lowlevel.py:39: UserWarning: Connection encryption via TLS-PSK is not available, as the module sslpsk is not installed.
159
- >>> directorconsole=bareos.bsock.DirectorConsole(address='localhost', port=9101, name='user-tls', password='secret', tls_psk_require=True)
160
- Traceback (most recent call last):
161
- [...]
162
- bareos.exceptions.ConnectionError: TLS-PSK is required, but sslpsk module not loaded/available.
163
-
164
- In this case, an exception is raised, if the connection can not be established via TLS-PSK.
165
-
166
- sslpsk
167
- ------
168
-
169
- The extra module `sslpsk` (see https://github.com/drbild/sslpsk)
170
- extends the core module `ssl` by TLS-PSK.
171
-
172
- At the time of writing, the lasted version installable via pip is 1.0.0 (https://pypi.org/project/sslpsk/), which is not working with Python >= 3.
173
-
174
- If `python-bareos` should use TLS-PSK with Python >= 3,
175
- the latest version must by installed manually:
176
-
177
- .. code:: shell
178
-
179
- git clone https://github.com/drbild/sslpsk.git
180
- cd sslpsk
181
- python setup.py build
182
- python setup.py install
183
-
184
- `python-bareos` will detect, that `sslpsk` is available and will use it automatically.
185
- This can be verified by following command:
186
-
187
- .. code:: python
188
-
189
- >>> import bareos.bsock
190
- >>> bareos.bsock.DirectorConsole.is_tls_psk_available()
191
- True
192
-
193
- Another limitation of the current `sslpsk` version is,
194
- that it is not able to autodetect the TLS protocol version to use.
195
-
196
- In order to use it, specify ``tls_version`` with an appropriate protocol version.
197
- In most cases this should be ``tls_version=ssl.PROTOCOL_TLSv1_2``,
198
- like in the following example:
199
-
200
- .. code:: python
201
-
202
- >>> import ssl
203
- >>> import bareos.bsock
204
- >>> directorconsole = bareos.bsock.DirectorConsoleJson(address='localhost', user='user-tls', password='secret', tls_version=ssl.PROTOCOL_TLSv1_2)
205
- >>> print(directorconsole.call('help').decode("utf-8"))
@@ -1 +0,0 @@
1
- 23.0.2
File without changes