casync: propagate --trust-peer option to helpers

Currently, casync-http handles the option --trust-peer but casync does
not propagate it to its protocol helpers.

This commit propagates the --trust-peer the protocol helpers as it is
done for option --rate-limit-bps.

Author: gportay

doc/casync.rst

@@ -166,6 +166,7 @@ General options:
 --rate-limit-bps=<LIMIT>        Maximum bandwidth in bytes/s for remote communication
 --max-active-chunks=<MAX>       Maximum number of simultaneously active chunks for remote communication
 --max-host-connections=<MAX>    Maximum number of connections to a single host for remote communication
+--ssl-trust-peer                Trust the peer's SSL certificate
 --exclude-nodump=no             Don't exclude files with chattr(1)'s +d **nodump** flag when creating archive
 --exclude-submounts=yes         Exclude submounts when creating archive
 --exclude-file=no               Don't respect .caexclude files in the file tree

src/caremote.c

@@ -62,6 +62,7 @@ struct CaRemote {
         uint64_t rate_limit_bps;
         unsigned max_active_chunks;
         unsigned max_host_connections;
+        bool ssl_trust_peer;
 
         ReallocBuffer input_buffer;
         ReallocBuffer output_buffer;
@@ -268,6 +269,15 @@ int ca_remote_set_max_host_connections(CaRemote *rr, unsigned max_host_connectio
         return 0;
 }
 
+int ca_remote_set_ssl_trust_peer(CaRemote *rr, bool ssl_trust_peer) {
+        if (!rr)
+                return -EINVAL;
+
+        rr->ssl_trust_peer = ssl_trust_peer;
+
+        return 0;
+}
+
 int ca_remote_set_local_feature_flags(CaRemote *rr, uint64_t flags) {
         if (!rr)
                 return -EINVAL;
@@ -1027,6 +1037,9 @@ static int ca_remote_start(CaRemote *rr) {
                         if (rr->max_host_connections)
                                 argc++;
 
+                        if (rr->ssl_trust_peer)
+                                argc++;
+
                         args = newa(char*, argc + 1);
 
                         if (rr->callout) {
@@ -1088,6 +1101,9 @@ static int ca_remote_start(CaRemote *rr) {
                                 i++;
                         }
 
+                        if (rr->ssl_trust_peer)
+                                args[i++] = (char*) "--ssl-trust-peer";
+
                         args[i + CA_REMOTE_ARG_OPERATION] = (char*) ((rr->local_feature_flags & (CA_PROTOCOL_PUSH_CHUNKS|CA_PROTOCOL_PUSH_INDEX|CA_PROTOCOL_PUSH_ARCHIVE)) ? "push" : "pull");
                         args[i + CA_REMOTE_ARG_BASE_URL] = /* rr->base_url ? rr->base_url + skip :*/ (char*) "-";
                         args[i + CA_REMOTE_ARG_ARCHIVE_URL] = rr->archive_url ? rr->archive_url + skip : (char*) "-";

src/caremote.h

@@ -54,6 +54,7 @@ int ca_remote_set_log_level(CaRemote *rr, int log_level);
 int ca_remote_set_rate_limit_bps(CaRemote *rr, uint64_t rate_limit_bps);
 int ca_remote_set_max_active_chunks(CaRemote *rr, unsigned max_active_chunks);
 int ca_remote_set_max_host_connections(CaRemote *rr, unsigned max_max_connections);
+int ca_remote_set_ssl_trust_peer(CaRemote *rr, bool ssl_trust_peer);
 
 int ca_remote_set_io_fds(CaRemote *rr, int input_fd, int output_fd);
 int ca_remote_get_io_fds(CaRemote *rr, int *ret_input_fd, int *ret_output_fd);

src/casync-tool.c

@@ -68,6 +68,7 @@ static size_t arg_chunk_size_max = 0;
 static uint64_t arg_rate_limit_bps = UINT64_MAX;
 static unsigned arg_max_active_chunks = 0;
 static unsigned arg_max_host_connections = 0;
+static bool arg_ssl_trust_peer = false;
 static uint64_t arg_with = 0;
 static uint64_t arg_without = 0;
 static uid_t arg_uid_shift = 0, arg_uid_range = 0x10000U;
@@ -114,6 +115,7 @@ static void help(void) {
                "     --max-host-connections=MAX\n"
                "                             Maximum number of connections to a single host for\n"
                "                             remote communication\n"
+               "     --ssl-trust-peer        Trust the peer's SSL certificate\n"
                "     --exclude-nodump=no     Don't exclude files with chattr(1)'s +d 'nodump'\n"
                "                             flag when creating archive\n"
                "     --exclude-submounts=yes Exclude submounts when creating archive\n"
@@ -337,6 +339,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_RATE_LIMIT_BPS,
                 ARG_MAX_ACTIVE_CHUNKS,
                 ARG_MAX_HOST_CONNECTIONS,
+                ARG_SSL_TRUST_PEER,
                 ARG_WITH,
                 ARG_WITHOUT,
                 ARG_WHAT,
@@ -373,6 +376,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "rate-limit-bps",    required_argument, NULL, ARG_RATE_LIMIT_BPS    },
                 { "max-active-chunks", required_argument, NULL, ARG_MAX_ACTIVE_CHUNKS },
                 { "max-host-connections", required_argument, NULL, ARG_MAX_HOST_CONNECTIONS },
+                { "ssl-trust-peer",    no_argument,       NULL, ARG_SSL_TRUST_PEER    },
                 { "with",              required_argument, NULL, ARG_WITH              },
                 { "without",           required_argument, NULL, ARG_WITHOUT           },
                 { "what",              required_argument, NULL, ARG_WHAT              },
@@ -502,6 +506,10 @@ static int parse_argv(int argc, char *argv[]) {
                         }
                         break;
 
+                case ARG_SSL_TRUST_PEER:
+                        arg_ssl_trust_peer = true;
+                        break;
+
                 case ARG_WITH: {
                         uint64_t u;
 
@@ -1369,6 +1377,12 @@ static int verb_make(int argc, char *argv[]) {
                         return log_error_errno(r, "Failed to set max host connections: %m");
         }
 
+        if (arg_ssl_trust_peer) {
+                r = ca_sync_set_ssl_trust_peer(s, arg_ssl_trust_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SSL trust peer: %m");
+        }
+
         r = ca_sync_set_base_fd(s, input_fd);
         if (r < 0)
                 return log_error_errno(r, "Failed to set sync base: %m");
@@ -1686,6 +1700,12 @@ static int verb_extract(int argc, char *argv[]) {
                         return log_error_errno(r, "Failed to set max host connections: %m");
         }
 
+        if (arg_ssl_trust_peer) {
+                r = ca_sync_set_ssl_trust_peer(s, arg_ssl_trust_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SSL trust peer: %m");
+        }
+
         if (seek_path) {
                 if (output_fd >= 0)
                         r = ca_sync_set_boundary_fd(s, output_fd);
@@ -2859,6 +2879,12 @@ static int verb_mount(int argc, char *argv[]) {
                         return log_error_errno(r, "Failed to set max host connections: %m");
         }
 
+        if (arg_ssl_trust_peer) {
+                r = ca_sync_set_ssl_trust_peer(s, arg_ssl_trust_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SSL trust peer: %m");
+        }
+
         if (operation == MOUNT_ARCHIVE) {
                 if (input_fd >= 0)
                         r = ca_sync_set_archive_fd(s, input_fd);
@@ -2997,6 +3023,12 @@ static int verb_mkdev(int argc, char *argv[]) {
                         return log_error_errno(r, "Failed to set max host connections: %m");
         }
 
+        if (arg_ssl_trust_peer) {
+                r = ca_sync_set_ssl_trust_peer(s, arg_ssl_trust_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SSL trust peer: %m");
+        }
+
         if (operation == MKDEV_BLOB) {
                 if (input_fd >= 0)
                         r = ca_sync_set_archive_fd(s, input_fd);
@@ -3576,6 +3608,12 @@ static int verb_pull(int argc, char *argv[]) {
                         return log_error_errno(r, "Failed to set max host connections: %m");
         }
 
+        if (arg_ssl_trust_peer) {
+                r = ca_remote_set_ssl_trust_peer(rr, arg_ssl_trust_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SSL trust peer: %m");
+        }
+
         r = ca_remote_set_io_fds(rr, STDIN_FILENO, STDOUT_FILENO);
         if (r < 0)
                 return log_error_errno(r, "Failed to set I/O file descriptors: %m");
@@ -3747,6 +3785,12 @@ static int verb_push(int argc, char *argv[]) {
                         return log_error_errno(r, "Failed to set max host connections: %m");
         }
 
+        if (arg_ssl_trust_peer) {
+                r = ca_remote_set_ssl_trust_peer(rr, arg_ssl_trust_peer);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to set SSL trust peer: %m");
+        }
+
         r = ca_remote_set_io_fds(rr, STDIN_FILENO, STDOUT_FILENO);
         if (r < 0)
                 log_error_errno(r, "Failed to set I/O file descriptors: %m");

src/casync.c

@@ -114,6 +114,7 @@ struct CaSync {
         size_t rate_limit_bps;
         unsigned max_active_chunks;
         unsigned max_host_connections;
+        bool ssl_trust_peer;
 
         uint64_t feature_flags;
         uint64_t feature_flags_mask;
@@ -542,6 +543,15 @@ int ca_sync_set_max_host_connections(CaSync *s, unsigned max_host_connections) {
         return 0;
 }
 
+int ca_sync_set_ssl_trust_peer(CaSync *s, bool ssl_trust_peer) {
+        if (!s)
+                return -EINVAL;
+
+        s->ssl_trust_peer = ssl_trust_peer;
+
+        return 0;
+}
+
 int ca_sync_set_rate_limit_bps(CaSync *s, uint64_t rate_limit_bps) {
         if (!s)
                 return -EINVAL;

src/casync.h

@@ -35,6 +35,7 @@ int ca_sync_set_log_level(CaSync *s, int log_level);
 int ca_sync_set_rate_limit_bps(CaSync *s, uint64_t rate_limit_bps);
 int ca_sync_set_max_active_chunks(CaSync *s, unsigned max_active_chunks);
 int ca_sync_set_max_host_connections(CaSync *s, unsigned max_host_connection);
+int ca_sync_set_ssl_trust_peer(CaSync *s, bool ssl_trust_peer);
 
 int ca_sync_set_feature_flags(CaSync *s, uint64_t flags);
 int ca_sync_get_feature_flags(CaSync *s, uint64_t *ret);