2 Bacula® - The Network Backup Solution
4 Copyright (C) 2007-2011 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Network Utility Routines
39 #ifndef ENODATA /* not defined on BSD systems */
44 #define socketRead(fd, buf, len) ::recv(fd, buf, len, 0)
45 #define socketWrite(fd, buf, len) ::send(fd, buf, len, 0)
46 #define socketClose(fd) ::closesocket(fd)
48 #define socketRead(fd, buf, len) ::read(fd, buf, len)
49 #define socketWrite(fd, buf, len) ::write(fd, buf, len)
50 #define socketClose(fd) ::close(fd)
54 * This is a non-class BSOCK "constructor" because we want to
55 * call the Bacula smartalloc routines instead of new.
59 BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
66 memset(this, 0, sizeof(BSOCK));
68 msg = get_pool_memory(PM_BSOCK);
69 errmsg = get_pool_memory(PM_MESSAGE);
71 * ****FIXME**** reduce this to a few hours once
72 * heartbeats are implemented
74 timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
78 * This is our "class destructor" that ensures that we use
79 * smartalloc rather than the system free().
81 void BSOCK::free_bsock()
86 void BSOCK::free_tls()
88 free_tls_connection(this->tls);
93 * Try to connect to host for max_retry_time at retry_time intervals.
94 * Note, you must have called the constructor prior to calling
97 bool BSOCK::connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
99 const char *name, char *host, char *service, int port,
105 time_t begin_time = time(NULL);
107 btimer_t *tid = NULL;
109 /* Try to trap out of OS call when time expires */
110 if (max_retry_time) {
111 tid = start_thread_timer(jcr, pthread_self(), (uint32_t)max_retry_time);
114 for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
115 i -= retry_interval) {
117 if (fatal || (jcr && job_canceled(jcr))) {
120 Dmsg4(100, "Unable to connect to %s on %s:%d. ERR=%s\n",
121 name, host, port, be.bstrerror());
123 i = 60 * 5; /* complain again in 5 minutes */
125 Qmsg4(jcr, M_WARNING, 0, _(
126 "Could not connect to %s on %s:%d. ERR=%s\n"
127 "Retrying ...\n"), name, host, port, be.bstrerror());
129 bmicrosleep(retry_interval, 0);
131 if (begin_time + max_retry_time <= now) {
132 Qmsg4(jcr, M_FATAL, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
133 name, host, port, be.bstrerror());
141 stop_thread_timer(tid);
147 * Finish initialization of the pocket structure.
149 void BSOCK::fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
150 struct sockaddr *lclient_addr)
152 Dmsg3(100, "who=%s host=%s port=%d\n", who, host, port);
154 set_who(bstrdup(who));
155 set_host(bstrdup(host));
157 memcpy(&client_addr, lclient_addr, sizeof(client_addr));
162 * Copy the address from the configuration dlist that gets passed in
164 void BSOCK::set_source_address(dlist *src_addr_list)
168 // delete the object we already have, if it's allocated
175 addr = (IPADDR*) src_addr_list->first();
176 src_addr = New( IPADDR(*addr));
181 * Open a TCP connection to the server
183 * Returns BSOCK * pointer on success
185 bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
186 int port, utime_t heart_beat, int *fatal)
191 bool connected = false;
197 * Fill in the structure serv_addr with the address of
198 * the server that we want to connect with.
200 if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
201 /* Note errstr is not malloc'ed */
202 Qmsg2(jcr, M_ERROR, 0, _("gethostbyname() for host \"%s\" failed: ERR=%s\n"),
204 Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
210 foreach_dlist(ipaddr, addr_list) {
211 ipaddr->set_port_net(htons(port));
212 char allbuf[256 * 10];
214 Dmsg2(100, "Current %sAll %s\n",
215 ipaddr->build_address_str(curbuf, sizeof(curbuf)),
216 build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
217 /* Open a TCP socket */
218 if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
222 Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
223 ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
227 /* Bind to the source address if it is set */
229 if (bind(sockfd, src_addr->get_sockaddr(), src_addr->get_sockaddr_len()) < 0) {
233 Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
234 src_addr->get_family(), be.bstrerror() );
240 * Keep socket from timing out from inactivity
242 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
244 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
247 #if defined(TCP_KEEPIDLE)
250 if (setsockopt(sockfd, IPPROTO_IP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
252 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPIDLE on socket: %s\n"),
258 /* connect to server */
259 if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
270 free_addresses(addr_list);
271 errno = save_errno | b_errno_win32;
275 * Keep socket from timing out from inactivity
276 * Do this a second time out of paranoia
278 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
280 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
283 fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
284 free_addresses(addr_list);
289 * Force read/write to use locking
291 bool BSOCK::set_locking()
295 return true; /* already set */
297 if ((stat = pthread_mutex_init(&m_mutex, NULL)) != 0) {
299 Qmsg(m_jcr, M_FATAL, 0, _("Could not init bsock mutex. ERR=%s\n"),
303 m_use_locking = true;
307 void BSOCK::clear_locking()
309 if (!m_use_locking) {
312 m_use_locking = false;
313 pthread_mutex_destroy(&m_mutex);
318 * Send a message over the network. The send consists of
319 * two network packets. The first is sends a 32 bit integer containing
320 * the length of the data packet which follows.
322 * Returns: false on failure
333 if (!m_suppress_error_msgs) {
334 Qmsg4(m_jcr, M_ERROR, 0, _("Socket has errors=%d on call to %s:%s:%d\n"),
335 errors, m_who, m_host, m_port);
339 if (is_terminated()) {
340 if (!m_suppress_error_msgs) {
341 Qmsg4(m_jcr, M_ERROR, 0, _("Socket is terminated=%d on call to %s:%s:%d\n"),
342 is_terminated(), m_who, m_host, m_port);
346 if (msglen > 4000000) {
347 if (!m_suppress_error_msgs) {
348 Qmsg4(m_jcr, M_ERROR, 0,
349 _("Socket has insane msglen=%d on call to %s:%s:%d\n"),
350 msglen, m_who, m_host, m_port);
355 if (m_use_locking) P(m_mutex);
356 /* Compute total packet length */
358 pktsiz = sizeof(pktsiz); /* signal, no data */
360 pktsiz = msglen + sizeof(pktsiz); /* data */
362 /* Store packet length at head of message -- note, we
363 * have reserved an int32_t just before msg, so we can
366 hdr = (int32_t *)(msg - (int)sizeof(pktsiz));
367 *hdr = htonl(msglen); /* store signal/length */
369 out_msg_no++; /* increment message number */
371 /* send data packet */
372 timer_start = watchdog_time; /* start timer */
374 /* Full I/O done in one write */
375 rc = write_nbytes(this, (char *)hdr, pktsiz);
376 timer_start = 0; /* clear timer */
385 if (!m_suppress_error_msgs) {
386 Qmsg5(m_jcr, M_ERROR, 0,
387 _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
389 m_host, m_port, this->bstrerror());
392 Qmsg5(m_jcr, M_ERROR, 0,
393 _("Wrote %d bytes to %s:%s:%d, but only %d accepted.\n"),
394 msglen, m_who, m_host, m_port, rc);
398 if (m_use_locking) V(m_mutex);
403 * Format and send a message
404 * Returns: false on error
407 bool BSOCK::fsend(const char *fmt, ...)
412 if (errors || is_terminated()) {
415 /* This probably won't work, but we vsnprintf, then if we
416 * get a negative length or a length greater than our buffer
417 * (depending on which library is used), the printf was truncated, so
418 * get a bigger buffer and try again.
421 maxlen = sizeof_pool_memory(msg) - 1;
422 va_start(arg_ptr, fmt);
423 msglen = bvsnprintf(msg, maxlen, fmt, arg_ptr);
425 if (msglen > 0 && msglen < (maxlen - 5)) {
428 msg = realloc_pool_memory(msg, maxlen + maxlen / 2);
434 * Receive a message from the other end. Each message consists of
435 * two packets. The first is a header that contains the size
436 * of the data that follows in the second packet.
437 * Returns number of bytes read (may return zero)
438 * Returns -1 on signal (BNET_SIGNAL)
439 * Returns -2 on hard end of file (BNET_HARDEOF)
440 * Returns -3 on error (BNET_ERROR)
442 * Unfortunately, it is a bit complicated because we have these
445 * 2. Signal including end of data stream
446 * 3. Hard end of file
448 * Using is_bnet_stop() and is_bnet_error() you can figure this all out.
450 int32_t BSOCK::recv()
457 if (errors || is_terminated()) {
461 if (m_use_locking) P(m_mutex);
462 read_seqno++; /* bump sequence number */
463 timer_start = watchdog_time; /* set start wait time */
465 /* get data size -- in int32_t */
466 if ((nbytes = read_nbytes(this, (char *)&pktsiz, sizeof(int32_t))) <= 0) {
467 timer_start = 0; /* clear timer */
468 /* probably pipe broken because client died */
475 nbytes = BNET_HARDEOF; /* assume hard EOF received */
478 timer_start = 0; /* clear timer */
479 if (nbytes != sizeof(int32_t)) {
482 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
483 sizeof(int32_t), nbytes, m_who, m_host, m_port);
488 pktsiz = ntohl(pktsiz); /* decode no. of bytes that follow */
490 if (pktsiz == 0) { /* No data transferred */
491 timer_start = 0; /* clear timer */
494 nbytes = 0; /* zero bytes read */
498 /* If signal or packet size too big */
499 if (pktsiz < 0 || pktsiz > 1000000) {
500 if (pktsiz > 0) { /* if packet too big */
501 Qmsg3(m_jcr, M_FATAL, 0,
502 _("Packet size too big from \"%s:%s:%d. Terminating connection.\n"),
503 m_who, m_host, m_port);
504 pktsiz = BNET_TERMINATE; /* hang up */
506 if (pktsiz == BNET_TERMINATE) {
509 timer_start = 0; /* clear timer */
511 msglen = pktsiz; /* signal code */
512 nbytes = BNET_SIGNAL; /* signal */
516 /* Make sure the buffer is big enough + one byte for EOS */
517 if (pktsiz >= (int32_t) sizeof_pool_memory(msg)) {
518 msg = realloc_pool_memory(msg, pktsiz + 100);
521 timer_start = watchdog_time; /* set start wait time */
523 /* now read the actual data */
524 if ((nbytes = read_nbytes(this, msg, pktsiz)) <= 0) {
525 timer_start = 0; /* clear timer */
532 Qmsg4(m_jcr, M_ERROR, 0, _("Read error from %s:%s:%d: ERR=%s\n"),
533 m_who, m_host, m_port, this->bstrerror());
537 timer_start = 0; /* clear timer */
540 if (nbytes != pktsiz) {
543 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
544 pktsiz, nbytes, m_who, m_host, m_port);
548 /* always add a zero by to properly terminate any
549 * string that was send to us. Note, we ensured above that the
550 * buffer is at least one byte longer than the message length.
552 msg[nbytes] = 0; /* terminate in case it is a string */
554 * The following uses *lots* of resources so turn it on only for
560 if (m_use_locking) V(m_mutex);
561 return nbytes; /* return actual length of message */
567 bool BSOCK::signal(int signal)
570 if (signal == BNET_TERMINATE) {
571 m_suppress_error_msgs = true;
577 * Despool spooled attributes
579 bool BSOCK::despool(void update_attr_spool_size(ssize_t size), ssize_t tsize)
583 ssize_t last = 0, size = 0;
585 JCR *jcr = get_jcr();
589 #if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
590 posix_fadvise(fileno(m_spool_fd), 0, 0, POSIX_FADV_WILLNEED);
593 while (fread((char *)&pktsiz, 1, sizeof(int32_t), m_spool_fd) ==
595 size += sizeof(int32_t);
596 msglen = ntohl(pktsiz);
598 if (msglen > (int32_t)sizeof_pool_memory(msg)) {
599 msg = realloc_pool_memory(msg, msglen + 1);
601 nbytes = fread(msg, 1, msglen, m_spool_fd);
602 if (nbytes != (size_t)msglen) {
604 Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
605 Qmsg1(get_jcr(), M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
607 update_attr_spool_size(tsize - last);
611 if ((++count & 0x3F) == 0) {
612 update_attr_spool_size(size - last);
617 if (jcr && job_canceled(jcr)) {
621 update_attr_spool_size(tsize - last);
622 if (ferror(m_spool_fd)) {
623 Qmsg(jcr, M_FATAL, 0, _("fread attr spool I/O error.\n"));
630 * Return the string for the error that occurred
631 * on the socket. Only the first error is retained.
633 const char *BSOCK::bstrerror()
636 if (errmsg == NULL) {
637 errmsg = get_pool_memory(PM_MESSAGE);
639 pm_strcpy(errmsg, be.bstrerror(b_errno));
643 int BSOCK::get_peer(char *buf, socklen_t buflen)
645 #if !defined(HAVE_WIN32)
646 if (peer_addr.sin_family == 0) {
647 socklen_t salen = sizeof(peer_addr);
648 int rval = (getpeername)(m_fd, (struct sockaddr *)&peer_addr, &salen);
649 if (rval < 0) return rval;
651 if (!inet_ntop(peer_addr.sin_family, &peer_addr.sin_addr, buf, buflen))
661 * Set the network buffer size, suggested size is in size.
662 * Actual size obtained is returned in bs->msglen
664 * Returns: false on failure
667 bool BSOCK::set_buffer_size(uint32_t size, int rw)
669 uint32_t dbuf_size, start_size;
671 #if defined(IP_TOS) && defined(IPTOS_THROUGHPUT)
673 opt = IPTOS_THROUGHPUT;
674 setsockopt(fd, IPPROTO_IP, IP_TOS, (sockopt_val_t)&opt, sizeof(opt));
680 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
682 start_size = dbuf_size;
683 if ((msg = realloc_pool_memory(msg, dbuf_size + 100)) == NULL) {
684 Qmsg0(get_jcr(), M_FATAL, 0, _("Could not malloc BSOCK data buffer\n"));
689 * If user has not set the size, use the OS default -- i.e. do not
690 * try to set it. This allows sys admins to set the size they
691 * want in the OS, and Bacula will comply. See bug #1493
698 if (rw & BNET_SETBUF_READ) {
699 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
700 SO_RCVBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
702 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
703 dbuf_size -= TAPE_BSIZE;
705 Dmsg1(200, "set network buffer size=%d\n", dbuf_size);
706 if (dbuf_size != start_size) {
707 Qmsg1(get_jcr(), M_WARNING, 0,
708 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
710 if (dbuf_size % TAPE_BSIZE != 0) {
711 Qmsg1(get_jcr(), M_ABORT, 0,
712 _("Network buffer size %d not multiple of tape block size.\n"),
719 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
721 start_size = dbuf_size;
722 if (rw & BNET_SETBUF_WRITE) {
723 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
724 SO_SNDBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
726 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
727 dbuf_size -= TAPE_BSIZE;
729 Dmsg1(900, "set network buffer size=%d\n", dbuf_size);
730 if (dbuf_size != start_size) {
731 Qmsg1(get_jcr(), M_WARNING, 0,
732 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
734 if (dbuf_size % TAPE_BSIZE != 0) {
735 Qmsg1(get_jcr(), M_ABORT, 0,
736 _("Network buffer size %d not multiple of tape block size.\n"),
746 * Set socket non-blocking
747 * Returns previous socket flag
749 int BSOCK::set_nonblocking()
754 /* Get current flags */
755 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
757 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
760 /* Set O_NONBLOCK flag */
761 if ((fcntl(m_fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
763 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
773 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
781 * Set socket blocking
782 * Returns previous socket flags
784 int BSOCK::set_blocking()
788 /* Get current flags */
789 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
791 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
794 /* Set O_NONBLOCK flag */
795 if ((fcntl(m_fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
797 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
807 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
814 void BSOCK::set_killable(bool killable)
817 m_jcr->set_killable(killable);
822 * Restores socket flags
824 void BSOCK::restore_blocking (int flags)
827 if ((fcntl(m_fd, F_SETFL, flags)) < 0) {
829 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
832 m_blocking = (flags & O_NONBLOCK) ? true : false;
834 u_long ioctlArg = flags;
836 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
842 * Wait for a specified time for data to appear on
843 * the BSOCK connection.
845 * Returns: 1 if data available
849 int BSOCK::wait_data(int sec, int usec)
855 FD_SET((unsigned)m_fd, &fdset);
859 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
860 case 0: /* timeout */
865 if (errno == EINTR) {
868 return -1; /* error return */
877 * As above, but returns on interrupt
879 int BSOCK::wait_data_intr(int sec, int usec)
888 FD_SET((unsigned)m_fd, &fdset);
891 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
892 case 0: /* timeout */
897 return -1; /* error return */
906 * Note, this routine closes and destroys all the sockets
907 * that are open including the duped ones.
921 for (; bsock; bsock = next) {
922 next = bsock->m_next; /* get possible pointer to next before destoryed */
923 if (!bsock->m_duped) {
924 /* Shutdown tls cleanly. */
926 tls_bsock_shutdown(bsock);
927 free_tls_connection(bsock->tls);
930 if (bsock->is_timed_out()) {
931 shutdown(bsock->m_fd, SHUT_RDWR); /* discard any pending I/O */
933 socketClose(bsock->m_fd); /* normal close */
940 void BSOCK::destroy()
943 free_pool_memory(msg);
946 ASSERT(1 == 0); /* double close */
949 free_pool_memory(errmsg);
967 /* Commands sent to Director */
968 static char hello[] = "Hello %s calling\n";
970 /* Response from Director */
971 static char OKhello[] = "1000 OK:";
974 * Authenticate Director
976 bool BSOCK::authenticate_director(const char *name, const char *password,
977 TLS_CONTEXT *tls_ctx, char *response, int response_len)
979 int tls_local_need = BNET_TLS_NONE;
980 int tls_remote_need = BNET_TLS_NONE;
981 int compatible = true;
982 char bashed_name[MAX_NAME_LENGTH];
983 BSOCK *dir = this; /* for readability */
987 * Send my name to the Director then do authentication
990 /* Timeout Hello after 15 secs */
991 dir->start_timer(15);
992 dir->fsend(hello, bashed_name);
994 if (get_tls_enable(tls_ctx)) {
995 tls_local_need = get_tls_enable(tls_ctx) ? BNET_TLS_REQUIRED : BNET_TLS_OK;
998 /* respond to Dir challenge */
999 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
1000 /* Now challenge dir */
1001 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
1002 bsnprintf(response, response_len, _("Director authorization problem at \"%s:%d\"\n"),
1003 dir->host(), dir->port());
1007 /* Verify that the remote host is willing to meet our TLS requirements */
1008 if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1009 bsnprintf(response, response_len, _("Authorization problem:"
1010 " Remote server at \"%s:%d\" did not advertise required TLS support.\n"),
1011 dir->host(), dir->port());
1015 /* Verify that we are willing to meet the remote host's requirements */
1016 if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1017 bsnprintf(response, response_len, _("Authorization problem with Director at \"%s:%d\":"
1018 " Remote server requires TLS.\n"),
1019 dir->host(), dir->port());
1024 /* Is TLS Enabled? */
1026 if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
1027 /* Engage TLS! Full Speed Ahead! */
1028 if (!bnet_tls_client(tls_ctx, dir, NULL)) {
1029 bsnprintf(response, response_len, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
1030 dir->host(), dir->port());
1036 Dmsg1(6, ">dird: %s", dir->msg);
1037 if (dir->recv() <= 0) {
1039 bsnprintf(response, response_len, _("Bad response to Hello command: ERR=%s\n"
1040 "The Director at \"%s:%d\" is probably not running.\n"),
1041 dir->bstrerror(), dir->host(), dir->port());
1046 Dmsg1(10, "<dird: %s", dir->msg);
1047 if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) {
1048 bsnprintf(response, response_len, _("Director at \"%s:%d\" rejected Hello command\n"),
1049 dir->host(), dir->port());
1052 bsnprintf(response, response_len, "%s", dir->msg);
1058 bsnprintf(response, response_len, _("Authorization problem with Director at \"%s:%d\"\n"
1059 "Most likely the passwords do not agree.\n"
1060 "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
1061 "Please see " MANUAL_AUTH_URL " for help.\n"),
1062 dir->host(), dir->port());