2 Bacula® - The Network Backup Solution
4 Copyright (C) 2007-2011 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Network Utility Routines
38 #include <netinet/tcp.h>
40 #ifndef ENODATA /* not defined on BSD systems */
45 #define SOL_TCP IPPROTO_TCP
49 #define socketRead(fd, buf, len) ::recv(fd, buf, len, 0)
50 #define socketWrite(fd, buf, len) ::send(fd, buf, len, 0)
51 #define socketClose(fd) ::closesocket(fd)
53 #define socketRead(fd, buf, len) ::read(fd, buf, len)
54 #define socketWrite(fd, buf, len) ::write(fd, buf, len)
55 #define socketClose(fd) ::close(fd)
59 * This is a non-class BSOCK "constructor" because we want to
60 * call the Bacula smartalloc routines instead of new.
64 BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
71 memset(this, 0, sizeof(BSOCK));
73 msg = get_pool_memory(PM_BSOCK);
74 errmsg = get_pool_memory(PM_MESSAGE);
76 * ****FIXME**** reduce this to a few hours once
77 * heartbeats are implemented
79 timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
83 * This is our "class destructor" that ensures that we use
84 * smartalloc rather than the system free().
86 void BSOCK::free_bsock()
91 void BSOCK::free_tls()
93 free_tls_connection(this->tls);
98 * Try to connect to host for max_retry_time at retry_time intervals.
99 * Note, you must have called the constructor prior to calling
102 bool BSOCK::connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
104 const char *name, char *host, char *service, int port,
110 time_t begin_time = time(NULL);
112 btimer_t *tid = NULL;
114 /* Try to trap out of OS call when time expires */
115 if (max_retry_time) {
116 tid = start_thread_timer(jcr, pthread_self(), (uint32_t)max_retry_time);
119 for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
120 i -= retry_interval) {
122 if (fatal || (jcr && job_canceled(jcr))) {
125 Dmsg4(100, "Unable to connect to %s on %s:%d. ERR=%s\n",
126 name, host, port, be.bstrerror());
128 i = 60 * 5; /* complain again in 5 minutes */
130 Qmsg4(jcr, M_WARNING, 0, _(
131 "Could not connect to %s on %s:%d. ERR=%s\n"
132 "Retrying ...\n"), name, host, port, be.bstrerror());
134 bmicrosleep(retry_interval, 0);
136 if (begin_time + max_retry_time <= now) {
137 Qmsg4(jcr, M_FATAL, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
138 name, host, port, be.bstrerror());
146 stop_thread_timer(tid);
152 * Finish initialization of the pocket structure.
154 void BSOCK::fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
155 struct sockaddr *lclient_addr)
157 Dmsg3(100, "who=%s host=%s port=%d\n", who, host, port);
159 set_who(bstrdup(who));
160 set_host(bstrdup(host));
162 memcpy(&client_addr, lclient_addr, sizeof(client_addr));
167 * Copy the address from the configuration dlist that gets passed in
169 void BSOCK::set_source_address(dlist *src_addr_list)
173 // delete the object we already have, if it's allocated
180 addr = (IPADDR*) src_addr_list->first();
181 src_addr = New( IPADDR(*addr));
186 * Open a TCP connection to the server
188 * Returns BSOCK * pointer on success
190 bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
191 int port, utime_t heart_beat, int *fatal)
195 IPADDR *ipaddr, *next;
196 bool connected = false;
202 * Fill in the structure serv_addr with the address of
203 * the server that we want to connect with.
205 if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
206 /* Note errstr is not malloc'ed */
207 Qmsg2(jcr, M_ERROR, 0, _("bnet_host2ipaddrs() for host \"%s\" failed: ERR=%s\n"),
209 Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
216 * Remove any duplicate addresses.
218 for (ipaddr = (IPADDR *)addr_list->first();
219 ipaddr; ipaddr = (IPADDR *)addr_list->next(ipaddr)) {
220 for (next = (IPADDR *)addr_list->next(ipaddr); next;
221 next = (IPADDR *)addr_list->next(next)) {
222 if (ipaddr->get_sockaddr_len() == next->get_sockaddr_len() &&
223 memcmp(ipaddr->get_sockaddr(), next->get_sockaddr(),
224 ipaddr->get_sockaddr_len()) == 0) {
225 addr_list->remove(next);
230 foreach_dlist(ipaddr, addr_list) {
231 ipaddr->set_port_net(htons(port));
232 char allbuf[256 * 10];
234 Dmsg2(100, "Current %sAll %s\n",
235 ipaddr->build_address_str(curbuf, sizeof(curbuf)),
236 build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
237 /* Open a TCP socket */
238 if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
245 * The name lookup of the host returned an address in a protocol family
246 * we don't support. Suppress the error and try the next address.
252 Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
253 ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
259 /* Bind to the source address if it is set */
261 if (bind(sockfd, src_addr->get_sockaddr(), src_addr->get_sockaddr_len()) < 0) {
265 Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
266 src_addr->get_family(), be.bstrerror() );
272 * Keep socket from timing out from inactivity
274 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
276 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
279 #if defined(TCP_KEEPIDLE)
281 int opt = heart_beat;
282 if (setsockopt(sockfd, SOL_TCP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
284 Qmsg1(jcr, M_WARNING, 0, _("Cannot set TCP_KEEPIDLE on socket: %s\n"),
290 /* connect to server */
291 if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
302 free_addresses(addr_list);
303 errno = save_errno | b_errno_win32;
307 * Keep socket from timing out from inactivity
308 * Do this a second time out of paranoia
310 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
312 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
315 fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
316 free_addresses(addr_list);
321 * Force read/write to use locking
323 bool BSOCK::set_locking()
327 return true; /* already set */
329 if ((stat = pthread_mutex_init(&m_mutex, NULL)) != 0) {
331 Qmsg(m_jcr, M_FATAL, 0, _("Could not init bsock mutex. ERR=%s\n"),
335 m_use_locking = true;
339 void BSOCK::clear_locking()
341 if (!m_use_locking) {
344 m_use_locking = false;
345 pthread_mutex_destroy(&m_mutex);
350 * Send a message over the network. The send consists of
351 * two network packets. The first is sends a 32 bit integer containing
352 * the length of the data packet which follows.
354 * Returns: false on failure
365 if (!m_suppress_error_msgs) {
366 Qmsg4(m_jcr, M_ERROR, 0, _("Socket has errors=%d on call to %s:%s:%d\n"),
367 errors, m_who, m_host, m_port);
371 if (is_terminated()) {
372 if (!m_suppress_error_msgs) {
373 Qmsg4(m_jcr, M_ERROR, 0, _("Socket is terminated=%d on call to %s:%s:%d\n"),
374 is_terminated(), m_who, m_host, m_port);
378 if (msglen > 4000000) {
379 if (!m_suppress_error_msgs) {
380 Qmsg4(m_jcr, M_ERROR, 0,
381 _("Socket has insane msglen=%d on call to %s:%s:%d\n"),
382 msglen, m_who, m_host, m_port);
387 if (m_use_locking) P(m_mutex);
388 /* Compute total packet length */
390 pktsiz = sizeof(pktsiz); /* signal, no data */
392 pktsiz = msglen + sizeof(pktsiz); /* data */
394 /* Store packet length at head of message -- note, we
395 * have reserved an int32_t just before msg, so we can
398 hdr = (int32_t *)(msg - (int)sizeof(pktsiz));
399 *hdr = htonl(msglen); /* store signal/length */
401 out_msg_no++; /* increment message number */
403 /* send data packet */
404 timer_start = watchdog_time; /* start timer */
406 /* Full I/O done in one write */
407 rc = write_nbytes(this, (char *)hdr, pktsiz);
408 timer_start = 0; /* clear timer */
417 if (!m_suppress_error_msgs) {
418 Qmsg5(m_jcr, M_ERROR, 0,
419 _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
421 m_host, m_port, this->bstrerror());
424 Qmsg5(m_jcr, M_ERROR, 0,
425 _("Wrote %d bytes to %s:%s:%d, but only %d accepted.\n"),
426 msglen, m_who, m_host, m_port, rc);
430 if (m_use_locking) V(m_mutex);
435 * Format and send a message
436 * Returns: false on error
439 bool BSOCK::fsend(const char *fmt, ...)
444 if (errors || is_terminated()) {
447 /* This probably won't work, but we vsnprintf, then if we
448 * get a negative length or a length greater than our buffer
449 * (depending on which library is used), the printf was truncated, so
450 * get a bigger buffer and try again.
453 maxlen = sizeof_pool_memory(msg) - 1;
454 va_start(arg_ptr, fmt);
455 msglen = bvsnprintf(msg, maxlen, fmt, arg_ptr);
457 if (msglen > 0 && msglen < (maxlen - 5)) {
460 msg = realloc_pool_memory(msg, maxlen + maxlen / 2);
466 * Receive a message from the other end. Each message consists of
467 * two packets. The first is a header that contains the size
468 * of the data that follows in the second packet.
469 * Returns number of bytes read (may return zero)
470 * Returns -1 on signal (BNET_SIGNAL)
471 * Returns -2 on hard end of file (BNET_HARDEOF)
472 * Returns -3 on error (BNET_ERROR)
474 * Unfortunately, it is a bit complicated because we have these
477 * 2. Signal including end of data stream
478 * 3. Hard end of file
480 * Using is_bnet_stop() and is_bnet_error() you can figure this all out.
482 int32_t BSOCK::recv()
489 if (errors || is_terminated()) {
493 if (m_use_locking) P(m_mutex);
494 read_seqno++; /* bump sequence number */
495 timer_start = watchdog_time; /* set start wait time */
497 /* get data size -- in int32_t */
498 if ((nbytes = read_nbytes(this, (char *)&pktsiz, sizeof(int32_t))) <= 0) {
499 timer_start = 0; /* clear timer */
500 /* probably pipe broken because client died */
507 nbytes = BNET_HARDEOF; /* assume hard EOF received */
510 timer_start = 0; /* clear timer */
511 if (nbytes != sizeof(int32_t)) {
514 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
515 sizeof(int32_t), nbytes, m_who, m_host, m_port);
520 pktsiz = ntohl(pktsiz); /* decode no. of bytes that follow */
522 if (pktsiz == 0) { /* No data transferred */
523 timer_start = 0; /* clear timer */
526 nbytes = 0; /* zero bytes read */
530 /* If signal or packet size too big */
531 if (pktsiz < 0 || pktsiz > 1000000) {
532 if (pktsiz > 0) { /* if packet too big */
533 Qmsg3(m_jcr, M_FATAL, 0,
534 _("Packet size too big from \"%s:%s:%d. Terminating connection.\n"),
535 m_who, m_host, m_port);
536 pktsiz = BNET_TERMINATE; /* hang up */
538 if (pktsiz == BNET_TERMINATE) {
541 timer_start = 0; /* clear timer */
543 msglen = pktsiz; /* signal code */
544 nbytes = BNET_SIGNAL; /* signal */
548 /* Make sure the buffer is big enough + one byte for EOS */
549 if (pktsiz >= (int32_t) sizeof_pool_memory(msg)) {
550 msg = realloc_pool_memory(msg, pktsiz + 100);
553 timer_start = watchdog_time; /* set start wait time */
555 /* now read the actual data */
556 if ((nbytes = read_nbytes(this, msg, pktsiz)) <= 0) {
557 timer_start = 0; /* clear timer */
564 Qmsg4(m_jcr, M_ERROR, 0, _("Read error from %s:%s:%d: ERR=%s\n"),
565 m_who, m_host, m_port, this->bstrerror());
569 timer_start = 0; /* clear timer */
572 if (nbytes != pktsiz) {
575 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
576 pktsiz, nbytes, m_who, m_host, m_port);
580 /* always add a zero by to properly terminate any
581 * string that was send to us. Note, we ensured above that the
582 * buffer is at least one byte longer than the message length.
584 msg[nbytes] = 0; /* terminate in case it is a string */
586 * The following uses *lots* of resources so turn it on only for
592 if (m_use_locking) V(m_mutex);
593 return nbytes; /* return actual length of message */
599 bool BSOCK::signal(int signal)
602 if (signal == BNET_TERMINATE) {
603 m_suppress_error_msgs = true;
609 * Despool spooled attributes
611 bool BSOCK::despool(void update_attr_spool_size(ssize_t size), ssize_t tsize)
615 ssize_t last = 0, size = 0;
617 JCR *jcr = get_jcr();
621 #if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
622 posix_fadvise(fileno(m_spool_fd), 0, 0, POSIX_FADV_WILLNEED);
625 while (fread((char *)&pktsiz, 1, sizeof(int32_t), m_spool_fd) ==
627 size += sizeof(int32_t);
628 msglen = ntohl(pktsiz);
630 if (msglen > (int32_t)sizeof_pool_memory(msg)) {
631 msg = realloc_pool_memory(msg, msglen + 1);
633 nbytes = fread(msg, 1, msglen, m_spool_fd);
634 if (nbytes != (size_t)msglen) {
636 Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
637 Qmsg1(get_jcr(), M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
639 update_attr_spool_size(tsize - last);
643 if ((++count & 0x3F) == 0) {
644 update_attr_spool_size(size - last);
649 if (jcr && job_canceled(jcr)) {
653 update_attr_spool_size(tsize - last);
654 if (ferror(m_spool_fd)) {
655 Qmsg(jcr, M_FATAL, 0, _("fread attr spool I/O error.\n"));
662 * Return the string for the error that occurred
663 * on the socket. Only the first error is retained.
665 const char *BSOCK::bstrerror()
668 if (errmsg == NULL) {
669 errmsg = get_pool_memory(PM_MESSAGE);
671 pm_strcpy(errmsg, be.bstrerror(b_errno));
675 int BSOCK::get_peer(char *buf, socklen_t buflen)
677 #if !defined(HAVE_WIN32)
678 if (peer_addr.sin_family == 0) {
679 socklen_t salen = sizeof(peer_addr);
680 int rval = (getpeername)(m_fd, (struct sockaddr *)&peer_addr, &salen);
681 if (rval < 0) return rval;
683 if (!inet_ntop(peer_addr.sin_family, &peer_addr.sin_addr, buf, buflen))
693 * Set the network buffer size, suggested size is in size.
694 * Actual size obtained is returned in bs->msglen
696 * Returns: false on failure
699 bool BSOCK::set_buffer_size(uint32_t size, int rw)
701 uint32_t dbuf_size, start_size;
703 #if defined(IP_TOS) && defined(IPTOS_THROUGHPUT)
705 opt = IPTOS_THROUGHPUT;
706 setsockopt(fd, IPPROTO_IP, IP_TOS, (sockopt_val_t)&opt, sizeof(opt));
712 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
714 start_size = dbuf_size;
715 if ((msg = realloc_pool_memory(msg, dbuf_size + 100)) == NULL) {
716 Qmsg0(get_jcr(), M_FATAL, 0, _("Could not malloc BSOCK data buffer\n"));
721 * If user has not set the size, use the OS default -- i.e. do not
722 * try to set it. This allows sys admins to set the size they
723 * want in the OS, and Bacula will comply. See bug #1493
730 if (rw & BNET_SETBUF_READ) {
731 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
732 SO_RCVBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
734 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
735 dbuf_size -= TAPE_BSIZE;
737 Dmsg1(200, "set network buffer size=%d\n", dbuf_size);
738 if (dbuf_size != start_size) {
739 Qmsg1(get_jcr(), M_WARNING, 0,
740 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
746 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
748 start_size = dbuf_size;
749 if (rw & BNET_SETBUF_WRITE) {
750 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
751 SO_SNDBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
753 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
754 dbuf_size -= TAPE_BSIZE;
756 Dmsg1(900, "set network buffer size=%d\n", dbuf_size);
757 if (dbuf_size != start_size) {
758 Qmsg1(get_jcr(), M_WARNING, 0,
759 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
768 * Set socket non-blocking
769 * Returns previous socket flag
771 int BSOCK::set_nonblocking()
776 /* Get current flags */
777 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
779 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
782 /* Set O_NONBLOCK flag */
783 if ((fcntl(m_fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
785 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
795 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
803 * Set socket blocking
804 * Returns previous socket flags
806 int BSOCK::set_blocking()
810 /* Get current flags */
811 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
813 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
816 /* Set O_NONBLOCK flag */
817 if ((fcntl(m_fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
819 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
829 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
836 void BSOCK::set_killable(bool killable)
839 m_jcr->set_killable(killable);
844 * Restores socket flags
846 void BSOCK::restore_blocking (int flags)
849 if ((fcntl(m_fd, F_SETFL, flags)) < 0) {
851 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
854 m_blocking = (flags & O_NONBLOCK) ? true : false;
856 u_long ioctlArg = flags;
858 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
864 * Wait for a specified time for data to appear on
865 * the BSOCK connection.
867 * Returns: 1 if data available
871 int BSOCK::wait_data(int sec, int usec)
877 FD_SET((unsigned)m_fd, &fdset);
881 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
882 case 0: /* timeout */
887 if (errno == EINTR) {
890 return -1; /* error return */
899 * As above, but returns on interrupt
901 int BSOCK::wait_data_intr(int sec, int usec)
910 FD_SET((unsigned)m_fd, &fdset);
913 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
914 case 0: /* timeout */
919 return -1; /* error return */
928 * Note, this routine closes and destroys all the sockets
929 * that are open including the duped ones.
943 for (; bsock; bsock = next) {
944 next = bsock->m_next; /* get possible pointer to next before destoryed */
945 if (!bsock->m_duped) {
946 /* Shutdown tls cleanly. */
948 tls_bsock_shutdown(bsock);
949 free_tls_connection(bsock->tls);
952 if (bsock->is_timed_out()) {
953 shutdown(bsock->m_fd, SHUT_RDWR); /* discard any pending I/O */
955 socketClose(bsock->m_fd); /* normal close */
962 void BSOCK::destroy()
965 free_pool_memory(msg);
968 ASSERT(1 == 0); /* double close */
971 free_pool_memory(errmsg);
989 /* Commands sent to Director */
990 static char hello[] = "Hello %s calling\n";
992 /* Response from Director */
993 static char OKhello[] = "1000 OK:";
996 * Authenticate Director
998 bool BSOCK::authenticate_director(const char *name, const char *password,
999 TLS_CONTEXT *tls_ctx, char *response, int response_len)
1001 int tls_local_need = BNET_TLS_NONE;
1002 int tls_remote_need = BNET_TLS_NONE;
1003 int compatible = true;
1004 char bashed_name[MAX_NAME_LENGTH];
1005 BSOCK *dir = this; /* for readability */
1009 * Send my name to the Director then do authentication
1012 /* Timeout Hello after 15 secs */
1013 dir->start_timer(15);
1014 dir->fsend(hello, bashed_name);
1016 if (get_tls_enable(tls_ctx)) {
1017 tls_local_need = get_tls_enable(tls_ctx) ? BNET_TLS_REQUIRED : BNET_TLS_OK;
1020 /* respond to Dir challenge */
1021 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
1022 /* Now challenge dir */
1023 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
1024 bsnprintf(response, response_len, _("Director authorization problem at \"%s:%d\"\n"),
1025 dir->host(), dir->port());
1029 /* Verify that the remote host is willing to meet our TLS requirements */
1030 if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1031 bsnprintf(response, response_len, _("Authorization problem:"
1032 " Remote server at \"%s:%d\" did not advertise required TLS support.\n"),
1033 dir->host(), dir->port());
1037 /* Verify that we are willing to meet the remote host's requirements */
1038 if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1039 bsnprintf(response, response_len, _("Authorization problem with Director at \"%s:%d\":"
1040 " Remote server requires TLS.\n"),
1041 dir->host(), dir->port());
1046 /* Is TLS Enabled? */
1048 if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
1049 /* Engage TLS! Full Speed Ahead! */
1050 if (!bnet_tls_client(tls_ctx, dir, NULL)) {
1051 bsnprintf(response, response_len, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
1052 dir->host(), dir->port());
1058 Dmsg1(6, ">dird: %s", dir->msg);
1059 if (dir->recv() <= 0) {
1061 bsnprintf(response, response_len, _("Bad response to Hello command: ERR=%s\n"
1062 "The Director at \"%s:%d\" is probably not running.\n"),
1063 dir->bstrerror(), dir->host(), dir->port());
1068 Dmsg1(10, "<dird: %s", dir->msg);
1069 if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) {
1070 bsnprintf(response, response_len, _("Director at \"%s:%d\" rejected Hello command\n"),
1071 dir->host(), dir->port());
1074 bsnprintf(response, response_len, "%s", dir->msg);
1080 bsnprintf(response, response_len, _("Authorization problem with Director at \"%s:%d\"\n"
1081 "Most likely the passwords do not agree.\n"
1082 "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
1083 "Please see " MANUAL_AUTH_URL " for help.\n"),
1084 dir->host(), dir->port());