2 Bacula® - The Network Backup Solution
4 Copyright (C) 2007-2011 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Network Utility Routines
38 #include <netinet/tcp.h>
40 #ifndef ENODATA /* not defined on BSD systems */
45 #define SOL_TCP IPPROTO_TCP
49 #define socketRead(fd, buf, len) ::recv(fd, buf, len, 0)
50 #define socketWrite(fd, buf, len) ::send(fd, buf, len, 0)
51 #define socketClose(fd) ::closesocket(fd)
53 #define socketRead(fd, buf, len) ::read(fd, buf, len)
54 #define socketWrite(fd, buf, len) ::write(fd, buf, len)
55 #define socketClose(fd) ::close(fd)
59 * This is a non-class BSOCK "constructor" because we want to
60 * call the Bacula smartalloc routines instead of new.
64 BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
71 memset(this, 0, sizeof(BSOCK));
73 msg = get_pool_memory(PM_BSOCK);
74 errmsg = get_pool_memory(PM_MESSAGE);
76 * ****FIXME**** reduce this to a few hours once
77 * heartbeats are implemented
79 timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
83 * This is our "class destructor" that ensures that we use
84 * smartalloc rather than the system free().
86 void BSOCK::free_bsock()
91 void BSOCK::free_tls()
93 free_tls_connection(this->tls);
98 * Try to connect to host for max_retry_time at retry_time intervals.
99 * Note, you must have called the constructor prior to calling
102 bool BSOCK::connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
104 const char *name, char *host, char *service, int port,
110 time_t begin_time = time(NULL);
112 btimer_t *tid = NULL;
114 /* Try to trap out of OS call when time expires */
115 if (max_retry_time) {
116 tid = start_thread_timer(jcr, pthread_self(), (uint32_t)max_retry_time);
119 for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
120 i -= retry_interval) {
122 if (fatal || (jcr && job_canceled(jcr))) {
125 Dmsg4(100, "Unable to connect to %s on %s:%d. ERR=%s\n",
126 name, host, port, be.bstrerror());
128 i = 60 * 5; /* complain again in 5 minutes */
130 Qmsg4(jcr, M_WARNING, 0, _(
131 "Could not connect to %s on %s:%d. ERR=%s\n"
132 "Retrying ...\n"), name, host, port, be.bstrerror());
134 bmicrosleep(retry_interval, 0);
136 if (begin_time + max_retry_time <= now) {
137 Qmsg4(jcr, M_FATAL, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
138 name, host, port, be.bstrerror());
146 stop_thread_timer(tid);
152 * Finish initialization of the pocket structure.
154 void BSOCK::fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
155 struct sockaddr *lclient_addr)
157 Dmsg3(100, "who=%s host=%s port=%d\n", who, host, port);
159 set_who(bstrdup(who));
160 set_host(bstrdup(host));
162 memcpy(&client_addr, lclient_addr, sizeof(client_addr));
167 * Copy the address from the configuration dlist that gets passed in
169 void BSOCK::set_source_address(dlist *src_addr_list)
173 // delete the object we already have, if it's allocated
180 addr = (IPADDR*) src_addr_list->first();
181 src_addr = New( IPADDR(*addr));
186 * Open a TCP connection to the server
188 * Returns BSOCK * pointer on success
190 bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
191 int port, utime_t heart_beat, int *fatal)
195 IPADDR *ipaddr, *next;
196 bool connected = false;
202 * Fill in the structure serv_addr with the address of
203 * the server that we want to connect with.
205 if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
206 /* Note errstr is not malloc'ed */
207 Qmsg2(jcr, M_ERROR, 0, _("bnet_host2ipaddrs() for host \"%s\" failed: ERR=%s\n"),
209 Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
216 * Remove any duplicate addresses.
218 for (ipaddr = (IPADDR *)addr_list->first(); ipaddr; ipaddr = (IPADDR *)addr_list->next(ipaddr)) {
219 for (next = (IPADDR *)addr_list->next(ipaddr); next; next = (IPADDR *)addr_list->next(next)) {
220 if (ipaddr->get_sockaddr_len() == next->get_sockaddr_len() &&
221 !memcmp(ipaddr->get_sockaddr(), next->get_sockaddr(),
222 ipaddr->get_sockaddr_len())) {
223 addr_list->remove(next);
228 foreach_dlist(ipaddr, addr_list) {
229 ipaddr->set_port_net(htons(port));
230 char allbuf[256 * 10];
232 Dmsg2(100, "Current %sAll %s\n",
233 ipaddr->build_address_str(curbuf, sizeof(curbuf)),
234 build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
235 /* Open a TCP socket */
236 if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
243 * The name lookup of the host returned an address in a protocol family
244 * we don't support. Suppress the error and try the next address.
250 Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
251 ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
257 /* Bind to the source address if it is set */
259 if (bind(sockfd, src_addr->get_sockaddr(), src_addr->get_sockaddr_len()) < 0) {
263 Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
264 src_addr->get_family(), be.bstrerror() );
270 * Keep socket from timing out from inactivity
272 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
274 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
277 #if defined(TCP_KEEPIDLE)
279 int opt = heart_beat;
280 if (setsockopt(sockfd, SOL_TCP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
282 Qmsg1(jcr, M_WARNING, 0, _("Cannot set TCP_KEEPIDLE on socket: %s\n"),
288 /* connect to server */
289 if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
300 free_addresses(addr_list);
301 errno = save_errno | b_errno_win32;
305 * Keep socket from timing out from inactivity
306 * Do this a second time out of paranoia
308 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
310 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
313 fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
314 free_addresses(addr_list);
319 * Force read/write to use locking
321 bool BSOCK::set_locking()
325 return true; /* already set */
327 if ((stat = pthread_mutex_init(&m_mutex, NULL)) != 0) {
329 Qmsg(m_jcr, M_FATAL, 0, _("Could not init bsock mutex. ERR=%s\n"),
333 m_use_locking = true;
337 void BSOCK::clear_locking()
339 if (!m_use_locking) {
342 m_use_locking = false;
343 pthread_mutex_destroy(&m_mutex);
348 * Send a message over the network. The send consists of
349 * two network packets. The first is sends a 32 bit integer containing
350 * the length of the data packet which follows.
352 * Returns: false on failure
363 if (!m_suppress_error_msgs) {
364 Qmsg4(m_jcr, M_ERROR, 0, _("Socket has errors=%d on call to %s:%s:%d\n"),
365 errors, m_who, m_host, m_port);
369 if (is_terminated()) {
370 if (!m_suppress_error_msgs) {
371 Qmsg4(m_jcr, M_ERROR, 0, _("Socket is terminated=%d on call to %s:%s:%d\n"),
372 is_terminated(), m_who, m_host, m_port);
376 if (msglen > 4000000) {
377 if (!m_suppress_error_msgs) {
378 Qmsg4(m_jcr, M_ERROR, 0,
379 _("Socket has insane msglen=%d on call to %s:%s:%d\n"),
380 msglen, m_who, m_host, m_port);
385 if (m_use_locking) P(m_mutex);
386 /* Compute total packet length */
388 pktsiz = sizeof(pktsiz); /* signal, no data */
390 pktsiz = msglen + sizeof(pktsiz); /* data */
392 /* Store packet length at head of message -- note, we
393 * have reserved an int32_t just before msg, so we can
396 hdr = (int32_t *)(msg - (int)sizeof(pktsiz));
397 *hdr = htonl(msglen); /* store signal/length */
399 out_msg_no++; /* increment message number */
401 /* send data packet */
402 timer_start = watchdog_time; /* start timer */
404 /* Full I/O done in one write */
405 rc = write_nbytes(this, (char *)hdr, pktsiz);
406 timer_start = 0; /* clear timer */
415 if (!m_suppress_error_msgs) {
416 Qmsg5(m_jcr, M_ERROR, 0,
417 _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
419 m_host, m_port, this->bstrerror());
422 Qmsg5(m_jcr, M_ERROR, 0,
423 _("Wrote %d bytes to %s:%s:%d, but only %d accepted.\n"),
424 msglen, m_who, m_host, m_port, rc);
428 if (m_use_locking) V(m_mutex);
433 * Format and send a message
434 * Returns: false on error
437 bool BSOCK::fsend(const char *fmt, ...)
442 if (errors || is_terminated()) {
445 /* This probably won't work, but we vsnprintf, then if we
446 * get a negative length or a length greater than our buffer
447 * (depending on which library is used), the printf was truncated, so
448 * get a bigger buffer and try again.
451 maxlen = sizeof_pool_memory(msg) - 1;
452 va_start(arg_ptr, fmt);
453 msglen = bvsnprintf(msg, maxlen, fmt, arg_ptr);
455 if (msglen > 0 && msglen < (maxlen - 5)) {
458 msg = realloc_pool_memory(msg, maxlen + maxlen / 2);
464 * Receive a message from the other end. Each message consists of
465 * two packets. The first is a header that contains the size
466 * of the data that follows in the second packet.
467 * Returns number of bytes read (may return zero)
468 * Returns -1 on signal (BNET_SIGNAL)
469 * Returns -2 on hard end of file (BNET_HARDEOF)
470 * Returns -3 on error (BNET_ERROR)
472 * Unfortunately, it is a bit complicated because we have these
475 * 2. Signal including end of data stream
476 * 3. Hard end of file
478 * Using is_bnet_stop() and is_bnet_error() you can figure this all out.
480 int32_t BSOCK::recv()
487 if (errors || is_terminated()) {
491 if (m_use_locking) P(m_mutex);
492 read_seqno++; /* bump sequence number */
493 timer_start = watchdog_time; /* set start wait time */
495 /* get data size -- in int32_t */
496 if ((nbytes = read_nbytes(this, (char *)&pktsiz, sizeof(int32_t))) <= 0) {
497 timer_start = 0; /* clear timer */
498 /* probably pipe broken because client died */
505 nbytes = BNET_HARDEOF; /* assume hard EOF received */
508 timer_start = 0; /* clear timer */
509 if (nbytes != sizeof(int32_t)) {
512 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
513 sizeof(int32_t), nbytes, m_who, m_host, m_port);
518 pktsiz = ntohl(pktsiz); /* decode no. of bytes that follow */
520 if (pktsiz == 0) { /* No data transferred */
521 timer_start = 0; /* clear timer */
524 nbytes = 0; /* zero bytes read */
528 /* If signal or packet size too big */
529 if (pktsiz < 0 || pktsiz > 1000000) {
530 if (pktsiz > 0) { /* if packet too big */
531 Qmsg3(m_jcr, M_FATAL, 0,
532 _("Packet size too big from \"%s:%s:%d. Terminating connection.\n"),
533 m_who, m_host, m_port);
534 pktsiz = BNET_TERMINATE; /* hang up */
536 if (pktsiz == BNET_TERMINATE) {
539 timer_start = 0; /* clear timer */
541 msglen = pktsiz; /* signal code */
542 nbytes = BNET_SIGNAL; /* signal */
546 /* Make sure the buffer is big enough + one byte for EOS */
547 if (pktsiz >= (int32_t) sizeof_pool_memory(msg)) {
548 msg = realloc_pool_memory(msg, pktsiz + 100);
551 timer_start = watchdog_time; /* set start wait time */
553 /* now read the actual data */
554 if ((nbytes = read_nbytes(this, msg, pktsiz)) <= 0) {
555 timer_start = 0; /* clear timer */
562 Qmsg4(m_jcr, M_ERROR, 0, _("Read error from %s:%s:%d: ERR=%s\n"),
563 m_who, m_host, m_port, this->bstrerror());
567 timer_start = 0; /* clear timer */
570 if (nbytes != pktsiz) {
573 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
574 pktsiz, nbytes, m_who, m_host, m_port);
578 /* always add a zero by to properly terminate any
579 * string that was send to us. Note, we ensured above that the
580 * buffer is at least one byte longer than the message length.
582 msg[nbytes] = 0; /* terminate in case it is a string */
584 * The following uses *lots* of resources so turn it on only for
590 if (m_use_locking) V(m_mutex);
591 return nbytes; /* return actual length of message */
597 bool BSOCK::signal(int signal)
600 if (signal == BNET_TERMINATE) {
601 m_suppress_error_msgs = true;
607 * Despool spooled attributes
609 bool BSOCK::despool(void update_attr_spool_size(ssize_t size), ssize_t tsize)
613 ssize_t last = 0, size = 0;
615 JCR *jcr = get_jcr();
619 #if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
620 posix_fadvise(fileno(m_spool_fd), 0, 0, POSIX_FADV_WILLNEED);
623 while (fread((char *)&pktsiz, 1, sizeof(int32_t), m_spool_fd) ==
625 size += sizeof(int32_t);
626 msglen = ntohl(pktsiz);
628 if (msglen > (int32_t)sizeof_pool_memory(msg)) {
629 msg = realloc_pool_memory(msg, msglen + 1);
631 nbytes = fread(msg, 1, msglen, m_spool_fd);
632 if (nbytes != (size_t)msglen) {
634 Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
635 Qmsg1(get_jcr(), M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
637 update_attr_spool_size(tsize - last);
641 if ((++count & 0x3F) == 0) {
642 update_attr_spool_size(size - last);
647 if (jcr && job_canceled(jcr)) {
651 update_attr_spool_size(tsize - last);
652 if (ferror(m_spool_fd)) {
653 Qmsg(jcr, M_FATAL, 0, _("fread attr spool I/O error.\n"));
660 * Return the string for the error that occurred
661 * on the socket. Only the first error is retained.
663 const char *BSOCK::bstrerror()
666 if (errmsg == NULL) {
667 errmsg = get_pool_memory(PM_MESSAGE);
669 pm_strcpy(errmsg, be.bstrerror(b_errno));
673 int BSOCK::get_peer(char *buf, socklen_t buflen)
675 #if !defined(HAVE_WIN32)
676 if (peer_addr.sin_family == 0) {
677 socklen_t salen = sizeof(peer_addr);
678 int rval = (getpeername)(m_fd, (struct sockaddr *)&peer_addr, &salen);
679 if (rval < 0) return rval;
681 if (!inet_ntop(peer_addr.sin_family, &peer_addr.sin_addr, buf, buflen))
691 * Set the network buffer size, suggested size is in size.
692 * Actual size obtained is returned in bs->msglen
694 * Returns: false on failure
697 bool BSOCK::set_buffer_size(uint32_t size, int rw)
699 uint32_t dbuf_size, start_size;
701 #if defined(IP_TOS) && defined(IPTOS_THROUGHPUT)
703 opt = IPTOS_THROUGHPUT;
704 setsockopt(fd, IPPROTO_IP, IP_TOS, (sockopt_val_t)&opt, sizeof(opt));
710 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
712 start_size = dbuf_size;
713 if ((msg = realloc_pool_memory(msg, dbuf_size + 100)) == NULL) {
714 Qmsg0(get_jcr(), M_FATAL, 0, _("Could not malloc BSOCK data buffer\n"));
719 * If user has not set the size, use the OS default -- i.e. do not
720 * try to set it. This allows sys admins to set the size they
721 * want in the OS, and Bacula will comply. See bug #1493
728 if (rw & BNET_SETBUF_READ) {
729 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
730 SO_RCVBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
732 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
733 dbuf_size -= TAPE_BSIZE;
735 Dmsg1(200, "set network buffer size=%d\n", dbuf_size);
736 if (dbuf_size != start_size) {
737 Qmsg1(get_jcr(), M_WARNING, 0,
738 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
744 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
746 start_size = dbuf_size;
747 if (rw & BNET_SETBUF_WRITE) {
748 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
749 SO_SNDBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
751 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
752 dbuf_size -= TAPE_BSIZE;
754 Dmsg1(900, "set network buffer size=%d\n", dbuf_size);
755 if (dbuf_size != start_size) {
756 Qmsg1(get_jcr(), M_WARNING, 0,
757 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
766 * Set socket non-blocking
767 * Returns previous socket flag
769 int BSOCK::set_nonblocking()
774 /* Get current flags */
775 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
777 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
780 /* Set O_NONBLOCK flag */
781 if ((fcntl(m_fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
783 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
793 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
801 * Set socket blocking
802 * Returns previous socket flags
804 int BSOCK::set_blocking()
808 /* Get current flags */
809 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
811 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
814 /* Set O_NONBLOCK flag */
815 if ((fcntl(m_fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
817 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
827 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
834 void BSOCK::set_killable(bool killable)
837 m_jcr->set_killable(killable);
842 * Restores socket flags
844 void BSOCK::restore_blocking (int flags)
847 if ((fcntl(m_fd, F_SETFL, flags)) < 0) {
849 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
852 m_blocking = (flags & O_NONBLOCK) ? true : false;
854 u_long ioctlArg = flags;
856 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
862 * Wait for a specified time for data to appear on
863 * the BSOCK connection.
865 * Returns: 1 if data available
869 int BSOCK::wait_data(int sec, int usec)
875 FD_SET((unsigned)m_fd, &fdset);
879 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
880 case 0: /* timeout */
885 if (errno == EINTR) {
888 return -1; /* error return */
897 * As above, but returns on interrupt
899 int BSOCK::wait_data_intr(int sec, int usec)
908 FD_SET((unsigned)m_fd, &fdset);
911 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
912 case 0: /* timeout */
917 return -1; /* error return */
926 * Note, this routine closes and destroys all the sockets
927 * that are open including the duped ones.
941 for (; bsock; bsock = next) {
942 next = bsock->m_next; /* get possible pointer to next before destoryed */
943 if (!bsock->m_duped) {
944 /* Shutdown tls cleanly. */
946 tls_bsock_shutdown(bsock);
947 free_tls_connection(bsock->tls);
950 if (bsock->is_timed_out()) {
951 shutdown(bsock->m_fd, SHUT_RDWR); /* discard any pending I/O */
953 socketClose(bsock->m_fd); /* normal close */
960 void BSOCK::destroy()
963 free_pool_memory(msg);
966 ASSERT(1 == 0); /* double close */
969 free_pool_memory(errmsg);
987 /* Commands sent to Director */
988 static char hello[] = "Hello %s calling\n";
990 /* Response from Director */
991 static char OKhello[] = "1000 OK:";
994 * Authenticate Director
996 bool BSOCK::authenticate_director(const char *name, const char *password,
997 TLS_CONTEXT *tls_ctx, char *response, int response_len)
999 int tls_local_need = BNET_TLS_NONE;
1000 int tls_remote_need = BNET_TLS_NONE;
1001 int compatible = true;
1002 char bashed_name[MAX_NAME_LENGTH];
1003 BSOCK *dir = this; /* for readability */
1007 * Send my name to the Director then do authentication
1010 /* Timeout Hello after 15 secs */
1011 dir->start_timer(15);
1012 dir->fsend(hello, bashed_name);
1014 if (get_tls_enable(tls_ctx)) {
1015 tls_local_need = get_tls_enable(tls_ctx) ? BNET_TLS_REQUIRED : BNET_TLS_OK;
1018 /* respond to Dir challenge */
1019 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
1020 /* Now challenge dir */
1021 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
1022 bsnprintf(response, response_len, _("Director authorization problem at \"%s:%d\"\n"),
1023 dir->host(), dir->port());
1027 /* Verify that the remote host is willing to meet our TLS requirements */
1028 if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1029 bsnprintf(response, response_len, _("Authorization problem:"
1030 " Remote server at \"%s:%d\" did not advertise required TLS support.\n"),
1031 dir->host(), dir->port());
1035 /* Verify that we are willing to meet the remote host's requirements */
1036 if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1037 bsnprintf(response, response_len, _("Authorization problem with Director at \"%s:%d\":"
1038 " Remote server requires TLS.\n"),
1039 dir->host(), dir->port());
1044 /* Is TLS Enabled? */
1046 if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
1047 /* Engage TLS! Full Speed Ahead! */
1048 if (!bnet_tls_client(tls_ctx, dir, NULL)) {
1049 bsnprintf(response, response_len, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
1050 dir->host(), dir->port());
1056 Dmsg1(6, ">dird: %s", dir->msg);
1057 if (dir->recv() <= 0) {
1059 bsnprintf(response, response_len, _("Bad response to Hello command: ERR=%s\n"
1060 "The Director at \"%s:%d\" is probably not running.\n"),
1061 dir->bstrerror(), dir->host(), dir->port());
1066 Dmsg1(10, "<dird: %s", dir->msg);
1067 if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) {
1068 bsnprintf(response, response_len, _("Director at \"%s:%d\" rejected Hello command\n"),
1069 dir->host(), dir->port());
1072 bsnprintf(response, response_len, "%s", dir->msg);
1078 bsnprintf(response, response_len, _("Authorization problem with Director at \"%s:%d\"\n"
1079 "Most likely the passwords do not agree.\n"
1080 "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
1081 "Please see " MANUAL_AUTH_URL " for help.\n"),
1082 dir->host(), dir->port());