2 Bacula® - The Network Backup Solution
4 Copyright (C) 2007-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Network Utility Routines
41 #ifndef ENODATA /* not defined on BSD systems */
46 #define socketRead(fd, buf, len) ::recv(fd, buf, len, 0)
47 #define socketWrite(fd, buf, len) ::send(fd, buf, len, 0)
48 #define socketClose(fd) ::closesocket(fd)
50 #define socketRead(fd, buf, len) ::read(fd, buf, len)
51 #define socketWrite(fd, buf, len) ::write(fd, buf, len)
52 #define socketClose(fd) ::close(fd)
56 * This is a non-class BSOCK "constructor" because we want to
57 * call the Bacula smartalloc routines instead of new.
61 BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
68 memset(this, 0, sizeof(BSOCK));
70 msg = get_pool_memory(PM_MESSAGE);
71 errmsg = get_pool_memory(PM_MESSAGE);
73 * ****FIXME**** reduce this to a few hours once
74 * heartbeats are implemented
76 timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
80 * This is our "class destructor" that ensures that we use
81 * smartalloc rather than the system free().
83 void BSOCK::free_bsock()
88 void BSOCK::free_tls()
90 free_tls_connection(this->tls);
95 * Try to connect to host for max_retry_time at retry_time intervals.
96 * Note, you must have called the constructor prior to calling
99 bool BSOCK::connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
101 const char *name, char *host, char *service, int port,
107 time_t begin_time = time(NULL);
109 btimer_t *tid = NULL;
111 /* Try to trap out of OS call when time expires */
112 if (max_retry_time) {
113 tid = start_thread_timer(jcr, pthread_self(), (uint32_t)max_retry_time);
116 for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
117 i -= retry_interval) {
119 if (fatal || (jcr && job_canceled(jcr))) {
122 Dmsg4(100, "Unable to connect to %s on %s:%d. ERR=%s\n",
123 name, host, port, be.bstrerror());
125 i = 60 * 5; /* complain again in 5 minutes */
127 Qmsg4(jcr, M_WARNING, 0, _(
128 "Could not connect to %s on %s:%d. ERR=%s\n"
129 "Retrying ...\n"), name, host, port, be.bstrerror());
131 bmicrosleep(retry_interval, 0);
133 if (begin_time + max_retry_time <= now) {
134 Qmsg4(jcr, M_FATAL, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
135 name, host, port, be.bstrerror());
143 stop_thread_timer(tid);
150 * Finish initialization of the pocket structure.
152 void BSOCK::fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
153 struct sockaddr *lclient_addr)
155 Dmsg3(100, "who=%s host=%s port=%d\n", who, host, port);
157 set_who(bstrdup(who));
158 set_host(bstrdup(host));
160 memcpy(&client_addr, lclient_addr, sizeof(client_addr));
165 * Copy the address from the configuration dlist that gets passed in
167 void BSOCK::set_source_address(dlist *src_addr_list)
171 // delete the object we already have, if it's allocated
178 addr = (IPADDR*) src_addr_list->first();
179 src_addr = New( IPADDR(*addr));
185 * Open a TCP connection to the server
187 * Returns BSOCK * pointer on success
190 bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
191 int port, utime_t heart_beat, int *fatal)
196 bool connected = false;
202 * Fill in the structure serv_addr with the address of
203 * the server that we want to connect with.
205 if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
206 /* Note errstr is not malloc'ed */
207 Qmsg2(jcr, M_ERROR, 0, _("gethostbyname() for host \"%s\" failed: ERR=%s\n"),
209 Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
215 foreach_dlist(ipaddr, addr_list) {
216 ipaddr->set_port_net(htons(port));
217 char allbuf[256 * 10];
219 Dmsg2(100, "Current %sAll %s\n",
220 ipaddr->build_address_str(curbuf, sizeof(curbuf)),
221 build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
222 /* Open a TCP socket */
223 if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
227 Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
228 ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
232 /* Bind to the source address if it is set */
234 if (bind(sockfd, src_addr->get_sockaddr(), src_addr->get_sockaddr_len()) < 0) {
238 Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
239 src_addr->get_family(), be.bstrerror() );
245 * Keep socket from timing out from inactivity
247 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
249 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
252 #if defined(TCP_KEEPIDLE)
255 if (setsockopt(sockfd, IPPROTO_IP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
257 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPIDLE on socket: %s\n"),
263 /* connect to server */
264 if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
275 free_addresses(addr_list);
276 errno = save_errno | b_errno_win32;
280 * Keep socket from timing out from inactivity
281 * Do this a second time out of paranoia
283 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
285 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
288 fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
289 free_addresses(addr_list);
294 * Force read/write to use locking
296 bool BSOCK::set_locking()
300 return true; /* already set */
302 if ((stat = pthread_mutex_init(&m_mutex, NULL)) != 0) {
304 Qmsg(m_jcr, M_FATAL, 0, _("Could not init bsock mutex. ERR=%s\n"),
308 m_use_locking = true;
312 void BSOCK::clear_locking()
314 if (!m_use_locking) {
317 m_use_locking = false;
318 pthread_mutex_destroy(&m_mutex);
323 * Send a message over the network. The send consists of
324 * two network packets. The first is sends a 32 bit integer containing
325 * the length of the data packet which follows.
327 * Returns: false on failure
338 if (!m_suppress_error_msgs) {
339 Qmsg4(m_jcr, M_ERROR, 0, _("Socket has errors=%d on call to %s:%s:%d\n"),
340 errors, m_who, m_host, m_port);
344 if (is_terminated()) {
345 if (!m_suppress_error_msgs) {
346 Qmsg4(m_jcr, M_ERROR, 0, _("Socket is terminated=%d on call to %s:%s:%d\n"),
347 is_terminated(), m_who, m_host, m_port);
351 if (msglen > 1000000) {
352 if (!m_suppress_error_msgs) {
353 Qmsg4(m_jcr, M_ERROR, 0,
354 _("Socket has insane msglen=%d on call to %s:%s:%d\n"),
355 msglen, m_who, m_host, m_port);
360 if (m_use_locking) P(m_mutex);
361 /* Compute total packet length */
363 pktsiz = sizeof(pktsiz); /* signal, no data */
365 pktsiz = msglen + sizeof(pktsiz); /* data */
367 /* Store packet length at head of message -- note, we
368 * have reserved an int32_t just before msg, so we can
371 hdr = (int32_t *)(msg - (int)sizeof(pktsiz));
372 *hdr = htonl(msglen); /* store signal/length */
374 out_msg_no++; /* increment message number */
376 /* send data packet */
377 timer_start = watchdog_time; /* start timer */
379 /* Full I/O done in one write */
380 rc = write_nbytes(this, (char *)hdr, pktsiz);
381 timer_start = 0; /* clear timer */
390 if (!m_suppress_error_msgs) {
391 Qmsg5(m_jcr, M_ERROR, 0,
392 _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
394 m_host, m_port, this->bstrerror());
397 Qmsg5(m_jcr, M_ERROR, 0,
398 _("Wrote %d bytes to %s:%s:%d, but only %d accepted.\n"),
399 msglen, m_who, m_host, m_port, rc);
403 if (m_use_locking) V(m_mutex);
408 * Format and send a message
409 * Returns: false on error
412 bool BSOCK::fsend(const char *fmt, ...)
417 if (errors || is_terminated()) {
420 /* This probably won't work, but we vsnprintf, then if we
421 * get a negative length or a length greater than our buffer
422 * (depending on which library is used), the printf was truncated, so
423 * get a bigger buffer and try again.
426 maxlen = sizeof_pool_memory(msg) - 1;
427 va_start(arg_ptr, fmt);
428 msglen = bvsnprintf(msg, maxlen, fmt, arg_ptr);
430 if (msglen > 0 && msglen < (maxlen - 5)) {
433 msg = realloc_pool_memory(msg, maxlen + maxlen / 2);
439 * Receive a message from the other end. Each message consists of
440 * two packets. The first is a header that contains the size
441 * of the data that follows in the second packet.
442 * Returns number of bytes read (may return zero)
443 * Returns -1 on signal (BNET_SIGNAL)
444 * Returns -2 on hard end of file (BNET_HARDEOF)
445 * Returns -3 on error (BNET_ERROR)
447 * Unfortunately, it is a bit complicated because we have these
450 * 2. Signal including end of data stream
451 * 3. Hard end of file
453 * Using is_bnet_stop() and is_bnet_error() you can figure this all out.
455 int32_t BSOCK::recv()
462 if (errors || is_terminated()) {
466 if (m_use_locking) P(m_mutex);
467 read_seqno++; /* bump sequence number */
468 timer_start = watchdog_time; /* set start wait time */
470 /* get data size -- in int32_t */
471 if ((nbytes = read_nbytes(this, (char *)&pktsiz, sizeof(int32_t))) <= 0) {
472 timer_start = 0; /* clear timer */
473 /* probably pipe broken because client died */
480 nbytes = BNET_HARDEOF; /* assume hard EOF received */
483 timer_start = 0; /* clear timer */
484 if (nbytes != sizeof(int32_t)) {
487 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
488 sizeof(int32_t), nbytes, m_who, m_host, m_port);
493 pktsiz = ntohl(pktsiz); /* decode no. of bytes that follow */
495 if (pktsiz == 0) { /* No data transferred */
496 timer_start = 0; /* clear timer */
499 nbytes = 0; /* zero bytes read */
503 /* If signal or packet size too big */
504 if (pktsiz < 0 || pktsiz > 1000000) {
505 if (pktsiz > 0) { /* if packet too big */
506 Qmsg3(m_jcr, M_FATAL, 0,
507 _("Packet size too big from \"%s:%s:%d. Terminating connection.\n"),
508 m_who, m_host, m_port);
509 pktsiz = BNET_TERMINATE; /* hang up */
511 if (pktsiz == BNET_TERMINATE) {
514 timer_start = 0; /* clear timer */
516 msglen = pktsiz; /* signal code */
517 nbytes = BNET_SIGNAL; /* signal */
521 /* Make sure the buffer is big enough + one byte for EOS */
522 if (pktsiz >= (int32_t) sizeof_pool_memory(msg)) {
523 msg = realloc_pool_memory(msg, pktsiz + 100);
526 timer_start = watchdog_time; /* set start wait time */
528 /* now read the actual data */
529 if ((nbytes = read_nbytes(this, msg, pktsiz)) <= 0) {
530 timer_start = 0; /* clear timer */
537 Qmsg4(m_jcr, M_ERROR, 0, _("Read error from %s:%s:%d: ERR=%s\n"),
538 m_who, m_host, m_port, this->bstrerror());
542 timer_start = 0; /* clear timer */
545 if (nbytes != pktsiz) {
548 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
549 pktsiz, nbytes, m_who, m_host, m_port);
553 /* always add a zero by to properly terminate any
554 * string that was send to us. Note, we ensured above that the
555 * buffer is at least one byte longer than the message length.
557 msg[nbytes] = 0; /* terminate in case it is a string */
558 sm_check(__FILE__, __LINE__, false);
561 if (m_use_locking) V(m_mutex);
562 return nbytes; /* return actual length of message */
569 bool BSOCK::signal(int signal)
572 if (signal == BNET_TERMINATE) {
573 m_suppress_error_msgs = true;
579 * Despool spooled attributes
581 bool BSOCK::despool(void update_attr_spool_size(ssize_t size), ssize_t tsize)
585 ssize_t last = 0, size = 0;
587 JCR *jcr = get_jcr();
591 #if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
592 posix_fadvise(fileno(m_spool_fd), 0, 0, POSIX_FADV_WILLNEED);
595 while (fread((char *)&pktsiz, 1, sizeof(int32_t), m_spool_fd) ==
597 size += sizeof(int32_t);
598 msglen = ntohl(pktsiz);
600 if (msglen > (int32_t)sizeof_pool_memory(msg)) {
601 msg = realloc_pool_memory(msg, msglen + 1);
603 nbytes = fread(msg, 1, msglen, m_spool_fd);
604 if (nbytes != (size_t)msglen) {
606 Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
607 Qmsg1(get_jcr(), M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
609 update_attr_spool_size(tsize - last);
613 if ((++count & 0x3F) == 0) {
614 update_attr_spool_size(size - last);
619 if (jcr && job_canceled(jcr)) {
623 update_attr_spool_size(tsize - last);
624 if (ferror(m_spool_fd)) {
625 Qmsg(jcr, M_FATAL, 0, _("fread attr spool I/O error.\n"));
632 * Return the string for the error that occurred
633 * on the socket. Only the first error is retained.
635 const char *BSOCK::bstrerror()
638 if (errmsg == NULL) {
639 errmsg = get_pool_memory(PM_MESSAGE);
641 pm_strcpy(errmsg, be.bstrerror(b_errno));
645 int BSOCK::get_peer(char *buf, socklen_t buflen)
647 #if !defined(HAVE_WIN32)
648 if (peer_addr.sin_family == 0) {
649 socklen_t salen = sizeof(peer_addr);
650 int rval = (getpeername)(m_fd, (struct sockaddr *)&peer_addr, &salen);
651 if (rval < 0) return rval;
653 if (!inet_ntop(peer_addr.sin_family, &peer_addr.sin_addr, buf, buflen))
663 * Set the network buffer size, suggested size is in size.
664 * Actual size obtained is returned in bs->msglen
666 * Returns: false on failure
669 bool BSOCK::set_buffer_size(uint32_t size, int rw)
671 uint32_t dbuf_size, start_size;
672 #if defined(IP_TOS) && defined(IPTOS_THROUGHPUT)
674 opt = IPTOS_THROUGHPUT;
675 setsockopt(fd, IPPROTO_IP, IP_TOS, (sockopt_val_t)&opt, sizeof(opt));
681 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
683 start_size = dbuf_size;
684 if ((msg = realloc_pool_memory(msg, dbuf_size + 100)) == NULL) {
685 Qmsg0(get_jcr(), M_FATAL, 0, _("Could not malloc BSOCK data buffer\n"));
688 if (rw & BNET_SETBUF_READ) {
689 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
690 SO_RCVBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
692 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
693 dbuf_size -= TAPE_BSIZE;
695 Dmsg1(200, "set network buffer size=%d\n", dbuf_size);
696 if (dbuf_size != start_size) {
697 Qmsg1(get_jcr(), M_WARNING, 0,
698 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
700 if (dbuf_size % TAPE_BSIZE != 0) {
701 Qmsg1(get_jcr(), M_ABORT, 0,
702 _("Network buffer size %d not multiple of tape block size.\n"),
709 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
711 start_size = dbuf_size;
712 if (rw & BNET_SETBUF_WRITE) {
713 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
714 SO_SNDBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
716 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
717 dbuf_size -= TAPE_BSIZE;
719 Dmsg1(900, "set network buffer size=%d\n", dbuf_size);
720 if (dbuf_size != start_size) {
721 Qmsg1(get_jcr(), M_WARNING, 0,
722 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
724 if (dbuf_size % TAPE_BSIZE != 0) {
725 Qmsg1(get_jcr(), M_ABORT, 0,
726 _("Network buffer size %d not multiple of tape block size.\n"),
736 * Set socket non-blocking
737 * Returns previous socket flag
739 int BSOCK::set_nonblocking()
744 /* Get current flags */
745 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
747 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
750 /* Set O_NONBLOCK flag */
751 if ((fcntl(m_fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
753 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
763 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
771 * Set socket blocking
772 * Returns previous socket flags
774 int BSOCK::set_blocking()
778 /* Get current flags */
779 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
781 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
784 /* Set O_NONBLOCK flag */
785 if ((fcntl(m_fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
787 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
797 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
805 * Restores socket flags
807 void BSOCK::restore_blocking (int flags)
810 if ((fcntl(m_fd, F_SETFL, flags)) < 0) {
812 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
815 m_blocking = (flags & O_NONBLOCK) ? true : false;
817 u_long ioctlArg = flags;
819 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
825 * Wait for a specified time for data to appear on
826 * the BSOCK connection.
828 * Returns: 1 if data available
832 int BSOCK::wait_data(int sec, int usec)
838 FD_SET((unsigned)m_fd, &fdset);
842 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
843 case 0: /* timeout */
848 if (errno == EINTR) {
851 return -1; /* error return */
860 * As above, but returns on interrupt
862 int BSOCK::wait_data_intr(int sec, int usec)
871 FD_SET((unsigned)m_fd, &fdset);
874 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
875 case 0: /* timeout */
880 return -1; /* error return */
889 * Note, this routine closes and destroys all the sockets
890 * that are open including the duped ones.
904 for (; bsock; bsock = next) {
905 next = bsock->m_next; /* get possible pointer to next before destoryed */
906 if (!bsock->m_duped) {
907 /* Shutdown tls cleanly. */
909 tls_bsock_shutdown(bsock);
910 free_tls_connection(bsock->tls);
913 if (bsock->is_timed_out()) {
914 shutdown(bsock->m_fd, SHUT_RDWR); /* discard any pending I/O */
916 socketClose(bsock->m_fd); /* normal close */
923 void BSOCK::destroy()
926 free_pool_memory(msg);
929 ASSERT(1 == 0); /* double close */
932 free_pool_memory(errmsg);
950 /* Commands sent to Director */
951 static char hello[] = "Hello %s calling\n";
953 /* Response from Director */
954 static char OKhello[] = "1000 OK:";
957 * Authenticate Director
959 bool BSOCK::authenticate_director(const char *name, const char *password,
960 TLS_CONTEXT *tls_ctx, char *msg, int msglen)
962 int tls_local_need = BNET_TLS_NONE;
963 int tls_remote_need = BNET_TLS_NONE;
964 int compatible = true;
965 char bashed_name[MAX_NAME_LENGTH];
966 BSOCK *dir = this; /* for readability */
970 * Send my name to the Director then do authentication
973 /* Timeout Hello after 15 secs */
974 dir->start_timer(15);
975 dir->fsend(hello, bashed_name);
977 if (get_tls_enable(tls_ctx)) {
978 tls_local_need = get_tls_enable(tls_ctx) ? BNET_TLS_REQUIRED : BNET_TLS_OK;
981 /* respond to Dir challenge */
982 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
983 /* Now challenge dir */
984 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
985 bsnprintf(msg, msglen, _("Director authorization problem at \"%s:%d\"\n"),
986 dir->host(), dir->port());
990 /* Verify that the remote host is willing to meet our TLS requirements */
991 if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
992 bsnprintf(msg, msglen, _("Authorization problem:"
993 " Remote server at \"%s:%d\" did not advertise required TLS support.\n"),
994 dir->host(), dir->port());
998 /* Verify that we are willing to meet the remote host's requirements */
999 if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
1000 bsnprintf(msg, msglen, _("Authorization problem with Director at \"%s:%d\":"
1001 " Remote server requires TLS.\n"),
1002 dir->host(), dir->port());
1007 /* Is TLS Enabled? */
1009 if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
1010 /* Engage TLS! Full Speed Ahead! */
1011 if (!bnet_tls_client(tls_ctx, dir, NULL)) {
1012 bsnprintf(msg, msglen, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
1013 dir->host(), dir->port());
1019 Dmsg1(6, ">dird: %s", dir->msg);
1020 if (dir->recv() <= 0) {
1022 bsnprintf(msg, msglen, _("Bad response to Hello command: ERR=%s\n"
1023 "The Director at \"%s:%d\" is probably not running.\n"),
1024 dir->bstrerror(), dir->host(), dir->port());
1029 Dmsg1(10, "<dird: %s", dir->msg);
1030 if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) {
1031 bsnprintf(msg, msglen, _("Director at \"%s:%d\" rejected Hello command\n"),
1032 dir->host(), dir->port());
1035 bsnprintf(msg, msglen, "%s", dir->msg);
1041 bsnprintf(msg, msglen, _("Authorization problem with Director at \"%s:%d\"\n"
1042 "Most likely the passwords do not agree.\n"
1043 "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
1044 "Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000 for help.\n"),
1045 dir->host(), dir->port());