2 Bacula(R) - The Network Backup Solution
4 Copyright (C) 2000-2015 Kern Sibbald
5 Copyright (C) 2004-2013 Free Software Foundation Europe e.V.
7 The original author of Bacula is Kern Sibbald, with contributions
8 from many others, a complete list can be found in the file AUTHORS.
10 You may use this file and others of this release according to the
11 license defined in the LICENSE file, which includes the Affero General
12 Public License, v3.0 ("AGPLv3") and some additional permissions and
13 terms pursuant to its AGPLv3 Section 7.
15 This notice must be preserved when any source code is
16 conveyed and/or propagated.
18 Bacula(R) is a registered trademark of Kern Sibbald.
22 * Bacula authentication. Provides authentication with
23 * File and Storage daemons.
25 * Nicolas Boichat, August MMIV
27 * This routine runs as a thread and must be thread reentrant.
29 * Basic tasks done here:
34 #include "tray-monitor.h"
36 void senditf(const char *fmt, ...);
37 void sendit(const char *buf);
39 /* Commands sent to Director */
40 static char DIRhello[] = "Hello %s calling\n";
42 /* Response from Director */
43 static char DIROKhello[] = "1000 OK:";
45 /* Commands sent to Storage daemon and File daemon and received
46 * from the User Agent */
47 static char SDFDhello[] = "Hello Director %s calling\n";
49 /* Response from SD */
50 static char SDOKhello[] = "3000 OK Hello\n";
51 /* Response from FD */
52 static char FDOKhello[] = "2000 OK Hello";
54 /* Forward referenced functions */
57 * Authenticate Director
59 int authenticate_director(JCR *jcr, MONITOR *mon, DIRRES *director)
61 BSOCK *dir = jcr->dir_bsock;
62 int tls_local_need = BNET_TLS_NONE;
63 int tls_remote_need = BNET_TLS_NONE;
64 int compatible = true;
65 char bashed_name[MAX_NAME_LENGTH];
68 bstrncpy(bashed_name, mon->hdr.name, sizeof(bashed_name));
69 bash_spaces(bashed_name);
70 password = mon->password;
72 /* Timeout Hello after 5 mins */
73 btimer_t *tid = start_bsock_timer(dir, 60 * 5);
74 dir->fsend(DIRhello, bashed_name);
76 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
77 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
78 stop_bsock_timer(tid);
79 Jmsg0(jcr, M_FATAL, 0, _("Director authorization problem.\n"
80 "Most likely the passwords do not agree.\n"
81 "For help, please see " MANUAL_AUTH_URL "\n"));
85 Dmsg1(6, ">dird: %s", dir->msg);
86 if (dir->recv() <= 0) {
87 stop_bsock_timer(tid);
88 Jmsg1(jcr, M_FATAL, 0, _("Bad response to Hello command: ERR=%s\n"),
92 Dmsg1(10, "<dird: %s", dir->msg);
93 stop_bsock_timer(tid);
94 if (strncmp(dir->msg, DIROKhello, sizeof(DIROKhello)-1) != 0) {
95 Jmsg0(jcr, M_FATAL, 0, _("Director rejected Hello command\n"));
98 Jmsg0(jcr, M_INFO, 0, dir->msg);
104 * Authenticate Storage daemon connection
106 int authenticate_storage_daemon(JCR *jcr, MONITOR *monitor, STORE* store)
108 BSOCK *sd = jcr->store_bsock;
109 char dirname[MAX_NAME_LENGTH];
110 int tls_local_need = BNET_TLS_NONE;
111 int tls_remote_need = BNET_TLS_NONE;
112 int compatible = true;
115 * Send my name to the Storage daemon then do authentication
117 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
118 bash_spaces(dirname);
119 /* Timeout Hello after 5 mins */
120 btimer_t *tid = start_bsock_timer(sd, 60 * 5);
121 if (!sd->fsend(SDFDhello, dirname)) {
122 stop_bsock_timer(tid);
123 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), sd->bstrerror());
126 if (!cram_md5_respond(sd, store->password, &tls_remote_need, &compatible) ||
127 !cram_md5_challenge(sd, store->password, tls_local_need, compatible)) {
128 stop_bsock_timer(tid);
129 Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n"
130 "For help, please see " MANUAL_AUTH_URL "\n"));
133 Dmsg1(116, ">stored: %s", sd->msg);
134 if (sd->recv() <= 0) {
135 stop_bsock_timer(tid);
136 Jmsg1(jcr, M_FATAL, 0, _("bdird<stored: bad response to Hello command: ERR=%s\n"),
140 Dmsg1(110, "<stored: %s", sd->msg);
141 stop_bsock_timer(tid);
142 if (strncmp(sd->msg, SDOKhello, sizeof(SDOKhello)) != 0) {
143 Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
150 * Authenticate File daemon connection
152 int authenticate_file_daemon(JCR *jcr, MONITOR *monitor, CLIENT* client)
154 BSOCK *fd = jcr->file_bsock;
155 char dirname[MAX_NAME_LENGTH];
156 int tls_local_need = BNET_TLS_NONE;
157 int tls_remote_need = BNET_TLS_NONE;
158 int compatible = true;
161 * Send my name to the File daemon then do authentication
163 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
164 bash_spaces(dirname);
165 /* Timeout Hello after 5 mins */
166 btimer_t *tid = start_bsock_timer(fd, 60 * 5);
167 if (!fd->fsend(SDFDhello, dirname)) {
168 stop_bsock_timer(tid);
169 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), fd->bstrerror());
172 if (!cram_md5_respond(fd, client->password, &tls_remote_need, &compatible) ||
173 !cram_md5_challenge(fd, client->password, tls_local_need, compatible)) {
174 stop_bsock_timer(tid);
175 Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n"
176 "For help, please see " MANUAL_AUTH_URL "\n"));
179 Dmsg1(116, ">filed: %s", fd->msg);
180 if (fd->recv() <= 0) {
181 stop_bsock_timer(tid);
182 Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"),
186 Dmsg1(110, "<stored: %s", fd->msg);
187 stop_bsock_timer(tid);
188 if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)-1) != 0) {
189 Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n"));