2 Bacula® - The Network Backup Solution
4 Copyright (C) 2004-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
30 * Bacula authentication. Provides authentication with
31 * File and Storage daemons.
33 * Nicolas Boichat, August MMIV
35 * This routine runs as a thread and must be thread reentrant.
37 * Basic tasks done here:
41 #include "tray-monitor.h"
44 void senditf(const char *fmt, ...);
45 void sendit(const char *buf);
47 /* Commands sent to Director */
48 static char DIRhello[] = "Hello %s calling\n";
50 /* Response from Director */
51 static char DIROKhello[] = "1000 OK:";
53 /* Commands sent to Storage daemon and File daemon and received
54 * from the User Agent */
55 static char SDFDhello[] = "Hello Director %s calling\n";
57 /* Response from SD */
58 static char SDOKhello[] = "3000 OK Hello\n";
59 /* Response from FD */
60 static char FDOKhello[] = "2000 OK Hello";
62 /* Forward referenced functions */
65 * Authenticate Director
67 int authenticate_director(JCR *jcr, MONITOR *mon, DIRRES *director)
69 BSOCK *dir = jcr->dir_bsock;
70 int tls_local_need = BNET_TLS_NONE;
71 int tls_remote_need = BNET_TLS_NONE;
72 int compatible = true;
73 char bashed_name[MAX_NAME_LENGTH];
76 bstrncpy(bashed_name, mon->hdr.name, sizeof(bashed_name));
77 bash_spaces(bashed_name);
78 password = mon->password;
80 /* Timeout Hello after 5 mins */
81 btimer_t *tid = start_bsock_timer(dir, 60 * 5);
82 dir->fsend(DIRhello, bashed_name);
84 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
85 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
86 stop_bsock_timer(tid);
87 Jmsg0(jcr, M_FATAL, 0, _("Director authorization problem.\n"
88 "Most likely the passwords do not agree.\n"
89 "Please see " MANUAL_AUTH_URL " for help.\n"));
93 Dmsg1(6, ">dird: %s", dir->msg);
94 if (dir->recv() <= 0) {
95 stop_bsock_timer(tid);
96 Jmsg1(jcr, M_FATAL, 0, _("Bad response to Hello command: ERR=%s\n"),
100 Dmsg1(10, "<dird: %s", dir->msg);
101 stop_bsock_timer(tid);
102 if (strncmp(dir->msg, DIROKhello, sizeof(DIROKhello)-1) != 0) {
103 Jmsg0(jcr, M_FATAL, 0, _("Director rejected Hello command\n"));
106 Jmsg0(jcr, M_INFO, 0, dir->msg);
112 * Authenticate Storage daemon connection
114 int authenticate_storage_daemon(JCR *jcr, MONITOR *monitor, STORE* store)
116 BSOCK *sd = jcr->store_bsock;
117 char dirname[MAX_NAME_LENGTH];
118 int tls_local_need = BNET_TLS_NONE;
119 int tls_remote_need = BNET_TLS_NONE;
120 int compatible = true;
123 * Send my name to the Storage daemon then do authentication
125 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
126 bash_spaces(dirname);
127 /* Timeout Hello after 5 mins */
128 btimer_t *tid = start_bsock_timer(sd, 60 * 5);
129 if (!sd->fsend(SDFDhello, dirname)) {
130 stop_bsock_timer(tid);
131 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), bnet_strerror(sd));
134 if (!cram_md5_respond(sd, store->password, &tls_remote_need, &compatible) ||
135 !cram_md5_challenge(sd, store->password, tls_local_need, compatible)) {
136 stop_bsock_timer(tid);
137 Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n"
138 "Please see " MANUAL_AUTH_URL " for help.\n"));
141 Dmsg1(116, ">stored: %s", sd->msg);
142 if (sd->recv() <= 0) {
143 stop_bsock_timer(tid);
144 Jmsg1(jcr, M_FATAL, 0, _("bdird<stored: bad response to Hello command: ERR=%s\n"),
148 Dmsg1(110, "<stored: %s", sd->msg);
149 stop_bsock_timer(tid);
150 if (strncmp(sd->msg, SDOKhello, sizeof(SDOKhello)) != 0) {
151 Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
158 * Authenticate File daemon connection
160 int authenticate_file_daemon(JCR *jcr, MONITOR *monitor, CLIENT* client)
162 BSOCK *fd = jcr->file_bsock;
163 char dirname[MAX_NAME_LENGTH];
164 int tls_local_need = BNET_TLS_NONE;
165 int tls_remote_need = BNET_TLS_NONE;
166 int compatible = true;
169 * Send my name to the File daemon then do authentication
171 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
172 bash_spaces(dirname);
173 /* Timeout Hello after 5 mins */
174 btimer_t *tid = start_bsock_timer(fd, 60 * 5);
175 if (!fd->fsend(SDFDhello, dirname)) {
176 stop_bsock_timer(tid);
177 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd));
180 if (!cram_md5_respond(fd, client->password, &tls_remote_need, &compatible) ||
181 !cram_md5_challenge(fd, client->password, tls_local_need, compatible)) {
182 stop_bsock_timer(tid);
183 Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n"
184 "Please see " MANUAL_AUTH_URL " for help.\n"));
187 Dmsg1(116, ">filed: %s", fd->msg);
188 if (fd->recv() <= 0) {
189 stop_bsock_timer(tid);
190 Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"),
194 Dmsg1(110, "<stored: %s", fd->msg);
195 stop_bsock_timer(tid);
196 if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)-1) != 0) {
197 Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n"));