2 Bacula® - The Network Backup Solution
4 Copyright (C) 2004-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
30 * Bacula authentication. Provides authentication with
31 * File and Storage daemons.
33 * Nicolas Boichat, August MMIV
35 * This routine runs as a thread and must be thread reentrant.
37 * Basic tasks done here:
42 #include "tray-monitor.h"
45 void senditf(const char *fmt, ...);
46 void sendit(const char *buf);
48 /* Commands sent to Director */
49 static char DIRhello[] = "Hello %s calling\n";
51 /* Response from Director */
52 static char DIROKhello[] = "1000 OK:";
54 /* Commands sent to Storage daemon and File daemon and received
55 * from the User Agent */
56 static char SDFDhello[] = "Hello Director %s calling\n";
58 /* Response from SD */
59 static char SDOKhello[] = "3000 OK Hello\n";
60 /* Response from FD */
61 static char FDOKhello[] = "2000 OK Hello";
63 /* Forward referenced functions */
66 * Authenticate Director
68 int authenticate_director(JCR *jcr, MONITOR *mon, DIRRES *director)
70 BSOCK *dir = jcr->dir_bsock;
71 int tls_local_need = BNET_TLS_NONE;
72 int tls_remote_need = BNET_TLS_NONE;
73 int compatible = true;
74 char bashed_name[MAX_NAME_LENGTH];
77 bstrncpy(bashed_name, mon->hdr.name, sizeof(bashed_name));
78 bash_spaces(bashed_name);
79 password = mon->password;
81 /* Timeout Hello after 5 mins */
82 btimer_t *tid = start_bsock_timer(dir, 60 * 5);
83 dir->fsend(DIRhello, bashed_name);
85 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
86 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
87 stop_bsock_timer(tid);
88 Jmsg0(jcr, M_FATAL, 0, _("Director authorization problem.\n"
89 "Most likely the passwords do not agree.\n"
90 "Please see " MANUAL_AUTH_URL " for help.\n"));
94 Dmsg1(6, ">dird: %s", dir->msg);
95 if (dir->recv() <= 0) {
96 stop_bsock_timer(tid);
97 Jmsg1(jcr, M_FATAL, 0, _("Bad response to Hello command: ERR=%s\n"),
101 Dmsg1(10, "<dird: %s", dir->msg);
102 stop_bsock_timer(tid);
103 if (strncmp(dir->msg, DIROKhello, sizeof(DIROKhello)-1) != 0) {
104 Jmsg0(jcr, M_FATAL, 0, _("Director rejected Hello command\n"));
107 Jmsg0(jcr, M_INFO, 0, dir->msg);
113 * Authenticate Storage daemon connection
115 int authenticate_storage_daemon(JCR *jcr, MONITOR *monitor, STORE* store)
117 BSOCK *sd = jcr->store_bsock;
118 char dirname[MAX_NAME_LENGTH];
119 int tls_local_need = BNET_TLS_NONE;
120 int tls_remote_need = BNET_TLS_NONE;
121 int compatible = true;
124 * Send my name to the Storage daemon then do authentication
126 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
127 bash_spaces(dirname);
128 /* Timeout Hello after 5 mins */
129 btimer_t *tid = start_bsock_timer(sd, 60 * 5);
130 if (!sd->fsend(SDFDhello, dirname)) {
131 stop_bsock_timer(tid);
132 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), sd->bstrerror());
135 if (!cram_md5_respond(sd, store->password, &tls_remote_need, &compatible) ||
136 !cram_md5_challenge(sd, store->password, tls_local_need, compatible)) {
137 stop_bsock_timer(tid);
138 Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n"
139 "Please see " MANUAL_AUTH_URL " for help.\n"));
142 Dmsg1(116, ">stored: %s", sd->msg);
143 if (sd->recv() <= 0) {
144 stop_bsock_timer(tid);
145 Jmsg1(jcr, M_FATAL, 0, _("bdird<stored: bad response to Hello command: ERR=%s\n"),
149 Dmsg1(110, "<stored: %s", sd->msg);
150 stop_bsock_timer(tid);
151 if (strncmp(sd->msg, SDOKhello, sizeof(SDOKhello)) != 0) {
152 Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
159 * Authenticate File daemon connection
161 int authenticate_file_daemon(JCR *jcr, MONITOR *monitor, CLIENT* client)
163 BSOCK *fd = jcr->file_bsock;
164 char dirname[MAX_NAME_LENGTH];
165 int tls_local_need = BNET_TLS_NONE;
166 int tls_remote_need = BNET_TLS_NONE;
167 int compatible = true;
170 * Send my name to the File daemon then do authentication
172 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
173 bash_spaces(dirname);
174 /* Timeout Hello after 5 mins */
175 btimer_t *tid = start_bsock_timer(fd, 60 * 5);
176 if (!fd->fsend(SDFDhello, dirname)) {
177 stop_bsock_timer(tid);
178 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), fd->bstrerror());
181 if (!cram_md5_respond(fd, client->password, &tls_remote_need, &compatible) ||
182 !cram_md5_challenge(fd, client->password, tls_local_need, compatible)) {
183 stop_bsock_timer(tid);
184 Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n"
185 "Please see " MANUAL_AUTH_URL " for help.\n"));
188 Dmsg1(116, ">filed: %s", fd->msg);
189 if (fd->recv() <= 0) {
190 stop_bsock_timer(tid);
191 Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"),
195 Dmsg1(110, "<stored: %s", fd->msg);
196 stop_bsock_timer(tid);
197 if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)-1) != 0) {
198 Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n"));