3 * Bacula authentication. Provides authentication with
4 * File and Storage daemons.
6 * Nicolas Boichat, August MMIV
8 * This routine runs as a thread and must be thread reentrant.
10 * Basic tasks done here:
14 Copyright (C) 2004-2006 Kern Sibbald
16 This program is free software; you can redistribute it and/or
17 modify it under the terms of the GNU General Public License
18 version 2 as amended with additional clauses defined in the
19 file LICENSE in the main source directory.
21 This program is distributed in the hope that it will be useful,
22 but WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24 the file LICENSE for additional details.
29 #include "tray-monitor.h"
32 void senditf(const char *fmt, ...);
33 void sendit(const char *buf);
35 /* Commands sent to Director */
36 static char DIRhello[] = "Hello %s calling\n";
38 /* Response from Director */
39 static char DIROKhello[] = "1000 OK:";
41 /* Commands sent to Storage daemon and File daemon and received
42 * from the User Agent */
43 static char SDFDhello[] = "Hello Director %s calling\n";
45 /* Response from SD */
46 static char SDOKhello[] = "3000 OK Hello\n";
47 /* Response from FD */
48 static char FDOKhello[] = "2000 OK Hello\n";
50 /* Forward referenced functions */
53 * Authenticate Director
55 int authenticate_director(JCR *jcr, MONITOR *mon, DIRRES *director)
57 BSOCK *dir = jcr->dir_bsock;
58 int tls_local_need = BNET_TLS_NONE;
59 int tls_remote_need = BNET_TLS_NONE;
60 int compatible = true;
61 char bashed_name[MAX_NAME_LENGTH];
64 bstrncpy(bashed_name, mon->hdr.name, sizeof(bashed_name));
65 bash_spaces(bashed_name);
66 password = mon->password;
68 /* Timeout Hello after 5 mins */
69 btimer_t *tid = start_bsock_timer(dir, 60 * 5);
70 bnet_fsend(dir, DIRhello, bashed_name);
72 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
73 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
74 stop_bsock_timer(tid);
75 Jmsg0(jcr, M_FATAL, 0, _("Director authorization problem.\n"
76 "Most likely the passwords do not agree.\n"
77 "Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help.\n"));
81 Dmsg1(6, ">dird: %s", dir->msg);
82 if (bnet_recv(dir) <= 0) {
83 stop_bsock_timer(tid);
84 Jmsg1(jcr, M_FATAL, 0, _("Bad response to Hello command: ERR=%s\n"),
88 Dmsg1(10, "<dird: %s", dir->msg);
89 stop_bsock_timer(tid);
90 if (strncmp(dir->msg, DIROKhello, sizeof(DIROKhello)-1) != 0) {
91 Jmsg0(jcr, M_FATAL, 0, _("Director rejected Hello command\n"));
94 Jmsg0(jcr, M_FATAL, 0, dir->msg);
100 * Authenticate Storage daemon connection
102 int authenticate_storage_daemon(JCR *jcr, MONITOR *monitor, STORE* store)
104 BSOCK *sd = jcr->store_bsock;
105 char dirname[MAX_NAME_LENGTH];
106 int tls_local_need = BNET_TLS_NONE;
107 int tls_remote_need = BNET_TLS_NONE;
108 int compatible = true;
111 * Send my name to the Storage daemon then do authentication
113 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
114 bash_spaces(dirname);
115 /* Timeout Hello after 5 mins */
116 btimer_t *tid = start_bsock_timer(sd, 60 * 5);
117 if (!bnet_fsend(sd, SDFDhello, dirname)) {
118 stop_bsock_timer(tid);
119 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), bnet_strerror(sd));
122 if (!cram_md5_respond(sd, store->password, &tls_remote_need, &compatible) ||
123 !cram_md5_challenge(sd, store->password, tls_local_need, compatible)) {
124 stop_bsock_timer(tid);
125 Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n"
126 "Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help.\n"));
129 Dmsg1(116, ">stored: %s", sd->msg);
130 if (bnet_recv(sd) <= 0) {
131 stop_bsock_timer(tid);
132 Jmsg1(jcr, M_FATAL, 0, _("bdird<stored: bad response to Hello command: ERR=%s\n"),
136 Dmsg1(110, "<stored: %s", sd->msg);
137 stop_bsock_timer(tid);
138 if (strncmp(sd->msg, SDOKhello, sizeof(SDOKhello)) != 0) {
139 Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
146 * Authenticate File daemon connection
148 int authenticate_file_daemon(JCR *jcr, MONITOR *monitor, CLIENT* client)
150 BSOCK *fd = jcr->file_bsock;
151 char dirname[MAX_NAME_LENGTH];
152 int tls_local_need = BNET_TLS_NONE;
153 int tls_remote_need = BNET_TLS_NONE;
154 int compatible = true;
157 * Send my name to the File daemon then do authentication
159 bstrncpy(dirname, monitor->hdr.name, sizeof(dirname));
160 bash_spaces(dirname);
161 /* Timeout Hello after 5 mins */
162 btimer_t *tid = start_bsock_timer(fd, 60 * 5);
163 if (!bnet_fsend(fd, SDFDhello, dirname)) {
164 stop_bsock_timer(tid);
165 Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd));
168 if (!cram_md5_respond(fd, client->password, &tls_remote_need, &compatible) ||
169 !cram_md5_challenge(fd, client->password, tls_local_need, compatible)) {
170 stop_bsock_timer(tid);
171 Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n"
172 "Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help.\n"));
175 Dmsg1(116, ">filed: %s", fd->msg);
176 if (bnet_recv(fd) <= 0) {
177 stop_bsock_timer(tid);
178 Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"),
182 Dmsg1(110, "<stored: %s", fd->msg);
183 stop_bsock_timer(tid);
184 if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)) != 0) {
185 Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n"));