- bstrncpy(bashed_name, name, sizeof(bashed_name));
- bash_spaces(bashed_name);
- bnet_fsend(dir, hello, bashed_name);
-
- if (!cram_md5_get_auth(dir, director->password, ssl_need) ||
- !cram_md5_auth(dir, director->password, ssl_need)) {
- sendit( _("Director authorization problem.\n"
- "Most likely the passwords do not agree.\n"));
- return 0;
+ if (cons) {
+ bstrncpy(bashed_name, cons->hdr.name, sizeof(bashed_name));
+ bash_spaces(bashed_name);
+ password = cons->password;
+ /* TLS Requirement */
+ if (cons->tls_enable) {
+ if (cons->tls_require) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ } else {
+ tls_local_need = BNET_TLS_OK;
+ }
+ }
+ if (cons->tls_authenticate) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ }
+ tls_authenticate = cons->tls_authenticate;
+ tls_ctx = cons->tls_ctx;
+ } else {
+ bstrncpy(bashed_name, "*UserAgent*", sizeof(bashed_name));
+ password = director->password;
+ /* TLS Requirement */
+ if (director->tls_enable) {
+ if (director->tls_require) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ } else {
+ tls_local_need = BNET_TLS_OK;
+ }
+ }
+
+ if (director->tls_authenticate) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ }
+ tls_authenticate = director->tls_authenticate;
+ tls_ctx = director->tls_ctx;
+ }
+
+
+ /* Timeout Hello after 15 secs */
+ btimer_t *tid = start_bsock_timer(dir, 15);
+ dir->fsend(hello, bashed_name, UA_VERSION);
+
+ if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
+ !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
+ goto bail_out;
+ }
+
+ /* Verify that the remote host is willing to meet our TLS requirements */
+ if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
+ sendit(_("Authorization problem:"
+ " Remote server did not advertise required TLS support.\n"));
+ goto bail_out;
+ }
+
+ /* Verify that we are willing to meet the remote host's requirements */
+ if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
+ sendit(_("Authorization problem:"
+ " Remote server requires TLS.\n"));
+ goto bail_out;
+ }
+
+ /* Is TLS Enabled? */
+ if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
+ /* Engage TLS! Full Speed Ahead! */
+ if (!bnet_tls_client(tls_ctx, dir, NULL)) {
+ sendit(_("TLS negotiation failed\n"));
+ goto bail_out;
+ }
+ if (tls_authenticate) { /* Authenticate only? */
+ dir->free_tls(); /* yes, shutdown tls */
+ }