+
+ /* TLS Requirement */
+ if (store->tls_enable) {
+ if (store->tls_require) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ } else {
+ tls_local_need = BNET_TLS_OK;
+ }
+ }
+
+ if (store->tls_authenticate) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ }
+
+ auth_success = cram_md5_respond(sd, store->password, &tls_remote_need, &compatible);
+ if (auth_success) {
+ auth_success = cram_md5_challenge(sd, store->password, tls_local_need, compatible);
+ if (!auth_success) {
+ Dmsg1(dbglvl, "cram_challenge failed for %s\n", sd->who());
+ }
+ } else {
+ Dmsg1(dbglvl, "cram_respond failed for %s\n", sd->who());
+ }
+
+ if (!auth_success) {
+ stop_bsock_timer(tid);
+ Dmsg0(dbglvl, _("Director and Storage daemon passwords or names not the same.\n"));
+ Jmsg2(jcr, M_FATAL, 0,
+ _("Director unable to authenticate with Storage daemon at \"%s:%d\". Possible causes:\n"
+ "Passwords or names not the same or\n"
+ "Maximum Concurrent Jobs exceeded on the SD or\n"
+ "SD networking messed up (restart daemon).\n"
+ "Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000 for help.\n"),
+ sd->host(), sd->port());
+ return 0;
+ }
+
+ /* Verify that the remote host is willing to meet our TLS requirements */
+ if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
+ stop_bsock_timer(tid);
+ Jmsg(jcr, M_FATAL, 0, _("Authorization problem: Remote server did not advertise required TLS support.\n"));
+ return 0;
+ }
+
+ /* Verify that we are willing to meet the remote host's requirements */
+ if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {