*
*/
/*
- Copyright (C) 2000-2004 Kern Sibbald and John Walker
+ Copyright (C) 2000-2005 Kern Sibbald
This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
+ modify it under the terms of the GNU General Public License
+ version 2 as amended with additional clauses defined in the
+ file LICENSE in the main source directory.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public
- License along with this program; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
int tls_local_need = BNET_TLS_NONE;
int tls_remote_need = BNET_TLS_NONE;
bool auth_success = false;
-#ifdef HAVE_TLS
alist *verify_list = NULL;
-#endif /* HAVE_TLS */
if (rcode != R_DIRECTOR) {
- Dmsg1(50, _("I only authenticate directors, not %d\n"), rcode);
+ Dmsg1(50, "I only authenticate directors, not %d\n", rcode);
Emsg1(M_FATAL, 0, _("I only authenticate directors, not %d\n"), rcode);
return 0;
}
if (bs->msglen < 25 || bs->msglen > 200) {
- Dmsg2(50, _("Bad Hello command from Director at %s. Len=%d.\n"),
+ Dmsg2(50, "Bad Hello command from Director at %s. Len=%d.\n",
bs->who, bs->msglen);
Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s. Len=%d.\n"),
bs->who, bs->msglen);
if (sscanf(bs->msg, "Hello Director %s calling\n", dirname) != 1) {
free_pool_memory(dirname);
bs->msg[100] = 0;
- Dmsg2(50, _("Bad Hello command from Director at %s: %s\n"),
+ Dmsg2(50, "Bad Hello command from Director at %s: %s\n",
bs->who, bs->msg);
Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s: %s\n"),
bs->who, bs->msg);
}
UnlockRes();
if (!director) {
- Dmsg2(50, _("Connection from unknown Director %s at %s rejected.\n"),
+ Dmsg2(50, "Connection from unknown Director %s at %s rejected.\n",
dirname, bs->who);
Emsg2(M_FATAL, 0, _("Connection from unknown Director %s at %s rejected.\n"
"Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help.\n"),
return 0;
}
-#ifdef HAVE_TLS
- /* TLS Requirement */
- if (director->tls_enable) {
- if (director->tls_require) {
- tls_local_need = BNET_TLS_REQUIRED;
- } else {
- tls_local_need = BNET_TLS_OK;
+ if (have_tls) {
+ /* TLS Requirement */
+ if (director->tls_enable) {
+ if (director->tls_require) {
+ tls_local_need = BNET_TLS_REQUIRED;
+ } else {
+ tls_local_need = BNET_TLS_OK;
+ }
}
- }
- if (director->tls_verify_peer) {
- verify_list = director->tls_allowed_cns;
+ if (director->tls_verify_peer) {
+ verify_list = director->tls_allowed_cns;
+ }
}
-#endif /* HAVE_TLS */
btimer_t *tid = start_bsock_timer(bs, AUTH_TIMEOUT);
auth_success = cram_md5_auth(bs, director->password, tls_local_need);
goto auth_fatal;
}
-#ifdef HAVE_TLS
- if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
- /* Engage TLS! Full Speed Ahead! */
- if (!bnet_tls_server(director->tls_ctx, bs, verify_list)) {
- Emsg0(M_FATAL, 0, "TLS negotiation failed.\n");
- director = NULL;
- goto auth_fatal;
+ if (have_tls) {
+ if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
+ /* Engage TLS! Full Speed Ahead! */
+ if (!bnet_tls_server(director->tls_ctx, bs, verify_list)) {
+ Emsg0(M_FATAL, 0, _("TLS negotiation failed.\n"));
+ director = NULL;
+ goto auth_fatal;
+ }
}
}
-#endif /* HAVE_TLS */
auth_fatal:
stop_bsock_timer(tid);
if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
/* Engage TLS! Full Speed Ahead! */
if (!bnet_tls_client(me->tls_ctx, sd)) {
- Jmsg(jcr, M_FATAL, 0, "TLS negotiation failed.\n");
+ Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
auth_success = false;
goto auth_fatal;
}