X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=bacula%2Fsrc%2Fconsole%2Fauthenticate.c;h=2297943b98ff948935728c461a1bf7d452191162;hb=ed8b34d3e172f009a02fb5b17b1ab237e36554f9;hp=04f7c0829a282744b50aa2b6394f07a3c50295be;hpb=8f8d5c6a0536d27d4dc5ccadca2dcec3c309248e;p=bacula%2Fbacula

diff --git a/bacula/src/console/authenticate.c b/bacula/src/console/authenticate.c
index 04f7c0829a..2297943b98 100644
--- a/bacula/src/console/authenticate.c
+++ b/bacula/src/console/authenticate.c
@@ -7,8 +7,8 @@
    many others, a complete list can be found in the file AUTHORS.
    This program is Free Software; you can redistribute it and/or
    modify it under the terms of version two of the GNU General Public
-   License as published by the Free Software Foundation plus additions
-   that are listed in the file LICENSE.
+   License as published by the Free Software Foundation and included
+   in the file LICENSE.
 
    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -20,7 +20,7 @@
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
    02110-1301, USA.
 
-   Bacula® is a registered trademark of John Walker.
+   Bacula® is a registered trademark of Kern Sibbald.
    The licensor of Bacula is the Free Software Foundation Europe
    (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
    Switzerland, email:ftf@fsfeurope.org.
@@ -47,10 +47,10 @@ void senditf(const char *fmt, ...);
 void sendit(const char *buf);
 
 /* Commands sent to Director */
-static char hello[]    = N_("Hello %s calling\n");
+static char hello[]    = "Hello %s calling\n";
 
 /* Response from Director */
-static char OKhello[]   = N_("1000 OK:");
+static char OKhello[]   = "1000 OK:";
 
 /* Forward referenced functions */
 
@@ -62,6 +62,8 @@ int authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons)
    BSOCK *dir = jcr->dir_bsock;
    int tls_local_need = BNET_TLS_NONE;
    int tls_remote_need = BNET_TLS_NONE;
+   bool tls_needed;
+   bool tls_authenticate;
    int compatible = true;
    char bashed_name[MAX_NAME_LENGTH];
    char *password;
@@ -82,7 +84,11 @@ int authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons)
             tls_local_need = BNET_TLS_OK;
          }
       }
-
+      if (cons->tls_authenticate) {
+         tls_local_need = BNET_TLS_REQUIRED;
+      }
+      tls_authenticate = cons->tls_authenticate;
+      tls_needed = cons->tls_enable || cons->tls_authenticate;
       tls_ctx = cons->tls_ctx;
    } else {
       bstrncpy(bashed_name, "*UserAgent*", sizeof(bashed_name));
@@ -96,13 +102,18 @@ int authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons)
          }
       }
 
+      if (director->tls_authenticate) {
+         tls_local_need = BNET_TLS_REQUIRED;
+      }
+      tls_authenticate = director->tls_authenticate;
+      tls_needed = director->tls_enable || director->tls_authenticate;
       tls_ctx = director->tls_ctx;
    }
 
    
    /* Timeout Hello after 5 mins */
    btimer_t *tid = start_bsock_timer(dir, 60 * 5);
-   bnet_fsend(dir, hello, bashed_name);
+   dir->fsend(hello, bashed_name);
 
    if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
        !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
@@ -124,13 +135,14 @@ int authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons)
    }
 
    /* Is TLS Enabled? */
-   if (have_tls) {
-      if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
-         /* Engage TLS! Full Speed Ahead! */
-         if (!bnet_tls_client(tls_ctx, dir)) {
-            sendit(_("TLS negotiation failed\n"));
-            goto bail_out;
-         }
+   if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
+      /* Engage TLS! Full Speed Ahead! */
+      if (!bnet_tls_client(tls_ctx, dir, NULL)) {
+         sendit(_("TLS negotiation failed\n"));
+         goto bail_out;
+      }
+      if (tls_authenticate) {           /* Authenticate only? */
+         dir->free_tls();               /* yes, shutdown tls */
       }
    }
 
@@ -139,9 +151,9 @@ int authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons)
     * be dropped here if an invalid client certificate was presented
     */
    Dmsg1(6, ">dird: %s", dir->msg);
-   if (bnet_recv(dir) <= 0) {
+   if (dir->recv() <= 0) {
       senditf(_("Bad response to Hello command: ERR=%s\n"),
-         bnet_strerror(dir));
+         dir->bstrerror());
       goto bail_out;
    }
 
@@ -160,6 +172,6 @@ bail_out:
    sendit( _("Director authorization problem.\n"
              "Most likely the passwords do not agree.\n"
              "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
-             "Please see http://www.bacula.org/rel-manual/faq.html#AuthorizationErrors for help.\n"));
+             "Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000 for help.\n"));
    return 0;
 }