X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Fdird%2Fauthenticate.c;h=dd6787c9ba4c7ffdab88629e398f0669058dc846;hb=1c31d780ff8befc9ef13c681d991bf235cb5f735;hp=f6a11fb3256b2c303f36f92780447c841fa58486;hpb=67a5233e607154016353ba27147766edc64476c2;p=bacula%2Fbacula diff --git a/bacula/src/dird/authenticate.c b/bacula/src/dird/authenticate.c index f6a11fb325..dd6787c9ba 100644 --- a/bacula/src/dird/authenticate.c +++ b/bacula/src/dird/authenticate.c @@ -11,7 +11,7 @@ * */ /* - Copyright (C) 2000, 2001, 2002 Kern Sibbald and John Walker + Copyright (C) 2001-2004 Kern Sibbald and John Walker This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as @@ -45,39 +45,47 @@ static char OKhello[] = "3000 OK Hello\n"; static char FDOKhello[] = "2000 OK Hello\n"; /* Sent to User Agent */ -static char Dir_sorry[] = N_("1999 You are not authorized.\n"); +static char Dir_sorry[] = "1999 You are not authorized.\n"; /* Forward referenced functions */ /* * Authenticate Storage daemon connection */ -int authenticate_storage_daemon(JCR *jcr) +bool authenticate_storage_daemon(JCR *jcr, STORE *store) { BSOCK *sd = jcr->store_bsock; char dirname[MAX_NAME_LENGTH]; + int ssl_need = BNET_SSL_NONE; /* * Send my name to the Storage daemon then do authentication */ - strcpy(dirname, director->hdr.name); + bstrncpy(dirname, director->hdr.name, sizeof(dirname)); bash_spaces(dirname); + /* Timeout Hello after 1 min */ + btimer_t *tid = start_bsock_timer(sd, 60); if (!bnet_fsend(sd, hello, dirname)) { + stop_bsock_timer(tid); Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), bnet_strerror(sd)); return 0; } - if (!cram_md5_get_auth(sd, jcr->store->password) || - !cram_md5_auth(sd, jcr->store->password)) { - Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords not the same.\n")); + if (!cram_md5_get_auth(sd, store->password, ssl_need) || + !cram_md5_auth(sd, store->password, ssl_need)) { + stop_bsock_timer(tid); + Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n" + "Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n")); return 0; } Dmsg1(116, ">stored: %s", sd->msg); if (bnet_recv(sd) <= 0) { + stop_bsock_timer(tid); Jmsg1(jcr, M_FATAL, 0, _("bdirdmsg); + stop_bsock_timer(tid); if (strncmp(sd->msg, OKhello, sizeof(OKhello)) != 0) { Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n")); return 0; @@ -92,28 +100,36 @@ int authenticate_file_daemon(JCR *jcr) { BSOCK *fd = jcr->file_bsock; char dirname[MAX_NAME_LENGTH]; + int ssl_need = BNET_SSL_NONE; /* * Send my name to the File daemon then do authentication */ - strcpy(dirname, director->hdr.name); + bstrncpy(dirname, director->hdr.name, sizeof(dirname)); bash_spaces(dirname); + /* Timeout Hello after 5 mins */ + btimer_t *tid = start_bsock_timer(fd, 60 * 5); if (!bnet_fsend(fd, hello, dirname)) { + stop_bsock_timer(tid); Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd)); return 0; } - if (!cram_md5_get_auth(fd, jcr->client->password) || - !cram_md5_auth(fd, jcr->client->password)) { - Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords not the same.\n")); + if (!cram_md5_get_auth(fd, jcr->client->password, ssl_need) || + !cram_md5_auth(fd, jcr->client->password, ssl_need)) { + stop_bsock_timer(tid); + Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n" + "Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n")); return 0; } Dmsg1(116, ">filed: %s", fd->msg); if (bnet_recv(fd) <= 0) { + stop_bsock_timer(tid); Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"), bnet_strerror(fd)); return 0; } Dmsg1(110, "msg); + stop_bsock_timer(tid); if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)) != 0) { Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n")); return 0; @@ -124,28 +140,48 @@ int authenticate_file_daemon(JCR *jcr) /********************************************************************* * */ -int authenticate_user_agent(BSOCK *ua) +int authenticate_user_agent(UAContext *uac) { - char name[MAXSTRING]; - int ok; - - if (ua->msglen < 16 || ua->msglen >= MAXSTRING-1) { - Emsg1(M_ERROR, 0, _("UA Hello is invalid. Len=%d\n"), ua->msglen); + char name[MAX_NAME_LENGTH]; + int ssl_need = BNET_SSL_NONE; + bool ok; + BSOCK *ua = uac->UA_sock; + +// Emsg4(M_INFO, 0, _("UA Hello from %s:%s:%d is invalid. Len=%d\n"), ua->who, +// ua->host, ua->port, ua->msglen); + if (ua->msglen < 16 || ua->msglen >= MAX_NAME_LENGTH + 15) { + Emsg4(M_ERROR, 0, _("UA Hello from %s:%s:%d is invalid. Len=%d\n"), ua->who, + ua->host, ua->port, ua->msglen); return 0; } if (sscanf(ua->msg, "Hello %127s calling\n", name) != 1) { ua->msg[100] = 0; /* terminate string */ - Emsg1(M_ERROR, 0, _("UA Hello is invalid. Got: %s\n"), ua->msg); + Emsg4(M_ERROR, 0, _("UA Hello from %s:%s:%d is invalid. Got: %s\n"), ua->who, + ua->host, ua->port, ua->msg); return 0; } - - ok = cram_md5_auth(ua, director->password) && - cram_md5_get_auth(ua, director->password); - + name[sizeof(name)-1] = 0; /* terminate name */ + if (strcmp(name, "*UserAgent*") == 0) { /* default console */ + ok = cram_md5_auth(ua, director->password, ssl_need) && + cram_md5_get_auth(ua, director->password, ssl_need); + } else { + unbash_spaces(name); + CONRES *cons = (CONRES *)GetResWithName(R_CONSOLE, name); + if (cons) { + ok = cram_md5_auth(ua, cons->password, ssl_need) && + cram_md5_get_auth(ua, cons->password, ssl_need); + if (ok) { + uac->cons = cons; /* save console resource pointer */ + } + } else { + ok = false; + } + } if (!ok) { bnet_fsend(ua, "%s", _(Dir_sorry)); - Emsg0(M_WARNING, 0, _("Unable to authenticate User Agent\n")); + Emsg4(M_ERROR, 0, _("Unable to authenticate console \"%s\" at %s:%s:%d.\n"), + name, ua->who, ua->host, ua->port); sleep(5); return 0; }