X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Fdird%2Fauthenticate.c;h=f2f0bdb2698e185cdb49ccbfa456b4fc0f15a645;hb=7ebf8f564b27ca8448a9a7365ba73b130ae69c21;hp=1ce4f0a05c9e3a6ce7fbcdc875c65d3b458817eb;hpb=13999058dc0ad72fd807a36c10c9135e26caf1cf;p=bacula%2Fbacula

diff --git a/bacula/src/dird/authenticate.c b/bacula/src/dird/authenticate.c
index 1ce4f0a05c..f2f0bdb269 100644
--- a/bacula/src/dird/authenticate.c
+++ b/bacula/src/dird/authenticate.c
@@ -56,30 +56,37 @@ int authenticate_storage_daemon(JCR *jcr)
 {
    BSOCK *sd = jcr->store_bsock;
    char dirname[MAX_NAME_LENGTH];
+   int ssl_need = BNET_SSL_NONE;
 
    /* 
     * Send my name to the Storage daemon then do authentication
     */
-   strcpy(dirname, director->hdr.name);
+   bstrncpy(dirname, director->hdr.name, sizeof(dirname));
    bash_spaces(dirname);
+   /* Timeout Hello after 5 mins */
+   btimer_t *tid = start_bsock_timer(sd, 60 * 5);
    if (!bnet_fsend(sd, hello, dirname)) {
+      stop_bsock_timer(tid);
       Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), bnet_strerror(sd));
       return 0;
    }
-   if (!cram_md5_get_auth(sd, jcr->store->password) || 
-       !cram_md5_auth(sd, jcr->store->password)) {
-      Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords not the same.\n"));
+   if (!cram_md5_get_auth(sd, jcr->store->password, ssl_need) || 
+       !cram_md5_auth(sd, jcr->store->password, ssl_need)) {
+      stop_bsock_timer(tid);
+      Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n"));
       return 0;
    }
    Dmsg1(116, ">stored: %s", sd->msg);
    if (bnet_recv(sd) <= 0) {
-      Emsg1(M_FATAL, 0, _("bdird<stored: bad response to Hello command: ERR=%s\n"),
+      stop_bsock_timer(tid);
+      Jmsg1(jcr, M_FATAL, 0, _("bdird<stored: bad response to Hello command: ERR=%s\n"),
 	 bnet_strerror(sd));
       return 0;
    }
    Dmsg1(110, "<stored: %s", sd->msg);
+   stop_bsock_timer(tid);
    if (strncmp(sd->msg, OKhello, sizeof(OKhello)) != 0) {
-      Emsg0(M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
+      Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
       return 0;
    }
    return 1;
@@ -92,28 +99,35 @@ int authenticate_file_daemon(JCR *jcr)
 {
    BSOCK *fd = jcr->file_bsock;
    char dirname[MAX_NAME_LENGTH];
+   int ssl_need = BNET_SSL_NONE;
 
    /* 
     * Send my name to the File daemon then do authentication
     */
-   strcpy(dirname, director->hdr.name);
+   bstrncpy(dirname, director->hdr.name, sizeof(dirname));
    bash_spaces(dirname);
-   if (!bnet_fsend(fd, hello, director->hdr.name)) {
+   /* Timeout Hello after 5 mins */
+   btimer_t *tid = start_bsock_timer(fd, 60 * 5);
+   if (!bnet_fsend(fd, hello, dirname)) {
+      stop_bsock_timer(tid);
       Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd));
       return 0;
    }
-   if (!cram_md5_get_auth(fd, jcr->client->password) || 
-       !cram_md5_auth(fd, jcr->client->password)) {
-      Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords not the same.\n"));
+   if (!cram_md5_get_auth(fd, jcr->client->password, ssl_need) || 
+       !cram_md5_auth(fd, jcr->client->password, ssl_need)) {
+      stop_bsock_timer(tid);
+      Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n"));
       return 0;
    }
    Dmsg1(116, ">filed: %s", fd->msg);
    if (bnet_recv(fd) <= 0) {
-      Jmsg(jcr, M_FATAL, 0, _("bdird<filed: bad response to Hello command: ERR=%s\n"),
+      stop_bsock_timer(tid);
+      Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"),
 	 bnet_strerror(fd));
       return 0;
    }
    Dmsg1(110, "<stored: %s", fd->msg);
+   stop_bsock_timer(tid);
    if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)) != 0) {
       Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n"));
       return 0;
@@ -124,26 +138,50 @@ int authenticate_file_daemon(JCR *jcr)
 /********************************************************************* 
  *
  */
-int authenticate_user_agent(BSOCK *ua)
+int authenticate_user_agent(UAContext *uac) 
 {
-   char name[128];
-   int ok = 0;
-
+   char name[MAX_NAME_LENGTH];
+   int ssl_need = BNET_SSL_NONE;
+   bool ok;    
+   BSOCK *ua = uac->UA_sock;
+
+   if (ua->msglen < 16 || ua->msglen >= MAX_NAME_LENGTH + 15) {
+      Emsg4(M_ERROR, 0, _("UA Hello from %s:%s:%d is invalid. Len=%d\n"), ua->who,
+	    ua->host, ua->port, ua->msglen);
+      return 0;
+   }
 
    if (sscanf(ua->msg, "Hello %127s calling\n", name) != 1) {
-      Emsg1(M_FATAL, 0, _("Authentication failure: %s"), ua->msg);
+      ua->msg[100] = 0; 	      /* terminate string */
+      Emsg4(M_ERROR, 0, _("UA Hello from %s:%s:%d is invalid. Got: %s\n"), ua->who,
+	    ua->host, ua->port, ua->msg);
       return 0;
    }
-
-   ok = cram_md5_auth(ua, director->password) &&
-	cram_md5_get_auth(ua, director->password);
-
+// Dmsg2(000, "Console=%s addr=%s\n", name, inet_ntoa(ua->client_addr.sin_addr));
+   name[sizeof(name)-1] = 0;		 /* terminate name */
+   if (strcmp(name, "*UserAgent*") == 0) {  /* default console */
+      ok = cram_md5_auth(ua, director->password, ssl_need) &&
+	   cram_md5_get_auth(ua, director->password, ssl_need);
+   } else {
+      unbash_spaces(name); 
+      CONRES *cons = (CONRES *)GetResWithName(R_CONSOLE, name);
+      if (cons) {
+	 ok = cram_md5_auth(ua, cons->password, ssl_need) &&
+	      cram_md5_get_auth(ua, cons->password, ssl_need);
+	 if (ok) {
+	    uac->cons = cons;	      /* save console resource pointer */
+	 }
+      } else {
+	 ok = false;
+      }
+   }
    if (!ok) {
       bnet_fsend(ua, "%s", _(Dir_sorry));
-      Emsg0(M_WARNING, 0, _("Unable to authenticate User Agent\n"));
+      Emsg4(M_ERROR, 0, _("Unable to authenticate console \"%s\" at %s:%s:%d.\n"),
+	    name, ua->who, ua->host, ua->port);
       sleep(5);
       return 0;
    }
-   bnet_fsend(ua, "1000 OK: %s Version: " VERSION " (" DATE ")\n", my_name);
+   bnet_fsend(ua, "1000 OK: %s Version: " VERSION " (" BDATE ")\n", my_name);
    return 1;
 }