X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Ffiled%2Fauthenticate.c;h=a5728416a76f850556c9b8ce3885eba883b52556;hb=13b70b45ab81f042379739d6390f8150f0fea470;hp=9c4440c1ca9f0b06fcdc36b7a50dce1ea1c1ca5f;hpb=0ead2456c9f849db66af82808cb5d3b7888e557f;p=bacula%2Fbacula diff --git a/bacula/src/filed/authenticate.c b/bacula/src/filed/authenticate.c index 9c4440c1ca..a5728416a7 100644 --- a/bacula/src/filed/authenticate.c +++ b/bacula/src/filed/authenticate.c @@ -4,10 +4,10 @@ * Kern Sibbald, October 2000 * * Version $Id$ - * + * */ /* - Copyright (C) 2000, 2001, 2002 Kern Sibbald and John Walker + Copyright (C) 2000-2004 Kern Sibbald and John Walker This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as @@ -25,7 +25,7 @@ MA 02111-1307, USA. */ - + #include "bacula.h" #include "filed.h" @@ -33,20 +33,26 @@ static char OK_hello[] = "2000 OK Hello\n"; static char Dir_sorry[] = "2999 No go\n"; -/********************************************************************* +/********************************************************************* * */ -static int authenticate(int rcode, BSOCK *bs) +static int authenticate(int rcode, BSOCK *bs, JCR* jcr) { POOLMEM *dirname; DIRRES *director; + int ssl_need = BNET_SSL_NONE; + bool auth, get_auth = false; if (rcode != R_DIRECTOR) { + Dmsg1(50, _("I only authenticate directors, not %d\n"), rcode); Emsg1(M_FATAL, 0, _("I only authenticate directors, not %d\n"), rcode); return 0; } if (bs->msglen < 25 || bs->msglen > 200) { - Emsg0(M_FATAL, 0, _("Bad Hello command from Director.\n")); + Dmsg2(50, _("Bad Hello command from Director at %s. Len=%d.\n"), + bs->who, bs->msglen); + Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s. Len=%d.\n"), + bs->who, bs->msglen); return 0; } dirname = get_pool_memory(PM_MESSAGE); @@ -55,35 +61,54 @@ static int authenticate(int rcode, BSOCK *bs) if (sscanf(bs->msg, "Hello Director %s calling\n", dirname) != 1) { free_pool_memory(dirname); bs->msg[100] = 0; - Emsg1(M_FATAL, 0, _("Bad Hello command from Director: %s\n"), bs->msg); + Dmsg2(50, _("Bad Hello command from Director at %s: %s\n"), + bs->who, bs->msg); + Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s: %s\n"), + bs->who, bs->msg); return 0; } - director = NULL; unbash_spaces(dirname); LockRes(); - while ((director=(DIRRES *)GetNextRes(rcode, (RES *)director))) { + foreach_res(director, R_DIRECTOR) { if (strcmp(director->hdr.name, dirname) == 0) break; } UnlockRes(); if (!director) { - Emsg1(M_FATAL, 0, _("Connection from unknown Director %s rejected.\n"), dirname); + Dmsg2(50, _("Connection from unknown Director %s at %s rejected.\n"), + dirname, bs->who); + Emsg2(M_FATAL, 0, _("Connection from unknown Director %s at %s rejected.\n" + "Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"), + dirname, bs->who); free_pool_memory(dirname); return 0; } - if (!cram_md5_auth(bs, director->password) || - !cram_md5_get_auth(bs, director->password)) { - Emsg0(M_FATAL, 0, _("Incorrect password given by Director.\n")); + btimer_t *tid = start_bsock_timer(bs, AUTH_TIMEOUT); + auth = cram_md5_auth(bs, director->password, ssl_need); + if (auth) { + get_auth = cram_md5_get_auth(bs, director->password, ssl_need); + if (!get_auth) { + Dmsg1(50, "cram_get_auth failed for %s\n", bs->who); + } + } else { + Dmsg1(50, "cram_auth failed for %s\n", bs->who); + } + if (!auth || !get_auth) { + Emsg1(M_FATAL, 0, _("Incorrect password given by Director at %s.\n" + "Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"), + bs->who); director = NULL; } + stop_bsock_timer(tid); free_pool_memory(dirname); + jcr->director = director; return (director != NULL); } /* * Inititiate the communications with the Director. * He has made a connection to our server. - * + * * Basic tasks done here: * We read Director's initial message and authorize him. * @@ -92,10 +117,10 @@ int authenticate_director(JCR *jcr) { BSOCK *dir = jcr->dir_bsock; - if (!authenticate(R_DIRECTOR, dir)) { + if (!authenticate(R_DIRECTOR, dir, jcr)) { bnet_fsend(dir, "%s", Dir_sorry); Emsg0(M_FATAL, 0, _("Unable to authenticate Director\n")); - sleep(5); + bmicrosleep(5, 0); return 0; } return bnet_fsend(dir, "%s", OK_hello); @@ -108,13 +133,24 @@ int authenticate_director(JCR *jcr) int authenticate_storagedaemon(JCR *jcr) { BSOCK *sd = jcr->store_bsock; - int stat; + int ssl_need = BNET_SSL_NONE; + bool get_auth, auth = false; - stat = cram_md5_get_auth(sd, jcr->sd_auth_key) && - cram_md5_auth(sd, jcr->sd_auth_key); + btimer_t *tid = start_bsock_timer(sd, AUTH_TIMEOUT); + get_auth = cram_md5_get_auth(sd, jcr->sd_auth_key, ssl_need); + if (!get_auth) { + Dmsg1(50, "cram_get_auth failed for %s\n", sd->who); + } else { + auth = cram_md5_auth(sd, jcr->sd_auth_key, ssl_need); + if (!auth) { + Dmsg1(50, "cram_auth failed for %s\n", sd->who); + } + } + stop_bsock_timer(tid); memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key)); - if (!stat) { - Jmsg(jcr, M_FATAL, 0, _("Authorization key rejected by Storage daemon.\n")); + if (!get_auth || !auth) { + Jmsg(jcr, M_FATAL, 0, _("Authorization key rejected by Storage daemon.\n" + "Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n")); } - return stat; + return get_auth && auth; }