/* Set if Bacula conio support enabled */
#undef HAVE_CONIO
-/* Define if encryption support should be enabled */
-#undef HAVE_CRYPTO
-
/* Define to 1 if you have the <curses.h> header file. */
#undef HAVE_CURSES_H
/* If using the C implementation of alloca, define if you know the
direction of stack growth for your system; otherwise it will be
automatically deduced at runtime.
- STACK_DIRECTION > 0 => grows toward higher addresses
- STACK_DIRECTION < 0 => grows toward lower addresses
- STACK_DIRECTION = 0 => direction of growth unknown */
+ STACK_DIRECTION > 0 => grows toward higher addresses
+ STACK_DIRECTION < 0 => grows toward lower addresses
+ STACK_DIRECTION = 0 => direction of growth unknown */
#undef STACK_DIRECTION
/* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */
*/
int bnet_wait_data(BSOCK * bsock, int sec)
{
- fd_set fdset;
- struct timeval tv;
-
- FD_ZERO(&fdset);
- FD_SET((unsigned)bsock->m_fd, &fdset);
- for (;;) {
- tv.tv_sec = sec;
- tv.tv_usec = 0;
- switch (select(bsock->m_fd + 1, &fdset, NULL, NULL, &tv)) {
- case 0: /* timeout */
- bsock->b_errno = 0;
- return 0;
- case -1:
- bsock->b_errno = errno;
- if (errno == EINTR) {
- continue;
- }
- return -1; /* error return */
- default:
- bsock->b_errno = 0;
- return 1;
- }
- }
+ return bsock->wait_data(sec);
}
/*
*/
int bnet_wait_data_intr(BSOCK * bsock, int sec)
{
- fd_set fdset;
- struct timeval tv;
-
- FD_ZERO(&fdset);
- FD_SET((unsigned)bsock->m_fd, &fdset);
- tv.tv_sec = sec;
- tv.tv_usec = 0;
- switch (select(bsock->m_fd + 1, &fdset, NULL, NULL, &tv)) {
- case 0: /* timeout */
- bsock->b_errno = 0;
- return 0;
- case -1:
- bsock->b_errno = errno;
- return -1; /* error return */
- default:
- bsock->b_errno = 0;
- }
- return 1;
+ return bsock->wait_data_intr(sec);
}
#ifndef NETDB_INTERNAL
}
/*
- * Open a TCP connection to the UPS network server
- * Returns NULL
- * Returns BSOCK * pointer on success
- *
- */
-static BSOCK *bnet_open(JCR *jcr, const char *name, char *host, char *service,
- int port, utime_t heart_beat, int *fatal)
-{
- int sockfd = -1;
- dlist *addr_list;
- IPADDR *ipaddr;
- bool connected = false;
- int turnon = 1;
- const char *errstr;
- int save_errno = 0;
-
- /*
- * Fill in the structure serv_addr with the address of
- * the server that we want to connect with.
- */
- if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
- /* Note errstr is not malloc'ed */
- Qmsg2(jcr, M_ERROR, 0, _("gethostbyname() for host \"%s\" failed: ERR=%s\n"),
- host, errstr);
- Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
- host, errstr);
- *fatal = 1;
- return NULL;
- }
-
- foreach_dlist(ipaddr, addr_list) {
- ipaddr->set_port_net(htons(port));
- char allbuf[256 * 10];
- char curbuf[256];
- Dmsg2(100, "Current %sAll %s\n",
- ipaddr->build_address_str(curbuf, sizeof(curbuf)),
- build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
- /* Open a TCP socket */
- if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
- berrno be;
- save_errno = errno;
- *fatal = 1;
- Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
- ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
- continue;
- }
- /*
- * Keep socket from timing out from inactivity
- */
- if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
- berrno be;
- Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
- be.bstrerror());
- }
-#if defined(TCP_KEEPIDLE)
- if (heart_beat) {
- int opt = heart_beat
- if (setsockopt(sockfd, IPPROTO_IP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
- berrno be;
- Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPIDLE on socket: %s\n"),
- be.bstrerror());
- }
- }
-#endif
-
- /* connect to server */
- if (connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
- save_errno = errno;
- socketClose(sockfd);
- continue;
- }
- *fatal = 0;
- connected = true;
- break;
- }
-
- if (!connected) {
- free_addresses(addr_list);
- errno = save_errno | b_errno_win32;
- return NULL;
- }
- /*
- * Keep socket from timing out from inactivity
- * Do this a second time out of paranoia
- */
- if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
- berrno be;
- Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
- be.bstrerror());
- }
- BSOCK* ret = init_bsock(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
- free_addresses(addr_list);
- return ret;
-}
-
-
-#ifdef xxx
+ * This is the "old" way of opening a connection. The preferred way is
+ * now to do what this subroutine does, but inline. That allows the
+ * connect() call to return error status, ...
+ */
BSOCK *bnet_connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
utime_t heart_beat,
const char *name, char *host, char *service, int port,
int verbose)
{
- BSOCK *bsock = new BSOCK();
+ BSOCK *bsock = new_bsock();
if (!bsock->connect(jcr, retry_interval, max_retry_time, heart_beat,
name, host, service, port, verbose)) {
- delete bsock;
+ bsock->destroy();
bsock = NULL;
}
return bsock;
}
-#endif
-
-
-/*
- * Try to connect to host for max_retry_time at retry_time intervals.
- */
-BSOCK *bnet_connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
- utime_t heart_beat,
- const char *name, char *host, char *service, int port,
- int verbose)
-{
- int i;
- BSOCK *bsock;
- int fatal = 0;
- time_t begin_time = time(NULL);
- time_t now;
- btimer_t *tid = NULL;
-
- /* Try to trap out of OS call when time expires */
- if (max_retry_time) {
- tid = start_thread_timer(pthread_self(), (uint32_t)max_retry_time);
- }
-
- for (i = 0; (bsock = bnet_open(jcr, name, host, service, port, heart_beat, &fatal)) == NULL;
- i -= retry_interval) {
- berrno be;
- if (fatal || (jcr && job_canceled(jcr))) {
- bsock = NULL;
- goto bail_out;
- }
- Dmsg4(100, "Unable to connect to %s on %s:%d. ERR=%s\n",
- name, host, port, be.bstrerror());
- if (i < 0) {
- i = 60 * 5; /* complain again in 5 minutes */
- if (verbose)
- Qmsg4(jcr, M_WARNING, 0, _(
- "Could not connect to %s on %s:%d. ERR=%s\n"
- "Retrying ...\n"), name, host, port, be.bstrerror());
- }
- bmicrosleep(retry_interval, 0);
- now = time(NULL);
- if (begin_time + max_retry_time <= now) {
- Qmsg4(jcr, M_FATAL, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
- name, host, port, be.bstrerror());
- bsock = NULL;
- goto bail_out;
- }
- }
-bail_out:
- if (tid) {
- stop_thread_timer(tid);
- }
- return bsock;
-}
/*
*/
const char *bnet_strerror(BSOCK * bsock)
{
- berrno be;
- if (bsock->errmsg == NULL) {
- bsock->errmsg = get_pool_memory(PM_MESSAGE);
- }
- pm_strcpy(bsock->errmsg, be.bstrerror(bsock->b_errno));
- return bsock->errmsg;
+ return bsock->bstrerror();
}
/*
}
}
-
/* Initialize internal socket structure.
* This probably should be done in net_open
*/
/* Close the network connection */
void bnet_close(BSOCK * bsock)
{
- bsock->close(); /* this calls destroy */
+ bsock->close();
}
void term_bsock(BSOCK * bsock)
*
* by Kern Sibbald
*
- * Version $Id: bnet.c 3670 2006-11-21 16:13:58Z kerns $
+ * Version $Id: $
*/
#define socketClose(fd) ::close(fd)
#endif
-BSOCK::BSOCK()
+/*
+ * This is a non-class BSOCK "constructor" because we want to
+ * call the Bacula smartalloc routines instead of new.
+ */
+BSOCK *new_bsock()
+{
+ BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
+ bsock->init();
+ return bsock;
+}
+
+void BSOCK::init()
{
memset(this, 0, sizeof(BSOCK));
+ m_blocking = 1;
+ msg = get_pool_memory(PM_MESSAGE);
+ errmsg = get_pool_memory(PM_MESSAGE);
+ /*
+ * ****FIXME**** reduce this to a few hours once
+ * heartbeats are implemented
+ */
+ timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
}
-BSOCK::~BSOCK()
+/*
+ * This is our "class destructor" that ensures that we use
+ * smartalloc rather than the system free().
+ */
+void BSOCK::free_bsock()
{
destroy();
}
/*
* Try to connect to host for max_retry_time at retry_time intervals.
+ * Note, you must have called the constructor prior to calling
+ * this routine.
*/
bool BSOCK::connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
utime_t heart_beat,
}
-/* Initialize internal socket structure.
- * This probably should be done in net_open
+/*
+ * Finish initialization of the pocket structure.
*/
-void BSOCK::init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
+void BSOCK::fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
struct sockaddr *lclient_addr)
{
Dmsg3(100, "who=%s host=%s port=%d\n", who, host, port);
m_fd = sockfd;
- tls = NULL;
- errors = 0;
- m_blocking = 1;
- msg = get_pool_memory(PM_MESSAGE);
- errmsg = get_pool_memory(PM_MESSAGE);
set_who(bstrdup(who));
set_host(bstrdup(host));
set_port(port);
- memset(&peer_addr, 0, sizeof(peer_addr));
memcpy(&client_addr, lclient_addr, sizeof(client_addr));
- /*
- * ****FIXME**** reduce this to a few hours once
- * heartbeats are implemented
- */
- timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
set_jcr(jcr);
}
/*
- * Open a TCP connection to the UPS network server
+ * Open a TCP connection to the server
* Returns NULL
* Returns BSOCK * pointer on success
*
Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
be.bstrerror());
}
- init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
+ fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
free_addresses(addr_list);
return true;
}
Qmsg5(m_jcr, M_ERROR, 0,
_("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
msglen, m_who,
- m_host, m_port, bnet_strerror(this));
+ m_host, m_port, this->bstrerror());
}
} else {
Qmsg5(m_jcr, M_ERROR, 0,
}
errors++;
Qmsg4(m_jcr, M_ERROR, 0, _("Read error from %s:%s:%d: ERR=%s\n"),
- m_who, m_host, m_port, bnet_strerror(this));
+ m_who, m_host, m_port, this->bstrerror());
return BNET_ERROR;
}
timer_start = 0; /* clear timer */
#endif
}
+/*
+ * Wait for a specified time for data to appear on
+ * the BSOCK connection.
+ *
+ * Returns: 1 if data available
+ * 0 if timeout
+ * -1 if error
+ */
+int BSOCK::wait_data(int sec)
+{
+ fd_set fdset;
+ struct timeval tv;
+
+ FD_ZERO(&fdset);
+ FD_SET((unsigned)m_fd, &fdset);
+ for (;;) {
+ tv.tv_sec = sec;
+ tv.tv_usec = 0;
+ switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
+ case 0: /* timeout */
+ b_errno = 0;
+ return 0;
+ case -1:
+ b_errno = errno;
+ if (errno == EINTR) {
+ continue;
+ }
+ return -1; /* error return */
+ default:
+ b_errno = 0;
+ return 1;
+ }
+ }
+}
+
+/*
+ * As above, but returns on interrupt
+ */
+int BSOCK::wait_data_intr(int sec)
+{
+ fd_set fdset;
+ struct timeval tv;
+
+ FD_ZERO(&fdset);
+ FD_SET((unsigned)m_fd, &fdset);
+ tv.tv_sec = sec;
+ tv.tv_usec = 0;
+ switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
+ case 0: /* timeout */
+ b_errno = 0;
+ return 0;
+ case -1:
+ b_errno = errno;
+ return -1; /* error return */
+ default:
+ b_errno = 0;
+ }
+ return 1;
+}
+/*
+ * Note, this routine closes and destroys all the sockets
+ * that are open including the duped ones.
+ */
void BSOCK::close()
{
BSOCK *bsock = this;
for (; bsock; bsock = next) {
next = bsock->m_next; /* get possible pointer to next before destoryed */
if (!bsock->m_duped) {
-#ifdef HAVE_TLS
/* Shutdown tls cleanly. */
if (bsock->tls) {
tls_bsock_shutdown(bsock);
free_tls_connection(bsock->tls);
bsock->tls = NULL;
}
-#endif /* HAVE_TLS */
if (bsock->is_timed_out()) {
shutdown(bsock->m_fd, 2); /* discard any pending I/O */
}
socketClose(bsock->m_fd); /* normal close */
}
- bsock->destroy(); /* free the packet */
+ bsock->destroy();
}
return;
}
char *m_host; /* Host name/IP */
int m_port; /* desired port */
- void init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
+ void fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
struct sockaddr *lclient_addr);
bool open(JCR *jcr, const char *name, char *host, char *service,
int port, utime_t heart_beat, int *fatal);
struct sockaddr_in peer_addr; /* peer's IP address */
/* methods -- in bsock.c */
- BSOCK();
- ~BSOCK();
+ void init();
+ void free_bsock();
bool connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
utime_t heart_beat, const char *name, char *host,
char *service, int port, int verbose);
int set_nonblocking();
int set_blocking();
void restore_blocking(int flags);
+ int wait_data(int sec);
+ int wait_data_intr(int sec);
/* Inline functions */
void set_jcr(JCR *jcr) { m_jcr = jcr; };
int32_t read_nbytes(BSOCK * bsock, char *ptr, int32_t nbytes);
int32_t write_nbytes(BSOCK * bsock, char *ptr, int32_t nbytes);
+
+BSOCK *new_bsock();
-/*
- * Challenge Response Authentication Method using MD5 (CRAM-MD5)
- *
- * cram-md5 is based on RFC2104.
- *
- * Written for Bacula by Kern E. Sibbald, May MMI.
- *
- * Version $Id$
- */
/*
Bacula® - The Network Backup Solution
- Copyright (C) 2001-2006 Free Software Foundation Europe e.V.
+ Copyright (C) 2001-2007 Free Software Foundation Europe e.V.
The main author of Bacula is Kern Sibbald, with contributions from
many others, a complete list can be found in the file AUTHORS.
(FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
Switzerland, email:ftf@fsfeurope.org.
*/
+/*
+ * Challenge Response Authentication Method using MD5 (CRAM-MD5)
+ *
+ * cram-md5 is based on RFC2104.
+ *
+ * Written for Bacula by Kern E. Sibbald, May MMI.
+ *
+ * Version $Id$
+ */
#include "bacula.h"
bsnprintf(chal, sizeof(chal), "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host);
if (compatible) {
Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need);
- if (!bnet_fsend(bs, "auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) {
- Dmsg1(50, "Bnet send challenge error.\n", bnet_strerror(bs));
+ if (!bs->fsend("auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) {
+ Dmsg1(50, "Bnet send challenge error.\n", bs->bstrerror());
return false;
}
} else {
/* Old non-compatible system */
Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need);
- if (!bnet_fsend(bs, "auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) {
- Dmsg1(50, "Bnet send challenge error.\n", bnet_strerror(bs));
+ if (!bs->fsend("auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) {
+ Dmsg1(50, "Bnet send challenge error.\n", bs->bstrerror());
return false;
}
}
/* Read hashed response to challenge */
- if (bnet_wait_data(bs, 180) <= 0 || bnet_recv(bs) <= 0) {
- Dmsg1(50, "Bnet receive challenge response error.\n", bnet_strerror(bs));
+ if (bs->wait_data(180) <= 0 || bs->recv() <= 0) {
+ Dmsg1(50, "Bnet receive challenge response error.\n", bs->bstrerror());
bmicrosleep(5, 0);
return false;
}
}
}
if (ok) {
- bnet_fsend(bs, "1000 OK auth\n");
+ bs->fsend("1000 OK auth\n");
} else {
Dmsg1(50, "Auth failed PW: %s\n", password);
- bnet_fsend(bs, _("1999 Authorization failed.\n"));
+ bs->fsend(_("1999 Authorization failed.\n"));
bmicrosleep(5, 0);
}
return ok;
uint8_t hmac[20];
*compatible = false;
- if (bnet_recv(bs) <= 0) {
+ if (bs->recv() <= 0) {
bmicrosleep(5, 0);
return false;
}
} else if (sscanf(bs->msg, "auth cram-md5 %s ssl=%d", chal, tls_remote_need) != 2) {
if (sscanf(bs->msg, "auth cram-md5 %s\n", chal) != 1) {
Dmsg1(50, "Cannot scan challenge: %s", bs->msg);
- bnet_fsend(bs, _("1999 Authorization failed.\n"));
+ bs->fsend(_("1999 Authorization failed.\n"));
bmicrosleep(5, 0);
return false;
}
hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
bs->msglen = bin_to_base64(bs->msg, 50, (char *)hmac, 16, *compatible) + 1;
// Dmsg3(100, "get_auth: chal=%s pw=%s hmac=%s\n", chal, password, bs->msg);
- if (!bnet_send(bs)) {
- Dmsg1(50, "Send challenge failed. ERR=%s\n", bnet_strerror(bs));
+ if (!bs->send()) {
+ Dmsg1(50, "Send challenge failed. ERR=%s\n", bs->bstrerror());
return false;
}
Dmsg1(99, "sending resp to challenge: %s\n", bs->msg);
- if (bnet_wait_data(bs, 180) <= 0 || bnet_recv(bs) <= 0) {
- Dmsg1(50, "Receive chanllenge response failed. ERR=%s\n", bnet_strerror(bs));
+ if (bs->wait_data(180) <= 0 || bs->recv() <= 0) {
+ Dmsg1(50, "Receive chanllenge response failed. ERR=%s\n", bs->bstrerror());
bmicrosleep(5, 0);
return false;
}
* Returns: A pointer to a X509 KEYPAIR object on success.
* NULL on failure.
*/
-X509_KEYPAIR *crypto_keypair_new(void) {
+X509_KEYPAIR *crypto_keypair_new(void)
+{
X509_KEYPAIR *keypair;
/* Allocate our keypair structure */
- keypair = (X509_KEYPAIR *) malloc(sizeof(X509_KEYPAIR));
- if (!keypair) {
- return NULL;
- }
+ keypair = (X509_KEYPAIR *)malloc(sizeof(X509_KEYPAIR));
/* Initialize our keypair structure */
keypair->keyid = NULL;
* Create a new encryption session.
* Returns: A pointer to a CRYPTO_SESSION object on success.
* NULL on failure.
+ *
+ * Note! Bacula malloc() fails if out of memory.
*/
CRYPTO_SESSION *crypto_session_new (crypto_cipher_t cipher, alist *pubkeys)
{
int iv_len;
/* Allocate our session description structures */
- cs = (CRYPTO_SESSION *) malloc(sizeof(CRYPTO_SESSION));
- if (!cs) {
- return NULL;
- }
+ cs = (CRYPTO_SESSION *)malloc(sizeof(CRYPTO_SESSION));
/* Initialize required fields */
cs->session_key = NULL;
cs->cryptoData->contentEncryptionAlgorithm = OBJ_nid2obj(NID_aes_128_cbc);
ec = EVP_aes_128_cbc();
break;
+#ifdef HAVE_SHA2
case CRYPTO_CIPHER_AES_192_CBC:
/* AES 192 bit CBC */
cs->cryptoData->contentEncryptionAlgorithm = OBJ_nid2obj(NID_aes_192_cbc);
cs->cryptoData->contentEncryptionAlgorithm = OBJ_nid2obj(NID_aes_256_cbc);
ec = EVP_aes_256_cbc();
break;
+#endif
case CRYPTO_CIPHER_BLOWFISH_CBC:
/* Blowfish CBC */
cs->cryptoData->contentEncryptionAlgorithm = OBJ_nid2obj(NID_bf_cbc);
/* Generate an IV if possible */
if ((iv_len = EVP_CIPHER_iv_length(ec))) {
- iv = (unsigned char *) malloc(iv_len);
- if (!iv) {
- /* Malloc failure */
- crypto_session_free(cs);
- return NULL;
- }
+ iv = (unsigned char *)malloc(iv_len);
/* Generate random IV */
if (RAND_bytes(iv, iv_len) <= 0) {
ri->keyEncryptionAlgorithm = OBJ_nid2obj(NID_rsaEncryption);
/* Encrypt the session key */
- ekey = (unsigned char *) malloc(EVP_PKEY_size(keypair->pubkey));
- if (!ekey) {
- RecipientInfo_free(ri);
- crypto_session_free(cs);
- return NULL;
- }
+ ekey = (unsigned char *)malloc(EVP_PKEY_size(keypair->pubkey));
if ((ekey_len = EVP_PKEY_encrypt(ekey, cs->session_key, cs->session_key_len, keypair->pubkey)) <= 0) {
/* OpenSSL failure */
return CRYPTO_ERROR_NORECIPIENT;
}
- cs = (CRYPTO_SESSION *) malloc(sizeof(CRYPTO_SESSION));
- if (!cs) {
- return CRYPTO_ERROR_INTERNAL;
- }
+ cs = (CRYPTO_SESSION *)malloc(sizeof(CRYPTO_SESSION));
/* Initialize required fields */
cs->session_key = NULL;
/* Decrypt the session key */
/* Allocate sufficient space for the largest possible decrypted data */
- cs->session_key = (unsigned char *) malloc(EVP_PKEY_size(keypair->privkey));
+ cs->session_key = (unsigned char *)malloc(EVP_PKEY_size(keypair->privkey));
cs->session_key_len = EVP_PKEY_decrypt(cs->session_key, M_ASN1_STRING_data(ri->encryptedKey),
M_ASN1_STRING_length(ri->encryptedKey), keypair->privkey);
/*
* Free memory associated with a crypto session object.
*/
-void crypto_session_free (CRYPTO_SESSION *cs)
+void crypto_session_free(CRYPTO_SESSION *cs)
{
if (cs->cryptoData) {
CryptoData_free(cs->cryptoData);
CIPHER_CONTEXT *cipher_ctx;
const EVP_CIPHER *ec;
- cipher_ctx = (CIPHER_CONTEXT *) malloc(sizeof(CIPHER_CONTEXT));
- if (!cipher_ctx) {
- return NULL;
- }
+ cipher_ctx = (CIPHER_CONTEXT *)malloc(sizeof(CIPHER_CONTEXT));
/*
* Acquire a cipher instance for the given ASN.1 cipher NID
}
void free_tls_context(TLS_CONTEXT *ctx) { }
+void tls_bsock_shutdown(BSOCK *bsock) { }
+
+void free_tls_connection(TLS_CONNECTION *tls)
+{
+ if (tls) {
+ if (tls->openssl) {
+ SSL_free(tls->openssl);
+ }
+ free(tls);
+ }
+}
+
#endif /* HAVE_TLS */
-/*
- * tls.h TLS support functions
- *
- * Author: Landon Fuller <landonf@threerings.net>
- *
- * Version $Id$
- *
- * This file was contributed to the Bacula project by Landon Fuller
- * and Three Rings Design, Inc.
- *
- * Three Rings Design, Inc. has been granted a perpetual, worldwide,
- * non-exclusive, no-charge, royalty-free, irrevocable copyright
- * license to reproduce, prepare derivative works of, publicly
- * display, publicly perform, sublicense, and distribute the original
- * work contributed by Three Rings Design, Inc. and its employees to
- * the Bacula project in source or object form.
- *
- * If you wish to license contributions from Three Rings Design, Inc,
- * under an alternate open source license please contact
- * Landon Fuller <landonf@threerings.net>.
- */
/*
Bacula® - The Network Backup Solution
- Copyright (C) 2005-2006 Free Software Foundation Europe e.V.
+ Copyright (C) 2005-2007 Free Software Foundation Europe e.V.
The main author of Bacula is Kern Sibbald, with contributions from
many others, a complete list can be found in the file AUTHORS.
(FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
Switzerland, email:ftf@fsfeurope.org.
*/
+/*
+ * tls.h TLS support functions
+ *
+ * Author: Landon Fuller <landonf@threerings.net>
+ *
+ * Version $Id$
+ *
+ * This file was contributed to the Bacula project by Landon Fuller
+ * and Three Rings Design, Inc.
+ *
+ * Three Rings Design, Inc. has been granted a perpetual, worldwide,
+ * non-exclusive, no-charge, royalty-free, irrevocable copyright
+ * license to reproduce, prepare derivative works of, publicly
+ * display, publicly perform, sublicense, and distribute the original
+ * work contributed by Three Rings Design, Inc. and its employees to
+ * the Bacula project in source or object form.
+ *
+ * If you wish to license contributions from Three Rings Design, Inc,
+ * under an alternate open source license please contact
+ * Landon Fuller <landonf@threerings.net>.
+ */
#ifndef __TLS_H_
#define __TLS_H_
tls_local_need = BNET_TLS_OK;
}
}
-
tls_ctx = cons->tls_ctx;
} else {
bstrncpy(bashed_name, "*UserAgent*", sizeof(bashed_name));
tls_ctx = director->tls_ctx;
}
- /* Timeout Hello after 30 secs */
- btimer_t *tid = start_bsock_timer(dir, 30);
+ /* Timeout Hello after 15 secs */
+ btimer_t *tid = start_bsock_timer(dir, 15);
dir->fsend(hello, bashed_name);
/* respond to Dir challenge */
Technical notes on version 2.1
General:
+23May07
+kes Reduce bat connect timeout from 30 to 15 seconds.
+kes More restructuring and implementing BSOCK class in place of
+ old bnet.c code.
+kes Remove a few unnecessary malloc() tests in crypto code.
+kes Turn off crypto calls for > 128 bits in crypto.c if HAVE_SHA2
+ not defined. Bug reported by Allan Black <Allan.Black@btconnect.com>
+kes Remove duplicate HAVE_CRYPTO definition in config.h.in
22May07
kes Fix Verify InitCatalog mysql_escape_string() trashing memory.
Make buffer bigger.
projects / bacula / bacula / commitdiff