BSOCK *sd = jcr->store_bsock;
char dirname[MAX_NAME_LENGTH];
int ssl_need = BNET_SSL_NONE;
+ bool get_auth, auth = false;
/*
* Send my name to the Storage daemon then do authentication
btimer_t *tid = start_bsock_timer(sd, 60 * 10);
if (!bnet_fsend(sd, hello, dirname)) {
stop_bsock_timer(tid);
+ Dmsg1(50, _("Error sending Hello to Storage daemon. ERR=%s\n"), bnet_strerror(sd));
Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon. ERR=%s\n"), bnet_strerror(sd));
return 0;
}
- if (!cram_md5_get_auth(sd, store->password, ssl_need) ||
- !cram_md5_auth(sd, store->password, ssl_need)) {
+ get_auth = cram_md5_get_auth(sd, store->password, ssl_need);
+ if (get_auth) {
+ auth = cram_md5_auth(sd, store->password, ssl_need);
+ if (!auth) {
+ Dmsg1(50, "cram_auth failed for %s\n", sd->who);
+ }
+ } else {
+ Dmsg1(50, "cram_get_auth failed for %s\n", sd->who);
+ }
+ if (!get_auth || !auth) {
stop_bsock_timer(tid);
+ Dmsg0(50, _("Director and Storage daemon passwords or names not the same.\n"));
Jmsg0(jcr, M_FATAL, 0, _("Director and Storage daemon passwords or names not the same.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"));
return 0;
Dmsg1(110, "<stored: %s", sd->msg);
stop_bsock_timer(tid);
if (strncmp(sd->msg, OKhello, sizeof(OKhello)) != 0) {
+ Dmsg0(50, _("Storage daemon rejected Hello command\n"));
Jmsg0(jcr, M_FATAL, 0, _("Storage daemon rejected Hello command\n"));
return 0;
}
BSOCK *fd = jcr->file_bsock;
char dirname[MAX_NAME_LENGTH];
int ssl_need = BNET_SSL_NONE;
+ bool get_auth, auth = false;
/*
* Send my name to the File daemon then do authentication
Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd));
return 0;
}
- if (!cram_md5_get_auth(fd, jcr->client->password, ssl_need) ||
- !cram_md5_auth(fd, jcr->client->password, ssl_need)) {
+ get_auth = cram_md5_get_auth(fd, jcr->client->password, ssl_need);
+ if (get_auth) {
+ auth = cram_md5_auth(fd, jcr->client->password, ssl_need);
+ if (!auth) {
+ Dmsg1(50, "cram_auth failed for %s\n", fd->who);
+ }
+ } else {
+ Dmsg1(50, "cram_get_auth failed for %s\n", fd->who);
+ }
+ if (!get_auth || !auth) {
stop_bsock_timer(tid);
+ Dmsg0(50, _("Director and File daemon passwords or names not the same.\n"));
Jmsg(jcr, M_FATAL, 0, _("Director and File daemon passwords or names not the same.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"));
return 0;
Dmsg1(116, ">filed: %s", fd->msg);
if (bnet_recv(fd) <= 0) {
stop_bsock_timer(tid);
+ Dmsg1(50, _("Bad response from File daemon to Hello command: ERR=%s\n"),
+ bnet_strerror(fd));
Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon to Hello command: ERR=%s\n"),
bnet_strerror(fd));
return 0;
Dmsg1(110, "<stored: %s", fd->msg);
stop_bsock_timer(tid);
if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)) != 0) {
+ Dmsg0(50, _("File daemon rejected Hello command\n"));
Jmsg(jcr, M_FATAL, 0, _("File daemon rejected Hello command\n"));
return 0;
}
*
*/
/*
- Copyright (C) 2000, 2001, 2002 Kern Sibbald and John Walker
+ Copyright (C) 2000-2004 Kern Sibbald and John Walker
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License as
POOLMEM *dirname;
DIRRES *director;
int ssl_need = BNET_SSL_NONE;
+ bool auth, get_auth = false;
if (rcode != R_DIRECTOR) {
+ Dmsg1(50, _("I only authenticate directors, not %d\n"), rcode);
Emsg1(M_FATAL, 0, _("I only authenticate directors, not %d\n"), rcode);
return 0;
}
if (bs->msglen < 25 || bs->msglen > 200) {
+ Dmsg2(50, _("Bad Hello command from Director at %s. Len=%d.\n"),
+ bs->who, bs->msglen);
Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s. Len=%d.\n"),
bs->who, bs->msglen);
return 0;
if (sscanf(bs->msg, "Hello Director %s calling\n", dirname) != 1) {
free_pool_memory(dirname);
bs->msg[100] = 0;
+ Dmsg2(50, _("Bad Hello command from Director at %s: %s\n"),
+ bs->who, bs->msg);
Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s: %s\n"),
bs->who, bs->msg);
return 0;
}
UnlockRes();
if (!director) {
+ Dmsg2(50, _("Connection from unknown Director %s at %s rejected.\n"),
+ dirname, bs->who);
Emsg2(M_FATAL, 0, _("Connection from unknown Director %s at %s rejected.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"),
dirname, bs->who);
return 0;
}
btimer_t *tid = start_bsock_timer(bs, 60 * 10);
- if (!cram_md5_auth(bs, director->password, ssl_need) ||
- !cram_md5_get_auth(bs, director->password, ssl_need)) {
+ auth = cram_md5_auth(bs, director->password, ssl_need);
+ if (auth) {
+ get_auth = cram_md5_get_auth(bs, director->password, ssl_need);
+ if (!get_auth) {
+ Dmsg1(50, "cram_get_auth failed for %s\n", bs->who);
+ }
+ } else {
+ Dmsg1(50, "cram_auth failed for %s\n", bs->who);
+ }
+ if (!auth || !get_auth) {
Emsg1(M_FATAL, 0, _("Incorrect password given by Director at %s.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"),
bs->who);
int authenticate_storagedaemon(JCR *jcr)
{
BSOCK *sd = jcr->store_bsock;
- int stat;
int ssl_need = BNET_SSL_NONE;
+ bool get_auth, auth = false;
btimer_t *tid = start_bsock_timer(sd, 60 * 10);
- stat = cram_md5_get_auth(sd, jcr->sd_auth_key, ssl_need) &&
- cram_md5_auth(sd, jcr->sd_auth_key, ssl_need);
+ get_auth = cram_md5_get_auth(sd, jcr->sd_auth_key, ssl_need);
+ if (!get_auth) {
+ Dmsg1(50, "cram_get_auth failed for %s\n", sd->who);
+ } else {
+ auth = cram_md5_auth(sd, jcr->sd_auth_key, ssl_need);
+ if (!auth) {
+ Dmsg1(50, "cram_auth failed for %s\n", sd->who);
+ }
+ }
stop_bsock_timer(tid);
memset(jcr->sd_auth_key, 0, strlen(jcr->sd_auth_key));
- if (!stat) {
+ if (!get_auth || !auth) {
Jmsg(jcr, M_FATAL, 0, _("Authorization key rejected by Storage daemon.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"));
}
- return stat;
+ return get_auth && auth;
}
bstrncpy(host, my_name, sizeof(host));
}
bsnprintf(chal, sizeof(chal), "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host);
- Dmsg2(100, "send: auth cram-md5 %s ssl=%d\n", chal, ssl_need);
+ Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, ssl_need);
if (!bnet_fsend(bs, "auth cram-md5 %s ssl=%d\n", chal, ssl_need)) {
- Dmsg0(100, "Send challenge error.\n");
+ Dmsg1(50, "Bnet send challenge error.\n", bnet_strerror(bs));
return 0;
}
return 0;
}
if (bnet_wait_data(bs, 180) <= 0 || bnet_recv(bs) <= 0) {
+ Dmsg1(50, "Bnet receive challenge response error.\n", bnet_strerror(bs));
bmicrosleep(5, 0);
return 0;
}
bin_to_base64(host, (char *)hmac, 16);
ok = strcmp(bs->msg, host) == 0;
if (ok) {
- Dmsg0(99, "Authenticate OK\n");
+ Dmsg1(50, "Authenticate OK %s\n", host);
} else {
- Dmsg2(99, "Authenticate NOT OK: wanted %s, got %s\n", host, bs->msg);
+ Dmsg2(50, "Authenticate NOT OK: wanted %s, got %s\n", host, bs->msg);
}
if (ok) {
bnet_fsend(bs, "1000 OK auth\n");
} else {
- Dmsg1(100, "PW: %s\n", password);
+ Dmsg1(50, "Auth failed PW: %s\n", password);
bnet_fsend(bs, "1999 Authorization failed.\n");
bmicrosleep(5, 0);
}
return 0;
}
if (bs->msglen >= MAXSTRING) {
- Dmsg1(99, "Wanted auth cram... Got: %s", bs->msg);
+ Dmsg1(50, "Msg too long wanted auth cram... Got: %s", bs->msg);
bmicrosleep(5, 0);
return 0;
}
if (sscanf(bs->msg, "auth cram-md5 %s ssl=%d\n", chal, &ssl_has) != 2) {
ssl_has = BNET_SSL_NONE;
if (sscanf(bs->msg, "auth cram-md5 %s\n", chal) != 1) {
- Dmsg1(100, "Cannot scan challenge: %s", bs->msg);
+ Dmsg1(50, "Cannot scan challenge: %s", bs->msg);
bnet_fsend(bs, "1999 Authorization failed.\n");
bmicrosleep(5, 0);
return 0;
hmac_md5((uint8_t *)chal, strlen(chal), (uint8_t *)password, strlen(password), hmac);
bs->msglen = bin_to_base64(bs->msg, (char *)hmac, 16) + 1;
if (!bnet_send(bs)) {
- Dmsg0(100, "Send response failed.\n");
+ Dmsg1(50, "Send challenge failed. ERR=%s\n", bnet_strerror(bs));
return 0;
}
Dmsg1(99, "sending resp to challenge: %s\n", bs->msg);
if (bnet_wait_data(bs, 180) <= 0 || bnet_recv(bs) <= 0) {
+ Dmsg1(50, "Receive chanllenge response failed. ERR=%s\n", bnet_strerror(bs));
bmicrosleep(5, 0);
return 0;
}
if (strcmp(bs->msg, "1000 OK auth\n") == 0) {
return 1;
}
- Dmsg1(100, "Bad response: %s\n", bs->msg);
+ Dmsg1(50, "Bad auth response: %s\n", bs->msg);
bmicrosleep(5, 0);
return 0;
}
POOLMEM *dirname;
DIRRES *director = NULL;
int ssl_need = BNET_SSL_NONE;
+ bool auth, get_auth = false;
if (rcode != R_DIRECTOR) {
+ Dmsg1(50, _("I only authenticate Directors, not %d\n"), rcode);
Emsg1(M_FATAL, 0, _("I only authenticate Directors, not %d\n"), rcode);
return 0;
}
if (bs->msglen < 25 || bs->msglen > 200) {
+ Dmsg2(50, _("Bad Hello command from Director at %s. Len=%d.\n"),
+ bs->who, bs->msglen);
Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s. Len=%d.\n"),
bs->who, bs->msglen);
return 0;
if (sscanf(bs->msg, "Hello Director %127s calling\n", dirname) != 1) {
bs->msg[100] = 0;
+ Dmsg2(50, _("Bad Hello command from Director at %s: %s\n"),
+ bs->who, bs->msg);
Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s: %s\n"),
bs->who, bs->msg);
return 0;
}
UnlockRes();
if (!director) {
+ Dmsg2(50, _("Connection from unknown Director %s at %s rejected.\n"),
+ dirname, bs->who);
Emsg2(M_FATAL, 0, _("Connection from unknown Director %s at %s rejected.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"),
dirname, bs->who);
/* Timeout Hello after 10 mins */
btimer_t *tid = start_bsock_timer(bs, 60 * 10);
- if (!cram_md5_auth(bs, director->password, ssl_need) ||
- !cram_md5_get_auth(bs, director->password, ssl_need)) {
+ auth = cram_md5_auth(bs, director->password, ssl_need);
+ if (auth) {
+ get_auth = cram_md5_get_auth(bs, director->password, ssl_need);
+ if (!get_auth) {
+ Dmsg1(50, "cram_get_auth failed with %s\n", bs->who);
+ }
+ } else {
+ Dmsg1(50, "cram_auth failed with %s\n", bs->who);
+ }
+ if (!auth || !get_auth) {
stop_bsock_timer(tid);
Emsg0(M_FATAL, 0, _("Incorrect password given by Director.\n"
"Please see http://www.bacula.org/html-manual/faq.html#AuthorizationErrors for help.\n"));
if (!authenticate(R_DIRECTOR, dir, jcr)) {
bnet_fsend(dir, "%s", Dir_sorry);
+ Dmsg1(50, _("Unable to authenticate Director at %s.\n"), dir->who);
Emsg1(M_ERROR, 0, _("Unable to authenticate Director at %s.\n"), dir->who);
bmicrosleep(5, 0);
return 0;
{
BSOCK *fd = jcr->file_bsock;
int ssl_need = BNET_SSL_NONE;
+ bool auth, get_auth = false;
/* Timeout Hello after 5 mins */
btimer_t *tid = start_bsock_timer(fd, 60 * 10);
- if (cram_md5_auth(fd, jcr->sd_auth_key, ssl_need) &&
- cram_md5_get_auth(fd, jcr->sd_auth_key, ssl_need)) {
+ auth = cram_md5_auth(fd, jcr->sd_auth_key, ssl_need);
+ if (auth) {
+ get_auth = cram_md5_get_auth(fd, jcr->sd_auth_key, ssl_need);
+ if (!get_auth) {
+ Dmsg1(50, "cram-get-auth failed with %s\n", fd->who);
+ }
+ } else {
+ Dmsg1(50, "cram-auth failed with %s\n", fd->who);
+ }
+ if (auth && get_auth) {
jcr->authenticated = true;
}
stop_bsock_timer(tid);
/* */
#undef VERSION
#define VERSION "1.36.1"
-#define BDATE "19 November 2004"
-#define LSMDATE "19Nov04"
+#define BDATE "20 November 2004"
+#define LSMDATE "20Nov04"
/* Debug flags */
#undef DEBUG
projects / bacula / bacula / commitdiff