From: Dirk H Bartley Date: Sat, 21 Mar 2009 16:42:36 +0000 (+0000) Subject: This file is not needed any more. bcom/dircomm_auth.cpp is basically this X-Git-Tag: Release-3.0.0~128 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6b759c4213b1bdadf4bb6c3bfbca42f0b6fcb754;p=bacula%2Fbacula This file is not needed any more. bcom/dircomm_auth.cpp is basically this file with the class name changed. git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@8574 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/src/qt-console/console/authenticate.cpp b/bacula/src/qt-console/console/authenticate.cpp deleted file mode 100644 index 8e73cc64ec..0000000000 --- a/bacula/src/qt-console/console/authenticate.cpp +++ /dev/null @@ -1,175 +0,0 @@ -/* - Bacula® - The Network Backup Solution - - Copyright (C) 2001-2007 Free Software Foundation Europe e.V. - - The main author of Bacula is Kern Sibbald, with contributions from - many others, a complete list can be found in the file AUTHORS. - This program is Free Software; you can redistribute it and/or - modify it under the terms of version two of the GNU General Public - License as published by the Free Software Foundation and included - in the file LICENSE. - - This program is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - 02110-1301, USA. - - Bacula® is a registered trademark of Kern Sibbald. - The licensor of Bacula is the Free Software Foundation Europe - (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich, - Switzerland, email:ftf@fsfeurope.org. -*/ - -/* - * - * Bacula UA authentication. Provides authentication with - * the Director. - * - * Kern Sibbald, June MMI adapted to bat, Jan MMVI - * - * Version $Id$ - * - */ - - -#include "bat.h" - - -/* Commands sent to Director */ -static char hello[] = "Hello %s calling\n"; - -/* Response from Director */ -static char OKhello[] = "1000 OK:"; - -/* Forward referenced functions */ - -/* - * Authenticate Director - */ -bool Console::authenticate_director(JCR *jcr, DIRRES *director, CONRES *cons, - char *errmsg, int errmsg_len) -{ - BSOCK *dir = jcr->dir_bsock; - int tls_local_need = BNET_TLS_NONE; - int tls_remote_need = BNET_TLS_NONE; - bool tls_authenticate; - int compatible = true; - char bashed_name[MAX_NAME_LENGTH]; - char *password; - TLS_CONTEXT *tls_ctx = NULL; - - errmsg[0] = 0; - /* - * Send my name to the Director then do authentication - */ - if (cons) { - bstrncpy(bashed_name, cons->hdr.name, sizeof(bashed_name)); - bash_spaces(bashed_name); - password = cons->password; - /* TLS Requirement */ - if (cons->tls_enable) { - if (cons->tls_require) { - tls_local_need = BNET_TLS_REQUIRED; - } else { - tls_local_need = BNET_TLS_OK; - } - } - tls_authenticate = cons->tls_authenticate; - tls_ctx = cons->tls_ctx; - } else { - bstrncpy(bashed_name, "*UserAgent*", sizeof(bashed_name)); - password = director->password; - /* TLS Requirement */ - if (director->tls_enable) { - if (director->tls_require) { - tls_local_need = BNET_TLS_REQUIRED; - } else { - tls_local_need = BNET_TLS_OK; - } - } - - tls_authenticate = director->tls_authenticate; - tls_ctx = director->tls_ctx; - } - if (tls_authenticate) { - tls_local_need = BNET_TLS_REQUIRED; - } - - /* Timeout Hello after 15 secs */ - dir->start_timer(15); - dir->fsend(hello, bashed_name); - - /* respond to Dir challenge */ - if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) || - /* Now challenge dir */ - !cram_md5_challenge(dir, password, tls_local_need, compatible)) { - bsnprintf(errmsg, errmsg_len, _("Director authorization problem at \"%s:%d\"\n"), - dir->host(), dir->port()); - goto bail_out; - } - - /* Verify that the remote host is willing to meet our TLS requirements */ - if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) { - bsnprintf(errmsg, errmsg_len, _("Authorization problem:" - " Remote server at \"%s:%d\" did not advertise required TLS support.\n"), - dir->host(), dir->port()); - goto bail_out; - } - - /* Verify that we are willing to meet the remote host's requirements */ - if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) { - bsnprintf(errmsg, errmsg_len, _("Authorization problem with Director at \"%s:%d\":" - " Remote server requires TLS.\n"), - dir->host(), dir->port()); - - goto bail_out; - } - - /* Is TLS Enabled? */ - if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) { - /* Engage TLS! Full Speed Ahead! */ - if (!bnet_tls_client(tls_ctx, dir, NULL)) { - bsnprintf(errmsg, errmsg_len, _("TLS negotiation failed with Director at \"%s:%d\"\n"), - dir->host(), dir->port()); - goto bail_out; - } - if (tls_authenticate) { /* authenticate only? */ - dir->free_tls(); /* Yes, shutdown tls */ - } - } - - Dmsg1(6, ">dird: %s", dir->msg); - if (dir->recv() <= 0) { - dir->stop_timer(); - bsnprintf(errmsg, errmsg_len, _("Bad response to Hello command: ERR=%s\n" - "The Director at \"%s:%d\" is probably not running.\n"), - dir->bstrerror(), dir->host(), dir->port()); - return false; - } - - dir->stop_timer(); - Dmsg1(10, "msg); - if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) { - bsnprintf(errmsg, errmsg_len, _("Director at \"%s:%d\" rejected Hello command\n"), - dir->host(), dir->port()); - return false; - } else { - bsnprintf(errmsg, errmsg_len, "%s", dir->msg); - } - return true; - -bail_out: - dir->stop_timer(); - bsnprintf(errmsg, errmsg_len, _("Authorization problem with Director at \"%s:%d\"\n" - "Most likely the passwords do not agree.\n" - "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n" - "Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000 for help.\n"), - dir->host(), dir->port()); - return false; -}