From 6fbdb9f009dd871c0191cfc0687f2015d3d4f3ee Mon Sep 17 00:00:00 2001 From: Kern Sibbald Date: Sun, 23 Jul 2006 06:47:22 +0000 Subject: [PATCH] Tweak authentication to work with 1.38.x FDs git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@3170 91ce42f0-d328-0410-95d8-f526ca767f89 --- bacula/kes-1.39 | 1 + bacula/src/dird/authenticate.c | 1 + bacula/src/lib/cram-md5.c | 11 ++++++++--- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/bacula/kes-1.39 b/bacula/kes-1.39 index c616351a8c..3b4b6cf28e 100644 --- a/bacula/kes-1.39 +++ b/bacula/kes-1.39 @@ -3,6 +3,7 @@ General: 22Jul06 +- Tweak authentication to work with 1.38.x FDs. - Tweak catalog make scripts. - Fix catalog upgrade scripts so that they work. - Correct despooling debug code to eliminate race condition. diff --git a/bacula/src/dird/authenticate.c b/bacula/src/dird/authenticate.c index 991ab8dd6d..383e78ae57 100644 --- a/bacula/src/dird/authenticate.c +++ b/bacula/src/dird/authenticate.c @@ -166,6 +166,7 @@ int authenticate_file_daemon(JCR *jcr) Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon. ERR=%s\n"), bnet_strerror(fd)); return 0; } + Dmsg1(50, "Sent: %s", fd->msg); /* TLS Requirement */ if (client->tls_enable) { diff --git a/bacula/src/lib/cram-md5.c b/bacula/src/lib/cram-md5.c index e880bb1118..fd0446e161 100644 --- a/bacula/src/lib/cram-md5.c +++ b/bacula/src/lib/cram-md5.c @@ -54,14 +54,15 @@ bool cram_md5_challenge(BSOCK *bs, char *password, int tls_local_need, int compa } /* Send challenge -- no hashing yet */ bsnprintf(chal, sizeof(chal), "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host); - Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); if (compatible) { - if (!bnet_fsend(bs, "auth cram-md5c %s ssl=%d\n", chal, tls_local_need)) { + Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); + if (!bnet_fsend(bs, "auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) { Dmsg1(50, "Bnet send challenge error.\n", bnet_strerror(bs)); return false; } } else { /* Old non-compatible system */ + Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); if (!bnet_fsend(bs, "auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) { Dmsg1(50, "Bnet send challenge error.\n", bnet_strerror(bs)); return false; @@ -82,7 +83,11 @@ bool cram_md5_challenge(BSOCK *bs, char *password, int tls_local_need, int compa if (ok) { Dmsg1(50, "Authenticate OK %s\n", host); } else { - Dmsg2(50, "Authenticate NOT OK: wanted %s, got %s\n", host, bs->msg); + bin_to_base64(host, sizeof(host), (char *)hmac, 16, false); + ok = strcmp(bs->msg, host) == 0; + if (!ok) { + Dmsg2(50, "Authenticate NOT OK: wanted %s, got %s\n", host, bs->msg); + } } if (ok) { bnet_fsend(bs, "1000 OK auth\n"); -- 2.39.5