From a228e90cc18f0a5af8c1b423341f5dca302276a4 Mon Sep 17 00:00:00 2001 From: Kern Sibbald Date: Wed, 26 Sep 2007 10:59:12 +0000 Subject: [PATCH] Put some FD auth code on dbglvl rather than fixed. git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@5651 91ce42f0-d328-0410-95d8-f526ca767f89 --- bacula/src/filed/authenticate.c | 16 +++++++++------- bacula/src/lib/cram-md5.c | 28 +++++++++++++++------------- bacula/technotes-2.3 | 1 + 3 files changed, 25 insertions(+), 20 deletions(-) diff --git a/bacula/src/filed/authenticate.c b/bacula/src/filed/authenticate.c index f5753ef748..6d12c6cca3 100644 --- a/bacula/src/filed/authenticate.c +++ b/bacula/src/filed/authenticate.c @@ -37,6 +37,8 @@ #include "bacula.h" #include "filed.h" +const int dbglvl = 3; + static char OK_hello[] = "2000 OK Hello\n"; static char Dir_sorry[] = "2999 No go\n"; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; @@ -56,12 +58,12 @@ static bool authenticate(int rcode, BSOCK *bs, JCR* jcr) btimer_t *tid = NULL; if (rcode != R_DIRECTOR) { - Dmsg1(50, "I only authenticate directors, not %d\n", rcode); + Dmsg1(dbglvl, "I only authenticate directors, not %d\n", rcode); Emsg1(M_FATAL, 0, _("I only authenticate directors, not %d\n"), rcode); goto auth_fatal; } if (bs->msglen < 25 || bs->msglen > 500) { - Dmsg2(50, "Bad Hello command from Director at %s. Len=%d.\n", + Dmsg2(dbglvl, "Bad Hello command from Director at %s. Len=%d.\n", bs->who(), bs->msglen); char addr[64]; char *who = bnet_get_peer(bs, addr, sizeof(addr)) ? bs->who() : addr; @@ -75,7 +77,7 @@ static bool authenticate(int rcode, BSOCK *bs, JCR* jcr) char addr[64]; char *who = bnet_get_peer(bs, addr, sizeof(addr)) ? bs->who() : addr; bs->msg[100] = 0; - Dmsg2(50, "Bad Hello command from Director at %s: %s\n", + Dmsg2(dbglvl, "Bad Hello command from Director at %s: %s\n", bs->who(), bs->msg); Emsg2(M_FATAL, 0, _("Bad Hello command from Director at %s: %s\n"), who, bs->msg); @@ -121,12 +123,12 @@ static bool authenticate(int rcode, BSOCK *bs, JCR* jcr) if (!auth_success) { char addr[64]; char *who = bnet_get_peer(bs, addr, sizeof(addr)) ? bs->who() : addr; - Dmsg1(50, "cram_get_auth failed for %s\n", who); + Dmsg1(dbglvl, "cram_get_auth failed for %s\n", who); } } else { char addr[64]; char *who = bnet_get_peer(bs, addr, sizeof(addr)) ? bs->who() : addr; - Dmsg1(50, "cram_auth failed for %s\n", who); + Dmsg1(dbglvl, "cram_auth failed for %s\n", who); } if (!auth_success) { Emsg1(M_FATAL, 0, _("Incorrect password given by Director at %s.\n"), @@ -234,12 +236,12 @@ int authenticate_storagedaemon(JCR *jcr) goto auth_fatal; } if (!auth_success) { - Dmsg1(3, "cram_respond failed for %s\n", sd->who()); + Dmsg1(dbglvl, "cram_respond failed for %s\n", sd->who()); } else { /* Now challenge him */ auth_success = cram_md5_challenge(sd, jcr->sd_auth_key, tls_local_need, compatible); if (!auth_success) { - Dmsg1(3, "cram_challenge failed for %s\n", sd->who()); + Dmsg1(dbglvl, "cram_challenge failed for %s\n", sd->who()); } } diff --git a/bacula/src/lib/cram-md5.c b/bacula/src/lib/cram-md5.c index f2eefa66d6..e9bceea1c6 100644 --- a/bacula/src/lib/cram-md5.c +++ b/bacula/src/lib/cram-md5.c @@ -37,6 +37,8 @@ #include "bacula.h" +const int dbglvl = 3; + /* Authorize other end * Codes that tls_local_need and tls_remote_need can take: * BNET_TLS_NONE I cannot do tls @@ -68,23 +70,23 @@ bool cram_md5_challenge(BSOCK *bs, const char *password, int tls_local_need, int /* Send challenge -- no hashing yet */ bsnprintf(chal, sizeof(chal), "<%u.%u@%s>", (uint32_t)random(), (uint32_t)time(NULL), host); if (compatible) { - Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); + Dmsg2(dbglvl, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); if (!bs->fsend("auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) { - Dmsg1(50, "Bnet send challenge error.\n", bs->bstrerror()); + Dmsg1(dbglvl, "Bnet send challenge error.\n", bs->bstrerror()); return false; } } else { /* Old non-compatible system */ - Dmsg2(50, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); + Dmsg2(dbglvl, "send: auth cram-md5 %s ssl=%d\n", chal, tls_local_need); if (!bs->fsend("auth cram-md5 %s ssl=%d\n", chal, tls_local_need)) { - Dmsg1(50, "Bnet send challenge error.\n", bs->bstrerror()); + Dmsg1(dbglvl, "Bnet send challenge error.\n", bs->bstrerror()); return false; } } /* Read hashed response to challenge */ if (bs->wait_data(180) <= 0 || bs->recv() <= 0) { - Dmsg1(50, "Bnet receive challenge response error.\n", bs->bstrerror()); + Dmsg1(dbglvl, "Bnet receive challenge response error.\n", bs->bstrerror()); bmicrosleep(5, 0); return false; } @@ -94,18 +96,18 @@ bool cram_md5_challenge(BSOCK *bs, const char *password, int tls_local_need, int bin_to_base64(host, sizeof(host), (char *)hmac, 16, compatible); ok = strcmp(bs->msg, host) == 0; if (ok) { - Dmsg1(50, "Authenticate OK %s\n", host); + Dmsg1(dbglvl, "Authenticate OK %s\n", host); } else { bin_to_base64(host, sizeof(host), (char *)hmac, 16, false); ok = strcmp(bs->msg, host) == 0; if (!ok) { - Dmsg2(50, "Authenticate NOT OK: wanted %s, got %s\n", host, bs->msg); + Dmsg2(dbglvl, "Authenticate NOT OK: wanted %s, got %s\n", host, bs->msg); } } if (ok) { bs->fsend("1000 OK auth\n"); } else { - Dmsg1(50, "Auth failed PW: %s\n", password); + Dmsg1(dbglvl, "Auth failed PW: %s\n", password); bs->fsend(_("1999 Authorization failed.\n")); bmicrosleep(5, 0); } @@ -124,7 +126,7 @@ bool cram_md5_respond(BSOCK *bs, const char *password, int *tls_remote_need, int return false; } if (bs->msglen >= MAXSTRING) { - Dmsg1(50, "Msg too long wanted auth cram... Got: %s", bs->msg); + Dmsg1(dbglvl, "Msg too long wanted auth cram... Got: %s", bs->msg); bmicrosleep(5, 0); return false; } @@ -133,7 +135,7 @@ bool cram_md5_respond(BSOCK *bs, const char *password, int *tls_remote_need, int *compatible = true; } else if (sscanf(bs->msg, "auth cram-md5 %s ssl=%d", chal, tls_remote_need) != 2) { if (sscanf(bs->msg, "auth cram-md5 %s\n", chal) != 1) { - Dmsg1(50, "Cannot scan challenge: %s", bs->msg); + Dmsg1(dbglvl, "Cannot scan challenge: %s", bs->msg); bs->fsend(_("1999 Authorization failed.\n")); bmicrosleep(5, 0); return false; @@ -144,19 +146,19 @@ bool cram_md5_respond(BSOCK *bs, const char *password, int *tls_remote_need, int bs->msglen = bin_to_base64(bs->msg, 50, (char *)hmac, 16, *compatible) + 1; // Dmsg3(100, "get_auth: chal=%s pw=%s hmac=%s\n", chal, password, bs->msg); if (!bs->send()) { - Dmsg1(50, "Send challenge failed. ERR=%s\n", bs->bstrerror()); + Dmsg1(dbglvl, "Send challenge failed. ERR=%s\n", bs->bstrerror()); return false; } Dmsg1(99, "sending resp to challenge: %s\n", bs->msg); if (bs->wait_data(180) <= 0 || bs->recv() <= 0) { - Dmsg1(50, "Receive chanllenge response failed. ERR=%s\n", bs->bstrerror()); + Dmsg1(dbglvl, "Receive chanllenge response failed. ERR=%s\n", bs->bstrerror()); bmicrosleep(5, 0); return false; } if (strcmp(bs->msg, "1000 OK auth\n") == 0) { return true; } - Dmsg1(50, "Received bad response: %s\n", bs->msg); + Dmsg1(dbglvl, "Received bad response: %s\n", bs->msg); bmicrosleep(5, 0); return false; } diff --git a/bacula/technotes-2.3 b/bacula/technotes-2.3 index 2966567b2a..edc47ee22b 100644 --- a/bacula/technotes-2.3 +++ b/bacula/technotes-2.3 @@ -2,6 +2,7 @@ General: 26Sep07 +kes Put some FD auth code on dbglvl rather than fixed. kes Return insert attributes error message in db msg buffer to avoid false error messages. kes Separate batch init error messages. -- 2.39.5