2 Bacula® - The Network Backup Solution
4 Copyright (C) 2007-2010 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Network Utility Routines
40 #ifndef ENODATA /* not defined on BSD systems */
45 #define socketRead(fd, buf, len) ::recv(fd, buf, len, 0)
46 #define socketWrite(fd, buf, len) ::send(fd, buf, len, 0)
47 #define socketClose(fd) ::closesocket(fd)
49 #define socketRead(fd, buf, len) ::read(fd, buf, len)
50 #define socketWrite(fd, buf, len) ::write(fd, buf, len)
51 #define socketClose(fd) ::close(fd)
55 * This is a non-class BSOCK "constructor" because we want to
56 * call the Bacula smartalloc routines instead of new.
60 BSOCK *bsock = (BSOCK *)malloc(sizeof(BSOCK));
67 memset(this, 0, sizeof(BSOCK));
69 msg = get_pool_memory(PM_MESSAGE);
70 errmsg = get_pool_memory(PM_MESSAGE);
72 * ****FIXME**** reduce this to a few hours once
73 * heartbeats are implemented
75 timeout = 60 * 60 * 6 * 24; /* 6 days timeout */
79 * This is our "class destructor" that ensures that we use
80 * smartalloc rather than the system free().
82 void BSOCK::free_bsock()
87 void BSOCK::free_tls()
89 free_tls_connection(this->tls);
94 * Try to connect to host for max_retry_time at retry_time intervals.
95 * Note, you must have called the constructor prior to calling
98 bool BSOCK::connect(JCR * jcr, int retry_interval, utime_t max_retry_time,
100 const char *name, char *host, char *service, int port,
106 time_t begin_time = time(NULL);
108 btimer_t *tid = NULL;
110 /* Try to trap out of OS call when time expires */
111 if (max_retry_time) {
112 tid = start_thread_timer(jcr, pthread_self(), (uint32_t)max_retry_time);
115 for (i = 0; !open(jcr, name, host, service, port, heart_beat, &fatal);
116 i -= retry_interval) {
118 if (fatal || (jcr && job_canceled(jcr))) {
121 Dmsg4(100, "Unable to connect to %s on %s:%d. ERR=%s\n",
122 name, host, port, be.bstrerror());
124 i = 60 * 5; /* complain again in 5 minutes */
126 Qmsg4(jcr, M_WARNING, 0, _(
127 "Could not connect to %s on %s:%d. ERR=%s\n"
128 "Retrying ...\n"), name, host, port, be.bstrerror());
130 bmicrosleep(retry_interval, 0);
132 if (begin_time + max_retry_time <= now) {
133 Qmsg4(jcr, M_FATAL, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
134 name, host, port, be.bstrerror());
142 stop_thread_timer(tid);
149 * Finish initialization of the pocket structure.
151 void BSOCK::fin_init(JCR * jcr, int sockfd, const char *who, const char *host, int port,
152 struct sockaddr *lclient_addr)
154 Dmsg3(100, "who=%s host=%s port=%d\n", who, host, port);
156 set_who(bstrdup(who));
157 set_host(bstrdup(host));
159 memcpy(&client_addr, lclient_addr, sizeof(client_addr));
164 * Copy the address from the configuration dlist that gets passed in
166 void BSOCK::set_source_address(dlist *src_addr_list)
170 // delete the object we already have, if it's allocated
177 addr = (IPADDR*) src_addr_list->first();
178 src_addr = New( IPADDR(*addr));
184 * Open a TCP connection to the server
186 * Returns BSOCK * pointer on success
189 bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
190 int port, utime_t heart_beat, int *fatal)
195 bool connected = false;
201 * Fill in the structure serv_addr with the address of
202 * the server that we want to connect with.
204 if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
205 /* Note errstr is not malloc'ed */
206 Qmsg2(jcr, M_ERROR, 0, _("gethostbyname() for host \"%s\" failed: ERR=%s\n"),
208 Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
214 foreach_dlist(ipaddr, addr_list) {
215 ipaddr->set_port_net(htons(port));
216 char allbuf[256 * 10];
218 Dmsg2(100, "Current %sAll %s\n",
219 ipaddr->build_address_str(curbuf, sizeof(curbuf)),
220 build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
221 /* Open a TCP socket */
222 if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
226 Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
227 ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
231 /* Bind to the source address if it is set */
233 if (bind(sockfd, src_addr->get_sockaddr(), src_addr->get_sockaddr_len()) < 0) {
237 Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
238 src_addr->get_family(), be.bstrerror() );
244 * Keep socket from timing out from inactivity
246 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
248 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
251 #if defined(TCP_KEEPIDLE)
254 if (setsockopt(sockfd, IPPROTO_IP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
256 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPIDLE on socket: %s\n"),
262 /* connect to server */
263 if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
274 free_addresses(addr_list);
275 errno = save_errno | b_errno_win32;
279 * Keep socket from timing out from inactivity
280 * Do this a second time out of paranoia
282 if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
284 Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
287 fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
288 free_addresses(addr_list);
293 * Force read/write to use locking
295 bool BSOCK::set_locking()
299 return true; /* already set */
301 if ((stat = pthread_mutex_init(&m_mutex, NULL)) != 0) {
303 Qmsg(m_jcr, M_FATAL, 0, _("Could not init bsock mutex. ERR=%s\n"),
307 m_use_locking = true;
311 void BSOCK::clear_locking()
313 if (!m_use_locking) {
316 m_use_locking = false;
317 pthread_mutex_destroy(&m_mutex);
322 * Send a message over the network. The send consists of
323 * two network packets. The first is sends a 32 bit integer containing
324 * the length of the data packet which follows.
326 * Returns: false on failure
337 if (!m_suppress_error_msgs) {
338 Qmsg4(m_jcr, M_ERROR, 0, _("Socket has errors=%d on call to %s:%s:%d\n"),
339 errors, m_who, m_host, m_port);
343 if (is_terminated()) {
344 if (!m_suppress_error_msgs) {
345 Qmsg4(m_jcr, M_ERROR, 0, _("Socket is terminated=%d on call to %s:%s:%d\n"),
346 is_terminated(), m_who, m_host, m_port);
350 if (msglen > 4000000) {
351 if (!m_suppress_error_msgs) {
352 Qmsg4(m_jcr, M_ERROR, 0,
353 _("Socket has insane msglen=%d on call to %s:%s:%d\n"),
354 msglen, m_who, m_host, m_port);
359 if (m_use_locking) P(m_mutex);
360 /* Compute total packet length */
362 pktsiz = sizeof(pktsiz); /* signal, no data */
364 pktsiz = msglen + sizeof(pktsiz); /* data */
366 /* Store packet length at head of message -- note, we
367 * have reserved an int32_t just before msg, so we can
370 hdr = (int32_t *)(msg - (int)sizeof(pktsiz));
371 *hdr = htonl(msglen); /* store signal/length */
373 out_msg_no++; /* increment message number */
375 /* send data packet */
376 timer_start = watchdog_time; /* start timer */
378 /* Full I/O done in one write */
379 rc = write_nbytes(this, (char *)hdr, pktsiz);
380 timer_start = 0; /* clear timer */
389 if (!m_suppress_error_msgs) {
390 Qmsg5(m_jcr, M_ERROR, 0,
391 _("Write error sending %d bytes to %s:%s:%d: ERR=%s\n"),
393 m_host, m_port, this->bstrerror());
396 Qmsg5(m_jcr, M_ERROR, 0,
397 _("Wrote %d bytes to %s:%s:%d, but only %d accepted.\n"),
398 msglen, m_who, m_host, m_port, rc);
402 if (m_use_locking) V(m_mutex);
407 * Format and send a message
408 * Returns: false on error
411 bool BSOCK::fsend(const char *fmt, ...)
416 if (errors || is_terminated()) {
419 /* This probably won't work, but we vsnprintf, then if we
420 * get a negative length or a length greater than our buffer
421 * (depending on which library is used), the printf was truncated, so
422 * get a bigger buffer and try again.
425 maxlen = sizeof_pool_memory(msg) - 1;
426 va_start(arg_ptr, fmt);
427 msglen = bvsnprintf(msg, maxlen, fmt, arg_ptr);
429 if (msglen > 0 && msglen < (maxlen - 5)) {
432 msg = realloc_pool_memory(msg, maxlen + maxlen / 2);
438 * Receive a message from the other end. Each message consists of
439 * two packets. The first is a header that contains the size
440 * of the data that follows in the second packet.
441 * Returns number of bytes read (may return zero)
442 * Returns -1 on signal (BNET_SIGNAL)
443 * Returns -2 on hard end of file (BNET_HARDEOF)
444 * Returns -3 on error (BNET_ERROR)
446 * Unfortunately, it is a bit complicated because we have these
449 * 2. Signal including end of data stream
450 * 3. Hard end of file
452 * Using is_bnet_stop() and is_bnet_error() you can figure this all out.
454 int32_t BSOCK::recv()
461 if (errors || is_terminated()) {
465 if (m_use_locking) P(m_mutex);
466 read_seqno++; /* bump sequence number */
467 timer_start = watchdog_time; /* set start wait time */
469 /* get data size -- in int32_t */
470 if ((nbytes = read_nbytes(this, (char *)&pktsiz, sizeof(int32_t))) <= 0) {
471 timer_start = 0; /* clear timer */
472 /* probably pipe broken because client died */
479 nbytes = BNET_HARDEOF; /* assume hard EOF received */
482 timer_start = 0; /* clear timer */
483 if (nbytes != sizeof(int32_t)) {
486 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
487 sizeof(int32_t), nbytes, m_who, m_host, m_port);
492 pktsiz = ntohl(pktsiz); /* decode no. of bytes that follow */
494 if (pktsiz == 0) { /* No data transferred */
495 timer_start = 0; /* clear timer */
498 nbytes = 0; /* zero bytes read */
502 /* If signal or packet size too big */
503 if (pktsiz < 0 || pktsiz > 1000000) {
504 if (pktsiz > 0) { /* if packet too big */
505 Qmsg3(m_jcr, M_FATAL, 0,
506 _("Packet size too big from \"%s:%s:%d. Terminating connection.\n"),
507 m_who, m_host, m_port);
508 pktsiz = BNET_TERMINATE; /* hang up */
510 if (pktsiz == BNET_TERMINATE) {
513 timer_start = 0; /* clear timer */
515 msglen = pktsiz; /* signal code */
516 nbytes = BNET_SIGNAL; /* signal */
520 /* Make sure the buffer is big enough + one byte for EOS */
521 if (pktsiz >= (int32_t) sizeof_pool_memory(msg)) {
522 msg = realloc_pool_memory(msg, pktsiz + 100);
525 timer_start = watchdog_time; /* set start wait time */
527 /* now read the actual data */
528 if ((nbytes = read_nbytes(this, msg, pktsiz)) <= 0) {
529 timer_start = 0; /* clear timer */
536 Qmsg4(m_jcr, M_ERROR, 0, _("Read error from %s:%s:%d: ERR=%s\n"),
537 m_who, m_host, m_port, this->bstrerror());
541 timer_start = 0; /* clear timer */
544 if (nbytes != pktsiz) {
547 Qmsg5(m_jcr, M_ERROR, 0, _("Read expected %d got %d from %s:%s:%d\n"),
548 pktsiz, nbytes, m_who, m_host, m_port);
552 /* always add a zero by to properly terminate any
553 * string that was send to us. Note, we ensured above that the
554 * buffer is at least one byte longer than the message length.
556 msg[nbytes] = 0; /* terminate in case it is a string */
557 sm_check(__FILE__, __LINE__, false);
560 if (m_use_locking) V(m_mutex);
561 return nbytes; /* return actual length of message */
568 bool BSOCK::signal(int signal)
571 if (signal == BNET_TERMINATE) {
572 m_suppress_error_msgs = true;
578 * Despool spooled attributes
580 bool BSOCK::despool(void update_attr_spool_size(ssize_t size), ssize_t tsize)
584 ssize_t last = 0, size = 0;
586 JCR *jcr = get_jcr();
590 #if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
591 posix_fadvise(fileno(m_spool_fd), 0, 0, POSIX_FADV_WILLNEED);
594 while (fread((char *)&pktsiz, 1, sizeof(int32_t), m_spool_fd) ==
596 size += sizeof(int32_t);
597 msglen = ntohl(pktsiz);
599 if (msglen > (int32_t)sizeof_pool_memory(msg)) {
600 msg = realloc_pool_memory(msg, msglen + 1);
602 nbytes = fread(msg, 1, msglen, m_spool_fd);
603 if (nbytes != (size_t)msglen) {
605 Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
606 Qmsg1(get_jcr(), M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
608 update_attr_spool_size(tsize - last);
612 if ((++count & 0x3F) == 0) {
613 update_attr_spool_size(size - last);
618 if (jcr && job_canceled(jcr)) {
622 update_attr_spool_size(tsize - last);
623 if (ferror(m_spool_fd)) {
624 Qmsg(jcr, M_FATAL, 0, _("fread attr spool I/O error.\n"));
631 * Return the string for the error that occurred
632 * on the socket. Only the first error is retained.
634 const char *BSOCK::bstrerror()
637 if (errmsg == NULL) {
638 errmsg = get_pool_memory(PM_MESSAGE);
640 pm_strcpy(errmsg, be.bstrerror(b_errno));
644 int BSOCK::get_peer(char *buf, socklen_t buflen)
646 #if !defined(HAVE_WIN32)
647 if (peer_addr.sin_family == 0) {
648 socklen_t salen = sizeof(peer_addr);
649 int rval = (getpeername)(m_fd, (struct sockaddr *)&peer_addr, &salen);
650 if (rval < 0) return rval;
652 if (!inet_ntop(peer_addr.sin_family, &peer_addr.sin_addr, buf, buflen))
662 * Set the network buffer size, suggested size is in size.
663 * Actual size obtained is returned in bs->msglen
665 * Returns: false on failure
668 bool BSOCK::set_buffer_size(uint32_t size, int rw)
670 uint32_t dbuf_size, start_size;
671 #if defined(IP_TOS) && defined(IPTOS_THROUGHPUT)
673 opt = IPTOS_THROUGHPUT;
674 setsockopt(fd, IPPROTO_IP, IP_TOS, (sockopt_val_t)&opt, sizeof(opt));
680 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
682 start_size = dbuf_size;
683 if ((msg = realloc_pool_memory(msg, dbuf_size + 100)) == NULL) {
684 Qmsg0(get_jcr(), M_FATAL, 0, _("Could not malloc BSOCK data buffer\n"));
687 if (rw & BNET_SETBUF_READ) {
688 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
689 SO_RCVBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
691 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
692 dbuf_size -= TAPE_BSIZE;
694 Dmsg1(200, "set network buffer size=%d\n", dbuf_size);
695 if (dbuf_size != start_size) {
696 Qmsg1(get_jcr(), M_WARNING, 0,
697 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
699 if (dbuf_size % TAPE_BSIZE != 0) {
700 Qmsg1(get_jcr(), M_ABORT, 0,
701 _("Network buffer size %d not multiple of tape block size.\n"),
708 dbuf_size = DEFAULT_NETWORK_BUFFER_SIZE;
710 start_size = dbuf_size;
711 if (rw & BNET_SETBUF_WRITE) {
712 while ((dbuf_size > TAPE_BSIZE) && (setsockopt(m_fd, SOL_SOCKET,
713 SO_SNDBUF, (sockopt_val_t) & dbuf_size, sizeof(dbuf_size)) < 0)) {
715 Qmsg1(get_jcr(), M_ERROR, 0, _("sockopt error: %s\n"), be.bstrerror());
716 dbuf_size -= TAPE_BSIZE;
718 Dmsg1(900, "set network buffer size=%d\n", dbuf_size);
719 if (dbuf_size != start_size) {
720 Qmsg1(get_jcr(), M_WARNING, 0,
721 _("Warning network buffer = %d bytes not max size.\n"), dbuf_size);
723 if (dbuf_size % TAPE_BSIZE != 0) {
724 Qmsg1(get_jcr(), M_ABORT, 0,
725 _("Network buffer size %d not multiple of tape block size.\n"),
735 * Set socket non-blocking
736 * Returns previous socket flag
738 int BSOCK::set_nonblocking()
743 /* Get current flags */
744 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
746 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
749 /* Set O_NONBLOCK flag */
750 if ((fcntl(m_fd, F_SETFL, oflags|O_NONBLOCK)) < 0) {
752 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
762 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
770 * Set socket blocking
771 * Returns previous socket flags
773 int BSOCK::set_blocking()
777 /* Get current flags */
778 if ((oflags = fcntl(m_fd, F_GETFL, 0)) < 0) {
780 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_GETFL error. ERR=%s\n"), be.bstrerror());
783 /* Set O_NONBLOCK flag */
784 if ((fcntl(m_fd, F_SETFL, oflags & ~O_NONBLOCK)) < 0) {
786 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
796 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
804 * Restores socket flags
806 void BSOCK::restore_blocking (int flags)
809 if ((fcntl(m_fd, F_SETFL, flags)) < 0) {
811 Qmsg1(get_jcr(), M_ABORT, 0, _("fcntl F_SETFL error. ERR=%s\n"), be.bstrerror());
814 m_blocking = (flags & O_NONBLOCK) ? true : false;
816 u_long ioctlArg = flags;
818 ioctlsocket(m_fd, FIONBIO, &ioctlArg);
824 * Wait for a specified time for data to appear on
825 * the BSOCK connection.
827 * Returns: 1 if data available
831 int BSOCK::wait_data(int sec, int usec)
837 FD_SET((unsigned)m_fd, &fdset);
841 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
842 case 0: /* timeout */
847 if (errno == EINTR) {
850 return -1; /* error return */
859 * As above, but returns on interrupt
861 int BSOCK::wait_data_intr(int sec, int usec)
870 FD_SET((unsigned)m_fd, &fdset);
873 switch (select(m_fd + 1, &fdset, NULL, NULL, &tv)) {
874 case 0: /* timeout */
879 return -1; /* error return */
888 * Note, this routine closes and destroys all the sockets
889 * that are open including the duped ones.
903 for (; bsock; bsock = next) {
904 next = bsock->m_next; /* get possible pointer to next before destoryed */
905 if (!bsock->m_duped) {
906 /* Shutdown tls cleanly. */
908 tls_bsock_shutdown(bsock);
909 free_tls_connection(bsock->tls);
912 if (bsock->is_timed_out()) {
913 shutdown(bsock->m_fd, SHUT_RDWR); /* discard any pending I/O */
915 socketClose(bsock->m_fd); /* normal close */
922 void BSOCK::destroy()
925 free_pool_memory(msg);
928 ASSERT(1 == 0); /* double close */
931 free_pool_memory(errmsg);
949 /* Commands sent to Director */
950 static char hello[] = "Hello %s calling\n";
952 /* Response from Director */
953 static char OKhello[] = "1000 OK:";
956 * Authenticate Director
958 bool BSOCK::authenticate_director(const char *name, const char *password,
959 TLS_CONTEXT *tls_ctx, char *msg, int msglen)
961 int tls_local_need = BNET_TLS_NONE;
962 int tls_remote_need = BNET_TLS_NONE;
963 int compatible = true;
964 char bashed_name[MAX_NAME_LENGTH];
965 BSOCK *dir = this; /* for readability */
969 * Send my name to the Director then do authentication
972 /* Timeout Hello after 15 secs */
973 dir->start_timer(15);
974 dir->fsend(hello, bashed_name);
976 if (get_tls_enable(tls_ctx)) {
977 tls_local_need = get_tls_enable(tls_ctx) ? BNET_TLS_REQUIRED : BNET_TLS_OK;
980 /* respond to Dir challenge */
981 if (!cram_md5_respond(dir, password, &tls_remote_need, &compatible) ||
982 /* Now challenge dir */
983 !cram_md5_challenge(dir, password, tls_local_need, compatible)) {
984 bsnprintf(msg, msglen, _("Director authorization problem at \"%s:%d\"\n"),
985 dir->host(), dir->port());
989 /* Verify that the remote host is willing to meet our TLS requirements */
990 if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
991 bsnprintf(msg, msglen, _("Authorization problem:"
992 " Remote server at \"%s:%d\" did not advertise required TLS support.\n"),
993 dir->host(), dir->port());
997 /* Verify that we are willing to meet the remote host's requirements */
998 if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
999 bsnprintf(msg, msglen, _("Authorization problem with Director at \"%s:%d\":"
1000 " Remote server requires TLS.\n"),
1001 dir->host(), dir->port());
1006 /* Is TLS Enabled? */
1008 if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
1009 /* Engage TLS! Full Speed Ahead! */
1010 if (!bnet_tls_client(tls_ctx, dir, NULL)) {
1011 bsnprintf(msg, msglen, _("TLS negotiation failed with Director at \"%s:%d\"\n"),
1012 dir->host(), dir->port());
1018 Dmsg1(6, ">dird: %s", dir->msg);
1019 if (dir->recv() <= 0) {
1021 bsnprintf(msg, msglen, _("Bad response to Hello command: ERR=%s\n"
1022 "The Director at \"%s:%d\" is probably not running.\n"),
1023 dir->bstrerror(), dir->host(), dir->port());
1028 Dmsg1(10, "<dird: %s", dir->msg);
1029 if (strncmp(dir->msg, OKhello, sizeof(OKhello)-1) != 0) {
1030 bsnprintf(msg, msglen, _("Director at \"%s:%d\" rejected Hello command\n"),
1031 dir->host(), dir->port());
1034 bsnprintf(msg, msglen, "%s", dir->msg);
1040 bsnprintf(msg, msglen, _("Authorization problem with Director at \"%s:%d\"\n"
1041 "Most likely the passwords do not agree.\n"
1042 "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
1043 "Please see http://www.bacula.org/en/rel-manual/Bacula_Freque_Asked_Questi.html#SECTION003760000000000000000 for help.\n"),
1044 dir->host(), dir->port());