"Fossies" - the Fresh Open Source Software Archive

Member "bacula-9.4.4/src/qt-console/tray-monitor/authenticate.cpp" (28 May 2019, 4233 Bytes) of package /linux/misc/bacula-9.4.4.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "authenticate.cpp" see the Fossies "Dox" file reference documentation.

    1 /*
    2    Bacula(R) - The Network Backup Solution
    3 
    4    Copyright (C) 2000-2017 Kern Sibbald
    5 
    6    The original author of Bacula is Kern Sibbald, with contributions
    7    from many others, a complete list can be found in the file AUTHORS.
    8 
    9    You may use this file and others of this release according to the
   10    license defined in the LICENSE file, which includes the Affero General
   11    Public License, v3.0 ("AGPLv3") and some additional permissions and
   12    terms pursuant to its AGPLv3 Section 7.
   13 
   14    This notice must be preserved when any source code is
   15    conveyed and/or propagated.
   16 
   17    Bacula(R) is a registered trademark of Kern Sibbald.
   18 */
   19 /*
   20  *
   21  *   Bacula authentication. Provides authentication with
   22  *     File and Storage daemons.
   23  *
   24  *     Nicolas Boichat, August MMIV
   25  *
   26  *    This routine runs as a thread and must be thread reentrant.
   27  *
   28  *  Basic tasks done here:
   29  *
   30  */
   31 
   32 #include "tray-monitor.h"
   33 
   34 /* Commands sent to Director */
   35 static char DIRhello[]    = "Hello %s calling\n";
   36 
   37 static char SDhello[] = "Hello SD: Bacula Director %s calling\n";
   38 
   39 /* Response from Director */
   40 static char DIROKhello[]   = "1000 OK:";
   41 
   42 /* Commands sent to File daemon and received
   43  *  from the User Agent */
   44 static char FDhello[]    = "Hello Director %s calling\n";
   45 
   46 /* Response from SD */
   47 static char SDOKhello[]   = "3000 OK Hello";
   48 /* Response from FD */
   49 static char FDOKhello[] = "2000 OK Hello";
   50 
   51 /* Forward referenced functions */
   52 
   53 int authenticate_daemon(JCR *jcr, MONITOR *mon, RESMON *res)
   54 {
   55    BSOCK *bs = res->bs;
   56    int tls_local_need = BNET_TLS_NONE;
   57    int tls_remote_need = BNET_TLS_NONE;
   58    int compatible = true;
   59    char bashed_name[MAX_NAME_LENGTH];
   60    char *password, *p;
   61    int ret = 0;
   62 
   63    bstrncpy(bashed_name, mon->hdr.name, sizeof(bashed_name));
   64    bash_spaces(bashed_name);
   65    password = res->password;
   66 
   67    /* TLS Requirement */
   68    if (res->tls_enable) {
   69       tls_local_need = BNET_TLS_REQUIRED;
   70    }
   71 
   72    /* Timeout Hello after 5 mins */
   73    btimer_t *tid = start_bsock_timer(bs, 60 * 5);
   74    if (res->type == R_DIRECTOR) {
   75       p = DIRhello;
   76    } else if (res->type == R_STORAGE) {
   77       p = SDhello;
   78    } else {
   79       p = FDhello;
   80    }
   81 
   82    bs->fsend(p, bashed_name);
   83 
   84    if (!cram_md5_respond(bs, password, &tls_remote_need, &compatible) ||
   85        !cram_md5_challenge(bs, password, tls_local_need, compatible)) {
   86       Jmsg(jcr, M_FATAL, 0, _("Authorization problem.\n"
   87                               "Most likely the passwords do not agree.\n"
   88                               "For help, please see " MANUAL_AUTH_URL "\n"));
   89       goto bail_out;
   90    }
   91 
   92    /* Verify that the remote host is willing to meet our TLS requirements */
   93    if (tls_remote_need < tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
   94       Jmsg(jcr, M_FATAL, 0, _("Authorization problem:"
   95                             " Remote server did not advertise required TLS support.\n"));
   96       goto bail_out;
   97    }
   98 
   99    /* Verify that we are willing to meet the remote host's requirements */
  100    if (tls_remote_need > tls_local_need && tls_local_need != BNET_TLS_OK && tls_remote_need != BNET_TLS_OK) {
  101       Jmsg(jcr, M_FATAL, 0, ("Authorization problem:"
  102                              " Remote server requires TLS.\n"));
  103       goto bail_out;
  104    }
  105 
  106    /* Is TLS Enabled? */
  107    if (tls_local_need >= BNET_TLS_OK && tls_remote_need >= BNET_TLS_OK) {
  108       /* Engage TLS! Full Speed Ahead! */
  109       if (!bnet_tls_client(res->tls_ctx, bs, NULL)) {
  110          Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed\n"));
  111          goto bail_out;
  112       }
  113    }
  114 
  115    Dmsg1(6, "> %s", bs->msg);
  116    if (bs->recv() <= 0) {
  117       Jmsg1(jcr, M_FATAL, 0, _("Bad response to Hello command: ERR=%s\n"),
  118          bs->bstrerror());
  119       goto bail_out;
  120    }
  121    Dmsg1(10, "< %s", bs->msg);
  122    switch(res->type) {
  123    case R_DIRECTOR:
  124       p = DIROKhello;
  125       break;
  126    case R_CLIENT:
  127       p = FDOKhello;
  128       break;
  129    case R_STORAGE:
  130       p = SDOKhello;
  131       break;
  132    }
  133    if (strncmp(bs->msg, p, strlen(p)) != 0) {
  134       Jmsg(jcr, M_FATAL, 0, _("Daemon rejected Hello command\n"));
  135       goto bail_out;
  136    } else {
  137       //Jmsg0(jcr, M_INFO, 0, dir->msg);
  138    }
  139    ret = 1;
  140 bail_out:
  141    if (tid) {
  142       stop_bsock_timer(tid);
  143    }
  144    return ret;
  145 }