Skip to content

Commit

Permalink
traymon: switched to the new connection method
Browse files Browse the repository at this point in the history 
- removed unused function
- adapted bsock_test connect_to_server to the new method
  • Loading branch information
@franku
franku committed Oct 30, 2018
1 parent 7c40c91 commit d21a11a
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 72 deletions.
2 changes: 1 addition & 1 deletion core/src/dird/dird_conf.cc
View file
Expand Up @@ -218,7 +218,7 @@ static ResourceItem con_items[] = {
{ "Profile", CFG_TYPE_ALIST_RES, ITEM(res_con.profiles), R_PROFILE, 0, NULL, "14.2.3-",
"Profiles can be assigned to a Console. ACL are checked until either a deny ACL is found or an allow ACL. "
"First the console ACL is checked then any profile the console is linked to." },
{ "UsePamAuthentication", CFG_TYPE_BOOL, ITEM(res_con.use_pam_authentication_), 0, CFG_ITEM_DEFAULT, "true", NULL, NULL },
{ "UsePamAuthentication", CFG_TYPE_BOOL, ITEM(res_con.use_pam_authentication_), 0, CFG_ITEM_DEFAULT, "false", NULL, NULL },
TLS_COMMON_CONFIG(res_con),
TLS_CERT_CONFIG(res_con),
TLS_PSK_CONFIG(res_con),
Expand Down
60 changes: 0 additions & 60 deletions core/src/lib/bsock.cc
View file
Expand Up @@ -360,66 +360,6 @@ bool BareosSocket::ConsoleAuthenticateWithDirector(JobControlRecord *jcr,
return false;
}

bool BareosSocket::AuthenticateWithDirector(JobControlRecord *jcr,
const char *identity,
s_password &password,
char *response_text,
int response_len,
TlsResource *tls_resource)
{
static char OKAnswerFromDirector[] = "1000 OK:";

char bashed_name[MAX_NAME_LENGTH];
BareosSocket *dir = this; /* for readability */

response_text[0] = 0;

/*
* Send my name to the Director then do authentication
*/
bstrncpy(bashed_name, identity, sizeof(bashed_name));
BashSpaces(bashed_name);

dir->StartTimer(60 * 5); /* 5 minutes */
dir->fsend(hello, bashed_name);

if (!AuthenticateOutboundConnection(jcr, "Director", identity, password, tls_resource)) { goto bail_out; }

Dmsg1(6, ">dird: %s", dir->msg);
if (dir->recv() <= 0) {
dir->StopTimer();
Bsnprintf(response_text, response_len,
_("Bad response to Hello command: ERR=%s\n"
"The Director at \"%s:%d\" is probably not running.\n"),
dir->bstrerror(), dir->host(), dir->port());
return false;
}

dir->StopTimer();
Dmsg1(10, "<dird: %s", dir->msg);
if (!bstrncmp(dir->msg, OKAnswerFromDirector, sizeof(OKAnswerFromDirector) - 1)) {
Bsnprintf(response_text, response_len, _("Director at \"%s:%d\" rejected Hello command\n"), dir->host(),
dir->port());
return false;
} else {
Bsnprintf(response_text, response_len, "%s", dir->msg);
}

return true;

bail_out:
dir->StopTimer();
Bsnprintf(response_text, response_len,
_("Authorization problem with Director at \"%s:%d\"\n"
"Most likely the passwords do not agree.\n"
"If you are using TLS, there may have been a certificate "
"validation error during the TLS handshake.\n"
"Please see %s for help.\n"),
dir->host(), dir->port(), MANUAL_AUTH_URL);

return false;
}

/**
* Depending on the initiate parameter perform one of the following:
*
Expand Down
6 changes: 0 additions & 6 deletions core/src/lib/bsock.h
View file
Expand Up @@ -157,12 +157,6 @@ class BareosSocket : public SmartAlloc {
bool signal(int signal);
const char *bstrerror(); /* last error on socket */
bool despool(void UpdateAttrSpoolSize(ssize_t size), ssize_t tsize);
bool AuthenticateWithDirector(JobControlRecord *jcr,
const char *name,
s_password &password,
char *response,
int response_len,
TlsResource *tls_resource);
bool ConsoleAuthenticateWithDirector(JobControlRecord *jcr,
const char *name,
s_password &password,
Expand Down
11 changes: 7 additions & 4 deletions core/src/qt-tray-monitor/authenticate.cc
View file
Expand Up @@ -84,16 +84,19 @@ static AuthenticationResult AuthenticateWithDirector(JobControlRecord *jcr, Dire
? TlsConfigBase::BNET_TLS_AUTO : TlsConfigBase::BNET_TLS_NONE;

BareosSocket *dir = jcr->dir_bsock;
if (!dir->DoTlsHandshake(tls_policy, dir_res, false, qualified_resource_name.c_str(), monitor->password.value, jcr)) {
if (!dir->DoTlsHandshake(tls_policy, dir_res, false, qualified_resource_name.c_str(),
monitor->password.value, jcr)) {
return AuthenticationResult::kTlsHandshakeFailed;
}

char errmsg[1024];
int32_t errmsg_len = sizeof(errmsg);
if (!dir->AuthenticateWithDirector(jcr, monitor->name(),(s_password &) monitor->password, errmsg, errmsg_len, dir_res)) {
uint32_t response_id;
if (!dir->ConsoleAuthenticateWithDirector(jcr, monitor->name(), monitor->password,
errmsg, errmsg_len, dir_res, response_id)) {
Jmsg(jcr, M_FATAL, 0, _("Director authorization problem.\n"
"Most likely the passwords do not agree.\n"
"Please see %s for help.\n"), MANUAL_AUTH_URL);
"Most likely the passwords do not agree.\n"
"Please see %s for help.\n"), MANUAL_AUTH_URL);
return AuthenticationResult::kCramMd5HandshakeFailed;
}

Expand Down
4 changes: 3 additions & 1 deletion core/src/tests/bsock_test.cc
View file
Expand Up @@ -208,9 +208,11 @@ static bool connect_to_server(std::string console_name, std::string console_pass
Dmsg0(10, "socket connect failed\n");
} else {
Dmsg0(10, "socket connect OK\n");
if (!UA_sock->AuthenticateWithDirector(&jcr, name, *password, errmsg, errmsg_len, cons_dir_config.get())) {
uint32_t response_id;
if (!UA_sock->ConsoleAuthenticateWithDirector(&jcr, name, *password, errmsg, errmsg_len, cons_dir_config.get(), response_id)) {
Emsg0(M_ERROR, 0, "Authenticate Failed\n");
} else {
EXPECT_EQ(response_id, kMessageIdOk) << "Received the wrong message id.";
Dmsg0(10, "Authenticate Connect to Server successful!\n");
std::string cipher;
if (UA_sock->tls_conn) {
Expand Down

0 comments on commit d21a11a

Please sign in to comment.