}
if (!UA_sock->connect(NULL, 5, 15, heart_beat, "Director daemon", dir->address,
NULL, dir->DIRport, 0)) {
+ senditf("%s", UA_sock->errmsg);
UA_sock->destroy();
UA_sock = NULL;
terminate_console(0);
bool authenticate_storage_daemon(STORE *store);
};
-bool authenticate_storage_daemon(JCR *jcr, STORE *store)
+bool authenticate_storage_daemon(JCR *jcr, STORE *store, int *status, POOLMEM **errmsg)
{
- return DIRAuthenticateSD(jcr).authenticate_storage_daemon(store);
+ DIRAuthenticateSD elt(jcr);
+ bool ret = elt.authenticate_storage_daemon(store);
+ if (!ret) {
+ pm_strcpy(errmsg, elt.errmsg);
+ *status = elt.status;
+ }
+ return ret;
}
bool DIRAuthenticateSD::authenticate_storage_daemon(STORE *store)
StartAuthTimeout();
/* Sent Hello SD: Bacula Director <dirname> calling <version> */
if (!sd->fsend(hello, "SD: Bacula ", dirname, DIR_VERSION, tlspsk_local_need)) {
- Dmsg3(dbglvl, _("Error sending Hello to Storage daemon at \"%s:%d\". ERR=%s\n"),
- sd->host(), sd->port(), sd->bstrerror());
- Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to Storage daemon at \"%s:%d\". ERR=%s\n"),
- sd->host(), sd->port(), sd->bstrerror());
+ status = M_FATAL;
+ MmsgD3(dbglvl, errmsg, _("[DE0011] Error sending Hello to Storage daemon at \"%s:%d\". ERR=%s\n"),
+ sd->host(), sd->port(), sd->bstrerror());
return false;
}
Dmsg1(116, ">stored: %s", sd->msg);
if (sd->recv() <= 0) {
- Jmsg3(jcr, M_FATAL, 0, _("bdird<stored: \"%s:%s\" bad response to Hello command: ERR=%s\n"),
- sd->who(), sd->host(), sd->bstrerror());
+ status = M_FATAL;
+ Mmsg(errmsg, _("[DE0011] bdird<stored: \"%s:%s\" bad response to Hello command: ERR=%s\n"),
+ sd->who(), sd->host(), sd->bstrerror());
return 0;
}
Dmsg1(110, "<stored: %s", sd->msg);
jcr->SDVersion = 0;
if (sscanf(sd->msg, SDOKnewHello, &jcr->SDVersion) != 1 &&
- strncmp(sd->msg, OKhello, sizeof(OKhello)) != 0) {
- Dmsg0(dbglvl, _("Storage daemon rejected Hello command\n"));
- Jmsg2(jcr, M_FATAL, 0, _("Storage daemon at \"%s:%d\" rejected Hello command\n"),
- sd->host(), sd->port());
+ strncmp(sd->msg, OKhello, sizeof(OKhello)) != 0)
+ {
+ status = M_FATAL;
+ MmsgD2(dbglvl, errmsg, _("[DE0011] Storage daemon at \"%s:%d\" rejected Hello command\n"),
+ sd->host(), sd->port());
return 0;
}
/* For newer SD turn on comm line compression */
Dmsg0(050, "*** No Dir compression to SD\n");
}
if (jcr->SDVersion < SD_VERSION) {
- Jmsg2(jcr, M_FATAL, 0, _("Older Storage daemon at \"%s:%d\" incompatible with this Director.\n"),
- sd->host(), sd->port());
+ status = M_FATAL;
+ Mmsg(errmsg, _("[DE0011] Older Storage daemon at \"%s:%d\" incompatible with this Director.\n"),
+ sd->host(), sd->port());
return 0;
}
return 1;
int authenticate_file_daemon();
};
-int authenticate_file_daemon(JCR *jcr)
+int authenticate_file_daemon(JCR *jcr, int *status, POOLMEM **errmsg)
{
- return DIRAuthenticateFD(jcr).authenticate_file_daemon();
+ DIRAuthenticateFD auth(jcr);
+ int ret = auth.authenticate_file_daemon();
+ if (!ret) {
+ *status = auth.status;
+ pm_strcpy(errmsg, auth.errmsg);
+ }
+ return ret;
}
int DIRAuthenticateFD::authenticate_file_daemon()
/* Timeout Hello after 1 min */
StartAuthTimeout();
if (!fd->fsend(hello, "", dirname, DIR_VERSION, tlspsk_local_need)) {
- Dmsg3(dbglvl, _("Error sending Hello to File daemon at \"%s:%d\". ERR=%s\n"),
- fd->host(), fd->port(), fd->bstrerror());
- Jmsg(jcr, M_FATAL, 0, _("Error sending Hello to File daemon at \"%s:%d\". ERR=%s\n"),
+ status = M_FATAL;
+ MmsgD3(dbglvl, errmsg, _("[DE0011] Error sending Hello to File daemon at \"%s:%d\". ERR=%s\n"),
fd->host(), fd->port(), fd->bstrerror());
return false;
}
Dmsg1(116, ">filed: %s", fd->msg);
if (fd->recv() <= 0) {
- Dmsg1(dbglvl, _("Bad response from File daemon to Hello command: ERR=%s\n"),
- fd->bstrerror());
- Jmsg(jcr, M_FATAL, 0, _("Bad response from File daemon at \"%s:%d\" to Hello command: ERR=%s\n"),
- fd->host(), fd->port(), fd->bstrerror());
+ status = M_FATAL;
+ MmsgD3(dbglvl, errmsg, _("[DE0011] Bad response from File daemon at \"%s:%d\" to Hello command: ERR=%s\n"),
+ fd->host(), fd->port(), fd->bstrerror());
return 0;
}
Dmsg1(110, "<filed: %s", fd->msg);
StopAuthTimeout();
jcr->FDVersion = 0;
if (strncmp(fd->msg, FDOKhello, sizeof(FDOKhello)) != 0 &&
- sscanf(fd->msg, FDOKnewHello, &jcr->FDVersion) != 1) {
- Dmsg0(dbglvl, _("File daemon rejected Hello command\n"));
- Jmsg(jcr, M_FATAL, 0, _("File daemon at \"%s:%d\" rejected Hello command\n"),
- fd->host(), fd->port());
+ sscanf(fd->msg, FDOKnewHello, &jcr->FDVersion) != 1)
+ {
+ status = M_FATAL;
+ MmsgD2(dbglvl, errmsg, _("[DE0011] File daemon at \"%s:%d\" rejected Hello command\n"),
+ fd->host(), fd->port());
return 0;
}
/* For newer FD turn on comm line compression */
}
virtual ~UAAuthenticate() {};
void TLSFailure() {
- Jmsg(jcr, M_SECURITY, 0, _("TLS negotiation failed with %s at \"%s:%d\"\n"),
- GetRemoteClassShortName(), bsock->host(), bsock->port());
+ status = M_SECURITY;
+ MmsgD3(dbglvl, errmsg, _("TLS negotiation failed with %s at \"%s:%d\"\n"),
+ GetRemoteClassShortName(), bsock->host(), bsock->port());
}
int authenticate_user_agent();
bool legacy_auth = true;
if (ua->msglen < 16 || ua->msglen >= MAX_NAME_LENGTH + 15) {
- Qmsg3(NULL, M_SECURITY, 0, _("UA Hello from %s:%s is invalid. Len=%d\n"), ua->who(),
- ua->host(), ua->msglen);
+ status = M_SECURITY;
+ Mmsg(errmsg, _("[DE0011] UA Hello from %s:%s is invalid. Len=%d\n"), ua->who(),
+ ua->host(), ua->msglen);
sleep(5);
return 0;
}
scan_string(ua->msg, "Hello %127s calling", name) != 1)
{
ua->msg[100] = 0; /* terminate string */
- Qmsg3(NULL, M_SECURITY, 0, _("UA Hello from %s:%s is invalid. Got: %s\n"), ua->who(),
- ua->host(), ua->msg);
+ status = M_SECURITY;
+ Mmsg(errmsg, _("[DE0011] UA Hello from %s:%s is invalid. Got: %s\n"), ua->who(),
+ ua->host(), ua->msg);
sleep(5);
return 0;
}
auth_done:
if (!auth_success) {
ua->fsend("%s", _(Dir_sorry));
- Jmsg4(NULL, M_SECURITY, 0, _("Unable to authenticate console \"%s\" at %s:%s:%d.\n"),
- name, ua->who(), ua->host(), ua->port());
+ status = M_SECURITY;
+ Mmsg(errmsg, _("[DE0015] Unable to authenticate console \"%s\" at %s:%s:%d.\n"),
+ name, ua->who(), ua->host(), ua->port());
sleep(5);
return 0;
}
authData = (bDirAuthenticationRegister*) dir_authplugin_getauthenticationData(uac->jcr, cons->hdr.name, cons->authenticationplugin);
if (authData == NULL)
{
+ status = M_FATAL;
+ Mmsg(errmsg, "[DE0011] Incorrect authentication plugin initialization\n");
return false;
}
// do tls before real auth
if (!ServerEarlyTLS())
- {
+ { // errmsg already edited
return false;
}
// We require to have TLS setup to use authentication plugins
if (!tls_started) {
- Dmsg0(dbglvl, "Unable to use Plugin Authentication because TLS is not available\n");
+ status = M_FATAL;
+ MmsgD0(dbglvl, errmsg, _("[DE0011] Unable to use Plugin Authentication because TLS is not available\n"));
return false;
}
// send auth plugin start packet and optional welcome string to console
if (!bsock->fsend("auth interactive %s\n", NPRTB(authData->welcome))) {
- Dmsg1(dbglvl, "Send interactive start comm error. ERR=%s\n", bsock->bstrerror());
+ status = M_FATAL;
+ MmsgD1(dbglvl, errmsg, "[DE0011] Send interactive start comm error. ERR=%s\n", bsock->bstrerror());
return false;
}
for (uint i = 0; i < authData->num; i++){
Dmsg1(dbglvl, "bDirAuthenticationData step %d\n", i);
if (dir_authplugin_do_interaction(uac->jcr, bsock, authData->name, (void *)&data[i]) != bRC_OK){
+ status = M_FATAL;
+ Mmsg(errmsg, "[DE0011] Invalid authentication protocol\n");
return false;
}
}
if (dir_authplugin_authenticate(uac->jcr, bsock, authData->name) != bRC_OK){
+ status = M_FATAL;
+ Mmsg(errmsg, "[DE0015] Authorization failed\n");
bsock->fsend(_("1999 Authorization failed !!!.\n"));
bmicrosleep(5, 0);
return false;
char ed1[100];
db_int64_ctx job, first, last;
int64_t val=0;
- POOL_MEM buf;
+ POOL_MEM buf, tmp;
if (jcr->is_JobLevel(L_VIRTUAL_FULL)) {
return do_vbackup(jcr);
Dmsg1(100, "Connected to the storage: %s\n", jcr->store_mngr->get_wstore()->name());
}
+ /* Print connection info only for real jobs */
+ build_connecting_info_log(_("Storage"), jcr->store_mngr->get_wstore()->name(),
+ get_storage_address(jcr->client, jcr->store_mngr->get_wstore()),
+ jcr->store_mngr->get_wstore()->SDport,
+ jcr->store_bsock->tls ? true : false, buf.addr());
+ Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
+
alist wlist;
wlist.init(10, not_owned_by_alist);
wlist.append(store);
}
jcr->setJobStatus(JS_WaitFD);
if (!connect_to_file_daemon(jcr, 10, FDConnectTimeout, 1)) {
+ Jmsg(jcr, M_FATAL, 0, "%s", jcr->errmsg);
goto bail_out;
}
jcr->setJobStatus(JS_Running);
fd = jcr->file_bsock;
+ /* Print connection info only for real jobs */
+ build_connecting_info_log(_("Client"), jcr->client->name(),
+ get_client_address(jcr, jcr->client, tmp.addr()), jcr->client->FDport,
+ fd->tls ? true : false, buf.addr());
+ Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
+
if (!send_level_command(jcr)) {
goto bail_out;
}
jcr->CommCompressedBytes = CommCompressedBytes;
jcr->Snapshot = VSS;
jcr->Encrypt = Encrypt;
- } else if (jcr->getJobStatus() != JS_Canceled) {
- Jmsg(jcr, M_FATAL, 0, _("No Job status returned from FD.\n"));
+ } else if (!jcr->is_canceled()) {
+ Jmsg(jcr, M_FATAL, 0, _("No Job status returned from FD. %c\n"), jcr->getJobStatus());
}
/* Return the first error status we find Dir, FD, or SD */
* Open connection with File daemon.
* Try connecting every retry_interval (default 10 sec), and
* give up after max_retry_time (default 30 mins).
+ * If the return code is 0, the error is stored inside jcr->errmsg
+ * Need to call free_bsock() if an error occurs outside of a job
*/
int connect_to_file_daemon(JCR *jcr, int retry_interval, int max_retry_time,
BSOCK *fd = jcr->file_bsock;
char ed1[30];
utime_t heart_beat;
+ int status;
if (!jcr->client) {
- Jmsg(jcr, M_FATAL, 0, _("File daemon not defined for current Job\n"));
+ Mmsg(jcr->errmsg, _("[DE0017] File daemon not defined for current Job\n"));
Dmsg0(10, "No Client defined for the job.\n");
return 0;
}
} else {
heart_beat = director->heartbeat_interval;
}
-
if (!is_bsock_open(jcr->file_bsock)) {
char name[MAX_NAME_LENGTH + 100];
POOL_MEM buf, tmp;
Dmsg0(DT_NETWORK, "Found a socket, keep it!\n");
job_end_push(jcr, delete_bsock_end_cb, (void *)jcr->file_bsock);
}
-
- /* if address == NULL forget it */
if (!fd) {
- Dmsg0(DT_NETWORK, "No socket in client \n");
- jcr->setJobStatus(JS_ErrorTerminated);
+ Mmsg(jcr->errmsg, "[DE0010] No socket found of the client\n");
return 0;
}
jcr->file_bsock = fd;
jcr->client->FDport,
verbose)) {
fd->close();
- jcr->setJobStatus(JS_ErrorTerminated);
+ pm_strcpy(jcr->errmsg, fd->errmsg);
return 0;
}
Dmsg0(10, "Opened connection with File daemon\n");
fd->res = (RES *)jcr->client; /* save resource in BSOCK */
jcr->setJobStatus(JS_Running);
- if (!authenticate_file_daemon(jcr)) {
- jcr->setJobStatus(JS_ErrorTerminated);
- Dmsg0(10, "Authentication error with FD.\n");
+ if (!authenticate_file_daemon(jcr, &status, &jcr->errmsg)) {
+ Dmsg1(10, "Authentication error with FD. %s\n", jcr->errmsg);
return 0;
}
- if (jcr->JobId > 0) {
- /* Print connection info only for real jobs */
- POOL_MEM buf, tmp;
- CLIENT *client = jcr->client;
-
- build_connecting_info_log(_("Client"), client->name(),
- get_client_address(jcr, client, tmp.addr()), client->FDport,
- fd->tls ? true : false, buf.addr());
- Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
- }
-
/*
* Now send JobId and authorization key
*/
if (bget_dirmsg(jcr, fd, BSOCK_TYPE_FD) > 0) {
Dmsg1(110, "<filed: %s", fd->msg);
if (strncmp(fd->msg, OKjob, strlen(OKjob)) != 0) {
- Jmsg(jcr, M_FATAL, 0, _("File daemon \"%s\" rejected Job command: %s\n"),
+ Mmsg(jcr->errmsg, _("[DE0011] File daemon \"%s\" rejected Job command: %s\n"),
jcr->client->hdr.name, fd->msg);
- jcr->setJobStatus(JS_ErrorTerminated);
return 0;
+
} else if (jcr->db) {
CLIENT_DBR cr;
memset(&cr, 0, sizeof(cr));
bstrncpy(cr.Uname, fd->msg+strlen(OKjob)+1, sizeof(cr.Uname));
if (!db_update_client_record(jcr, jcr->db, &cr)) {
- Jmsg(jcr, M_WARNING, 0, _("Error updating Client record. ERR=%s\n"),
- db_strerror(jcr->db));
+ Jmsg(jcr, M_WARNING, 0, _("[DE0008] Error updating Client record. ERR=%s\n"),
+ db_strerror(jcr->db));
}
}
} else {
- Jmsg(jcr, M_FATAL, 0, _("FD gave bad response to JobId command: %s\n"),
+ Mmsg(jcr->errmsg, _("[DE0011] FD gave bad response to JobId command: %s\n"),
fd->bstrerror());
- jcr->setJobStatus(JS_ErrorTerminated);
return 0;
}
return 1;
old_client = ua->jcr->client;
ua->jcr->client = jcr->client;
if (!connect_to_file_daemon(ua->jcr, 10, FDConnectTimeout, 1)) {
- ua->error_msg(_("Failed to connect to File daemon.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
goto bail_out;
}
Dmsg3(10, "Connected to file daemon %s for cancel ua.jcr=%p jcr=%p\n",
utime_t heart_beat;
STORE *wstore = jcr->store_mngr->get_wstore();
POOL_MEM buf;
+ int status;
if (is_bsock_open(sd)) {
return true; /* already connected */
}
if (!store) {
- Dmsg1(100, "No storage resource found in jcr for JobId: %d!\n", jcr->JobId);
+ MmsgD1(100, jcr->errmsg, "[DE0017] No storage resource found in jcr for JobId: %d!\n", jcr->JobId);
return false;
}
sd->set_source_address(director->DIRsrc_addr);
Mmsg(buf, _("Storage Daemon \"%s\""), store->name());
if (!sd->connect(jcr, retry_interval, max_retry_time, heart_beat, buf.c_str(),
- store->address, NULL, store->SDport, verbose)) {
-
+ store->address, NULL, store->SDport, verbose))
+ {
+ pm_strcpy(jcr->errmsg, sd->errmsg);
if (!jcr->store_bsock) { /* The bsock was locally created, so we free it here */
free_bsock(sd);
}
}
if (sd == NULL) {
+ /* Not able to connect the SD, error message in jcr->errmsg */
return false;
}
sd->res = (RES *)store; /* save pointer to other end */
jcr->store_bsock = sd;
- if (!authenticate_storage_daemon(jcr, store)) {
+ if (!authenticate_storage_daemon(jcr, store, &status, &jcr->errmsg)) {
sd->close();
return false;
}
-
- if (jcr->JobId > 0) {
- /* Print connection info only for real jobs */
- build_connecting_info_log(_("Storage"), store->name(),
- get_storage_address(jcr->client, store), store->SDport,
- sd->tls ? true : false, buf.addr());
- Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
- }
-
return true;
}
/* authenticate.c */
-extern bool authenticate_storage_daemon(JCR *jcr, STORE *store);
-extern int authenticate_file_daemon(JCR *jcr);
+extern bool authenticate_storage_daemon(JCR *jcr, STORE *store, int *status, POOLMEM **errmsg);
+extern int authenticate_file_daemon(JCR *jcr, int *status, POOLMEM **errmsg);
extern int authenticate_user_agent(UAContext *ua);
/* autoprune.c */
uint32_t store_port;
bool first_time = true;
bootstrap_info info;
- POOL_MEM restore_cmd(PM_MESSAGE);
+ POOL_MEM restore_cmd(PM_MESSAGE), buf(PM_FNAME);
bool ret = false;
/* Open the bootstrap file */
goto bail_out;
}
sd = jcr->store_bsock;
+
+ build_connecting_info_log(_("Storage"), jcr->store_mngr->get_rstore()->name(),
+ get_storage_address(jcr->client, jcr->store_mngr->get_rstore()),
+ jcr->store_mngr->get_rstore()->SDport,
+ sd->tls ? true : false, buf.addr());
+ Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
+
/*
* Now start a job with the Storage daemon
*/
}
if (first_time) {
+ POOL_MEM tmp, buf;
/*
* Start conversation with File daemon
*/
jcr->setJobStatus(JS_WaitFD);
jcr->keep_sd_auth_key = true; /* don't clear the sd_auth_key now */
if (!connect_to_file_daemon(jcr, 10, FDConnectTimeout, 1)) {
+ Jmsg(jcr, M_FATAL, 0, "%s", jcr->errmsg);
goto bail_out;
}
fd = jcr->file_bsock;
build_restore_command(jcr, restore_cmd);
+
+ build_connecting_info_log(_("Client"), jcr->client->name(),
+ get_client_address(jcr, jcr->client, tmp.addr()), jcr->client->FDport,
+ fd->tls ? true : false, buf.addr());
+ Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
}
jcr->setJobStatus(JS_Running);
ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
client->name(), get_client_address(ua->jcr, client, buf.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
free_bsock(ua->jcr->file_bsock);
ua->jcr->client = old_client;
return 0;
client->name(), get_client_address(ua->jcr, client, tmp.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
goto bail_out;
}
ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
client->name(), get_client_address(ua->jcr, client, tmp.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
free_bsock(ua->jcr->file_bsock);
ua->jcr->client = NULL;
client = NULL;
ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
client->name(), get_client_address(ua->jcr, client, buf.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
goto bail_out;
}
Dmsg0(120, "Connected to file daemon\n");
client->name(), get_client_address(ua->jcr, client, buf.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
goto bail_out;
}
Dmsg0(120, "Connected to file daemon\n");
ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
jcr->client->name(), get_client_address(jcr, jcr->client, buf.addr()), jcr->client->FDport);
if (!connect_to_file_daemon(jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", jcr->errmsg);
goto bail_out;
}
POOL_MEM buf;
if (!acl_access_client_ok(ua, client->name(), JT_BACKUP_RESTORE)) {
- ua->error_msg(_("No authorization for Client \"%s\"\n"), client->name());
+ ua->error_msg(_("[DE0016] No authorization for Client \"%s\"\n"), client->name());
return;
}
/* Connect to File daemon */
if (!ua->api) ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
client->name(), get_client_address(ua->jcr, client, buf.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->send_msg(_("Failed to connect to Client %s.\n====\n"),
- client->name());
+ ua->error_msg("%s", ua->jcr->errmsg);
free_bsock(ua->jcr->file_bsock);
return;
}
*/
if (have_restricted_acl(ua, Client_ACL) ||
have_restricted_acl(ua, Job_ACL)) {
- ua->error_msg(_("Restricted Client or Job does not permit access to Storage daemons\n"));
+ ua->error_msg(_("[DE0016] Restricted Client or Job does not permit access to Storage daemons\n"));
return;
}
char *plugin = NULL;
JCR *jcr = ua->jcr;
int i;
+ bool ret = false;
jcr->setJobLevel(L_FULL);
i = find_arg_with_value(ua, NT_("client"));
jcr->client->FDport);
if (!connect_to_file_daemon(jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
- return false;
+ ua->error_msg("%s", jcr->errmsg);
+ goto bail_out;
}
/* when .ls plugin prepare a special ls_plugin_fileset */
ua->send_msg("%s", jcr->file_bsock->msg);
}
+ ret = true;
+
bail_out:
if (jcr->file_bsock) {
jcr->file_bsock->signal(BNET_TERMINATE);
free_bsock(ua->jcr->file_bsock);
}
- return true;
+ jcr->client = NULL;
+ return ret;
}
#ifdef COMMUNITY
store->name(), store->address, store->SDport);
if (!connect_to_storage_daemon(jcr, 1, 15, 0)) {
ua->error_msg(_("Failed to connect to Storage daemon.\n"));
- return;
+ goto bail_out;
}
Dmsg0(120, _("Connected to storage daemon\n"));
sd = jcr->store_bsock;
ua->send_msg("%s", sd->msg);
}
sd->signal(BNET_TERMINATE);
+
+bail_out:
free_bsock(ua->jcr->store_bsock);
return;
}
ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
client->name(), get_client_address(ua->jcr, client, buf.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", ua->jcr->errmsg);
goto bail_out;
}
Dmsg0(120, "Connected to file daemon\n");
bail_out:
free_bsock(ua->jcr->file_bsock);
+ ua->jcr->client = NULL;
return;
}
init_jcr_job_record(jcr); // need job
if (!connect_to_file_daemon(jcr, 1, 15, 0)) {
- ua->error_msg(_("error=Failed to connect to Client.\n"));
+ ua->error_msg("%s", jcr->errmsg);
goto bail_out;
}
while (jcr->file_bsock->recv() >= 0) {
ua->send_msg("%s", jcr->file_bsock->msg);
}
+ ret = true;
ret = true;
}
if (!connect_to_file_daemon(jcr, 1, 15, 0)) {
- ua->error_msg(_("Failed to connect to Client.\n"));
+ ua->error_msg("%s", jcr->errmsg);
goto bail_out;
}
int i;
if (!acl_access_client_ok(ua, client->name(), JT_BACKUP_RESTORE)) {
- ua->error_msg(_("No authorization for Client \"%s\"\n"), client->name());
+ ua->error_msg(_("[DE0016] No authorization for Client \"%s\"\n"), client->name());
return;
}
if (!ua->api) ua->send_msg(_("Connecting to Client %s at %s:%d\n"),
client->name(), get_client_address(ua->jcr, client, buf.addr()), client->FDport);
if (!connect_to_file_daemon(ua->jcr, 1, 15, 0)) {
- ua->send_msg(_("Failed to connect to Client %s.\n====\n"),
- client->name());
+ ua->error_msg("%s", ua->jcr->errmsg);
free_bsock(ua->jcr->file_bsock);
return;
}
*/
jcr->setJobStatus(JS_Blocked);
if (!connect_to_file_daemon(jcr, 10, FDConnectTimeout, 1)) {
+ Jmsg(jcr, M_FATAL, 0, "%s", jcr->errmsg);
goto bail_out;
}
jcr->setJobStatus(JS_Running);
fd = jcr->file_bsock;
+ {
+ POOL_MEM buf, tmp;
+ /* Print connection info only for real jobs */
+ build_connecting_info_log(_("Client"), jcr->client->name(),
+ get_client_address(jcr, jcr->client, tmp.addr()), jcr->client->FDport,
+ fd->tls ? true : false, buf.addr());
+ Jmsg(jcr, M_INFO, 0, "%s", buf.c_str());
+ }
Dmsg0(30, ">filed: Send include list\n");
if (!send_include_list(jcr)) {
if (!director) {
char addr[64];
char *who = dir->get_peer(addr, sizeof(addr)) ? dir->who() : addr;
- Jmsg2(jcr, M_FATAL, 0, _("Connection from unknown Director %s at %s rejected.\n"),
+ Jmsg2(jcr, M_FATAL, 0, _("[FE0016] Connection from unknown Director %s at %s rejected.\n"),
dirname, who);
goto auth_fatal;
}
stat = sd->recv();
if (stat <= 0) {
berrno be;
- Jmsg1(jcr, M_FATAL, 0, _("Recv caps from SD failed. ERR=%s\n"),
+ Jmsg1(jcr, M_FATAL, 0, _("[FE0011] Recv caps from SD failed. ERR=%s\n"),
be.bstrerror());
Dmsg1(050, _("Recv caps from SD failed. ERR=%s\n"), be.bstrerror());
return false;
*/
Dmsg1(dbglvl, ">dird: %s", UA_sock->msg);
if (UA_sock->recv() <= 0) {
- Mmsg(jcr->errmsg, _("Bad response to Hello command: ERR=%s\n"),
- UA_sock->bstrerror());
+ Mmsg(errmsg, _("[FE0011] Bad response to Hello command: ERR=%s\n"),
+ UA_sock->bstrerror());
return false;
}
if (strncmp(UA_sock->msg, DirOKhello, sizeof(DirOKhello)-3) == 0) {
sscanf(UA_sock->msg, DirOKhello, &dir_version);
} else {
- Mmsg(jcr->errmsg, _("Director rejected Hello command\n"));
+ Mmsg(errmsg, _("[FE0011] Director rejected Hello command\n"));
return false;
}
/* Turn on compression for newer Directors */
UA_sock = new_bsock();
if (!UA_sock->connect(NULL, 5, 15, heart_beat, "Director daemon", dir->address,
NULL, dir->DIRport, 0)) {
+ pm_strcpy(jcr->errmsg, UA_sock->errmsg);
free_bsock(UA_sock);
return NULL;
}
- if (FDUAAuthenticateDir(jcr, UA_sock).authenticate_director(name, dir, mode)) {
+ FDUAAuthenticateDir auth(jcr, UA_sock);
+ if (auth.authenticate_director(name, dir, mode)) {
return UA_sock;
}
free_bsock(UA_sock);
Mmsg(jcr->errmsg,
- ( _("Director authorization problem.\n"
- "Most likely the passwords do not agree.\n"
- "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
- "For help, please see " MANUAL_AUTH_URL "\n")));
+ _("Director authorization problem.\n"
+ "Most likely the passwords do not agree.\n"
+ "If you are using TLS, there may have been a certificate validation error during the TLS handshake.\n"
+ "For help, please see " MANUAL_AUTH_URL "\n%s"), auth.errmsg);
return NULL;
}
tid(NULL),
auth_success(false),
check_early_tls(false),
-tls_started(false)
+tls_started(false),
+errmsg(get_pool_memory(PM_FNAME)),
+status(0)
{
local_name[0]='\0';
remote_name[0]='\0';
+ errmsg[0]='\0';
}
AuthenticateBase::~AuthenticateBase()
{
StopAuthTimeout();
+ free_pool_memory(errmsg);
}
/*
/* Verify that the connection is willing to meet our TLS requirements */
switch (TestTLSRequirement()) {
case TLS_REQ_ERR_LOCAL:
- Jmsg(jcr, msg_type, 0, _("Authorization problem: %s \"%s:%s\" did not advertise required TLS support.\n"),
- GetRemoteClassShortName(), bsock->who(), bsock->host());
+ status = msg_type;
+ Mmsg(errmsg, _("[%cE0017] Authorization problem: %s \"%s:%s\" did not advertise required TLS support.\n"),
+ component_code, GetLocalClassShortName(), bsock->who(), bsock->host());
return false;
case TLS_REQ_ERR_REMOTE:
- Jmsg(jcr, msg_type, 0, _("Authorization problem: %s \"%s:%s\" did not advertise required TLS support.\n"),
- GetRemoteClassShortName(), bsock->who(), bsock->host());
+ status = msg_type;
+ Mmsg(errmsg, _("[%cE0017] Authorization problem: %s \"%s:%s\" did not advertise required TLS support.\n"),
+ component_code, GetRemoteClassShortName(), bsock->who(), bsock->host());
return false;
case TLS_REQ_OK:
break;
check_early_tls=true;
if (bsock->recv() <= 0) {
bmicrosleep(5, 0); // original cram_md5_respond() wait for 5s here
+ status = M_FATAL;
+ Mmsg(errmsg, "[%cE0011] Unable to get starttls protocol\n", component_code);
return false;
}
if (scan_string(bsock->msg, "starttls tlspsk=%d\n", &tlspsk_remote) != EOF) {
(local_class == dcFD && remote_class == dcSD))) {
if (jcr && job_canceled(jcr)) {
auth_success = false;
+ status = M_FATAL;
+ Mmsg(errmsg, "[DE0019] Job is canceled\n");
return false; /* quick exit */
}
}
if (local_class == dcSD && remote_class == dcSD) {
if (jcr && job_canceled(jcr)) {
auth_success = false;
+ status = M_FATAL;
+ Mmsg(errmsg, "[DE0019] Job is canceled\n");
return false; /* quick exit */
}
}
(local_class == dcSD && remote_class == dcFD) ) {
Dmsg2(authdl, "Authorization key rejected by %s at %s.\n",
GetRemoteClassShortName(), bsock->who());
- Jmsg(jcr, M_FATAL, 0, _("Authorization key rejected by %s at %s rejected.\n"
- "For help, please see: " MANUAL_AUTH_URL "\n"),
- GetRemoteClassLongName(), bsock->who());
+ status = M_FATAL;
+ Mmsg(errmsg, _("[%cE0015] Authorization key rejected by %s at %s rejected.\n"
+ "For help, please see: " MANUAL_AUTH_URL "\n"),
+ component_code,
+ GetRemoteClassLongName(), bsock->who());
} else if ((local_class == dcDIR && (remote_class == dcSD || remote_class == dcFD))) {
Dmsg2(authdl, _("%s and %s passwords or names not the same.\n"),
GetLocalClassLongName(), GetRemoteClassLongName());
- Jmsg6(jcr, M_FATAL, 0,
- _("%s unable to authenticate with %s at \"%s:%d\". Possible causes:\n"
+ status = M_FATAL;
+ Mmsg(errmsg,
+ _("[%cE0015] %s unable to authenticate with %s at \"%s:%d\". Possible causes:\n"
"Passwords or names not the same or\n"
"Maximum Concurrent Jobs exceeded on the %s or\n"
"%s networking messed up (restart daemon).\n"
"For help, please see: " MANUAL_AUTH_URL "\n"),
+ component_code,
GetLocalClassLongName(), GetRemoteClassLongName(),
bsock->host(), bsock->port(),
GetRemoteClassShortName(), GetRemoteClassShortName());
*/
if (!bsock->fsend("starttls tlspsk=%d\n", tlspsk_local_need)) {
// TODO tweak the error message
- Qmsg3(NULL, M_SECURITY, 0, _("Connection with %s:%s starttls comm error. ERR=%s\n"), bsock->who(),
- bsock->host(), bsock->bstrerror());
+ status = M_SECURITY;
+ Mmsg(errmsg, _("[%cE0011] Connection with %s:%s starttls comm error. ERR=%s\n"),
+ component_code, bsock->who(), bsock->host(), bsock->bstrerror());
sleep(5);
return false;
}
bsock->who());
} else if ((local_class == dcFD && remote_class == dcSD) ||
(local_class == dcSD && remote_class == dcFD) ) {
- Jmsg(jcr, M_FATAL, 0, _("Incorrect authorization key from %s at %s rejected.\n"
- "For help, please see: " MANUAL_AUTH_URL "\n"),
- GetRemoteClassLongName(), bsock->who());
+ status = M_FATAL;
+ Mmsg(errmsg, _("Incorrect authorization key from %s at %s rejected.\n"
+ "For help, please see: " MANUAL_AUTH_URL "\n"),
+ GetRemoteClassLongName(), bsock->who());
} else {
- Jmsg1(jcr, M_FATAL, 0, _("Incorrect password given by %s.\n"
- "For help, please see: " MANUAL_AUTH_URL "\n"), GetRemoteClassLongName());
+ status = M_FATAL;
+ Mmsg(errmsg, _("Incorrect password given by %s.\n"
+ "For help, please see: " MANUAL_AUTH_URL "\n"),
+ GetRemoteClassLongName());
}
}
if (tls_authenticate) { /* authentication only? */
void AuthenticateBase::TLSFailure()
{
- Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed with %s at \"%s:%d\"\n"),
- GetRemoteClassShortName(), bsock->host(), bsock->port());
+ status = M_FATAL;
+ Mmsg(errmsg, _("TLS negotiation failed with %s at \"%s:%d\"\n"),
+ GetRemoteClassShortName(), bsock->host(), bsock->port());
}
bool AuthenticateBase::HandleTLS()
return true;
}
if (!CheckTLSRequirement()) {
+ status = M_FATAL;
return false;
}
}
if (ctx != NULL) {
if ((local_type==dtCli && !bnet_tls_client(ctx, bsock, verify_list, password)) ||
- (local_type==dtSrv && !bnet_tls_server(ctx, bsock, verify_list, password))) {
- TLSFailure();
+ (local_type==dtSrv && !bnet_tls_server(ctx, bsock, verify_list, password)))
+ {
+ // errmsg set by bnet_tls_server/bnet_tls_client
+ pm_strcpy(errmsg, bsock->errmsg);
+ status = M_FATAL;
return false;
}
tls_started = true;
bool tls_started;
public:
-
+ POOLMEM *errmsg;
+ int status;
enum DaemonClass { dcUnknown=0, dcCON, dcFD, dcSD, dcDIR, dcGUI };
enum DaemonType { dtUnknown=0, dtCli, dtSrv };
*/
#ifdef HAVE_TLS
bool bnet_tls_server(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list,
- const char *psk_shared_key)
+ const char *psk_shared_key)
{
TLS_CONNECTION *tls;
JCR *jcr = bsock->jcr();
tls = new_tls_connection(ctx, bsock->m_fd);
if (!tls) {
- Qmsg0(bsock->jcr(), M_FATAL, 0, _("TLS connection initialization failed.\n"));
+ Mmsg(bsock->errmsg, _("[%cE0016] TLS connection initialization failed.\n"), component_code);
return false;
}
if (get_tls_psk_context(ctx)) {
if (!psk_shared_key || !psk_set_shared_key(tls, psk_shared_key)) {
- Dmsg0(0, "Cannot setup TLS-PSK shared key\n");
- return false;
+ Dmsg0(10, "Cannot setup TLS-PSK shared key\n");
+ goto err;
}
}
/* Initiate TLS Negotiation */
if (!tls_bsock_accept(bsock)) {
- Qmsg0(bsock->jcr(), M_FATAL, 0, _("TLS Negotiation failed.\n"));
+ Mmsg(bsock->errmsg, _("[%cE0017] TLS Negotiation failed.\n"), component_code);
goto err;
}
if (!get_tls_psk_context(ctx)) {
if (verify_list) {
if (!tls_postconnect_verify_cn(jcr, tls, verify_list)) {
- Qmsg1(bsock->jcr(), M_FATAL, 0, _("TLS certificate verification failed."
- " Peer certificate did not match a required commonName\n"),
- bsock->host());
+ Mmsg(bsock->errmsg, _("[%cE0018] TLS certificate verification failed."
+ " Peer certificate did not match a required commonName\n"),
+ component_code);
goto err;
}
}
tls = new_tls_connection(ctx, bsock->m_fd);
if (!tls) {
- Qmsg0(bsock->jcr(), M_FATAL, 0, _("TLS connection initialization failed.\n"));
+ Mmsg(bsock->errmsg, _("[%cE0016] TLS connection initialization failed.\n"), component_code);
return false;
}
if (get_tls_psk_context(ctx)) {
if (!psk_shared_key || !psk_set_shared_key(tls, psk_shared_key)) {
- Dmsg0(0, "Cannot setup TLS-PSK shared key\n");
- return false;
+ MmsgD1(10, bsock->errmsg, "[%cE0017] Cannot setup TLS-PSK Password\n", component_code);
+ goto err;
}
}
* certificate's CN. Otherwise, we use standard host/CN matching. */
if (verify_list) {
if (!tls_postconnect_verify_cn(jcr, tls, verify_list)) {
- Qmsg1(bsock->jcr(), M_FATAL, 0, _("TLS certificate verification failed."
- " Peer certificate did not match a required commonName\n"),
- bsock->host());
+ Mmsg(bsock->errmsg, _("[%cE0018] TLS certificate verification failed."
+ " Peer certificate did not match a required commonName\n"), component_code);
goto err;
}
} else if (!tls_postconnect_verify_host(jcr, tls, bsock->host())) {
/* If host is 127.0.0.1, try localhost */
if (strcmp(bsock->host(), "127.0.0.1") != 0 ||
!tls_postconnect_verify_host(jcr, tls, "localhost")) {
- Qmsg1(bsock->jcr(), M_FATAL, 0, _("TLS host certificate verification failed. Host name \"%s\" did not match presented certificate\n"),
- bsock->host());
+ Mmsg(bsock->errmsg, _("[%cE0018] TLS host certificate verification failed. Host name \"%s\" did not match presented certificate\n"), component_code, bsock->host());
goto err;
}
}
bool bnet_tls_server(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list,
const char *psk_shared_key)
{
- Jmsg(bsock->jcr(), M_ABORT, 0, _("TLS enabled but not configured.\n"));
+ Mmsg(bsock->errmsg, _("[%cE0019] TLS enabled but not configured.\n"), component_code);
return false;
}
bool bnet_tls_client(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list,
const char *psk_shared_key)
{
- Jmsg(bsock->jcr(), M_ABORT, 0, _("TLS enable but not configured.\n"));
+ Mmsg(bsock->errmsg, _("[%cE0019] TLS enabled but not configured.\n"), component_code);
return false;
}
if (fatal || (jcr && job_canceled(jcr))) {
goto bail_out;
}
- Dmsg4(50, "Unable to connect to %s on %s:%d. ERR=%s\n",
+ Dmsg4(50, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
name, host, port, be.bstrerror());
if (i < 0) {
i = 60 * 5; /* complain again in 5 minutes */
bmicrosleep(retry_interval, 0);
now = time(NULL);
if (begin_time + max_retry_time <= now) {
- Qmsg4(jcr, M_WARNING, 0, _("Unable to connect to %s on %s:%d. ERR=%s\n"),
- name, host, port, be.bstrerror());
+ Mmsg(errmsg, _("[%cE0009] Unable to connect to %s on %s:%d. ERR=%s\n"),
+ component_code, name, host, port, be.bstrerror());
goto bail_out;
}
}
*/
if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
/* Note errstr is not malloc'ed */
- Qmsg2(jcr, M_ERROR, 0, _("gethostbyname() for host \"%s\" failed: ERR=%s\n"),
- host, errstr);
- Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
- host, errstr);
+ MmsgD3(100, errmsg, _("[%cE0012] gethostbyname() for host \"%s\" failed: ERR=%s\n"),
+ component_code, host, errstr);
*fatal = 1;
return false;
}
#endif
default:
*fatal = 1;
- Qmsg3(jcr, M_ERROR, 0, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
- ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
- Pmsg3(300, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
- ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
+ MmsgD4(300, errmsg, _("[%cE0012] Socket open error. proto=%d port=%d. ERR=%s\n"),
+ component_code, ipaddr->get_family(), ipaddr->get_port_host_order(),
+ be.bstrerror());
break;
}
continue;
berrno be;
save_errno = errno;
*fatal = 1;
- Qmsg2(jcr, M_ERROR, 0, _("Source address bind error. proto=%d. ERR=%s\n"),
- src_addr->get_family(), be.bstrerror() );
- Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
- src_addr->get_family(), be.bstrerror() );
- if (sockfd >= 0) socketClose(sockfd);
+ MmsgD3(300, errmsg, _("[%cE0013] Source address bind error. proto=%d. ERR=%s\n"),
+ component_code, src_addr->get_family(), be.bstrerror() );
+ if (sockfd >= 0) {
+ socketClose(sockfd);
+ }
continue;
}
}
*/
if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
berrno be;
- Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
- be.bstrerror());
+ Qmsg2(jcr, M_WARNING, 0, _("[%cW0014] Cannot set SO_KEEPALIVE on socket: %s\n"),
+ component_code, be.bstrerror());
}
#if defined(TCP_KEEPIDLE)
if (heart_beat) {
int opt = heart_beat;
if (setsockopt(sockfd, SOL_TCP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
berrno be;
- Qmsg1(jcr, M_WARNING, 0, _("Cannot set TCP_KEEPIDLE on socket: %s\n"),
- be.bstrerror());
+ Qmsg2(jcr, M_WARNING, 0, _("[%cW0014] Cannot set TCP_KEEPIDLE on socket: %s\n"),
+ component_code, be.bstrerror());
}
}
#endif
/* connect to server */
if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
save_errno = errno;
- if (sockfd >= 0) socketClose(sockfd);
+ if (sockfd >= 0) {
+ socketClose(sockfd);
+ }
continue;
}
*fatal = 0;
*/
if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
berrno be;
- Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
- be.bstrerror());
+ Qmsg2(jcr, M_WARNING, 0, _("[%cW0014] Cannot set SO_KEEPALIVE on socket: %s\n"),
+ component_code, be.bstrerror());
}
fin_init(jcr, sockfd, name, host, port, ipaddr->get_sockaddr());
free_addresses(addr_list);
if (!bsock->m_duped) {
/* Shutdown tls cleanly. */
if (bsock->tls) {
- tls_bsock_shutdown(bsock);
+ if (tls_bsock_shutdown(bsock) < 0) {
+ Dmsg1(DT_NETWORK, "%s", bsock->errmsg);
+ }
free_tls_connection(bsock->tls);
bsock->tls = NULL;
}
#include "bacula.h"
#include "jcr.h"
+char component_code = 'X';
sql_insert_log p_sql_log = NULL;
sql_insert_event p_sql_event = NULL;
if (argc>0 && argv && argv[0]) {
get_path_and_fname(argv[0], &exepath, &exename);
}
+ if (strcmp(name, "bacula-dir") == 0) {
+ component_code = 'D';
+ } else if (strcmp(name, "bacula-sd") == 0) {
+ component_code = 'S';
+ } else if (strcmp(name, "bacula-fd") == 0) {
+ component_code = 'F';
+ } else if (strcmp(name, "bconsole") == 0) {
+ component_code = 'C';
+ }
}
void set_sysconfig_path(const char *file)
typedef bool (*sql_insert_log)(JCR *jcr, JobId_t jobid, utime_t mtime, char *msg);
typedef bool (*sql_insert_event)(JCR *jcr, utime_t mtime, const char *line);
+extern DLL_IMP_EXP char component_code;
extern DLL_IMP_EXP sql_insert_log p_sql_log;
extern DLL_IMP_EXP sql_insert_event p_sql_event;
/*
* Post all per-thread openssl errors
*/
+void openssl_post_errors(POOLMEM **errmsg)
+{
+ char buf[512];
+ unsigned long sslerr;
+
+ /* Pop errors off of the per-thread queue */
+ while((sslerr = ERR_get_error()) != 0) {
+ /* Acquire the human readable string */
+ ERR_error_string_n(sslerr, buf, sizeof(buf));
+#if (OPENSSL_VERSION_NUMBER > 0x10101000L) && defined(SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY)
+ if (ERR_GET_REASON(sslerr) == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY) {
+ /* Ignore this error that is SSL_shutdown() specific and is new to TLS 1.3
+ * error:14094123:SSL routines:ssl3_read_bytes:application data after close notify
+ *
+ * This happens when there is still something to read in the socket
+ * while we are doing the TLS shutdown. This can happens at multiple
+ * place but the message appears only on the DIR because at that time
+ * the connection with the DIR is often "terminated"
+ */
+ continue;
+ }
+#endif
+ pm_strcat(errmsg, buf);
+ pm_strcat(errmsg, " ");
+ }
+ pm_strcat(errmsg, "\n");
+}
+
void openssl_post_errors(JCR *jcr, int code, const char *errstring)
{
char buf[512];
while((sslerr = ERR_get_error()) != 0) {
/* Acquire the human readable string */
ERR_error_string_n(sslerr, buf, sizeof(buf));
- Dmsg3(50, "jcr=%p %s: ERR=%s\n", jcr, errstring, buf);
#if (OPENSSL_VERSION_NUMBER > 0x10101000L) && defined(SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY)
if (ERR_GET_REASON(sslerr) == SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY) {
/* Ignore this error that is SSL_shutdown() specific and is new to TLS 1.3
#ifdef HAVE_OPENSSL
void openssl_post_errors (int code, const char *errstring);
+void openssl_post_errors (POOLMEM **errmsg);
void openssl_post_errors (JCR *jcr, int code, const char *errstring);
#endif /* HAVE_OPENSSL */
bool tls_bsock_probe (BSOCKCORE *bsock);
#endif /* HAVE_TLS */
bool tls_bsock_connect (BSOCK *bsock);
-void tls_bsock_shutdown (BSOCKCORE *bsock);
+int tls_bsock_shutdown (BSOCKCORE *bsock);
void free_tls_connection (TLS_CONNECTION *tls);
bool get_tls_require (TLS_CONTEXT *ctx);
bool get_tls_enable (TLS_CONTEXT *ctx);
goto cleanup;
case SSL_ERROR_ZERO_RETURN:
/* TLS connection was cleanly shut down */
- openssl_post_errors(bsock->get_jcr(), M_FATAL, _("Connect failure"));
+ Mmsg(bsock->errmsg, _("[%cE0018] TLS Connect failure ERR="), component_code);
+ openssl_post_errors(&bsock->errmsg);
stat = false;
goto cleanup;
case SSL_ERROR_WANT_READ:
break;
default:
/* Socket Error Occurred */
- openssl_post_errors(bsock->get_jcr(), M_FATAL, _("Connect failure"));
+ Mmsg(bsock->errmsg, _("[%cE0018] TLS Connect failure. Check the passwords. ERR="), component_code);
+ openssl_post_errors(&bsock->errmsg);
stat = false;
goto cleanup;
}
/*
* Shutdown TLS_CONNECTION instance
*/
-void tls_bsock_shutdown(BSOCKCORE *bsock)
+int tls_bsock_shutdown(BSOCKCORE *bsock)
{
/*
* SSL_shutdown must be called twice to fully complete the process -
break;
case SSL_ERROR_ZERO_RETURN:
/* TLS connection was shut down on us via a TLS protocol-level closure */
- openssl_post_errors(bsock->get_jcr(), M_ERROR, _("TLS shutdown failure."));
+ Mmsg(bsock->errmsg, _("[%cW0019] TLS shutdown failure ERR="), component_code);
+ openssl_post_errors(&bsock->errmsg);
+ err = -1;
break;
default:
/* Socket Error Occurred */
- openssl_post_errors(bsock->get_jcr(), M_ERROR, _("TLS shutdown failure."));
+ Mmsg(bsock->errmsg, _("[%cW0019] TLS shutdown failure ERR="), component_code);
+ openssl_post_errors(&bsock->errmsg);
+ err = -1;
break;
}
}
+ return err;
}
/* Does all the manual labor for tls_bsock_readn() and tls_bsock_writen() */
/* destroy() OK because cl is local */
cl->destroy();
pm_strcpy(jcr->errmsg, dir->msg);
- Jmsg(jcr, M_FATAL, 0, _("Bad client command: %s"), jcr->errmsg);
+ Jmsg(jcr, M_FATAL, 0, _("[SE0011] Bad client command: %s"), jcr->errmsg);
Dmsg1(050, "Bad client command: %s", jcr->errmsg);
goto bail_out;
}
if (!cl->connect(jcr, 10, (int)me->ClientConnectTimeout, me->heartbeat_interval,
_("Client daemon"), jcr->client_addr, NULL, jcr->client_port, 1)) {
/* destroy() OK because cl is local */
- cl->destroy();
- Jmsg(jcr, M_FATAL, 0, _("[SF0102] Failed to connect to Client daemon: %s:%d\n"),
- jcr->client_addr, jcr->client_port);
+ Jmsg(jcr, M_FATAL, 0, "%s", cl->errmsg);
Dmsg2(100, "Failed to connect to Client daemon: %s:%d\n",
jcr->client_addr, jcr->client_port);
+ cl->destroy();
goto bail_out;
}
projects / thirdparty / bacula.git / commitdiff
