def _cram_md5_challenge(self,
clientname,
password,
tls_local_need=0,
compatible=True):
'''
client launch the challenge,
client confirm the dir is the correct director
'''
# get the timestamp
# here is the console
# to confirm the director so can do this on bconsole`way
rand = random.randint(1000000000, 9999999999)
#chal = "<%u.%u@%s>" %(rand, int(time.time()), self.dirname)
chal = '<%u.%u@%s>' % (rand, int(time.time()), clientname)
msg = bytearray('auth cram-md5 %s ssl=%d\n' % (chal, tls_local_need),
'utf-8')
# send the confirmation
self.send(msg)
# get the response
msg = self.recv()
if msg[-1] == 0:
del msg[-1]
self.logger.debug("received: " + str(msg))
# hash with password
hmac_md5 = hmac.new(bytes(bytearray(password, 'utf-8')), None,
hashlib.md5)
hmac_md5.update(bytes(bytearray(chal, 'utf-8')))
bbase64compatible = BareosBase64().string_to_base64(
bytearray(hmac_md5.digest()), True)
bbase64notcompatible = BareosBase64().string_to_base64(
bytearray(hmac_md5.digest()), False)
self.logger.debug("string_to_base64, compatible: " +
str(bbase64compatible))
self.logger.debug("string_to_base64, not compatible: " +
str(bbase64notcompatible))
is_correct = ((msg == bbase64compatible)
or (msg == bbase64notcompatible))
# check against compatible base64 and Bareos specific base64
if is_correct:
self.send(ProtocolMessages.auth_ok())
else:
self.logger.error("expected result: %s or %s, but get %s" %
(bbase64compatible, bbase64notcompatible, msg))
self.send(ProtocolMessages.auth_failed())
# check the response is equal to base64
return is_correct
def _cram_md5_respond(self, password, tls_remote_need=0, compatible=True):
'''
client connect to dir,
the dir confirm the password and the config is correct
'''
# receive from the director
chal = ""
ssl = 0
result = False
msg = ""
try:
msg = self.recv()
except RuntimeError:
self.logger.error("RuntimeError exception in recv")
return (0, True, False)
# invalid username
if ProtocolMessages.is_not_authorized(msg):
self.logger.error("failed: " + str(msg))
return (0, True, False)
# check the receive message
self.logger.debug("(recv): " + str(msg).rstrip())
msg_list = msg.split(b' ')
chal = msg_list[2]
# get th timestamp and the tle info from director response
ssl = int(msg_list[3][4])
compatible = True
# hmac chal and the password
hmac_md5 = hmac.new(bytes(bytearray(password, 'utf-8')), None,
hashlib.md5)
hmac_md5.update(bytes(chal))
# base64 encoding
msg = BareosBase64().string_to_base64(bytearray(hmac_md5.digest()))
# send the base64 encoding to director
self.send(msg)
received = self.recv()
if ProtocolMessages.is_auth_ok(received):
result = True
else:
self.logger.error("failed: " + str(received))
return (ssl, compatible, result)
#!/usr/bin/env python
import os
import io
import argparse
import logging
from bareos.util.bareosbase64 import BareosBase64
from bacula.db.schema import Schema, Job, Media
from sqlalchemy.orm import lazyload, joinedload
from sets import Set
log = logging.getLogger(__name__)
b64 = BareosBase64()
class ArchiveDump():
def __init__(self, config):
self.schema = Schema(config, debug=False)
self.session = self.schema.get_session()
self.manifest_template = config.get
def get_job(self, jobid, args):
log.debug("Calling with pattern[%s]", jobid)
job = self.session.query(Job).options(
lazyload('*'), ).filter(Job.jobid == jobid).first()
return job
def main(args, config=False):