Heres a snippet of the code I use:
_recv() is a protocol compliant function just used to get the length and
return the real data. Same for _send. The rest should make some sense.
The important bit is how the base64 is implemented.
This code works to authenticate as a director (we actually use this to
perform backup estimates for 3000+ clients from a centralized point and
record the results),
or if you so prefer with minor modification it will work as a bconsole
client which we also use for job removal. Change the hello string to
*UserAgent*
and some other minor stuff and off you go.
def Auth():
""" Authenticate against bacula-fd client. Protocol isnt
clear but i've based this off of the bacula developer docs.
it uses a hmac-md5 of the password and the client sends
its challenge response request to use in a <.+> string which we send
back as base64 encoded as part of the challenge.
Bacula-fd client returns a "1000 OK auth" on
confirmation or a 1999 Authentication failed on failure """
self._send("Hello Director %s calling" % (self.me,))
# this is effectively our username
challenge = self._recv()
# Receive the challenge response
m = re.search("auth cram-md5 (<.+?>)", challenge)
# parse the challenge out of the returned string
chal = m.group(1)
######
auth = base64.b64encode(hmac.new(self.password,
chal).digest()) # hmac and base64 encode the request
######
self._send(auth[:-2])
# b64 adds two "==" that we eliminate before sending
result = self._recv()
# receive response
if result != "1000 OK auth\n":
raise ValueError("Authentication Failed %s" %
(result,))# failed
self._send("auth cram-md5 <%d.%d@%s> ssl=0\n" %
(random.randint(1,99999999), int(time.time()), self.me)) # send our
challenge response
self._recv()
# get the response back
self._send("1000 OK auth\n")
# Dont even check the response here!
# This is basically cheating the protocol spec! :-)
data = self._recv()
if not re.match("2000 OK Hello(\s+[0-9]+)?\n",data):
# auth complete
raise ValueError("Unexpected packet received %s"
% (data,))
self.auth = True
On Thu, 2011-01-27 at 14:59 +0100, Nabil Servais wrote:
> I update my code, I think I manage to use the same algorithms of
> bacula for the challenge but result between my code and bconsole is a
> bite different. I don't understand why.
>
> For example :
>
> challenge send by the server :
> <2014017250.1296136483@eole-laptop-dir>
>
> and the response of bconsole:
>
> dg5j55++v+1Dx//+i7+YMC
>
> Result with my script :
>
> dg5j5pe+v+1DxPD+i76YMg
>
> What's wrong and where?
>
> On Wed, Jan 26, 2011 at 16:14, Rory Campbell-Lange
> <r...@campbell-lange.net> wrote:
> > On 26/01/11, Nabil Servais (nabil.serv...@gmail.com) wrote:
> >> I try to implements bacula protocol in python.
> >>
> >> I have some difficulites about the digest challenge. And I'm not an expert
> >> in C.
> >>
> >> My code : http://pastebin.com/pX9HdC1q
> >
> > I haven't had a chance to look at your code, but the results for the md5
> > hashes in Bacula's catalogues are base64 encoded. You may find the
> > attachment helpful.
> >
> > Regards
> > Rory
> > --
> > Rory Campbell-Lange
> > r...@campbell-lange.net
> >
> > Campbell-Lange Workshop
> > www.campbell-lange.net
> > 0207 6311 555
> > 3 Tottenham Street London W1T 2AF
> > Registered in England No. 04551928
> >
> ------------------------------------------------------------------------------
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> http://p.sf.net/sfu/arcsight-sfd2d
> _______________________________________________ Bacula-devel mailing list
> Bacula-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bacula-devel
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Bacula-devel mailing list
Bacula-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-devel
