Heres a snippet of the code I use:
_recv() is a protocol compliant function just used to get the length and
return the real data. Same for _send. The rest should make some sense.
The important bit is how the base64 is implemented.
This code works to authenticate as a director (we actually use this to
perform backup estimates for 3000+ clients from a centralized point and
record the results),
or if you so prefer with minor modification it will work as a bconsole
client which we also use for job removal. Change the hello string to
and some other minor stuff and off you go.
""" Authenticate against bacula-fd client. Protocol isnt
clear but i've based this off of the bacula developer docs.
it uses a hmac-md5 of the password and the client sends
its challenge response request to use in a <.+> string which we send
back as base64 encoded as part of the challenge.
Bacula-fd client returns a "1000 OK auth" on
confirmation or a 1999 Authentication failed on failure """
self._send("Hello Director %s calling" % (self.me,))
# this is effectively our username
challenge = self._recv()
# Receive the challenge response
m = re.search("auth cram-md5 (<.+?>)", challenge)
# parse the challenge out of the returned string
chal = m.group(1)
auth = base64.b64encode(hmac.new(self.password,
chal).digest()) # hmac and base64 encode the request
# b64 adds two "==" that we eliminate before sending
result = self._recv()
# receive response
if result != "1000 OK auth\n":
raise ValueError("Authentication Failed %s" %
self._send("auth cram-md5 <%d.%d@...> ssl=0\n" %
(random.randint(1,99999999), int(time.time()), self.me)) # send our
# get the response back
self._send("1000 OK auth\n")
# Dont even check the response here!
# This is basically cheating the protocol spec! :-)
data = self._recv()
if not re.match("2000 OK Hello(\s+[0-9]+)?\n",data):
# auth complete
raise ValueError("Unexpected packet received %s"
self.auth = True
On Thu, 2011-01-27 at 14:59 +0100, Nabil Servais wrote:
> I update my code, I think I manage to use the same algorithms of
> bacula for the challenge but result between my code and bconsole is a
> bite different. I don't understand why.
> For example :
> challenge send by the server :
> and the response of bconsole:
> Result with my script :
> What's wrong and where?
> On Wed, Jan 26, 2011 at 16:14, Rory Campbell-Lange
> <rory@...> wrote:
> > On 26/01/11, Nabil Servais (nabil.servais@...) wrote:
> >> I try to implements bacula protocol in python.
> >> I have some difficulites about the digest challenge. And I'm not an expert in C.
> >> My code : http://pastebin.com/pX9HdC1q
> > I haven't had a chance to look at your code, but the results for the md5
> > hashes in Bacula's catalogues are base64 encoded. You may find the
> > attachment helpful.
> > Regards
> > Rory
> > --
> > Rory Campbell-Lange
> > rory@...
> > Campbell-Lange Workshop
> > http://www.campbell-lange.net
> > 0207 6311 555
> > 3 Tottenham Street London W1T 2AF
> > Registered in England No. 04551928
> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
> Finally, a world-class log management solution at an even better price-free!
> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
> February 28th, so secure your free ArcSight Logger TODAY!
> _______________________________________________ Bacula-devel mailing list Bacula-devel@... https://lists.sourceforge.net/lists/listinfo/bacula-devel