3 * Bacula Director daemon -- this is the main program
5 * Kern Sibbald, March MM
10 Bacula® - The Network Backup Solution
12 Copyright (C) 2000-2006 Free Software Foundation Europe e.V.
14 The main author of Bacula is Kern Sibbald, with contributions from
15 many others, a complete list can be found in the file AUTHORS.
16 This program is Free Software; you can redistribute it and/or
17 modify it under the terms of version two of the GNU General Public
18 License as published by the Free Software Foundation plus additions
19 that are listed in the file LICENSE.
21 This program is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program; if not, write to the Free Software
28 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
31 Bacula® is a registered trademark of John Walker.
32 The licensor of Bacula is the Free Software Foundation Europe
33 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
34 Switzerland, email:ftf@fsfeurope.org.
40 /* Forward referenced subroutines */
41 void terminate_dird(int sig);
42 static int check_resources();
43 static void dir_sql_query(JCR *jcr, const char *cmd);
45 /* Exported subroutines */
46 extern "C" void reload_config(int sig);
47 extern void invalidate_schedules();
50 /* Imported subroutines */
51 JCR *wait_for_next_job(char *runjob);
52 void term_scheduler();
53 void term_ua_server();
54 void start_UA_server(dlist *addrs);
55 void init_job_server(int max_workers);
56 void term_job_server();
57 void store_jobtype(LEX *lc, RES_ITEM *item, int index, int pass);
58 void store_level(LEX *lc, RES_ITEM *item, int index, int pass);
59 void store_replace(LEX *lc, RES_ITEM *item, int index, int pass);
60 void init_device_resources();
62 static char *runjob = NULL;
63 static int background = 1;
64 static void init_reload(void);
66 /* Globals Exported */
67 DIRRES *director; /* Director resource */
70 char *configfile = NULL;
72 /* Globals Imported */
73 extern int r_first, r_last; /* first and last resources */
74 extern RES_TABLE resources[];
75 extern RES **res_head;
76 extern RES_ITEM job_items[];
79 extern "C" { // work around visual compiler mangling variables
86 #define CONFIG_FILE "bacula-dir.conf" /* default configuration file */
92 "\nVersion: %s (%s)\n\n"
93 "Usage: dird [-f -s] [-c config_file] [-d debug_level] [config_file]\n"
94 " -c <file> set configuration file to file\n"
95 " -dnn set debug level to nn\n"
96 " -f run in foreground (for debugging)\n"
98 " -r <job> run <job> now\n"
100 " -t test - read configuration and exit\n"
102 " -v verbose user messages\n"
103 " -? print this message.\n"
104 "\n"), 2000, VERSION, BDATE);
110 /*********************************************************************
112 * Main Bacula Server program
115 #if defined(HAVE_WIN32)
116 #define main BaculaMain
119 int main (int argc, char *argv[])
123 int no_signals = FALSE;
124 int test_config = FALSE;
128 setlocale(LC_ALL, "");
129 bindtextdomain("bacula", LOCALEDIR);
130 textdomain("bacula");
133 my_name_is(argc, argv, "bacula-dir");
134 init_msg(NULL, NULL); /* initialize message handler */
136 daemon_start_time = time(NULL);
138 while ((ch = getopt(argc, argv, "c:d:fg:r:stu:v?")) != -1) {
140 case 'c': /* specify config file */
141 if (configfile != NULL) {
144 configfile = bstrdup(optarg);
147 case 'd': /* set debug level */
148 debug_level = atoi(optarg);
149 if (debug_level <= 0) {
152 Dmsg1(0, "Debug level = %d\n", debug_level);
155 case 'f': /* run in foreground */
159 case 'g': /* set group id */
163 case 'r': /* run job */
164 if (runjob != NULL) {
168 runjob = bstrdup(optarg);
172 case 's': /* turn off signals */
176 case 't': /* test config */
180 case 'u': /* set uid */
184 case 'v': /* verbose */
198 init_signals(terminate_dird);
202 if (configfile != NULL) {
205 configfile = bstrdup(*argv);
213 if (configfile == NULL) {
214 configfile = bstrdup(CONFIG_FILE);
217 parse_config(configfile);
219 if (init_crypto() != 0) {
220 Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
223 if (!check_resources()) {
224 Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile);
231 my_name_is(0, NULL, director->name()); /* set user defined name */
233 /* Plug database interface for library routines */
234 p_sql_query = (sql_query)dir_sql_query;
235 p_sql_escape = (sql_escape)db_escape_string;
237 FDConnectTimeout = (int)director->FDConnectTimeout;
238 SDConnectTimeout = (int)director->SDConnectTimeout;
242 init_stack_dump(); /* grab new pid */
245 /* Create pid must come after we are a daemon -- so we have our final pid */
246 create_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
247 read_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
249 drop(uid, gid); /* reduce priveleges if requested */
251 #if !defined(HAVE_WIN32)
252 signal(SIGHUP, reload_config);
255 init_console_msg(working_directory);
257 init_python_interpreter(director->name(), director->scripts_directory,
260 set_thread_concurrency(director->MaxConcurrentJobs * 2 +
261 4 /* UA */ + 4 /* sched+watchdog+jobsvr+misc */);
263 Dmsg0(200, "Start UA server\n");
264 start_UA_server(director->DIRaddrs);
266 start_watchdog(); /* start network watchdog thread */
268 init_jcr_subsystem(); /* start JCR watchdogs etc. */
270 init_job_server(director->MaxConcurrentJobs);
272 Dmsg0(200, "wait for next job\n");
273 /* Main loop -- call scheduler to get next job to run */
274 while ( (jcr = wait_for_next_job(runjob)) ) {
275 run_job(jcr); /* run job */
276 free_jcr(jcr); /* release jcr */
277 if (runjob) { /* command line, run a single job? */
278 break; /* yes, terminate */
287 static void dir_sql_query(JCR *jcr, const char *cmd)
289 if (!jcr || !jcr->db) {
292 db_sql_query(jcr->db, cmd, NULL, NULL);
295 /* Cleanup and then exit */
296 void terminate_dird(int sig)
298 static bool already_here = false;
300 if (already_here) { /* avoid recursive temination problems */
304 generate_daemon_event(NULL, "Exit");
305 write_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
306 delete_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
307 // signal(SIGCHLD, SIG_IGN); /* don't worry about children now */
313 if (configfile != NULL) {
316 if (debug_level > 5) {
317 print_memory_pool_stats();
319 free_config_resources();
321 term_msg(); /* terminate message handler */
324 close_memory_pool(); /* release free memory in pool */
329 struct RELOAD_TABLE {
334 static const int max_reloads = 32;
335 static RELOAD_TABLE reload_table[max_reloads];
337 static void init_reload(void)
339 for (int i=0; i < max_reloads; i++) {
340 reload_table[i].job_count = 0;
341 reload_table[i].res_table = NULL;
345 static void free_saved_resources(int table)
347 int num = r_last - r_first + 1;
348 RES **res_tab = reload_table[table].res_table;
350 Dmsg1(100, "res_tab for table %d already released.\n", table);
353 Dmsg1(100, "Freeing resources for table %d\n", table);
354 for (int j=0; j<num; j++) {
355 free_resource(res_tab[j], r_first + j);
358 reload_table[table].job_count = 0;
359 reload_table[table].res_table = NULL;
363 * Called here at the end of every job that was
364 * hooked decrementing the active job_count. When
365 * it goes to zero, no one is using the associated
366 * resource table, so free it.
368 static void reload_job_end_cb(JCR *jcr, void *ctx)
370 int reload_id = (int)((long int)ctx);
371 Dmsg3(100, "reload job_end JobId=%d table=%d cnt=%d\n", jcr->JobId,
372 reload_id, reload_table[reload_id].job_count);
375 if (--reload_table[reload_id].job_count <= 0) {
376 free_saved_resources(reload_id);
382 static int find_free_reload_table_entry()
385 for (int i=0; i < max_reloads; i++) {
386 if (reload_table[i].res_table == NULL) {
395 * If we get here, we have received a SIGHUP, which means to
396 * reread our configuration file.
398 * The algorithm used is as follows: we count how many jobs are
399 * running and mark the running jobs to make a callback on
400 * exiting. The old config is saved with the reload table
401 * id in a reload table. The new config file is read. Now, as
402 * each job exits, it calls back to the reload_job_end_cb(), which
403 * decrements the count of open jobs for the given reload table.
404 * When the count goes to zero, we release those resources.
405 * This allows us to have pointers into the resource table (from
406 * jobs), and once they exit and all the pointers are released, we
407 * release the old table. Note, if no new jobs are running since the
408 * last reload, then the old resources will be immediately release.
409 * A console is considered a job because it may have pointers to
410 * resources, but a SYSTEM job is not since it *should* not have any
411 * permanent pointers to jobs.
414 void reload_config(int sig)
416 static bool already_here = false;
417 #if !defined(HAVE_WIN32)
421 int njobs = 0; /* number of running jobs */
426 abort(); /* Oops, recursion -> die */
430 #if !defined(HAVE_WIN32)
432 sigaddset(&set, SIGHUP);
433 sigprocmask(SIG_BLOCK, &set, NULL);
439 table = find_free_reload_table_entry();
441 Jmsg(NULL, M_ERROR, 0, _("Too many open reload requests. Request ignored.\n"));
445 Dmsg1(100, "Reload_config njobs=%d\n", njobs);
446 reload_table[table].res_table = save_config_resources();
447 Dmsg1(100, "Saved old config in table %d\n", table);
449 ok = parse_config(configfile, 0, M_ERROR); /* no exit on error */
451 Dmsg0(100, "Reloaded config file\n");
452 if (!ok || !check_resources()) {
453 rtable = find_free_reload_table_entry(); /* save new, bad table */
455 Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
456 Jmsg(NULL, M_ERROR_TERM, 0, _("Out of reload table entries. Giving up.\n"));
458 Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
459 Jmsg(NULL, M_ERROR, 0, _("Resetting previous configuration.\n"));
461 reload_table[rtable].res_table = save_config_resources();
462 /* Now restore old resoure values */
463 int num = r_last - r_first + 1;
464 RES **res_tab = reload_table[table].res_table;
465 for (int i=0; i<num; i++) {
466 res_head[i] = res_tab[i];
468 table = rtable; /* release new, bad, saved table below */
470 invalidate_schedules();
472 * Hook all active jobs so that they release this table
475 if (jcr->JobType != JT_SYSTEM) {
476 reload_table[table].job_count++;
477 job_end_push(jcr, reload_job_end_cb, (void *)((long int)table));
485 set_working_directory(director->working_directory);
486 FDConnectTimeout = director->FDConnectTimeout;
487 SDConnectTimeout = director->SDConnectTimeout;
488 Dmsg0(0, "Director's configuration file reread.\n");
490 /* Now release saved resources, if no jobs using the resources */
492 free_saved_resources(table);
498 #if !defined(HAVE_WIN32)
499 sigprocmask(SIG_UNBLOCK, &set, NULL);
500 signal(SIGHUP, reload_config);
502 already_here = false;
506 * Make a quick check to see that we have all the
509 * **** FIXME **** this routine could be a lot more
510 * intelligent and comprehensive.
512 static int check_resources()
519 job = (JOB *)GetNextRes(R_JOB, NULL);
520 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
522 Jmsg(NULL, M_FATAL, 0, _("No Director resource defined in %s\n"
523 "Without that I don't know who I am :-(\n"), configfile);
526 set_working_directory(director->working_directory);
527 if (!director->messages) { /* If message resource not specified */
528 director->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
529 if (!director->messages) {
530 Jmsg(NULL, M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
534 if (GetNextRes(R_DIRECTOR, (RES *)director) != NULL) {
535 Jmsg(NULL, M_FATAL, 0, _("Only one Director resource permitted in %s\n"),
539 /* tls_require implies tls_enable */
540 if (director->tls_require) {
542 director->tls_enable = true;
544 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
549 if (!director->tls_certfile && director->tls_enable) {
550 Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
551 director->name(), configfile);
555 if (!director->tls_keyfile && director->tls_enable) {
556 Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
557 director->name(), configfile);
561 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
562 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
563 " Certificate Dir\" are defined for Director \"%s\" in %s."
564 " At least one CA certificate store is required"
565 " when using \"TLS Verify Peer\".\n"),
566 director->name(), configfile);
570 /* If everything is well, attempt to initialize our per-resource TLS context */
571 if (OK && (director->tls_enable || director->tls_require)) {
572 /* Initialize TLS context:
573 * Args: CA certfile, CA certdir, Certfile, Keyfile,
574 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
575 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
576 director->tls_ca_certdir, director->tls_certfile,
577 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
578 director->tls_verify_peer);
580 if (!director->tls_ctx) {
581 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
582 director->name(), configfile);
589 Jmsg(NULL, M_FATAL, 0, _("No Job records defined in %s\n"), configfile);
592 foreach_res(job, R_JOB) {
596 /* Handle Storage alists specifically */
597 JOB *jobdefs = job->jobdefs;
598 if (jobdefs->storage && !job->storage) {
600 job->storage = New(alist(10, not_owned_by_alist));
601 foreach_alist(st, jobdefs->storage) {
602 job->storage->append(st);
605 /* Handle RunScripts alists specifically */
606 if (jobdefs->RunScripts) {
609 if (!job->RunScripts) {
610 job->RunScripts = New(alist(10, not_owned_by_alist));
613 foreach_alist(rs, jobdefs->RunScripts) {
614 elt = copy_runscript(rs);
615 job->RunScripts->append(elt); /* we have to free it */
619 /* Transfer default items from JobDefs Resource */
620 for (i=0; job_items[i].name; i++) {
621 char **def_svalue, **svalue; /* string value */
622 int *def_ivalue, *ivalue; /* integer value */
623 bool *def_bvalue, *bvalue; /* bool value */
624 int64_t *def_lvalue, *lvalue; /* 64 bit values */
627 Dmsg4(1400, "Job \"%s\", field \"%s\" bit=%d def=%d\n",
628 job->name(), job_items[i].name,
629 bit_is_set(i, job->hdr.item_present),
630 bit_is_set(i, job->jobdefs->hdr.item_present));
632 if (!bit_is_set(i, job->hdr.item_present) &&
633 bit_is_set(i, job->jobdefs->hdr.item_present)) {
634 Dmsg2(400, "Job \"%s\", field \"%s\": getting default.\n",
635 job->name(), job_items[i].name);
636 offset = (char *)(job_items[i].value) - (char *)&res_all;
638 * Handle strings and directory strings
640 if (job_items[i].handler == store_str ||
641 job_items[i].handler == store_dir) {
642 def_svalue = (char **)((char *)(job->jobdefs) + offset);
643 Dmsg5(400, "Job \"%s\", field \"%s\" def_svalue=%s item %d offset=%u\n",
644 job->name(), job_items[i].name, *def_svalue, i, offset);
645 svalue = (char **)((char *)job + offset);
647 Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue);
649 *svalue = bstrdup(*def_svalue);
650 set_bit(i, job->hdr.item_present);
654 } else if (job_items[i].handler == store_res) {
655 def_svalue = (char **)((char *)(job->jobdefs) + offset);
656 Dmsg4(400, "Job \"%s\", field \"%s\" item %d offset=%u\n",
657 job->name(), job_items[i].name, i, offset);
658 svalue = (char **)((char *)job + offset);
660 Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue);
662 *svalue = *def_svalue;
663 set_bit(i, job->hdr.item_present);
665 * Handle alist resources
667 } else if (job_items[i].handler == store_alist_res) {
668 if (bit_is_set(i, job->jobdefs->hdr.item_present)) {
669 set_bit(i, job->hdr.item_present);
672 * Handle integer fields
673 * Note, our store_bit does not handle bitmaped fields
675 } else if (job_items[i].handler == store_bit ||
676 job_items[i].handler == store_pint ||
677 job_items[i].handler == store_jobtype ||
678 job_items[i].handler == store_level ||
679 job_items[i].handler == store_pint ||
680 job_items[i].handler == store_replace) {
681 def_ivalue = (int *)((char *)(job->jobdefs) + offset);
682 Dmsg5(400, "Job \"%s\", field \"%s\" def_ivalue=%d item %d offset=%u\n",
683 job->name(), job_items[i].name, *def_ivalue, i, offset);
684 ivalue = (int *)((char *)job + offset);
685 *ivalue = *def_ivalue;
686 set_bit(i, job->hdr.item_present);
688 * Handle 64 bit integer fields
690 } else if (job_items[i].handler == store_time ||
691 job_items[i].handler == store_size ||
692 job_items[i].handler == store_int64) {
693 def_lvalue = (int64_t *)((char *)(job->jobdefs) + offset);
694 Dmsg5(400, "Job \"%s\", field \"%s\" def_lvalue=%" lld " item %d offset=%u\n",
695 job->name(), job_items[i].name, *def_lvalue, i, offset);
696 lvalue = (int64_t *)((char *)job + offset);
697 *lvalue = *def_lvalue;
698 set_bit(i, job->hdr.item_present);
702 } else if (job_items[i].handler == store_bool) {
703 def_bvalue = (bool *)((char *)(job->jobdefs) + offset);
704 Dmsg5(400, "Job \"%s\", field \"%s\" def_bvalue=%d item %d offset=%u\n",
705 job->name(), job_items[i].name, *def_bvalue, i, offset);
706 bvalue = (bool *)((char *)job + offset);
707 *bvalue = *def_bvalue;
708 set_bit(i, job->hdr.item_present);
714 * Ensure that all required items are present
716 for (i=0; job_items[i].name; i++) {
717 if (job_items[i].flags & ITEM_REQUIRED) {
718 if (!bit_is_set(i, job->hdr.item_present)) {
719 Jmsg(NULL, M_FATAL, 0, _("\"%s\" directive in Job \"%s\" resource is required, but not found.\n"),
720 job_items[i].name, job->name());
724 /* If this triggers, take a look at lib/parse_conf.h */
725 if (i >= MAX_RES_ITEMS) {
726 Emsg0(M_ERROR_TERM, 0, _("Too many items in Job resource\n"));
729 if (!job->storage && !job->pool->storage) {
730 Jmsg(NULL, M_FATAL, 0, _("No storage specified in Job \"%s\" nor in Pool.\n"),
734 } /* End loop over Job res */
736 /* Loop over databases */
738 foreach_res(catalog, R_CATALOG) {
741 * Make sure we can open catalog, otherwise print a warning
742 * message because the server is probably not running.
744 db = db_init_database(NULL, catalog->db_name, catalog->db_user,
745 catalog->db_password, catalog->db_address,
746 catalog->db_port, catalog->db_socket,
747 catalog->mult_db_connections);
748 if (!db || !db_open_database(NULL, db)) {
749 Jmsg(NULL, M_FATAL, 0, _("Could not open Catalog \"%s\", database \"%s\".\n"),
750 catalog->name(), catalog->db_name);
752 Jmsg(NULL, M_FATAL, 0, _("%s"), db_strerror(db));
758 /* Loop over all pools, defining/updating them in each database */
760 foreach_res(pool, R_POOL) {
761 create_pool(NULL, db, pool, POOL_OP_UPDATE); /* update request */
765 foreach_res(store, R_STORAGE) {
768 if (store->media_type) {
769 bstrncpy(mr.MediaType, store->media_type, sizeof(mr.MediaType));
771 db_create_mediatype_record(NULL, db, &mr);
775 bstrncpy(sr.Name, store->name(), sizeof(sr.Name));
776 sr.AutoChanger = store->autochanger;
777 db_create_storage_record(NULL, db, &sr);
778 store->StorageId = sr.StorageId; /* set storage Id */
779 if (!sr.created) { /* if not created, update it */
780 db_update_storage_record(NULL, db, &sr);
783 /* tls_require implies tls_enable */
784 if (store->tls_require) {
786 store->tls_enable = true;
788 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
793 if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) {
794 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
795 " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"),
796 store->name(), configfile);
800 /* If everything is well, attempt to initialize our per-resource TLS context */
801 if (OK && (store->tls_enable || store->tls_require)) {
802 /* Initialize TLS context:
803 * Args: CA certfile, CA certdir, Certfile, Keyfile,
804 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
805 store->tls_ctx = new_tls_context(store->tls_ca_certfile,
806 store->tls_ca_certdir, store->tls_certfile,
807 store->tls_keyfile, NULL, NULL, NULL, true);
809 if (!store->tls_ctx) {
810 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"),
811 store->name(), configfile);
817 /* Loop over all counters, defining them in each database */
818 /* Set default value in all counters */
820 foreach_res(counter, R_COUNTER) {
821 /* Write to catalog? */
822 if (!counter->created && counter->Catalog == catalog) {
824 bstrncpy(cr.Counter, counter->name(), sizeof(cr.Counter));
825 cr.MinValue = counter->MinValue;
826 cr.MaxValue = counter->MaxValue;
827 cr.CurrentValue = counter->MinValue;
828 if (counter->WrapCounter) {
829 bstrncpy(cr.WrapCounter, counter->WrapCounter->name(), sizeof(cr.WrapCounter));
831 cr.WrapCounter[0] = 0; /* empty string */
833 if (db_create_counter_record(NULL, db, &cr)) {
834 counter->CurrentValue = cr.CurrentValue;
835 counter->created = true;
836 Dmsg2(100, "Create counter %s val=%d\n", counter->name(), counter->CurrentValue);
839 if (!counter->created) {
840 counter->CurrentValue = counter->MinValue; /* default value */
843 db_close_database(NULL, db);
846 /* Loop over Consoles */
848 foreach_res(cons, R_CONSOLE) {
849 /* tls_require implies tls_enable */
850 if (cons->tls_require) {
852 cons->tls_enable = true;
854 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
860 if (!cons->tls_certfile && cons->tls_enable) {
861 Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"),
862 cons->name(), configfile);
866 if (!cons->tls_keyfile && cons->tls_enable) {
867 Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"),
868 cons->name(), configfile);
872 if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) && cons->tls_enable && cons->tls_verify_peer) {
873 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
874 " Certificate Dir\" are defined for Console \"%s\" in %s."
875 " At least one CA certificate store is required"
876 " when using \"TLS Verify Peer\".\n"),
877 cons->name(), configfile);
880 /* If everything is well, attempt to initialize our per-resource TLS context */
881 if (OK && (cons->tls_enable || cons->tls_require)) {
882 /* Initialize TLS context:
883 * Args: CA certfile, CA certdir, Certfile, Keyfile,
884 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
885 cons->tls_ctx = new_tls_context(cons->tls_ca_certfile,
886 cons->tls_ca_certdir, cons->tls_certfile,
887 cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer);
889 if (!cons->tls_ctx) {
890 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
891 cons->name(), configfile);
898 /* Loop over Clients */
900 foreach_res(client, R_CLIENT) {
901 /* tls_require implies tls_enable */
902 if (client->tls_require) {
904 client->tls_enable = true;
906 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
912 if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && client->tls_enable) {
913 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
914 " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"),
915 client->name(), configfile);
919 /* If everything is well, attempt to initialize our per-resource TLS context */
920 if (OK && (client->tls_enable || client->tls_require)) {
921 /* Initialize TLS context:
922 * Args: CA certfile, CA certdir, Certfile, Keyfile,
923 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
924 client->tls_ctx = new_tls_context(client->tls_ca_certfile,
925 client->tls_ca_certdir, client->tls_certfile,
926 client->tls_keyfile, NULL, NULL, NULL,
929 if (!client->tls_ctx) {
930 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
931 client->name(), configfile);
939 close_msg(NULL); /* close temp message handler */
940 init_msg(NULL, director->messages); /* open daemon message handler */