3 * Bacula Director daemon -- this is the main program
5 * Kern Sibbald, March MM
10 Copyright (C) 2000-2006 Kern Sibbald
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License
14 version 2 as amended with additional clauses defined in the
15 file LICENSE in the main source directory.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 the file LICENSE for additional details.
27 /* Forward referenced subroutines */
28 void terminate_dird(int sig);
29 static int check_resources();
30 static void dir_sql_query(JCR *jcr, const char *cmd);
32 /* Exported subroutines */
33 extern "C" void reload_config(int sig);
34 extern void invalidate_schedules();
37 /* Imported subroutines */
38 JCR *wait_for_next_job(char *runjob);
39 void term_scheduler();
40 void term_ua_server();
41 void start_UA_server(dlist *addrs);
42 void init_job_server(int max_workers);
43 void term_job_server();
44 void store_jobtype(LEX *lc, RES_ITEM *item, int index, int pass);
45 void store_level(LEX *lc, RES_ITEM *item, int index, int pass);
46 void store_replace(LEX *lc, RES_ITEM *item, int index, int pass);
47 void init_device_resources();
49 static char *runjob = NULL;
50 static int background = 1;
51 static void init_reload(void);
53 /* Globals Exported */
54 DIRRES *director; /* Director resource */
57 char *configfile = NULL;
59 /* Globals Imported */
60 extern int r_first, r_last; /* first and last resources */
61 extern RES_TABLE resources[];
62 extern RES **res_head;
63 extern RES_ITEM job_items[];
66 extern "C" { // work around visual compiler mangling variables
73 #define CONFIG_FILE "bacula-dir.conf" /* default configuration file */
78 "Copyright (C) 2000-%s Kern Sibbald.\n"
79 "\nVersion: %s (%s)\n\n"
80 "Usage: dird [-f -s] [-c config_file] [-d debug_level] [config_file]\n"
81 " -c <file> set configuration file to file\n"
82 " -dnn set debug level to nn\n"
83 " -f run in foreground (for debugging)\n"
85 " -r <job> run <job> now\n"
87 " -t test - read configuration and exit\n"
89 " -v verbose user messages\n"
90 " -? print this message.\n"
91 "\n"), BYEAR, VERSION, BDATE);
97 /*********************************************************************
99 * Main Bacula Server program
102 #if defined(HAVE_WIN32)
103 #define main BaculaMain
106 int main (int argc, char *argv[])
110 int no_signals = FALSE;
111 int test_config = FALSE;
115 setlocale(LC_ALL, "");
116 bindtextdomain("bacula", LOCALEDIR);
117 textdomain("bacula");
120 my_name_is(argc, argv, "bacula-dir");
121 init_msg(NULL, NULL); /* initialize message handler */
123 daemon_start_time = time(NULL);
125 while ((ch = getopt(argc, argv, "c:d:fg:r:stu:v?")) != -1) {
127 case 'c': /* specify config file */
128 if (configfile != NULL) {
131 configfile = bstrdup(optarg);
134 case 'd': /* set debug level */
135 debug_level = atoi(optarg);
136 if (debug_level <= 0) {
139 Dmsg1(0, "Debug level = %d\n", debug_level);
142 case 'f': /* run in foreground */
146 case 'g': /* set group id */
150 case 'r': /* run job */
151 if (runjob != NULL) {
155 runjob = bstrdup(optarg);
159 case 's': /* turn off signals */
163 case 't': /* test config */
167 case 'u': /* set uid */
171 case 'v': /* verbose */
185 init_signals(terminate_dird);
189 if (configfile != NULL) {
192 configfile = bstrdup(*argv);
200 if (configfile == NULL) {
201 configfile = bstrdup(CONFIG_FILE);
204 parse_config(configfile);
206 if (init_crypto() != 0) {
207 Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
210 if (!check_resources()) {
211 Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile);
218 my_name_is(0, NULL, director->hdr.name); /* set user defined name */
220 /* Plug database interface for library routines */
221 p_sql_query = (sql_query)dir_sql_query;
223 FDConnectTimeout = (int)director->FDConnectTimeout;
224 SDConnectTimeout = (int)director->SDConnectTimeout;
228 init_stack_dump(); /* grab new pid */
231 /* Create pid must come after we are a daemon -- so we have our final pid */
232 create_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
233 read_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
235 drop(uid, gid); /* reduce priveleges if requested */
237 #if !defined(HAVE_WIN32)
238 signal(SIGHUP, reload_config);
241 init_console_msg(working_directory);
243 init_python_interpreter(director->hdr.name, director->scripts_directory,
246 set_thread_concurrency(director->MaxConcurrentJobs * 2 +
247 4 /* UA */ + 4 /* sched+watchdog+jobsvr+misc */);
249 Dmsg0(200, "Start UA server\n");
250 start_UA_server(director->DIRaddrs);
252 start_watchdog(); /* start network watchdog thread */
254 init_jcr_subsystem(); /* start JCR watchdogs etc. */
256 init_job_server(director->MaxConcurrentJobs);
258 Dmsg0(200, "wait for next job\n");
259 /* Main loop -- call scheduler to get next job to run */
260 while ( (jcr = wait_for_next_job(runjob)) ) {
261 run_job(jcr); /* run job */
262 free_jcr(jcr); /* release jcr */
263 if (runjob) { /* command line, run a single job? */
264 break; /* yes, terminate */
273 static void dir_sql_query(JCR *jcr, const char *cmd)
275 if (!jcr || !jcr->db) {
278 db_sql_query(jcr->db, cmd, NULL, NULL);
281 /* Cleanup and then exit */
282 void terminate_dird(int sig)
284 static bool already_here = false;
286 if (already_here) { /* avoid recursive temination problems */
290 generate_daemon_event(NULL, "Exit");
291 write_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
292 delete_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
293 // signal(SIGCHLD, SIG_IGN); /* don't worry about children now */
299 if (configfile != NULL) {
302 if (debug_level > 5) {
303 print_memory_pool_stats();
305 free_config_resources();
307 term_msg(); /* terminate message handler */
310 close_memory_pool(); /* release free memory in pool */
315 struct RELOAD_TABLE {
320 static const int max_reloads = 32;
321 static RELOAD_TABLE reload_table[max_reloads];
323 static void init_reload(void)
325 for (int i=0; i < max_reloads; i++) {
326 reload_table[i].job_count = 0;
327 reload_table[i].res_table = NULL;
331 static void free_saved_resources(int table)
333 int num = r_last - r_first + 1;
334 RES **res_tab = reload_table[table].res_table;
336 Dmsg1(100, "res_tab for table %d already released.\n", table);
339 Dmsg1(100, "Freeing resources for table %d\n", table);
340 for (int j=0; j<num; j++) {
341 free_resource(res_tab[j], r_first + j);
344 reload_table[table].job_count = 0;
345 reload_table[table].res_table = NULL;
349 * Called here at the end of every job that was
350 * hooked decrementing the active job_count. When
351 * it goes to zero, no one is using the associated
352 * resource table, so free it.
354 static void reload_job_end_cb(JCR *jcr, void *ctx)
356 int reload_id = (int)((long int)ctx);
357 Dmsg3(100, "reload job_end JobId=%d table=%d cnt=%d\n", jcr->JobId,
358 reload_id, reload_table[reload_id].job_count);
361 if (--reload_table[reload_id].job_count <= 0) {
362 free_saved_resources(reload_id);
368 static int find_free_reload_table_entry()
371 for (int i=0; i < max_reloads; i++) {
372 if (reload_table[i].res_table == NULL) {
381 * If we get here, we have received a SIGHUP, which means to
382 * reread our configuration file.
384 * The algorithm used is as follows: we count how many jobs are
385 * running and mark the running jobs to make a callback on
386 * exiting. The old config is saved with the reload table
387 * id in a reload table. The new config file is read. Now, as
388 * each job exits, it calls back to the reload_job_end_cb(), which
389 * decrements the count of open jobs for the given reload table.
390 * When the count goes to zero, we release those resources.
391 * This allows us to have pointers into the resource table (from
392 * jobs), and once they exit and all the pointers are released, we
393 * release the old table. Note, if no new jobs are running since the
394 * last reload, then the old resources will be immediately release.
395 * A console is considered a job because it may have pointers to
396 * resources, but a SYSTEM job is not since it *should* not have any
397 * permanent pointers to jobs.
400 void reload_config(int sig)
402 static bool already_here = false;
403 #if !defined(HAVE_WIN32)
407 int njobs = 0; /* number of running jobs */
412 abort(); /* Oops, recursion -> die */
416 #if !defined(HAVE_WIN32)
418 sigaddset(&set, SIGHUP);
419 sigprocmask(SIG_BLOCK, &set, NULL);
425 table = find_free_reload_table_entry();
427 Jmsg(NULL, M_ERROR, 0, _("Too many open reload requests. Request ignored.\n"));
431 Dmsg1(100, "Reload_config njobs=%d\n", njobs);
432 reload_table[table].res_table = save_config_resources();
433 Dmsg1(100, "Saved old config in table %d\n", table);
435 ok = parse_config(configfile, 0, M_ERROR); /* no exit on error */
437 Dmsg0(100, "Reloaded config file\n");
438 if (!ok || !check_resources()) {
439 rtable = find_free_reload_table_entry(); /* save new, bad table */
441 Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
442 Jmsg(NULL, M_ERROR_TERM, 0, _("Out of reload table entries. Giving up.\n"));
444 Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
445 Jmsg(NULL, M_ERROR, 0, _("Resetting previous configuration.\n"));
447 reload_table[rtable].res_table = save_config_resources();
448 /* Now restore old resoure values */
449 int num = r_last - r_first + 1;
450 RES **res_tab = reload_table[table].res_table;
451 for (int i=0; i<num; i++) {
452 res_head[i] = res_tab[i];
454 table = rtable; /* release new, bad, saved table below */
456 invalidate_schedules();
458 * Hook all active jobs so that they release this table
461 if (jcr->JobType != JT_SYSTEM) {
462 reload_table[table].job_count++;
463 job_end_push(jcr, reload_job_end_cb, (void *)((long int)table));
471 set_working_directory(director->working_directory);
472 FDConnectTimeout = director->FDConnectTimeout;
473 SDConnectTimeout = director->SDConnectTimeout;
474 Dmsg0(0, "Director's configuration file reread.\n");
476 /* Now release saved resources, if no jobs using the resources */
478 free_saved_resources(table);
484 #if !defined(HAVE_WIN32)
485 sigprocmask(SIG_UNBLOCK, &set, NULL);
486 signal(SIGHUP, reload_config);
488 already_here = false;
492 * Make a quick check to see that we have all the
495 * **** FIXME **** this routine could be a lot more
496 * intelligent and comprehensive.
498 static int check_resources()
505 job = (JOB *)GetNextRes(R_JOB, NULL);
506 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
508 Jmsg(NULL, M_FATAL, 0, _("No Director resource defined in %s\n"
509 "Without that I don't know who I am :-(\n"), configfile);
512 set_working_directory(director->working_directory);
513 if (!director->messages) { /* If message resource not specified */
514 director->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
515 if (!director->messages) {
516 Jmsg(NULL, M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
520 if (GetNextRes(R_DIRECTOR, (RES *)director) != NULL) {
521 Jmsg(NULL, M_FATAL, 0, _("Only one Director resource permitted in %s\n"),
525 /* tls_require implies tls_enable */
526 if (director->tls_require) {
528 director->tls_enable = true;
530 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
535 if (!director->tls_certfile && director->tls_enable) {
536 Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
537 director->hdr.name, configfile);
541 if (!director->tls_keyfile && director->tls_enable) {
542 Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
543 director->hdr.name, configfile);
547 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
548 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
549 " Certificate Dir\" are defined for Director \"%s\" in %s."
550 " At least one CA certificate store is required"
551 " when using \"TLS Verify Peer\".\n"),
552 director->hdr.name, configfile);
556 /* If everything is well, attempt to initialize our per-resource TLS context */
557 if (OK && (director->tls_enable || director->tls_require)) {
558 /* Initialize TLS context:
559 * Args: CA certfile, CA certdir, Certfile, Keyfile,
560 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
561 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
562 director->tls_ca_certdir, director->tls_certfile,
563 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
564 director->tls_verify_peer);
566 if (!director->tls_ctx) {
567 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
568 director->hdr.name, configfile);
575 Jmsg(NULL, M_FATAL, 0, _("No Job records defined in %s\n"), configfile);
578 foreach_res(job, R_JOB) {
582 /* Handle Storage alists specifically */
583 JOB *jobdefs = job->jobdefs;
584 if (jobdefs->storage && !job->storage) {
586 job->storage = New(alist(10, not_owned_by_alist));
587 foreach_alist(st, jobdefs->storage) {
588 job->storage->append(st);
591 /* Handle RunScripts alists specifically */
592 if (jobdefs->RunScripts) {
595 if (!job->RunScripts) {
596 job->RunScripts = New(alist(10, not_owned_by_alist));
599 foreach_alist(rs, jobdefs->RunScripts) {
600 elt = copy_runscript(rs);
601 job->RunScripts->append(elt); /* we have to free it */
605 /* Transfer default items from JobDefs Resource */
606 for (i=0; job_items[i].name; i++) {
607 char **def_svalue, **svalue; /* string value */
608 int *def_ivalue, *ivalue; /* integer value */
609 bool *def_bvalue, *bvalue; /* bool value */
610 int64_t *def_lvalue, *lvalue; /* 64 bit values */
613 Dmsg4(1400, "Job \"%s\", field \"%s\" bit=%d def=%d\n",
614 job->hdr.name, job_items[i].name,
615 bit_is_set(i, job->hdr.item_present),
616 bit_is_set(i, job->jobdefs->hdr.item_present));
618 if (!bit_is_set(i, job->hdr.item_present) &&
619 bit_is_set(i, job->jobdefs->hdr.item_present)) {
620 Dmsg2(400, "Job \"%s\", field \"%s\": getting default.\n",
621 job->hdr.name, job_items[i].name);
622 offset = (char *)(job_items[i].value) - (char *)&res_all;
624 * Handle strings and directory strings
626 if (job_items[i].handler == store_str ||
627 job_items[i].handler == store_dir) {
628 def_svalue = (char **)((char *)(job->jobdefs) + offset);
629 Dmsg5(400, "Job \"%s\", field \"%s\" def_svalue=%s item %d offset=%u\n",
630 job->hdr.name, job_items[i].name, *def_svalue, i, offset);
631 svalue = (char **)((char *)job + offset);
633 Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue);
635 *svalue = bstrdup(*def_svalue);
636 set_bit(i, job->hdr.item_present);
640 } else if (job_items[i].handler == store_res) {
641 def_svalue = (char **)((char *)(job->jobdefs) + offset);
642 Dmsg4(400, "Job \"%s\", field \"%s\" item %d offset=%u\n",
643 job->hdr.name, job_items[i].name, i, offset);
644 svalue = (char **)((char *)job + offset);
646 Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue);
648 *svalue = *def_svalue;
649 set_bit(i, job->hdr.item_present);
651 * Handle alist resources
653 } else if (job_items[i].handler == store_alist_res) {
654 if (bit_is_set(i, job->jobdefs->hdr.item_present)) {
655 set_bit(i, job->hdr.item_present);
658 * Handle integer fields
659 * Note, our store_bit does not handle bitmaped fields
661 } else if (job_items[i].handler == store_bit ||
662 job_items[i].handler == store_pint ||
663 job_items[i].handler == store_jobtype ||
664 job_items[i].handler == store_level ||
665 job_items[i].handler == store_pint ||
666 job_items[i].handler == store_replace) {
667 def_ivalue = (int *)((char *)(job->jobdefs) + offset);
668 Dmsg5(400, "Job \"%s\", field \"%s\" def_ivalue=%d item %d offset=%u\n",
669 job->hdr.name, job_items[i].name, *def_ivalue, i, offset);
670 ivalue = (int *)((char *)job + offset);
671 *ivalue = *def_ivalue;
672 set_bit(i, job->hdr.item_present);
674 * Handle 64 bit integer fields
676 } else if (job_items[i].handler == store_time ||
677 job_items[i].handler == store_size ||
678 job_items[i].handler == store_int64) {
679 def_lvalue = (int64_t *)((char *)(job->jobdefs) + offset);
680 Dmsg5(400, "Job \"%s\", field \"%s\" def_lvalue=%" lld " item %d offset=%u\n",
681 job->hdr.name, job_items[i].name, *def_lvalue, i, offset);
682 lvalue = (int64_t *)((char *)job + offset);
683 *lvalue = *def_lvalue;
684 set_bit(i, job->hdr.item_present);
688 } else if (job_items[i].handler == store_bool) {
689 def_bvalue = (bool *)((char *)(job->jobdefs) + offset);
690 Dmsg5(400, "Job \"%s\", field \"%s\" def_bvalue=%d item %d offset=%u\n",
691 job->hdr.name, job_items[i].name, *def_bvalue, i, offset);
692 bvalue = (bool *)((char *)job + offset);
693 *bvalue = *def_bvalue;
694 set_bit(i, job->hdr.item_present);
700 * Ensure that all required items are present
702 for (i=0; job_items[i].name; i++) {
703 if (job_items[i].flags & ITEM_REQUIRED) {
704 if (!bit_is_set(i, job->hdr.item_present)) {
705 Jmsg(NULL, M_FATAL, 0, _("\"%s\" directive in Job \"%s\" resource is required, but not found.\n"),
706 job_items[i].name, job->hdr.name);
710 /* If this triggers, take a look at lib/parse_conf.h */
711 if (i >= MAX_RES_ITEMS) {
712 Emsg0(M_ERROR_TERM, 0, _("Too many items in Job resource\n"));
715 } /* End loop over Job res */
717 /* Loop over databases */
719 foreach_res(catalog, R_CATALOG) {
722 * Make sure we can open catalog, otherwise print a warning
723 * message because the server is probably not running.
725 db = db_init_database(NULL, catalog->db_name, catalog->db_user,
726 catalog->db_password, catalog->db_address,
727 catalog->db_port, catalog->db_socket,
728 catalog->mult_db_connections);
729 if (!db || !db_open_database(NULL, db)) {
730 Jmsg(NULL, M_FATAL, 0, _("Could not open Catalog \"%s\", database \"%s\".\n"),
731 catalog->hdr.name, catalog->db_name);
733 Jmsg(NULL, M_FATAL, 0, _("%s"), db_strerror(db));
739 /* Loop over all pools, defining/updating them in each database */
741 foreach_res(pool, R_POOL) {
742 create_pool(NULL, db, pool, POOL_OP_UPDATE); /* update request */
746 foreach_res(store, R_STORAGE) {
749 if (store->media_type) {
750 bstrncpy(mr.MediaType, store->media_type, sizeof(mr.MediaType));
752 db_create_mediatype_record(NULL, db, &mr);
756 bstrncpy(sr.Name, store->name(), sizeof(sr.Name));
757 sr.AutoChanger = store->autochanger;
758 db_create_storage_record(NULL, db, &sr);
759 store->StorageId = sr.StorageId; /* set storage Id */
760 if (!sr.created) { /* if not created, update it */
761 db_update_storage_record(NULL, db, &sr);
764 /* tls_require implies tls_enable */
765 if (store->tls_require) {
767 store->tls_enable = true;
769 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
774 if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) {
775 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
776 " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"),
777 store->hdr.name, configfile);
781 /* If everything is well, attempt to initialize our per-resource TLS context */
782 if (OK && (store->tls_enable || store->tls_require)) {
783 /* Initialize TLS context:
784 * Args: CA certfile, CA certdir, Certfile, Keyfile,
785 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
786 store->tls_ctx = new_tls_context(store->tls_ca_certfile,
787 store->tls_ca_certdir, store->tls_certfile,
788 store->tls_keyfile, NULL, NULL, NULL, true);
790 if (!store->tls_ctx) {
791 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"),
792 store->hdr.name, configfile);
798 /* Loop over all counters, defining them in each database */
799 /* Set default value in all counters */
801 foreach_res(counter, R_COUNTER) {
802 /* Write to catalog? */
803 if (!counter->created && counter->Catalog == catalog) {
805 bstrncpy(cr.Counter, counter->hdr.name, sizeof(cr.Counter));
806 cr.MinValue = counter->MinValue;
807 cr.MaxValue = counter->MaxValue;
808 cr.CurrentValue = counter->MinValue;
809 if (counter->WrapCounter) {
810 bstrncpy(cr.WrapCounter, counter->WrapCounter->hdr.name, sizeof(cr.WrapCounter));
812 cr.WrapCounter[0] = 0; /* empty string */
814 if (db_create_counter_record(NULL, db, &cr)) {
815 counter->CurrentValue = cr.CurrentValue;
816 counter->created = true;
817 Dmsg2(100, "Create counter %s val=%d\n", counter->hdr.name, counter->CurrentValue);
820 if (!counter->created) {
821 counter->CurrentValue = counter->MinValue; /* default value */
824 db_close_database(NULL, db);
827 /* Loop over Consoles */
829 foreach_res(cons, R_CONSOLE) {
830 /* tls_require implies tls_enable */
831 if (cons->tls_require) {
833 cons->tls_enable = true;
835 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
841 if (!cons->tls_certfile && cons->tls_enable) {
842 Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"),
843 cons->hdr.name, configfile);
847 if (!cons->tls_keyfile && cons->tls_enable) {
848 Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"),
849 cons->hdr.name, configfile);
853 if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) && cons->tls_enable && cons->tls_verify_peer) {
854 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
855 " Certificate Dir\" are defined for Console \"%s\" in %s."
856 " At least one CA certificate store is required"
857 " when using \"TLS Verify Peer\".\n"),
858 cons->hdr.name, configfile);
861 /* If everything is well, attempt to initialize our per-resource TLS context */
862 if (OK && (cons->tls_enable || cons->tls_require)) {
863 /* Initialize TLS context:
864 * Args: CA certfile, CA certdir, Certfile, Keyfile,
865 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
866 cons->tls_ctx = new_tls_context(cons->tls_ca_certfile,
867 cons->tls_ca_certdir, cons->tls_certfile,
868 cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer);
870 if (!cons->tls_ctx) {
871 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
872 cons->hdr.name, configfile);
879 /* Loop over Clients */
881 foreach_res(client, R_CLIENT) {
882 /* tls_require implies tls_enable */
883 if (client->tls_require) {
885 client->tls_enable = true;
887 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
893 if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && client->tls_enable) {
894 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
895 " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"),
896 client->hdr.name, configfile);
900 /* If everything is well, attempt to initialize our per-resource TLS context */
901 if (OK && (client->tls_enable || client->tls_require)) {
902 /* Initialize TLS context:
903 * Args: CA certfile, CA certdir, Certfile, Keyfile,
904 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
905 client->tls_ctx = new_tls_context(client->tls_ca_certfile,
906 client->tls_ca_certdir, client->tls_certfile,
907 client->tls_keyfile, NULL, NULL, NULL,
910 if (!client->tls_ctx) {
911 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
912 client->hdr.name, configfile);
920 close_msg(NULL); /* close temp message handler */
921 init_msg(NULL, director->messages); /* open daemon message handler */