3 * Bacula Director daemon -- this is the main program
5 * Kern Sibbald, March MM
10 Copyright (C) 2000-2006 Kern Sibbald
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License
14 version 2 as amended with additional clauses defined in the
15 file LICENSE in the main source directory.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 the file LICENSE for additional details.
27 /* Forward referenced subroutines */
28 void terminate_dird(int sig);
29 static int check_resources();
30 static void dir_sql_query(JCR *jcr, const char *cmd);
32 /* Exported subroutines */
33 extern "C" void reload_config(int sig);
34 extern void invalidate_schedules();
37 /* Imported subroutines */
38 JCR *wait_for_next_job(char *runjob);
39 void term_scheduler();
40 void term_ua_server();
41 void start_UA_server(dlist *addrs);
42 void init_job_server(int max_workers);
43 void term_job_server();
44 void store_jobtype(LEX *lc, RES_ITEM *item, int index, int pass);
45 void store_level(LEX *lc, RES_ITEM *item, int index, int pass);
46 void store_replace(LEX *lc, RES_ITEM *item, int index, int pass);
47 void init_device_resources();
49 static char *runjob = NULL;
50 static int background = 1;
51 static void init_reload(void);
53 /* Globals Exported */
54 DIRRES *director; /* Director resource */
57 char *configfile = NULL;
59 /* Globals Imported */
60 extern int r_first, r_last; /* first and last resources */
61 extern RES_TABLE resources[];
62 extern RES **res_head;
63 extern RES_ITEM job_items[];
66 extern "C" { // work around visual compiler mangling variables
73 #define CONFIG_FILE "bacula-dir.conf" /* default configuration file */
78 "Copyright (C) 2000-%s Kern Sibbald.\n"
79 "\nVersion: %s (%s)\n\n"
80 "Usage: dird [-f -s] [-c config_file] [-d debug_level] [config_file]\n"
81 " -c <file> set configuration file to file\n"
82 " -dnn set debug level to nn\n"
83 " -f run in foreground (for debugging)\n"
85 " -r <job> run <job> now\n"
87 " -t test - read configuration and exit\n"
89 " -v verbose user messages\n"
90 " -? print this message.\n"
91 "\n"), BYEAR, VERSION, BDATE);
97 /*********************************************************************
99 * Main Bacula Server program
102 #if defined(HAVE_WIN32)
103 #define main BaculaMain
106 int main (int argc, char *argv[])
110 int no_signals = FALSE;
111 int test_config = FALSE;
115 setlocale(LC_ALL, "");
116 bindtextdomain("bacula", LOCALEDIR);
117 textdomain("bacula");
120 my_name_is(argc, argv, "bacula-dir");
121 init_msg(NULL, NULL); /* initialize message handler */
123 daemon_start_time = time(NULL);
125 while ((ch = getopt(argc, argv, "c:d:fg:r:stu:v?")) != -1) {
127 case 'c': /* specify config file */
128 if (configfile != NULL) {
131 configfile = bstrdup(optarg);
134 case 'd': /* set debug level */
135 debug_level = atoi(optarg);
136 if (debug_level <= 0) {
139 Dmsg1(0, "Debug level = %d\n", debug_level);
142 case 'f': /* run in foreground */
146 case 'g': /* set group id */
150 case 'r': /* run job */
151 if (runjob != NULL) {
155 runjob = bstrdup(optarg);
159 case 's': /* turn off signals */
163 case 't': /* test config */
167 case 'u': /* set uid */
171 case 'v': /* verbose */
185 init_signals(terminate_dird);
189 if (configfile != NULL) {
192 configfile = bstrdup(*argv);
200 if (configfile == NULL) {
201 configfile = bstrdup(CONFIG_FILE);
204 parse_config(configfile);
206 if (init_crypto() != 0) {
207 Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
210 if (!check_resources()) {
211 Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile);
218 my_name_is(0, NULL, director->hdr.name); /* set user defined name */
220 /* Plug database interface for library routines */
221 p_sql_query = (sql_query)dir_sql_query;
222 p_sql_escape = (sql_escape)db_escape_string;
224 FDConnectTimeout = (int)director->FDConnectTimeout;
225 SDConnectTimeout = (int)director->SDConnectTimeout;
229 init_stack_dump(); /* grab new pid */
232 /* Create pid must come after we are a daemon -- so we have our final pid */
233 create_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
234 read_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
236 drop(uid, gid); /* reduce priveleges if requested */
238 #if !defined(HAVE_WIN32)
239 signal(SIGHUP, reload_config);
242 init_console_msg(working_directory);
244 init_python_interpreter(director->hdr.name, director->scripts_directory,
247 set_thread_concurrency(director->MaxConcurrentJobs * 2 +
248 4 /* UA */ + 4 /* sched+watchdog+jobsvr+misc */);
250 Dmsg0(200, "Start UA server\n");
251 start_UA_server(director->DIRaddrs);
253 start_watchdog(); /* start network watchdog thread */
255 init_jcr_subsystem(); /* start JCR watchdogs etc. */
257 init_job_server(director->MaxConcurrentJobs);
259 Dmsg0(200, "wait for next job\n");
260 /* Main loop -- call scheduler to get next job to run */
261 while ( (jcr = wait_for_next_job(runjob)) ) {
262 run_job(jcr); /* run job */
263 free_jcr(jcr); /* release jcr */
264 if (runjob) { /* command line, run a single job? */
265 break; /* yes, terminate */
274 static void dir_sql_query(JCR *jcr, const char *cmd)
276 if (!jcr || !jcr->db) {
279 db_sql_query(jcr->db, cmd, NULL, NULL);
282 /* Cleanup and then exit */
283 void terminate_dird(int sig)
285 static bool already_here = false;
287 if (already_here) { /* avoid recursive temination problems */
291 generate_daemon_event(NULL, "Exit");
292 write_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
293 delete_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs));
294 // signal(SIGCHLD, SIG_IGN); /* don't worry about children now */
300 if (configfile != NULL) {
303 if (debug_level > 5) {
304 print_memory_pool_stats();
306 free_config_resources();
308 term_msg(); /* terminate message handler */
311 close_memory_pool(); /* release free memory in pool */
316 struct RELOAD_TABLE {
321 static const int max_reloads = 32;
322 static RELOAD_TABLE reload_table[max_reloads];
324 static void init_reload(void)
326 for (int i=0; i < max_reloads; i++) {
327 reload_table[i].job_count = 0;
328 reload_table[i].res_table = NULL;
332 static void free_saved_resources(int table)
334 int num = r_last - r_first + 1;
335 RES **res_tab = reload_table[table].res_table;
337 Dmsg1(100, "res_tab for table %d already released.\n", table);
340 Dmsg1(100, "Freeing resources for table %d\n", table);
341 for (int j=0; j<num; j++) {
342 free_resource(res_tab[j], r_first + j);
345 reload_table[table].job_count = 0;
346 reload_table[table].res_table = NULL;
350 * Called here at the end of every job that was
351 * hooked decrementing the active job_count. When
352 * it goes to zero, no one is using the associated
353 * resource table, so free it.
355 static void reload_job_end_cb(JCR *jcr, void *ctx)
357 int reload_id = (int)((long int)ctx);
358 Dmsg3(100, "reload job_end JobId=%d table=%d cnt=%d\n", jcr->JobId,
359 reload_id, reload_table[reload_id].job_count);
362 if (--reload_table[reload_id].job_count <= 0) {
363 free_saved_resources(reload_id);
369 static int find_free_reload_table_entry()
372 for (int i=0; i < max_reloads; i++) {
373 if (reload_table[i].res_table == NULL) {
382 * If we get here, we have received a SIGHUP, which means to
383 * reread our configuration file.
385 * The algorithm used is as follows: we count how many jobs are
386 * running and mark the running jobs to make a callback on
387 * exiting. The old config is saved with the reload table
388 * id in a reload table. The new config file is read. Now, as
389 * each job exits, it calls back to the reload_job_end_cb(), which
390 * decrements the count of open jobs for the given reload table.
391 * When the count goes to zero, we release those resources.
392 * This allows us to have pointers into the resource table (from
393 * jobs), and once they exit and all the pointers are released, we
394 * release the old table. Note, if no new jobs are running since the
395 * last reload, then the old resources will be immediately release.
396 * A console is considered a job because it may have pointers to
397 * resources, but a SYSTEM job is not since it *should* not have any
398 * permanent pointers to jobs.
401 void reload_config(int sig)
403 static bool already_here = false;
404 #if !defined(HAVE_WIN32)
408 int njobs = 0; /* number of running jobs */
413 abort(); /* Oops, recursion -> die */
417 #if !defined(HAVE_WIN32)
419 sigaddset(&set, SIGHUP);
420 sigprocmask(SIG_BLOCK, &set, NULL);
426 table = find_free_reload_table_entry();
428 Jmsg(NULL, M_ERROR, 0, _("Too many open reload requests. Request ignored.\n"));
432 Dmsg1(100, "Reload_config njobs=%d\n", njobs);
433 reload_table[table].res_table = save_config_resources();
434 Dmsg1(100, "Saved old config in table %d\n", table);
436 ok = parse_config(configfile, 0, M_ERROR); /* no exit on error */
438 Dmsg0(100, "Reloaded config file\n");
439 if (!ok || !check_resources()) {
440 rtable = find_free_reload_table_entry(); /* save new, bad table */
442 Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
443 Jmsg(NULL, M_ERROR_TERM, 0, _("Out of reload table entries. Giving up.\n"));
445 Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
446 Jmsg(NULL, M_ERROR, 0, _("Resetting previous configuration.\n"));
448 reload_table[rtable].res_table = save_config_resources();
449 /* Now restore old resoure values */
450 int num = r_last - r_first + 1;
451 RES **res_tab = reload_table[table].res_table;
452 for (int i=0; i<num; i++) {
453 res_head[i] = res_tab[i];
455 table = rtable; /* release new, bad, saved table below */
457 invalidate_schedules();
459 * Hook all active jobs so that they release this table
462 if (jcr->JobType != JT_SYSTEM) {
463 reload_table[table].job_count++;
464 job_end_push(jcr, reload_job_end_cb, (void *)((long int)table));
472 set_working_directory(director->working_directory);
473 FDConnectTimeout = director->FDConnectTimeout;
474 SDConnectTimeout = director->SDConnectTimeout;
475 Dmsg0(0, "Director's configuration file reread.\n");
477 /* Now release saved resources, if no jobs using the resources */
479 free_saved_resources(table);
485 #if !defined(HAVE_WIN32)
486 sigprocmask(SIG_UNBLOCK, &set, NULL);
487 signal(SIGHUP, reload_config);
489 already_here = false;
493 * Make a quick check to see that we have all the
496 * **** FIXME **** this routine could be a lot more
497 * intelligent and comprehensive.
499 static int check_resources()
506 job = (JOB *)GetNextRes(R_JOB, NULL);
507 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
509 Jmsg(NULL, M_FATAL, 0, _("No Director resource defined in %s\n"
510 "Without that I don't know who I am :-(\n"), configfile);
513 set_working_directory(director->working_directory);
514 if (!director->messages) { /* If message resource not specified */
515 director->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
516 if (!director->messages) {
517 Jmsg(NULL, M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
521 if (GetNextRes(R_DIRECTOR, (RES *)director) != NULL) {
522 Jmsg(NULL, M_FATAL, 0, _("Only one Director resource permitted in %s\n"),
526 /* tls_require implies tls_enable */
527 if (director->tls_require) {
529 director->tls_enable = true;
531 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
536 if (!director->tls_certfile && director->tls_enable) {
537 Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
538 director->hdr.name, configfile);
542 if (!director->tls_keyfile && director->tls_enable) {
543 Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
544 director->hdr.name, configfile);
548 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
549 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
550 " Certificate Dir\" are defined for Director \"%s\" in %s."
551 " At least one CA certificate store is required"
552 " when using \"TLS Verify Peer\".\n"),
553 director->hdr.name, configfile);
557 /* If everything is well, attempt to initialize our per-resource TLS context */
558 if (OK && (director->tls_enable || director->tls_require)) {
559 /* Initialize TLS context:
560 * Args: CA certfile, CA certdir, Certfile, Keyfile,
561 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
562 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
563 director->tls_ca_certdir, director->tls_certfile,
564 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
565 director->tls_verify_peer);
567 if (!director->tls_ctx) {
568 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
569 director->hdr.name, configfile);
576 Jmsg(NULL, M_FATAL, 0, _("No Job records defined in %s\n"), configfile);
579 foreach_res(job, R_JOB) {
583 /* Handle Storage alists specifically */
584 JOB *jobdefs = job->jobdefs;
585 if (jobdefs->storage && !job->storage) {
587 job->storage = New(alist(10, not_owned_by_alist));
588 foreach_alist(st, jobdefs->storage) {
589 job->storage->append(st);
592 /* Handle RunScripts alists specifically */
593 if (jobdefs->RunScripts) {
596 if (!job->RunScripts) {
597 job->RunScripts = New(alist(10, not_owned_by_alist));
600 foreach_alist(rs, jobdefs->RunScripts) {
601 elt = copy_runscript(rs);
602 job->RunScripts->append(elt); /* we have to free it */
606 /* Transfer default items from JobDefs Resource */
607 for (i=0; job_items[i].name; i++) {
608 char **def_svalue, **svalue; /* string value */
609 int *def_ivalue, *ivalue; /* integer value */
610 bool *def_bvalue, *bvalue; /* bool value */
611 int64_t *def_lvalue, *lvalue; /* 64 bit values */
614 Dmsg4(1400, "Job \"%s\", field \"%s\" bit=%d def=%d\n",
615 job->hdr.name, job_items[i].name,
616 bit_is_set(i, job->hdr.item_present),
617 bit_is_set(i, job->jobdefs->hdr.item_present));
619 if (!bit_is_set(i, job->hdr.item_present) &&
620 bit_is_set(i, job->jobdefs->hdr.item_present)) {
621 Dmsg2(400, "Job \"%s\", field \"%s\": getting default.\n",
622 job->hdr.name, job_items[i].name);
623 offset = (char *)(job_items[i].value) - (char *)&res_all;
625 * Handle strings and directory strings
627 if (job_items[i].handler == store_str ||
628 job_items[i].handler == store_dir) {
629 def_svalue = (char **)((char *)(job->jobdefs) + offset);
630 Dmsg5(400, "Job \"%s\", field \"%s\" def_svalue=%s item %d offset=%u\n",
631 job->hdr.name, job_items[i].name, *def_svalue, i, offset);
632 svalue = (char **)((char *)job + offset);
634 Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue);
636 *svalue = bstrdup(*def_svalue);
637 set_bit(i, job->hdr.item_present);
641 } else if (job_items[i].handler == store_res) {
642 def_svalue = (char **)((char *)(job->jobdefs) + offset);
643 Dmsg4(400, "Job \"%s\", field \"%s\" item %d offset=%u\n",
644 job->hdr.name, job_items[i].name, i, offset);
645 svalue = (char **)((char *)job + offset);
647 Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue);
649 *svalue = *def_svalue;
650 set_bit(i, job->hdr.item_present);
652 * Handle alist resources
654 } else if (job_items[i].handler == store_alist_res) {
655 if (bit_is_set(i, job->jobdefs->hdr.item_present)) {
656 set_bit(i, job->hdr.item_present);
659 * Handle integer fields
660 * Note, our store_bit does not handle bitmaped fields
662 } else if (job_items[i].handler == store_bit ||
663 job_items[i].handler == store_pint ||
664 job_items[i].handler == store_jobtype ||
665 job_items[i].handler == store_level ||
666 job_items[i].handler == store_pint ||
667 job_items[i].handler == store_replace) {
668 def_ivalue = (int *)((char *)(job->jobdefs) + offset);
669 Dmsg5(400, "Job \"%s\", field \"%s\" def_ivalue=%d item %d offset=%u\n",
670 job->hdr.name, job_items[i].name, *def_ivalue, i, offset);
671 ivalue = (int *)((char *)job + offset);
672 *ivalue = *def_ivalue;
673 set_bit(i, job->hdr.item_present);
675 * Handle 64 bit integer fields
677 } else if (job_items[i].handler == store_time ||
678 job_items[i].handler == store_size ||
679 job_items[i].handler == store_int64) {
680 def_lvalue = (int64_t *)((char *)(job->jobdefs) + offset);
681 Dmsg5(400, "Job \"%s\", field \"%s\" def_lvalue=%" lld " item %d offset=%u\n",
682 job->hdr.name, job_items[i].name, *def_lvalue, i, offset);
683 lvalue = (int64_t *)((char *)job + offset);
684 *lvalue = *def_lvalue;
685 set_bit(i, job->hdr.item_present);
689 } else if (job_items[i].handler == store_bool) {
690 def_bvalue = (bool *)((char *)(job->jobdefs) + offset);
691 Dmsg5(400, "Job \"%s\", field \"%s\" def_bvalue=%d item %d offset=%u\n",
692 job->hdr.name, job_items[i].name, *def_bvalue, i, offset);
693 bvalue = (bool *)((char *)job + offset);
694 *bvalue = *def_bvalue;
695 set_bit(i, job->hdr.item_present);
701 * Ensure that all required items are present
703 for (i=0; job_items[i].name; i++) {
704 if (job_items[i].flags & ITEM_REQUIRED) {
705 if (!bit_is_set(i, job->hdr.item_present)) {
706 Jmsg(NULL, M_FATAL, 0, _("\"%s\" directive in Job \"%s\" resource is required, but not found.\n"),
707 job_items[i].name, job->hdr.name);
711 /* If this triggers, take a look at lib/parse_conf.h */
712 if (i >= MAX_RES_ITEMS) {
713 Emsg0(M_ERROR_TERM, 0, _("Too many items in Job resource\n"));
716 } /* End loop over Job res */
718 /* Loop over databases */
720 foreach_res(catalog, R_CATALOG) {
723 * Make sure we can open catalog, otherwise print a warning
724 * message because the server is probably not running.
726 db = db_init_database(NULL, catalog->db_name, catalog->db_user,
727 catalog->db_password, catalog->db_address,
728 catalog->db_port, catalog->db_socket,
729 catalog->mult_db_connections);
730 if (!db || !db_open_database(NULL, db)) {
731 Jmsg(NULL, M_FATAL, 0, _("Could not open Catalog \"%s\", database \"%s\".\n"),
732 catalog->hdr.name, catalog->db_name);
734 Jmsg(NULL, M_FATAL, 0, _("%s"), db_strerror(db));
740 /* Loop over all pools, defining/updating them in each database */
742 foreach_res(pool, R_POOL) {
743 create_pool(NULL, db, pool, POOL_OP_UPDATE); /* update request */
747 foreach_res(store, R_STORAGE) {
750 if (store->media_type) {
751 bstrncpy(mr.MediaType, store->media_type, sizeof(mr.MediaType));
753 db_create_mediatype_record(NULL, db, &mr);
757 bstrncpy(sr.Name, store->name(), sizeof(sr.Name));
758 sr.AutoChanger = store->autochanger;
759 db_create_storage_record(NULL, db, &sr);
760 store->StorageId = sr.StorageId; /* set storage Id */
761 if (!sr.created) { /* if not created, update it */
762 db_update_storage_record(NULL, db, &sr);
765 /* tls_require implies tls_enable */
766 if (store->tls_require) {
768 store->tls_enable = true;
770 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
775 if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) {
776 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
777 " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"),
778 store->hdr.name, configfile);
782 /* If everything is well, attempt to initialize our per-resource TLS context */
783 if (OK && (store->tls_enable || store->tls_require)) {
784 /* Initialize TLS context:
785 * Args: CA certfile, CA certdir, Certfile, Keyfile,
786 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
787 store->tls_ctx = new_tls_context(store->tls_ca_certfile,
788 store->tls_ca_certdir, store->tls_certfile,
789 store->tls_keyfile, NULL, NULL, NULL, true);
791 if (!store->tls_ctx) {
792 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"),
793 store->hdr.name, configfile);
799 /* Loop over all counters, defining them in each database */
800 /* Set default value in all counters */
802 foreach_res(counter, R_COUNTER) {
803 /* Write to catalog? */
804 if (!counter->created && counter->Catalog == catalog) {
806 bstrncpy(cr.Counter, counter->hdr.name, sizeof(cr.Counter));
807 cr.MinValue = counter->MinValue;
808 cr.MaxValue = counter->MaxValue;
809 cr.CurrentValue = counter->MinValue;
810 if (counter->WrapCounter) {
811 bstrncpy(cr.WrapCounter, counter->WrapCounter->hdr.name, sizeof(cr.WrapCounter));
813 cr.WrapCounter[0] = 0; /* empty string */
815 if (db_create_counter_record(NULL, db, &cr)) {
816 counter->CurrentValue = cr.CurrentValue;
817 counter->created = true;
818 Dmsg2(100, "Create counter %s val=%d\n", counter->hdr.name, counter->CurrentValue);
821 if (!counter->created) {
822 counter->CurrentValue = counter->MinValue; /* default value */
825 db_close_database(NULL, db);
828 /* Loop over Consoles */
830 foreach_res(cons, R_CONSOLE) {
831 /* tls_require implies tls_enable */
832 if (cons->tls_require) {
834 cons->tls_enable = true;
836 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
842 if (!cons->tls_certfile && cons->tls_enable) {
843 Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"),
844 cons->hdr.name, configfile);
848 if (!cons->tls_keyfile && cons->tls_enable) {
849 Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"),
850 cons->hdr.name, configfile);
854 if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) && cons->tls_enable && cons->tls_verify_peer) {
855 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
856 " Certificate Dir\" are defined for Console \"%s\" in %s."
857 " At least one CA certificate store is required"
858 " when using \"TLS Verify Peer\".\n"),
859 cons->hdr.name, configfile);
862 /* If everything is well, attempt to initialize our per-resource TLS context */
863 if (OK && (cons->tls_enable || cons->tls_require)) {
864 /* Initialize TLS context:
865 * Args: CA certfile, CA certdir, Certfile, Keyfile,
866 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
867 cons->tls_ctx = new_tls_context(cons->tls_ca_certfile,
868 cons->tls_ca_certdir, cons->tls_certfile,
869 cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer);
871 if (!cons->tls_ctx) {
872 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
873 cons->hdr.name, configfile);
880 /* Loop over Clients */
882 foreach_res(client, R_CLIENT) {
883 /* tls_require implies tls_enable */
884 if (client->tls_require) {
886 client->tls_enable = true;
888 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
894 if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && client->tls_enable) {
895 Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
896 " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"),
897 client->hdr.name, configfile);
901 /* If everything is well, attempt to initialize our per-resource TLS context */
902 if (OK && (client->tls_enable || client->tls_require)) {
903 /* Initialize TLS context:
904 * Args: CA certfile, CA certdir, Certfile, Keyfile,
905 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
906 client->tls_ctx = new_tls_context(client->tls_ca_certfile,
907 client->tls_ca_certdir, client->tls_certfile,
908 client->tls_keyfile, NULL, NULL, NULL,
911 if (!client->tls_ctx) {
912 Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
913 client->hdr.name, configfile);
921 close_msg(NULL); /* close temp message handler */
922 init_msg(NULL, director->messages); /* open daemon message handler */