2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of John Walker.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
31 * Kern Sibbald, March MM
40 /* Imported Functions */
41 extern void *handle_client_request(void *dir_sock);
43 /* Forward referenced functions */
44 void terminate_filed(int sig);
45 static bool check_resources();
47 /* Exported variables */
48 CLIENT *me; /* my resource */
49 bool no_signals = false;
53 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
55 char *configfile = NULL;
56 static bool foreground = false;
57 static workq_t dir_workq; /* queue of work from Director */
58 static pthread_t server_tid;
65 "\nVersion: %s (%s)\n\n"
66 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
67 " -c <file> use <file> as configuration file\n"
68 " -d <nn> set debug level to <nn>\n"
69 " -dt print timestamp in debug output\n"
70 " -f run in foreground (for debugging)\n"
72 " -s no signals (for debugging)\n"
73 " -t test configuration file and exit\n"
75 " -v verbose user messages\n"
76 " -? print this message.\n"
77 "\n"), 2000, VERSION, BDATE);
82 /*********************************************************************
84 * Main Bacula Unix Client Program
87 #if defined(HAVE_WIN32)
88 #define main BaculaMain
91 int main (int argc, char *argv[])
94 bool test_config = false;
99 setlocale(LC_ALL, "");
100 bindtextdomain("bacula", LOCALEDIR);
101 textdomain("bacula");
104 my_name_is(argc, argv, "bacula-fd");
105 init_msg(NULL, NULL);
106 daemon_start_time = time(NULL);
108 while ((ch = getopt(argc, argv, "c:d:fg:stu:v?")) != -1) {
110 case 'c': /* configuration file */
111 if (configfile != NULL) {
114 configfile = bstrdup(optarg);
117 case 'd': /* debug level */
118 if (*optarg == 't') {
119 dbg_timestamp = true;
121 debug_level = atoi(optarg);
122 if (debug_level <= 0) {
128 case 'f': /* run in foreground */
132 case 'g': /* set group */
144 case 'u': /* set userid */
148 case 'v': /* verbose */
162 if (configfile != NULL)
164 configfile = bstrdup(*argv);
172 server_tid = pthread_self();
174 init_signals(terminate_filed);
176 /* This reduces the number of signals facilitating debugging */
177 watchdog_sleep_time = 120; /* long timeout for debugging */
180 if (configfile == NULL) {
181 configfile = bstrdup(CONFIG_FILE);
184 parse_config(configfile);
186 if (init_crypto() != 0) {
187 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
191 if (!check_resources()) {
192 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
196 set_working_directory(me->working_directory);
204 init_stack_dump(); /* set new pid */
207 /* Maximum 1 daemon at a time */
208 create_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
209 read_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
211 load_fd_plugins(me->plugin_directory);
219 init_python_interpreter(me->hdr.name, me->scripts_directory, "FDStartUp");
221 set_thread_concurrency(10);
224 start_watchdog(); /* start watchdog thread */
225 init_jcr_subsystem(); /* start JCR watchdogs etc. */
227 server_tid = pthread_self();
229 /* Become server, and handle requests */
231 foreach_dlist(p, me->FDaddrs) {
232 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
234 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
237 exit(0); /* should never get here */
240 void terminate_filed(int sig)
242 static bool already_here = false;
245 bmicrosleep(2, 0); /* yield */
246 exit(1); /* prevent loops */
249 debug_level = 0; /* turn off debug */
252 bnet_stop_thread_server(server_tid);
253 generate_daemon_event(NULL, "Exit");
255 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
256 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
258 if (configfile != NULL) {
262 if (debug_level > 0) {
263 print_memory_pool_stats();
266 free_config_resources();
268 close_memory_pool(); /* release free memory in pool */
269 sm_dump(false); /* dump orphaned buffers */
274 * Make a quick check to see that we have all the
277 static bool check_resources()
285 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
287 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
288 "Without that I don't know who I am :-(\n"), configfile);
291 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
292 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
296 my_name_is(0, NULL, me->hdr.name);
298 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
300 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
304 /* tls_require implies tls_enable */
305 if (me->tls_require) {
307 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
310 me->tls_enable = true;
313 need_tls = me->tls_enable || me->tls_authenticate;
315 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && need_tls) {
316 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
317 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
322 /* If everything is well, attempt to initialize our per-resource TLS context */
323 if (OK && (need_tls || me->tls_require)) {
324 /* Initialize TLS context:
325 * Args: CA certfile, CA certdir, Certfile, Keyfile,
326 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
327 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
328 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
329 NULL, NULL, NULL, true);
332 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
333 me->hdr.name, configfile);
338 if (me->pki_encrypt || me->pki_sign) {
340 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
345 /* pki_encrypt implies pki_sign */
346 if (me->pki_encrypt) {
350 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
351 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
352 " daemon \"%s\" in %s if either \"PKI Sign\" or"
353 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
357 /* If everything is well, attempt to initialize our public/private keys */
358 if (OK && (me->pki_encrypt || me->pki_sign)) {
360 /* Load our keypair */
361 me->pki_keypair = crypto_keypair_new();
362 if (!me->pki_keypair) {
363 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
366 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
367 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
368 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
372 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
373 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
374 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
380 * Trusted Signers. We're always trusted.
382 me->pki_signers = New(alist(10, not_owned_by_alist));
383 if (me->pki_keypair) {
384 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
387 /* If additional signing public keys have been specified, load them up */
388 if (me->pki_signing_key_files) {
389 foreach_alist(filepath, me->pki_signing_key_files) {
390 X509_KEYPAIR *keypair;
392 keypair = crypto_keypair_new();
394 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
397 if (crypto_keypair_load_cert(keypair, filepath)) {
398 me->pki_signers->append(keypair);
400 /* Attempt to load a private key, if available */
401 if (crypto_keypair_has_key(filepath)) {
402 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
403 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
404 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
410 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
411 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
419 * Crypto recipients. We're always included as a recipient.
420 * The symmetric session key will be encrypted for each of these readers.
422 me->pki_recipients = New(alist(10, not_owned_by_alist));
423 if (me->pki_keypair) {
424 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
428 /* If additional keys have been specified, load them up */
429 if (me->pki_master_key_files) {
430 foreach_alist(filepath, me->pki_master_key_files) {
431 X509_KEYPAIR *keypair;
433 keypair = crypto_keypair_new();
435 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
438 if (crypto_keypair_load_cert(keypair, filepath)) {
439 me->pki_recipients->append(keypair);
441 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
442 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
452 /* Verify that a director record exists */
454 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
457 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
462 foreach_res(director, R_DIRECTOR) {
463 /* tls_require implies tls_enable */
464 if (director->tls_require) {
466 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
470 director->tls_enable = true;
473 need_tls = director->tls_enable || director->tls_authenticate;
475 if (!director->tls_certfile && need_tls) {
476 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
477 director->hdr.name, configfile);
481 if (!director->tls_keyfile && need_tls) {
482 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
483 director->hdr.name, configfile);
487 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && need_tls && director->tls_verify_peer) {
488 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
489 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
490 " At least one CA certificate store is required"
491 " when using \"TLS Verify Peer\".\n"),
492 director->hdr.name, configfile);
496 /* If everything is well, attempt to initialize our per-resource TLS context */
497 if (OK && (need_tls || director->tls_require)) {
498 /* Initialize TLS context:
499 * Args: CA certfile, CA certdir, Certfile, Keyfile,
500 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
501 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
502 director->tls_ca_certdir, director->tls_certfile,
503 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
504 director->tls_verify_peer);
506 if (!director->tls_ctx) {
507 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
508 director->hdr.name, configfile);
517 close_msg(NULL); /* close temp message handler */
518 init_msg(NULL, me->messages); /* open user specified message handler */