2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2007 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of John Walker.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
31 * Kern Sibbald, March MM
40 /* Imported Functions */
41 extern void *handle_client_request(void *dir_sock);
43 /* Forward referenced functions */
44 void terminate_filed(int sig);
45 static bool check_resources();
47 /* Exported variables */
48 CLIENT *me; /* my resource */
49 bool no_signals = false;
53 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
55 char *configfile = NULL;
56 static bool foreground = false;
57 static workq_t dir_workq; /* queue of work from Director */
58 static pthread_t server_tid;
65 "\nVersion: %s (%s)\n\n"
66 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
67 " -c <file> use <file> as configuration file\n"
68 " -dnn set debug level to nn\n"
69 " -f run in foreground (for debugging)\n"
71 " -s no signals (for debugging)\n"
72 " -t test configuration file and exit\n"
74 " -v verbose user messages\n"
75 " -? print this message.\n"
76 "\n"), 2000, VERSION, BDATE);
81 /*********************************************************************
83 * Main Bacula Unix Client Program
86 #if defined(HAVE_WIN32)
87 #define main BaculaMain
90 int main (int argc, char *argv[])
93 bool test_config = false;
98 setlocale(LC_ALL, "");
99 bindtextdomain("bacula", LOCALEDIR);
100 textdomain("bacula");
103 my_name_is(argc, argv, "bacula-fd");
104 init_msg(NULL, NULL);
105 daemon_start_time = time(NULL);
107 while ((ch = getopt(argc, argv, "c:d:fg:stu:v?")) != -1) {
109 case 'c': /* configuration file */
110 if (configfile != NULL) {
113 configfile = bstrdup(optarg);
116 case 'd': /* debug level */
117 debug_level = atoi(optarg);
118 if (debug_level <= 0) {
123 case 'f': /* run in foreground */
127 case 'g': /* set group */
139 case 'u': /* set userid */
143 case 'v': /* verbose */
157 if (configfile != NULL)
159 configfile = bstrdup(*argv);
167 server_tid = pthread_self();
169 init_signals(terminate_filed);
171 /* This reduces the number of signals facilitating debugging */
172 watchdog_sleep_time = 120; /* long timeout for debugging */
175 if (configfile == NULL) {
176 configfile = bstrdup(CONFIG_FILE);
179 parse_config(configfile);
181 if (init_crypto() != 0) {
182 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
186 if (!check_resources()) {
187 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
191 set_working_directory(me->working_directory);
199 init_stack_dump(); /* set new pid */
202 /* Maximum 1 daemon at a time */
203 create_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
204 read_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
212 init_python_interpreter(me->hdr.name, me->scripts_directory, "FDStartUp");
214 set_thread_concurrency(10);
217 start_watchdog(); /* start watchdog thread */
218 init_jcr_subsystem(); /* start JCR watchdogs etc. */
220 server_tid = pthread_self();
222 /* Become server, and handle requests */
224 foreach_dlist(p, me->FDaddrs) {
225 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
227 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
230 exit(0); /* should never get here */
233 void terminate_filed(int sig)
235 static bool already_here = false;
238 bmicrosleep(2, 0); /* yield */
239 exit(1); /* prevent loops */
244 bnet_stop_thread_server(server_tid);
245 generate_daemon_event(NULL, "Exit");
246 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
247 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
249 if (configfile != NULL) {
253 if (debug_level > 0) {
254 print_memory_pool_stats();
257 free_config_resources();
259 close_memory_pool(); /* release free memory in pool */
260 sm_dump(false); /* dump orphaned buffers */
265 * Make a quick check to see that we have all the
268 static bool check_resources()
275 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
277 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
278 "Without that I don't know who I am :-(\n"), configfile);
281 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
282 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
286 my_name_is(0, NULL, me->hdr.name);
288 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
290 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
294 /* tls_require implies tls_enable */
295 if (me->tls_require) {
297 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
300 me->tls_enable = true;
304 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && me->tls_enable) {
305 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
306 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
311 /* If everything is well, attempt to initialize our per-resource TLS context */
312 if (OK && (me->tls_enable || me->tls_require)) {
313 /* Initialize TLS context:
314 * Args: CA certfile, CA certdir, Certfile, Keyfile,
315 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
316 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
317 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
318 NULL, NULL, NULL, true);
321 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
322 me->hdr.name, configfile);
327 if (me->pki_encrypt || me->pki_sign) {
329 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
334 /* pki_encrypt implies pki_sign */
335 if (me->pki_encrypt) {
339 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
340 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
341 " daemon \"%s\" in %s if either \"PKI Sign\" or"
342 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
346 /* If everything is well, attempt to initialize our public/private keys */
347 if (OK && (me->pki_encrypt || me->pki_sign)) {
349 /* Load our keypair */
350 me->pki_keypair = crypto_keypair_new();
351 if (!me->pki_keypair) {
352 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
355 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
356 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
357 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
361 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
362 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
363 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
369 * Trusted Signers. We're always trusted.
371 me->pki_signers = New(alist(10, not_owned_by_alist));
372 if (me->pki_keypair) {
373 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
376 /* If additional signing public keys have been specified, load them up */
377 if (me->pki_signing_key_files) {
378 foreach_alist(filepath, me->pki_signing_key_files) {
379 X509_KEYPAIR *keypair;
381 keypair = crypto_keypair_new();
383 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
386 if (crypto_keypair_load_cert(keypair, filepath)) {
387 me->pki_signers->append(keypair);
389 /* Attempt to load a private key, if available */
390 if (crypto_keypair_has_key(filepath)) {
391 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
392 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
393 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
399 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
400 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
408 * Crypto recipients. We're always included as a recipient.
409 * The symmetric session key will be encrypted for each of these readers.
411 me->pki_recipients = New(alist(10, not_owned_by_alist));
412 if (me->pki_keypair) {
413 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
417 /* If additional keys have been specified, load them up */
418 if (me->pki_master_key_files) {
419 foreach_alist(filepath, me->pki_master_key_files) {
420 X509_KEYPAIR *keypair;
422 keypair = crypto_keypair_new();
424 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
427 if (crypto_keypair_load_cert(keypair, filepath)) {
428 me->pki_recipients->append(keypair);
430 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
431 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
441 /* Verify that a director record exists */
443 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
446 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
451 foreach_res(director, R_DIRECTOR) {
452 /* tls_require implies tls_enable */
453 if (director->tls_require) {
455 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
459 director->tls_enable = true;
463 if (!director->tls_certfile && director->tls_enable) {
464 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
465 director->hdr.name, configfile);
469 if (!director->tls_keyfile && director->tls_enable) {
470 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
471 director->hdr.name, configfile);
475 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
476 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
477 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
478 " At least one CA certificate store is required"
479 " when using \"TLS Verify Peer\".\n"),
480 director->hdr.name, configfile);
484 /* If everything is well, attempt to initialize our per-resource TLS context */
485 if (OK && (director->tls_enable || director->tls_require)) {
486 /* Initialize TLS context:
487 * Args: CA certfile, CA certdir, Certfile, Keyfile,
488 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
489 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
490 director->tls_ca_certdir, director->tls_certfile,
491 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
492 director->tls_verify_peer);
494 if (!director->tls_ctx) {
495 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
496 director->hdr.name, configfile);
505 close_msg(NULL); /* close temp message handler */
506 init_msg(NULL, me->messages); /* open user specified message handler */