4 * Kern Sibbald, March MM
10 Copyright (C) 2000-2006 Kern Sibbald
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License
14 version 2 as amended with additional clauses defined in the
15 file LICENSE in the main source directory.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 the file LICENSE for additional details.
27 /* Imported Functions */
28 extern void *handle_client_request(void *dir_sock);
30 /* Forward referenced functions */
31 void terminate_filed(int sig);
32 static int check_resources();
34 /* Exported variables */
35 CLIENT *me; /* my resource */
36 bool no_signals = false;
39 #define CONFIG_FILE "./bacula-fd.conf" /* default config file */
41 char *configfile = NULL;
42 static bool foreground = false;
43 static bool inetd_request = false;
44 static workq_t dir_workq; /* queue of work from Director */
45 static pthread_t server_tid;
51 "Copyright (C) 2000-%s Kern Sibbald\n"
52 "\nVersion: %s (%s)\n\n"
53 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
54 " -c <file> use <file> as configuration file\n"
55 " -dnn set debug level to nn\n"
56 " -f run in foreground (for debugging)\n"
59 " -s no signals (for debugging)\n"
60 " -t test configuration file and exit\n"
62 " -v verbose user messages\n"
63 " -? print this message.\n"
64 "\n"), BYEAR, VERSION, BDATE);
69 /*********************************************************************
71 * Main Bacula Unix Client Program
74 #if defined(HAVE_WIN32)
75 #define main BaculaMain
78 int main (int argc, char *argv[])
81 bool test_config = false;
85 setlocale(LC_ALL, "");
86 bindtextdomain("bacula", LOCALEDIR);
90 my_name_is(argc, argv, "bacula-fd");
92 daemon_start_time = time(NULL);
94 while ((ch = getopt(argc, argv, "c:d:fg:istu:v?")) != -1) {
96 case 'c': /* configuration file */
97 if (configfile != NULL) {
100 configfile = bstrdup(optarg);
103 case 'd': /* debug level */
104 debug_level = atoi(optarg);
105 if (debug_level <= 0) {
110 case 'f': /* run in foreground */
114 case 'g': /* set group */
119 inetd_request = true;
129 case 'u': /* set userid */
133 case 'v': /* verbose */
147 if (configfile != NULL)
149 configfile = bstrdup(*argv);
157 server_tid = pthread_self();
159 init_signals(terminate_filed);
161 /* This reduces the number of signals facilitating debugging */
162 watchdog_sleep_time = 120; /* long timeout for debugging */
165 if (configfile == NULL) {
166 configfile = bstrdup(CONFIG_FILE);
169 parse_config(configfile);
171 if (init_crypto() != 0) {
172 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
176 if (!check_resources()) {
177 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
181 set_working_directory(me->working_directory);
187 if (!foreground &&!inetd_request) {
189 init_stack_dump(); /* set new pid */
192 /* Maximum 1 daemon at a time */
193 create_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
194 read_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
202 init_python_interpreter(me->hdr.name, me->scripts_directory, "FDStartUp");
204 set_thread_concurrency(10);
207 start_watchdog(); /* start watchdog thread */
208 init_jcr_subsystem(); /* start JCR watchdogs etc. */
210 server_tid = pthread_self();
213 /* Socket is on fd 0 */
214 struct sockaddr client_addr;
216 socklen_t client_addr_len = sizeof(client_addr);
217 if (getsockname(0, &client_addr, &client_addr_len) == 0) {
218 /* MA BUG 6 remove ifdefs */
219 port = sockaddr_get_port_net_order(&client_addr);
221 BSOCK *bs = init_bsock(NULL, 0, "client", "unknown client", port, &client_addr);
222 handle_client_request((void *)bs);
224 /* Become server, and handle requests */
226 foreach_dlist(p, me->FDaddrs) {
227 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
229 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
233 exit(0); /* should never get here */
236 void terminate_filed(int sig)
238 bnet_stop_thread_server(server_tid);
239 generate_daemon_event(NULL, "Exit");
240 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
241 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
243 if (configfile != NULL) {
246 if (debug_level > 0) {
247 print_memory_pool_stats();
249 free_config_resources();
253 close_memory_pool(); /* release free memory in pool */
254 sm_dump(false); /* dump orphaned buffers */
259 * Make a quick check to see that we have all the
262 static int check_resources()
269 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
271 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
272 "Without that I don't know who I am :-(\n"), configfile);
275 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
276 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
280 my_name_is(0, NULL, me->hdr.name);
282 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
284 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
288 /* tls_require implies tls_enable */
289 if (me->tls_require) {
291 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
294 me->tls_enable = true;
298 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && me->tls_enable) {
299 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
300 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
305 /* If everything is well, attempt to initialize our per-resource TLS context */
306 if (OK && (me->tls_enable || me->tls_require)) {
307 /* Initialize TLS context:
308 * Args: CA certfile, CA certdir, Certfile, Keyfile,
309 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
310 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
311 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
312 NULL, NULL, NULL, true);
315 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
316 me->hdr.name, configfile);
321 if (me->pki_encrypt || me->pki_sign) {
323 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
328 /* pki_encrypt implies pki_sign */
329 if (me->pki_encrypt) {
333 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
334 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
335 " daemon \"%s\" in %s if either \"PKI Sign\" or"
336 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
340 /* If everything is well, attempt to initialize our public/private keys */
341 if (OK && (me->pki_encrypt || me->pki_sign)) {
343 /* Load our keypair */
344 me->pki_keypair = crypto_keypair_new();
345 if (!me->pki_keypair) {
346 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
349 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
350 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
351 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
355 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
356 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
357 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
363 * Trusted Signers. We're always trusted.
365 me->pki_signers = New(alist(10, not_owned_by_alist));
366 if (me->pki_keypair) {
367 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
370 /* If additional signing public keys have been specified, load them up */
371 if (me->pki_signing_key_files) {
372 foreach_alist(filepath, me->pki_signing_key_files) {
373 X509_KEYPAIR *keypair;
375 keypair = crypto_keypair_new();
377 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
380 if (crypto_keypair_load_cert(keypair, filepath)) {
381 me->pki_signers->append(keypair);
383 /* Attempt to load a private key, if available */
384 if (crypto_keypair_has_key(filepath)) {
385 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
386 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
387 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
393 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
394 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
402 * Crypto recipients. We're always included as a recipient.
403 * The symmetric session key will be encrypted for each of these readers.
405 me->pki_recipients = New(alist(10, not_owned_by_alist));
406 if (me->pki_keypair) {
407 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
411 /* If additional keys have been specified, load them up */
412 if (me->pki_master_key_files) {
413 foreach_alist(filepath, me->pki_master_key_files) {
414 X509_KEYPAIR *keypair;
416 keypair = crypto_keypair_new();
418 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
421 if (crypto_keypair_load_cert(keypair, filepath)) {
422 me->pki_recipients->append(keypair);
424 /* Attempt to load a private key, if available */
425 if (crypto_keypair_has_key(filepath)) {
426 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
427 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
428 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
434 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
435 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
445 /* Verify that a director record exists */
447 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
450 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
455 foreach_res(director, R_DIRECTOR) {
456 /* tls_require implies tls_enable */
457 if (director->tls_require) {
459 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
463 director->tls_enable = true;
467 if (!director->tls_certfile && director->tls_enable) {
468 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
469 director->hdr.name, configfile);
473 if (!director->tls_keyfile && director->tls_enable) {
474 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
475 director->hdr.name, configfile);
479 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
480 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
481 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
482 " At least one CA certificate store is required"
483 " when using \"TLS Verify Peer\".\n"),
484 director->hdr.name, configfile);
488 /* If everything is well, attempt to initialize our per-resource TLS context */
489 if (OK && (director->tls_enable || director->tls_require)) {
490 /* Initialize TLS context:
491 * Args: CA certfile, CA certdir, Certfile, Keyfile,
492 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
493 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
494 director->tls_ca_certdir, director->tls_certfile,
495 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
496 director->tls_verify_peer);
498 if (!director->tls_ctx) {
499 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
500 director->hdr.name, configfile);
509 close_msg(NULL); /* close temp message handler */
510 init_msg(NULL, me->messages); /* open user specified message handler */