4 * Kern Sibbald, March MM
10 Bacula® - The Network Backup Solution
12 Copyright (C) 2000-2006 Free Software Foundation Europe e.V.
14 The main author of Bacula is Kern Sibbald, with contributions from
15 many others, a complete list can be found in the file AUTHORS.
16 This program is Free Software; you can redistribute it and/or
17 modify it under the terms of version two of the GNU General Public
18 License as published by the Free Software Foundation plus additions
19 that are listed in the file LICENSE.
21 This program is distributed in the hope that it will be useful, but
22 WITHOUT ANY WARRANTY; without even the implied warranty of
23 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
24 General Public License for more details.
26 You should have received a copy of the GNU General Public License
27 along with this program; if not, write to the Free Software
28 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
31 Bacula® is a registered trademark of John Walker.
32 The licensor of Bacula is the Free Software Foundation Europe
33 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
34 Switzerland, email:ftf@fsfeurope.org.
40 /* Imported Functions */
41 extern void *handle_client_request(void *dir_sock);
43 /* Forward referenced functions */
44 void terminate_filed(int sig);
45 static int check_resources();
47 /* Exported variables */
48 CLIENT *me; /* my resource */
49 bool no_signals = false;
52 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
54 char *configfile = NULL;
55 static bool foreground = false;
56 static workq_t dir_workq; /* queue of work from Director */
57 static pthread_t server_tid;
64 "\nVersion: %s (%s)\n\n"
65 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
66 " -c <file> use <file> as configuration file\n"
67 " -dnn set debug level to nn\n"
68 " -f run in foreground (for debugging)\n"
70 " -s no signals (for debugging)\n"
71 " -t test configuration file and exit\n"
73 " -v verbose user messages\n"
74 " -? print this message.\n"
75 "\n"), 2000, VERSION, BDATE);
80 /*********************************************************************
82 * Main Bacula Unix Client Program
85 #if defined(HAVE_WIN32)
86 #define main BaculaMain
89 int main (int argc, char *argv[])
92 bool test_config = false;
96 setlocale(LC_ALL, "");
97 bindtextdomain("bacula", LOCALEDIR);
101 my_name_is(argc, argv, "bacula-fd");
102 init_msg(NULL, NULL);
103 daemon_start_time = time(NULL);
105 while ((ch = getopt(argc, argv, "c:d:fg:stu:v?")) != -1) {
107 case 'c': /* configuration file */
108 if (configfile != NULL) {
111 configfile = bstrdup(optarg);
114 case 'd': /* debug level */
115 debug_level = atoi(optarg);
116 if (debug_level <= 0) {
121 case 'f': /* run in foreground */
125 case 'g': /* set group */
137 case 'u': /* set userid */
141 case 'v': /* verbose */
155 if (configfile != NULL)
157 configfile = bstrdup(*argv);
165 server_tid = pthread_self();
167 init_signals(terminate_filed);
169 /* This reduces the number of signals facilitating debugging */
170 watchdog_sleep_time = 120; /* long timeout for debugging */
173 if (configfile == NULL) {
174 configfile = bstrdup(CONFIG_FILE);
177 parse_config(configfile);
179 if (init_crypto() != 0) {
180 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
184 if (!check_resources()) {
185 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
189 set_working_directory(me->working_directory);
197 init_stack_dump(); /* set new pid */
200 /* Maximum 1 daemon at a time */
201 create_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
202 read_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
210 init_python_interpreter(me->hdr.name, me->scripts_directory, "FDStartUp");
212 set_thread_concurrency(10);
215 start_watchdog(); /* start watchdog thread */
216 init_jcr_subsystem(); /* start JCR watchdogs etc. */
218 server_tid = pthread_self();
220 /* Become server, and handle requests */
222 foreach_dlist(p, me->FDaddrs) {
223 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
225 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
228 exit(0); /* should never get here */
231 void terminate_filed(int sig)
233 bnet_stop_thread_server(server_tid);
234 generate_daemon_event(NULL, "Exit");
235 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
236 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
238 if (configfile != NULL) {
241 if (debug_level > 0) {
242 print_memory_pool_stats();
244 free_config_resources();
248 close_memory_pool(); /* release free memory in pool */
249 sm_dump(false); /* dump orphaned buffers */
254 * Make a quick check to see that we have all the
257 static int check_resources()
264 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
266 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
267 "Without that I don't know who I am :-(\n"), configfile);
270 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
271 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
275 my_name_is(0, NULL, me->hdr.name);
277 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
279 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
283 /* tls_require implies tls_enable */
284 if (me->tls_require) {
286 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
289 me->tls_enable = true;
293 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && me->tls_enable) {
294 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
295 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
300 /* If everything is well, attempt to initialize our per-resource TLS context */
301 if (OK && (me->tls_enable || me->tls_require)) {
302 /* Initialize TLS context:
303 * Args: CA certfile, CA certdir, Certfile, Keyfile,
304 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
305 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
306 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
307 NULL, NULL, NULL, true);
310 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
311 me->hdr.name, configfile);
316 if (me->pki_encrypt || me->pki_sign) {
318 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
323 /* pki_encrypt implies pki_sign */
324 if (me->pki_encrypt) {
328 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
329 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
330 " daemon \"%s\" in %s if either \"PKI Sign\" or"
331 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
335 /* If everything is well, attempt to initialize our public/private keys */
336 if (OK && (me->pki_encrypt || me->pki_sign)) {
338 /* Load our keypair */
339 me->pki_keypair = crypto_keypair_new();
340 if (!me->pki_keypair) {
341 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
344 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
345 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
346 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
350 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
351 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
352 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
358 * Trusted Signers. We're always trusted.
360 me->pki_signers = New(alist(10, not_owned_by_alist));
361 if (me->pki_keypair) {
362 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
365 /* If additional signing public keys have been specified, load them up */
366 if (me->pki_signing_key_files) {
367 foreach_alist(filepath, me->pki_signing_key_files) {
368 X509_KEYPAIR *keypair;
370 keypair = crypto_keypair_new();
372 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
375 if (crypto_keypair_load_cert(keypair, filepath)) {
376 me->pki_signers->append(keypair);
378 /* Attempt to load a private key, if available */
379 if (crypto_keypair_has_key(filepath)) {
380 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
381 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
382 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
388 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
389 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
397 * Crypto recipients. We're always included as a recipient.
398 * The symmetric session key will be encrypted for each of these readers.
400 me->pki_recipients = New(alist(10, not_owned_by_alist));
401 if (me->pki_keypair) {
402 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
406 /* If additional keys have been specified, load them up */
407 if (me->pki_master_key_files) {
408 foreach_alist(filepath, me->pki_master_key_files) {
409 X509_KEYPAIR *keypair;
411 keypair = crypto_keypair_new();
413 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
416 if (crypto_keypair_load_cert(keypair, filepath)) {
417 me->pki_recipients->append(keypair);
419 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
420 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
430 /* Verify that a director record exists */
432 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
435 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
440 foreach_res(director, R_DIRECTOR) {
441 /* tls_require implies tls_enable */
442 if (director->tls_require) {
444 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
448 director->tls_enable = true;
452 if (!director->tls_certfile && director->tls_enable) {
453 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
454 director->hdr.name, configfile);
458 if (!director->tls_keyfile && director->tls_enable) {
459 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
460 director->hdr.name, configfile);
464 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
465 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
466 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
467 " At least one CA certificate store is required"
468 " when using \"TLS Verify Peer\".\n"),
469 director->hdr.name, configfile);
473 /* If everything is well, attempt to initialize our per-resource TLS context */
474 if (OK && (director->tls_enable || director->tls_require)) {
475 /* Initialize TLS context:
476 * Args: CA certfile, CA certdir, Certfile, Keyfile,
477 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
478 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
479 director->tls_ca_certdir, director->tls_certfile,
480 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
481 director->tls_verify_peer);
483 if (!director->tls_ctx) {
484 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
485 director->hdr.name, configfile);
494 close_msg(NULL); /* close temp message handler */
495 init_msg(NULL, me->messages); /* open user specified message handler */