2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2010 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
31 * Kern Sibbald, March MM
40 #undef _POSIX_C_SOURCE
43 #include "lib/pythonlib.h"
45 /* Imported Functions */
46 extern PyObject *job_getattr(PyObject *self, char *attrname);
47 extern int job_setattr(PyObject *self, char *attrname, PyObject *value);
49 #endif /* HAVE_PYTHON */
51 /* Imported Functions */
52 extern void *handle_client_request(void *dir_sock);
53 extern bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code);
55 /* Forward referenced functions */
56 void terminate_filed(int sig);
57 static bool check_resources();
59 /* Exported variables */
60 CLIENT *me; /* my resource */
61 bool no_signals = false;
64 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
66 char *configfile = NULL;
67 static bool foreground = false;
68 static workq_t dir_workq; /* queue of work from Director */
69 static pthread_t server_tid;
70 static CONFIG *config;
76 "\nVersion: %s (%s)\n\n"
77 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
78 " -c <file> use <file> as configuration file\n"
79 " -d <nn> set debug level to <nn>\n"
80 " -dt print a timestamp in debug output\n"
81 " -f run in foreground (for debugging)\n"
83 " -k keep readall capabilities\n"
84 " -m print kaboom output (for debugging)\n"
85 " -s no signals (for debugging)\n"
86 " -t test configuration file and exit\n"
88 " -v verbose user messages\n"
89 " -? print this message.\n"
90 "\n"), 2000, VERSION, BDATE);
96 /*********************************************************************
98 * Main Bacula Unix Client Program
101 #if defined(HAVE_WIN32)
102 #define main BaculaMain
105 int main (int argc, char *argv[])
108 bool test_config = false;
109 bool keep_readall_caps = false;
113 init_python_interpreter_args python_args;
114 #endif /* HAVE_PYTHON */
116 start_heap = sbrk(0);
117 setlocale(LC_ALL, "");
118 bindtextdomain("bacula", LOCALEDIR);
119 textdomain("bacula");
122 my_name_is(argc, argv, "bacula-fd");
123 init_msg(NULL, NULL);
124 daemon_start_time = time(NULL);
126 while ((ch = getopt(argc, argv, "c:d:fg:kmstu:v?")) != -1) {
128 case 'c': /* configuration file */
129 if (configfile != NULL) {
132 configfile = bstrdup(optarg);
135 case 'd': /* debug level */
136 if (*optarg == 't') {
137 dbg_timestamp = true;
139 debug_level = atoi(optarg);
140 if (debug_level <= 0) {
146 case 'f': /* run in foreground */
150 case 'g': /* set group */
155 keep_readall_caps = true;
158 case 'm': /* print kaboom output */
170 case 'u': /* set userid */
174 case 'v': /* verbose */
188 if (configfile != NULL)
190 configfile = bstrdup(*argv);
198 if (!uid && keep_readall_caps) {
199 Emsg0(M_ERROR_TERM, 0, _("-k option has no meaning without -u option.\n"));
202 server_tid = pthread_self();
204 init_signals(terminate_filed);
206 /* This reduces the number of signals facilitating debugging */
207 watchdog_sleep_time = 120; /* long timeout for debugging */
210 if (configfile == NULL) {
211 configfile = bstrdup(CONFIG_FILE);
214 config = new_config_parser();
215 parse_fd_config(config, configfile, M_ERROR_TERM);
217 if (init_crypto() != 0) {
218 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
222 if (!check_resources()) {
223 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
227 set_working_directory(me->working_directory);
235 init_stack_dump(); /* set new pid */
238 set_thread_concurrency(me->MaxConcurrentJobs + 10);
239 lmgr_init_thread(); /* initialize the lockmanager stack */
241 /* Maximum 1 daemon at a time */
242 create_pid_file(me->pid_directory, "bacula-fd",
243 get_first_port_host_order(me->FDaddrs));
244 read_state_file(me->working_directory, "bacula-fd",
245 get_first_port_host_order(me->FDaddrs));
247 load_fd_plugins(me->plugin_directory);
249 drop(uid, gid, keep_readall_caps);
256 python_args.progname = me->hdr.name;
257 python_args.scriptdir = me->scripts_directory;
258 python_args.modulename = "FDStartUp";
259 python_args.configfile = configfile;
260 python_args.workingdir = me->working_directory;
261 python_args.job_getattr = job_getattr;
262 python_args.job_setattr = job_setattr;
264 init_python_interpreter(&python_args);
265 #endif /* HAVE_PYTHON */
268 start_watchdog(); /* start watchdog thread */
269 init_jcr_subsystem(); /* start JCR watchdogs etc. */
271 server_tid = pthread_self();
273 /* Become server, and handle requests */
275 foreach_dlist(p, me->FDaddrs) {
276 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
278 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
281 exit(0); /* should never get here */
284 void terminate_filed(int sig)
286 static bool already_here = false;
289 bmicrosleep(2, 0); /* yield */
290 exit(1); /* prevent loops */
293 debug_level = 0; /* turn off debug */
296 bnet_stop_thread_server(server_tid);
297 generate_daemon_event(NULL, "Exit");
299 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
300 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
302 if (configfile != NULL) {
306 if (debug_level > 0) {
307 print_memory_pool_stats();
310 config->free_resources();
316 close_memory_pool(); /* release free memory in pool */
318 sm_dump(false); /* dump orphaned buffers */
323 * Make a quick check to see that we have all the
326 static bool check_resources()
334 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
336 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
337 "Without that I don't know who I am :-(\n"), configfile);
340 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
341 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
345 my_name_is(0, NULL, me->hdr.name);
347 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
349 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
353 /* tls_require implies tls_enable */
354 if (me->tls_require) {
356 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
359 me->tls_enable = true;
362 need_tls = me->tls_enable || me->tls_authenticate;
364 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && need_tls) {
365 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
366 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
371 /* If everything is well, attempt to initialize our per-resource TLS context */
372 if (OK && (need_tls || me->tls_require)) {
373 /* Initialize TLS context:
374 * Args: CA certfile, CA certdir, Certfile, Keyfile,
375 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
376 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
377 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
378 NULL, NULL, NULL, true);
381 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
382 me->hdr.name, configfile);
387 if (me->pki_encrypt || me->pki_sign) {
389 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
394 /* pki_encrypt implies pki_sign */
395 if (me->pki_encrypt) {
399 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
400 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
401 " daemon \"%s\" in %s if either \"PKI Sign\" or"
402 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
406 /* If everything is well, attempt to initialize our public/private keys */
407 if (OK && (me->pki_encrypt || me->pki_sign)) {
409 /* Load our keypair */
410 me->pki_keypair = crypto_keypair_new();
411 if (!me->pki_keypair) {
412 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
415 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
416 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
417 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
421 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
422 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
423 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
429 * Trusted Signers. We're always trusted.
431 me->pki_signers = New(alist(10, not_owned_by_alist));
432 if (me->pki_keypair) {
433 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
436 /* If additional signing public keys have been specified, load them up */
437 if (me->pki_signing_key_files) {
438 foreach_alist(filepath, me->pki_signing_key_files) {
439 X509_KEYPAIR *keypair;
441 keypair = crypto_keypair_new();
443 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
446 if (crypto_keypair_load_cert(keypair, filepath)) {
447 me->pki_signers->append(keypair);
449 /* Attempt to load a private key, if available */
450 if (crypto_keypair_has_key(filepath)) {
451 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
452 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
453 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
459 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
460 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
468 * Crypto recipients. We're always included as a recipient.
469 * The symmetric session key will be encrypted for each of these readers.
471 me->pki_recipients = New(alist(10, not_owned_by_alist));
472 if (me->pki_keypair) {
473 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
477 /* If additional keys have been specified, load them up */
478 if (me->pki_master_key_files) {
479 foreach_alist(filepath, me->pki_master_key_files) {
480 X509_KEYPAIR *keypair;
482 keypair = crypto_keypair_new();
484 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
487 if (crypto_keypair_load_cert(keypair, filepath)) {
488 me->pki_recipients->append(keypair);
490 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
491 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
501 /* Verify that a director record exists */
503 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
506 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
511 foreach_res(director, R_DIRECTOR) {
512 /* tls_require implies tls_enable */
513 if (director->tls_require) {
515 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
519 director->tls_enable = true;
522 need_tls = director->tls_enable || director->tls_authenticate;
524 if (!director->tls_certfile && need_tls) {
525 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
526 director->hdr.name, configfile);
530 if (!director->tls_keyfile && need_tls) {
531 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
532 director->hdr.name, configfile);
536 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && need_tls && director->tls_verify_peer) {
537 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
538 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
539 " At least one CA certificate store is required"
540 " when using \"TLS Verify Peer\".\n"),
541 director->hdr.name, configfile);
545 /* If everything is well, attempt to initialize our per-resource TLS context */
546 if (OK && (need_tls || director->tls_require)) {
547 /* Initialize TLS context:
548 * Args: CA certfile, CA certdir, Certfile, Keyfile,
549 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
550 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
551 director->tls_ca_certdir, director->tls_certfile,
552 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
553 director->tls_verify_peer);
555 if (!director->tls_ctx) {
556 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
557 director->hdr.name, configfile);
566 close_msg(NULL); /* close temp message handler */
567 init_msg(NULL, me->messages); /* open user specified message handler */