2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2014 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from many
7 others, a complete list can be found in the file AUTHORS.
9 You may use this file and others of this release according to the
10 license defined in the LICENSE file, which includes the Affero General
11 Public License, v3.0 ("AGPLv3") and some additional permissions and
12 terms pursuant to its AGPLv3 Section 7.
14 Bacula® is a registered trademark of Kern Sibbald.
19 * Written by Kern Sibbald, March MM
25 #include "lib/mntent_cache.h"
27 /* Imported Functions */
28 extern void *handle_connection_request(void *dir_sock);
29 extern bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code);
31 /* Forward referenced functions */
32 static bool check_resources();
34 /* Exported variables */
35 CLIENT *me; /* my resource */
36 bool no_signals = false;
38 extern struct s_cmds cmds[];
40 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
42 char *configfile = NULL;
43 static bool foreground = false;
44 static workq_t dir_workq; /* queue of work from Director */
45 static pthread_t server_tid;
46 static CONFIG *config;
52 "\n%sVersion: %s (%s)\n\n"
53 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
54 " -c <file> use <file> as configuration file\n"
55 " -d <n>[,<tags>] set debug level to <nn>, debug tags to <tags>\n"
56 " -dt print a timestamp in debug output\n"
57 " -f run in foreground (for debugging)\n"
59 " -k keep readall capabilities\n"
60 " -m print kaboom output (for debugging)\n"
61 " -s no signals (for debugging)\n"
62 " -t test configuration file and exit\n"
65 " -v verbose user messages\n"
66 " -? print this message.\n"
67 "\n"), 2000, "", VERSION, BDATE);
73 /*********************************************************************
75 * Main Bacula Unix Client Program
78 #if defined(HAVE_WIN32)
79 #define main BaculaMain
82 int main (int argc, char *argv[])
85 bool test_config = false;
86 bool keep_readall_caps = false;
91 setlocale(LC_ALL, "");
92 bindtextdomain("bacula", LOCALEDIR);
96 my_name_is(argc, argv, "bacula-fd");
98 daemon_start_time = time(NULL);
100 while ((ch = getopt(argc, argv, "c:d:fg:kmstTu:v?D:")) != -1) {
102 case 'c': /* configuration file */
103 if (configfile != NULL) {
106 configfile = bstrdup(optarg);
109 case 'd': /* debug level */
110 if (*optarg == 't') {
111 dbg_timestamp = true;
114 /* We probably find a tag list -d 10,sql,bvfs */
115 if ((p = strchr(optarg, ',')) != NULL) {
118 debug_level = atoi(optarg);
119 if (debug_level <= 0) {
123 debug_parse_tags(p+1, &debug_level);
128 case 'f': /* run in foreground */
132 case 'g': /* set group */
137 keep_readall_caps = true;
140 case 'm': /* print kaboom output */
156 case 'u': /* set userid */
160 case 'v': /* verbose */
174 if (configfile != NULL)
176 configfile = bstrdup(*argv);
184 if (!uid && keep_readall_caps) {
185 Emsg0(M_ERROR_TERM, 0, _("-k option has no meaning without -u option.\n"));
188 server_tid = pthread_self();
190 init_signals(terminate_filed);
192 /* This reduces the number of signals facilitating debugging */
193 watchdog_sleep_time = 120; /* long timeout for debugging */
196 if (configfile == NULL) {
197 configfile = bstrdup(CONFIG_FILE);
200 config = new_config_parser();
201 parse_fd_config(config, configfile, M_ERROR_TERM);
203 if (init_crypto() != 0) {
204 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
208 if (!check_resources()) {
209 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
213 set_working_directory(me->working_directory);
221 init_stack_dump(); /* set new pid */
224 set_thread_concurrency(me->MaxConcurrentJobs + 10);
225 lmgr_init_thread(); /* initialize the lockmanager stack */
227 /* Maximum 1 daemon at a time */
228 create_pid_file(me->pid_directory, "bacula-fd",
229 get_first_port_host_order(me->FDaddrs));
230 read_state_file(me->working_directory, "bacula-fd",
231 get_first_port_host_order(me->FDaddrs));
233 load_fd_plugins(me->plugin_directory);
235 drop(uid, gid, keep_readall_caps);
242 start_watchdog(); /* start watchdog thread */
243 init_jcr_subsystem(); /* start JCR watchdogs etc. */
245 server_tid = pthread_self();
247 /* Become server, and handle requests */
249 foreach_dlist(p, me->FDaddrs) {
250 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
252 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq,
253 handle_connection_request);
256 exit(0); /* should never get here */
259 void terminate_filed(int sig)
261 static bool already_here = false;
264 bmicrosleep(2, 0); /* yield */
265 exit(1); /* prevent loops */
268 debug_level = 0; /* turn off debug */
271 bnet_stop_thread_server(server_tid);
272 generate_daemon_event(NULL, "Exit");
274 flush_mntent_cache();
275 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
276 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
278 if (configfile != NULL) {
282 if (debug_level > 0) {
283 print_memory_pool_stats();
286 config->free_resources();
292 close_memory_pool(); /* release free memory in pool */
294 sm_dump(false); /* dump orphaned buffers */
299 * Make a quick check to see that we have all the
302 static bool check_resources()
313 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
315 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
316 "Without that I don't know who I am :-(\n"), configfile);
319 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
320 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
324 my_name_is(0, NULL, me->hdr.name);
326 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
328 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
333 /* Construct disabled command array */
334 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
335 if (me->disable_cmds) {
336 me->disabled_cmds_array = (bool *)malloc(i);
337 memset(me->disabled_cmds_array, 0, i);
338 foreach_alist(cmd, me->disable_cmds) {
340 for (i=0; cmds[i].cmd; i++) {
341 if (strncasecmp(cmds[i].cmd, cmd, strlen(cmd)) == 0) {
342 me->disabled_cmds_array[i] = true;
348 Jmsg(NULL, M_FATAL, 0, _("Disable Command \"%s\" not found.\n"),
355 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
357 if (me->disabled_cmds_array[i]) {
358 Dmsg1(050, "Command: %s disabled.\n", cmds[i].cmd);
363 /* tls_require implies tls_enable */
364 if (me->tls_require) {
366 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
369 me->tls_enable = true;
372 need_tls = me->tls_enable || me->tls_authenticate;
374 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && need_tls) {
375 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
376 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
381 /* If everything is well, attempt to initialize our per-resource TLS context */
382 if (OK && (need_tls || me->tls_require)) {
383 /* Initialize TLS context:
384 * Args: CA certfile, CA certdir, Certfile, Keyfile,
385 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
386 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
387 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
388 NULL, NULL, NULL, true);
391 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
392 me->hdr.name, configfile);
397 if (me->pki_encrypt || me->pki_sign) {
399 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
404 /* pki_encrypt implies pki_sign */
405 if (me->pki_encrypt) {
409 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
410 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
411 " daemon \"%s\" in %s if either \"PKI Sign\" or"
412 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
416 /* If everything is well, attempt to initialize our public/private keys */
417 if (OK && (me->pki_encrypt || me->pki_sign)) {
419 /* Load our keypair */
420 me->pki_keypair = crypto_keypair_new();
421 if (!me->pki_keypair) {
422 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
425 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
426 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
427 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
431 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
432 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
433 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
439 * Trusted Signers. We're always trusted.
441 me->pki_signers = New(alist(10, not_owned_by_alist));
442 if (me->pki_keypair) {
443 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
446 /* If additional signing public keys have been specified, load them up */
447 if (me->pki_signing_key_files) {
448 foreach_alist(filepath, me->pki_signing_key_files) {
449 X509_KEYPAIR *keypair;
451 keypair = crypto_keypair_new();
453 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
456 if (crypto_keypair_load_cert(keypair, filepath)) {
457 me->pki_signers->append(keypair);
459 /* Attempt to load a private key, if available */
460 if (crypto_keypair_has_key(filepath)) {
461 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
462 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
463 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
469 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
470 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
478 * Crypto recipients. We're always included as a recipient.
479 * The symmetric session key will be encrypted for each of these readers.
481 me->pki_recipients = New(alist(10, not_owned_by_alist));
482 if (me->pki_keypair) {
483 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
486 /* Put a default cipher (not possible in the filed_conf.c structure */
487 if (!me->pki_cipher) {
488 me->pki_cipher = CRYPTO_CIPHER_AES_128_CBC;
491 /* Put a default digest (not possible in the filed_conf.c structure */
492 if (!me->pki_digest) {
493 me->pki_digest = CRYPTO_DIGEST_DEFAULT;
496 /* If additional keys have been specified, load them up */
497 if (me->pki_master_key_files) {
498 foreach_alist(filepath, me->pki_master_key_files) {
499 X509_KEYPAIR *keypair;
501 keypair = crypto_keypair_new();
503 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
506 if (crypto_keypair_load_cert(keypair, filepath)) {
507 me->pki_recipients->append(keypair);
509 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
510 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
520 /* Verify that a director record exists */
522 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
525 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
530 foreach_res(director, R_DIRECTOR) {
532 /* Construct disabled command array */
533 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
534 if (me->disable_cmds) {
535 director->disabled_cmds_array = (bool *)malloc(i);
536 memset(director->disabled_cmds_array, 0, i);
537 foreach_alist(cmd, director->disable_cmds) {
539 for (i=0; cmds[i].cmd; i++) {
540 if (strncasecmp(cmds[i].cmd, cmd, strlen(cmd)) == 0) {
541 director->disabled_cmds_array[i] = true;
547 Jmsg(NULL, M_FATAL, 0, _("Disable Command \"%s\" not found.\n"),
555 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
557 if (director->disabled_cmds_array[i]) {
558 Dmsg1(050, "Command: %s disabled for Director.\n", cmds[i].cmd);
563 /* tls_require implies tls_enable */
564 if (director->tls_require) {
566 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
570 director->tls_enable = true;
573 need_tls = director->tls_enable || director->tls_authenticate;
575 if (!director->tls_certfile && need_tls) {
576 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
577 director->hdr.name, configfile);
581 if (!director->tls_keyfile && need_tls) {
582 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
583 director->hdr.name, configfile);
587 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && need_tls && director->tls_verify_peer) {
588 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
589 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
590 " At least one CA certificate store is required"
591 " when using \"TLS Verify Peer\".\n"),
592 director->hdr.name, configfile);
596 /* If everything is well, attempt to initialize our per-resource TLS context */
597 if (OK && (need_tls || director->tls_require)) {
598 /* Initialize TLS context:
599 * Args: CA certfile, CA certdir, Certfile, Keyfile,
600 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
601 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
602 director->tls_ca_certdir, director->tls_certfile,
603 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
604 director->tls_verify_peer);
606 if (!director->tls_ctx) {
607 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
608 director->hdr.name, configfile);
617 close_msg(NULL); /* close temp message handler */
618 init_msg(NULL, me->messages); /* open user specified message handler */