2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2010 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
31 * Kern Sibbald, March MM
37 #include "lib/mntent_cache.h"
41 #undef _POSIX_C_SOURCE
44 #include "lib/pythonlib.h"
46 /* Imported Functions */
47 extern PyObject *job_getattr(PyObject *self, char *attrname);
48 extern int job_setattr(PyObject *self, char *attrname, PyObject *value);
50 #endif /* HAVE_PYTHON */
52 /* Imported Functions */
53 extern void *handle_client_request(void *dir_sock);
54 extern bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code);
56 /* Forward referenced functions */
57 static bool check_resources();
59 /* Exported variables */
60 CLIENT *me; /* my resource */
61 bool no_signals = false;
64 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
66 char *configfile = NULL;
67 static bool foreground = false;
68 static workq_t dir_workq; /* queue of work from Director */
69 static pthread_t server_tid;
70 static CONFIG *config;
76 "\nVersion: %s (%s)\n\n"
77 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
78 " -c <file> use <file> as configuration file\n"
79 " -d <nn> set debug level to <nn>\n"
80 " -dt print a timestamp in debug output\n"
81 " -f run in foreground (for debugging)\n"
83 " -k keep readall capabilities\n"
84 " -m print kaboom output (for debugging)\n"
85 " -s no signals (for debugging)\n"
86 " -t test configuration file and exit\n"
88 " -v verbose user messages\n"
89 " -? print this message.\n"
90 "\n"), 2000, VERSION, BDATE);
96 /*********************************************************************
98 * Main Bacula Unix Client Program
101 #if defined(HAVE_WIN32)
102 #define main BaculaMain
105 int main (int argc, char *argv[])
108 bool test_config = false;
109 bool keep_readall_caps = false;
113 init_python_interpreter_args python_args;
114 #endif /* HAVE_PYTHON */
116 start_heap = sbrk(0);
117 setlocale(LC_ALL, "");
118 bindtextdomain("bacula", LOCALEDIR);
119 textdomain("bacula");
122 my_name_is(argc, argv, "bacula-fd");
123 init_msg(NULL, NULL);
124 daemon_start_time = time(NULL);
126 while ((ch = getopt(argc, argv, "c:d:fg:kmstu:v?")) != -1) {
128 case 'c': /* configuration file */
129 if (configfile != NULL) {
132 configfile = bstrdup(optarg);
135 case 'd': /* debug level */
136 if (*optarg == 't') {
137 dbg_timestamp = true;
139 debug_level = atoi(optarg);
140 if (debug_level <= 0) {
146 case 'f': /* run in foreground */
150 case 'g': /* set group */
155 keep_readall_caps = true;
158 case 'm': /* print kaboom output */
170 case 'u': /* set userid */
174 case 'v': /* verbose */
188 if (configfile != NULL)
190 configfile = bstrdup(*argv);
198 if (!uid && keep_readall_caps) {
199 Emsg0(M_ERROR_TERM, 0, _("-k option has no meaning without -u option.\n"));
202 server_tid = pthread_self();
204 init_signals(terminate_filed);
206 /* This reduces the number of signals facilitating debugging */
207 watchdog_sleep_time = 120; /* long timeout for debugging */
210 if (configfile == NULL) {
211 configfile = bstrdup(CONFIG_FILE);
214 config = new_config_parser();
215 parse_fd_config(config, configfile, M_ERROR_TERM);
217 if (init_crypto() != 0) {
218 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
222 if (!check_resources()) {
223 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
227 set_working_directory(me->working_directory);
235 init_stack_dump(); /* set new pid */
238 set_thread_concurrency(me->MaxConcurrentJobs + 10);
239 lmgr_init_thread(); /* initialize the lockmanager stack */
241 /* Maximum 1 daemon at a time */
242 create_pid_file(me->pid_directory, "bacula-fd",
243 get_first_port_host_order(me->FDaddrs));
244 read_state_file(me->working_directory, "bacula-fd",
245 get_first_port_host_order(me->FDaddrs));
247 load_fd_plugins(me->plugin_directory);
249 drop(uid, gid, keep_readall_caps);
256 python_args.progname = me->hdr.name;
257 python_args.scriptdir = me->scripts_directory;
258 python_args.modulename = "FDStartUp";
259 python_args.configfile = configfile;
260 python_args.workingdir = me->working_directory;
261 python_args.job_getattr = job_getattr;
262 python_args.job_setattr = job_setattr;
264 init_python_interpreter(&python_args);
265 #endif /* HAVE_PYTHON */
268 start_watchdog(); /* start watchdog thread */
269 init_jcr_subsystem(); /* start JCR watchdogs etc. */
271 server_tid = pthread_self();
273 /* Become server, and handle requests */
275 foreach_dlist(p, me->FDaddrs) {
276 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
278 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
281 exit(0); /* should never get here */
284 void terminate_filed(int sig)
286 static bool already_here = false;
289 bmicrosleep(2, 0); /* yield */
290 exit(1); /* prevent loops */
293 debug_level = 0; /* turn off debug */
296 bnet_stop_thread_server(server_tid);
297 generate_daemon_event(NULL, "Exit");
299 flush_mntent_cache();
300 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
301 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
303 if (configfile != NULL) {
307 if (debug_level > 0) {
308 print_memory_pool_stats();
311 config->free_resources();
317 close_memory_pool(); /* release free memory in pool */
319 sm_dump(false); /* dump orphaned buffers */
324 * Make a quick check to see that we have all the
327 static bool check_resources()
335 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
337 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
338 "Without that I don't know who I am :-(\n"), configfile);
341 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
342 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
346 my_name_is(0, NULL, me->hdr.name);
348 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
350 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
354 /* tls_require implies tls_enable */
355 if (me->tls_require) {
357 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
360 me->tls_enable = true;
363 need_tls = me->tls_enable || me->tls_authenticate;
365 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && need_tls) {
366 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
367 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
372 /* If everything is well, attempt to initialize our per-resource TLS context */
373 if (OK && (need_tls || me->tls_require)) {
374 /* Initialize TLS context:
375 * Args: CA certfile, CA certdir, Certfile, Keyfile,
376 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
377 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
378 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
379 NULL, NULL, NULL, true);
382 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
383 me->hdr.name, configfile);
388 if (me->pki_encrypt || me->pki_sign) {
390 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
395 /* pki_encrypt implies pki_sign */
396 if (me->pki_encrypt) {
400 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
401 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
402 " daemon \"%s\" in %s if either \"PKI Sign\" or"
403 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
407 /* If everything is well, attempt to initialize our public/private keys */
408 if (OK && (me->pki_encrypt || me->pki_sign)) {
410 /* Load our keypair */
411 me->pki_keypair = crypto_keypair_new();
412 if (!me->pki_keypair) {
413 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
416 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
417 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
418 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
422 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
423 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
424 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
430 * Trusted Signers. We're always trusted.
432 me->pki_signers = New(alist(10, not_owned_by_alist));
433 if (me->pki_keypair) {
434 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
437 /* If additional signing public keys have been specified, load them up */
438 if (me->pki_signing_key_files) {
439 foreach_alist(filepath, me->pki_signing_key_files) {
440 X509_KEYPAIR *keypair;
442 keypair = crypto_keypair_new();
444 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
447 if (crypto_keypair_load_cert(keypair, filepath)) {
448 me->pki_signers->append(keypair);
450 /* Attempt to load a private key, if available */
451 if (crypto_keypair_has_key(filepath)) {
452 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
453 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
454 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
460 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
461 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
469 * Crypto recipients. We're always included as a recipient.
470 * The symmetric session key will be encrypted for each of these readers.
472 me->pki_recipients = New(alist(10, not_owned_by_alist));
473 if (me->pki_keypair) {
474 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
478 /* If additional keys have been specified, load them up */
479 if (me->pki_master_key_files) {
480 foreach_alist(filepath, me->pki_master_key_files) {
481 X509_KEYPAIR *keypair;
483 keypair = crypto_keypair_new();
485 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
488 if (crypto_keypair_load_cert(keypair, filepath)) {
489 me->pki_recipients->append(keypair);
491 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
492 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
502 /* Verify that a director record exists */
504 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
507 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
512 foreach_res(director, R_DIRECTOR) {
513 /* tls_require implies tls_enable */
514 if (director->tls_require) {
516 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
520 director->tls_enable = true;
523 need_tls = director->tls_enable || director->tls_authenticate;
525 if (!director->tls_certfile && need_tls) {
526 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
527 director->hdr.name, configfile);
531 if (!director->tls_keyfile && need_tls) {
532 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
533 director->hdr.name, configfile);
537 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && need_tls && director->tls_verify_peer) {
538 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
539 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
540 " At least one CA certificate store is required"
541 " when using \"TLS Verify Peer\".\n"),
542 director->hdr.name, configfile);
546 /* If everything is well, attempt to initialize our per-resource TLS context */
547 if (OK && (need_tls || director->tls_require)) {
548 /* Initialize TLS context:
549 * Args: CA certfile, CA certdir, Certfile, Keyfile,
550 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
551 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
552 director->tls_ca_certdir, director->tls_certfile,
553 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
554 director->tls_verify_peer);
556 if (!director->tls_ctx) {
557 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
558 director->hdr.name, configfile);
567 close_msg(NULL); /* close temp message handler */
568 init_msg(NULL, me->messages); /* open user specified message handler */