4 * Kern Sibbald, March MM
10 Copyright (C) 2000-2005 Kern Sibbald
12 This program is free software; you can redistribute it and/or
13 modify it under the terms of the GNU General Public License
14 version 2 as amended with additional clauses defined in the
15 file LICENSE in the main source directory.
17 This program is distributed in the hope that it will be useful,
18 but WITHOUT ANY WARRANTY; without even the implied warranty of
19 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 the file LICENSE for additional details.
27 /* Imported Functions */
28 extern void *handle_client_request(void *dir_sock);
30 /* Imported Variables */
31 extern time_t watchdog_sleep_time;
33 /* Forward referenced functions */
34 void terminate_filed(int sig);
35 static int check_resources();
37 /* Exported variables */
38 CLIENT *me; /* my resource */
39 char OK_msg[] = "2000 OK\n";
40 char TERM_msg[] = "2999 Terminate\n";
41 bool no_signals = false;
43 #if defined(HAVE_CYGWIN) || defined(HAVE_WIN32)
44 const int win32_client = 1;
46 const int win32_client = 0;
50 #define CONFIG_FILE "./bacula-fd.conf" /* default config file */
52 char *configfile = NULL;
53 static bool foreground = false;
54 static bool inetd_request = false;
55 static workq_t dir_workq; /* queue of work from Director */
56 static pthread_t server_tid;
62 "Copyright (C) 2000-2005 Kern Sibbald\n"
63 "\nVersion: %s (%s)\n\n"
64 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
65 " -c <file> use <file> as configuration file\n"
66 " -dnn set debug level to nn\n"
67 " -f run in foreground (for debugging)\n"
70 " -s no signals (for debugging)\n"
71 " -t test configuration file and exit\n"
73 " -v verbose user messages\n"
74 " -? print this message.\n"
75 "\n"), VERSION, BDATE);
80 /*********************************************************************
82 * Main Bacula Unix Client Program
85 #if defined(HAVE_CYGWIN) || defined(HAVE_WIN32)
86 #define main BaculaMain
89 int main (int argc, char *argv[])
92 bool test_config = false;
96 setlocale(LC_ALL, "");
97 bindtextdomain("bacula", LOCALEDIR);
101 my_name_is(argc, argv, "bacula-fd");
102 init_msg(NULL, NULL);
103 daemon_start_time = time(NULL);
105 while ((ch = getopt(argc, argv, "c:d:fg:istu:v?")) != -1) {
107 case 'c': /* configuration file */
108 if (configfile != NULL) {
111 configfile = bstrdup(optarg);
114 case 'd': /* debug level */
115 debug_level = atoi(optarg);
116 if (debug_level <= 0) {
121 case 'f': /* run in foreground */
125 case 'g': /* set group */
130 inetd_request = true;
140 case 'u': /* set userid */
144 case 'v': /* verbose */
158 if (configfile != NULL)
160 configfile = bstrdup(*argv);
168 server_tid = pthread_self();
170 init_signals(terminate_filed);
172 /* This reduces the number of signals facilitating debugging */
173 watchdog_sleep_time = 120; /* long timeout for debugging */
176 if (configfile == NULL) {
177 configfile = bstrdup(CONFIG_FILE);
180 parse_config(configfile);
182 if (init_crypto() != 0) {
183 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
187 if (!check_resources()) {
188 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
192 set_working_directory(me->working_directory);
198 if (!foreground &&!inetd_request) {
200 init_stack_dump(); /* set new pid */
203 /* Maximum 1 daemon at a time */
204 create_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
205 read_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
213 init_python_interpreter(me->hdr.name, me->scripts_directory, "FDStartUp");
215 set_thread_concurrency(10);
218 start_watchdog(); /* start watchdog thread */
219 init_jcr_subsystem(); /* start JCR watchdogs etc. */
221 server_tid = pthread_self();
224 /* Socket is on fd 0 */
225 struct sockaddr client_addr;
227 socklen_t client_addr_len = sizeof(client_addr);
228 if (getsockname(0, &client_addr, &client_addr_len) == 0) {
229 /* MA BUG 6 remove ifdefs */
230 port = sockaddr_get_port_net_order(&client_addr);
232 BSOCK *bs = init_bsock(NULL, 0, "client", "unknown client", port, &client_addr);
233 handle_client_request((void *)bs);
235 /* Become server, and handle requests */
237 foreach_dlist(p, me->FDaddrs) {
238 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
240 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
244 exit(0); /* should never get here */
247 void terminate_filed(int sig)
249 bnet_stop_thread_server(server_tid);
250 generate_daemon_event(NULL, "Exit");
251 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
252 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
254 if (configfile != NULL) {
257 if (debug_level > 0) {
258 print_memory_pool_stats();
260 free_config_resources();
264 close_memory_pool(); /* release free memory in pool */
265 sm_dump(false); /* dump orphaned buffers */
270 * Make a quick check to see that we have all the
273 static int check_resources()
280 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
282 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
283 "Without that I don't know who I am :-(\n"), configfile);
286 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
287 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
291 my_name_is(0, NULL, me->hdr.name);
293 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
295 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
299 /* tls_require implies tls_enable */
300 if (me->tls_require) {
302 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
305 me->tls_enable = true;
309 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && me->tls_enable) {
310 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
311 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
316 /* If everything is well, attempt to initialize our per-resource TLS context */
317 if (OK && (me->tls_enable || me->tls_require)) {
318 /* Initialize TLS context:
319 * Args: CA certfile, CA certdir, Certfile, Keyfile,
320 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
321 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
322 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
323 NULL, NULL, NULL, true);
326 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
327 me->hdr.name, configfile);
332 if (me->pki_encrypt || me->pki_sign) {
334 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
339 /* pki_encrypt implies pki_sign */
340 if (me->pki_encrypt) {
344 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
345 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
346 " daemon \"%s\" in %s if either \"PKI Sign\" or"
347 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
351 /* If everything is well, attempt to initialize our public/private keys */
352 if (OK && (me->pki_encrypt || me->pki_sign)) {
354 /* Load our keypair */
355 me->pki_keypair = crypto_keypair_new();
356 if (!me->pki_keypair) {
357 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
360 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
361 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
362 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
366 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
367 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
368 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
374 * Trusted Signers. We're always trusted.
376 me->pki_signers = New(alist(10, not_owned_by_alist));
377 if (me->pki_keypair) {
378 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
381 /* If additional signing public keys have been specified, load them up */
382 if (me->pki_signing_key_files) {
383 foreach_alist(filepath, me->pki_signing_key_files) {
384 X509_KEYPAIR *keypair;
386 keypair = crypto_keypair_new();
388 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
391 if (crypto_keypair_load_cert(keypair, filepath)) {
392 me->pki_signers->append(keypair);
394 /* Attempt to load a private key, if available */
395 if (crypto_keypair_has_key(filepath)) {
396 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
397 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
398 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
404 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
405 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
413 * Crypto recipients. We're always included as a recipient.
414 * The symmetric session key will be encrypted for each of these readers.
416 me->pki_recipients = New(alist(10, not_owned_by_alist));
417 if (me->pki_keypair) {
418 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
422 /* If additional keys have been specified, load them up */
423 if (me->pki_master_key_files) {
424 foreach_alist(filepath, me->pki_master_key_files) {
425 X509_KEYPAIR *keypair;
427 keypair = crypto_keypair_new();
429 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
432 if (crypto_keypair_load_cert(keypair, filepath)) {
433 me->pki_recipients->append(keypair);
435 /* Attempt to load a private key, if available */
436 if (crypto_keypair_has_key(filepath)) {
437 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
438 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
439 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
445 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
446 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
456 /* Verify that a director record exists */
458 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
461 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
466 foreach_res(director, R_DIRECTOR) {
467 /* tls_require implies tls_enable */
468 if (director->tls_require) {
470 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
474 director->tls_enable = true;
478 if (!director->tls_certfile && director->tls_enable) {
479 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
480 director->hdr.name, configfile);
484 if (!director->tls_keyfile && director->tls_enable) {
485 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
486 director->hdr.name, configfile);
490 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
491 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
492 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
493 " At least one CA certificate store is required"
494 " when using \"TLS Verify Peer\".\n"),
495 director->hdr.name, configfile);
499 /* If everything is well, attempt to initialize our per-resource TLS context */
500 if (OK && (director->tls_enable || director->tls_require)) {
501 /* Initialize TLS context:
502 * Args: CA certfile, CA certdir, Certfile, Keyfile,
503 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
504 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
505 director->tls_ca_certdir, director->tls_certfile,
506 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
507 director->tls_verify_peer);
509 if (!director->tls_ctx) {
510 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
511 director->hdr.name, configfile);
520 close_msg(NULL); /* close temp message handler */
521 init_msg(NULL, me->messages); /* open user specified message handler */