2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
31 * Kern Sibbald, March MM
40 /* Imported Functions */
41 extern void *handle_client_request(void *dir_sock);
42 extern bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code);
44 /* Forward referenced functions */
45 void terminate_filed(int sig);
46 static bool check_resources();
48 /* Exported variables */
49 CLIENT *me; /* my resource */
50 bool no_signals = false;
54 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
56 char *configfile = NULL;
57 static bool foreground = false;
58 static workq_t dir_workq; /* queue of work from Director */
59 static pthread_t server_tid;
60 static CONFIG *config;
66 "\nVersion: %s (%s)\n\n"
67 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
68 " -c <file> use <file> as configuration file\n"
69 " -d <nn> set debug level to <nn>\n"
70 " -dt print timestamp in debug output\n"
71 " -f run in foreground (for debugging)\n"
73 " -s no signals (for debugging)\n"
74 " -t test configuration file and exit\n"
76 " -v verbose user messages\n"
77 " -? print this message.\n"
78 "\n"), 2000, VERSION, BDATE);
83 /*********************************************************************
85 * Main Bacula Unix Client Program
88 #if defined(HAVE_WIN32)
89 #define main BaculaMain
92 int main (int argc, char *argv[])
95 bool test_config = false;
100 setlocale(LC_ALL, "");
101 bindtextdomain("bacula", LOCALEDIR);
102 textdomain("bacula");
105 my_name_is(argc, argv, "bacula-fd");
106 init_msg(NULL, NULL);
107 daemon_start_time = time(NULL);
109 while ((ch = getopt(argc, argv, "c:d:fg:stu:v?")) != -1) {
111 case 'c': /* configuration file */
112 if (configfile != NULL) {
115 configfile = bstrdup(optarg);
118 case 'd': /* debug level */
119 if (*optarg == 't') {
120 dbg_timestamp = true;
122 debug_level = atoi(optarg);
123 if (debug_level <= 0) {
129 case 'f': /* run in foreground */
133 case 'g': /* set group */
145 case 'u': /* set userid */
149 case 'v': /* verbose */
163 if (configfile != NULL)
165 configfile = bstrdup(*argv);
173 server_tid = pthread_self();
175 init_signals(terminate_filed);
177 /* This reduces the number of signals facilitating debugging */
178 watchdog_sleep_time = 120; /* long timeout for debugging */
181 if (configfile == NULL) {
182 configfile = bstrdup(CONFIG_FILE);
185 config = new_config_parser();
186 parse_fd_config(config, configfile, M_ERROR_TERM);
188 if (init_crypto() != 0) {
189 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
193 if (!check_resources()) {
194 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
198 set_working_directory(me->working_directory);
206 init_stack_dump(); /* set new pid */
209 /* Maximum 1 daemon at a time */
210 create_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
211 read_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
213 load_fd_plugins(me->plugin_directory);
221 init_python_interpreter(me->hdr.name, me->scripts_directory, "FDStartUp");
223 set_thread_concurrency(10);
226 start_watchdog(); /* start watchdog thread */
227 init_jcr_subsystem(); /* start JCR watchdogs etc. */
229 server_tid = pthread_self();
231 /* Become server, and handle requests */
233 foreach_dlist(p, me->FDaddrs) {
234 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
236 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq, handle_client_request);
239 exit(0); /* should never get here */
242 void terminate_filed(int sig)
244 static bool already_here = false;
247 bmicrosleep(2, 0); /* yield */
248 exit(1); /* prevent loops */
251 debug_level = 0; /* turn off debug */
254 bnet_stop_thread_server(server_tid);
255 generate_daemon_event(NULL, "Exit");
257 write_state_file(me->working_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
258 delete_pid_file(me->pid_directory, "bacula-fd", get_first_port_host_order(me->FDaddrs));
260 if (configfile != NULL) {
264 if (debug_level > 0) {
265 print_memory_pool_stats();
268 config->free_resources();
274 close_memory_pool(); /* release free memory in pool */
275 sm_dump(false); /* dump orphaned buffers */
280 * Make a quick check to see that we have all the
283 static bool check_resources()
291 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
293 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
294 "Without that I don't know who I am :-(\n"), configfile);
297 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
298 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
302 my_name_is(0, NULL, me->hdr.name);
304 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
306 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
310 /* tls_require implies tls_enable */
311 if (me->tls_require) {
313 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
316 me->tls_enable = true;
319 need_tls = me->tls_enable || me->tls_authenticate;
321 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && need_tls) {
322 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
323 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
328 /* If everything is well, attempt to initialize our per-resource TLS context */
329 if (OK && (need_tls || me->tls_require)) {
330 /* Initialize TLS context:
331 * Args: CA certfile, CA certdir, Certfile, Keyfile,
332 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
333 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
334 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
335 NULL, NULL, NULL, true);
338 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
339 me->hdr.name, configfile);
344 if (me->pki_encrypt || me->pki_sign) {
346 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
351 /* pki_encrypt implies pki_sign */
352 if (me->pki_encrypt) {
356 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
357 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
358 " daemon \"%s\" in %s if either \"PKI Sign\" or"
359 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
363 /* If everything is well, attempt to initialize our public/private keys */
364 if (OK && (me->pki_encrypt || me->pki_sign)) {
366 /* Load our keypair */
367 me->pki_keypair = crypto_keypair_new();
368 if (!me->pki_keypair) {
369 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
372 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
373 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
374 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
378 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
379 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
380 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
386 * Trusted Signers. We're always trusted.
388 me->pki_signers = New(alist(10, not_owned_by_alist));
389 if (me->pki_keypair) {
390 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
393 /* If additional signing public keys have been specified, load them up */
394 if (me->pki_signing_key_files) {
395 foreach_alist(filepath, me->pki_signing_key_files) {
396 X509_KEYPAIR *keypair;
398 keypair = crypto_keypair_new();
400 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
403 if (crypto_keypair_load_cert(keypair, filepath)) {
404 me->pki_signers->append(keypair);
406 /* Attempt to load a private key, if available */
407 if (crypto_keypair_has_key(filepath)) {
408 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
409 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
410 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
416 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
417 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
425 * Crypto recipients. We're always included as a recipient.
426 * The symmetric session key will be encrypted for each of these readers.
428 me->pki_recipients = New(alist(10, not_owned_by_alist));
429 if (me->pki_keypair) {
430 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
434 /* If additional keys have been specified, load them up */
435 if (me->pki_master_key_files) {
436 foreach_alist(filepath, me->pki_master_key_files) {
437 X509_KEYPAIR *keypair;
439 keypair = crypto_keypair_new();
441 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
444 if (crypto_keypair_load_cert(keypair, filepath)) {
445 me->pki_recipients->append(keypair);
447 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
448 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
458 /* Verify that a director record exists */
460 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
463 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
468 foreach_res(director, R_DIRECTOR) {
469 /* tls_require implies tls_enable */
470 if (director->tls_require) {
472 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
476 director->tls_enable = true;
479 need_tls = director->tls_enable || director->tls_authenticate;
481 if (!director->tls_certfile && need_tls) {
482 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
483 director->hdr.name, configfile);
487 if (!director->tls_keyfile && need_tls) {
488 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
489 director->hdr.name, configfile);
493 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && need_tls && director->tls_verify_peer) {
494 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
495 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
496 " At least one CA certificate store is required"
497 " when using \"TLS Verify Peer\".\n"),
498 director->hdr.name, configfile);
502 /* If everything is well, attempt to initialize our per-resource TLS context */
503 if (OK && (need_tls || director->tls_require)) {
504 /* Initialize TLS context:
505 * Args: CA certfile, CA certdir, Certfile, Keyfile,
506 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
507 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
508 director->tls_ca_certdir, director->tls_certfile,
509 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
510 director->tls_verify_peer);
512 if (!director->tls_ctx) {
513 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
514 director->hdr.name, configfile);
523 close_msg(NULL); /* close temp message handler */
524 init_msg(NULL, me->messages); /* open user specified message handler */