2 Bacula(R) - The Network Backup Solution
4 Copyright (C) 2000-2017 Kern Sibbald
6 The original author of Bacula is Kern Sibbald, with contributions
7 from many others, a complete list can be found in the file AUTHORS.
9 You may use this file and others of this release according to the
10 license defined in the LICENSE file, which includes the Affero General
11 Public License, v3.0 ("AGPLv3") and some additional permissions and
12 terms pursuant to its AGPLv3 Section 7.
14 This notice must be preserved when any source code is
15 conveyed and/or propagated.
17 Bacula(R) is a registered trademark of Kern Sibbald.
22 * Kern Sibbald, March MM
28 /* Imported Functions */
29 extern void *handle_connection_request(void *dir_sock);
30 extern bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code);
32 /* Forward referenced functions */
33 static bool check_resources();
35 /* Exported variables */
36 CLIENT *me; /* my resource */
37 bool no_signals = false;
39 extern struct s_cmds cmds[];
41 #ifndef CONFIG_FILE /* Might be overwritten */
42 #define CONFIG_FILE "bacula-fd.conf" /* default config file */
43 #define PROG_NAME "bacula-fd"
46 char *configfile = NULL;
47 static bool test_config = false;
48 static bool foreground = false;
49 static bool make_pid_file = true; /* create pid file */
50 static workq_t dir_workq; /* queue of work from Director */
51 static pthread_t server_tid;
52 static CONFIG *config;
58 "\nVersion: %s (%s)\n\n"
59 "Usage: bacula-fd [-f -s] [-c config_file] [-d debug_level]\n"
60 " -c <file> use <file> as configuration file\n"
61 " -d <n>[,<tags>] set debug level to <nn>, debug tags to <tags>\n"
62 " -dt print a timestamp in debug output\n"
63 " -f run in foreground (for debugging)\n"
65 " -k keep readall capabilities\n"
66 " -m print kaboom output (for debugging)\n"
67 " -P do not create pid file\n"
68 " -s no signals (for debugging)\n"
69 " -t test configuration file and exit\n"
72 " -v verbose user messages\n"
73 " -? print this message.\n"
74 "\n"), 2000, VERSION, BDATE);
80 /*********************************************************************
82 * Main Bacula Unix Client Program
85 #if defined(HAVE_WIN32)
86 #define main BaculaMain
89 int main(int argc, char *argv[])
92 bool keep_readall_caps = false;
97 setlocale(LC_ALL, "");
98 bindtextdomain("bacula", LOCALEDIR);
102 my_name_is(argc, argv, PROG_NAME);
103 init_msg(NULL, NULL);
104 daemon_start_time = time(NULL);
105 setup_daemon_message_queue();
107 while ((ch = getopt(argc, argv, "c:d:fg:kmPstTu:v?D:")) != -1) {
109 case 'c': /* configuration file */
110 if (configfile != NULL) {
113 configfile = bstrdup(optarg);
116 case 'd': /* debug level */
117 if (*optarg == 't') {
118 dbg_timestamp = true;
121 /* We probably find a tag list -d 10,sql,bvfs */
122 if ((p = strchr(optarg, ',')) != NULL) {
125 debug_level = atoi(optarg);
126 if (debug_level <= 0) {
130 debug_parse_tags(p+1, &debug_level_tags);
135 case 'f': /* run in foreground */
139 case 'g': /* set group */
144 keep_readall_caps = true;
147 case 'm': /* print kaboom output */
152 make_pid_file = false;
167 case 'u': /* set userid */
171 case 'v': /* verbose */
185 if (configfile != NULL)
187 configfile = bstrdup(*argv);
195 if (!uid && keep_readall_caps) {
196 Emsg0(M_ERROR_TERM, 0, _("-k option has no meaning without -u option.\n"));
199 server_tid = pthread_self();
201 if (configfile == NULL) {
202 configfile = bstrdup(CONFIG_FILE);
205 if (!foreground && !test_config) {
207 init_stack_dump(); /* set new pid */
211 init_signals(terminate_filed);
213 /* This reduces the number of signals facilitating debugging */
214 watchdog_sleep_time = 120; /* long timeout for debugging */
217 config = New(CONFIG());
218 parse_fd_config(config, configfile, M_ERROR_TERM);
220 if (init_crypto() != 0) {
221 Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
225 if (!check_resources()) {
226 Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
230 set_working_directory(me->working_directory);
236 set_thread_concurrency(me->MaxConcurrentJobs + 10);
237 lmgr_init_thread(); /* initialize the lockmanager stack */
239 /* Maximum 1 daemon at a time */
241 create_pid_file(me->pid_directory, PROG_NAME,
242 get_first_port_host_order(me->FDaddrs));
244 read_state_file(me->working_directory, PROG_NAME,
245 get_first_port_host_order(me->FDaddrs));
247 load_fd_plugins(me->plugin_directory);
249 drop(uid, gid, keep_readall_caps);
255 /* Setup default value for the the snapshot handler */
256 if (!me->snapshot_command) {
257 me->snapshot_command = snapshot_get_command();
261 start_watchdog(); /* start watchdog thread */
262 init_jcr_subsystem(); /* start JCR watchdogs etc. */
264 server_tid = pthread_self();
266 /* Become server, and handle requests */
268 foreach_dlist(p, me->FDaddrs) {
269 Dmsg1(10, "filed: listening on port %d\n", p->get_port_host_order());
271 bnet_thread_server(me->FDaddrs, me->MaxConcurrentJobs, &dir_workq,
272 handle_connection_request);
275 exit(0); /* should never get here */
278 void terminate_filed(int sig)
280 static bool already_here = false;
283 bmicrosleep(2, 0); /* yield */
284 exit(1); /* prevent loops */
287 debug_level = 0; /* turn off debug */
290 bnet_stop_thread_server(server_tid);
291 generate_daemon_event(NULL, "Exit");
294 free_daemon_message_queue();
297 write_state_file(me->working_directory,
298 "bacula-fd", get_first_port_host_order(me->FDaddrs));
300 delete_pid_file(me->pid_directory,
301 "bacula-fd", get_first_port_host_order(me->FDaddrs));
305 if (configfile != NULL) {
309 if (debug_level > 0) {
310 print_memory_pool_stats();
321 close_memory_pool(); /* release free memory in pool */
323 sm_dump(false); /* dump orphaned buffers */
328 * Make a quick check to see that we have all the
331 static bool check_resources()
342 me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
344 Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
345 "Without that I don't know who I am :-(\n"), configfile);
348 if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
349 Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
353 my_name_is(0, NULL, me->hdr.name);
355 me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
357 Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
362 /* Construct disabled command array */
363 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
364 if (me->disable_cmds) {
365 me->disabled_cmds_array = (bool *)malloc(i);
366 memset(me->disabled_cmds_array, 0, i);
367 foreach_alist(cmd, me->disable_cmds) {
369 for (i=0; cmds[i].cmd; i++) {
370 if (strncasecmp(cmds[i].cmd, cmd, strlen(cmd)) == 0) {
371 me->disabled_cmds_array[i] = true;
377 Jmsg(NULL, M_FATAL, 0, _("Disable Command \"%s\" not found.\n"),
384 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
386 if (me->disabled_cmds_array[i]) {
387 Dmsg1(050, "Command: %s disabled.\n", cmds[i].cmd);
392 /* tls_require implies tls_enable */
393 if (me->tls_require) {
395 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
398 me->tls_enable = true;
401 need_tls = me->tls_enable || me->tls_authenticate;
403 if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && need_tls) {
404 Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
405 " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
410 /* If everything is well, attempt to initialize our per-resource TLS context */
411 if (OK && (need_tls || me->tls_require)) {
412 /* Initialize TLS context:
413 * Args: CA certfile, CA certdir, Certfile, Keyfile,
414 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
415 me->tls_ctx = new_tls_context(me->tls_ca_certfile,
416 me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
417 NULL, NULL, NULL, true);
420 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
421 me->hdr.name, configfile);
426 if (me->pki_encrypt || me->pki_sign) {
428 Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n"));
433 /* pki_encrypt implies pki_sign */
434 if (me->pki_encrypt) {
438 if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) {
439 Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File"
440 " daemon \"%s\" in %s if either \"PKI Sign\" or"
441 " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile);
445 /* If everything is well, attempt to initialize our public/private keys */
446 if (OK && (me->pki_encrypt || me->pki_sign)) {
448 /* Load our keypair */
449 me->pki_keypair = crypto_keypair_new();
450 if (!me->pki_keypair) {
451 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
454 if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) {
455 Emsg2(M_FATAL, 0, _("Failed to load public certificate for File"
456 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
460 if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) {
461 Emsg2(M_FATAL, 0, _("Failed to load private key for File"
462 " daemon \"%s\" in %s.\n"), me->hdr.name, configfile);
468 * Trusted Signers. We're always trusted.
470 me->pki_signers = New(alist(10, not_owned_by_alist));
471 if (me->pki_keypair) {
472 me->pki_signers->append(crypto_keypair_dup(me->pki_keypair));
475 /* If additional signing public keys have been specified, load them up */
476 if (me->pki_signing_key_files) {
477 foreach_alist(filepath, me->pki_signing_key_files) {
478 X509_KEYPAIR *keypair;
480 keypair = crypto_keypair_new();
482 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
485 if (crypto_keypair_load_cert(keypair, filepath)) {
486 me->pki_signers->append(keypair);
488 /* Attempt to load a private key, if available */
489 if (crypto_keypair_has_key(filepath)) {
490 if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) {
491 Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File"
492 " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
498 Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate"
499 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
507 * Crypto recipients. We're always included as a recipient.
508 * The symmetric session key will be encrypted for each of these readers.
510 me->pki_recipients = New(alist(10, not_owned_by_alist));
511 if (me->pki_keypair) {
512 me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair));
515 /* Put a default cipher (not possible in the filed_conf.c structure */
516 if (!me->pki_cipher) {
517 me->pki_cipher = CRYPTO_CIPHER_AES_128_CBC;
520 /* Put a default digest (not possible in the filed_conf.c structure */
521 if (!me->pki_digest) {
522 me->pki_digest = CRYPTO_DIGEST_DEFAULT;
525 /* If additional keys have been specified, load them up */
526 if (me->pki_master_key_files) {
527 foreach_alist(filepath, me->pki_master_key_files) {
528 X509_KEYPAIR *keypair;
530 keypair = crypto_keypair_new();
532 Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n"));
535 if (crypto_keypair_load_cert(keypair, filepath)) {
536 me->pki_recipients->append(keypair);
538 Emsg3(M_FATAL, 0, _("Failed to load master key certificate"
539 " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile);
549 /* Verify that a director record exists */
551 director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
554 Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
559 foreach_res(director, R_DIRECTOR) {
561 /* Construct disabled command array */
562 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
563 if (director->disable_cmds) {
564 director->disabled_cmds_array = (bool *)malloc(i);
565 memset(director->disabled_cmds_array, 0, i);
566 foreach_alist(cmd, director->disable_cmds) {
568 for (i=0; cmds[i].cmd; i++) {
569 if (strncasecmp(cmds[i].cmd, cmd, strlen(cmd)) == 0) {
570 director->disabled_cmds_array[i] = true;
576 Jmsg(NULL, M_FATAL, 0, _("Disable Command \"%s\" not found.\n"),
584 for (i=0; cmds[i].cmd; i++) { } /* Count commands */
586 if (director->disabled_cmds_array[i]) {
587 Dmsg1(050, "Command: %s disabled for Director.\n", cmds[i].cmd);
592 /* tls_require implies tls_enable */
593 if (director->tls_require) {
595 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
599 director->tls_enable = true;
602 need_tls = director->tls_enable || director->tls_authenticate;
604 if (!director->tls_certfile && need_tls) {
605 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
606 director->hdr.name, configfile);
610 if (!director->tls_keyfile && need_tls) {
611 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
612 director->hdr.name, configfile);
616 if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && need_tls && director->tls_verify_peer) {
617 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
618 " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
619 " At least one CA certificate store is required"
620 " when using \"TLS Verify Peer\".\n"),
621 director->hdr.name, configfile);
625 /* If everything is well, attempt to initialize our per-resource TLS context */
626 if (OK && (need_tls || director->tls_require)) {
627 /* Initialize TLS context:
628 * Args: CA certfile, CA certdir, Certfile, Keyfile,
629 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
630 director->tls_ctx = new_tls_context(director->tls_ca_certfile,
631 director->tls_ca_certdir, director->tls_certfile,
632 director->tls_keyfile, NULL, NULL, director->tls_dhfile,
633 director->tls_verify_peer);
635 if (!director->tls_ctx) {
636 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
637 director->hdr.name, configfile);
644 foreach_res(console, R_CONSOLE) {
645 /* tls_require implies tls_enable */
646 if (console->tls_require) {
648 Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
652 console->tls_enable = true;
655 need_tls = console->tls_enable || console->tls_authenticate;
657 if (!console->tls_certfile && need_tls) {
658 Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"),
659 console->hdr.name, configfile);
663 if (!console->tls_keyfile && need_tls) {
664 Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"),
665 console->hdr.name, configfile);
669 if ((!console->tls_ca_certfile && !console->tls_ca_certdir) && need_tls && console->tls_verify_peer) {
670 Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
671 " or \"TLS CA Certificate Dir\" are defined for Console \"%s\" in %s."
672 " At least one CA certificate store is required"
673 " when using \"TLS Verify Peer\".\n"),
674 console->hdr.name, configfile);
678 /* If everything is well, attempt to initialize our per-resource TLS context */
679 if (OK && (need_tls || console->tls_require)) {
680 /* Initialize TLS context:
681 * Args: CA certfile, CA certdir, Certfile, Keyfile,
682 * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
683 console->tls_ctx = new_tls_context(console->tls_ca_certfile,
684 console->tls_ca_certdir, console->tls_certfile,
685 console->tls_keyfile, NULL, NULL, console->tls_dhfile,
686 console->tls_verify_peer);
688 if (!console->tls_ctx) {
689 Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Console \"%s\" in %s.\n"),
690 console->hdr.name, configfile);
700 close_msg(NULL); /* close temp message handler */
701 init_msg(NULL, me->messages); /* open user specified message handler */