/* Forward referenced functions */
void terminate_stored(int sig);
-static void check_config();
+static int check_resources();
extern "C" void *device_initialization(void *arg);
}
parse_config(configfile);
- check_config();
+
+ if (init_tls() != 0) {
+ Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("TLS library initialization failed.\n"));
+ }
+
+ if (!check_resources()) {
+ Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile);
+ }
if (test_config) {
terminate_stored(0);
}
+ my_name_is(0, (char **)NULL, me->hdr.name); /* Set our real name */
+
if (!foreground) {
daemon_start(); /* become daemon */
init_stack_dump(); /* pick up new pid */
Jmsg0(NULL, M_ABORT, 0, _("Volume Session Time is ZERO!\n"));
}
- init_python_interpreter(me->hdr.name, me->scripts_directory ?
- me->scripts_directory : ".", "SDStartUp");
+ init_python_interpreter(me->hdr.name, me->scripts_directory, "SDStartUp");
/* Make sure on Solaris we can run concurrent, watch dog + servers + misc */
set_thread_concurrency(me->max_concurrent_jobs * 2 + 4);
}
/* Check Configuration file for necessary info */
-static void check_config()
+static int check_resources()
{
+ bool OK = true;
AUTOCHANGER *changer;
LockRes();
+
me = (STORES *)GetNextRes(R_STORAGE, NULL);
if (!me) {
- UnlockRes();
- Jmsg1(NULL, M_ERROR_TERM, 0, _("No Storage resource defined in %s. Cannot continue.\n"),
+ Jmsg1(NULL, M_ERROR, 0, _("No Storage resource defined in %s. Cannot continue.\n"),
configfile);
+ OK = false;
}
- my_name_is(0, (char **)NULL, me->hdr.name); /* Set our real name */
if (GetNextRes(R_STORAGE, (RES *)me) != NULL) {
- UnlockRes();
- Jmsg1(NULL, M_ERROR_TERM, 0, _("Only one Storage resource permitted in %s\n"),
+ Jmsg1(NULL, M_ERROR, 0, _("Only one Storage resource permitted in %s\n"),
configfile);
+ OK = false;
}
if (GetNextRes(R_DIRECTOR, NULL) == NULL) {
- UnlockRes();
- Jmsg1(NULL, M_ERROR_TERM, 0, _("No Director resource defined in %s. Cannot continue.\n"),
+ Jmsg1(NULL, M_ERROR, 0, _("No Director resource defined in %s. Cannot continue.\n"),
configfile);
+ OK = false;
}
if (GetNextRes(R_DEVICE, NULL) == NULL){
- UnlockRes();
- Jmsg1(NULL, M_ERROR_TERM, 0, _("No Device resource defined in %s. Cannot continue.\n"),
+ Jmsg1(NULL, M_ERROR, 0, _("No Device resource defined in %s. Cannot continue.\n"),
configfile);
+ OK = false;
}
+
if (!me->messages) {
me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
if (!me->messages) {
- Jmsg1(NULL, M_ERROR_TERM, 0, _("No Messages resource defined in %s. Cannot continue.\n"),
+ Jmsg1(NULL, M_ERROR, 0, _("No Messages resource defined in %s. Cannot continue.\n"),
configfile);
+ OK = false;
}
}
- close_msg(NULL); /* close temp message handler */
- init_msg(NULL, me->messages); /* open daemon message handler */
-
if (!me->working_directory) {
- Jmsg1(NULL, M_ERROR_TERM, 0, _("No Working Directory defined in %s. Cannot continue.\n"),
+ Jmsg1(NULL, M_ERROR, 0, _("No Working Directory defined in %s. Cannot continue.\n"),
configfile);
+ OK = false;
+ }
+
+#ifdef HAVE_TLS
+ DIRRES *director;
+ STORES *store;
+ foreach_res(store, R_STORAGE) {
+ /* tls_require implies tls_enable */
+ if (store->tls_require) {
+ store->tls_enable = true;
+ }
+
+ if (!store->tls_certfile && store->tls_enable) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Storage \"%s\" in %s.\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+
+ if (!store->tls_keyfile && store->tls_enable) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Storage \"%s\" in %s.\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+
+ if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable && store->tls_verify_peer) {
+ Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
+ " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s."
+ " At least one CA certificate store is required"
+ " when using \"TLS Verify Peer\".\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+
+ /* If everything is well, attempt to initialize our per-resource TLS context */
+ if (OK && (store->tls_enable || store->tls_require)) {
+ /* Initialize TLS context:
+ * Args: CA certfile, CA certdir, Certfile, Keyfile,
+ * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
+ store->tls_ctx = new_tls_context(store->tls_ca_certfile,
+ store->tls_ca_certdir, store->tls_certfile,
+ store->tls_keyfile, NULL, NULL, store->tls_dhfile,
+ store->tls_verify_peer);
+
+ if (!store->tls_ctx) {
+ Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"),
+ store->hdr.name, configfile);
+ OK = false;
+ }
+ }
}
- set_working_directory(me->working_directory);
+
+ foreach_res(director, R_DIRECTOR) {
+ /* tls_require implies tls_enable */
+ if (director->tls_require) {
+ director->tls_enable = true;
+ }
+
+ if (!director->tls_certfile && director->tls_enable) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ if (!director->tls_keyfile && director->tls_enable) {
+ Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
+ Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
+ " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
+ " At least one CA certificate store is required"
+ " when using \"TLS Verify Peer\".\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ /* If everything is well, attempt to initialize our per-resource TLS context */
+ if (OK && (director->tls_enable || director->tls_require)) {
+ /* Initialize TLS context:
+ * Args: CA certfile, CA certdir, Certfile, Keyfile,
+ * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
+ director->tls_ctx = new_tls_context(director->tls_ca_certfile,
+ director->tls_ca_certdir, director->tls_certfile,
+ director->tls_keyfile, NULL, NULL, director->tls_dhfile,
+ director->tls_verify_peer);
+
+ if (!director->tls_ctx) {
+ Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+ }
+ }
+#endif /* HAVE_TLS */
/* Ensure that the media_type for each device is the same */
foreach_res(changer, R_AUTOCHANGER) {
continue;
}
if (strcmp(media_type, device->media_type) != 0) {
- Jmsg(NULL, M_ERROR_TERM, 0,
+ Jmsg(NULL, M_ERROR, 0,
_("Media Type not the same for all devices in changer %s. Cannot continue.\n"),
changer->hdr.name);
+ OK = false;
+ continue;
}
/*
* If the device does not have a changer name or changer command
}
}
}
+
UnlockRes();
+
+ if (OK) {
+ close_msg(NULL); /* close temp message handler */
+ init_msg(NULL, me->messages); /* open daemon message handler */
+ set_working_directory(me->working_directory);
+ }
+
+ return OK;
}
/*
}
term_msg();
stop_watchdog();
+ cleanup_tls();
close_memory_pool();
sm_dump(false); /* dump orphaned buffers */