X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Fdird%2Fdird.c;h=20b32fcdd7c8cf5b47044103c7df2132bcd84581;hb=eeeb98532770101aa2b310ac43c9379316c447ce;hp=a6f072d8b7c523e6610a32dcafdc5b65cd76d34d;hpb=27c6094b93454811a6e966558ec187f8ad5a229c;p=bacula%2Fbacula diff --git a/bacula/src/dird/dird.c b/bacula/src/dird/dird.c index a6f072d8b7..20b32fcdd7 100644 --- a/bacula/src/dird/dird.c +++ b/bacula/src/dird/dird.c @@ -10,19 +10,14 @@ Copyright (C) 2000-2005 Kern Sibbald This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of - the License, or (at your option) any later version. + modify it under the terms of the GNU General Public License + version 2 as amended with additional clauses defined in the + file LICENSE in the main source directory. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public - License along with this program; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA. + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + the file LICENSE for additional details. */ @@ -50,7 +45,6 @@ void store_level(LEX *lc, RES_ITEM *item, int index, int pass); void store_replace(LEX *lc, RES_ITEM *item, int index, int pass); void init_device_resources(); -static char *configfile = NULL; static char *runjob = NULL; static int background = 1; static void init_reload(void); @@ -59,6 +53,7 @@ static void init_reload(void); DIRRES *director; /* Director resource */ int FDConnectTimeout; int SDConnectTimeout; +char *configfile = NULL; /* Globals Imported */ extern int r_first, r_last; /* first and last resources */ @@ -74,7 +69,7 @@ static void usage() { fprintf(stderr, _( "Copyright (C) 2000-2005 Kern Sibbald.\n" -"\nVersion: " VERSION " (" BDATE ")\n\n" +"\nVersion: %s (%s)\n\n" "Usage: dird [-f -s] [-c config_file] [-d debug_level] [config_file]\n" " -c set configuration file to file\n" " -dnn set debug level to nn\n" @@ -86,7 +81,7 @@ static void usage() " -u userid\n" " -v verbose user messages\n" " -? print this message.\n" -"\n")); +"\n"), VERSION, BDATE); exit(1); } @@ -106,9 +101,12 @@ int main (int argc, char *argv[]) char *uid = NULL; char *gid = NULL; + setlocale(LC_ALL, ""); + bindtextdomain("bacula", LOCALEDIR); + textdomain("bacula"); + init_stack_dump(); my_name_is(argc, argv, "bacula-dir"); - textdomain("bacula"); init_msg(NULL, NULL); /* initialize message handler */ init_reload(); daemon_start_time = time(NULL); @@ -194,6 +192,10 @@ int main (int argc, char *argv[]) parse_config(configfile); + if (init_crypto() != 0) { + Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n")); + } + if (!check_resources()) { Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile); } @@ -222,8 +224,8 @@ int main (int argc, char *argv[]) init_console_msg(working_directory); - init_python_interpreter(director->hdr.name, director->scripts_directory ? - director->scripts_directory : ".", "DirStartUp"); + init_python_interpreter(director->hdr.name, director->scripts_directory, + "DirStartUp"); set_thread_concurrency(director->MaxConcurrentJobs * 2 + 4 /* UA */ + 4 /* sched+watchdog+jobsvr+misc */); @@ -237,11 +239,9 @@ int main (int argc, char *argv[]) init_job_server(director->MaxConcurrentJobs); -// init_device_resources(); - Dmsg0(200, "wait for next job\n"); /* Main loop -- call scheduler to get next job to run */ - while ((jcr = wait_for_next_job(runjob))) { + while ( (jcr = wait_for_next_job(runjob)) ) { run_job(jcr); /* run job */ free_jcr(jcr); /* release jcr */ if (runjob) { /* command line, run a single job? */ @@ -255,12 +255,13 @@ int main (int argc, char *argv[]) /* Cleanup and then exit */ static void terminate_dird(int sig) { - static int already_here = FALSE; + static bool already_here = false; if (already_here) { /* avoid recursive temination problems */ exit(1); } - already_here = TRUE; + already_here = true; + generate_daemon_event(NULL, "Exit"); write_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); delete_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); // signal(SIGCHLD, SIG_IGN); /* don't worry about children now */ @@ -279,6 +280,7 @@ static void terminate_dird(int sig) term_ua_server(); term_msg(); /* terminate message handler */ stop_watchdog(); + cleanup_crypto(); close_memory_pool(); /* release free memory in pool */ sm_dump(false); exit(sig); @@ -328,13 +330,13 @@ static void reload_job_end_cb(JCR *jcr, void *ctx) int reload_id = (int)((long int)ctx); Dmsg3(100, "reload job_end JobId=%d table=%d cnt=%d\n", jcr->JobId, reload_id, reload_table[reload_id].job_count); - lock_jcr_chain(); + lock_jobs(); LockRes(); if (--reload_table[reload_id].job_count <= 0) { free_saved_resources(reload_id); } UnlockRes(); - unlock_jcr_chain(); + unlock_jobs(); } static int find_free_reload_table_entry() @@ -386,9 +388,7 @@ void reload_config(int sig) sigaddset(&set, SIGHUP); sigprocmask(SIG_BLOCK, &set, NULL); -// Jmsg(NULL, M_INFO, 0, "Entering experimental reload config code. Bug reports will not be accepted.\n"); - - lock_jcr_chain(); + lock_jobs(); LockRes(); table = find_free_reload_table_entry(); @@ -431,7 +431,7 @@ void reload_config(int sig) job_end_push(jcr, reload_job_end_cb, (void *)((long int)table)); njobs++; } - free_locked_jcr(jcr); + free_jcr(jcr); } } @@ -441,8 +441,6 @@ void reload_config(int sig) SDConnectTimeout = director->SDConnectTimeout; Dmsg0(0, "Director's configuration file reread.\n"); -// init_device_resources(); /* Update Device resources */ - /* Now release saved resources, if no jobs using the resources */ if (njobs == 0) { free_saved_resources(table); @@ -450,7 +448,7 @@ void reload_config(int sig) bail_out: UnlockRes(); - unlock_jcr_chain(); + unlock_jobs(); sigprocmask(SIG_UNBLOCK, &set, NULL); signal(SIGHUP, reload_config); already_here = false; @@ -490,6 +488,53 @@ static int check_resources() configfile); OK = false; } + /* tls_require implies tls_enable */ + if (director->tls_require) { + if (have_tls) { + director->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + } + } + + if (!director->tls_certfile && director->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; + } + + if (!director->tls_keyfile && director->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; + } + + if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" + " Certificate Dir\" are defined for Director \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + director->hdr.name, configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (director->tls_enable || director->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + director->tls_ctx = new_tls_context(director->tls_ca_certfile, + director->tls_ca_certdir, director->tls_certfile, + director->tls_keyfile, NULL, NULL, director->tls_dhfile, + director->tls_verify_peer); + + if (!director->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), + director->hdr.name, configfile); + OK = false; + } + } } if (!job) { @@ -537,7 +582,7 @@ static int check_resources() job->hdr.name, job_items[i].name, *def_svalue, i, offset); svalue = (char **)((char *)job + offset); if (*svalue) { - Pmsg1(000, "Hey something is wrong. p=0x%lu\n", *svalue); + Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue); } *svalue = bstrdup(*def_svalue); set_bit(i, job->hdr.item_present); @@ -550,7 +595,7 @@ static int check_resources() job->hdr.name, job_items[i].name, i, offset); svalue = (char **)((char *)job + offset); if (*svalue) { - Pmsg1(000, "Hey something is wrong. p=0x%lu\n", *svalue); + Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue); } *svalue = *def_svalue; set_bit(i, job->hdr.item_present); @@ -599,14 +644,14 @@ static int check_resources() for (i=0; job_items[i].name; i++) { if (job_items[i].flags & ITEM_REQUIRED) { if (!bit_is_set(i, job->hdr.item_present)) { - Jmsg(NULL, M_FATAL, 0, "\"%s\" directive in Job \"%s\" resource is required, but not found.\n", + Jmsg(NULL, M_FATAL, 0, _("\"%s\" directive in Job \"%s\" resource is required, but not found.\n"), job_items[i].name, job->hdr.name); OK = false; } } /* If this triggers, take a look at lib/parse_conf.h */ if (i >= MAX_RES_ITEMS) { - Emsg0(M_ERROR_TERM, 0, "Too many items in Job resource\n"); + Emsg0(M_ERROR_TERM, 0, _("Too many items in Job resource\n")); } } } /* End loop over Job res */ @@ -657,6 +702,39 @@ static int check_resources() if (!sr.created) { /* if not created, update it */ db_update_storage_record(NULL, db, &sr); } + + /* tls_require implies tls_enable */ + if (store->tls_require) { + if (have_tls) { + store->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + } + } + + if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (store->tls_enable || store->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + store->tls_ctx = new_tls_context(store->tls_ca_certfile, + store->tls_ca_certdir, store->tls_certfile, + store->tls_keyfile, NULL, NULL, NULL, true); + + if (!store->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), + store->hdr.name, configfile); + OK = false; + } + } } /* Loop over all counters, defining them in each database */ @@ -688,6 +766,97 @@ static int check_resources() db_close_database(NULL, db); } + /* Loop over Consoles */ + CONRES *cons; + foreach_res(cons, R_CONSOLE) { + /* tls_require implies tls_enable */ + if (cons->tls_require) { + if (have_tls) { + cons->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + continue; + } + } + + if (!cons->tls_certfile && cons->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"), + cons->hdr.name, configfile); + OK = false; + } + + if (!cons->tls_keyfile && cons->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"), + cons->hdr.name, configfile); + OK = false; + } + + if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) && cons->tls_enable && cons->tls_verify_peer) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" + " Certificate Dir\" are defined for Console \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + cons->hdr.name, configfile); + OK = false; + } + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (cons->tls_enable || cons->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + cons->tls_ctx = new_tls_context(cons->tls_ca_certfile, + cons->tls_ca_certdir, cons->tls_certfile, + cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer); + + if (!cons->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + cons->hdr.name, configfile); + OK = false; + } + } + + } + + /* Loop over Clients */ + CLIENT *client; + foreach_res(client, R_CLIENT) { + /* tls_require implies tls_enable */ + if (client->tls_require) { + if (have_tls) { + client->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + continue; + } + } + + if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && client->tls_enable) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"), + client->hdr.name, configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (client->tls_enable || client->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + client->tls_ctx = new_tls_context(client->tls_ca_certfile, + client->tls_ca_certdir, client->tls_certfile, + client->tls_keyfile, NULL, NULL, NULL, + true); + + if (!client->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + client->hdr.name, configfile); + OK = false; + } + } + } + UnlockRes(); if (OK) { close_msg(NULL); /* close temp message handler */