X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Fdird%2Fdird.c;h=ea0a6987e589b5eaf3edaab4b5c3e56b0eb3aa8d;hb=a5521f8f2439ffca6f0af18f52d7587803b90f35;hp=c1909f8c4e1a9f131d8eb5a06fa19fa9656d4b21;hpb=311518d6dc70fd7ca67c783143c6b0a9623feb0b;p=bacula%2Fbacula diff --git a/bacula/src/dird/dird.c b/bacula/src/dird/dird.c index c1909f8c4e..ea0a6987e5 100644 --- a/bacula/src/dird/dird.c +++ b/bacula/src/dird/dird.c @@ -1,41 +1,51 @@ /* - * - * Bacula Director daemon -- this is the main program - * - * Kern Sibbald, March MM - * - * Version $Id$ - */ -/* - Copyright (C) 2000-2005 Kern Sibbald + Bacula® - The Network Backup Solution + + Copyright (C) 2000-2008 Free Software Foundation Europe e.V. - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of - the License, or (at your option) any later version. + The main author of Bacula is Kern Sibbald, with contributions from + many others, a complete list can be found in the file AUTHORS. + This program is Free Software; you can redistribute it and/or + modify it under the terms of version two of the GNU General Public + License as published by the Free Software Foundation and included + in the file LICENSE. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public - License along with this program; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA. + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301, USA. + Bacula® is a registered trademark of John Walker. + The licensor of Bacula is the Free Software Foundation Europe + (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich, + Switzerland, email:ftf@fsfeurope.org. +*/ +/* + * + * Bacula Director daemon -- this is the main program + * + * Kern Sibbald, March MM + * + * Version $Id$ */ #include "bacula.h" #include "dird.h" /* Forward referenced subroutines */ -static void terminate_dird(int sig); -static int check_resources(); - +void terminate_dird(int sig); +static bool check_resources(); +static bool check_catalog(); +static void dir_sql_query(JCR *jcr, const char *cmd); + /* Exported subroutines */ - extern "C" void reload_config(int sig); +extern void invalidate_schedules(); /* Imported subroutines */ @@ -48,9 +58,9 @@ void term_job_server(); void store_jobtype(LEX *lc, RES_ITEM *item, int index, int pass); void store_level(LEX *lc, RES_ITEM *item, int index, int pass); void store_replace(LEX *lc, RES_ITEM *item, int index, int pass); +void store_migtype(LEX *lc, RES_ITEM *item, int index, int pass); void init_device_resources(); -static char *configfile = NULL; static char *runjob = NULL; static int background = 1; static void init_reload(void); @@ -59,25 +69,34 @@ static void init_reload(void); DIRRES *director; /* Director resource */ int FDConnectTimeout; int SDConnectTimeout; +char *configfile = NULL; +void *start_heap; /* Globals Imported */ extern int r_first, r_last; /* first and last resources */ extern RES_TABLE resources[]; extern RES **res_head; extern RES_ITEM job_items[]; -extern URES res_all; +#if defined(_MSC_VER) +extern "C" { // work around visual compiler mangling variables + extern URES res_all; +} +#else +extern URES res_all; +#endif -#define CONFIG_FILE "./bacula-dir.conf" /* default configuration file */ +#define CONFIG_FILE "bacula-dir.conf" /* default configuration file */ static void usage() { fprintf(stderr, _( -"Copyright (C) 2000-2005 Kern Sibbald.\n" -"\nVersion: " VERSION " (" BDATE ")\n\n" +PROG_COPYRIGHT +"\nVersion: %s (%s)\n\n" "Usage: dird [-f -s] [-c config_file] [-d debug_level] [config_file]\n" " -c set configuration file to file\n" -" -dnn set debug level to nn\n" +" -d set debug level to \n" +" -dt print timestamp in debug output\n" " -f run in foreground (for debugging)\n" " -g groupid\n" " -r run now\n" @@ -86,7 +105,7 @@ static void usage() " -u userid\n" " -v verbose user messages\n" " -? print this message.\n" -"\n")); +"\n"), 2000, VERSION, BDATE); exit(1); } @@ -97,22 +116,33 @@ static void usage() * Main Bacula Server program * */ +#if defined(HAVE_WIN32) +/* For Win32 main() is in src/win32 code ... */ +#define main BaculaMain +#endif + int main (int argc, char *argv[]) { int ch; JCR *jcr; - int no_signals = FALSE; - int test_config = FALSE; + bool no_signals = false; + bool test_config = false; char *uid = NULL; char *gid = NULL; + start_heap = sbrk(0); + setlocale(LC_ALL, ""); + bindtextdomain("bacula", LOCALEDIR); + textdomain("bacula"); + init_stack_dump(); my_name_is(argc, argv, "bacula-dir"); - textdomain("bacula"); init_msg(NULL, NULL); /* initialize message handler */ init_reload(); daemon_start_time = time(NULL); + console_command = run_console_command; + while ((ch = getopt(argc, argv, "c:d:fg:r:stu:v?")) != -1) { switch (ch) { case 'c': /* specify config file */ @@ -123,11 +153,15 @@ int main (int argc, char *argv[]) break; case 'd': /* set debug level */ - debug_level = atoi(optarg); - if (debug_level <= 0) { - debug_level = 1; + if (*optarg == 't') { + dbg_timestamp = true; + } else { + debug_level = atoi(optarg); + if (debug_level <= 0) { + debug_level = 1; + } } - Dmsg1(0, "Debug level = %d\n", debug_level); + Dmsg1(10, "Debug level = %d\n", debug_level); break; case 'f': /* run in foreground */ @@ -148,11 +182,11 @@ int main (int argc, char *argv[]) break; case 's': /* turn off signals */ - no_signals = TRUE; + no_signals = true; break; case 't': /* test config */ - test_config = TRUE; + test_config = true; break; case 'u': /* set uid */ @@ -194,39 +228,54 @@ int main (int argc, char *argv[]) parse_config(configfile); - if (init_tls() != 0) { - Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("TLS library initialization failed.\n")); + if (init_crypto() != 0) { + Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n")); } if (!check_resources()) { Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile); } + if (!test_config) { /* we don't need to do this block in test mode */ + if (background) { + daemon_start(); + init_stack_dump(); /* grab new pid */ + } + + /* Create pid must come after we are a daemon -- so we have our final pid */ + create_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); + read_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); + } + + load_dir_plugins(director->plugin_directory); + + drop(uid, gid); /* reduce privileges if requested */ + + if (!check_catalog()) { + Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Please correct configuration file: %s\n"), configfile); + } + if (test_config) { terminate_dird(0); } - my_name_is(0, NULL, director->hdr.name); /* set user defined name */ + my_name_is(0, NULL, director->name()); /* set user defined name */ + + /* Plug database interface for library routines */ + p_sql_query = (sql_query)dir_sql_query; + p_sql_escape = (sql_escape)db_escape_string; FDConnectTimeout = (int)director->FDConnectTimeout; SDConnectTimeout = (int)director->SDConnectTimeout; - if (background) { - daemon_start(); - init_stack_dump(); /* grab new pid */ - } - - /* Create pid must come after we are a daemon -- so we have our final pid */ - create_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); - read_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); - - drop(uid, gid); /* reduce priveleges if requested */ +#if !defined(HAVE_WIN32) signal(SIGHUP, reload_config); +#endif init_console_msg(working_directory); - init_python_interpreter(director->hdr.name, director->scripts_directory, + init_python_interpreter(director->name(), director->scripts_directory, "DirStartUp"); set_thread_concurrency(director->MaxConcurrentJobs * 2 + @@ -241,11 +290,11 @@ int main (int argc, char *argv[]) init_job_server(director->MaxConcurrentJobs); -// init_device_resources(); +// init_device_resources(); Dmsg0(200, "wait for next job\n"); /* Main loop -- call scheduler to get next job to run */ - while ((jcr = wait_for_next_job(runjob))) { + while ( (jcr = wait_for_next_job(runjob)) ) { run_job(jcr); /* run job */ free_jcr(jcr); /* release jcr */ if (runjob) { /* command line, run a single job? */ @@ -254,21 +303,41 @@ int main (int argc, char *argv[]) } terminate_dird(0); + + return 0; +} + +/* + * This allows the message handler to operate on the database + * by using a pointer to this function. The pointer is + * needed because the other daemons do not have access + * to the database. If the pointer is + * not defined (other daemons), then writing the database + * is disabled. + */ +static void dir_sql_query(JCR *jcr, const char *cmd) +{ + if (!jcr || !jcr->db) { + return; + } + db_sql_query(jcr->db, cmd, NULL, NULL); } /* Cleanup and then exit */ -static void terminate_dird(int sig) +void terminate_dird(int sig) { static bool already_here = false; if (already_here) { /* avoid recursive temination problems */ + bmicrosleep(2, 0); /* yield */ exit(1); } already_here = true; + stop_watchdog(); generate_daemon_event(NULL, "Exit"); + unload_plugins(); write_state_file(director->working_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); delete_pid_file(director->pid_directory, "bacula-dir", get_first_port_host_order(director->DIRaddrs)); -// signal(SIGCHLD, SIG_IGN); /* don't worry about children now */ term_scheduler(); term_job_server(); if (runjob) { @@ -283,10 +352,7 @@ static void terminate_dird(int sig) free_config_resources(); term_ua_server(); term_msg(); /* terminate message handler */ - stop_watchdog(); -#ifdef HAVE_TLS - cleanup_tls(); -#endif + cleanup_crypto(); close_memory_pool(); /* release free memory in pool */ sm_dump(false); exit(sig); @@ -297,7 +363,7 @@ struct RELOAD_TABLE { RES **res_table; }; -static const int max_reloads = 10; +static const int max_reloads = 32; static RELOAD_TABLE reload_table[max_reloads]; static void init_reload(void) @@ -336,13 +402,13 @@ static void reload_job_end_cb(JCR *jcr, void *ctx) int reload_id = (int)((long int)ctx); Dmsg3(100, "reload job_end JobId=%d table=%d cnt=%d\n", jcr->JobId, reload_id, reload_table[reload_id].job_count); - lock_jcr_chain(); + lock_jobs(); LockRes(); if (--reload_table[reload_id].job_count <= 0) { free_saved_resources(reload_id); } UnlockRes(); - unlock_jcr_chain(); + unlock_jobs(); } static int find_free_reload_table_entry() @@ -380,7 +446,9 @@ extern "C" void reload_config(int sig) { static bool already_here = false; +#if !defined(HAVE_WIN32) sigset_t set; +#endif JCR *jcr; int njobs = 0; /* number of running jobs */ int table, rtable; @@ -390,13 +458,14 @@ void reload_config(int sig) abort(); /* Oops, recursion -> die */ } already_here = true; + +#if !defined(HAVE_WIN32) sigemptyset(&set); sigaddset(&set, SIGHUP); sigprocmask(SIG_BLOCK, &set, NULL); +#endif -// Jmsg(NULL, M_INFO, 0, "Entering experimental reload config code. Bug reports will not be accepted.\n"); - - lock_jcr_chain(); + lock_jobs(); LockRes(); table = find_free_reload_table_entry(); @@ -409,10 +478,10 @@ void reload_config(int sig) reload_table[table].res_table = save_config_resources(); Dmsg1(100, "Saved old config in table %d\n", table); - ok = parse_config(configfile, 0); /* no exit on error */ + ok = parse_config(configfile, 0, M_ERROR); /* no exit on error */ Dmsg0(100, "Reloaded config file\n"); - if (!ok || !check_resources()) { + if (!ok || !check_resources() || !check_catalog()) { rtable = find_free_reload_table_entry(); /* save new, bad table */ if (rtable < 0) { Jmsg(NULL, M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile); @@ -430,6 +499,7 @@ void reload_config(int sig) } table = rtable; /* release new, bad, saved table below */ } else { + invalidate_schedules(); /* * Hook all active jobs so that they release this table */ @@ -439,17 +509,15 @@ void reload_config(int sig) job_end_push(jcr, reload_job_end_cb, (void *)((long int)table)); njobs++; } - free_locked_jcr(jcr); } + endeach_jcr(jcr); } /* Reset globals */ set_working_directory(director->working_directory); FDConnectTimeout = director->FDConnectTimeout; SDConnectTimeout = director->SDConnectTimeout; - Dmsg0(0, "Director's configuration file reread.\n"); - -// init_device_resources(); /* Update Device resources */ + Dmsg0(10, "Director's configuration file reread.\n"); /* Now release saved resources, if no jobs using the resources */ if (njobs == 0) { @@ -458,9 +526,11 @@ void reload_config(int sig) bail_out: UnlockRes(); - unlock_jcr_chain(); + unlock_jobs(); +#if !defined(HAVE_WIN32) sigprocmask(SIG_UNBLOCK, &set, NULL); signal(SIGHUP, reload_config); +#endif already_here = false; } @@ -471,10 +541,11 @@ bail_out: * **** FIXME **** this routine could be a lot more * intelligent and comprehensive. */ -static int check_resources() +static bool check_resources() { bool OK = true; JOB *job; + bool need_tls; LockRes(); @@ -498,50 +569,56 @@ static int check_resources() configfile); OK = false; } -#ifdef HAVE_TLS /* tls_require implies tls_enable */ if (director->tls_require) { - director->tls_enable = true; + if (have_tls) { + director->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + } } - if (!director->tls_certfile && director->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + need_tls = director->tls_enable || director->tls_authenticate; + + if (!director->tls_certfile && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), + director->name(), configfile); + OK = false; } - if (!director->tls_keyfile && director->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; + if (!director->tls_keyfile && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), + director->name(), configfile); + OK = false; } - if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" - " Certificate Dir\" are defined for Director \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - director->hdr.name, configfile); - OK = false; + if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && + need_tls && director->tls_verify_peer) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" + " Certificate Dir\" are defined for Director \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + director->name(), configfile); + OK = false; } /* If everything is well, attempt to initialize our per-resource TLS context */ - if (OK && (director->tls_enable || director->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - director->tls_ctx = new_tls_context(director->tls_ca_certfile, - director->tls_ca_certdir, director->tls_certfile, - director->tls_keyfile, NULL, NULL, director->tls_dhfile, - director->tls_verify_peer); - - if (!director->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), - director->hdr.name, configfile); - OK = false; - } + if (OK && (need_tls || director->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + director->tls_ctx = new_tls_context(director->tls_ca_certfile, + director->tls_ca_certdir, director->tls_certfile, + director->tls_keyfile, NULL, NULL, director->tls_dhfile, + director->tls_verify_peer); + + if (!director->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"), + director->name(), configfile); + OK = false; + } } -#endif /* HAVE_TLS */ } if (!job) { @@ -561,23 +638,37 @@ static int check_resources() job->storage->append(st); } } + /* Handle RunScripts alists specifically */ + if (jobdefs->RunScripts) { + RUNSCRIPT *rs, *elt; + + if (!job->RunScripts) { + job->RunScripts = New(alist(10, not_owned_by_alist)); + } + + foreach_alist(rs, jobdefs->RunScripts) { + elt = copy_runscript(rs); + job->RunScripts->append(elt); /* we have to free it */ + } + } /* Transfer default items from JobDefs Resource */ for (i=0; job_items[i].name; i++) { char **def_svalue, **svalue; /* string value */ int *def_ivalue, *ivalue; /* integer value */ + bool *def_bvalue, *bvalue; /* bool value */ int64_t *def_lvalue, *lvalue; /* 64 bit values */ uint32_t offset; Dmsg4(1400, "Job \"%s\", field \"%s\" bit=%d def=%d\n", - job->hdr.name, job_items[i].name, + job->name(), job_items[i].name, bit_is_set(i, job->hdr.item_present), bit_is_set(i, job->jobdefs->hdr.item_present)); if (!bit_is_set(i, job->hdr.item_present) && bit_is_set(i, job->jobdefs->hdr.item_present)) { Dmsg2(400, "Job \"%s\", field \"%s\": getting default.\n", - job->hdr.name, job_items[i].name); + job->name(), job_items[i].name); offset = (char *)(job_items[i].value) - (char *)&res_all; /* * Handle strings and directory strings @@ -586,10 +677,10 @@ static int check_resources() job_items[i].handler == store_dir) { def_svalue = (char **)((char *)(job->jobdefs) + offset); Dmsg5(400, "Job \"%s\", field \"%s\" def_svalue=%s item %d offset=%u\n", - job->hdr.name, job_items[i].name, *def_svalue, i, offset); + job->name(), job_items[i].name, *def_svalue, i, offset); svalue = (char **)((char *)job + offset); if (*svalue) { - Pmsg1(000, "Hey something is wrong. p=0x%lu\n", *svalue); + Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue); } *svalue = bstrdup(*def_svalue); set_bit(i, job->hdr.item_present); @@ -599,10 +690,10 @@ static int check_resources() } else if (job_items[i].handler == store_res) { def_svalue = (char **)((char *)(job->jobdefs) + offset); Dmsg4(400, "Job \"%s\", field \"%s\" item %d offset=%u\n", - job->hdr.name, job_items[i].name, i, offset); + job->name(), job_items[i].name, i, offset); svalue = (char **)((char *)job + offset); if (*svalue) { - Pmsg1(000, "Hey something is wrong. p=0x%lu\n", *svalue); + Pmsg1(000, _("Hey something is wrong. p=0x%lu\n"), *svalue); } *svalue = *def_svalue; set_bit(i, job->hdr.item_present); @@ -615,17 +706,18 @@ static int check_resources() } /* * Handle integer fields - * Note, our store_yesno does not handle bitmaped fields + * Note, our store_bit does not handle bitmaped fields */ - } else if (job_items[i].handler == store_yesno || + } else if (job_items[i].handler == store_bit || job_items[i].handler == store_pint || job_items[i].handler == store_jobtype || job_items[i].handler == store_level || job_items[i].handler == store_pint || + job_items[i].handler == store_migtype || job_items[i].handler == store_replace) { def_ivalue = (int *)((char *)(job->jobdefs) + offset); Dmsg5(400, "Job \"%s\", field \"%s\" def_ivalue=%d item %d offset=%u\n", - job->hdr.name, job_items[i].name, *def_ivalue, i, offset); + job->name(), job_items[i].name, *def_ivalue, i, offset); ivalue = (int *)((char *)job + offset); *ivalue = *def_ivalue; set_bit(i, job->hdr.item_present); @@ -637,10 +729,20 @@ static int check_resources() job_items[i].handler == store_int64) { def_lvalue = (int64_t *)((char *)(job->jobdefs) + offset); Dmsg5(400, "Job \"%s\", field \"%s\" def_lvalue=%" lld " item %d offset=%u\n", - job->hdr.name, job_items[i].name, *def_lvalue, i, offset); + job->name(), job_items[i].name, *def_lvalue, i, offset); lvalue = (int64_t *)((char *)job + offset); *lvalue = *def_lvalue; set_bit(i, job->hdr.item_present); + /* + * Handle bool fields + */ + } else if (job_items[i].handler == store_bool) { + def_bvalue = (bool *)((char *)(job->jobdefs) + offset); + Dmsg5(400, "Job \"%s\", field \"%s\" def_bvalue=%d item %d offset=%u\n", + job->name(), job_items[i].name, *def_bvalue, i, offset); + bvalue = (bool *)((char *)job + offset); + *bvalue = *def_bvalue; + set_bit(i, job->hdr.item_present); } } } @@ -651,18 +753,131 @@ static int check_resources() for (i=0; job_items[i].name; i++) { if (job_items[i].flags & ITEM_REQUIRED) { if (!bit_is_set(i, job->hdr.item_present)) { - Jmsg(NULL, M_FATAL, 0, "\"%s\" directive in Job \"%s\" resource is required, but not found.\n", - job_items[i].name, job->hdr.name); + Jmsg(NULL, M_ERROR_TERM, 0, _("\"%s\" directive in Job \"%s\" resource is required, but not found.\n"), + job_items[i].name, job->name()); OK = false; } } /* If this triggers, take a look at lib/parse_conf.h */ if (i >= MAX_RES_ITEMS) { - Emsg0(M_ERROR_TERM, 0, "Too many items in Job resource\n"); + Emsg0(M_ERROR_TERM, 0, _("Too many items in Job resource\n")); } } + if (!job->storage && !job->pool->storage) { + Jmsg(NULL, M_FATAL, 0, _("No storage specified in Job \"%s\" nor in Pool.\n"), + job->name()); + OK = false; + } } /* End loop over Job res */ + + /* Loop over Consoles */ + CONRES *cons; + foreach_res(cons, R_CONSOLE) { + /* tls_require implies tls_enable */ + if (cons->tls_require) { + if (have_tls) { + cons->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + continue; + } + } + + need_tls = cons->tls_enable || cons->tls_authenticate; + + if (!cons->tls_certfile && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"), + cons->name(), configfile); + OK = false; + } + + if (!cons->tls_keyfile && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"), + cons->name(), configfile); + OK = false; + } + + if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) + && need_tls && cons->tls_verify_peer) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" + " Certificate Dir\" are defined for Console \"%s\" in %s." + " At least one CA certificate store is required" + " when using \"TLS Verify Peer\".\n"), + cons->name(), configfile); + OK = false; + } + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (need_tls || cons->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + cons->tls_ctx = new_tls_context(cons->tls_ca_certfile, + cons->tls_ca_certdir, cons->tls_certfile, + cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer); + + if (!cons->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + cons->name(), configfile); + OK = false; + } + } + + } + + /* Loop over Clients */ + CLIENT *client; + foreach_res(client, R_CLIENT) { + /* tls_require implies tls_enable */ + if (client->tls_require) { + if (have_tls) { + client->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + continue; + } + } + need_tls = client->tls_enable || client->tls_authenticate; + if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"), + client->name(), configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (need_tls || client->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + client->tls_ctx = new_tls_context(client->tls_ca_certfile, + client->tls_ca_certdir, client->tls_certfile, + client->tls_keyfile, NULL, NULL, NULL, + true); + + if (!client->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), + client->name(), configfile); + OK = false; + } + } + } + + UnlockRes(); + if (OK) { + close_msg(NULL); /* close temp message handler */ + init_msg(NULL, director->messages); /* open daemon message handler */ + } + return OK; +} + +static bool check_catalog() +{ + bool OK = true; + bool need_tls; + /* Loop over databases */ CAT *catalog; foreach_res(catalog, R_CATALOG) { @@ -671,15 +886,19 @@ static int check_resources() * Make sure we can open catalog, otherwise print a warning * message because the server is probably not running. */ - db = db_init_database(NULL, catalog->db_name, catalog->db_user, + db = db_init(NULL, catalog->db_driver, catalog->db_name, catalog->db_user, catalog->db_password, catalog->db_address, catalog->db_port, catalog->db_socket, catalog->mult_db_connections); if (!db || !db_open_database(NULL, db)) { - Jmsg(NULL, M_FATAL, 0, _("Could not open database \"%s\".\n"), - catalog->db_name); + Pmsg2(000, _("Could not open Catalog \"%s\", database \"%s\".\n"), + catalog->name(), catalog->db_name); + Jmsg(NULL, M_FATAL, 0, _("Could not open Catalog \"%s\", database \"%s\".\n"), + catalog->name(), catalog->db_name); if (db) { Jmsg(NULL, M_FATAL, 0, _("%s"), db_strerror(db)); + Pmsg1(000, "%s", db_strerror(db)); + db_close_database(NULL, db); } OK = false; continue; @@ -691,6 +910,11 @@ static int check_resources() create_pool(NULL, db, pool, POOL_OP_UPDATE); /* update request */ } + /* Loop over all pools for updating RecyclePool */ + foreach_res(pool, R_POOL) { + update_pool_recyclepool(NULL, db, pool); + } + STORE *store; foreach_res(store, R_STORAGE) { STORAGE_DBR sr; @@ -710,35 +934,40 @@ static int check_resources() db_update_storage_record(NULL, db, &sr); } -#ifdef HAVE_TLS - /* tls_require implies tls_enable */ - if (store->tls_require) { - store->tls_enable = true; - } - - if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && store->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; - } - - /* If everything is well, attempt to initialize our per-resource TLS context */ - if (OK && (store->tls_enable || store->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - store->tls_ctx = new_tls_context(store->tls_ca_certfile, - store->tls_ca_certdir, store->tls_certfile, - store->tls_keyfile, NULL, NULL, NULL, true); - - if (!store->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), - store->hdr.name, configfile); - OK = false; - } - } -#endif /* HAVE_TLS */ + /* tls_require implies tls_enable */ + if (store->tls_require) { + if (have_tls) { + store->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + } + } + + need_tls = store->tls_enable || store->tls_authenticate; + + if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), + store->name(), configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (need_tls || store->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + store->tls_ctx = new_tls_context(store->tls_ca_certfile, + store->tls_ca_certdir, store->tls_certfile, + store->tls_keyfile, NULL, NULL, NULL, true); + + if (!store->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), + store->name(), configfile); + OK = false; + } + } } /* Loop over all counters, defining them in each database */ @@ -748,19 +977,19 @@ static int check_resources() /* Write to catalog? */ if (!counter->created && counter->Catalog == catalog) { COUNTER_DBR cr; - bstrncpy(cr.Counter, counter->hdr.name, sizeof(cr.Counter)); + bstrncpy(cr.Counter, counter->name(), sizeof(cr.Counter)); cr.MinValue = counter->MinValue; cr.MaxValue = counter->MaxValue; cr.CurrentValue = counter->MinValue; if (counter->WrapCounter) { - bstrncpy(cr.WrapCounter, counter->WrapCounter->hdr.name, sizeof(cr.WrapCounter)); + bstrncpy(cr.WrapCounter, counter->WrapCounter->name(), sizeof(cr.WrapCounter)); } else { cr.WrapCounter[0] = 0; /* empty string */ } if (db_create_counter_record(NULL, db, &cr)) { counter->CurrentValue = cr.CurrentValue; counter->created = true; - Dmsg2(100, "Create counter %s val=%d\n", counter->hdr.name, counter->CurrentValue); + Dmsg2(100, "Create counter %s val=%d\n", counter->name(), counter->CurrentValue); } } if (!counter->created) { @@ -769,94 +998,7 @@ static int check_resources() } db_close_database(NULL, db); } - -#ifdef HAVE_TLS - /* Loop over Consoles */ - CONRES *cons; - foreach_res(cons, R_CONSOLE) { - /* tls_require implies tls_enable */ - if (cons->tls_require) { - cons->tls_enable = true; - } - - if (!cons->tls_certfile && cons->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"), - cons->hdr.name, configfile); - OK = false; - } - - if (!cons->tls_keyfile && cons->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"), - cons->hdr.name, configfile); - OK = false; - } - - if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir) && cons->tls_enable && cons->tls_verify_peer) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA" - " Certificate Dir\" are defined for Console \"%s\" in %s." - " At least one CA certificate store is required" - " when using \"TLS Verify Peer\".\n"), - cons->hdr.name, configfile); - OK = false; - } - /* If everything is well, attempt to initialize our per-resource TLS context */ - if (OK && (cons->tls_enable || cons->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - cons->tls_ctx = new_tls_context(cons->tls_ca_certfile, - cons->tls_ca_certdir, cons->tls_certfile, - cons->tls_keyfile, NULL, NULL, cons->tls_dhfile, cons->tls_verify_peer); - - if (!cons->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), - cons->hdr.name, configfile); - OK = false; - } - } - - } -#endif /* HAVE_TLS */ - -#ifdef HAVE_TLS - /* Loop over Clients */ - CLIENT *client; - foreach_res(client, R_CLIENT) { - /* tls_require implies tls_enable */ - if (client->tls_require) { - client->tls_enable = true; - } - - if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && client->tls_enable) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"), - client->hdr.name, configfile); - OK = false; - } - - /* If everything is well, attempt to initialize our per-resource TLS context */ - if (OK && (client->tls_enable || client->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - client->tls_ctx = new_tls_context(client->tls_ca_certfile, - client->tls_ca_certdir, client->tls_certfile, - client->tls_keyfile, NULL, NULL, NULL, - true); - - if (!client->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"), - client->hdr.name, configfile); - OK = false; - } - } - } -#endif /* HAVE_TLS */ - - UnlockRes(); - if (OK) { - close_msg(NULL); /* close temp message handler */ - init_msg(NULL, director->messages); /* open daemon message handler */ - } + /* Set type in global for debugging */ + set_db_type(db_get_type()); return OK; }