X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Ffiled%2Ffiled.c;h=f399706146e7b80866ceab38f44f8d75991d1089;hb=c7eef1a064f66e5e22de82af1e9263b67a3d536b;hp=f274444fe6ed7bd1405d0115eb6e6e1ec772fef3;hpb=d96e3d4b7a67d43be92cc420fb059cb13077b89a;p=bacula%2Fbacula diff --git a/bacula/src/filed/filed.c b/bacula/src/filed/filed.c index f274444fe6..f399706146 100644 --- a/bacula/src/filed/filed.c +++ b/bacula/src/filed/filed.c @@ -179,8 +179,8 @@ int main (int argc, char *argv[]) parse_config(configfile); - if (init_crypto() != 0) { - Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n")); + if (init_tls() != 0) { + Emsg0(M_ERROR, 0, _("TLS library initialization failed.\n")); terminate_filed(1); } @@ -260,7 +260,7 @@ void terminate_filed(int sig) free_config_resources(); term_msg(); stop_watchdog(); - cleanup_crypto(); + cleanup_tls(); close_memory_pool(); /* release free memory in pool */ sm_dump(false); /* dump orphaned buffers */ exit(sig); @@ -328,128 +328,6 @@ static int check_resources() OK = false; } } - - if (me->pki_encrypt || me->pki_sign) { -#ifndef HAVE_CRYPTO - Jmsg(NULL, M_FATAL, 0, _("PKI encryption/signing enabled but not compiled into Bacula.\n")); - OK = false; -#endif - } - - /* pki_encrypt implies pki_sign */ - if (me->pki_encrypt) { - me->pki_sign = true; - } - - if ((me->pki_encrypt || me->pki_sign) && !me->pki_keypair_file) { - Emsg2(M_FATAL, 0, _("\"PKI Key Pair\" must be defined for File" - " daemon \"%s\" in %s if either \"PKI Sign\" or" - " \"PKI Encrypt\" are enabled.\n"), me->hdr.name, configfile); - OK = false; - } - - /* If everything is well, attempt to initialize our public/private keys */ - if (OK && (me->pki_encrypt || me->pki_sign)) { - char *filepath; - /* Load our keypair */ - me->pki_keypair = crypto_keypair_new(); - if (!me->pki_keypair) { - Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n")); - OK = false; - } else { - if (!crypto_keypair_load_cert(me->pki_keypair, me->pki_keypair_file)) { - Emsg2(M_FATAL, 0, _("Failed to load public certificate for File" - " daemon \"%s\" in %s.\n"), me->hdr.name, configfile); - OK = false; - } - - if (!crypto_keypair_load_key(me->pki_keypair, me->pki_keypair_file, NULL, NULL)) { - Emsg2(M_FATAL, 0, _("Failed to load private key for File" - " daemon \"%s\" in %s.\n"), me->hdr.name, configfile); - OK = false; - } - } - - /* - * Trusted Signers. We're always trusted. - */ - me->pki_signers = New(alist(10, not_owned_by_alist)); - if (me->pki_keypair) { - me->pki_signers->append(crypto_keypair_dup(me->pki_keypair)); - } - - /* If additional signing public keys have been specified, load them up */ - if (me->pki_signing_key_files) { - foreach_alist(filepath, me->pki_signing_key_files) { - X509_KEYPAIR *keypair; - - keypair = crypto_keypair_new(); - if (!keypair) { - Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n")); - OK = false; - } else { - if (crypto_keypair_load_cert(keypair, filepath)) { - me->pki_signers->append(keypair); - - /* Attempt to load a private key, if available */ - if (crypto_keypair_has_key(filepath)) { - if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) { - Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File" - " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile); - OK = false; - } - } - - } else { - Emsg3(M_FATAL, 0, _("Failed to load trusted signer certificate" - " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile); - OK = false; - } - } - } - } - - /* - * Crypto recipients. We're always included as a recipient. - * The symmetric session key will be encrypted for each of these readers. - */ - me->pki_recipients = New(alist(10, not_owned_by_alist)); - if (me->pki_keypair) { - me->pki_recipients->append(crypto_keypair_dup(me->pki_keypair)); - } - - - /* If additional keys have been specified, load them up */ - if (me->pki_master_key_files) { - foreach_alist(filepath, me->pki_master_key_files) { - X509_KEYPAIR *keypair; - - keypair = crypto_keypair_new(); - if (!keypair) { - Emsg0(M_FATAL, 0, _("Failed to allocate a new keypair object.\n")); - OK = false; - } else { - if (crypto_keypair_load_cert(keypair, filepath)) { - me->pki_recipients->append(keypair); - - /* Attempt to load a private key, if available */ - if (crypto_keypair_has_key(filepath)) { - if (!crypto_keypair_load_key(keypair, filepath, NULL, NULL)) { - Emsg3(M_FATAL, 0, _("Failed to load private key from file %s for File" - " daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile); - OK = false; - } - } - - } else { - Emsg3(M_FATAL, 0, _("Failed to load master key certificate" - " from file %s for File daemon \"%s\" in %s.\n"), filepath, me->hdr.name, configfile); - OK = false; - } - } - } - } - } }