From: Marco van Wieringen Date: Thu, 19 Apr 2012 12:05:13 +0000 (+0200) Subject: Move storages tls initialization to proper place. X-Git-Tag: Release-7.0.0~235 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6192ebdd506ce369274cd28f0567806c3308d1d3;p=bacula%2Fbacula Move storages tls initialization to proper place. We initialize all tls stuff in the check_resources function except for the tls stuff for storages which we initialize in the check_catalog function because we walk the storages there already. This might be an optimization but it doesn't make sense its better to check the whole resources stuff in the check_resources function as the name seems to imply that is what is done there. --- diff --git a/bacula/src/dird/dird.c b/bacula/src/dird/dird.c index c897b6e50c..fec7135072 100644 --- a/bacula/src/dird/dird.c +++ b/bacula/src/dird/dird.c @@ -917,6 +917,46 @@ static bool check_resources() } } + /* Loop over Storages */ + STORE *store; + foreach_res(store, R_STORAGE) { + /* tls_require implies tls_enable */ + if (store->tls_require) { + if (have_tls) { + store->tls_enable = true; + } else { + Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); + OK = false; + continue; + } + } + + need_tls = store->tls_enable || store->tls_authenticate; + + if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && need_tls) { + Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" + " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), + store->name(), configfile); + OK = false; + } + + /* If everything is well, attempt to initialize our per-resource TLS context */ + if (OK && (need_tls || store->tls_require)) { + /* Initialize TLS context: + * Args: CA certfile, CA certdir, Certfile, Keyfile, + * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ + store->tls_ctx = new_tls_context(store->tls_ca_certfile, + store->tls_ca_certdir, store->tls_certfile, + store->tls_keyfile, NULL, NULL, NULL, true); + + if (!store->tls_ctx) { + Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), + store->name(), configfile); + OK = false; + } + } + } + UnlockRes(); if (OK) { close_msg(NULL); /* close temp message handler */ @@ -934,7 +974,6 @@ static bool check_resources() static bool check_catalog(cat_op mode) { bool OK = true; - bool need_tls; /* Loop over databases */ CAT *catalog; @@ -1047,41 +1086,6 @@ static bool check_catalog(cat_op mode) OK = false; } } - - /* tls_require implies tls_enable */ - if (store->tls_require) { - if (have_tls) { - store->tls_enable = true; - } else { - Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n")); - OK = false; - } - } - - need_tls = store->tls_enable || store->tls_authenticate; - - if ((!store->tls_ca_certfile && !store->tls_ca_certdir) && need_tls) { - Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\"" - " or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s.\n"), - store->name(), configfile); - OK = false; - } - - /* If everything is well, attempt to initialize our per-resource TLS context */ - if (OK && (need_tls || store->tls_require)) { - /* Initialize TLS context: - * Args: CA certfile, CA certdir, Certfile, Keyfile, - * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */ - store->tls_ctx = new_tls_context(store->tls_ca_certfile, - store->tls_ca_certdir, store->tls_certfile, - store->tls_keyfile, NULL, NULL, NULL, true); - - if (!store->tls_ctx) { - Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"), - store->name(), configfile); - OK = false; - } - } } /* Loop over all counters, defining them in each database */