/*
* Query Device command from Director
* Sends Storage Daemon's information on the device to the
* caller (presumably the Director).
* This command always returns "true" so that the line is
* not closed on an error.
*
*/
bool query_cmd(JCR *jcr)
{
POOL_MEM dev_name, VolumeName, MediaType, ChangerName;
BSOCK *dir = jcr->dir_bsock;
DEVRES *device;
AUTOCHANGER *changer;
bool ok;
Dmsg1(100, "Query_cmd: %s", dir->msg);
ok = sscanf(dir->msg, query_device, dev_name.c_str()) == 1;
Dmsg1(100, "<dird: %s", dir->msg);
if (ok) {
unbash_spaces(dev_name);
foreach_res(device, R_DEVICE) {
/* Find resource, and make sure we were able to open it */
if (bstrcmp(dev_name.c_str(), device->name())) {
if (!device->dev) {
device->dev = init_dev(jcr, device);
}
if (!device->dev) {
break;
}
ok = dir_update_device(jcr, device->dev);
if (ok) {
ok = dir->fsend(OK_query);
} else {
dir->fsend(NO_query);
}
return ok;
}
}
foreach_res(changer, R_AUTOCHANGER) {
/*Find resource, and make sure we were able to open it */
if (bstrcmp(dev_name.c_str(), changer->name())) {
if (!changer->device || changer->device->size() == 0) {
continue; /* no devices */
}
ok = dir_update_changer(jcr, changer);
if (ok) {
ok = dir->fsend(OK_query);
} else {
dir->fsend(NO_query);
}
return ok;
}
}
/* If we get here, the device/autochanger was not found */
unbash_spaces(dir->msg);
pm_strcpy(jcr->errmsg, dir->msg);
dir->fsend(NO_device, dev_name.c_str());
Dmsg1(100, ">dird: %s", dir->msg);
} else {
/* Check Configuration file for necessary info */
static int check_resources()
{
bool OK = true;
bool tls_needed;
const char *configfile = my_config->get_base_config_path();
if (GetNextRes(R_STORAGE, (RES *)me) != NULL) {
Jmsg1(NULL, M_ERROR, 0, _("Only one Storage resource permitted in %s\n"),
configfile);
OK = false;
}
if (GetNextRes(R_DIRECTOR, NULL) == NULL) {
Jmsg1(NULL, M_ERROR, 0, _("No Director resource defined in %s. Cannot continue.\n"),
configfile);
OK = false;
}
if (GetNextRes(R_DEVICE, NULL) == NULL){
Jmsg1(NULL, M_ERROR, 0, _("No Device resource defined in %s. Cannot continue.\n"),
configfile);
OK = false;
}
/*
* Sanity check.
*/
if (me->MaxConnections < ((2 * me->MaxConcurrentJobs) + 2)) {
me->MaxConnections = (2 * me->MaxConcurrentJobs) + 2;
}
if (!me->messages) {
me->messages = (MSGSRES *)GetNextRes(R_MSGS, NULL);
if (!me->messages) {
Jmsg1(NULL, M_ERROR, 0, _("No Messages resource defined in %s. Cannot continue.\n"),
configfile);
OK = false;
}
}
if (!me->working_directory) {
Jmsg1(NULL, M_ERROR, 0, _("No Working Directory defined in %s. Cannot continue.\n"),
configfile);
OK = false;
}
STORES *store;
foreach_res(store, R_STORAGE) {
/* tls_require implies tls_enable */
if (store->tls.require) {
if (have_tls) {
store->tls.enable = true;
} else {
Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bareos.\n"));
OK = false;
continue;
}
}
tls_needed = store->tls.enable || store->tls.authenticate;
if (!store->tls.certfile && tls_needed) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Storage \"%s\" in %s.\n"),
store->name(), configfile);
OK = false;
}
if (!store->tls.keyfile && tls_needed) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Storage \"%s\" in %s.\n"),
store->name(), configfile);
OK = false;
}
if ((!store->tls.ca_certfile && !store->tls.ca_certdir) && tls_needed && store->tls.verify_peer) {
Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
" or \"TLS CA Certificate Dir\" are defined for Storage \"%s\" in %s."
" At least one CA certificate store is required"
" when using \"TLS Verify Peer\".\n"),
store->name(), configfile);
OK = false;
}
/* If everything is well, attempt to initialize our per-resource TLS context */
if (OK && (tls_needed || store->tls.require)) {
/* Initialize TLS context:
* Args: CA certfile, CA certdir, Certfile, Keyfile,
* Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
store->tls.ctx = new_tls_context(store->tls.ca_certfile,
store->tls.ca_certdir,
store->tls.crlfile,
store->tls.certfile,
store->tls.keyfile,
NULL,
NULL,
store->tls.dhfile,
store->tls.cipherlist,
store->tls.verify_peer);
if (!store->tls.ctx) {
Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Storage \"%s\" in %s.\n"),
store->name(), configfile);
OK = false;
}
set_tls_enable(store->tls.ctx, tls_needed);
set_tls_require(store->tls.ctx, store->tls.require);
}
}
DIRRES *director;
foreach_res(director, R_DIRECTOR) {
/* tls_require implies tls_enable */
if (director->tls.require) {
director->tls.enable = true;
}
tls_needed = director->tls.enable || director->tls.authenticate;
if (!director->tls.certfile && tls_needed) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
director->name(), configfile);
OK = false;
}
if (!director->tls.keyfile && tls_needed) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
director->name(), configfile);
OK = false;
}
if ((!director->tls.ca_certfile && !director->tls.ca_certdir) && tls_needed && director->tls.verify_peer) {
Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
" or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
" At least one CA certificate store is required"
" when using \"TLS Verify Peer\".\n"),
director->name(), configfile);
OK = false;
}
/* If everything is well, attempt to initialize our per-resource TLS context */
if (OK && (tls_needed || director->tls.require)) {
/* Initialize TLS context:
* Args: CA certfile, CA certdir, Certfile, Keyfile,
* Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
director->tls.ctx = new_tls_context(director->tls.ca_certfile,
director->tls.ca_certdir,
director->tls.crlfile,
director->tls.certfile,
director->tls.keyfile,
NULL,
NULL,
director->tls.dhfile,
director->tls.cipherlist,
director->tls.verify_peer);
if (!director->tls.ctx) {
Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
director->name(), configfile);
OK = false;
}
set_tls_enable(director->tls.ctx, tls_needed);
set_tls_require(director->tls.ctx, director->tls.require);
}
}
DEVRES *device;
foreach_res(device, R_DEVICE) {
if (device->drive_crypto_enabled && bit_is_set(CAP_LABEL, device->cap_bits)) {
Jmsg(NULL, M_FATAL, 0, _("LabelMedia enabled is incompatible with tape crypto on Device \"%s\" in %s.\n"),
device->name(), configfile);
OK = false;
}
}
if (OK) {
OK = init_autochangers();
}
if (OK) {
close_msg(NULL); /* close temp message handler */
init_msg(NULL, me->messages); /* open daemon message handler */
set_working_directory(me->working_directory);
if (me->secure_erase_cmdline) {
set_secure_erase_cmdline(me->secure_erase_cmdline);
}
if (me->log_timestamp_format) {
set_log_timestamp_format(me->log_timestamp_format);
}
}
return OK;
}