2 Bacula(R) - The Network Backup Solution
4 Copyright (C) 2000-2017 Kern Sibbald
6 The original author of Bacula is Kern Sibbald, with contributions
7 from many others, a complete list can be found in the file AUTHORS.
9 You may use this file and others of this release according to the
10 license defined in the LICENSE file, which includes the Affero General
11 Public License, v3.0 ("AGPLv3") and some additional permissions and
12 terms pursuant to its AGPLv3 Section 7.
14 This notice must be preserved when any source code is
15 conveyed and/or propagated.
17 Bacula(R) is a registered trademark of Kern Sibbald.
20 * Main configuration file parser for Bacula File Daemon (Client)
21 * some parts may be split into separate files such as
22 * the schedule configuration (sch_config.c).
24 * Note, the configuration file parser consists of three parts
26 * 1. The generic lexical scanner in lib/lex.c and lib/lex.h
28 * 2. The generic config scanner in lib/parse_config.c and
30 * These files contain the parser code, some utility
31 * routines, and the common store routines (name, int,
34 * 3. The daemon specific file, which contains the Resource
35 * definitions as well as any specific store routines
36 * for the resource records.
38 * Kern Sibbald, September MM
44 /* Define the first and last resource ID record
45 * types. Note, these should be unique for each
46 * daemon though not a requirement.
48 int32_t r_first = R_FIRST;
49 int32_t r_last = R_LAST;
53 /* Forward referenced subroutines */
56 /* We build the current resource here as we are
57 * scanning the resource configuration definition,
58 * then move it to allocated memory when the resource
62 extern "C" { // work around visual compiler mangling variables
68 int32_t res_all_size = sizeof(res_all);
70 /* Forward definition for encyption cipher/digest type */
71 static void store_cipher_type(LEX *lc, RES_ITEM *item, int index, int pass);
72 static void store_digest_type(LEX *lc, RES_ITEM *item, int index, int pass);
74 /* Definition of records permitted within each
75 * resource with the routine to process the record
79 /* Client or File daemon "Global" resources */
80 static RES_ITEM cli_items[] = {
81 {"Name", store_name, ITEM(res_client.hdr.name), 0, ITEM_REQUIRED, 0},
82 {"Description", store_str, ITEM(res_client.hdr.desc), 0, 0, 0},
83 {"FdPort", store_addresses_port, ITEM(res_client.FDaddrs), 0, ITEM_DEFAULT, 9102},
84 {"FdAddress", store_addresses_address, ITEM(res_client.FDaddrs), 0, ITEM_DEFAULT, 9102},
85 {"FdAddresses", store_addresses, ITEM(res_client.FDaddrs), 0, ITEM_DEFAULT, 9102},
86 {"FdSourceAddress", store_addresses_address, ITEM(res_client.FDsrc_addr), 0, ITEM_DEFAULT, 0},
88 {"WorkingDirectory", store_dir, ITEM(res_client.working_directory), 0, ITEM_REQUIRED, 0},
89 {"PidDirectory", store_dir, ITEM(res_client.pid_directory), 0, ITEM_REQUIRED, 0},
90 {"SubsysDirectory", store_dir, ITEM(res_client.subsys_directory), 0, 0, 0},
91 {"PluginDirectory", store_dir, ITEM(res_client.plugin_directory), 0, 0, 0},
92 {"SnapshotCommand", store_str, ITEM(res_client.snapshot_command), 0, 0, 0},
93 {"ScriptsDirectory", store_dir, ITEM(res_client.scripts_directory), 0, 0, 0},
94 {"MaximumConcurrentJobs", store_pint32, ITEM(res_client.MaxConcurrentJobs), 0, ITEM_DEFAULT, 20},
95 {"Messages", store_res, ITEM(res_client.messages), R_MSGS, 0, 0},
96 {"SdConnectTimeout", store_time,ITEM(res_client.SDConnectTimeout), 0, ITEM_DEFAULT, 60 * 30},
97 {"HeartbeatInterval", store_time, ITEM(res_client.heartbeat_interval), 0, ITEM_DEFAULT, 5 * 60},
98 {"MaximumNetworkBufferSize", store_pint32, ITEM(res_client.max_network_buffer_size), 0, 0, 0},
99 #ifdef DATA_ENCRYPTION
100 {"PkiSignatures", store_bool, ITEM(res_client.pki_sign), 0, ITEM_DEFAULT, 0},
101 {"PkiEncryption", store_bool, ITEM(res_client.pki_encrypt), 0, ITEM_DEFAULT, 0},
102 {"PkiKeyPair", store_dir, ITEM(res_client.pki_keypair_file), 0, 0, 0},
103 {"PkiSigner", store_alist_str, ITEM(res_client.pki_signing_key_files), 0, 0, 0},
104 {"PkiMasterKey", store_alist_str, ITEM(res_client.pki_master_key_files), 0, 0, 0},
105 {"PkiCipher", store_cipher_type, ITEM(res_client.pki_cipher), 0, 0, 0},
106 {"PkiDigest", store_digest_type, ITEM(res_client.pki_digest), 0, 0, 0},
108 {"TlsAuthenticate", store_bool, ITEM(res_client.tls_authenticate), 0, 0, 0},
109 {"TlsEnable", store_bool, ITEM(res_client.tls_enable), 0, 0, 0},
110 {"TlsRequire", store_bool, ITEM(res_client.tls_require), 0, 0, 0},
111 {"TlsCaCertificateFile", store_dir, ITEM(res_client.tls_ca_certfile), 0, 0, 0},
112 {"TlsCaCertificateDir", store_dir, ITEM(res_client.tls_ca_certdir), 0, 0, 0},
113 {"TlsCertificate", store_dir, ITEM(res_client.tls_certfile), 0, 0, 0},
114 {"TlsKey", store_dir, ITEM(res_client.tls_keyfile), 0, 0, 0},
115 {"VerId", store_str, ITEM(res_client.verid), 0, 0, 0},
116 {"MaximumBandwidthPerJob",store_speed, ITEM(res_client.max_bandwidth_per_job), 0, 0, 0},
117 {"CommCompression", store_bool, ITEM(res_client.comm_compression), 0, ITEM_DEFAULT, true},
118 {"DisableCommand", store_alist_str, ITEM(res_client.disable_cmds), 0, 0, 0},
119 {NULL, NULL, {0}, 0, 0, 0}
122 /* Directors that can use our services */
123 static RES_ITEM dir_items[] = {
124 {"Name", store_name, ITEM(res_dir.hdr.name), 0, ITEM_REQUIRED, 0},
125 {"Description", store_str, ITEM(res_dir.hdr.desc), 0, 0, 0},
126 {"Password", store_password, ITEM(res_dir.password), 0, ITEM_REQUIRED, 0},
127 {"Address", store_str, ITEM(res_dir.address), 0, 0, 0},
128 {"Monitor", store_bool, ITEM(res_dir.monitor), 0, ITEM_DEFAULT, 0},
129 {"Remote", store_bool, ITEM(res_dir.remote), 0, ITEM_DEFAULT, 0},
130 {"TlsAuthenticate", store_bool, ITEM(res_dir.tls_authenticate), 0, 0, 0},
131 {"TlsEnable", store_bool, ITEM(res_dir.tls_enable), 0, 0, 0},
132 {"TlsRequire", store_bool, ITEM(res_dir.tls_require), 0, 0, 0},
133 {"TlsVerifyPeer", store_bool, ITEM(res_dir.tls_verify_peer), 0, ITEM_DEFAULT, 1},
134 {"TlsCaCertificateFile", store_dir, ITEM(res_dir.tls_ca_certfile), 0, 0, 0},
135 {"TlsCaCertificateDir", store_dir, ITEM(res_dir.tls_ca_certdir), 0, 0, 0},
136 {"TlsCertificate", store_dir, ITEM(res_dir.tls_certfile), 0, 0, 0},
137 {"TlsKey", store_dir, ITEM(res_dir.tls_keyfile), 0, 0, 0},
138 {"TlsDhFile", store_dir, ITEM(res_dir.tls_dhfile), 0, 0, 0},
139 {"TlsAllowedCn", store_alist_str, ITEM(res_dir.tls_allowed_cns), 0, 0, 0},
140 {"MaximumBandwidthPerJob", store_speed, ITEM(res_dir.max_bandwidth_per_job), 0, 0, 0},
141 {"DisableCommand", store_alist_str, ITEM(res_dir.disable_cmds), 0, 0, 0},
142 {"Console", store_res, ITEM(res_dir.console), R_CONSOLE, 0, 0},
143 {NULL, NULL, {0}, 0, 0, 0}
146 /* Consoles that we can use to connect a Director */
147 static RES_ITEM cons_items[] = {
148 {"Name", store_name, ITEM(res_cons.hdr.name), 0, ITEM_REQUIRED, 0},
149 {"Description", store_str, ITEM(res_cons.hdr.desc), 0, 0, 0},
150 {"Password", store_password, ITEM(res_cons.password), 0, ITEM_REQUIRED, 0},
151 {"Address", store_str, ITEM(res_cons.address), 0, 0, 0},
152 {"DirPort", store_pint32, ITEM(res_cons.DIRport), 0, ITEM_DEFAULT, 9101},
153 {"TlsAuthenticate", store_bool, ITEM(res_cons.tls_authenticate), 0, 0, 0},
154 {"TlsEnable", store_bool, ITEM(res_cons.tls_enable), 0, 0, 0},
155 {"TlsRequire", store_bool, ITEM(res_cons.tls_require), 0, 0, 0},
156 {"TlsVerifyPeer", store_bool, ITEM(res_cons.tls_verify_peer), 0, ITEM_DEFAULT, 1},
157 {"TlsCaCertificateFile", store_dir, ITEM(res_cons.tls_ca_certfile), 0, 0, 0},
158 {"TlsCaCertificateDir", store_dir, ITEM(res_cons.tls_ca_certdir), 0, 0, 0},
159 {"TlsCertificate", store_dir, ITEM(res_cons.tls_certfile), 0, 0, 0},
160 {"TlsKey", store_dir, ITEM(res_cons.tls_keyfile), 0, 0, 0},
161 {"TlsDhFile", store_dir, ITEM(res_cons.tls_dhfile), 0, 0, 0},
162 {"TlsAllowedCn", store_alist_str, ITEM(res_cons.tls_allowed_cns), 0, 0, 0},
163 {NULL, NULL, {0}, 0, 0, 0}
166 /* Message resource */
167 extern RES_ITEM msgs_items[];
170 * This is the master resource definition.
171 * It must have one item for each of the resources.
173 RES_TABLE resources[] = {
174 {"Director", dir_items, R_DIRECTOR},
175 {"FileDaemon", cli_items, R_CLIENT},
176 {"Messages", msgs_items, R_MSGS},
177 {"Console", cons_items, R_CONSOLE},
178 {"Client", cli_items, R_CLIENT}, /* alias for filedaemon */
182 /* Cipher/Digest keyword structure */
184 const char *type_name;
188 struct s_ct ciphertypes[] = {
189 {"aes128", CRYPTO_CIPHER_AES_128_CBC},
190 {"aes192", CRYPTO_CIPHER_AES_192_CBC},
191 {"aes256", CRYPTO_CIPHER_AES_256_CBC},
192 {"blowfish", CRYPTO_CIPHER_BLOWFISH_CBC},
196 struct s_ct digesttypes[] = {
197 {"md5", CRYPTO_DIGEST_MD5},
198 {"sha1", CRYPTO_DIGEST_SHA1},
199 {"sha256", CRYPTO_DIGEST_SHA256},
200 // {"sha512", CRYPTO_DIGEST_SHA512}, /* Not working yet */
208 static void store_cipher_type(LEX *lc, RES_ITEM *item, int index, int pass)
212 lex_get_token(lc, T_NAME);
213 /* Store the type both pass 1 and pass 2 */
214 for (i=0; ciphertypes[i].type_name; i++) {
215 if (strcasecmp(lc->str, ciphertypes[i].type_name) == 0) {
216 *(uint32_t *)(item->value) = ciphertypes[i].type_value;
222 scan_err1(lc, _("Expected a Cipher Type keyword, got: %s"), lc->str);
225 set_bit(index, res_all.hdr.item_present);
232 static void store_digest_type(LEX *lc, RES_ITEM *item, int index, int pass)
236 lex_get_token(lc, T_NAME);
237 /* Store the type both pass 1 and pass 2 */
238 for (i=0; digesttypes[i].type_name; i++) {
239 if (strcasecmp(lc->str, digesttypes[i].type_name) == 0) {
240 *(uint32_t *)(item->value) = digesttypes[i].type_value;
246 scan_err1(lc, _("Expected a Cipher Type keyword, got: %s"), lc->str);
249 set_bit(index, res_all.hdr.item_present);
252 /* Dump contents of resource */
253 void dump_resource(int type, RES *ares, void sendit(void *sock, const char *fmt, ...), void *sock)
255 URES *res = (URES *)ares;
259 sendit(sock, "No record for %d %s\n", type, res_to_str(type));
262 if (type < 0) { /* no recursion */
268 sendit(sock, "Console: name=%s password=%s\n", ares->name,
269 res->res_cons.password);
272 sendit(sock, "Director: name=%s password=%s\n", ares->name,
273 res->res_dir.password);
276 sendit(sock, "Client: name=%s FDport=%d\n", ares->name,
277 get_first_port_host_order(res->res_client.FDaddrs));
280 sendit(sock, "Messages: name=%s\n", res->res_msgs.hdr.name);
281 if (res->res_msgs.mail_cmd)
282 sendit(sock, " mailcmd=%s\n", res->res_msgs.mail_cmd);
283 if (res->res_msgs.operator_cmd)
284 sendit(sock, " opcmd=%s\n", res->res_msgs.operator_cmd);
287 sendit(sock, "Unknown resource type %d\n", type);
289 ares = GetNextRes(type, ares);
290 if (recurse && ares) {
291 dump_resource(type, ares, sendit, sock);
297 * Free memory of resource.
298 * NB, we don't need to worry about freeing any references
299 * to other resources as they will be freed when that
300 * resource chain is traversed. Mainly we worry about freeing
301 * allocated strings (names).
303 void free_resource(RES *sres, int type)
305 URES *res = (URES *)sres;
311 /* common stuff -- free the resource name */
312 if (res->res_dir.hdr.name) {
313 free(res->res_dir.hdr.name);
315 if (res->res_dir.hdr.desc) {
316 free(res->res_dir.hdr.desc);
320 if (res->res_dir.password) {
321 free(res->res_dir.password);
323 if (res->res_dir.address) {
324 free(res->res_dir.address);
326 if (res->res_dir.tls_ctx) {
327 free_tls_context(res->res_dir.tls_ctx);
329 if (res->res_dir.tls_ca_certfile) {
330 free(res->res_dir.tls_ca_certfile);
332 if (res->res_dir.tls_ca_certdir) {
333 free(res->res_dir.tls_ca_certdir);
335 if (res->res_dir.tls_certfile) {
336 free(res->res_dir.tls_certfile);
338 if (res->res_dir.tls_keyfile) {
339 free(res->res_dir.tls_keyfile);
341 if (res->res_dir.tls_dhfile) {
342 free(res->res_dir.tls_dhfile);
344 if (res->res_dir.tls_allowed_cns) {
345 delete res->res_dir.tls_allowed_cns;
347 if (res->res_dir.disable_cmds) {
348 delete res->res_dir.disable_cmds;
350 if (res->res_dir.disabled_cmds_array) {
351 free(res->res_dir.disabled_cmds_array);
355 if (res->res_cons.password) {
356 free(res->res_cons.password);
358 if (res->res_cons.address) {
359 free(res->res_cons.address);
361 if (res->res_cons.tls_ctx) {
362 free_tls_context(res->res_cons.tls_ctx);
364 if (res->res_cons.tls_ca_certfile) {
365 free(res->res_cons.tls_ca_certfile);
367 if (res->res_cons.tls_ca_certdir) {
368 free(res->res_cons.tls_ca_certdir);
370 if (res->res_cons.tls_certfile) {
371 free(res->res_cons.tls_certfile);
373 if (res->res_cons.tls_keyfile) {
374 free(res->res_cons.tls_keyfile);
376 if (res->res_cons.tls_dhfile) {
377 free(res->res_cons.tls_dhfile);
379 if (res->res_cons.tls_allowed_cns) {
380 delete res->res_cons.tls_allowed_cns;
384 if (res->res_client.working_directory) {
385 free(res->res_client.working_directory);
387 if (res->res_client.pid_directory) {
388 free(res->res_client.pid_directory);
390 if (res->res_client.subsys_directory) {
391 free(res->res_client.subsys_directory);
393 if (res->res_client.scripts_directory) {
394 free(res->res_client.scripts_directory);
396 if (res->res_client.plugin_directory) {
397 free(res->res_client.plugin_directory);
399 if (res->res_client.FDaddrs) {
400 free_addresses(res->res_client.FDaddrs);
402 if (res->res_client.FDsrc_addr) {
403 free_addresses(res->res_client.FDsrc_addr);
405 if (res->res_client.snapshot_command) {
406 free(res->res_client.snapshot_command);
408 if (res->res_client.pki_keypair_file) {
409 free(res->res_client.pki_keypair_file);
411 if (res->res_client.pki_keypair) {
412 crypto_keypair_free(res->res_client.pki_keypair);
415 if (res->res_client.pki_signing_key_files) {
416 delete res->res_client.pki_signing_key_files;
418 if (res->res_client.pki_signers) {
419 X509_KEYPAIR *keypair;
420 foreach_alist(keypair, res->res_client.pki_signers) {
421 crypto_keypair_free(keypair);
423 delete res->res_client.pki_signers;
426 if (res->res_client.pki_master_key_files) {
427 delete res->res_client.pki_master_key_files;
430 if (res->res_client.pki_recipients) {
431 X509_KEYPAIR *keypair;
432 foreach_alist(keypair, res->res_client.pki_recipients) {
433 crypto_keypair_free(keypair);
435 delete res->res_client.pki_recipients;
438 if (res->res_client.tls_ctx) {
439 free_tls_context(res->res_client.tls_ctx);
441 if (res->res_client.tls_ca_certfile) {
442 free(res->res_client.tls_ca_certfile);
444 if (res->res_client.tls_ca_certdir) {
445 free(res->res_client.tls_ca_certdir);
447 if (res->res_client.tls_certfile) {
448 free(res->res_client.tls_certfile);
450 if (res->res_client.tls_keyfile) {
451 free(res->res_client.tls_keyfile);
453 if (res->res_client.disable_cmds) {
454 delete res->res_client.disable_cmds;
456 if (res->res_client.disabled_cmds_array) {
457 free(res->res_client.disabled_cmds_array);
459 if (res->res_client.verid) {
460 free(res->res_client.verid);
464 if (res->res_msgs.mail_cmd) {
465 free(res->res_msgs.mail_cmd);
467 if (res->res_msgs.operator_cmd) {
468 free(res->res_msgs.operator_cmd);
470 free_msgs_res((MSGS *)res); /* free message resource */
474 printf(_("Unknown resource type %d\n"), type);
476 /* Common stuff again -- free the resource, recurse to next one */
482 /* Save the new resource by chaining it into the head list for
483 * the resource. If this is pass 2, we update any resource
484 * pointers (currently only in the Job resource).
486 bool save_resource(CONFIG *config, int type, RES_ITEM *items, int pass)
490 int rindex = type - r_first;
495 * Ensure that all required items are present
497 for (i=0; items[i].name; i++) {
498 if (items[i].flags & ITEM_REQUIRED) {
499 if (!bit_is_set(i, res_all.res_dir.hdr.item_present)) {
500 Mmsg(config->m_errmsg, _("\"%s\" directive is required in \"%s\" resource, but not found.\n"),
501 items[i].name, resources[rindex].name);
507 /* During pass 2, we looked up pointers to all the resources
508 * referrenced in the current resource, , now we
509 * must copy their address from the static record to the allocated
514 /* Resources not containing a resource */
518 /* Resources containing another resource */
520 if ((res = (URES *)GetResWithName(R_DIRECTOR, res_all.res_dir.hdr.name)) == NULL) {
521 Mmsg(config->m_errmsg, _("Cannot find Director resource %s\n"), res_all.res_dir.hdr.name);
524 res->res_dir.tls_allowed_cns = res_all.res_dir.tls_allowed_cns;
525 res->res_dir.disable_cmds = res_all.res_dir.disable_cmds;
526 res->res_dir.console = res_all.res_dir.console;
527 if (res_all.res_dir.remote && !res_all.res_dir.console) {
528 if ((cons = (CONSRES *)GetNextRes(R_CONSOLE, NULL)) == NULL) {
529 Mmsg(config->m_errmsg, _("Cannot find any Console resource for remote access\n"));
532 res->res_dir.console = cons;
535 /* Resources containing another resource */
539 if ((res = (URES *)GetResWithName(R_CLIENT, res_all.res_dir.hdr.name)) == NULL) {
540 Mmsg(config->m_errmsg, _("Cannot find Client resource %s\n"), res_all.res_dir.hdr.name);
543 res->res_client.pki_signing_key_files = res_all.res_client.pki_signing_key_files;
544 res->res_client.pki_master_key_files = res_all.res_client.pki_master_key_files;
546 res->res_client.pki_signers = res_all.res_client.pki_signers;
547 res->res_client.pki_recipients = res_all.res_client.pki_recipients;
549 res->res_client.messages = res_all.res_client.messages;
550 res->res_client.disable_cmds = res_all.res_client.disable_cmds;
553 Emsg1(M_ERROR, 0, _("Unknown resource type %d\n"), type);
557 /* Note, the resoure name was already saved during pass 1,
558 * so here, we can just release it.
560 if (res_all.res_dir.hdr.name) {
561 free(res_all.res_dir.hdr.name);
562 res_all.res_dir.hdr.name = NULL;
564 if (res_all.res_dir.hdr.desc) {
565 free(res_all.res_dir.hdr.desc);
566 res_all.res_dir.hdr.desc = NULL;
571 /* The following code is only executed on pass 1 */
574 size = sizeof(DIRRES);
577 size = sizeof(CONSRES);
580 size = sizeof(CLIENT);
586 printf(_("Unknown resource type %d\n"), type);
593 if (!config->insert_res(rindex, size)) {
600 bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code)
602 config->init(configfile, NULL, exit_code, (void *)&res_all, res_all_size,
603 r_first, r_last, resources, &res_head);
604 return config->parse_config();
projects / bacula / bacula / blob