2 Bacula(R) - The Network Backup Solution
4 Copyright (C) 2000-2015 Kern Sibbald
6 The original author of Bacula is Kern Sibbald, with contributions
7 from many others, a complete list can be found in the file AUTHORS.
9 You may use this file and others of this release according to the
10 license defined in the LICENSE file, which includes the Affero General
11 Public License, v3.0 ("AGPLv3") and some additional permissions and
12 terms pursuant to its AGPLv3 Section 7.
14 This notice must be preserved when any source code is
15 conveyed and/or propagated.
17 Bacula(R) is a registered trademark of Kern Sibbald.
20 * Main configuration file parser for Bacula File Daemon (Client)
21 * some parts may be split into separate files such as
22 * the schedule configuration (sch_config.c).
24 * Note, the configuration file parser consists of three parts
26 * 1. The generic lexical scanner in lib/lex.c and lib/lex.h
28 * 2. The generic config scanner in lib/parse_config.c and
30 * These files contain the parser code, some utility
31 * routines, and the common store routines (name, int,
34 * 3. The daemon specific file, which contains the Resource
35 * definitions as well as any specific store routines
36 * for the resource records.
38 * Kern Sibbald, September MM
45 /* Define the first and last resource ID record
46 * types. Note, these should be unique for each
47 * daemon though not a requirement.
49 int32_t r_first = R_FIRST;
50 int32_t r_last = R_LAST;
51 static RES *sres_head[R_LAST - R_FIRST + 1];
52 RES **res_head = sres_head;
55 /* Forward referenced subroutines */
58 /* We build the current resource here as we are
59 * scanning the resource configuration definition,
60 * then move it to allocated memory when the resource
64 extern "C" { // work around visual compiler mangling variables
70 int32_t res_all_size = sizeof(res_all);
72 /* Forward definition for encyption cipher/digest type */
73 static void store_cipher_type(LEX *lc, RES_ITEM *item, int index, int pass);
74 static void store_digest_type(LEX *lc, RES_ITEM *item, int index, int pass);
76 /* Definition of records permitted within each
77 * resource with the routine to process the record
81 /* Client or File daemon "Global" resources */
82 static RES_ITEM cli_items[] = {
83 {"Name", store_name, ITEM(res_client.hdr.name), 0, ITEM_REQUIRED, 0},
84 {"Description", store_str, ITEM(res_client.hdr.desc), 0, 0, 0},
85 {"FdPort", store_addresses_port, ITEM(res_client.FDaddrs), 0, ITEM_DEFAULT, 9102},
86 {"FdAddress", store_addresses_address, ITEM(res_client.FDaddrs), 0, ITEM_DEFAULT, 9102},
87 {"FdAddresses", store_addresses, ITEM(res_client.FDaddrs), 0, ITEM_DEFAULT, 9102},
88 {"FdSourceAddress", store_addresses_address, ITEM(res_client.FDsrc_addr), 0, ITEM_DEFAULT, 0},
90 {"WorkingDirectory", store_dir, ITEM(res_client.working_directory), 0, ITEM_REQUIRED, 0},
91 {"PidDirectory", store_dir, ITEM(res_client.pid_directory), 0, ITEM_REQUIRED, 0},
92 {"SubsysDirectory", store_dir, ITEM(res_client.subsys_directory), 0, 0, 0},
93 {"PluginDirectory", store_dir, ITEM(res_client.plugin_directory), 0, 0, 0},
94 {"SnapshotCommand", store_str, ITEM(res_client.snapshot_command), 0, 0, 0},
95 {"ScriptsDirectory", store_dir, ITEM(res_client.scripts_directory), 0, 0, 0},
96 {"MaximumConcurrentJobs", store_pint32, ITEM(res_client.MaxConcurrentJobs), 0, ITEM_DEFAULT, 20},
97 {"Messages", store_res, ITEM(res_client.messages), R_MSGS, 0, 0},
98 {"SdConnectTimeout", store_time,ITEM(res_client.SDConnectTimeout), 0, ITEM_DEFAULT, 60 * 30},
99 {"HeartbeatInterval", store_time, ITEM(res_client.heartbeat_interval), 0, ITEM_DEFAULT, 5 * 60},
100 {"MaximumNetWorkBufferSize", store_pint32, ITEM(res_client.max_network_buffer_size), 0, 0, 0},
101 #ifdef DATA_ENCRYPTION
102 {"PkiSignatures", store_bool, ITEM(res_client.pki_sign), 0, ITEM_DEFAULT, 0},
103 {"PkiEncryption", store_bool, ITEM(res_client.pki_encrypt), 0, ITEM_DEFAULT, 0},
104 {"PkiKeyPair", store_dir, ITEM(res_client.pki_keypair_file), 0, 0, 0},
105 {"PkiSigner", store_alist_str, ITEM(res_client.pki_signing_key_files), 0, 0, 0},
106 {"PkiMasterKey", store_alist_str, ITEM(res_client.pki_master_key_files), 0, 0, 0},
107 {"PkiCipher", store_cipher_type, ITEM(res_client.pki_cipher), 0, 0, 0},
108 {"PkiDigest", store_digest_type, ITEM(res_client.pki_digest), 0, 0, 0},
110 {"TlsAuthenticate", store_bool, ITEM(res_client.tls_authenticate), 0, 0, 0},
111 {"TlsEnable", store_bool, ITEM(res_client.tls_enable), 0, 0, 0},
112 {"TlsRequire", store_bool, ITEM(res_client.tls_require), 0, 0, 0},
113 {"TlsCaCertificateFile", store_dir, ITEM(res_client.tls_ca_certfile), 0, 0, 0},
114 {"TlsCaCertificateDir", store_dir, ITEM(res_client.tls_ca_certdir), 0, 0, 0},
115 {"TlsCertificate", store_dir, ITEM(res_client.tls_certfile), 0, 0, 0},
116 {"TlsKey", store_dir, ITEM(res_client.tls_keyfile), 0, 0, 0},
117 {"VerId", store_str, ITEM(res_client.verid), 0, 0, 0},
118 {"MaximumBandwidthPerJob",store_speed, ITEM(res_client.max_bandwidth_per_job), 0, 0, 0},
119 {"DisableCommand", store_alist_str, ITEM(res_client.disable_cmds), 0, 0, 0},
120 {NULL, NULL, {0}, 0, 0, 0}
123 /* Directors that can use our services */
124 static RES_ITEM dir_items[] = {
125 {"Name", store_name, ITEM(res_dir.hdr.name), 0, ITEM_REQUIRED, 0},
126 {"Description", store_str, ITEM(res_dir.hdr.desc), 0, 0, 0},
127 {"Password", store_password, ITEM(res_dir.password), 0, ITEM_REQUIRED, 0},
128 {"Address", store_str, ITEM(res_dir.address), 0, 0, 0},
129 {"Monitor", store_bool, ITEM(res_dir.monitor), 0, ITEM_DEFAULT, 0},
130 {"TlsAuthenticate", store_bool, ITEM(res_dir.tls_authenticate), 0, 0, 0},
131 {"TlsEnable", store_bool, ITEM(res_dir.tls_enable), 0, 0, 0},
132 {"TlsRequire", store_bool, ITEM(res_dir.tls_require), 0, 0, 0},
133 {"TlsVerifyPeer", store_bool, ITEM(res_dir.tls_verify_peer), 0, ITEM_DEFAULT, 1},
134 {"TlsCaCertificateFile", store_dir, ITEM(res_dir.tls_ca_certfile), 0, 0, 0},
135 {"TlsCaCertificateDir", store_dir, ITEM(res_dir.tls_ca_certdir), 0, 0, 0},
136 {"TlsCertificate", store_dir, ITEM(res_dir.tls_certfile), 0, 0, 0},
137 {"TlsKey", store_dir, ITEM(res_dir.tls_keyfile), 0, 0, 0},
138 {"TlsDhFile", store_dir, ITEM(res_dir.tls_dhfile), 0, 0, 0},
139 {"TlsAllowedCn", store_alist_str, ITEM(res_dir.tls_allowed_cns), 0, 0, 0},
140 {"MaximumBandwidthPerJob", store_speed, ITEM(res_dir.max_bandwidth_per_job), 0, 0, 0},
141 {"DisableCommand", store_alist_str, ITEM(res_dir.disable_cmds), 0, 0, 0},
142 {NULL, NULL, {0}, 0, 0, 0}
145 /* Message resource */
146 extern RES_ITEM msgs_items[];
149 * This is the master resource definition.
150 * It must have one item for each of the resources.
152 RES_TABLE resources[] = {
153 {"Director", dir_items, R_DIRECTOR},
154 {"FileDaemon", cli_items, R_CLIENT},
155 {"Messages", msgs_items, R_MSGS},
156 {"Client", cli_items, R_CLIENT}, /* alias for filedaemon */
160 /* Cipher/Digest keyword structure */
162 const char *type_name;
166 struct s_ct ciphertypes[] = {
167 {"aes128", CRYPTO_CIPHER_AES_128_CBC},
168 {"aes192", CRYPTO_CIPHER_AES_192_CBC},
169 {"aes256", CRYPTO_CIPHER_AES_256_CBC},
170 {"blowfish", CRYPTO_CIPHER_BLOWFISH_CBC},
174 struct s_ct digesttypes[] = {
175 {"md5", CRYPTO_DIGEST_MD5},
176 {"sha1", CRYPTO_DIGEST_SHA1},
177 {"sha256", CRYPTO_DIGEST_SHA256},
178 // {"sha512", CRYPTO_DIGEST_SHA512}, /* Not working yet */
186 static void store_cipher_type(LEX *lc, RES_ITEM *item, int index, int pass)
190 lex_get_token(lc, T_NAME);
191 /* Store the type both pass 1 and pass 2 */
192 for (i=0; ciphertypes[i].type_name; i++) {
193 if (strcasecmp(lc->str, ciphertypes[i].type_name) == 0) {
194 *(uint32_t *)(item->value) = ciphertypes[i].type_value;
200 scan_err1(lc, _("Expected a Cipher Type keyword, got: %s"), lc->str);
203 set_bit(index, res_all.hdr.item_present);
210 static void store_digest_type(LEX *lc, RES_ITEM *item, int index, int pass)
214 lex_get_token(lc, T_NAME);
215 /* Store the type both pass 1 and pass 2 */
216 for (i=0; digesttypes[i].type_name; i++) {
217 if (strcasecmp(lc->str, digesttypes[i].type_name) == 0) {
218 *(uint32_t *)(item->value) = digesttypes[i].type_value;
224 scan_err1(lc, _("Expected a Cipher Type keyword, got: %s"), lc->str);
227 set_bit(index, res_all.hdr.item_present);
230 /* Dump contents of resource */
231 void dump_resource(int type, RES *ares, void sendit(void *sock, const char *fmt, ...), void *sock)
233 URES *res = (URES *)ares;
237 sendit(sock, "No record for %d %s\n", type, res_to_str(type));
240 if (type < 0) { /* no recursion */
246 sendit(sock, "Director: name=%s password=%s\n", ares->name,
247 res->res_dir.password);
250 sendit(sock, "Client: name=%s FDport=%d\n", ares->name,
251 get_first_port_host_order(res->res_client.FDaddrs));
254 sendit(sock, "Messages: name=%s\n", res->res_msgs.hdr.name);
255 if (res->res_msgs.mail_cmd)
256 sendit(sock, " mailcmd=%s\n", res->res_msgs.mail_cmd);
257 if (res->res_msgs.operator_cmd)
258 sendit(sock, " opcmd=%s\n", res->res_msgs.operator_cmd);
261 sendit(sock, "Unknown resource type %d\n", type);
263 ares = GetNextRes(type, ares);
264 if (recurse && res->res_dir.hdr.next) {
265 dump_resource(type, res->res_dir.hdr.next, sendit, sock);
271 * Free memory of resource.
272 * NB, we don't need to worry about freeing any references
273 * to other resources as they will be freed when that
274 * resource chain is traversed. Mainly we worry about freeing
275 * allocated strings (names).
277 void free_resource(RES *sres, int type)
280 URES *res = (URES *)sres;
286 /* common stuff -- free the resource name */
287 nres = (RES *)res->res_dir.hdr.next;
288 if (res->res_dir.hdr.name) {
289 free(res->res_dir.hdr.name);
291 if (res->res_dir.hdr.desc) {
292 free(res->res_dir.hdr.desc);
296 if (res->res_dir.password) {
297 free(res->res_dir.password);
299 if (res->res_dir.address) {
300 free(res->res_dir.address);
302 if (res->res_dir.tls_ctx) {
303 free_tls_context(res->res_dir.tls_ctx);
305 if (res->res_dir.tls_ca_certfile) {
306 free(res->res_dir.tls_ca_certfile);
308 if (res->res_dir.tls_ca_certdir) {
309 free(res->res_dir.tls_ca_certdir);
311 if (res->res_dir.tls_certfile) {
312 free(res->res_dir.tls_certfile);
314 if (res->res_dir.tls_keyfile) {
315 free(res->res_dir.tls_keyfile);
317 if (res->res_dir.tls_dhfile) {
318 free(res->res_dir.tls_dhfile);
320 if (res->res_dir.tls_allowed_cns) {
321 delete res->res_dir.tls_allowed_cns;
323 if (res->res_dir.disable_cmds) {
324 delete res->res_dir.disable_cmds;
326 if (res->res_dir.disabled_cmds_array) {
327 free(res->res_dir.disabled_cmds_array);
331 if (res->res_client.working_directory) {
332 free(res->res_client.working_directory);
334 if (res->res_client.pid_directory) {
335 free(res->res_client.pid_directory);
337 if (res->res_client.subsys_directory) {
338 free(res->res_client.subsys_directory);
340 if (res->res_client.scripts_directory) {
341 free(res->res_client.scripts_directory);
343 if (res->res_client.plugin_directory) {
344 free(res->res_client.plugin_directory);
346 if (res->res_client.FDaddrs) {
347 free_addresses(res->res_client.FDaddrs);
349 if (res->res_client.FDsrc_addr) {
350 free_addresses(res->res_client.FDsrc_addr);
352 if (res->res_client.snapshot_command) {
353 free(res->res_client.snapshot_command);
355 if (res->res_client.pki_keypair_file) {
356 free(res->res_client.pki_keypair_file);
358 if (res->res_client.pki_keypair) {
359 crypto_keypair_free(res->res_client.pki_keypair);
362 if (res->res_client.pki_signing_key_files) {
363 delete res->res_client.pki_signing_key_files;
365 if (res->res_client.pki_signers) {
366 X509_KEYPAIR *keypair;
367 foreach_alist(keypair, res->res_client.pki_signers) {
368 crypto_keypair_free(keypair);
370 delete res->res_client.pki_signers;
373 if (res->res_client.pki_master_key_files) {
374 delete res->res_client.pki_master_key_files;
377 if (res->res_client.pki_recipients) {
378 X509_KEYPAIR *keypair;
379 foreach_alist(keypair, res->res_client.pki_recipients) {
380 crypto_keypair_free(keypair);
382 delete res->res_client.pki_recipients;
385 if (res->res_client.tls_ctx) {
386 free_tls_context(res->res_client.tls_ctx);
388 if (res->res_client.tls_ca_certfile) {
389 free(res->res_client.tls_ca_certfile);
391 if (res->res_client.tls_ca_certdir) {
392 free(res->res_client.tls_ca_certdir);
394 if (res->res_client.tls_certfile) {
395 free(res->res_client.tls_certfile);
397 if (res->res_client.tls_keyfile) {
398 free(res->res_client.tls_keyfile);
400 if (res->res_client.disable_cmds) {
401 delete res->res_client.disable_cmds;
403 if (res->res_client.disabled_cmds_array) {
404 free(res->res_client.disabled_cmds_array);
406 if (res->res_client.verid) {
407 free(res->res_client.verid);
411 if (res->res_msgs.mail_cmd) {
412 free(res->res_msgs.mail_cmd);
414 if (res->res_msgs.operator_cmd) {
415 free(res->res_msgs.operator_cmd);
417 free_msgs_res((MSGS *)res); /* free message resource */
421 printf(_("Unknown resource type %d\n"), type);
423 /* Common stuff again -- free the resource, recurse to next one */
428 free_resource(nres, type);
432 /* Save the new resource by chaining it into the head list for
433 * the resource. If this is pass 2, we update any resource
434 * pointers (currently only in the Job resource).
436 void save_resource(int type, RES_ITEM *items, int pass)
439 int rindex = type - r_first;
444 * Ensure that all required items are present
446 for (i=0; items[i].name; i++) {
447 if (items[i].flags & ITEM_REQUIRED) {
448 if (!bit_is_set(i, res_all.res_dir.hdr.item_present)) {
449 Emsg2(M_ERROR_TERM, 0, _("%s item is required in %s resource, but not found.\n"),
450 items[i].name, resources[rindex]);
455 /* During pass 2, we looked up pointers to all the resources
456 * referrenced in the current resource, , now we
457 * must copy their address from the static record to the allocated
462 /* Resources not containing a resource */
466 /* Resources containing another resource */
468 if ((res = (URES *)GetResWithName(R_DIRECTOR, res_all.res_dir.hdr.name)) == NULL) {
469 Emsg1(M_ABORT, 0, _("Cannot find Director resource %s\n"), res_all.res_dir.hdr.name);
471 res->res_dir.tls_allowed_cns = res_all.res_dir.tls_allowed_cns;
472 res->res_dir.disable_cmds = res_all.res_dir.disable_cmds;
475 if ((res = (URES *)GetResWithName(R_CLIENT, res_all.res_dir.hdr.name)) == NULL) {
476 Emsg1(M_ABORT, 0, _("Cannot find Client resource %s\n"), res_all.res_dir.hdr.name);
478 res->res_client.pki_signing_key_files = res_all.res_client.pki_signing_key_files;
479 res->res_client.pki_master_key_files = res_all.res_client.pki_master_key_files;
481 res->res_client.pki_signers = res_all.res_client.pki_signers;
482 res->res_client.pki_recipients = res_all.res_client.pki_recipients;
484 res->res_client.messages = res_all.res_client.messages;
485 res->res_client.disable_cmds = res_all.res_client.disable_cmds;
488 Emsg1(M_ERROR, 0, _("Unknown resource type %d\n"), type);
492 /* Note, the resoure name was already saved during pass 1,
493 * so here, we can just release it.
495 if (res_all.res_dir.hdr.name) {
496 free(res_all.res_dir.hdr.name);
497 res_all.res_dir.hdr.name = NULL;
499 if (res_all.res_dir.hdr.desc) {
500 free(res_all.res_dir.hdr.desc);
501 res_all.res_dir.hdr.desc = NULL;
506 /* The following code is only executed on pass 1 */
509 size = sizeof(DIRRES);
512 size = sizeof(CLIENT);
518 printf(_("Unknown resource type %d\n"), type);
525 res = (URES *)malloc(size);
526 memcpy(res, &res_all, size);
527 if (!res_head[rindex]) {
528 res_head[rindex] = (RES *)res; /* store first entry */
531 /* Add new res to end of chain */
532 for (last=next=res_head[rindex]; next; next=next->next) {
534 if (strcmp(next->name, res->res_dir.hdr.name) == 0) {
535 Emsg2(M_ERROR_TERM, 0,
536 _("Attempt to define second %s resource named \"%s\" is not permitted.\n"),
537 resources[rindex].name, res->res_dir.hdr.name);
540 last->next = (RES *)res;
541 Dmsg2(90, "Inserting %s res: %s\n", res_to_str(type),
542 res->res_dir.hdr.name);
547 bool parse_fd_config(CONFIG *config, const char *configfile, int exit_code)
549 config->init(configfile, NULL, exit_code, (void *)&res_all, res_all_size,
550 r_first, r_last, resources, res_head);
551 return config->parse_config();