* Version $Id$
*/
/*
- Copyright (C) 2000, 2001, 2002 Kern Sibbald and John Walker
+ Copyright (C) 2000-2005 Kern Sibbald
This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
+ modify it under the terms of the GNU General Public License
+ version 2 as amended with additional clauses defined in the
+ file LICENSE in the main source directory.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public
- License along with this program; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
-
#include "bacula.h"
#include "filed.h"
* then move it to allocated memory when the resource
* scan is complete.
*/
-#if defined(HAVE_WIN32) && !defined(HAVE_CYGWIN)
+#if defined(_MSC_VER)
extern "C" { // work around visual compiler mangling variables
URES res_all;
- int res_all_size = sizeof(res_all);
}
#else
URES res_all;
-int res_all_size = sizeof(res_all);
#endif
+int res_all_size = sizeof(res_all);
/* Definition of records permitted within each
* resource with the routine to process the record
{"piddirectory", store_dir, ITEM(res_client.pid_directory), 0, ITEM_REQUIRED, 0},
{"subsysdirectory", store_dir, ITEM(res_client.subsys_directory), 0, 0, 0},
{"scriptsdirectory", store_dir, ITEM(res_client.scripts_directory), 0, 0, 0},
- {"requiressl", store_yesno, ITEM(res_client.require_ssl), 1, ITEM_DEFAULT, 0},
{"maximumconcurrentjobs", store_pint, ITEM(res_client.MaxConcurrentJobs), 0, ITEM_DEFAULT, 10},
{"messages", store_res, ITEM(res_client.messages), R_MSGS, 0, 0},
{"heartbeatinterval", store_time, ITEM(res_client.heartbeat_interval), 0, ITEM_DEFAULT, 0},
{"sdconnecttimeout", store_time,ITEM(res_client.SDConnectTimeout), 0, ITEM_DEFAULT, 60 * 30},
{"maximumnetworkbuffersize", store_pint, ITEM(res_client.max_network_buffer_size), 0, 0, 0},
- {NULL, NULL, NULL, 0, 0, 0}
+ {"pkisignatures", store_bool, ITEM(res_client.pki_sign), 0, ITEM_DEFAULT, 0},
+ {"pkiencryption", store_bool, ITEM(res_client.pki_encrypt), 0, ITEM_DEFAULT, 0},
+ {"pkikeypair", store_dir, ITEM(res_client.pki_keypair_file), 0, 0, 0},
+ {"pkisigner", store_alist_str, ITEM(res_client.pki_signing_key_files), 0, 0, 0},
+ {"pkimasterkey", store_alist_str, ITEM(res_client.pki_master_key_files), 0, 0, 0},
+ {"tlsenable", store_bool, ITEM(res_client.tls_enable), 0, 0, 0},
+ {"tlsrequire", store_bool, ITEM(res_client.tls_require), 0, 0, 0},
+ {"tlscacertificatefile", store_dir, ITEM(res_client.tls_ca_certfile), 0, 0, 0},
+ {"tlscacertificatedir", store_dir, ITEM(res_client.tls_ca_certdir), 0, 0, 0},
+ {"tlscertificate", store_dir, ITEM(res_client.tls_certfile), 0, 0, 0},
+ {"tlskey", store_dir, ITEM(res_client.tls_keyfile), 0, 0, 0},
+ {NULL, NULL, {0}, 0, 0, 0}
};
/* Directors that can use our services */
{"description", store_str, ITEM(res_dir.hdr.desc), 0, 0, 0},
{"password", store_password, ITEM(res_dir.password), 0, ITEM_REQUIRED, 0},
{"address", store_str, ITEM(res_dir.address), 0, 0, 0},
- {"enablessl", store_yesno, ITEM(res_dir.enable_ssl),1, ITEM_DEFAULT, 0},
- {"monitor", store_yesno, ITEM(res_dir.monitor), 1, ITEM_DEFAULT, 0},
- {NULL, NULL, NULL, 0, 0, 0}
+ {"monitor", store_bool, ITEM(res_dir.monitor), 0, ITEM_DEFAULT, 0},
+ {"tlsenable", store_bool, ITEM(res_dir.tls_enable), 0, 0, 0},
+ {"tlsrequire", store_bool, ITEM(res_dir.tls_require), 0, 0, 0},
+ {"tlsverifypeer", store_bool, ITEM(res_dir.tls_verify_peer), 0, ITEM_DEFAULT, 1},
+ {"tlscacertificatefile", store_dir, ITEM(res_dir.tls_ca_certfile), 0, 0, 0},
+ {"tlscacertificatedir", store_dir, ITEM(res_dir.tls_ca_certdir), 0, 0, 0},
+ {"tlscertificate", store_dir, ITEM(res_dir.tls_certfile), 0, 0, 0},
+ {"tlskey", store_dir, ITEM(res_dir.tls_keyfile), 0, 0, 0},
+ {"tlsdhfile", store_dir, ITEM(res_dir.tls_dhfile), 0, 0, 0},
+ {"tlsallowedcn", store_alist_str, ITEM(res_dir.tls_allowed_cns), 0, 0, 0},
+ {NULL, NULL, {0}, 0, 0, 0}
};
/* Message resource */
if (res->res_dir.address) {
free(res->res_dir.address);
}
+ if (res->res_dir.tls_ctx) {
+ free_tls_context(res->res_dir.tls_ctx);
+ }
+ if (res->res_dir.tls_ca_certfile) {
+ free(res->res_dir.tls_ca_certfile);
+ }
+ if (res->res_dir.tls_ca_certdir) {
+ free(res->res_dir.tls_ca_certdir);
+ }
+ if (res->res_dir.tls_certfile) {
+ free(res->res_dir.tls_certfile);
+ }
+ if (res->res_dir.tls_keyfile) {
+ free(res->res_dir.tls_keyfile);
+ }
+ if (res->res_dir.tls_dhfile) {
+ free(res->res_dir.tls_dhfile);
+ }
+ if (res->res_dir.tls_allowed_cns) {
+ delete res->res_dir.tls_allowed_cns;
+ }
break;
case R_CLIENT:
if (res->res_client.working_directory) {
if (res->res_client.subsys_directory) {
free(res->res_client.subsys_directory);
}
+ if (res->res_client.scripts_directory) {
+ free(res->res_client.scripts_directory);
+ }
if (res->res_client.FDaddrs) {
free_addresses(res->res_client.FDaddrs);
}
+
+ if (res->res_client.pki_keypair_file) {
+ free(res->res_client.pki_keypair_file);
+ }
+ if (res->res_client.pki_keypair) {
+ crypto_keypair_free(res->res_client.pki_keypair);
+ }
+
+ if (res->res_client.pki_signing_key_files) {
+ delete res->res_client.pki_signing_key_files;
+ }
+ if (res->res_client.pki_signers) {
+ X509_KEYPAIR *keypair;
+ foreach_alist(keypair, res->res_client.pki_signers) {
+ crypto_keypair_free(keypair);
+ }
+ delete res->res_client.pki_signers;
+ }
+
+ if (res->res_client.pki_master_key_files) {
+ delete res->res_client.pki_master_key_files;
+ }
+
+ if (res->res_client.pki_recipients) {
+ X509_KEYPAIR *keypair;
+ foreach_alist(keypair, res->res_client.pki_recipients) {
+ crypto_keypair_free(keypair);
+ }
+ delete res->res_client.pki_recipients;
+ }
+
+ if (res->res_client.tls_ctx) {
+ free_tls_context(res->res_client.tls_ctx);
+ }
+ if (res->res_client.tls_ca_certfile) {
+ free(res->res_client.tls_ca_certfile);
+ }
+ if (res->res_client.tls_ca_certdir) {
+ free(res->res_client.tls_ca_certdir);
+ }
+ if (res->res_client.tls_certfile) {
+ free(res->res_client.tls_certfile);
+ }
+ if (res->res_client.tls_keyfile) {
+ free(res->res_client.tls_keyfile);
+ }
break;
case R_MSGS:
if (res->res_msgs.mail_cmd)
res = NULL;
break;
default:
- printf("Unknown resource type %d\n", type);
+ printf(_("Unknown resource type %d\n"), type);
}
/* Common stuff again -- free the resource, recurse to next one */
if (res) {
switch (type) {
/* Resources not containing a resource */
case R_MSGS:
- case R_DIRECTOR:
break;
/* Resources containing another resource */
+ case R_DIRECTOR:
+ if ((res = (URES *)GetResWithName(R_DIRECTOR, res_all.res_dir.hdr.name)) == NULL) {
+ Emsg1(M_ABORT, 0, _("Cannot find Director resource %s\n"), res_all.res_dir.hdr.name);
+ }
+ res->res_dir.tls_allowed_cns = res_all.res_dir.tls_allowed_cns;
+ break;
case R_CLIENT:
if ((res = (URES *)GetResWithName(R_CLIENT, res_all.res_dir.hdr.name)) == NULL) {
- Emsg1(M_ABORT, 0, "Cannot find Client resource %s\n", res_all.res_dir.hdr.name);
+ Emsg1(M_ABORT, 0, _("Cannot find Client resource %s\n"), res_all.res_dir.hdr.name);
}
+ res->res_client.pki_signing_key_files = res_all.res_client.pki_signing_key_files;
+ res->res_client.pki_master_key_files = res_all.res_client.pki_master_key_files;
+
+ res->res_client.pki_signers = res_all.res_client.pki_signers;
+ res->res_client.pki_recipients = res_all.res_client.pki_recipients;
+
res->res_client.messages = res_all.res_client.messages;
break;
default: