static bool clientscmd(UAContext *ua, const char *cmd)
{
CLIENTRES *client;
LockRes();
foreach_res(client, R_CLIENT) {
if (acl_access_ok(ua, Client_ACL, client->name())) {
ua->send_msg("%s\n", client->name());
}
}
UnlockRes();
return true;
}
bool dot_clients_cmd(UAContext *ua, const char *cmd)
{
CLIENTRES *client;
LockRes();
ua->send->array_start("clients");
foreach_res(client, R_CLIENT) {
if (acl_access_ok(ua, Client_ACL, client->name())) {
ua->send->object_start();
ua->send->object_key_value("name", client->name(), "%s\n");
ua->send->object_end();
}
}
ua->send->array_end("clients");
UnlockRes();
return true;
}
/*
* Make a quick check to see that we have all the
* resources needed.
*
* **** FIXME **** this routine could be a lot more
* intelligent and comprehensive.
*/
static bool check_resources()
{
bool OK = true;
JOBRES *job;
bool need_tls;
LockRes();
job = (JOBRES *)GetNextRes(R_JOB, NULL);
me = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
if (!me) {
Jmsg(NULL, M_FATAL, 0, _("No Director resource defined in %s\n"
"Without that I don't know who I am :-(\n"), configfile);
OK = false;
goto bail_out;
} else {
my_config->m_omit_defaults = me->omit_defaults;
set_working_directory(me->working_directory);
if (!me->messages) { /* If message resource not specified */
me->messages = (MSGSRES *)GetNextRes(R_MSGS, NULL);
if (!me->messages) {
Jmsg(NULL, M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
OK = false;
goto bail_out;
}
}
/*
* When the user didn't force use we optimize for size.
*/
if (!me->optimize_for_size && !me->optimize_for_speed) {
me->optimize_for_size = true;
} else if (me->optimize_for_size && me->optimize_for_speed) {
Jmsg(NULL, M_FATAL, 0, _("Cannot optimize for speed and size define only one in %s\n"), configfile);
OK = false;
goto bail_out;
}
if (GetNextRes(R_DIRECTOR, (RES *)me) != NULL) {
Jmsg(NULL, M_FATAL, 0, _("Only one Director resource permitted in %s\n"),
configfile);
OK = false;
goto bail_out;
}
/*
* tls_require implies tls_enable
*/
if (me->tls_require) {
if (have_tls) {
me->tls_enable = true;
} else {
Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in BAREOS.\n"));
OK = false;
goto bail_out;
}
}
need_tls = me->tls_enable || me->tls_authenticate;
if (!me->tls_certfile && need_tls) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"), me->name(), configfile);
OK = false;
goto bail_out;
}
if (!me->tls_keyfile && need_tls) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"), me->name(), configfile);
OK = false;
goto bail_out;
}
if ((!me->tls_ca_certfile && !me->tls_ca_certdir) &&
need_tls && me->tls_verify_peer) {
Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
" Certificate Dir\" are defined for Director \"%s\" in %s."
" At least one CA certificate store is required"
" when using \"TLS Verify Peer\".\n"),
me->name(), configfile);
OK = false;
goto bail_out;
}
/*
* If everything is well, attempt to initialize our per-resource TLS context
*/
if (OK && (need_tls || me->tls_require)) {
/*
* Initialize TLS context:
* Args: CA certfile, CA certdir, Certfile, Keyfile,
* Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer
*/
me->tls_ctx = new_tls_context(me->tls_ca_certfile,
me->tls_ca_certdir, me->tls_crlfile, me->tls_certfile,
me->tls_keyfile, NULL, NULL, me->tls_dhfile,
me->tls_verify_peer);
if (!me->tls_ctx) {
Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
me->name(), configfile);
OK = false;
goto bail_out;
}
}
}
if (!job) {
Jmsg(NULL, M_FATAL, 0, _("No Job records defined in %s\n"), configfile);
OK = false;
goto bail_out;
}
if (!populate_jobdefs()) {
OK = false;
goto bail_out;
}
/*
* Loop over Consoles
*/
CONRES *cons;
foreach_res(cons, R_CONSOLE) {
/*
* tls_require implies tls_enable
*/
if (cons->tls_require) {
if (have_tls) {
cons->tls_enable = true;
} else {
Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in BAREOS.\n"));
OK = false;
goto bail_out;
}
}
need_tls = cons->tls_enable || cons->tls_authenticate;
if (!cons->tls_certfile && need_tls) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Certificate\" file not defined for Console \"%s\" in %s.\n"),
cons->name(), configfile);
OK = false;
goto bail_out;
}
if (!cons->tls_keyfile && need_tls) {
Jmsg(NULL, M_FATAL, 0, _("\"TLS Key\" file not defined for Console \"%s\" in %s.\n"),
cons->name(), configfile);
OK = false;
goto bail_out;
}
if ((!cons->tls_ca_certfile && !cons->tls_ca_certdir)
&& need_tls && cons->tls_verify_peer) {
Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\" or \"TLS CA"
" Certificate Dir\" are defined for Console \"%s\" in %s."
" At least one CA certificate store is required"
" when using \"TLS Verify Peer\".\n"),
cons->name(), configfile);
OK = false;
goto bail_out;
}
/*
* If everything is well, attempt to initialize our per-resource TLS context
*/
if (OK && (need_tls || cons->tls_require)) {
/*
* Initialize TLS context:
* Args: CA certfile, CA certdir, Certfile, Keyfile,
* Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer
*/
cons->tls_ctx = new_tls_context(cons->tls_ca_certfile,
cons->tls_ca_certdir, cons->tls_crlfile, cons->tls_certfile,
cons->tls_keyfile, NULL, NULL,
cons->tls_dhfile, cons->tls_verify_peer);
if (!cons->tls_ctx) {
Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
cons->name(), configfile);
OK = false;
goto bail_out;
}
}
}
/*
* Loop over Clients
*/
me->subscriptions_used = 0;
CLIENTRES *client;
foreach_res(client, R_CLIENT) {
/*
* Count the number of clients
*
* Only used as indication not an enforced limit.
*/
me->subscriptions_used++;
/*
* tls_require implies tls_enable
*/
if (client->tls_require) {
if (have_tls) {
client->tls_enable = true;
} else {
Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in BAREOS.\n"));
OK = false;
goto bail_out;
}
}
need_tls = client->tls_enable || client->tls_authenticate;
if ((!client->tls_ca_certfile && !client->tls_ca_certdir) && need_tls) {
Jmsg(NULL, M_FATAL, 0, _("Neither \"TLS CA Certificate\""
" or \"TLS CA Certificate Dir\" are defined for File daemon \"%s\" in %s.\n"),
client->name(), configfile);
OK = false;
goto bail_out;
}
/*
* If everything is well, attempt to initialize our per-resource TLS context
*/
if (OK && (need_tls || client->tls_require)) {
/*
* Initialize TLS context:
* Args: CA certfile, CA certdir, Certfile, Keyfile,
* Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer
*/
client->tls_ctx = new_tls_context(client->tls_ca_certfile,
client->tls_ca_certdir, client->tls_crlfile, client->tls_certfile,
client->tls_keyfile, NULL, NULL, NULL,
true);
if (!client->tls_ctx) {
Jmsg(NULL, M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
client->name(), configfile);
OK = false;
goto bail_out;
}
}
}
