Add 'BackupJobUser' and 'RestoreJobUser' FD directives

diff --git a/bacula/src/filed/filed_conf.c b/bacula/src/filed/filed_conf.c
index f34366a4ad1751da31cb3eff1d5a09d5f1333354..e6ffaef11e14a497fcd0aa5e8c3ba53d22a82fad 100644 (file)
--- a/bacula/src/filed/filed_conf.c
+++ b/bacula/src/filed/filed_conf.c
@@ -158,8 +158,10 @@ static RES_ITEM dir_items[] = {
    {"ReconnectionTime", store_time,ITEM(res_dir.reconnection_time), 0, ITEM_DEFAULT, 60 * 45},
    {"AllowedBackupDirectories",   store_alist_str,     ITEM(res_dir.allowed_backup_dirs), 0, 0, 0},
    {"ExlcudedBackupDirectories",   store_alist_str,     ITEM(res_dir.excluded_backup_dirs), 0, 0, 0},
-   {"AllowedScriptDirectories",   store_alist_str,     ITEM(res_dir.allowed_script_dirs), 0, 0, 0},
+   {"AllowedScriptDirectories",    store_alist_str,     ITEM(res_dir.allowed_script_dirs), 0, 0, 0},
    {"AllowedRestoreDirectories",   store_alist_str,     ITEM(res_dir.allowed_restore_dirs), 0, 0, 0},
+   {"BackupJobUser",               store_str,           ITEM(res_dir.backup_job_user),   0, 0, 0},
+   {"RestoreJobUser",              store_str,           ITEM(res_dir.restore_job_user),   0, 0, 0},
    {NULL, NULL, {0}, 0, 0, 0}
 };
 
@@ -552,6 +554,12 @@ void free_resource(RES *sres, int type)
       if (res->res_dir.allowed_restore_dirs) {
          delete res->res_dir.allowed_restore_dirs;
       }
+      if (res->res_dir.backup_job_user) {
+         free(res->res_dir.backup_job_user);
+      }
+      if (res->res_dir.restore_job_user) {
+         free(res->res_dir.restore_job_user);
+      }
       break;
    case R_CONSOLE:
       if (res->res_cons.dirinfo.password) {

diff --git a/bacula/src/filed/filed_conf.h b/bacula/src/filed/filed_conf.h
index 0a04872f242aa219ede222b4c9262c72109458dc..0322bf19b8d45b30f8eef4e586ef7cceee127d3a 100644 (file)
--- a/bacula/src/filed/filed_conf.h
+++ b/bacula/src/filed/filed_conf.h
@@ -121,6 +121,8 @@ struct DIRRES {
    alist *excluded_backup_dirs;       /* Excluded to-be-backed-up directory list */
    alist *allowed_script_dirs;        /* Allowed directory list to run scripts/programs from */
    alist *allowed_restore_dirs;       /* Allowed directory list to restore to */
+   char *backup_job_user;             /* Backup job will be run as this user if specified */
+   char *restore_job_user;            /* Restore job will be run as this user if specified */
 };
 
 struct CLIENT {

diff --git a/bacula/src/filed/job.c b/bacula/src/filed/job.c
index 1776fd1cbcbc1c58cb230858927cec8cf9d45f3c..0310ed23e7719cff6e84ef0b978696f153f70a94 100644 (file)
--- a/bacula/src/filed/job.c
+++ b/bacula/src/filed/job.c
@@ -2942,6 +2942,12 @@ static int backup_cmd(JCR *jcr)
    dir->fsend(OKbackup);
    Dmsg1(110, "filed>dird: %s", dir->msg);
 
+   /* Change the user if needed */
+   if (!set_job_user(jcr)) {
+      dir->fsend(BADcmd, "backup");
+      goto cleanup;
+   }
+
    /*
     * Send Append Open Session to Storage daemon
     */
@@ -3097,6 +3103,8 @@ static int backup_cmd(JCR *jcr)
    }
 
 cleanup:
+   /* Reset the user if */
+   reset_job_user(jcr);
 #if defined(WIN32_VSS)
    if (jcr->Snapshot) {
       Win32ConvCleanupCache();
@@ -3375,7 +3383,11 @@ static int restore_cmd(JCR *jcr)
    }
 #endif
 
-   set_job_user(jcr);
+   /* Change the user if needed */
+   if (!set_job_user(jcr)) {
+      dir->fsend(BADjob);
+      goto bail_out;
+   }
 
    if (!jcr->is_canceled()) {
       do_restore(jcr);