From: Eric Bollengier <eric@baculasystems.com>
Date: Mon, 20 Mar 2023 16:50:40 +0000 (+0100)
Subject: Add RBCLIENT ACL type to query both RCLIENT and BCLIENT
X-Git-Tag: Release-13.0.3~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53d8fa63db0bb370568e93c2a938ce2c028a8a7e;p=thirdparty%2Fbacula.git

Add RBCLIENT ACL type to query both RCLIENT and BCLIENT
---

diff --git a/bacula/src/cats/bdb.h b/bacula/src/cats/bdb.h
index 03f0cfd13..cfd2a76ed 100644
--- a/bacula/src/cats/bdb.h
+++ b/bacula/src/cats/bdb.h
@@ -39,6 +39,7 @@ typedef enum
    DB_ACL_FILESET,
    DB_ACL_RCLIENT,
    DB_ACL_BCLIENT,
+   DB_ACL_RBCLIENT,
    DB_ACL_PATH,
    DB_ACL_LOG,
    DB_ACL_LAST                  /* Keep last */
@@ -157,7 +158,7 @@ public:
    /* Used during the initialization, the UA code can call this function
     * foreach kind of ACL
     */
-   void  set_acl(JCR *jcr, DB_ACL_t type, alist *l, alist *l2=NULL); 
+   void  set_acl(JCR *jcr, DB_ACL_t type, alist *l, alist *l2=NULL, alist *l3=NULL); 
 
    /* Get the SQL string that corresponds to the Console ACL for Pool, Job,
     * Client, ... 
diff --git a/bacula/src/cats/sql.c b/bacula/src/cats/sql.c
index 558e35d6d..7a1c49e39 100644
--- a/bacula/src/cats/sql.c
+++ b/bacula/src/cats/sql.c
@@ -252,6 +252,9 @@ char *BDB::get_acls(int tables, bool where /* use WHERE or AND */)
    return acl_where;
 }
 
+/* Get the list of the JobId that are accessible for this console
+ * Usually, this function is called in a restore context
+ */
 char *BDB::bdb_get_jobids(const char *jobids, POOLMEM **ret, bool append)
 {
    if (!ret || !*ret) {
@@ -269,10 +272,10 @@ char *BDB::bdb_get_jobids(const char *jobids, POOLMEM **ret, bool append)
    bdb_lock();
    /* Get optional filters for the SQL query */
    const char *where = get_acls(DB_ACL_BIT(DB_ACL_JOB) |
-                                DB_ACL_BIT(DB_ACL_CLIENT) |
+                                DB_ACL_BIT(DB_ACL_RCLIENT) | // Clients where we can restore
                                 DB_ACL_BIT(DB_ACL_FILESET), false);
 
-   const char *join = *where ? get_acl_join_filter(DB_ACL_BIT(DB_ACL_CLIENT)  |
+   const char *join = *where ? get_acl_join_filter(DB_ACL_BIT(DB_ACL_RCLIENT)  |
                                                    DB_ACL_BIT(DB_ACL_FILESET)) : "";
    /* No filters, no need to run the query */
    if (!*where && !*join) {
@@ -314,7 +317,11 @@ char *BDB::get_acl_join_filter(int tables)
       Mmsg(tmp, " JOIN Job USING (JobId) ");
       pm_strcat(acl_join, tmp);
    }
-   if (tables & (DB_ACL_BIT(DB_ACL_CLIENT) | DB_ACL_BIT(DB_ACL_RCLIENT) | DB_ACL_BIT(DB_ACL_BCLIENT))) {
+   if (tables & (DB_ACL_BIT(DB_ACL_CLIENT)  |
+                 DB_ACL_BIT(DB_ACL_RCLIENT) |
+                 DB_ACL_BIT(DB_ACL_BCLIENT) |
+                 DB_ACL_BIT(DB_ACL_RBCLIENT)))
+   {
       Mmsg(tmp, " JOIN Client USING (ClientId) ");
       pm_strcat(acl_join, tmp);
    }
@@ -365,7 +372,7 @@ const char *BDB::get_acl(DB_ACL_t type, bool where /* display WHERE or AND */)
 }
 
 /* Keep UAContext ACLs in our structure for further SQL queries */
-void BDB::set_acl(JCR *jcr, DB_ACL_t type, alist *list, alist *list2)
+void BDB::set_acl(JCR *jcr, DB_ACL_t type, alist *list, alist *list2, alist *list3)
 {
    const char *key=NULL;
    const char *keyid=NULL;
@@ -380,6 +387,11 @@ void BDB::set_acl(JCR *jcr, DB_ACL_t type, alist *list, alist *list2)
       return;
    }
 
+   /* If the list is present, but we authorize everything */
+   if (list3 && list3->size() == 1 && strcasecmp((char*)list3->get(0), "*all*") == 0) {
+      return;
+   }
+
    POOLMEM *tmp = get_pool_memory(PM_FNAME);
    POOLMEM *where = get_pool_memory(PM_FNAME);
 
@@ -394,6 +406,7 @@ void BDB::set_acl(JCR *jcr, DB_ACL_t type, alist *list, alist *list2)
    case DB_ACL_BCLIENT:
    case DB_ACL_CLIENT:
    case DB_ACL_RCLIENT:
+   case DB_ACL_RBCLIENT:
       key = "Client.Name";
       break;
 
@@ -424,6 +437,11 @@ void BDB::set_acl(JCR *jcr, DB_ACL_t type, alist *list, alist *list2)
          merged_list->append(elt);
       }
    }
+   if (list3) {
+      foreach_alist(elt, list3) {
+         merged_list->append(elt);
+      }
+   }
    escape_acl_list(jcr, key, &tmp, merged_list);
    delete merged_list;
 
diff --git a/bacula/src/dird/ua_cmds.c b/bacula/src/dird/ua_cmds.c
index 6feffd20e..8d5c9d638 100644
--- a/bacula/src/dird/ua_cmds.c
+++ b/bacula/src/dird/ua_cmds.c
@@ -3304,6 +3304,11 @@ bool open_db(UAContext *ua)
       ua->db->set_acl(ua->jcr, DB_ACL_BCLIENT,
                       ua->cons->ACL_lists[Client_ACL],
                       ua->cons->ACL_lists[BackupClient_ACL]);
+
+      ua->db->set_acl(ua->jcr, DB_ACL_RBCLIENT,
+                      ua->cons->ACL_lists[Client_ACL],
+                      ua->cons->ACL_lists[BackupClient_ACL],
+                      ua->cons->ACL_lists[RestoreClient_ACL]);
    }
    if (!ua->api) {
       ua->send_msg(_("Using Catalog \"%s\"\n"), ua->catalog->name());