From: Michal Rakowski Date: Wed, 20 Oct 2021 21:22:14 +0000 (+0200) Subject: Add ExcludedBackupDirectories FD directive X-Git-Tag: Beta-15.0.0~809 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ea2d8c0277f1892f217ee0ec68e81192a40ebde2;p=thirdparty%2Fbacula.git Add ExcludedBackupDirectories FD directive --- diff --git a/bacula/src/filed/filed_conf.c b/bacula/src/filed/filed_conf.c index 24e2e7fd4..01583ea28 100644 --- a/bacula/src/filed/filed_conf.c +++ b/bacula/src/filed/filed_conf.c @@ -157,6 +157,8 @@ static RES_ITEM dir_items[] = { {"Schedule", store_res, ITEM(res_dir.schedule), R_SCHEDULE, 0, 0}, {"ReconnectionTime", store_time,ITEM(res_dir.reconnection_time), 0, ITEM_DEFAULT, 60 * 45}, {"AllowedBackupDirectories", store_alist_str, ITEM(res_dir.allowed_backup_dirs), 0, 0, 0}, + {"ExlcudedBackupDirectories", store_alist_str, ITEM(res_dir.excluded_backup_dirs), 0, 0, 0}, + {"AllowedScriptDirectories", store_alist_str, ITEM(res_dir.allowed_script_dirs), 0, 0, 0}, {NULL, NULL, {0}, 0, 0, 0} }; @@ -540,6 +542,12 @@ void free_resource(RES *sres, int type) if (res->res_dir.allowed_backup_dirs) { delete res->res_dir.allowed_backup_dirs; } + if (res->res_dir.excluded_backup_dirs) { + delete res->res_dir.excluded_backup_dirs; + } + if (res->res_dir.allowed_script_dirs) { + delete res->res_dir.allowed_script_dirs; + } break; case R_CONSOLE: if (res->res_cons.dirinfo.password) { @@ -781,6 +789,8 @@ bool save_resource(CONFIG *config, int type, RES_ITEM *items, int pass) res->res_dir.dirinfo.tls_allowed_cns = res_all.res_dir.dirinfo.tls_allowed_cns; res->res_dir.disable_cmds = res_all.res_dir.disable_cmds; res->res_dir.allowed_backup_dirs = res_all.res_dir.allowed_backup_dirs; + res->res_dir.excluded_backup_dirs = res_all.res_dir.excluded_backup_dirs; + res->res_dir.allowed_script_dirs = res_all.res_dir.allowed_script_dirs; res->res_dir.console = res_all.res_dir.console; res->res_dir.schedule = res_all.res_dir.schedule; break; diff --git a/bacula/src/filed/filed_conf.h b/bacula/src/filed/filed_conf.h index b1b8c7d84..413d37abf 100644 --- a/bacula/src/filed/filed_conf.h +++ b/bacula/src/filed/filed_conf.h @@ -118,6 +118,8 @@ struct DIRRES { SCHEDRES *schedule; /* Know when to connect the Director */ int reconnection_time; /* Reconnect after a given time */ alist *allowed_backup_dirs; /* Allowed to-be-backed-up directory list */ + alist *excluded_backup_dirs; /* Excluded to-be-backed-up directory list */ + alist *allowed_script_dirs; /* Allowed directory list to run scripts/programs from */ }; struct CLIENT { diff --git a/bacula/src/filed/job.c b/bacula/src/filed/job.c index fcbe3ab07..13f5dc3fe 100644 --- a/bacula/src/filed/job.c +++ b/bacula/src/filed/job.c @@ -288,41 +288,26 @@ JCR *new_fd_jcr() return jcr; } -static bool setup_allowed_dirs(FF_PKT *ff, alist *directories) -{ - bool ret = true; - char *dir; - - if (!ff->allowed_backup_dirs) { - ff->allowed_backup_dirs = New(alist(10, owned_by_alist)); - } - - POOL_MEM rpath(PM_FNAME); - rpath.check_size(PATH_MAX); - - foreach_alist(dir, directories) { - /* Add resolved directory path to the find packet list */ - ff->allowed_backup_dirs->append(bstrdup(dir)); - } - - return ret; -} -/* Setup Director-related find files packet fileds. - * Currently supported directive: +/* Setup Director-related find files packet fileds, + * it allows to check against allowed directories inside + * lib/find.c methods. + * + * Currently supported directives: * - Allowed Backup Directories + * - Excluded Backup Directories * - * TODO: add Exlude Directories */ static bool setup_find_files(JCR *jcr, DIRRES *director) { FF_PKT *ff = jcr->ff; if (director->allowed_backup_dirs) { - if (!setup_allowed_dirs(ff, director->allowed_backup_dirs)) { - Jmsg0(jcr, M_WARNING, 0, _("Unable to resolve some of the Allowed Directories.\n")); - return false; - } + ff->allowed_backup_dirs = director->allowed_backup_dirs; + } + + if (director->excluded_backup_dirs) { + ff->excluded_backup_dirs = director->excluded_backup_dirs; } return true; diff --git a/bacula/src/findlib/find.c b/bacula/src/findlib/find.c index b60993dd1..ce13b1b1c 100644 --- a/bacula/src/findlib/find.c +++ b/bacula/src/findlib/find.c @@ -265,7 +265,7 @@ bool is_in_fileset(FF_PKT *ff) } /** - * Check if the file being processed is inside allowed directories or not. + * Check if the file being processed is allowed to backup or not. * * Returns: true if OK to backup * false to ignore file/directory @@ -275,7 +275,18 @@ static int check_allowed_dirs(JCR *jcr, FF_PKT *ff_pkt) bool ret = true; char *dir, *pp; - if (ff_pkt->allowed_backup_dirs) { + /* Check if file is not excluded at all */ + if (ff_pkt->excluded_backup_dirs) { + foreach_alist(dir, ff_pkt->excluded_backup_dirs) { + if ((pp = b_path_match(ff_pkt->fname, dir)) == ff_pkt->fname) { + ret = false; + break; + } + } + } + + /* If not excluded, then check if it's inside of allowed directories */ + if (ret && ff_pkt->allowed_backup_dirs) { foreach_alist(dir, ff_pkt->allowed_backup_dirs) { /* The b_path_match check can be done twice here: * For the 1st time we check if current file path contains exactly the allowed dir - if it does @@ -557,9 +568,6 @@ term_find_files(FF_PKT *ff) if (ff->mtab_list) { delete ff->mtab_list; } - if (ff->allowed_backup_dirs) { - delete ff->allowed_backup_dirs; - } hard_links = term_find_one(ff); free(ff); return hard_links; diff --git a/bacula/src/findlib/find.h b/bacula/src/findlib/find.h index fba8c9fe1..4cfcc51fe 100644 --- a/bacula/src/findlib/find.h +++ b/bacula/src/findlib/find.h @@ -161,6 +161,7 @@ struct FF_PKT { POOLMEM *link_save; /* save when stripping path */ POOLMEM *ignoredir_fname; /* used to ignore directories */ alist *allowed_backup_dirs; /* List of allowed directories with absolute paths */ + alist *excluded_backup_dirs; /* List of excluded directories with absolute paths */ char *digest; /* set to file digest when the file is a hardlink */ struct stat statp; /* stat packet */ bool stat_update; /* Only file's metada needds to be updated */