From: Eric Bollengier <eric@baculasystems.com>
Date: Thu, 24 Mar 2022 11:05:32 +0000 (+0100)
Subject: Fix ACL checking in .bvfs_get_jobids
X-Git-Tag: Release-11.3.2~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f43947e8448c8522ec8abcbd597e58ec1aee886f;p=thirdparty%2Fbacula.git

Fix ACL checking in .bvfs_get_jobids
---

diff --git a/bacula/src/dird/ua_dotcmds.c b/bacula/src/dird/ua_dotcmds.c
index 19fbfce13..8e1744eb9 100644
--- a/bacula/src/dird/ua_dotcmds.c
+++ b/bacula/src/dird/ua_dotcmds.c
@@ -1480,6 +1480,34 @@ static bool dot_bvfs_get_jobids(UAContext *ua, const char *cmd)
       return true;
    }
 
+   if (!acl_access_ok(ua, Job_ACL, jr.Name)) {
+      return true;
+   }
+
+   if (have_restricted_acl(ua, Client_ACL)) {
+      CLIENT_DBR cr;
+      cr.ClientId = jr.ClientId;
+      if (!db_get_client_record(ua->jcr, ua->db, &cr)) {
+         Dmsg1(10,_("Unable to get client record for job %d\n"), jr.JobId);
+         return true;
+      }
+      if (!acl_access_ok(ua, Client_ACL, cr.Name)) {
+         Dmsg1(10,_("Access to ClientId=%d not authorized.\n"), jr.ClientId);
+         return true;
+      }
+   }
+   if (have_restricted_acl(ua, Pool_ACL)) {
+      POOL_DBR pr;
+      pr.PoolId = jr.PoolId;
+      if (!db_get_pool_record(ua->jcr, ua->db, &pr)) {
+         Dmsg1(10,_("Unable to get pool record for job %d\n"), jr.JobId);
+         return true;
+      }
+      if (!acl_access_ok(ua, Pool_ACL, pr.Name)) {
+         Dmsg1(10,_("Access to PoolId=%d not authorized.\n"), jr.PoolId);
+         return true;
+      }
+   }
    /* Display only the requested jobid or
     * When in level base, we don't rely on any Full/Incr/Diff
     */