1 /* 2 Bacula(R) - The Network Backup Solution 3 4 Copyright (C) 2000-2020 Kern Sibbald 5 6 The original author of Bacula is Kern Sibbald, with contributions 7 from many others, a complete list can be found in the file AUTHORS. 8 9 You may use this file and others of this release according to the 10 license defined in the LICENSE file, which includes the Affero General 11 Public License, v3.0 ("AGPLv3") and some additional permissions and 12 terms pursuant to its AGPLv3 Section 7. 13 14 This notice must be preserved when any source code is 15 conveyed and/or propagated. 16 17 Bacula(R) is a registered trademark of Kern Sibbald. 18 */ 19 /* 20 * Bacula File Daemon specific configuration 21 * 22 * Kern Sibbald, Sep MM 23 */ 24 25 /* 26 * Resource codes -- they must be sequential for indexing 27 * TODO: Check if we can change R_codes to enum like for other daemons. 28 */ 29 #define R_FIRST 1001 30 31 #define R_DIRECTOR 1001 32 #define R_CLIENT 1002 33 #define R_MSGS 1003 34 #define R_CONSOLE 1004 35 #define R_COLLECTOR 1005 36 37 #define R_LAST R_COLLECTOR 38 39 /* 40 * Some resource attributes 41 */ 42 #define R_NAME 1020 43 #define R_ADDRESS 1021 44 #define R_PASSWORD 1022 45 #define R_TYPE 1023 46 47 /* Cipher/Digest keyword structure */ 48 struct s_ct { 49 const char *type_name; 50 int32_t type_value; 51 }; 52 53 /* Definition of the contents of each Resource */ 54 struct CONSRES { 55 RES hdr; 56 char *password; /* Director password */ 57 char *address; /* Director address or zero */ 58 int heartbeat_interval; 59 int comm_compression; 60 int32_t DIRport; 61 bool tls_authenticate; /* Authenticate with TSL */ 62 bool tls_enable; /* Enable TLS */ 63 bool tls_require; /* Require TLS */ 64 bool tls_verify_peer; /* TLS Verify Client Certificate */ 65 char *tls_ca_certfile; /* TLS CA Certificate File */ 66 char *tls_ca_certdir; /* TLS CA Certificate Directory */ 67 char *tls_certfile; /* TLS Server Certificate File */ 68 char *tls_keyfile; /* TLS Server Key File */ 69 char *tls_dhfile; /* TLS Diffie-Hellman Parameters */ 70 alist *tls_allowed_cns; /* TLS Allowed Clients */ 71 TLS_CONTEXT *tls_ctx; /* Shared TLS Context */ 72 }; 73 74 /* Definition of the contents of each Resource */ 75 struct DIRRES { 76 RES hdr; 77 char *password; /* Director password */ 78 char *address; /* Director address or zero */ 79 bool monitor; /* Have only access to status and .status functions */ 80 bool remote; /* Remote console, can run and control jobs */ 81 bool tls_authenticate; /* Authenticate with TSL */ 82 bool tls_enable; /* Enable TLS */ 83 bool tls_require; /* Require TLS */ 84 bool tls_verify_peer; /* TLS Verify Client Certificate */ 85 char *tls_ca_certfile; /* TLS CA Certificate File */ 86 char *tls_ca_certdir; /* TLS CA Certificate Directory */ 87 char *tls_certfile; /* TLS Server Certificate File */ 88 char *tls_keyfile; /* TLS Server Key File */ 89 char *tls_dhfile; /* TLS Diffie-Hellman Parameters */ 90 alist *tls_allowed_cns; /* TLS Allowed Clients */ 91 uint64_t max_bandwidth_per_job; /* Bandwidth limitation (per director) */ 92 TLS_CONTEXT *tls_ctx; /* Shared TLS Context */ 93 alist *disable_cmds; /* Commands to disable */ 94 bool *disabled_cmds_array; /* Disabled commands array */ 95 CONSRES *console; 96 }; 97 98 struct CLIENT { 99 RES hdr; 100 dlist *FDaddrs; 101 dlist *FDsrc_addr; /* address to source connections from */ 102 char *working_directory; 103 char *pid_directory; 104 char *subsys_directory; 105 char *plugin_directory; /* Plugin directory */ 106 char *scripts_directory; 107 char *snapshot_command; 108 MSGS *messages; /* daemon message handler */ 109 uint32_t MaxConcurrentJobs; 110 utime_t SDConnectTimeout; /* timeout in seconds */ 111 utime_t heartbeat_interval; /* Interval to send heartbeats */ 112 uint32_t max_network_buffer_size; /* max network buf size */ 113 bool comm_compression; /* Enable comm line compression */ 114 bool pki_sign; /* Enable Data Integrity Verification via Digital Signatures */ 115 bool pki_encrypt; /* Enable Data Encryption */ 116 char *pki_keypair_file; /* PKI Key Pair File */ 117 alist *pki_signing_key_files; /* PKI Signing Key Files */ 118 alist *pki_master_key_files; /* PKI Master Key Files */ 119 uint32_t pki_cipher; /* PKI Cipher type */ 120 uint32_t pki_digest; /* PKI Digest type */ 121 bool tls_authenticate; /* Authenticate with TLS */ 122 bool tls_enable; /* Enable TLS */ 123 bool tls_require; /* Require TLS */ 124 char *tls_ca_certfile; /* TLS CA Certificate File */ 125 char *tls_ca_certdir; /* TLS CA Certificate Directory */ 126 char *tls_certfile; /* TLS Client Certificate File */ 127 char *tls_keyfile; /* TLS Client Key File */ 128 129 X509_KEYPAIR *pki_keypair; /* Shared PKI Public/Private Keypair */ 130 alist *pki_signers; /* Shared PKI Trusted Signers */ 131 alist *pki_recipients; /* Shared PKI Recipients */ 132 TLS_CONTEXT *tls_ctx; /* Shared TLS Context */ 133 char *verid; /* Custom Id to print in version command */ 134 uint64_t max_bandwidth_per_job; /* Bandwidth limitation (global) */ 135 alist *disable_cmds; /* Commands to disable */ 136 bool *disabled_cmds_array; /* Disabled commands array */ 137 }; 138 139 140 141 /* Define the Union of all the above 142 * resource structure definitions. 143 */ 144 union URES { 145 DIRRES res_dir; 146 CLIENT res_client; 147 MSGS res_msgs; 148 CONSRES res_cons; 149 RES hdr; 150 COLLECTOR res_collector; 151 }; 152