#include "diskfile.h"
#include "arglist.h"
#include "clock.h"
+#include "match.h"
#include "amindex.h"
#include "disk_history.h"
#include "list_dir.h"
}
+static gboolean
+is_disk_allowed(
+ disk_t *disk)
+{
+ dumptype_t *dt = disk->config;
+ recovery_limit_t *rl = NULL;
+ char *peer;
+ char *dle_hostname;
+ GSList *iter;
+
+ /* get the config: either for the DLE or the global config */
+ if (dt) {
+ if (dumptype_seen(dt, DUMPTYPE_RECOVERY_LIMIT)) {
+ g_debug("using recovery limit from DLE");
+ rl = dumptype_get_recovery_limit(dt);
+ }
+ }
+ if (!rl) {
+ if (getconf_seen(CNF_RECOVERY_LIMIT)) {
+ g_debug("using global recovery limit");
+ rl = getconf_recovery_limit(CNF_RECOVERY_LIMIT);
+ }
+ }
+ if (!rl) {
+ g_debug("no recovery limit found; allowing access");
+ return TRUE;
+ }
+
+ peer = getenv("AMANDA_AUTHENTICATED_PEER");
+ if (!peer || !*peer) {
+ g_warning("DLE has a recovery-limit, but no authenticated peer name is "
+ "available; rejecting");
+ return FALSE;
+ }
+
+ /* check same-host */
+ dle_hostname = disk->host? disk->host->hostname : NULL;
+ if (rl->same_host && dle_hostname) {
+ if (0 == g_ascii_strcasecmp(peer, dle_hostname)) {
+ g_debug("peer matched same-host ('%s')", dle_hostname);
+ return TRUE;
+ }
+ }
+
+ /* check the match list */
+ for (iter = rl->match_pats; iter; iter = iter->next) {
+ char *pat = iter->data;
+ if (match_host(pat, peer))
+ return TRUE;
+ }
+
+ g_warning("peer '%s' does not match any of the recovery-limit restrictions; rejecting",
+ peer);
+
+ return FALSE;
+}
+
static int
is_disk_valid(
char *disk)
return -1;
}
- /* check that the config actually handles that disk */
+ /* check that the config actually handles that disk, and that recovery-limit allows it */
idisk = lookup_disk(dump_hostname, disk);
- if(idisk == NULL) {
+ if(idisk == NULL || !is_disk_allowed(idisk)) {
qdisk = quote_string(disk);
- reply(501, _("Disk %s:%s is not in your disklist."), dump_hostname, qdisk);
+ reply(501, _("Disk %s:%s is not in the server's disklist."), dump_hostname, qdisk);
amfree(qdisk);
return -1;
}
am_feature_e marshall_feature,
int recursive)
{
- char date[20];
- char *tapelist_str;
+ char date[20];
+ char *tapelist_str;
+ char *qtapelist_str;
char *qpath;
if (am_has_feature(their_features, marshall_feature)) {
tapelist_str = dir_item->dump->tapes->label;
}
+ if (am_has_feature(their_features, fe_amindexd_quote_label)) {
+ qtapelist_str = quote_string(tapelist_str);
+ } else {
+ qtapelist_str = stralloc(tapelist_str);
+ }
strncpy(date, dir_item->dump->date, 20);
date[19] = '\0';
if(!am_has_feature(their_features,fe_amrecover_timestamp))
fast_lreply(201, " %s %d %s %lld %s",
date,
dir_item->dump->level,
- tapelist_str,
+ qtapelist_str,
(long long)dir_item->dump->file,
qpath);
}
fast_lreply(201, " %s %d %s %s",
date, dir_item->dump->level,
- tapelist_str, qpath);
+ qtapelist_str, qpath);
}
amfree(qpath);
if(am_has_feature(their_features, marshall_feature)) {
amfree(tapelist_str);
}
+ amfree(qtapelist_str);
}
/*
projects / debian / amanda / blobdiff