From 6a21a06452dd04b7bd220a47776637cf665ebc5b Mon Sep 17 00:00:00 2001
From: Lukas Nykryn <lnykryn@redhat.com>
Date: Sep 18 2012 08:06:25 +0000
Subject: Make dump_resource respect console ACL's  (#857958)


---

diff --git a/bacula-2.4.4-acl.patch b/bacula-2.4.4-acl.patch
new file mode 100644
index 0000000..0cd16b3
--- /dev/null
+++ b/bacula-2.4.4-acl.patch
@@ -0,0 +1,107 @@
+--- bacula-2.4.4/bacula-2.4.4/src/dird/dird_conf.c.acl	2008-06-19 21:44:34.000000000 +0200
++++ bacula-2.4.4/bacula-2.4.4/src/dird/dird_conf.c	2012-09-18 09:19:11.494059583 +0200
+@@ -506,6 +506,7 @@
+    bool recurse = true;
+    char ed1[100], ed2[100], ed3[100];
+    DEVICE *dev;
++   UAContext *ua = (UAContext *)sock;
+ 
+    if (res == NULL) {
+       sendit(sock, _("No %s resource defined\n"), res_to_str(type));
+@@ -551,6 +552,9 @@
+       break;
+ 
+    case R_CLIENT:
++      if (!acl_access_ok(ua, Client_ACL, res->res_client.hdr.name)) {
++         break;
++      }
+       sendit(sock, _("Client: name=%s address=%s FDport=%d MaxJobs=%u\n"),
+          res->res_client.hdr.name, res->res_client.address, res->res_client.FDport,
+          res->res_client.MaxConcurrentJobs);
+@@ -578,6 +582,9 @@
+       break;
+ 
+    case R_STORAGE:
++      if (!acl_access_ok(ua, Storage_ACL, res->res_store.hdr.name)) {
++         break;
++      }
+       sendit(sock, _("Storage: name=%s address=%s SDport=%d MaxJobs=%u\n"
+ "      DeviceName=%s MediaType=%s StorageId=%s\n"),
+          res->res_store.hdr.name, res->res_store.address, res->res_store.SDport,
+@@ -588,6 +595,9 @@
+       break;
+ 
+    case R_CATALOG:
++      if (!acl_access_ok(ua, Catalog_ACL, res->res_cat.hdr.name)) {
++         break;
++      }
+       sendit(sock, _("Catalog: name=%s address=%s DBport=%d db_name=%s\n"
+ "      db_user=%s MutliDBConn=%d\n"),
+          res->res_cat.hdr.name, NPRT(res->res_cat.db_address),
+@@ -597,6 +607,9 @@
+ 
+    case R_JOB:
+    case R_JOBDEFS:
++      if (!acl_access_ok(ua, Job_ACL, res->res_job.hdr.name)) {
++         break;
++      }
+       sendit(sock, _("%s: name=%s JobType=%d level=%s Priority=%d Enabled=%d\n"),
+          type == R_JOB ? _("Job") : _("JobDefs"),
+          res->res_job.hdr.name, res->res_job.JobType,
+@@ -691,6 +704,9 @@
+    case R_FILESET:
+    {
+       int i, j, k;
++      if (!acl_access_ok(ua, FileSet_ACL, res->res_fs.hdr.name)) {
++         break;
++      }
+       sendit(sock, _("FileSet: name=%s\n"), res->res_fs.hdr.name);
+       for (i=0; i<res->res_fs.num_includes; i++) {
+          INCEXE *incexe = res->res_fs.include_items[i];
+@@ -765,6 +781,9 @@
+    }
+ 
+    case R_SCHEDULE:
++      if (!acl_access_ok(ua, Schedule_ACL, res->res_sch.hdr.name)) {
++         break;
++      }
+       if (res->res_sch.run) {
+          int i;
+          RUN *run = res->res_sch.run;
+@@ -853,6 +872,9 @@
+       break;
+ 
+    case R_POOL:
++      if (!acl_access_ok(ua, Pool_ACL, res->res_pool.hdr.name)) {
++         break;
++      }
+       sendit(sock, _("Pool: name=%s PoolType=%s\n"), res->res_pool.hdr.name,
+               res->res_pool.pool_type);
+       sendit(sock, _("      use_cat=%d use_once=%d cat_files=%d\n"),
+--- bacula-2.4.4/bacula-2.4.4/src/tools/Makefile.in.old	2012-09-18 10:01:51.181059093 +0200
++++ bacula-2.4.4/bacula-2.4.4/src/tools/Makefile.in	2012-09-18 10:03:00.118197261 +0200
+@@ -27,12 +27,12 @@
+ 
+ GETTEXT_LIBS = @LIBINTL@
+ 
+-FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/run_conf.o
++FINDOBJS = testfind.o ../dird/dird_conf.o ../dird/inc_conf.o ../dird/ua_acl.o ../dird/run_conf.o
+ 
+ # these are the objects that are changed by the .configure process
+ EXTRAOBJS = @OBJLIST@
+ 
+-DIRCONFOBJS = ../dird/dird_conf.o ../dird/run_conf.o ../dird/inc_conf.o
++DIRCONFOBJS = ../dird/dird_conf.o ../dird/ua_acl.o ../dird/run_conf.o ../dird/inc_conf.o
+ 
+ NODIRTOOLS = bsmtp
+ DIRTOOLS = bsmtp dbcheck drivetype fstype testfind testls bregex bwild bbatch bregtest
+@@ -74,6 +74,9 @@
+ dird_conf.o: ../dird/dird_conf.c
+ 	$(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<
+ 
++ua_acl.o: ../dird/ua_acl.c
++	$(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<
++
+ run_conf.o: ../dird/run_conf.c
+ 	$(CXX) $(DEFS) $(DEBUG) -c $(CPPFLAGS) $(PYTHON_INC) -I$(srcdir) -I$(basedir) $(DINCLUDE) $(CFLAGS) $<
+ 
diff --git a/bacula.spec b/bacula.spec
index 98760a1..e03a139 100644
--- a/bacula.spec
+++ b/bacula.spec
@@ -3,7 +3,7 @@
 Summary:        Cross platform network backup for Linux, Unix, Mac and Windows
 Name:           bacula
 Version:        2.4.4
-Release:        10%{?dist}
+Release:        11%{?dist}
 License:        GPL
 Group:          System Environment/Daemons
 URL:            http://www.%{name}.org
@@ -24,6 +24,7 @@ Patch2:         %{name}-2.4.4-fix-logwatch.patch
 Patch3:         %{name}-2.4.4-pamd.patch
 Patch4:         %{name}-2.4.4-make_catalog_backup.patch
 Patch5:         %{name}-2.4.4-gtk-labels.patch
+Patch6:		%{name}-2.4.4-acl.patch
 
 BuildRequires:  atk-devel
 BuildRequires:  bonobo-activation-devel
@@ -312,6 +313,7 @@ pushd %{name}-%{version}
 %patch3 -p1 -b .pamd
 %patch4 -p1 -b .make_catalog_backup
 %patch5 -p1 -b .gtk-labels
+%patch6 -p2 -b .acl
 
 # Remove execution permissions from files we're packaging as docs later on
 find updatedb -type f | xargs chmod -x
@@ -969,6 +971,9 @@ fi
 
 
 %changelog
+* Tue Sep 18 2012 Lukáš Nykrýn <lnykryn@redhat.com> - 2.4.4-11
+- Make dump_resource respect console ACL's  (#857958)
+
 * Fri Aug 10 2012 Simone Caronni <negativo17@gmail.com> 2.4.4-10
 - Removed editing of the config file, leave as comments for reference.
   (https://bugzilla.redhat.com/show_bug.cgi?id=456612#c11)