Veritas NetBackup™ DataStore SDK Programmer's Guide for XBSA 1.1.0

Last Published:
Product(s): NetBackup (9.0.0.1, 9.0)
  1. Introduction to NetBackup XBSA
    1.  
      About Introduction to NetBackup XBSA
    2.  
      What is NetBackup XBSA?
    3.  
      What does NetBackup XBSA do?
    4.  
      Terminology
    5.  
      Important concepts
    6.  
      Resources
  2. How to set up the SDK
    1.  
      System requirements
    2. Installing the SDK
      1.  
        Installation requirements
      2.  
        Installation instructions for UNIX platforms
      3.  
        Installation instructions for Windows platforms
    3.  
      Uninstalling the SDK
    4.  
      Configuration
    5.  
      Description of the XBSA SDK package
    6.  
      Library files
    7.  
      Header files
  3. Using the NetBackup XBSA interface
    1.  
      Getting help with the API
    2. NetBackup XBSA data structures
      1.  
        Object data
      2.  
        Object descriptors
      3.  
        Query descriptors
      4. Buffers
        1.  
          Buffer size
        2.  
          Private buffer space
        3.  
          Use of BSA_DataBlock32 in BSASendData()
        4.  
          Use of BSA_DataBlock32 in BSAGetData()
        5.  
          Shared memory
    3. NetBackup XBSA environment
      1.  
        Environment variable definitions
      2.  
        Extended environment variable definitions
    4. XBSA sessions and transactions
      1. Sessions
        1.  
          Initialization and termination
        2.  
          Authentication
      2. Transactions
        1.  
          Backup transaction
        2.  
          Restore transaction
        3.  
          Delete transaction
        4.  
          Query transaction
        5.  
          Media IDs transaction
    5. Creating a NetBackup XBSA application
      1. Initiating a session
        1.  
          Modifying the XBSA environment within a session
        2.  
          Session example
      2. Backup - creating an object
        1.  
          Creating an object
        2.  
          NetBackup object ownership
        3.  
          Creating an empty object
        4.  
          Backup example
      3. Query - finding an object descriptor
        1.  
          Querying for an object
        2.  
          Query example
      4. Restore - retrieving an object's data
        1.  
          Restoring an object
        2.  
          Redirected restore to a different client
        3.  
          Restore example
        4.  
          Multiple object restore
        5.  
          Multiple object restore example
      5. Delete - deleting an object or image
        1.  
          Delete example
      6. Media IDs - obtaining media IDs
        1.  
          Media ID example
      7.  
        Logging and NetBackup
      8.  
        Client in a cluster
      9.  
        Performance considerations
  4. How to build an XBSA application
    1.  
      Getting help
    2.  
      Flags and defines
    3.  
      How to build in debug mode
    4.  
      How to debug the application
    5.  
      Static libraries
    6.  
      Dynamic libraries
    7.  
      End-user configuration
  5. How to run a NetBackup XBSA application
    1. About How to run a NetBackup XBSA application
      1. Creating a NetBackup policy
        1.  
          Selecting a storage unit
        2.  
          Adding new schedules
        3.  
          Adding script files to the files list
        4.  
          Adding new clients
      2.  
        Running a NetBackup XBSA application
      3.  
        Backups and restores initiated by NetBackup (through a script)
      4.  
        Backups and restores from the command line
  6. API reference
    1.  
      Error messages
    2. Function calls
      1.  
        Conventions
    3. Function specifications
      1.  
        BSABeginTxn
      2.  
        BSACreateObject
      3.  
        BSADeleteObject
      4.  
        BSAEndData
      5.  
        BSAEndTxn
      6.  
        BSAGetData
      7.  
        BSAGetEnvironment
      8.  
        BSAGetLastError
      9.  
        BSAGetNextQueryObject
      10.  
        BSAGetObject
      11.  
        BSAInit
      12.  
        BSAQueryApiVersion
      13.  
        BSAQueryObject
      14.  
        BSAQueryServiceProvider
      15.  
        BSASendData
      16.  
        BSATerminate
      17.  
        NBBSAAddToMultiObjectRestoreList
      18.  
        NBBSADeleteImage
      19.  
        NBBSAEndGetMultipleObjects
      20.  
        NBBSAFreeJobInfo
      21.  
        NBBSAGetEnv
      22.  
        NBBSAGetErrorString
      23.  
        NBBSAGetJobId
      24.  
        NBBSAGetJobInfo
      25.  
        NBBSAGetMediaIds
      26.  
        NBBSAGetMultipleObjects
      27.  
        NBBSAGetServerError
      28.  
        NBBSALogMsg
      29.  
        NBBSASetEnv
      30.  
        NBBSAUpdateEnv
      31.  
        NBBSAValidateFeatureId
    4. Type definitions
      1. Enumerated types
        1.  
          BSA_CopyType
        2.  
          BSA_ObjectStatus
        3.  
          BSA_ObjectType
        4.  
          BSA_Vote
        5.  
          Constant values
      2. Data structures
        1.  
          BSA_ApiVersion
        2.  
          BSA_DataBlock32
        3.  
          BSA_ObjectDescriptor
        4.  
          BSA_ObjectName
        5.  
          BSA_ObjectOwner
        6.  
          BSA_QueryDescriptor
        7.  
          BSA_SecurityToken
  7. Process flow and troubleshooting
    1.  
      About Process flow and troubleshooting
    2. Backup
      1. Stream backup process flow description
        1.  
          Stream backup procedure
    3. Restore
      1. Stream restore process flow description
        1.  
          Stream restore procedure
  8. How to use the sample files
    1. What the sample files do
      1. Sample programs
        1.  
          Backup
        2.  
          Restore
        3.  
          Query
        4.  
          Delete
      2.  
        Sample scripts
    2.  
      Description of sample files
    3.  
      How to build the sample programs
  9. Support and updates
    1.  
      About Support and updates
  10. Appendix A. Register authorized locations
    1.  
      Registering authorized locations used by a NetBackup database script-based policy
  11.  
    Index

NetBackup object ownership

Default behavior

When the NetBackup XBSA interface is used to create an object, by default the owner of the object is the logon user of the process that created the object. The default group of the object is also the logon user, not the primary group of the logon user, but the exact same name as the logon user name. The permissions of the file are set to 600, or 'rw- - - - - - -', which is read/write for owner and no access permissions for anyone else. This requires that the user restoring an object be an administrator or the same user that created the object. The XBSA objectOwner fields are saved in the NetBackup catalog with the object, but they are kept as attributes of the object and are not used for security purposes.

Ownership options

Using the XBSA environmental variables NBBSA_USE_OBJECT_OWNER, NBBSA_USE_OBJECT_GROUP, NBBSA_OBJECT_OWNER, and NBBSA_GROUP_OWNER, an agent can change the default owner. These variables allow the XBSA agent to be able to specify who owns the objects.

Note:

Specifying object ownership only works when creating objects using BSACreateObject(). Accessing the objects by BSAQueryObject() and BSAGetObject() is dependent on the logon process having permissions to access the objects. So if user_Y creates an object with an object owner of user_X, then user_X or an administrator (root) can access and restore the object, but user_Y cannot.

Object owner

To specify the owner of an object, the XBSA environment variable NBBSA_USE_OBJECT_OWNER needs to be set. There are four values that this variable can be set to. These values are defined in nbbsa.h.

/*
 * XBSA values to use to define how to specify NetBackup object ownership
 */
#define VxLOGIN_USER  0 /* Default, owner/group field is set to the logon user */
#define VxLOGIN_GROUP 1 /* group field is set to the primary group of the logon user */ 
#define VxBSA_OWNER   2 /* owner/group field is set to                                \
objectDescriptor->objectOwner.bsa_ObjectOwner  */
#define VxAPP_OWNER   3 /* owner/group field is set to                                \ 
objectDescriptor->objectOwner.app_ObjectOwner  */
#define VxENV_OWNER   4 /* owner/group field is set to value of                       \
NBBSA_OBJECT_OWNER/NBBSA_OBJECT_GROUP */

VxLOGIN_USER is the default behavior that you would get if the NBBSA_USE_OBJECT_OWNER variable wasn't set.

VxLOGIN_GROUP does not apply to object ownership.

VxBSA_OWNER sets the object owner to the value stored in the objectDescriptor field objectOwner.bsa_ObjectOwner. The value in the bsa_ObjectOwner field must be a valid user name without any spaces in the name. The value in objectOwner.bsa_ObjectOwner is still stored as an attribute of the object and a query must correctly specify this field in the query descriptor to successfully find the object.

VxAPP_OWNER sets the object owner to the value stored in the objectDescriptor field objectOwner.app_ObjectOwner. The value in the app_ObjectOwner field must be a valid user name without any spaces in the name. The value in objectOwner.app_ObjectOwner is still stored as an attribute of the object and a query needs to correctly specify this field in the query descriptor to successfully find the object.

VxENV_OWNER sets the object owner to the value of the XBSA environmental variable NBBSA_OBJECT_OWNER. The value stored in the NBBSA_OBJECT_OWNER must be a valid user name without any spaces in the name.

The variables NBBSA_USE_OBJECT_OWNER and NBBSA_OBJECT_OWNER can be changed within a transaction so that an XBSA agent can set different ownerships of each object in a transaction.

Object group

An XBSA agent can also change the group ownership of an object. When the group ownership is set by one of these options, other than the default, the permissions on the object are set to 660, or 'rw - rw- - - -', which is read/write for owner and group. This allows any user in the specified group to access and restore the object.

To specify the group of an object, the XBSA environment variable NBBSA_USE_OBJECT_GROUP needs to be set. There are five values that this variable can be set to. These values are defined in nbbsa.h.

/*
 * XBSA values to use to define how to specify NetBackup object ownership 
 */
#define VxLOGIN_USER 0 /* Default, owner/group field is set to the logon user  */
#define VxLOGIN_GROUP 1 /* group field is set to the primary group of the logon user */ 
#define VxBSA_OWNER 2 /* owner/group field is set to                                  \ 
objectDescriptor->objectOwner.bsa_ObjectOwner  */ 
#define VxAPP_OWNER 3 /* owner/group field is set to                                  \ 
objectDescriptor->objectOwner.app_ObjectOwner  */ 
#define VxENV_OWNER 4 /* owner/group field is set to value of                         \ 
NBBSA_OBJECT_OWNER/NBBSA_OBJECT_GROUP */

VxLOGIN_USER is the default behavior that you would get if the NBBSA_USE_OBJECT_GROUP variable was not set. The group name is the same name as the owner field, whether that is the logon user or a user name defined by one of the other options, and the permissions of the object will be 600, owner read/write only.

VxLOGIN_GROUP sets the group field to the primary group of the logon user.

VxBSA_OWNER sets the object group to the value stored in the objectDescriptor field objectOwner.bsa_ObjectOwner. The value in the bsa_ObjectOwner field must be a valid user name without any spaces in the name. The value in objectOwner.bsa_ObjectOwner still is stored as an attribute of the object and a query must correctly specify this field in the query descriptor to successfully find the object.

VxAPP_OWNER sets the object group to the value stored in the objectDescriptor field objectOwner.app_ObjectOwner. The value in the app_ObjectOwner field must be a valid user name without any spaces in the name. The value in objectOwner.app_ObjectOwner is still stored as an attribute of the object and a query must correctly specify this field in the query descriptor to successfully find the object.

VxENV_OWNER sets the object group to the value of the XBSA environmental variable NBBSA_OBJECT_GROUP. The value stored in the NBBSA_OBJECT_GROUP must be a valid user name without any spaces in the name.

The variables NBBSA_USE_OBJECT_GROUP and NBBSA_OBJECT_GROUP can be changed within a transaction so that an XBSA agent can set different group ownerships of each object in a transaction.