2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of John Walker.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon backup.c send file attributes and data
30 * to the Storage daemon.
32 * Kern Sibbald, March MM
41 /* Forward referenced functions */
42 int save_file(JCR *jcr, FF_PKT *ff_pkt, bool top_level);
43 static int plugin_save(JCR *jcr, FF_PKT *ff_pkt, bool top_level);
44 static void strip_path(FF_PKT *ff_pkt);
45 static void unstrip_path(FF_PKT *ff_pkt);
46 static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *signature_digest);
47 static bool encode_and_send_attributes(JCR *jcr, FF_PKT *ff_pkt, int &data_stream);
48 static bool read_and_send_acl(JCR *jcr, int acltype, int stream);
49 static bool crypto_session_start(JCR *jcr);
50 static void crypto_session_end(JCR *jcr);
51 static bool crypto_session_send(JCR *jcr, BSOCK *sd);
54 * Find all the requested files and send them
55 * to the Storage daemon.
57 * Note, we normally carry on a one-way
58 * conversation from this point on with the SD, simply blasting
59 * data to him. To properly know what is going on, we
60 * also run a "heartbeat" monitor which reads the socket and
61 * reacts accordingly (at the moment it has nothing to do
62 * except echo the heartbeat to the Director).
65 bool blast_data_to_storage_daemon(JCR *jcr, char *addr)
69 // TODO landonf: Allow user to specify encryption algorithm
71 sd = jcr->store_bsock;
73 set_jcr_job_status(jcr, JS_Running);
75 Dmsg1(300, "bfiled: opened data connection %d to stored\n", sd->m_fd);
78 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
82 buf_size = client->max_network_buffer_size;
84 buf_size = 0; /* use default */
86 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
87 set_jcr_job_status(jcr, JS_ErrorTerminated);
88 Jmsg(jcr, M_FATAL, 0, _("Cannot set buffer size FD->SD.\n"));
92 jcr->buf_size = sd->msglen;
93 /* Adjust for compression so that output buffer is
94 * 12 bytes + 0.1% larger than input buffer plus 18 bytes.
95 * This gives a bit extra plus room for the sparse addr if any.
96 * Note, we adjust the read size to be smaller so that the
97 * same output buffer can be used without growing it.
99 * The zlib compression workset is initialized here to minimise
100 * the "per file" load. The jcr member is only set, if the init was successful.
102 jcr->compress_buf_size = jcr->buf_size + ((jcr->buf_size+999) / 1000) + 30;
103 jcr->compress_buf = get_memory(jcr->compress_buf_size);
106 z_stream *pZlibStream = (z_stream*)malloc(sizeof(z_stream));
108 pZlibStream->zalloc = Z_NULL;
109 pZlibStream->zfree = Z_NULL;
110 pZlibStream->opaque = Z_NULL;
111 pZlibStream->state = Z_NULL;
113 if (deflateInit(pZlibStream, Z_DEFAULT_COMPRESSION) == Z_OK) {
114 jcr->pZLIB_compress_workset = pZlibStream;
121 if (!crypto_session_start(jcr)) {
125 Dmsg1(300, "set_find_options ff=%p\n", jcr->ff);
126 set_find_options((FF_PKT *)jcr->ff, jcr->incremental, jcr->mtime);
127 Dmsg0(300, "start find files\n");
129 start_heartbeat_monitor(jcr);
131 jcr->acl_text = get_pool_memory(PM_MESSAGE);
133 /* Subroutine save_file() is called for each file */
134 if (!find_files(jcr, (FF_PKT *)jcr->ff, save_file, plugin_save)) {
135 ok = false; /* error */
136 set_jcr_job_status(jcr, JS_ErrorTerminated);
139 free_pool_memory(jcr->acl_text);
141 stop_heartbeat_monitor(jcr);
143 sd->signal(BNET_EOD); /* end of sending data */
149 if (jcr->compress_buf) {
150 free_pool_memory(jcr->compress_buf);
151 jcr->compress_buf = NULL;
153 if (jcr->pZLIB_compress_workset) {
154 /* Free the zlib stream */
156 deflateEnd((z_stream *)jcr->pZLIB_compress_workset);
158 free (jcr->pZLIB_compress_workset);
159 jcr->pZLIB_compress_workset = NULL;
161 crypto_session_end(jcr);
164 Dmsg1(100, "end blast_data ok=%d\n", ok);
168 static bool crypto_session_start(JCR *jcr)
170 crypto_cipher_t cipher = CRYPTO_CIPHER_AES_128_CBC;
173 * Create encryption session data and a cached, DER-encoded session data
174 * structure. We use a single session key for each backup, so we'll encode
175 * the session data only once.
177 if (jcr->crypto.pki_encrypt) {
180 /* Create per-job session encryption context */
181 jcr->crypto.pki_session = crypto_session_new(cipher, jcr->crypto.pki_recipients);
183 /* Get the session data size */
184 if (!crypto_session_encode(jcr->crypto.pki_session, (uint8_t *)0, &size)) {
185 Jmsg(jcr, M_FATAL, 0, _("An error occurred while encrypting the stream.\n"));
189 /* Allocate buffer */
190 jcr->crypto.pki_session_encoded = get_memory(size);
192 /* Encode session data */
193 if (!crypto_session_encode(jcr->crypto.pki_session, (uint8_t *)jcr->crypto.pki_session_encoded, &size)) {
194 Jmsg(jcr, M_FATAL, 0, _("An error occurred while encrypting the stream.\n"));
198 /* ... and store the encoded size */
199 jcr->crypto.pki_session_encoded_size = size;
201 /* Allocate the encryption/decryption buffer */
202 jcr->crypto.crypto_buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
207 static void crypto_session_end(JCR *jcr)
209 if (jcr->crypto.crypto_buf) {
210 free_pool_memory(jcr->crypto.crypto_buf);
211 jcr->crypto.crypto_buf = NULL;
213 if (jcr->crypto.pki_session) {
214 crypto_session_free(jcr->crypto.pki_session);
216 if (jcr->crypto.pki_session_encoded) {
217 free_pool_memory(jcr->crypto.pki_session_encoded);
218 jcr->crypto.pki_session_encoded = NULL;
222 static bool crypto_session_send(JCR *jcr, BSOCK *sd)
226 /* Send our header */
227 Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
228 sd->fsend("%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
231 sd->msg = jcr->crypto.pki_session_encoded;
232 sd->msglen = jcr->crypto.pki_session_encoded_size;
233 jcr->JobBytes += sd->msglen;
235 Dmsg1(100, "Send data len=%d\n", sd->msglen);
238 sd->signal(BNET_EOD);
242 int plugin_save(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
244 generate_plugin_event(jcr, bEventPluginCommand, (void *)ff_pkt->top_fname);
249 * Called here by find() for each file included.
250 * This is a callback. The original is find_files() above.
252 * Send the file and its data to the Storage daemon.
256 * -1 to ignore file/directory (not used here)
258 int save_file(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
260 bool do_read = false;
261 int stat, data_stream;
263 DIGEST *digest = NULL;
264 DIGEST *signing_digest = NULL;
265 int digest_stream = STREAM_NONE;
266 SIGNATURE *sig = NULL;
267 bool has_file_data = false;
268 // TODO landonf: Allow the user to specify the digest algorithm
270 crypto_digest_t signing_algorithm = CRYPTO_DIGEST_SHA256;
272 crypto_digest_t signing_algorithm = CRYPTO_DIGEST_SHA1;
274 BSOCK *sd = jcr->store_bsock;
276 if (job_canceled(jcr)) {
280 jcr->num_files_examined++; /* bump total file count */
282 switch (ff_pkt->type) {
283 case FT_LNKSAVED: /* Hard linked, file already saved */
284 Dmsg2(130, "FT_LNKSAVED hard link: %s => %s\n", ff_pkt->fname, ff_pkt->link);
287 Dmsg1(130, "FT_REGE saving: %s\n", ff_pkt->fname);
288 has_file_data = true;
291 Dmsg1(130, "FT_REG saving: %s\n", ff_pkt->fname);
292 has_file_data = true;
295 Dmsg2(130, "FT_LNK saving: %s -> %s\n", ff_pkt->fname, ff_pkt->link);
298 jcr->num_files_examined--; /* correct file count */
299 return 1; /* not used */
301 Jmsg(jcr, M_INFO, 1, _(" Recursion turned off. Will not descend from %s into %s\n"),
302 ff_pkt->top_fname, ff_pkt->fname);
303 ff_pkt->type = FT_DIREND; /* Backup only the directory entry */
306 /* Suppress message for /dev filesystems */
307 if (strncmp(ff_pkt->fname, "/dev/", 5) != 0) {
308 Jmsg(jcr, M_INFO, 1, _(" %s is a different filesystem. Will not descend from %s into %s\n"),
309 ff_pkt->fname, ff_pkt->top_fname, ff_pkt->fname);
311 ff_pkt->type = FT_DIREND; /* Backup only the directory entry */
314 Jmsg(jcr, M_INFO, 1, _(" Disallowed filesystem. Will not descend from %s into %s\n"),
315 ff_pkt->top_fname, ff_pkt->fname);
316 ff_pkt->type = FT_DIREND; /* Backup only the directory entry */
319 Jmsg(jcr, M_INFO, 1, _(" Disallowed drive type. Will not descend into %s\n"),
324 Dmsg1(130, "FT_DIREND: %s\n", ff_pkt->link);
327 Dmsg1(130, "FT_SPEC saving: %s\n", ff_pkt->fname);
328 if (S_ISSOCK(ff_pkt->statp.st_mode)) {
329 Jmsg(jcr, M_SKIPPED, 1, _(" Socket file skipped: %s\n"), ff_pkt->fname);
334 Dmsg1(130, "FT_RAW saving: %s\n", ff_pkt->fname);
335 has_file_data = true;
338 Dmsg1(130, "FT_FIFO saving: %s\n", ff_pkt->fname);
342 Jmsg(jcr, M_NOTSAVED, 0, _(" Could not access %s: ERR=%s\n"), ff_pkt->fname,
343 be.bstrerror(ff_pkt->ff_errno));
349 Jmsg(jcr, M_NOTSAVED, 0, _(" Could not follow link %s: ERR=%s\n"),
350 ff_pkt->fname, be.bstrerror(ff_pkt->ff_errno));
356 Jmsg(jcr, M_NOTSAVED, 0, _(" Could not stat %s: ERR=%s\n"), ff_pkt->fname,
357 be.bstrerror(ff_pkt->ff_errno));
363 Jmsg(jcr, M_SKIPPED, 1, _(" Unchanged file skipped: %s\n"), ff_pkt->fname);
366 Jmsg(jcr, M_NOTSAVED, 0, _(" Archive file not saved: %s\n"), ff_pkt->fname);
370 Jmsg(jcr, M_NOTSAVED, 0, _(" Could not open directory %s: ERR=%s\n"),
371 ff_pkt->fname, be.bstrerror(ff_pkt->ff_errno));
376 Jmsg(jcr, M_NOTSAVED, 0, _(" Unknown file type %d; not saved: %s\n"),
377 ff_pkt->type, ff_pkt->fname);
382 Dmsg1(130, "bfiled: sending %s to stored\n", ff_pkt->fname);
384 /* Digests and encryption are only useful if there's file data */
387 * Setup for digest handling. If this fails, the digest will be set to NULL
388 * and not used. Note, the digest (file hash) can be any one of the four
391 * The signing digest is a single algorithm depending on
392 * whether or not we have SHA2.
393 * ****FIXME**** the signing algoritm should really be
394 * determined a different way!!!!!! What happens if
395 * sha2 was available during backup but not restore?
397 if (ff_pkt->flags & FO_MD5) {
398 digest = crypto_digest_new(jcr, CRYPTO_DIGEST_MD5);
399 digest_stream = STREAM_MD5_DIGEST;
401 } else if (ff_pkt->flags & FO_SHA1) {
402 digest = crypto_digest_new(jcr, CRYPTO_DIGEST_SHA1);
403 digest_stream = STREAM_SHA1_DIGEST;
405 } else if (ff_pkt->flags & FO_SHA256) {
406 digest = crypto_digest_new(jcr, CRYPTO_DIGEST_SHA256);
407 digest_stream = STREAM_SHA256_DIGEST;
409 } else if (ff_pkt->flags & FO_SHA512) {
410 digest = crypto_digest_new(jcr, CRYPTO_DIGEST_SHA512);
411 digest_stream = STREAM_SHA512_DIGEST;
414 /* Did digest initialization fail? */
415 if (digest_stream != STREAM_NONE && digest == NULL) {
416 Jmsg(jcr, M_WARNING, 0, _("%s digest initialization failed\n"),
417 stream_to_ascii(digest_stream));
421 * Set up signature digest handling. If this fails, the signature digest will be set to
424 // TODO landonf: We should really only calculate the digest once, for both verification and signing.
425 if (jcr->crypto.pki_sign) {
426 signing_digest = crypto_digest_new(jcr, signing_algorithm);
428 /* Full-stop if a failure occurred initializing the signature digest */
429 if (signing_digest == NULL) {
430 Jmsg(jcr, M_NOTSAVED, 0, _("%s signature digest initialization failed\n"),
431 stream_to_ascii(signing_algorithm));
437 /* Enable encryption */
438 if (jcr->crypto.pki_encrypt) {
439 ff_pkt->flags |= FO_ENCRYPT;
443 /* Initialize the file descriptor we use for data and other streams. */
445 if (ff_pkt->flags & FO_PORTABLE) {
446 set_portable_backup(&ff_pkt->bfd); /* disable Win32 BackupRead() */
448 if (ff_pkt->cmd_plugin) {
449 if (!set_cmd_plugin(&ff_pkt->bfd, jcr)) {
452 send_plugin_name(jcr, sd, true); /* signal start of plugin data */
455 /* Send attributes -- must be done after binit() */
456 if (!encode_and_send_attributes(jcr, ff_pkt, data_stream)) {
460 /* Set up the encryption context and send the session data to the SD */
461 if (has_file_data && jcr->crypto.pki_encrypt) {
462 if (!crypto_session_send(jcr, sd)) {
468 * Open any file with data that we intend to save, then save it.
470 * Note, if is_win32_backup, we must open the Directory so that
471 * the BackupRead will save its permissions and ownership streams.
473 if (ff_pkt->type != FT_LNKSAVED && S_ISREG(ff_pkt->statp.st_mode)) {
475 do_read = !is_portable_backup(&ff_pkt->bfd) || ff_pkt->statp.st_size > 0;
477 do_read = ff_pkt->statp.st_size > 0;
479 } else if (ff_pkt->type == FT_RAW || ff_pkt->type == FT_FIFO ||
480 ff_pkt->type == FT_REPARSE ||
481 (!is_portable_backup(&ff_pkt->bfd) && ff_pkt->type == FT_DIREND)) {
484 if (ff_pkt->cmd_plugin) {
488 Dmsg1(100, "do_read=%d\n", do_read);
492 if (ff_pkt->type == FT_FIFO) {
493 tid = start_thread_timer(jcr, pthread_self(), 60);
497 int noatime = ff_pkt->flags & FO_NOATIME ? O_NOATIME : 0;
498 ff_pkt->bfd.reparse_point = ff_pkt->type == FT_REPARSE;
499 if (bopen(&ff_pkt->bfd, ff_pkt->fname, O_RDONLY | O_BINARY | noatime, 0) < 0) {
500 ff_pkt->ff_errno = errno;
502 Jmsg(jcr, M_NOTSAVED, 0, _(" Cannot open %s: ERR=%s.\n"), ff_pkt->fname,
506 stop_thread_timer(tid);
512 stop_thread_timer(tid);
516 stat = send_data(jcr, data_stream, ff_pkt, digest, signing_digest);
518 if (ff_pkt->flags & FO_CHKCHANGES) {
519 has_file_changed(jcr, ff_pkt);
522 bclose(&ff_pkt->bfd);
529 #ifdef HAVE_DARWIN_OS
530 /* Regular files can have resource forks and Finder Info */
531 if (ff_pkt->type != FT_LNKSAVED && (S_ISREG(ff_pkt->statp.st_mode) &&
532 ff_pkt->flags & FO_HFSPLUS)) {
533 if (ff_pkt->hfsinfo.rsrclength > 0) {
536 if (!bopen_rsrc(&ff_pkt->bfd, ff_pkt->fname, O_RDONLY | O_BINARY, 0) < 0) {
537 ff_pkt->ff_errno = errno;
539 Jmsg(jcr, M_NOTSAVED, -1, _(" Cannot open resource fork for %s: ERR=%s.\n"),
540 ff_pkt->fname, be.bstrerror());
542 if (is_bopen(&ff_pkt->bfd)) {
543 bclose(&ff_pkt->bfd);
547 flags = ff_pkt->flags;
548 ff_pkt->flags &= ~(FO_GZIP|FO_SPARSE);
549 if (flags & FO_ENCRYPT) {
550 rsrc_stream = STREAM_ENCRYPTED_MACOS_FORK_DATA;
552 rsrc_stream = STREAM_MACOS_FORK_DATA;
554 stat = send_data(jcr, rsrc_stream, ff_pkt, digest, signing_digest);
555 ff_pkt->flags = flags;
556 bclose(&ff_pkt->bfd);
562 Dmsg1(300, "Saving Finder Info for \"%s\"\n", ff_pkt->fname);
563 sd->fsend("%ld %d 0", jcr->JobFiles, STREAM_HFSPLUS_ATTRIBUTES);
564 Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
565 memcpy(sd->msg, ff_pkt->hfsinfo.fndrinfo, 32);
568 crypto_digest_update(digest, (uint8_t *)sd->msg, sd->msglen);
570 if (signing_digest) {
571 crypto_digest_update(signing_digest, (uint8_t *)sd->msg, sd->msglen);
574 sd->signal(BNET_EOD);
578 if (ff_pkt->flags & FO_ACL) {
579 /* Read access ACLs for files, dirs and links */
580 if (!read_and_send_acl(jcr, BACL_TYPE_ACCESS, STREAM_UNIX_ACCESS_ACL)) {
583 /* Directories can have default ACLs too */
584 if (ff_pkt->type == FT_DIREND && (BACL_CAP & BACL_CAP_DEFAULTS_DIR)) {
585 if (!read_and_send_acl(jcr, BACL_TYPE_DEFAULT, STREAM_UNIX_DEFAULT_ACL)) {
591 /* Terminate the signing digest and send it to the Storage daemon */
592 if (signing_digest) {
595 if ((sig = crypto_sign_new(jcr)) == NULL) {
596 Jmsg(jcr, M_FATAL, 0, _("Failed to allocate memory for crypto signature.\n"));
600 if (!crypto_sign_add_signer(sig, signing_digest, jcr->crypto.pki_keypair)) {
601 Jmsg(jcr, M_FATAL, 0, _("An error occurred while signing the stream.\n"));
605 /* Get signature size */
606 if (!crypto_sign_encode(sig, NULL, &size)) {
607 Jmsg(jcr, M_FATAL, 0, _("An error occurred while signing the stream.\n"));
611 /* Grow the bsock buffer to fit our message if necessary */
612 if (sizeof_pool_memory(sd->msg) < (int32_t)size) {
613 sd->msg = realloc_pool_memory(sd->msg, size);
616 /* Send our header */
617 sd->fsend("%ld %d 0", jcr->JobFiles, STREAM_SIGNED_DIGEST);
618 Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
620 /* Encode signature data */
621 if (!crypto_sign_encode(sig, (uint8_t *)sd->msg, &size)) {
622 Jmsg(jcr, M_FATAL, 0, _("An error occurred while signing the stream.\n"));
628 sd->signal(BNET_EOD); /* end of checksum */
631 /* Terminate any digest and send it to Storage daemon */
635 sd->fsend("%ld %d 0", jcr->JobFiles, digest_stream);
636 Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
638 size = CRYPTO_DIGEST_MAX_SIZE;
640 /* Grow the bsock buffer to fit our message if necessary */
641 if (sizeof_pool_memory(sd->msg) < (int32_t)size) {
642 sd->msg = realloc_pool_memory(sd->msg, size);
645 if (!crypto_digest_finalize(digest, (uint8_t *)sd->msg, &size)) {
646 Jmsg(jcr, M_FATAL, 0, _("An error occurred finalizing signing the stream.\n"));
652 sd->signal(BNET_EOD); /* end of checksum */
654 if (ff_pkt->cmd_plugin) {
655 send_plugin_name(jcr, sd, false); /* signal end of plugin data */
659 rtnstat = 1; /* good return */
663 crypto_digest_free(digest);
665 if (signing_digest) {
666 crypto_digest_free(signing_digest);
669 crypto_sign_free(sig);
675 * Send data read from an already open file descriptor.
677 * We return 1 on sucess and 0 on errors.
680 * We use ff_pkt->statp.st_size when FO_SPARSE to know when to stop
682 * Currently this is not a problem as the only other stream, resource forks,
683 * are not handled as sparse files.
685 int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest,
686 DIGEST *signing_digest)
688 BSOCK *sd = jcr->store_bsock;
689 uint64_t fileAddr = 0; /* file address */
691 int32_t rsize = jcr->buf_size; /* read buffer size */
693 CIPHER_CONTEXT *cipher_ctx = NULL; /* Quell bogus uninitialized warnings */
694 const uint8_t *cipher_input;
695 uint32_t cipher_input_len;
696 uint32_t cipher_block_size;
697 uint32_t encrypted_len;
698 #ifdef FD_NO_SEND_TEST
703 rbuf = sd->msg; /* read buffer */
704 wbuf = sd->msg; /* write buffer */
705 cipher_input = (uint8_t *)rbuf; /* encrypt uncompressed data */
707 Dmsg1(300, "Saving data, type=%d\n", ff_pkt->type);
710 uLong compress_len = 0;
711 uLong max_compress_len = 0;
712 const Bytef *cbuf = NULL;
715 if (ff_pkt->flags & FO_GZIP) {
716 if (ff_pkt->flags & FO_SPARSE) {
717 cbuf = (Bytef *)jcr->compress_buf + SPARSE_FADDR_SIZE;
718 max_compress_len = jcr->compress_buf_size - SPARSE_FADDR_SIZE;
720 cbuf = (Bytef *)jcr->compress_buf;
721 max_compress_len = jcr->compress_buf_size; /* set max length */
723 wbuf = jcr->compress_buf; /* compressed output here */
724 cipher_input = (uint8_t *)jcr->compress_buf; /* encrypt compressed data */
727 * Only change zlib parameters if there is no pending operation.
728 * This should never happen as deflatereset is called after each
732 if (((z_stream*)jcr->pZLIB_compress_workset)->total_in == 0) {
733 /* set gzip compression level - must be done per file */
734 if ((zstat=deflateParams((z_stream*)jcr->pZLIB_compress_workset,
735 ff_pkt->GZIP_level, Z_DEFAULT_STRATEGY)) != Z_OK) {
736 Jmsg(jcr, M_FATAL, 0, _("Compression deflateParams error: %d\n"), zstat);
737 set_jcr_job_status(jcr, JS_ErrorTerminated);
743 const uint32_t max_compress_len = 0;
746 if (ff_pkt->flags & FO_ENCRYPT) {
747 if (ff_pkt->flags & FO_SPARSE) {
748 Jmsg0(jcr, M_FATAL, 0, _("Encrypting sparse data not supported.\n"));
751 /* Allocate the cipher context */
752 if ((cipher_ctx = crypto_cipher_new(jcr->crypto.pki_session, true,
753 &cipher_block_size)) == NULL) {
754 /* Shouldn't happen! */
755 Jmsg0(jcr, M_FATAL, 0, _("Failed to initialize encryption context.\n"));
760 * Grow the crypto buffer, if necessary.
761 * crypto_cipher_update() will buffer up to (cipher_block_size - 1).
762 * We grow crypto_buf to the maximum number of blocks that
763 * could be returned for the given read buffer size.
764 * (Using the larger of either rsize or max_compress_len)
766 jcr->crypto.crypto_buf = check_pool_memory_size(jcr->crypto.crypto_buf,
767 (MAX(rsize + (int)sizeof(uint32_t), (int32_t)max_compress_len) +
768 cipher_block_size - 1) / cipher_block_size * cipher_block_size);
770 wbuf = jcr->crypto.crypto_buf; /* Encrypted, possibly compressed output here. */
774 * Send Data header to Storage daemon
775 * <file-index> <stream> <info>
777 if (!sd->fsend("%ld %d 0", jcr->JobFiles, stream)) {
778 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
782 Dmsg1(300, ">stored: datahdr %s\n", sd->msg);
785 * Make space at beginning of buffer for fileAddr because this
786 * same buffer will be used for writing if compression is off.
788 if (ff_pkt->flags & FO_SPARSE) {
789 rbuf += SPARSE_FADDR_SIZE;
790 rsize -= SPARSE_FADDR_SIZE;
791 #ifdef HAVE_FREEBSD_OS
793 * To read FreeBSD partitions, the read size must be
796 rsize = (rsize/512) * 512;
800 /* a RAW device read on win32 only works if the buffer is a multiple of 512 */
802 if (S_ISBLK(ff_pkt->statp.st_mode))
803 rsize = (rsize/512) * 512;
809 while ((sd->msglen=(uint32_t)bread(&ff_pkt->bfd, rbuf, rsize)) > 0) {
811 /* Check for sparse blocks */
812 if (ff_pkt->flags & FO_SPARSE) {
814 bool haveBlock = true;
815 if (sd->msglen == rsize &&
816 fileAddr+sd->msglen < (uint64_t)ff_pkt->statp.st_size ||
817 ((ff_pkt->type == FT_RAW || ff_pkt->type == FT_FIFO) &&
818 (uint64_t)ff_pkt->statp.st_size == 0)) {
819 haveBlock = !is_buf_zero(rbuf, rsize);
822 ser_begin(wbuf, SPARSE_FADDR_SIZE);
823 ser_uint64(fileAddr); /* store fileAddr in begin of buffer */
825 fileAddr += sd->msglen; /* update file address */
827 continue; /* skip block of zeros */
831 jcr->ReadBytes += sd->msglen; /* count bytes read */
833 /* Uncompressed cipher input length */
834 cipher_input_len = sd->msglen;
836 /* Update checksum if requested */
838 crypto_digest_update(digest, (uint8_t *)rbuf, sd->msglen);
841 /* Update signing digest if requested */
842 if (signing_digest) {
843 crypto_digest_update(signing_digest, (uint8_t *)rbuf, sd->msglen);
847 /* Do compression if turned on */
848 if (ff_pkt->flags & FO_GZIP && jcr->pZLIB_compress_workset) {
849 Dmsg3(400, "cbuf=0x%x rbuf=0x%x len=%u\n", cbuf, rbuf, sd->msglen);
851 ((z_stream*)jcr->pZLIB_compress_workset)->next_in = (Bytef *)rbuf;
852 ((z_stream*)jcr->pZLIB_compress_workset)->avail_in = sd->msglen;
853 ((z_stream*)jcr->pZLIB_compress_workset)->next_out = (Bytef *)cbuf;
854 ((z_stream*)jcr->pZLIB_compress_workset)->avail_out = max_compress_len;
856 if ((zstat=deflate((z_stream*)jcr->pZLIB_compress_workset, Z_FINISH)) != Z_STREAM_END) {
857 Jmsg(jcr, M_FATAL, 0, _("Compression deflate error: %d\n"), zstat);
858 set_jcr_job_status(jcr, JS_ErrorTerminated);
861 compress_len = ((z_stream*)jcr->pZLIB_compress_workset)->total_out;
862 /* reset zlib stream to be able to begin from scratch again */
863 if ((zstat=deflateReset((z_stream*)jcr->pZLIB_compress_workset)) != Z_OK) {
864 Jmsg(jcr, M_FATAL, 0, _("Compression deflateReset error: %d\n"), zstat);
865 set_jcr_job_status(jcr, JS_ErrorTerminated);
869 Dmsg2(400, "compressed len=%d uncompressed len=%d\n", compress_len,
872 sd->msglen = compress_len; /* set compressed length */
873 cipher_input_len = compress_len;
877 * Note, here we prepend the current record length to the beginning
878 * of the encrypted data. This is because both sparse and compression
879 * restore handling want records returned to them with exactly the
880 * same number of bytes that were processed in the backup handling.
881 * That is, both are block filters rather than a stream. When doing
882 * compression, the compression routines may buffer data, so that for
883 * any one record compressed, when it is decompressed the same size
884 * will not be obtained. Of course, the buffered data eventually comes
885 * out in subsequent crypto_cipher_update() calls or at least
886 * when crypto_cipher_finalize() is called. Unfortunately, this
887 * "feature" of encryption enormously complicates the restore code.
889 if (ff_pkt->flags & FO_ENCRYPT) {
890 uint32_t initial_len = 0;
893 if (ff_pkt->flags & FO_SPARSE) {
894 cipher_input_len += SPARSE_FADDR_SIZE;
897 /* Encrypt the length of the input block */
898 uint8_t packet_len[sizeof(uint32_t)];
900 ser_begin(packet_len, sizeof(uint32_t));
901 ser_uint32(cipher_input_len); /* store data len in begin of buffer */
902 Dmsg1(20, "Encrypt len=%d\n", cipher_input_len);
904 if (!crypto_cipher_update(cipher_ctx, packet_len, sizeof(packet_len),
905 (uint8_t *)jcr->crypto.crypto_buf, &initial_len)) {
906 /* Encryption failed. Shouldn't happen. */
907 Jmsg(jcr, M_FATAL, 0, _("Encryption error\n"));
911 /* Encrypt the input block */
912 if (crypto_cipher_update(cipher_ctx, cipher_input, cipher_input_len,
913 (uint8_t *)&jcr->crypto.crypto_buf[initial_len], &encrypted_len)) {
914 if ((initial_len + encrypted_len) == 0) {
915 /* No full block of data available, read more data */
918 Dmsg2(400, "encrypted len=%d unencrypted len=%d\n", encrypted_len,
920 sd->msglen = initial_len + encrypted_len; /* set encrypted length */
922 /* Encryption failed. Shouldn't happen. */
923 Jmsg(jcr, M_FATAL, 0, _("Encryption error\n"));
928 /* Send the buffer to the Storage daemon */
929 if (ff_pkt->flags & FO_SPARSE) {
930 sd->msglen += SPARSE_FADDR_SIZE; /* include fileAddr in size */
932 sd->msg = wbuf; /* set correct write buffer */
934 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
938 Dmsg1(130, "Send data to SD len=%d\n", sd->msglen);
940 jcr->JobBytes += sd->msglen; /* count bytes saved possibly compressed/encrypted */
941 sd->msg = msgsave; /* restore read buffer */
943 } /* end while read file data */
945 if (sd->msglen < 0) { /* error */
947 Jmsg(jcr, M_ERROR, 0, _("Read error on file %s. ERR=%s\n"),
948 ff_pkt->fname, be.bstrerror(ff_pkt->bfd.berrno));
949 if (jcr->Errors++ > 1000) { /* insanity check */
950 Jmsg(jcr, M_FATAL, 0, _("Too many errors.\n"));
952 } else if (ff_pkt->flags & FO_ENCRYPT) {
954 * For encryption, we must call finalize to push out any
957 if (!crypto_cipher_finalize(cipher_ctx, (uint8_t *)jcr->crypto.crypto_buf,
959 /* Padding failed. Shouldn't happen. */
960 Jmsg(jcr, M_FATAL, 0, _("Encryption padding error\n"));
964 /* Note, on SSL pre-0.9.7, there is always some output */
965 if (encrypted_len > 0) {
966 sd->msglen = encrypted_len; /* set encrypted length */
967 sd->msg = jcr->crypto.crypto_buf; /* set correct write buffer */
969 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
973 Dmsg1(130, "Send data to SD len=%d\n", sd->msglen);
974 jcr->JobBytes += sd->msglen; /* count bytes saved possibly compressed/encrypted */
975 sd->msg = msgsave; /* restore bnet buffer */
979 if (!sd->signal(BNET_EOD)) { /* indicate end of file data */
980 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
985 /* Free the cipher context */
987 crypto_cipher_free(cipher_ctx);
992 /* Free the cipher context */
994 crypto_cipher_free(cipher_ctx);
997 sd->msg = msgsave; /* restore bnet buffer */
1003 * Read and send an ACL for the last encountered file.
1005 static bool read_and_send_acl(JCR *jcr, int acltype, int stream)
1008 BSOCK *sd = jcr->store_bsock;
1011 #ifdef FD_NO_SEND_TEST
1015 len = bacl_get(jcr, acltype);
1017 Jmsg1(jcr, M_WARNING, 0, _("Error reading ACL of %s\n"), jcr->last_fname);
1021 return true; /* no ACL */
1025 if (!sd->fsend("%ld %d 0", jcr->JobFiles, stream)) {
1026 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
1031 /* Send the buffer to the storage deamon */
1032 Dmsg2(400, "Backing up ACL type 0x%2x <%s>\n", acltype, jcr->acl_text);
1034 sd->msg = jcr->acl_text;
1035 sd->msglen = len + 1;
1039 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
1044 jcr->JobBytes += sd->msglen;
1046 if (!sd->signal(BNET_EOD)) {
1047 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
1052 Dmsg1(200, "ACL of file: %s successfully backed up!\n", jcr->last_fname);
1057 static bool encode_and_send_attributes(JCR *jcr, FF_PKT *ff_pkt, int &data_stream)
1059 BSOCK *sd = jcr->store_bsock;
1060 char attribs[MAXSTRING];
1061 char attribsEx[MAXSTRING];
1064 #ifdef FD_NO_SEND_TEST
1068 Dmsg1(300, "encode_and_send_attrs fname=%s\n", ff_pkt->fname);
1069 /* Find what data stream we will use, then encode the attributes */
1070 if ((data_stream = select_data_stream(ff_pkt)) == STREAM_NONE) {
1071 /* This should not happen */
1072 Jmsg0(jcr, M_FATAL, 0, _("Invalid file flags, no supported data stream type.\n"));
1075 encode_stat(attribs, ff_pkt, data_stream);
1077 /* Now possibly extend the attributes */
1078 attr_stream = encode_attribsEx(jcr, attribsEx, ff_pkt);
1080 Dmsg3(300, "File %s\nattribs=%s\nattribsEx=%s\n", ff_pkt->fname, attribs, attribsEx);
1083 jcr->JobFiles++; /* increment number of files sent */
1084 ff_pkt->FileIndex = jcr->JobFiles; /* return FileIndex */
1085 pm_strcpy(jcr->last_fname, ff_pkt->fname);
1089 * Send Attributes header to Storage daemon
1090 * <file-index> <stream> <info>
1092 if (!sd->fsend("%ld %d 0", jcr->JobFiles, attr_stream)) {
1093 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
1097 Dmsg1(300, ">stored: attrhdr %s\n", sd->msg);
1100 * Send file attributes to Storage daemon
1103 * Filename (full path)
1104 * Encoded attributes
1105 * Link name (if type==FT_LNK or FT_LNKSAVED)
1106 * Encoded extended-attributes (for Win32)
1108 * For a directory, link is the same as fname, but with trailing
1109 * slash. For a linked file, link is the link.
1112 if (ff_pkt->type == FT_LNK || ff_pkt->type == FT_LNKSAVED) {
1113 Dmsg2(300, "Link %s to %s\n", ff_pkt->fname, ff_pkt->link);
1114 stat = sd->fsend("%ld %d %s%c%s%c%s%c%s%c", jcr->JobFiles,
1115 ff_pkt->type, ff_pkt->fname, 0, attribs, 0, ff_pkt->link, 0,
1117 } else if (ff_pkt->type == FT_DIREND || ff_pkt->type == FT_REPARSE) {
1118 /* Here link is the canonical filename (i.e. with trailing slash) */
1119 stat = sd->fsend("%ld %d %s%c%s%c%c%s%c", jcr->JobFiles,
1120 ff_pkt->type, ff_pkt->link, 0, attribs, 0, 0, attribsEx, 0);
1122 stat = sd->fsend("%ld %d %s%c%s%c%c%s%c", jcr->JobFiles,
1123 ff_pkt->type, ff_pkt->fname, 0, attribs, 0, 0, attribsEx, 0);
1125 unstrip_path(ff_pkt);
1127 Dmsg2(300, ">stored: attr len=%d: %s\n", sd->msglen, sd->msg);
1129 Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
1133 sd->signal(BNET_EOD); /* indicate end of attributes data */
1138 * Do in place strip of path
1140 static bool do_strip(int count, char *in)
1146 /* Copy to first path separator -- Win32 might have c: ... */
1147 while (*in && !IsPathSeparator(*in)) {
1151 numsep++; /* one separator seen */
1152 for (stripped=0; stripped<count && *in; stripped++) {
1153 while (*in && !IsPathSeparator(*in)) {
1154 in++; /* skip chars */
1157 numsep++; /* count separators seen */
1158 in++; /* skip separator */
1162 while (*in) { /* copy to end */
1163 if (IsPathSeparator(*in)) {
1169 Dmsg4(500, "stripped=%d count=%d numsep=%d sep>count=%d\n",
1170 stripped, count, numsep, numsep>count);
1171 return stripped==count && numsep>count;
1175 * If requested strip leading components of the path
1177 static void strip_path(FF_PKT *ff_pkt)
1179 if (!(ff_pkt->flags & FO_STRIPPATH) || ff_pkt->strip_path <= 0) {
1180 Dmsg1(200, "No strip for %s\n", ff_pkt->fname);
1183 if (!ff_pkt->fname_save) {
1184 ff_pkt->fname_save = get_pool_memory(PM_FNAME);
1185 ff_pkt->link_save = get_pool_memory(PM_FNAME);
1187 pm_strcpy(ff_pkt->fname_save, ff_pkt->fname);
1190 * Strip path. If it doesn't succeed put it back. If
1191 * it does, and there is a different link string,
1192 * attempt to strip the link. If it fails, back them
1194 * Do not strip symlinks.
1195 * I.e. if either stripping fails don't strip anything.
1197 if (do_strip(ff_pkt->strip_path, ff_pkt->fname)) {
1198 /* Strip links but not symlinks */
1199 if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
1200 pm_strcpy(ff_pkt->link_save, ff_pkt->link);
1201 if (!do_strip(ff_pkt->strip_path, ff_pkt->link)) {
1202 pm_strcpy(ff_pkt->link, ff_pkt->link_save);
1203 pm_strcpy(ff_pkt->fname, ff_pkt->fname_save);
1207 pm_strcpy(ff_pkt->fname, ff_pkt->fname_save);
1209 Dmsg2(200, "fname=%s stripped=%s\n", ff_pkt->fname_save, ff_pkt->fname);
1212 static void unstrip_path(FF_PKT *ff_pkt)
1214 if (!(ff_pkt->flags & FO_STRIPPATH) || ff_pkt->strip_path <= 0) {
1217 pm_strcpy(ff_pkt->fname, ff_pkt->fname_save);
1218 if (ff_pkt->type != FT_LNK && ff_pkt->fname != ff_pkt->link) {
1219 pm_strcpy(ff_pkt->link, ff_pkt->link_save);