2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2012 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon restore.c Restorefiles.
31 * Kern Sibbald, November MM
42 const bool have_darwin_os = true;
44 const bool have_darwin_os = false;
47 #if defined(HAVE_CRYPTO)
48 const bool have_crypto = true;
50 const bool have_crypto = false;
54 const bool have_acl = true;
56 const bool have_acl = false;
60 const bool have_sha2 = true;
62 const bool have_sha2 = false;
65 #if defined(HAVE_XATTR)
66 const bool have_xattr = true;
68 const bool have_xattr = false;
72 * Data received from Storage Daemon
74 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
77 * Forward referenced functions
79 #if defined(HAVE_LIBZ)
80 static const char *zlib_strerror(int stat);
81 const bool have_libz = true;
83 const bool have_libz = false;
86 const bool have_lzo = true;
88 const bool have_lzo = false;
91 static void deallocate_cipher(r_ctx &rctx);
92 static void deallocate_fork_cipher(r_ctx &rctx);
93 static void free_signature(r_ctx &rctx);
94 static void free_session(r_ctx &rctx);
95 static bool close_previous_stream(JCR *jcr, r_ctx &rctx);
96 static bool verify_signature(JCR *jcr, r_ctx &rctx);
97 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
98 uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx);
99 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
100 RESTORE_CIPHER_CTX *cipher_ctx);
103 * Close a bfd check that we are at the expected file offset.
104 * Makes use of some code from set_attributes().
106 static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
108 char ec1[50], ec2[50];
111 fsize = blseek(bfd, 0, SEEK_CUR);
113 if (fsize > 0 && fsize != osize) {
114 Qmsg3(jcr, M_WARNING, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
115 jcr->last_fname, edit_uint64(osize, ec1),
116 edit_uint64(fsize, ec2));
122 #ifdef HAVE_DARWIN_OS
123 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
125 struct attrlist attrList;
127 memset(&attrList, 0, sizeof(attrList));
128 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
129 attrList.commonattr = ATTR_CMN_FNDRINFO;
131 Dmsg0(130, "Restoring Finder Info\n");
132 jcr->ff->flags |= FO_HFSPLUS;
134 Jmsg(jcr, M_WARNING, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
138 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
139 Jmsg(jcr, M_WARNING, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
146 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
153 * Cleanup of delayed restore stack with streams for later
156 static inline void drop_delayed_restore_streams(r_ctx &rctx, bool reuse)
158 RESTORE_DATA_STREAM *rds;
160 if (!rctx.delayed_streams ||
161 rctx.delayed_streams->empty()) {
165 foreach_alist(rds, rctx.delayed_streams) {
169 rctx.delayed_streams->destroy();
171 rctx.delayed_streams->init(10, owned_by_alist);
176 * Push a data stream onto the delayed restore stack for
179 static inline void push_delayed_restore_stream(r_ctx &rctx, BSOCK *sd)
181 RESTORE_DATA_STREAM *rds;
183 if (!rctx.delayed_streams) {
184 rctx.delayed_streams = New(alist(10, owned_by_alist));
187 rds = (RESTORE_DATA_STREAM *)malloc(sizeof(RESTORE_DATA_STREAM));
188 rds->stream = rctx.stream;
189 rds->content = (char *)malloc(sd->msglen);
190 memcpy(rds->content, sd->msg, sd->msglen);
191 rds->content_length = sd->msglen;
193 rctx.delayed_streams->append(rds);
197 * Perform a restore of an ACL using the stream received.
198 * This can either be a delayed restore or direct restore.
200 static inline bool do_restore_acl(JCR *jcr,
203 switch (parse_acl_streams(jcr, stream)) {
204 case bacl_exit_fatal:
206 case bacl_exit_error:
208 * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
209 * print the error message set by the lower level routine in jcr->errmsg.
211 if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
212 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
214 jcr->acl_data->nr_errors++;
223 * Perform a restore of an XATTR using the stream received.
224 * This can either be a delayed restore or direct restore.
226 static inline bool do_restore_xattr(JCR *jcr,
229 switch (parse_xattr_streams(jcr, stream)) {
230 case bxattr_exit_fatal:
232 case bxattr_exit_error:
234 * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
235 * print the error message set by the lower level routine in jcr->errmsg.
237 if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
238 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
240 jcr->xattr_data->nr_errors++;
249 * Restore any data streams that are restored after the file
250 * is fully restored and has its attributes restored. Things
251 * like acls and xattr are restored after we set the file
252 * attributes otherwise we might clear some security flags
253 * by setting the attributes.
255 static inline bool pop_delayed_data_streams(JCR *jcr, r_ctx &rctx)
257 RESTORE_DATA_STREAM *rds;
260 * See if there is anything todo.
262 if (!rctx.delayed_streams ||
263 rctx.delayed_streams->empty()) {
268 * Only process known delayed data streams here.
269 * If you start using more delayed data streams
270 * be sure to add them in this loop and add the
273 * Currently we support delayed data stream
274 * processing for the following type of streams:
278 foreach_alist(rds, rctx.delayed_streams) {
279 switch (rds->stream) {
280 case STREAM_UNIX_ACCESS_ACL:
281 case STREAM_UNIX_DEFAULT_ACL:
282 case STREAM_ACL_AIX_TEXT:
283 case STREAM_ACL_DARWIN_ACCESS_ACL:
284 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
285 case STREAM_ACL_FREEBSD_ACCESS_ACL:
286 case STREAM_ACL_HPUX_ACL_ENTRY:
287 case STREAM_ACL_IRIX_DEFAULT_ACL:
288 case STREAM_ACL_IRIX_ACCESS_ACL:
289 case STREAM_ACL_LINUX_DEFAULT_ACL:
290 case STREAM_ACL_LINUX_ACCESS_ACL:
291 case STREAM_ACL_TRU64_DEFAULT_ACL:
292 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
293 case STREAM_ACL_TRU64_ACCESS_ACL:
294 case STREAM_ACL_SOLARIS_ACLENT:
295 case STREAM_ACL_SOLARIS_ACE:
296 case STREAM_ACL_AFS_TEXT:
297 case STREAM_ACL_AIX_AIXC:
298 case STREAM_ACL_AIX_NFS4:
299 case STREAM_ACL_FREEBSD_NFS4_ACL:
300 pm_memcpy(jcr->acl_data->content, rds->content, rds->content_length);
301 jcr->acl_data->content_length = rds->content_length;
302 if (!do_restore_acl(jcr, rds->stream)) {
307 case STREAM_XATTR_IRIX:
308 case STREAM_XATTR_TRU64:
309 case STREAM_XATTR_AIX:
310 case STREAM_XATTR_OPENBSD:
311 case STREAM_XATTR_SOLARIS_SYS:
312 case STREAM_XATTR_DARWIN:
313 case STREAM_XATTR_FREEBSD:
314 case STREAM_XATTR_LINUX:
315 case STREAM_XATTR_NETBSD:
316 pm_memcpy(jcr->xattr_data->content, rds->content, rds->content_length);
317 jcr->xattr_data->content_length = rds->content_length;
318 if (!do_restore_xattr(jcr, rds->stream)) {
324 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
331 * We processed the stack so we can destroy it.
333 rctx.delayed_streams->destroy();
336 * (Re)Initialize the stack for a new use.
338 rctx.delayed_streams->init(10, owned_by_alist);
345 * Destroy the content of the stack and (re)initialize it for a new use.
347 drop_delayed_restore_streams(rctx, true);
353 * Restore the requested files.
355 void do_restore(JCR *jcr)
358 uint32_t VolSessionId, VolSessionTime;
360 char ec1[50]; /* Buffer printing huge values */
361 uint32_t buf_size; /* client buffer size */
363 int64_t rsrc_len = 0; /* Original length of resource fork */
366 /* ***FIXME*** make configurable */
367 crypto_digest_t signing_algorithm = have_sha2 ?
368 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
369 memset(&rctx, 0, sizeof(rctx));
373 * The following variables keep track of "known unknowns"
375 int non_support_data = 0;
376 int non_support_attr = 0;
377 int non_support_rsrc = 0;
378 int non_support_finfo = 0;
379 int non_support_acl = 0;
380 int non_support_progname = 0;
381 int non_support_crypto = 0;
382 int non_support_xattr = 0;
384 sd = jcr->store_bsock;
385 jcr->setJobStatus(JS_Running);
388 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
391 buf_size = client->max_network_buffer_size;
393 buf_size = 0; /* use default */
395 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
396 jcr->setJobStatus(JS_ErrorTerminated);
399 jcr->buf_size = sd->msglen;
402 * St Bernard code goes here if implemented -- see end of file
405 /* use the same buffer size to decompress both gzip and lzo */
406 if (have_libz || have_lzo) {
407 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
408 jcr->compress_buf = get_memory(compress_buf_size);
409 jcr->compress_buf_size = compress_buf_size;
413 if (lzo_init() != LZO_E_OK) {
414 Jmsg(jcr, M_FATAL, 0, _("LZO init failed\n"));
420 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
421 if (have_darwin_os) {
422 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
427 * Get a record from the Storage daemon. We are guaranteed to
428 * receive records in the following order:
429 * 1. Stream record header
430 * 2. Stream data (one or more of the following in the order given)
431 * a. Attributes (Unix or Win32)
432 * b. Possibly stream encryption session data (e.g., symmetric session key)
433 * c. File data for the file
434 * d. Alternate data stream (e.g. Resource Fork)
438 * h. Possibly a cryptographic signature
439 * i. Possibly MD5 or SHA1 record
442 * NOTE: We keep track of two bacula file descriptors:
443 * 1. bfd for file data.
444 * This fd is opened for non empty files when an attribute stream is
445 * encountered and closed when we find the next attribute stream.
446 * 2. fork_bfd for alternate data streams
447 * This fd is opened every time we encounter a new alternate data
448 * stream for the current file. When we find any other stream, we
450 * The expected size of the stream, fork_len, should be set when
452 * 3. Not all the stream data records are required -- e.g. if there
453 * is no fork, there is no alternate data stream, no ACL, ...
456 binit(&rctx.forkbfd);
457 attr = rctx.attr = new_attr(jcr);
459 jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
460 memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t));
461 jcr->acl_data->content = get_pool_memory(PM_MESSAGE);
464 jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
465 memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t));
466 jcr->xattr_data->content = get_pool_memory(PM_MESSAGE);
469 while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
471 * Remember previous stream type
473 rctx.prev_stream = rctx.stream;
476 * First we expect a Stream Record Header
478 if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
479 &rctx.full_stream, &rctx.size) != 5) {
480 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
483 /* Strip off new stream high bits */
484 rctx.stream = rctx.full_stream & STREAMMASK_TYPE;
485 Dmsg5(150, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
486 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
489 * Now we expect the Stream Data
491 if (bget_msg(sd) < 0) {
492 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
495 if (rctx.size != (uint32_t)sd->msglen) {
496 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
497 sd->msglen, rctx.size);
498 Dmsg2(50, "Actual data size %d not same as header %d\n",
499 sd->msglen, rctx.size);
502 Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
503 sd->msglen, rctx.extract);
506 * If we change streams, close and reset alternate data streams
508 if (rctx.prev_stream != rctx.stream) {
509 if (is_bopen(&rctx.forkbfd)) {
510 deallocate_fork_cipher(rctx);
511 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
514 * Use an impossible value and set a proper one below
521 * File Attributes stream
523 switch (rctx.stream) {
524 case STREAM_UNIX_ATTRIBUTES:
525 case STREAM_UNIX_ATTRIBUTES_EX:
527 * if any previous stream open, close it
529 if (!close_previous_stream(jcr, rctx)) {
534 * TODO: manage deleted files
536 if (rctx.type == FT_DELETED) { /* deleted file */
540 * Restore objects should be ignored here -- they are
541 * returned at the beginning of the restore.
543 if (IS_FT_OBJECT(rctx.type)) {
548 * Unpack attributes and do sanity check them
550 if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) {
554 Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
555 attr->attr, attr->attrEx);
556 Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen,
557 strlen(attr->attrEx), sd->msg);
559 attr->data_stream = decode_stat(attr->attr, &attr->statp, sizeof(attr->statp), &attr->LinkFI);
561 if (!is_restore_stream_supported(attr->data_stream)) {
562 if (!non_support_data++) {
563 Jmsg(jcr, M_WARNING, 0, _("%s stream not supported on this Client.\n"),
564 stream_to_ascii(attr->data_stream));
569 build_attr_output_fnames(jcr, attr);
572 * Try to actually create the file, which returns a status telling
573 * us if we need to extract or not.
575 jcr->num_files_examined++;
576 rctx.extract = false;
577 stat = CF_CORE; /* By default, let Bacula's core handle it */
580 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
583 if (stat == CF_CORE) {
584 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
587 pm_strcpy(jcr->last_fname, attr->ofname);
588 jcr->last_type = attr->type;
590 Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
598 * File created and we expect file data
606 * File created, but there is no content
609 print_ls_output(jcr, attr);
611 if (have_darwin_os) {
613 * Only restore the resource fork for regular files
615 from_base64(&rsrc_len, attr->attrEx);
616 if (attr->type == FT_REG && rsrc_len > 0) {
621 * Do not count the resource forks as regular files being restored.
632 * set attributes now because file will not be extracted
635 plugin_set_attributes(jcr, attr, &rctx.bfd);
637 set_attributes(jcr, attr, &rctx.bfd);
647 case STREAM_ENCRYPTED_SESSION_DATA:
648 crypto_error_t cryptoerr;
651 * Is this an unexpected session data entry?
654 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
655 rctx.extract = false;
661 * Do we have any keys at all?
663 if (!jcr->crypto.pki_recipients) {
664 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
665 rctx.extract = false;
670 if (jcr->crypto.digest) {
671 crypto_digest_free(jcr->crypto.digest);
673 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
674 if (!jcr->crypto.digest) {
675 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
676 rctx.extract = false;
682 * Decode and save session keys.
684 cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
685 jcr->crypto.pki_recipients, &rctx.cs);
687 case CRYPTO_ERROR_NONE:
692 case CRYPTO_ERROR_NORECIPIENT:
693 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
695 case CRYPTO_ERROR_DECRYPTION:
696 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
702 Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
706 if (cryptoerr != CRYPTO_ERROR_NONE) {
707 rctx.extract = false;
714 case STREAM_FILE_DATA:
715 case STREAM_SPARSE_DATA:
716 case STREAM_WIN32_DATA:
717 case STREAM_GZIP_DATA:
718 case STREAM_SPARSE_GZIP_DATA:
719 case STREAM_WIN32_GZIP_DATA:
720 case STREAM_COMPRESSED_DATA:
721 case STREAM_SPARSE_COMPRESSED_DATA:
722 case STREAM_WIN32_COMPRESSED_DATA:
723 case STREAM_ENCRYPTED_FILE_DATA:
724 case STREAM_ENCRYPTED_WIN32_DATA:
725 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
726 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
727 case STREAM_ENCRYPTED_FILE_COMPRESSED_DATA:
728 case STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA:
730 * Force an expected, consistent stream type here
732 if (rctx.extract && (rctx.prev_stream == rctx.stream
733 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
734 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
735 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
738 if (rctx.stream == STREAM_SPARSE_DATA
739 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
740 || rctx.stream == STREAM_SPARSE_GZIP_DATA) {
741 rctx.flags |= FO_SPARSE;
744 if (rctx.stream == STREAM_GZIP_DATA
745 || rctx.stream == STREAM_SPARSE_GZIP_DATA
746 || rctx.stream == STREAM_WIN32_GZIP_DATA
747 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
748 || rctx.stream == STREAM_COMPRESSED_DATA
749 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
750 || rctx.stream == STREAM_WIN32_COMPRESSED_DATA
751 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
752 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
753 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
754 rctx.flags |= FO_COMPRESS;
755 rctx.comp_stream = rctx.stream;
758 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
759 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
760 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
761 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
762 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
763 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
765 * Set up a decryption context
767 if (!rctx.cipher_ctx.cipher) {
769 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
770 rctx.extract = false;
775 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
776 &rctx.cipher_ctx.block_size)) == NULL) {
777 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
779 rctx.extract = false;
784 rctx.flags |= FO_ENCRYPT;
787 if (is_win32_stream(rctx.stream) && !have_win32_api()) {
788 set_portable_backup(&rctx.bfd);
790 * "decompose" BackupWrite data
792 rctx.flags |= FO_WIN32DECOMP;
795 if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
796 rctx.flags, rctx.stream, &rctx.cipher_ctx) < 0) {
797 rctx.extract = false;
805 * Resource fork stream - only recorded after a file to be restored
806 * Silently ignore if we cannot write - we already reported that
808 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
809 case STREAM_MACOS_FORK_DATA:
810 if (have_darwin_os) {
812 jcr->ff->flags |= FO_HFSPLUS;
814 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
815 rctx.fork_flags |= FO_ENCRYPT;
818 * Set up a decryption context
820 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
822 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
823 rctx.extract = false;
828 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
829 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
831 rctx.extract = false;
839 if (rctx.prev_stream != rctx.stream) {
840 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
841 Jmsg(jcr, M_WARNING, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
842 rctx.extract = false;
846 rctx.fork_size = rsrc_len;
847 Dmsg0(130, "Restoring resource fork\n");
850 if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
851 rctx.stream, &rctx.fork_cipher_ctx) < 0) {
852 rctx.extract = false;
853 bclose(&rctx.forkbfd);
862 case STREAM_HFSPLUS_ATTRIBUTES:
863 if (have_darwin_os) {
864 if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
872 case STREAM_UNIX_ACCESS_ACL:
873 case STREAM_UNIX_DEFAULT_ACL:
874 case STREAM_ACL_AIX_TEXT:
875 case STREAM_ACL_DARWIN_ACCESS_ACL:
876 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
877 case STREAM_ACL_FREEBSD_ACCESS_ACL:
878 case STREAM_ACL_HPUX_ACL_ENTRY:
879 case STREAM_ACL_IRIX_DEFAULT_ACL:
880 case STREAM_ACL_IRIX_ACCESS_ACL:
881 case STREAM_ACL_LINUX_DEFAULT_ACL:
882 case STREAM_ACL_LINUX_ACCESS_ACL:
883 case STREAM_ACL_TRU64_DEFAULT_ACL:
884 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
885 case STREAM_ACL_TRU64_ACCESS_ACL:
886 case STREAM_ACL_SOLARIS_ACLENT:
887 case STREAM_ACL_SOLARIS_ACE:
888 case STREAM_ACL_AFS_TEXT:
889 case STREAM_ACL_AIX_AIXC:
890 case STREAM_ACL_AIX_NFS4:
891 case STREAM_ACL_FREEBSD_NFS4_ACL:
893 * Do not restore ACLs when
894 * a) The current file is not extracted
895 * b) and it is not a directory (they are never "extracted")
896 * c) or the file name is empty
898 if ((!rctx.extract &&
899 jcr->last_type != FT_DIREND) ||
900 (*jcr->last_fname == 0)) {
905 * For anything that is not a directory we delay
906 * the restore of acls till a later stage.
908 if (jcr->last_type != FT_DIREND) {
909 push_delayed_restore_stream(rctx, sd);
911 pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen);
912 jcr->acl_data->content_length = sd->msglen;
913 if (!do_restore_acl(jcr, rctx.stream)) {
922 case STREAM_XATTR_IRIX:
923 case STREAM_XATTR_TRU64:
924 case STREAM_XATTR_AIX:
925 case STREAM_XATTR_OPENBSD:
926 case STREAM_XATTR_SOLARIS_SYS:
927 case STREAM_XATTR_DARWIN:
928 case STREAM_XATTR_FREEBSD:
929 case STREAM_XATTR_LINUX:
930 case STREAM_XATTR_NETBSD:
932 * Do not restore Extended Attributes when
933 * a) The current file is not extracted
934 * b) and it is not a directory (they are never "extracted")
935 * c) or the file name is empty
937 if ((!rctx.extract &&
938 jcr->last_type != FT_DIREND) ||
939 (*jcr->last_fname == 0)) {
944 * For anything that is not a directory we delay
945 * the restore of xattr till a later stage.
947 if (jcr->last_type != FT_DIREND) {
948 push_delayed_restore_stream(rctx, sd);
950 pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
951 jcr->xattr_data->content_length = sd->msglen;
952 if (!do_restore_xattr(jcr, rctx.stream)) {
961 case STREAM_XATTR_SOLARIS:
963 * Do not restore Extended Attributes when
964 * a) The current file is not extracted
965 * b) and it is not a directory (they are never "extracted")
966 * c) or the file name is empty
968 if ((!rctx.extract &&
969 jcr->last_type != FT_DIREND) ||
970 (*jcr->last_fname == 0)) {
974 pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
975 jcr->xattr_data->content_length = sd->msglen;
976 if (!do_restore_xattr(jcr, rctx.stream)) {
984 case STREAM_SIGNED_DIGEST:
986 * Is this an unexpected signature?
989 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
990 free_signature(rctx);
996 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
997 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
1001 case STREAM_MD5_DIGEST:
1002 case STREAM_SHA1_DIGEST:
1003 case STREAM_SHA256_DIGEST:
1004 case STREAM_SHA512_DIGEST:
1007 case STREAM_PROGRAM_NAMES:
1008 case STREAM_PROGRAM_DATA:
1009 if (!non_support_progname) {
1010 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
1011 non_support_progname++;
1015 case STREAM_PLUGIN_NAME:
1016 if (!close_previous_stream(jcr, rctx)) {
1019 Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
1020 plugin_name_stream(jcr, sd->msg);
1023 case STREAM_RESTORE_OBJECT:
1024 break; /* these are sent by Director */
1027 if (!close_previous_stream(jcr, rctx)) {
1030 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
1032 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
1034 } /* end switch(stream) */
1035 } /* end while get_msg() */
1038 * If output file is still open, it was the last one in the
1039 * archive since we just hit an end of file, so close the file.
1041 if (is_bopen(&rctx.forkbfd)) {
1042 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
1045 if (!close_previous_stream(jcr, rctx)) {
1048 jcr->setJobStatus(JS_Terminated);
1052 jcr->setJobStatus(JS_ErrorTerminated);
1056 * First output the statistics.
1058 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
1059 edit_uint64(jcr->JobBytes, ec1));
1060 if (have_acl && jcr->acl_data->nr_errors > 0) {
1061 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld acl errors while doing restore\n"),
1062 jcr->acl_data->nr_errors);
1064 if (have_xattr && jcr->xattr_data->nr_errors > 0) {
1065 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld xattr errors while doing restore\n"),
1066 jcr->xattr_data->nr_errors);
1068 if (non_support_data > 1 || non_support_attr > 1) {
1069 Jmsg(jcr, M_WARNING, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
1070 non_support_data, non_support_attr);
1072 if (non_support_rsrc) {
1073 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
1075 if (non_support_finfo) {
1076 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
1078 if (non_support_acl) {
1079 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
1081 if (non_support_crypto) {
1082 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
1084 if (non_support_xattr) {
1085 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
1089 * Free Signature & Crypto Data
1091 free_signature(rctx);
1093 if (jcr->crypto.digest) {
1094 crypto_digest_free(jcr->crypto.digest);
1095 jcr->crypto.digest = NULL;
1099 * Free file cipher restore context
1101 if (rctx.cipher_ctx.cipher) {
1102 crypto_cipher_free(rctx.cipher_ctx.cipher);
1103 rctx.cipher_ctx.cipher = NULL;
1106 if (rctx.cipher_ctx.buf) {
1107 free_pool_memory(rctx.cipher_ctx.buf);
1108 rctx.cipher_ctx.buf = NULL;
1112 * Free alternate stream cipher restore context
1114 if (rctx.fork_cipher_ctx.cipher) {
1115 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1116 rctx.fork_cipher_ctx.cipher = NULL;
1118 if (rctx.fork_cipher_ctx.buf) {
1119 free_pool_memory(rctx.fork_cipher_ctx.buf);
1120 rctx.fork_cipher_ctx.buf = NULL;
1123 if (jcr->compress_buf) {
1124 free_pool_memory(jcr->compress_buf);
1125 jcr->compress_buf = NULL;
1126 jcr->compress_buf_size = 0;
1129 if (have_acl && jcr->acl_data) {
1130 free_pool_memory(jcr->acl_data->content);
1131 free(jcr->acl_data);
1132 jcr->acl_data = NULL;
1135 if (have_xattr && jcr->xattr_data) {
1136 free_pool_memory(jcr->xattr_data->content);
1137 free(jcr->xattr_data);
1138 jcr->xattr_data = NULL;
1142 * Free the delayed stream stack list.
1144 if (rctx.delayed_streams) {
1145 drop_delayed_restore_streams(rctx, false);
1146 delete rctx.delayed_streams;
1149 bclose(&rctx.forkbfd);
1151 free_attr(rctx.attr);
1156 * Convert ZLIB error code into an ASCII message
1158 static const char *zlib_strerror(int stat)
1165 return _("Zlib errno");
1166 case Z_STREAM_ERROR:
1167 return _("Zlib stream error");
1169 return _("Zlib data error");
1171 return _("Zlib memory error");
1173 return _("Zlib buffer error");
1174 case Z_VERSION_ERROR:
1175 return _("Zlib version error");
1182 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
1184 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
1185 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
1189 * Verify the signature for the last restored file
1190 * Return value is either true (signature correct)
1191 * or false (signature could not be verified).
1192 * TODO landonf: Implement without using find_one_file and
1193 * without re-reading the file.
1195 static bool verify_signature(JCR *jcr, r_ctx &rctx)
1197 X509_KEYPAIR *keypair;
1198 DIGEST *digest = NULL;
1200 uint64_t saved_bytes;
1201 crypto_digest_t signing_algorithm = have_sha2 ?
1202 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
1203 crypto_digest_t algorithm;
1204 SIGNATURE *sig = rctx.sig;
1207 if (!jcr->crypto.pki_sign) {
1214 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
1215 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
1223 * Iterate through the trusted signers
1225 foreach_alist(keypair, jcr->crypto.pki_signers) {
1226 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
1228 case CRYPTO_ERROR_NONE:
1229 Dmsg0(50, "== Got digest\n");
1231 * We computed jcr->crypto.digest using signing_algorithm while writing
1232 * the file. If it is not the same as the algorithm used for
1233 * this file, punt by releasing the computed algorithm and
1234 * computing by re-reading the file.
1236 if (algorithm != signing_algorithm) {
1237 if (jcr->crypto.digest) {
1238 crypto_digest_free(jcr->crypto.digest);
1239 jcr->crypto.digest = NULL;
1242 if (jcr->crypto.digest) {
1244 * Use digest computed while writing the file to verify the signature
1246 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
1247 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1248 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1249 jcr->last_fname, crypto_strerror(err));
1254 * Signature found, digest allocated. Old method,
1255 * re-read the file and compute the digest
1257 jcr->crypto.digest = digest;
1260 * Checksum the entire file
1261 * Make sure we don't modify JobBytes by saving and restoring it
1263 saved_bytes = jcr->JobBytes;
1264 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
1265 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
1267 jcr->JobBytes = saved_bytes;
1270 jcr->JobBytes = saved_bytes;
1273 * Verify the signature
1275 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
1276 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1277 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1278 jcr->last_fname, crypto_strerror(err));
1281 jcr->crypto.digest = NULL;
1287 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
1288 crypto_digest_free(digest);
1291 case CRYPTO_ERROR_NOSIGNER:
1293 * Signature not found, try again
1296 crypto_digest_free(digest);
1302 * Something strange happened (that shouldn't happen!)...
1304 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
1312 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
1316 crypto_digest_free(digest);
1321 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length)
1326 unser_begin(*data, OFFSET_FADDR_SIZE);
1327 unser_uint64(faddr);
1328 if (*addr != faddr) {
1330 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
1332 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
1333 edit_uint64(*addr, ec1), jcr->last_fname,
1334 be.bstrerror(bfd->berrno));
1338 *data += OFFSET_FADDR_SIZE;
1339 *length -= OFFSET_FADDR_SIZE;
1343 bool decompress_data(JCR *jcr, int32_t stream, char **data, uint32_t *length)
1345 #if defined(HAVE_LZO) || defined(HAVE_LIBZ)
1346 char ec1[50]; /* Buffer printing huge values */
1349 Dmsg1(200, "Stream found in decompress_data(): %d\n", stream);
1350 if(stream == STREAM_COMPRESSED_DATA || stream == STREAM_SPARSE_COMPRESSED_DATA || stream == STREAM_WIN32_COMPRESSED_DATA
1351 || stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA || stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA)
1353 uint32_t comp_magic, comp_len;
1354 uint16_t comp_level, comp_version;
1356 lzo_uint compress_len;
1357 const unsigned char *cbuf;
1358 int r, real_compress_len;
1361 /* read compress header */
1363 unser_begin(*data, sizeof(comp_stream_header));
1364 unser_uint32(comp_magic);
1365 unser_uint32(comp_len);
1366 unser_uint16(comp_level);
1367 unser_uint16(comp_version);
1368 Dmsg4(200, "Compressed data stream found: magic=0x%x, len=%d, level=%d, ver=0x%x\n", comp_magic, comp_len,
1369 comp_level, comp_version);
1372 if (comp_version != COMP_HEAD_VERSION) {
1373 Qmsg(jcr, M_ERROR, 0, _("Compressed header version error. version=0x%x\n"), comp_version);
1377 if (comp_len + sizeof(comp_stream_header) != *length) {
1378 Qmsg(jcr, M_ERROR, 0, _("Compressed header size error. comp_len=%d, msglen=%d\n"),
1382 switch(comp_magic) {
1384 case COMPRESS_LZO1X:
1385 compress_len = jcr->compress_buf_size;
1386 cbuf = (const unsigned char*)*data + sizeof(comp_stream_header);
1387 real_compress_len = *length - sizeof(comp_stream_header);
1388 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1389 while ((r=lzo1x_decompress_safe(cbuf, real_compress_len,
1390 (unsigned char *)jcr->compress_buf, &compress_len, NULL)) == LZO_E_OUTPUT_OVERRUN)
1393 * The buffer size is too small, try with a bigger one
1395 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1396 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1397 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1400 if (r != LZO_E_OK) {
1401 Qmsg(jcr, M_ERROR, 0, _("LZO uncompression error on file %s. ERR=%d\n"),
1402 jcr->last_fname, r);
1405 *data = jcr->compress_buf;
1406 *length = compress_len;
1407 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1411 Qmsg(jcr, M_ERROR, 0, _("Compression algorithm 0x%x found, but not supported!\n"), comp_magic);
1420 * NOTE! We only use uLong and Byte because they are
1421 * needed by the zlib routines, they should not otherwise
1422 * be used in Bacula.
1424 compress_len = jcr->compress_buf_size;
1425 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1426 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1427 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1430 * The buffer size is too small, try with a bigger one
1432 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1433 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1434 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1438 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1439 jcr->last_fname, zlib_strerror(stat));
1442 *data = jcr->compress_buf;
1443 *length = compress_len;
1444 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1447 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1453 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1456 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1457 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1458 unser_uint32(ctx->packet_len);
1459 ctx->packet_len += CRYPTO_LEN_SIZE;
1463 bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp)
1465 if (jcr->crypto.digest) {
1466 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1469 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1471 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1472 jcr->last_fname, be.bstrerror(bfd->berrno));
1475 } else if (bwrite(bfd, data, length) != (ssize_t)length) {
1477 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
1478 jcr->last_fname, be.bstrerror(bfd->berrno));
1486 * In the context of jcr, write data to bfd.
1487 * We write buflen bytes in buf at addr. addr is updated in place.
1488 * The flags specify whether to use sparse files or compression.
1489 * Return value is the number of bytes written, or -1 on errors.
1491 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
1492 uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx)
1494 char *wbuf; /* write buffer */
1495 uint32_t wsize; /* write size */
1496 uint32_t rsize; /* read size */
1497 uint32_t decrypted_len = 0; /* Decryption output length */
1498 char ec1[50]; /* Buffer printing huge values */
1501 jcr->ReadBytes += rsize;
1505 if (flags & FO_ENCRYPT) {
1506 ASSERT(cipher_ctx->cipher);
1509 * NOTE: We must implement block preserving semantics for the
1510 * non-streaming compression and sparse code.
1512 * Grow the crypto buffer, if necessary.
1513 * crypto_cipher_update() will process only whole blocks,
1514 * buffering the remaining input.
1516 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1517 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1520 * Decrypt the input block
1522 if (!crypto_cipher_update(cipher_ctx->cipher,
1523 (const u_int8_t *)wbuf,
1525 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1528 * Decryption failed. Shouldn't happen.
1530 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1534 if (decrypted_len == 0) {
1536 * No full block of encrypted data available, write more data
1541 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1543 cipher_ctx->buf_len += decrypted_len;
1544 wbuf = cipher_ctx->buf;
1547 * If one full preserved block is available, write it to disk,
1548 * and then buffer any remaining data. This should be effecient
1549 * as long as Bacula's block size is not significantly smaller than the
1550 * encryption block size (extremely unlikely!)
1552 unser_crypto_packet_len(cipher_ctx);
1553 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1555 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1557 * No full preserved block is available.
1563 * We have one full block, set up the filter input buffers
1565 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1566 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1567 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1568 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1571 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1572 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1577 if (flags & FO_COMPRESS) {
1578 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1583 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1586 jcr->JobBytes += wsize;
1588 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1591 * Clean up crypto buffers
1593 if (flags & FO_ENCRYPT) {
1594 /* Move any remaining data to start of buffer */
1595 if (cipher_ctx->buf_len > 0) {
1596 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1597 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1598 cipher_ctx->buf_len);
1601 * The packet was successfully written, reset the length so that the next
1602 * packet length may be re-read by unser_crypto_packet_len()
1604 cipher_ctx->packet_len = 0;
1613 * If extracting, close any previous stream
1615 static bool close_previous_stream(JCR *jcr, r_ctx &rctx)
1618 * If extracting, it was from previous stream, so
1619 * close the output file and validate the signature.
1622 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1623 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1624 Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1625 is_bopen(&rctx.bfd));
1628 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1629 deallocate_cipher(rctx);
1630 deallocate_fork_cipher(rctx);
1633 if (rctx.jcr->plugin) {
1634 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1636 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1638 rctx.extract = false;
1641 * Now perform the delayed restore of some specific data streams.
1643 if (!pop_delayed_data_streams(jcr, rctx)) {
1648 * Verify the cryptographic signature, if any
1650 rctx.type = rctx.attr->type;
1651 verify_signature(rctx.jcr, rctx);
1656 free_signature(rctx);
1658 rctx.jcr->ff->flags = 0;
1659 Dmsg0(130, "Stop extracting.\n");
1660 } else if (is_bopen(&rctx.bfd)) {
1661 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1662 Dmsg0(000, "=== logic error !open\n");
1670 * In the context of jcr, flush any remaining data from the cipher context,
1671 * writing it to bfd.
1672 * Return value is true on success, false on failure.
1674 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
1675 RESTORE_CIPHER_CTX *cipher_ctx)
1677 uint32_t decrypted_len = 0;
1678 char *wbuf; /* write buffer */
1679 uint32_t wsize; /* write size */
1680 char ec1[50]; /* Buffer printing huge values */
1681 bool second_pass = false;
1685 * Write out the remaining block and free the cipher context
1687 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
1688 cipher_ctx->block_size);
1690 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1693 * Writing out the final, buffered block failed. Shouldn't happen.
1695 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1696 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1699 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1701 * If nothing new was decrypted, and our output buffer is empty, return
1703 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1707 cipher_ctx->buf_len += decrypted_len;
1709 unser_crypto_packet_len(cipher_ctx);
1710 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1711 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1713 * Decrypted, possibly decompressed output here.
1715 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
1716 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1717 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1719 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1720 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1725 if (flags & FO_COMPRESS) {
1726 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1731 Dmsg0(130, "Call store_data\n");
1732 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1735 jcr->JobBytes += wsize;
1736 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1739 * Move any remaining data to start of buffer
1741 if (cipher_ctx->buf_len > 0) {
1742 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1743 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1744 cipher_ctx->buf_len);
1747 * The packet was successfully written, reset the length so that the next
1748 * packet length may be re-read by unser_crypto_packet_len()
1750 cipher_ctx->packet_len = 0;
1752 if (cipher_ctx->buf_len >0 && !second_pass) {
1760 cipher_ctx->buf_len = 0;
1761 cipher_ctx->packet_len = 0;
1766 static void deallocate_cipher(r_ctx &rctx)
1769 * Flush and deallocate previous stream's cipher context
1771 if (rctx.cipher_ctx.cipher) {
1772 flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, rctx.comp_stream, &rctx.cipher_ctx);
1773 crypto_cipher_free(rctx.cipher_ctx.cipher);
1774 rctx.cipher_ctx.cipher = NULL;
1778 static void deallocate_fork_cipher(r_ctx &rctx)
1782 * Flush and deallocate previous stream's fork cipher context
1784 if (rctx.fork_cipher_ctx.cipher) {
1785 flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, rctx.comp_stream, &rctx.fork_cipher_ctx);
1786 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1787 rctx.fork_cipher_ctx.cipher = NULL;
1791 static void free_signature(r_ctx &rctx)
1794 crypto_sign_free(rctx.sig);
1799 static void free_session(r_ctx &rctx)
1802 crypto_session_free(rctx.cs);
1809 * This code if implemented goes above
1811 #ifdef stbernard_implemented
1812 / #if defined(HAVE_WIN32)
1813 bool bResumeOfmOnExit = FALSE;
1814 if (isOpenFileManagerRunning()) {
1815 if ( pauseOpenFileManager() ) {
1816 Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") );
1817 bResumeOfmOnExit = TRUE;
1820 Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") );
1824 char username[UNLEN+1];
1825 DWORD usize = sizeof(username);
1826 int privs = enable_backup_privileges(NULL, 1);
1827 if (GetUserName(username, &usize)) {
1828 Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username,
1830 Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n"));