2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon restore.c Restorefiles.
31 * Kern Sibbald, November MM
41 const bool have_darwin_os = true;
43 const bool have_darwin_os = false;
46 #if defined(HAVE_CRYPTO)
47 const bool have_crypto = true;
49 const bool have_crypto = false;
53 const bool have_acl = true;
55 const bool have_acl = false;
59 const bool have_sha2 = true;
61 const bool have_sha2 = false;
64 #if defined(HAVE_XATTR)
65 const bool have_xattr = true;
67 const bool have_xattr = false;
70 /* Data received from Storage Daemon */
71 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
73 /* Forward referenced functions */
74 #if defined(HAVE_LIBZ)
75 static const char *zlib_strerror(int stat);
76 const bool have_libz = true;
78 const bool have_libz = false;
81 static void deallocate_cipher(r_ctx &rctx);
82 static void deallocate_fork_cipher(r_ctx &rctx);
83 static void free_signature(r_ctx &rctx);
84 static void free_session(r_ctx &rctx);
85 static void close_previous_stream(r_ctx &rctx);
87 static bool verify_signature(JCR *jcr, r_ctx &rctx);
88 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
89 uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx);
90 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
91 RESTORE_CIPHER_CTX *cipher_ctx);
94 * Close a bfd check that we are at the expected file offset.
95 * Makes use of some code from set_attributes().
97 static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
99 char ec1[50], ec2[50];
102 fsize = blseek(bfd, 0, SEEK_CUR);
103 bclose(bfd); /* first close file */
104 if (fsize > 0 && fsize != osize) {
105 Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
106 jcr->last_fname, edit_uint64(osize, ec1),
107 edit_uint64(fsize, ec2));
113 #ifdef HAVE_DARWIN_OS
114 bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
116 struct attrlist attrList;
118 memset(&attrList, 0, sizeof(attrList));
119 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
120 attrList.commonattr = ATTR_CMN_FNDRINFO;
122 Dmsg0(130, "Restoring Finder Info\n");
123 jcr->ff->flags |= FO_HFSPLUS;
125 Jmsg(jcr, M_ERROR, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen);
129 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
130 Jmsg(jcr, M_ERROR, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
137 bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
144 * Restore the requested files.
147 void do_restore(JCR *jcr)
150 uint32_t VolSessionId, VolSessionTime;
152 char ec1[50]; /* Buffer printing huge values */
153 uint32_t buf_size; /* client buffer size */
155 intmax_t rsrc_len = 0; /* Original length of resource fork */
158 /* ***FIXME*** make configurable */
159 crypto_digest_t signing_algorithm = have_sha2 ?
160 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
161 memset(&rctx, 0, sizeof(rctx));
164 /* The following variables keep track of "known unknowns" */
165 int non_support_data = 0;
166 int non_support_attr = 0;
167 int non_support_rsrc = 0;
168 int non_support_finfo = 0;
169 int non_support_acl = 0;
170 int non_support_progname = 0;
171 int non_support_crypto = 0;
172 int non_support_xattr = 0;
174 sd = jcr->store_bsock;
175 set_jcr_job_status(jcr, JS_Running);
178 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
181 buf_size = client->max_network_buffer_size;
183 buf_size = 0; /* use default */
185 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
186 set_jcr_job_status(jcr, JS_ErrorTerminated);
189 jcr->buf_size = sd->msglen;
191 /* St Bernard code goes here if implemented -- see end of file */
194 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
195 jcr->compress_buf = get_memory(compress_buf_size);
196 jcr->compress_buf_size = compress_buf_size;
200 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
201 if (have_darwin_os) {
202 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
207 * Get a record from the Storage daemon. We are guaranteed to
208 * receive records in the following order:
209 * 1. Stream record header
210 * 2. Stream data (one or more of the following in the order given)
211 * a. Attributes (Unix or Win32)
212 * b. Possibly stream encryption session data (e.g., symmetric session key)
213 * c. File data for the file
214 * d. Alternate data stream (e.g. Resource Fork)
218 * h. Possibly a cryptographic signature
219 * i. Possibly MD5 or SHA1 record
222 * NOTE: We keep track of two bacula file descriptors:
223 * 1. bfd for file data.
224 * This fd is opened for non empty files when an attribute stream is
225 * encountered and closed when we find the next attribute stream.
226 * 2. fork_bfd for alternate data streams
227 * This fd is opened every time we encounter a new alternate data
228 * stream for the current file. When we find any other stream, we
230 * The expected size of the stream, fork_len, should be set when
232 * 3. Not all the stream data records are required -- e.g. if there
233 * is no fork, there is no alternate data stream, no ACL, ...
236 binit(&rctx.forkbfd);
237 attr = rctx.attr = new_attr(jcr);
239 jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
240 memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t));
241 jcr->acl_data->content = get_pool_memory(PM_MESSAGE);
244 jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
245 memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t));
246 jcr->xattr_data->content = get_pool_memory(PM_MESSAGE);
249 while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
250 /* Remember previous stream type */
251 rctx.prev_stream = rctx.stream;
253 /* First we expect a Stream Record Header */
254 if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
255 &rctx.stream, &rctx.size) != 5) {
256 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
259 Dmsg5(50, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
260 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
262 /* * Now we expect the Stream Data */
263 if (bget_msg(sd) < 0) {
264 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
267 if (rctx.size != (uint32_t)sd->msglen) {
268 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
269 sd->msglen, rctx.size);
270 Dmsg2(50, "Actual data size %d not same as header %d\n",
271 sd->msglen, rctx.size);
274 Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
275 sd->msglen, rctx.extract);
277 /* If we change streams, close and reset alternate data streams */
278 if (rctx.prev_stream != rctx.stream) {
279 if (is_bopen(&rctx.forkbfd)) {
280 deallocate_fork_cipher(rctx);
281 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
283 rctx.fork_size = -1; /* Use an impossible value and set a proper one below */
287 /* File Attributes stream */
288 switch (rctx.stream) {
289 case STREAM_UNIX_ATTRIBUTES:
290 case STREAM_UNIX_ATTRIBUTES_EX:
291 close_previous_stream(rctx); /* if any previous stream open, close it */
294 /* TODO: manage deleted files */
295 if (rctx.type == FT_DELETED) { /* deleted file */
300 * Unpack attributes and do sanity check them
302 if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, attr)) {
306 if (file_index != attr->file_index) {
307 Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"),
308 file_index, attr->file_index);
309 Dmsg0(200, "File index error\n");
314 Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
315 attr->attr, attr->attrEx);
317 attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
319 if (!is_restore_stream_supported(attr->data_stream)) {
320 if (!non_support_data++) {
321 Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"),
322 stream_to_ascii(attr->data_stream));
327 build_attr_output_fnames(jcr, attr);
330 * Try to actually create the file, which returns a status telling
331 * us if we need to extract or not.
333 jcr->num_files_examined++;
334 rctx.extract = false;
336 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
338 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
341 pm_strcpy(jcr->last_fname, attr->ofname);
342 jcr->last_type = attr->type;
344 Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
348 pm_strcpy(jcr->last_fname, attr->ofname);
349 jcr->last_type = attr->type;
351 case CF_EXTRACT: /* File created and we expect file data */
354 case CF_CREATED: /* File created, but there is no content */
356 print_ls_output(jcr, attr);
358 if (have_darwin_os) {
359 /* Only restore the resource fork for regular files */
360 from_base64(&rsrc_len, attr->attrEx);
361 if (attr->type == FT_REG && rsrc_len > 0) {
366 * Count the resource forks not as regular files being restored.
376 /* set attributes now because file will not be extracted */
378 plugin_set_attributes(jcr, attr, &rctx.bfd);
380 set_attributes(jcr, attr, &rctx.bfd);
388 case STREAM_ENCRYPTED_SESSION_DATA:
389 crypto_error_t cryptoerr;
391 /* Is this an unexpected session data entry? */
393 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
394 rctx.extract = false;
399 /* Do we have any keys at all? */
400 if (!jcr->crypto.pki_recipients) {
401 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
402 rctx.extract = false;
407 if (jcr->crypto.digest) {
408 crypto_digest_free(jcr->crypto.digest);
410 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
411 if (!jcr->crypto.digest) {
412 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
413 rctx.extract = false;
418 /* Decode and save session keys. */
419 cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
420 jcr->crypto.pki_recipients, &rctx.cs);
422 case CRYPTO_ERROR_NONE:
425 case CRYPTO_ERROR_NORECIPIENT:
426 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
428 case CRYPTO_ERROR_DECRYPTION:
429 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
432 /* Shouldn't happen */
433 Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
437 if (cryptoerr != CRYPTO_ERROR_NONE) {
438 rctx.extract = false;
445 case STREAM_FILE_DATA:
446 case STREAM_SPARSE_DATA:
447 case STREAM_WIN32_DATA:
448 case STREAM_GZIP_DATA:
449 case STREAM_SPARSE_GZIP_DATA:
450 case STREAM_WIN32_GZIP_DATA:
451 case STREAM_ENCRYPTED_FILE_DATA:
452 case STREAM_ENCRYPTED_WIN32_DATA:
453 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
454 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
455 /* Force an expected, consistent stream type here */
456 if (rctx.extract && (rctx.prev_stream == rctx.stream
457 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
458 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
459 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
462 if (rctx.stream == STREAM_SPARSE_DATA ||
463 rctx.stream == STREAM_SPARSE_GZIP_DATA) {
464 rctx.flags |= FO_SPARSE;
467 if (rctx.stream == STREAM_GZIP_DATA
468 || rctx.stream == STREAM_SPARSE_GZIP_DATA
469 || rctx.stream == STREAM_WIN32_GZIP_DATA
470 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
471 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
472 rctx.flags |= FO_GZIP;
475 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
476 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
477 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
478 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
479 /* Set up a decryption context */
480 if (!rctx.cipher_ctx.cipher) {
482 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
483 rctx.extract = false;
488 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
489 &rctx.cipher_ctx.block_size)) == NULL) {
490 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
492 rctx.extract = false;
497 rctx.flags |= FO_ENCRYPT;
500 if (is_win32_stream(rctx.stream) && !have_win32_api()) {
501 set_portable_backup(&rctx.bfd);
502 rctx.flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */
505 if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
506 rctx.flags, &rctx.cipher_ctx) < 0) {
507 rctx.extract = false;
515 * Resource fork stream - only recorded after a file to be restored
516 * Silently ignore if we cannot write - we already reported that
518 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
519 case STREAM_MACOS_FORK_DATA:
520 if (have_darwin_os) {
522 jcr->ff->flags |= FO_HFSPLUS;
524 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
525 rctx.fork_flags |= FO_ENCRYPT;
527 /* Set up a decryption context */
528 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
530 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
531 rctx.extract = false;
536 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
537 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
539 rctx.extract = false;
547 if (rctx.prev_stream != rctx.stream) {
548 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
549 Jmsg(jcr, M_ERROR, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
550 rctx.extract = false;
554 rctx.fork_size = rsrc_len;
555 Dmsg0(130, "Restoring resource fork\n");
558 if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
559 &rctx.fork_cipher_ctx) < 0) {
560 rctx.extract = false;
561 bclose(&rctx.forkbfd);
570 case STREAM_HFSPLUS_ATTRIBUTES:
571 if (have_darwin_os) {
572 if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
580 case STREAM_UNIX_ACCESS_ACL:
581 case STREAM_UNIX_DEFAULT_ACL:
582 case STREAM_ACL_AIX_TEXT:
583 case STREAM_ACL_DARWIN_ACCESS_ACL:
584 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
585 case STREAM_ACL_FREEBSD_ACCESS_ACL:
586 case STREAM_ACL_HPUX_ACL_ENTRY:
587 case STREAM_ACL_IRIX_DEFAULT_ACL:
588 case STREAM_ACL_IRIX_ACCESS_ACL:
589 case STREAM_ACL_LINUX_DEFAULT_ACL:
590 case STREAM_ACL_LINUX_ACCESS_ACL:
591 case STREAM_ACL_TRU64_DEFAULT_ACL:
592 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
593 case STREAM_ACL_TRU64_ACCESS_ACL:
594 case STREAM_ACL_SOLARIS_ACLENT:
595 case STREAM_ACL_SOLARIS_ACE:
597 * Do not restore ACLs when
598 * a) The current file is not extracted
599 * b) and it is not a directory (they are never "extracted")
600 * c) or the file name is empty
602 if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
606 pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen);
607 jcr->acl_data->content_length = sd->msglen;
608 switch (parse_acl_streams(jcr, rctx.stream)) {
609 case bacl_exit_fatal:
611 case bacl_exit_error:
613 * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
614 * print the error message set by the lower level routine in jcr->errmsg.
616 if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
617 Qmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
619 jcr->acl_data->nr_errors++;
629 case STREAM_XATTR_SOLARIS_SYS:
630 case STREAM_XATTR_SOLARIS:
631 case STREAM_XATTR_DARWIN:
632 case STREAM_XATTR_FREEBSD:
633 case STREAM_XATTR_LINUX:
634 case STREAM_XATTR_NETBSD:
636 * Do not restore Extended Attributes when
637 * a) The current file is not extracted
638 * b) and it is not a directory (they are never "extracted")
639 * c) or the file name is empty
641 if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
645 pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
646 jcr->xattr_data->content_length = sd->msglen;
647 switch (parse_xattr_streams(jcr, rctx.stream)) {
648 case bxattr_exit_fatal:
650 case bxattr_exit_error:
652 * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
653 * print the error message set by the lower level routine in jcr->errmsg.
655 if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
656 Qmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
658 jcr->xattr_data->nr_errors++;
668 case STREAM_SIGNED_DIGEST:
669 /* Is this an unexpected signature? */
671 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
672 free_signature(rctx);
675 /* Save signature. */
676 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
677 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
681 case STREAM_MD5_DIGEST:
682 case STREAM_SHA1_DIGEST:
683 case STREAM_SHA256_DIGEST:
684 case STREAM_SHA512_DIGEST:
687 case STREAM_PROGRAM_NAMES:
688 case STREAM_PROGRAM_DATA:
689 if (!non_support_progname) {
690 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
691 non_support_progname++;
695 case STREAM_PLUGIN_NAME:
696 close_previous_stream(rctx);
697 Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
698 plugin_name_stream(jcr, sd->msg);
702 close_previous_stream(rctx);
703 Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
705 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
707 } /* end switch(stream) */
709 } /* end while get_msg() */
712 * If output file is still open, it was the last one in the
713 * archive since we just hit an end of file, so close the file.
715 if (is_bopen(&rctx.forkbfd)) {
716 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
719 close_previous_stream(rctx);
720 set_jcr_job_status(jcr, JS_Terminated);
724 set_jcr_job_status(jcr, JS_ErrorTerminated);
728 * First output the statistics.
730 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
731 edit_uint64(jcr->JobBytes, ec1));
732 if (have_acl && jcr->acl_data->nr_errors > 0) {
733 Jmsg(jcr, M_ERROR, 0, _("Encountered %ld acl errors while doing restore\n"),
734 jcr->acl_data->nr_errors);
736 if (have_xattr && jcr->xattr_data->nr_errors > 0) {
737 Jmsg(jcr, M_ERROR, 0, _("Encountered %ld xattr errors while doing restore\n"),
738 jcr->xattr_data->nr_errors);
740 if (non_support_data > 1 || non_support_attr > 1) {
741 Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
742 non_support_data, non_support_attr);
744 if (non_support_rsrc) {
745 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
747 if (non_support_finfo) {
748 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
750 if (non_support_acl) {
751 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
753 if (non_support_crypto) {
754 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
756 if (non_support_xattr) {
757 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
761 * Free Signature & Crypto Data
763 free_signature(rctx);
765 if (jcr->crypto.digest) {
766 crypto_digest_free(jcr->crypto.digest);
767 jcr->crypto.digest = NULL;
771 * Free file cipher restore context
773 if (rctx.cipher_ctx.cipher) {
774 crypto_cipher_free(rctx.cipher_ctx.cipher);
775 rctx.cipher_ctx.cipher = NULL;
778 if (rctx.cipher_ctx.buf) {
779 free_pool_memory(rctx.cipher_ctx.buf);
780 rctx.cipher_ctx.buf = NULL;
784 * Free alternate stream cipher restore context
786 if (rctx.fork_cipher_ctx.cipher) {
787 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
788 rctx.fork_cipher_ctx.cipher = NULL;
790 if (rctx.fork_cipher_ctx.buf) {
791 free_pool_memory(rctx.fork_cipher_ctx.buf);
792 rctx.fork_cipher_ctx.buf = NULL;
795 if (jcr->compress_buf) {
796 free_pool_memory(jcr->compress_buf);
797 jcr->compress_buf = NULL;
798 jcr->compress_buf_size = 0;
801 if (have_acl && jcr->acl_data) {
802 free_pool_memory(jcr->acl_data->content);
804 jcr->acl_data = NULL;
807 if (have_xattr && jcr->xattr_data) {
808 free_pool_memory(jcr->xattr_data->content);
809 free(jcr->xattr_data);
810 jcr->xattr_data = NULL;
813 bclose(&rctx.forkbfd);
815 free_attr(rctx.attr);
820 * Convert ZLIB error code into an ASCII message
822 static const char *zlib_strerror(int stat)
829 return _("Zlib errno");
831 return _("Zlib stream error");
833 return _("Zlib data error");
835 return _("Zlib memory error");
837 return _("Zlib buffer error");
838 case Z_VERSION_ERROR:
839 return _("Zlib version error");
846 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
848 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
849 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
853 * Verify the signature for the last restored file
854 * Return value is either true (signature correct)
855 * or false (signature could not be verified).
856 * TODO landonf: Implement without using find_one_file and
857 * without re-reading the file.
859 static bool verify_signature(JCR *jcr, r_ctx &rctx)
861 X509_KEYPAIR *keypair;
862 DIGEST *digest = NULL;
864 uint64_t saved_bytes;
865 crypto_digest_t signing_algorithm = have_sha2 ?
866 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
867 crypto_digest_t algorithm;
868 SIGNATURE *sig = rctx.sig;
871 if (!jcr->crypto.pki_sign) {
872 return true; /* no signature OK */
875 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
876 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
883 /* Iterate through the trusted signers */
884 foreach_alist(keypair, jcr->crypto.pki_signers) {
885 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
887 case CRYPTO_ERROR_NONE:
888 Dmsg0(50, "== Got digest\n");
890 * We computed jcr->crypto.digest using signing_algorithm while writing
891 * the file. If it is not the same as the algorithm used for
892 * this file, punt by releasing the computed algorithm and
893 * computing by re-reading the file.
895 if (algorithm != signing_algorithm) {
896 if (jcr->crypto.digest) {
897 crypto_digest_free(jcr->crypto.digest);
898 jcr->crypto.digest = NULL;
901 if (jcr->crypto.digest) {
902 /* Use digest computed while writing the file to verify the signature */
903 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
904 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
905 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
906 jcr->last_fname, crypto_strerror(err));
910 /* Signature found, digest allocated. Old method,
911 * re-read the file and compute the digest
913 jcr->crypto.digest = digest;
915 /* Checksum the entire file */
916 /* Make sure we don't modify JobBytes by saving and restoring it */
917 saved_bytes = jcr->JobBytes;
918 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
919 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
921 jcr->JobBytes = saved_bytes;
924 jcr->JobBytes = saved_bytes;
926 /* Verify the signature */
927 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
928 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
929 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
930 jcr->last_fname, crypto_strerror(err));
933 jcr->crypto.digest = NULL;
936 /* Valid signature */
937 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
938 crypto_digest_free(digest);
941 case CRYPTO_ERROR_NOSIGNER:
942 /* Signature not found, try again */
944 crypto_digest_free(digest);
949 /* Something strange happened (that shouldn't happen!)... */
950 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
956 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
960 crypto_digest_free(digest);
965 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length)
970 unser_begin(*data, SPARSE_FADDR_SIZE);
972 if (*addr != faddr) {
974 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
976 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
977 edit_uint64(*addr, ec1), jcr->last_fname,
978 be.bstrerror(bfd->berrno));
982 *data += SPARSE_FADDR_SIZE;
983 *length -= SPARSE_FADDR_SIZE;
987 bool decompress_data(JCR *jcr, char **data, uint32_t *length)
992 char ec1[50]; /* Buffer printing huge values */
995 * NOTE! We only use uLong and Byte because they are
996 * needed by the zlib routines, they should not otherwise
999 compress_len = jcr->compress_buf_size;
1000 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1001 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1002 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1004 /* The buffer size is too small, try with a bigger one */
1005 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + jcr->compress_buf_size >> 1;
1006 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1007 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1011 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1012 jcr->last_fname, zlib_strerror(stat));
1015 *data = jcr->compress_buf;
1016 *length = compress_len;
1017 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1020 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1025 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1028 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1029 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1030 unser_uint32(ctx->packet_len);
1031 ctx->packet_len += CRYPTO_LEN_SIZE;
1035 bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp)
1037 if (jcr->crypto.digest) {
1038 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1041 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1043 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1044 jcr->last_fname, be.bstrerror(bfd->berrno));
1047 } else if (bwrite(bfd, data, length) != (ssize_t)length) {
1049 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
1050 jcr->last_fname, be.bstrerror(bfd->berrno));
1058 * In the context of jcr, write data to bfd.
1059 * We write buflen bytes in buf at addr. addr is updated in place.
1060 * The flags specify whether to use sparse files or compression.
1061 * Return value is the number of bytes written, or -1 on errors.
1063 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
1064 uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx)
1066 char *wbuf; /* write buffer */
1067 uint32_t wsize; /* write size */
1068 uint32_t rsize; /* read size */
1069 uint32_t decrypted_len = 0; /* Decryption output length */
1070 char ec1[50]; /* Buffer printing huge values */
1073 jcr->ReadBytes += rsize;
1077 if (flags & FO_ENCRYPT) {
1078 ASSERT(cipher_ctx->cipher);
1080 /* NOTE: We must implement block preserving semantics for the
1081 * non-streaming compression and sparse code. */
1084 * Grow the crypto buffer, if necessary.
1085 * crypto_cipher_update() will process only whole blocks,
1086 * buffering the remaining input.
1088 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1089 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1091 /* Decrypt the input block */
1092 if (!crypto_cipher_update(cipher_ctx->cipher,
1093 (const u_int8_t *)wbuf,
1095 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1097 /* Decryption failed. Shouldn't happen. */
1098 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1102 if (decrypted_len == 0) {
1103 /* No full block of encrypted data available, write more data */
1107 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1109 cipher_ctx->buf_len += decrypted_len;
1110 wbuf = cipher_ctx->buf;
1112 /* If one full preserved block is available, write it to disk,
1113 * and then buffer any remaining data. This should be effecient
1114 * as long as Bacula's block size is not significantly smaller than the
1115 * encryption block size (extremely unlikely!) */
1116 unser_crypto_packet_len(cipher_ctx);
1117 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1119 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1120 /* No full preserved block is available. */
1124 /* We have one full block, set up the filter input buffers */
1125 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1126 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1127 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1128 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1131 if (flags & FO_SPARSE) {
1132 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1137 if (flags & FO_GZIP) {
1138 if (!decompress_data(jcr, &wbuf, &wsize)) {
1143 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1146 jcr->JobBytes += wsize;
1148 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1150 /* Clean up crypto buffers */
1151 if (flags & FO_ENCRYPT) {
1152 /* Move any remaining data to start of buffer */
1153 if (cipher_ctx->buf_len > 0) {
1154 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1155 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1156 cipher_ctx->buf_len);
1158 /* The packet was successfully written, reset the length so that the next
1159 * packet length may be re-read by unser_crypto_packet_len() */
1160 cipher_ctx->packet_len = 0;
1170 * If extracting, close any previous stream
1172 static void close_previous_stream(r_ctx &rctx)
1175 * If extracting, it was from previous stream, so
1176 * close the output file and validate the signature.
1179 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1180 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1181 Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1182 is_bopen(&rctx.bfd));
1185 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1186 deallocate_cipher(rctx);
1187 deallocate_fork_cipher(rctx);
1190 if (rctx.jcr->plugin) {
1191 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1193 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1195 rctx.extract = false;
1197 /* Verify the cryptographic signature, if any */
1198 rctx.type = rctx.attr->type;
1199 verify_signature(rctx.jcr, rctx);
1201 /* Free Signature */
1202 free_signature(rctx);
1204 rctx.jcr->ff->flags = 0;
1205 Dmsg0(130, "Stop extracting.\n");
1206 } else if (is_bopen(&rctx.bfd)) {
1207 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1208 Dmsg0(000, "=== logic error !open\n");
1215 * In the context of jcr, flush any remaining data from the cipher context,
1216 * writing it to bfd.
1217 * Return value is true on success, false on failure.
1219 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
1220 RESTORE_CIPHER_CTX *cipher_ctx)
1222 uint32_t decrypted_len = 0;
1223 char *wbuf; /* write buffer */
1224 uint32_t wsize; /* write size */
1225 char ec1[50]; /* Buffer printing huge values */
1226 bool second_pass = false;
1229 /* Write out the remaining block and free the cipher context */
1230 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
1231 cipher_ctx->block_size);
1233 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1235 /* Writing out the final, buffered block failed. Shouldn't happen. */
1236 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1237 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1240 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1241 /* If nothing new was decrypted, and our output buffer is empty, return */
1242 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1246 cipher_ctx->buf_len += decrypted_len;
1248 unser_crypto_packet_len(cipher_ctx);
1249 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1250 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1251 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; /* Decrypted, possibly decompressed output here. */
1252 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1253 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1255 if (flags & FO_SPARSE) {
1256 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1261 if (flags & FO_GZIP) {
1262 if (!decompress_data(jcr, &wbuf, &wsize)) {
1267 Dmsg0(130, "Call store_data\n");
1268 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1271 jcr->JobBytes += wsize;
1272 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1274 /* Move any remaining data to start of buffer */
1275 if (cipher_ctx->buf_len > 0) {
1276 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1277 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1278 cipher_ctx->buf_len);
1280 /* The packet was successfully written, reset the length so that the next
1281 * packet length may be re-read by unser_crypto_packet_len() */
1282 cipher_ctx->packet_len = 0;
1284 if (cipher_ctx->buf_len >0 && !second_pass) {
1289 /* Stop decryption */
1290 cipher_ctx->buf_len = 0;
1291 cipher_ctx->packet_len = 0;
1296 static void deallocate_cipher(r_ctx &rctx)
1298 /* Flush and deallocate previous stream's cipher context */
1299 if (rctx.cipher_ctx.cipher) {
1300 flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx);
1301 crypto_cipher_free(rctx.cipher_ctx.cipher);
1302 rctx.cipher_ctx.cipher = NULL;
1306 static void deallocate_fork_cipher(r_ctx &rctx)
1309 /* Flush and deallocate previous stream's fork cipher context */
1310 if (rctx.fork_cipher_ctx.cipher) {
1311 flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx);
1312 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1313 rctx.fork_cipher_ctx.cipher = NULL;
1317 static void free_signature(r_ctx &rctx)
1320 crypto_sign_free(rctx.sig);
1325 static void free_session(r_ctx &rctx)
1328 crypto_session_free(rctx.cs);
1334 /* This code if implemented goes above */
1335 #ifdef stbernard_implemented
1336 / #if defined(HAVE_WIN32)
1337 bool bResumeOfmOnExit = FALSE;
1338 if (isOpenFileManagerRunning()) {
1339 if ( pauseOpenFileManager() ) {
1340 Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") );
1341 bResumeOfmOnExit = TRUE;
1344 Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") );
1348 char username[UNLEN+1];
1349 DWORD usize = sizeof(username);
1350 int privs = enable_backup_privileges(NULL, 1);
1351 if (GetUserName(username, &usize)) {
1352 Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username,
1354 Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n"));