2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2012 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon restore.c Restorefiles.
31 * Kern Sibbald, November MM
42 const bool have_darwin_os = true;
44 const bool have_darwin_os = false;
47 #if defined(HAVE_CRYPTO)
48 const bool have_crypto = true;
50 const bool have_crypto = false;
54 const bool have_acl = true;
56 const bool have_acl = false;
60 const bool have_sha2 = true;
62 const bool have_sha2 = false;
65 #if defined(HAVE_XATTR)
66 const bool have_xattr = true;
68 const bool have_xattr = false;
72 * Data received from Storage Daemon
74 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
77 * Forward referenced functions
79 #if defined(HAVE_LIBZ)
80 static const char *zlib_strerror(int stat);
81 const bool have_libz = true;
83 const bool have_libz = false;
86 const bool have_lzo = true;
88 const bool have_lzo = false;
91 static void deallocate_cipher(r_ctx &rctx);
92 static void deallocate_fork_cipher(r_ctx &rctx);
93 static void free_signature(r_ctx &rctx);
94 static void free_session(r_ctx &rctx);
95 static bool close_previous_stream(JCR *jcr, r_ctx &rctx);
96 static bool verify_signature(JCR *jcr, r_ctx &rctx);
97 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
98 uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx);
99 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
100 RESTORE_CIPHER_CTX *cipher_ctx);
103 * Close a bfd check that we are at the expected file offset.
104 * Makes use of some code from set_attributes().
106 static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
108 char ec1[50], ec2[50];
111 fsize = blseek(bfd, 0, SEEK_CUR);
113 if (fsize > 0 && fsize != osize) {
114 Qmsg3(jcr, M_WARNING, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
115 jcr->last_fname, edit_uint64(osize, ec1),
116 edit_uint64(fsize, ec2));
122 #ifdef HAVE_DARWIN_OS
123 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
125 struct attrlist attrList;
127 memset(&attrList, 0, sizeof(attrList));
128 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
129 attrList.commonattr = ATTR_CMN_FNDRINFO;
131 Dmsg0(130, "Restoring Finder Info\n");
132 jcr->ff->flags |= FO_HFSPLUS;
134 Jmsg(jcr, M_WARNING, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
138 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
139 Jmsg(jcr, M_WARNING, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
146 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
153 * Cleanup of delayed restore stack with streams for later
156 static inline void drop_delayed_restore_streams(r_ctx &rctx, bool reuse)
158 RESTORE_DATA_STREAM *rds;
160 if (!rctx.delayed_streams ||
161 rctx.delayed_streams->empty()) {
165 foreach_alist(rds, rctx.delayed_streams) {
169 rctx.delayed_streams->destroy();
171 rctx.delayed_streams->init(10, owned_by_alist);
176 * Push a data stream onto the delayed restore stack for
179 static inline void push_delayed_restore_stream(r_ctx &rctx, BSOCK *sd)
181 RESTORE_DATA_STREAM *rds;
183 if (!rctx.delayed_streams) {
184 rctx.delayed_streams = New(alist(10, owned_by_alist));
187 rds = (RESTORE_DATA_STREAM *)malloc(sizeof(RESTORE_DATA_STREAM));
188 rds->stream = rctx.stream;
189 rds->content = (char *)malloc(sd->msglen);
190 memcpy(rds->content, sd->msg, sd->msglen);
191 rds->content_length = sd->msglen;
193 rctx.delayed_streams->append(rds);
197 * Perform a restore of an ACL using the stream received.
198 * This can either be a delayed restore or direct restore.
200 static inline bool do_restore_acl(JCR *jcr,
203 uint32_t content_length)
206 switch (parse_acl_streams(jcr, stream, content, content_length)) {
207 case bacl_exit_fatal:
209 case bacl_exit_error:
211 * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
212 * print the error message set by the lower level routine in jcr->errmsg.
214 if (jcr->acl_data->u.parse->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
215 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
217 jcr->acl_data->u.parse->nr_errors++;
226 * Perform a restore of an XATTR using the stream received.
227 * This can either be a delayed restore or direct restore.
229 static inline bool do_restore_xattr(JCR *jcr,
232 uint32_t content_length)
234 switch (parse_xattr_streams(jcr, stream, content, content_length)) {
235 case bxattr_exit_fatal:
237 case bxattr_exit_error:
239 * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
240 * print the error message set by the lower level routine in jcr->errmsg.
242 if (jcr->xattr_data->u.parse->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
243 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
245 jcr->xattr_data->u.parse->nr_errors++;
254 * Restore any data streams that are restored after the file
255 * is fully restored and has its attributes restored. Things
256 * like acls and xattr are restored after we set the file
257 * attributes otherwise we might clear some security flags
258 * by setting the attributes.
260 static inline bool pop_delayed_data_streams(JCR *jcr, r_ctx &rctx)
262 RESTORE_DATA_STREAM *rds;
265 * See if there is anything todo.
267 if (!rctx.delayed_streams ||
268 rctx.delayed_streams->empty()) {
273 * Only process known delayed data streams here.
274 * If you start using more delayed data streams
275 * be sure to add them in this loop and add the
278 * Currently we support delayed data stream
279 * processing for the following type of streams:
283 foreach_alist(rds, rctx.delayed_streams) {
284 switch (rds->stream) {
285 case STREAM_UNIX_ACCESS_ACL:
286 case STREAM_UNIX_DEFAULT_ACL:
287 case STREAM_ACL_AIX_TEXT:
288 case STREAM_ACL_DARWIN_ACCESS_ACL:
289 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
290 case STREAM_ACL_FREEBSD_ACCESS_ACL:
291 case STREAM_ACL_HPUX_ACL_ENTRY:
292 case STREAM_ACL_IRIX_DEFAULT_ACL:
293 case STREAM_ACL_IRIX_ACCESS_ACL:
294 case STREAM_ACL_LINUX_DEFAULT_ACL:
295 case STREAM_ACL_LINUX_ACCESS_ACL:
296 case STREAM_ACL_TRU64_DEFAULT_ACL:
297 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
298 case STREAM_ACL_TRU64_ACCESS_ACL:
299 case STREAM_ACL_SOLARIS_ACLENT:
300 case STREAM_ACL_SOLARIS_ACE:
301 case STREAM_ACL_AFS_TEXT:
302 case STREAM_ACL_AIX_AIXC:
303 case STREAM_ACL_AIX_NFS4:
304 case STREAM_ACL_FREEBSD_NFS4_ACL:
305 case STREAM_ACL_HURD_DEFAULT_ACL:
306 case STREAM_ACL_HURD_ACCESS_ACL:
307 if (!do_restore_acl(jcr, rds->stream, rds->content, rds->content_length)) {
312 case STREAM_XATTR_HURD:
313 case STREAM_XATTR_IRIX:
314 case STREAM_XATTR_TRU64:
315 case STREAM_XATTR_AIX:
316 case STREAM_XATTR_OPENBSD:
317 case STREAM_XATTR_SOLARIS_SYS:
318 case STREAM_XATTR_DARWIN:
319 case STREAM_XATTR_FREEBSD:
320 case STREAM_XATTR_LINUX:
321 case STREAM_XATTR_NETBSD:
322 if (!do_restore_xattr(jcr, rds->stream, rds->content, rds->content_length)) {
328 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
335 * We processed the stack so we can destroy it.
337 rctx.delayed_streams->destroy();
340 * (Re)Initialize the stack for a new use.
342 rctx.delayed_streams->init(10, owned_by_alist);
349 * Destroy the content of the stack and (re)initialize it for a new use.
351 drop_delayed_restore_streams(rctx, true);
357 * Restore the requested files.
359 void do_restore(JCR *jcr)
362 uint32_t VolSessionId, VolSessionTime;
364 char ec1[50]; /* Buffer printing huge values */
365 uint32_t buf_size; /* client buffer size */
367 int64_t rsrc_len = 0; /* Original length of resource fork */
370 /* ***FIXME*** make configurable */
371 crypto_digest_t signing_algorithm = have_sha2 ?
372 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
373 memset(&rctx, 0, sizeof(rctx));
377 * The following variables keep track of "known unknowns"
379 int non_support_data = 0;
380 int non_support_attr = 0;
381 int non_support_rsrc = 0;
382 int non_support_finfo = 0;
383 int non_support_acl = 0;
384 int non_support_progname = 0;
385 int non_support_crypto = 0;
386 int non_support_xattr = 0;
388 sd = jcr->store_bsock;
389 jcr->setJobStatus(JS_Running);
392 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
395 buf_size = client->max_network_buffer_size;
397 buf_size = 0; /* use default */
399 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
400 jcr->setJobStatus(JS_ErrorTerminated);
403 jcr->buf_size = sd->msglen;
406 * St Bernard code goes here if implemented -- see end of file
409 /* use the same buffer size to decompress both gzip and lzo */
410 if (have_libz || have_lzo) {
411 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
412 jcr->compress_buf = get_memory(compress_buf_size);
413 jcr->compress_buf_size = compress_buf_size;
417 if (lzo_init() != LZO_E_OK) {
418 Jmsg(jcr, M_FATAL, 0, _("LZO init failed\n"));
424 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
425 if (have_darwin_os) {
426 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
431 * Get a record from the Storage daemon. We are guaranteed to
432 * receive records in the following order:
433 * 1. Stream record header
434 * 2. Stream data (one or more of the following in the order given)
435 * a. Attributes (Unix or Win32)
436 * b. Possibly stream encryption session data (e.g., symmetric session key)
437 * c. File data for the file
438 * d. Alternate data stream (e.g. Resource Fork)
442 * h. Possibly a cryptographic signature
443 * i. Possibly MD5 or SHA1 record
446 * NOTE: We keep track of two bacula file descriptors:
447 * 1. bfd for file data.
448 * This fd is opened for non empty files when an attribute stream is
449 * encountered and closed when we find the next attribute stream.
450 * 2. fork_bfd for alternate data streams
451 * This fd is opened every time we encounter a new alternate data
452 * stream for the current file. When we find any other stream, we
454 * The expected size of the stream, fork_len, should be set when
456 * 3. Not all the stream data records are required -- e.g. if there
457 * is no fork, there is no alternate data stream, no ACL, ...
460 binit(&rctx.forkbfd);
461 attr = rctx.attr = new_attr(jcr);
463 jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
464 memset(jcr->acl_data, 0, sizeof(acl_data_t));
465 jcr->acl_data->u.parse = (acl_parse_data_t *)malloc(sizeof(acl_parse_data_t));
466 memset(jcr->acl_data->u.parse, 0, sizeof(acl_parse_data_t));
469 jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
470 memset(jcr->xattr_data, 0, sizeof(xattr_data_t));
471 jcr->xattr_data->u.parse = (xattr_parse_data_t *)malloc(sizeof(xattr_parse_data_t));
472 memset(jcr->xattr_data->u.parse, 0, sizeof(xattr_parse_data_t));
475 while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
477 * Remember previous stream type
479 rctx.prev_stream = rctx.stream;
482 * First we expect a Stream Record Header
484 if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
485 &rctx.full_stream, &rctx.size) != 5) {
486 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
489 /* Strip off new stream high bits */
490 rctx.stream = rctx.full_stream & STREAMMASK_TYPE;
491 Dmsg5(150, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
492 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
495 * Now we expect the Stream Data
497 if (bget_msg(sd) < 0) {
498 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
501 if (rctx.size != (uint32_t)sd->msglen) {
502 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
503 sd->msglen, rctx.size);
504 Dmsg2(50, "Actual data size %d not same as header %d\n",
505 sd->msglen, rctx.size);
508 Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
509 sd->msglen, rctx.extract);
512 * If we change streams, close and reset alternate data streams
514 if (rctx.prev_stream != rctx.stream) {
515 if (is_bopen(&rctx.forkbfd)) {
516 deallocate_fork_cipher(rctx);
517 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
520 * Use an impossible value and set a proper one below
527 * File Attributes stream
529 switch (rctx.stream) {
530 case STREAM_UNIX_ATTRIBUTES:
531 case STREAM_UNIX_ATTRIBUTES_EX:
533 * if any previous stream open, close it
535 if (!close_previous_stream(jcr, rctx)) {
540 * TODO: manage deleted files
542 if (rctx.type == FT_DELETED) { /* deleted file */
546 * Restore objects should be ignored here -- they are
547 * returned at the beginning of the restore.
549 if (IS_FT_OBJECT(rctx.type)) {
554 * Unpack attributes and do sanity check them
556 if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) {
560 Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
561 attr->attr, attr->attrEx);
562 Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen,
563 strlen(attr->attrEx), sd->msg);
565 attr->data_stream = decode_stat(attr->attr, &attr->statp, sizeof(attr->statp), &attr->LinkFI);
567 if (!is_restore_stream_supported(attr->data_stream)) {
568 if (!non_support_data++) {
569 Jmsg(jcr, M_WARNING, 0, _("%s stream not supported on this Client.\n"),
570 stream_to_ascii(attr->data_stream));
575 build_attr_output_fnames(jcr, attr);
578 * Try to actually create the file, which returns a status telling
579 * us if we need to extract or not.
581 jcr->num_files_examined++;
582 rctx.extract = false;
583 stat = CF_CORE; /* By default, let Bacula's core handle it */
586 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
589 if (stat == CF_CORE) {
590 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
593 pm_strcpy(jcr->last_fname, attr->ofname);
594 jcr->last_type = attr->type;
596 Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
604 * File created and we expect file data
612 * File created, but there is no content
615 print_ls_output(jcr, attr);
617 if (have_darwin_os) {
619 * Only restore the resource fork for regular files
621 from_base64(&rsrc_len, attr->attrEx);
622 if (attr->type == FT_REG && rsrc_len > 0) {
627 * Do not count the resource forks as regular files being restored.
638 * set attributes now because file will not be extracted
641 plugin_set_attributes(jcr, attr, &rctx.bfd);
643 set_attributes(jcr, attr, &rctx.bfd);
653 case STREAM_ENCRYPTED_SESSION_DATA:
654 crypto_error_t cryptoerr;
657 * Is this an unexpected session data entry?
660 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
661 rctx.extract = false;
667 * Do we have any keys at all?
669 if (!jcr->crypto.pki_recipients) {
670 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
671 rctx.extract = false;
676 if (jcr->crypto.digest) {
677 crypto_digest_free(jcr->crypto.digest);
679 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
680 if (!jcr->crypto.digest) {
681 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
682 rctx.extract = false;
688 * Decode and save session keys.
690 cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
691 jcr->crypto.pki_recipients, &rctx.cs);
693 case CRYPTO_ERROR_NONE:
698 case CRYPTO_ERROR_NORECIPIENT:
699 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
701 case CRYPTO_ERROR_DECRYPTION:
702 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
708 Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
712 if (cryptoerr != CRYPTO_ERROR_NONE) {
713 rctx.extract = false;
720 case STREAM_FILE_DATA:
721 case STREAM_SPARSE_DATA:
722 case STREAM_WIN32_DATA:
723 case STREAM_GZIP_DATA:
724 case STREAM_SPARSE_GZIP_DATA:
725 case STREAM_WIN32_GZIP_DATA:
726 case STREAM_COMPRESSED_DATA:
727 case STREAM_SPARSE_COMPRESSED_DATA:
728 case STREAM_WIN32_COMPRESSED_DATA:
729 case STREAM_ENCRYPTED_FILE_DATA:
730 case STREAM_ENCRYPTED_WIN32_DATA:
731 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
732 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
733 case STREAM_ENCRYPTED_FILE_COMPRESSED_DATA:
734 case STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA:
736 * Force an expected, consistent stream type here
738 if (rctx.extract && (rctx.prev_stream == rctx.stream
739 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
740 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
741 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
744 if (rctx.stream == STREAM_SPARSE_DATA
745 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
746 || rctx.stream == STREAM_SPARSE_GZIP_DATA) {
747 rctx.flags |= FO_SPARSE;
750 if (rctx.stream == STREAM_GZIP_DATA
751 || rctx.stream == STREAM_SPARSE_GZIP_DATA
752 || rctx.stream == STREAM_WIN32_GZIP_DATA
753 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
754 || rctx.stream == STREAM_COMPRESSED_DATA
755 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
756 || rctx.stream == STREAM_WIN32_COMPRESSED_DATA
757 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
758 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
759 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
760 rctx.flags |= FO_COMPRESS;
761 rctx.comp_stream = rctx.stream;
764 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
765 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
766 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
767 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
768 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
769 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
771 * Set up a decryption context
773 if (!rctx.cipher_ctx.cipher) {
775 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
776 rctx.extract = false;
781 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
782 &rctx.cipher_ctx.block_size)) == NULL) {
783 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
785 rctx.extract = false;
790 rctx.flags |= FO_ENCRYPT;
793 if (is_win32_stream(rctx.stream) && !have_win32_api()) {
794 set_portable_backup(&rctx.bfd);
796 * "decompose" BackupWrite data
798 rctx.flags |= FO_WIN32DECOMP;
801 if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
802 rctx.flags, rctx.stream, &rctx.cipher_ctx) < 0) {
803 rctx.extract = false;
811 * Resource fork stream - only recorded after a file to be restored
812 * Silently ignore if we cannot write - we already reported that
814 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
815 case STREAM_MACOS_FORK_DATA:
816 if (have_darwin_os) {
818 jcr->ff->flags |= FO_HFSPLUS;
820 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
821 rctx.fork_flags |= FO_ENCRYPT;
824 * Set up a decryption context
826 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
828 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
829 rctx.extract = false;
834 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
835 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
837 rctx.extract = false;
845 if (rctx.prev_stream != rctx.stream) {
846 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
847 Jmsg(jcr, M_WARNING, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
848 rctx.extract = false;
852 rctx.fork_size = rsrc_len;
853 Dmsg0(130, "Restoring resource fork\n");
856 if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
857 rctx.stream, &rctx.fork_cipher_ctx) < 0) {
858 rctx.extract = false;
859 bclose(&rctx.forkbfd);
868 case STREAM_HFSPLUS_ATTRIBUTES:
869 if (have_darwin_os) {
870 if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
878 case STREAM_UNIX_ACCESS_ACL:
879 case STREAM_UNIX_DEFAULT_ACL:
880 case STREAM_ACL_AIX_TEXT:
881 case STREAM_ACL_DARWIN_ACCESS_ACL:
882 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
883 case STREAM_ACL_FREEBSD_ACCESS_ACL:
884 case STREAM_ACL_HPUX_ACL_ENTRY:
885 case STREAM_ACL_IRIX_DEFAULT_ACL:
886 case STREAM_ACL_IRIX_ACCESS_ACL:
887 case STREAM_ACL_LINUX_DEFAULT_ACL:
888 case STREAM_ACL_LINUX_ACCESS_ACL:
889 case STREAM_ACL_TRU64_DEFAULT_ACL:
890 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
891 case STREAM_ACL_TRU64_ACCESS_ACL:
892 case STREAM_ACL_SOLARIS_ACLENT:
893 case STREAM_ACL_SOLARIS_ACE:
894 case STREAM_ACL_AFS_TEXT:
895 case STREAM_ACL_AIX_AIXC:
896 case STREAM_ACL_AIX_NFS4:
897 case STREAM_ACL_FREEBSD_NFS4_ACL:
898 case STREAM_ACL_HURD_DEFAULT_ACL:
899 case STREAM_ACL_HURD_ACCESS_ACL:
901 * Do not restore ACLs when
902 * a) The current file is not extracted
903 * b) and it is not a directory (they are never "extracted")
904 * c) or the file name is empty
906 if ((!rctx.extract &&
907 jcr->last_type != FT_DIREND) ||
908 (*jcr->last_fname == 0)) {
913 * For anything that is not a directory we delay
914 * the restore of acls till a later stage.
916 if (jcr->last_type != FT_DIREND) {
917 push_delayed_restore_stream(rctx, sd);
919 if (!do_restore_acl(jcr, rctx.stream, sd->msg, sd->msglen)) {
928 case STREAM_XATTR_HURD:
929 case STREAM_XATTR_IRIX:
930 case STREAM_XATTR_TRU64:
931 case STREAM_XATTR_AIX:
932 case STREAM_XATTR_OPENBSD:
933 case STREAM_XATTR_SOLARIS_SYS:
934 case STREAM_XATTR_DARWIN:
935 case STREAM_XATTR_FREEBSD:
936 case STREAM_XATTR_LINUX:
937 case STREAM_XATTR_NETBSD:
939 * Do not restore Extended Attributes when
940 * a) The current file is not extracted
941 * b) and it is not a directory (they are never "extracted")
942 * c) or the file name is empty
944 if ((!rctx.extract &&
945 jcr->last_type != FT_DIREND) ||
946 (*jcr->last_fname == 0)) {
951 * For anything that is not a directory we delay
952 * the restore of xattr till a later stage.
954 if (jcr->last_type != FT_DIREND) {
955 push_delayed_restore_stream(rctx, sd);
957 if (!do_restore_xattr(jcr, rctx.stream, sd->msg, sd->msglen)) {
966 case STREAM_XATTR_SOLARIS:
968 * Do not restore Extended Attributes when
969 * a) The current file is not extracted
970 * b) and it is not a directory (they are never "extracted")
971 * c) or the file name is empty
973 if ((!rctx.extract &&
974 jcr->last_type != FT_DIREND) ||
975 (*jcr->last_fname == 0)) {
979 if (!do_restore_xattr(jcr, rctx.stream, sd->msg, sd->msglen)) {
987 case STREAM_SIGNED_DIGEST:
989 * Is this an unexpected signature?
992 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
993 free_signature(rctx);
999 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
1000 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
1004 case STREAM_MD5_DIGEST:
1005 case STREAM_SHA1_DIGEST:
1006 case STREAM_SHA256_DIGEST:
1007 case STREAM_SHA512_DIGEST:
1010 case STREAM_PROGRAM_NAMES:
1011 case STREAM_PROGRAM_DATA:
1012 if (!non_support_progname) {
1013 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
1014 non_support_progname++;
1018 case STREAM_PLUGIN_NAME:
1019 if (!close_previous_stream(jcr, rctx)) {
1022 Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
1023 plugin_name_stream(jcr, sd->msg);
1026 case STREAM_RESTORE_OBJECT:
1027 break; /* these are sent by Director */
1030 if (!close_previous_stream(jcr, rctx)) {
1033 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
1035 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
1037 } /* end switch(stream) */
1038 } /* end while get_msg() */
1041 * If output file is still open, it was the last one in the
1042 * archive since we just hit an end of file, so close the file.
1044 if (is_bopen(&rctx.forkbfd)) {
1045 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
1048 if (!close_previous_stream(jcr, rctx)) {
1051 jcr->setJobStatus(JS_Terminated);
1055 jcr->setJobStatus(JS_ErrorTerminated);
1059 * First output the statistics.
1061 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
1062 edit_uint64(jcr->JobBytes, ec1));
1063 if (have_acl && jcr->acl_data->u.parse->nr_errors > 0) {
1064 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld acl errors while doing restore\n"),
1065 jcr->acl_data->u.parse->nr_errors);
1067 if (have_xattr && jcr->xattr_data->u.parse->nr_errors > 0) {
1068 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld xattr errors while doing restore\n"),
1069 jcr->xattr_data->u.parse->nr_errors);
1071 if (non_support_data > 1 || non_support_attr > 1) {
1072 Jmsg(jcr, M_WARNING, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
1073 non_support_data, non_support_attr);
1075 if (non_support_rsrc) {
1076 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
1078 if (non_support_finfo) {
1079 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_finfo);
1081 if (non_support_acl) {
1082 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
1084 if (non_support_crypto) {
1085 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
1087 if (non_support_xattr) {
1088 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
1092 * Free Signature & Crypto Data
1094 free_signature(rctx);
1096 if (jcr->crypto.digest) {
1097 crypto_digest_free(jcr->crypto.digest);
1098 jcr->crypto.digest = NULL;
1102 * Free file cipher restore context
1104 if (rctx.cipher_ctx.cipher) {
1105 crypto_cipher_free(rctx.cipher_ctx.cipher);
1106 rctx.cipher_ctx.cipher = NULL;
1109 if (rctx.cipher_ctx.buf) {
1110 free_pool_memory(rctx.cipher_ctx.buf);
1111 rctx.cipher_ctx.buf = NULL;
1115 * Free alternate stream cipher restore context
1117 if (rctx.fork_cipher_ctx.cipher) {
1118 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1119 rctx.fork_cipher_ctx.cipher = NULL;
1121 if (rctx.fork_cipher_ctx.buf) {
1122 free_pool_memory(rctx.fork_cipher_ctx.buf);
1123 rctx.fork_cipher_ctx.buf = NULL;
1126 if (jcr->compress_buf) {
1127 free_pool_memory(jcr->compress_buf);
1128 jcr->compress_buf = NULL;
1129 jcr->compress_buf_size = 0;
1132 if (have_acl && jcr->acl_data) {
1133 free(jcr->acl_data->u.parse);
1134 free(jcr->acl_data);
1135 jcr->acl_data = NULL;
1138 if (have_xattr && jcr->xattr_data) {
1139 free(jcr->xattr_data->u.parse);
1140 free(jcr->xattr_data);
1141 jcr->xattr_data = NULL;
1145 * Free the delayed stream stack list.
1147 if (rctx.delayed_streams) {
1148 drop_delayed_restore_streams(rctx, false);
1149 delete rctx.delayed_streams;
1152 bclose(&rctx.forkbfd);
1154 free_attr(rctx.attr);
1159 * Convert ZLIB error code into an ASCII message
1161 static const char *zlib_strerror(int stat)
1168 return _("Zlib errno");
1169 case Z_STREAM_ERROR:
1170 return _("Zlib stream error");
1172 return _("Zlib data error");
1174 return _("Zlib memory error");
1176 return _("Zlib buffer error");
1177 case Z_VERSION_ERROR:
1178 return _("Zlib version error");
1185 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
1187 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
1188 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
1192 * Verify the signature for the last restored file
1193 * Return value is either true (signature correct)
1194 * or false (signature could not be verified).
1195 * TODO landonf: Implement without using find_one_file and
1196 * without re-reading the file.
1198 static bool verify_signature(JCR *jcr, r_ctx &rctx)
1200 X509_KEYPAIR *keypair;
1201 DIGEST *digest = NULL;
1203 uint64_t saved_bytes;
1204 crypto_digest_t signing_algorithm = have_sha2 ?
1205 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
1206 crypto_digest_t algorithm;
1207 SIGNATURE *sig = rctx.sig;
1210 if (!jcr->crypto.pki_sign) {
1217 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
1218 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
1226 * Iterate through the trusted signers
1228 foreach_alist(keypair, jcr->crypto.pki_signers) {
1229 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
1231 case CRYPTO_ERROR_NONE:
1232 Dmsg0(50, "== Got digest\n");
1234 * We computed jcr->crypto.digest using signing_algorithm while writing
1235 * the file. If it is not the same as the algorithm used for
1236 * this file, punt by releasing the computed algorithm and
1237 * computing by re-reading the file.
1239 if (algorithm != signing_algorithm) {
1240 if (jcr->crypto.digest) {
1241 crypto_digest_free(jcr->crypto.digest);
1242 jcr->crypto.digest = NULL;
1245 if (jcr->crypto.digest) {
1247 * Use digest computed while writing the file to verify the signature
1249 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
1250 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1251 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1252 jcr->last_fname, crypto_strerror(err));
1257 * Signature found, digest allocated. Old method,
1258 * re-read the file and compute the digest
1260 jcr->crypto.digest = digest;
1263 * Checksum the entire file
1264 * Make sure we don't modify JobBytes by saving and restoring it
1266 saved_bytes = jcr->JobBytes;
1267 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
1268 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
1270 jcr->JobBytes = saved_bytes;
1273 jcr->JobBytes = saved_bytes;
1276 * Verify the signature
1278 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
1279 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1280 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1281 jcr->last_fname, crypto_strerror(err));
1284 jcr->crypto.digest = NULL;
1290 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
1291 crypto_digest_free(digest);
1294 case CRYPTO_ERROR_NOSIGNER:
1296 * Signature not found, try again
1299 crypto_digest_free(digest);
1305 * Something strange happened (that shouldn't happen!)...
1307 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
1315 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
1319 crypto_digest_free(digest);
1324 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length)
1329 unser_begin(*data, OFFSET_FADDR_SIZE);
1330 unser_uint64(faddr);
1331 if (*addr != faddr) {
1333 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
1335 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
1336 edit_uint64(*addr, ec1), jcr->last_fname,
1337 be.bstrerror(bfd->berrno));
1341 *data += OFFSET_FADDR_SIZE;
1342 *length -= OFFSET_FADDR_SIZE;
1346 bool decompress_data(JCR *jcr, int32_t stream, char **data, uint32_t *length)
1348 #if defined(HAVE_LZO) || defined(HAVE_LIBZ)
1349 char ec1[50]; /* Buffer printing huge values */
1352 Dmsg1(200, "Stream found in decompress_data(): %d\n", stream);
1353 if(stream == STREAM_COMPRESSED_DATA || stream == STREAM_SPARSE_COMPRESSED_DATA || stream == STREAM_WIN32_COMPRESSED_DATA
1354 || stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA || stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA)
1356 uint32_t comp_magic, comp_len;
1357 uint16_t comp_level, comp_version;
1359 lzo_uint compress_len;
1360 const unsigned char *cbuf;
1361 int r, real_compress_len;
1364 /* read compress header */
1366 unser_begin(*data, sizeof(comp_stream_header));
1367 unser_uint32(comp_magic);
1368 unser_uint32(comp_len);
1369 unser_uint16(comp_level);
1370 unser_uint16(comp_version);
1371 Dmsg4(200, "Compressed data stream found: magic=0x%x, len=%d, level=%d, ver=0x%x\n", comp_magic, comp_len,
1372 comp_level, comp_version);
1375 if (comp_version != COMP_HEAD_VERSION) {
1376 Qmsg(jcr, M_ERROR, 0, _("Compressed header version error. version=0x%x\n"), comp_version);
1380 if (comp_len + sizeof(comp_stream_header) != *length) {
1381 Qmsg(jcr, M_ERROR, 0, _("Compressed header size error. comp_len=%d, msglen=%d\n"),
1385 switch(comp_magic) {
1387 case COMPRESS_LZO1X:
1388 compress_len = jcr->compress_buf_size;
1389 cbuf = (const unsigned char*)*data + sizeof(comp_stream_header);
1390 real_compress_len = *length - sizeof(comp_stream_header);
1391 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1392 while ((r=lzo1x_decompress_safe(cbuf, real_compress_len,
1393 (unsigned char *)jcr->compress_buf, &compress_len, NULL)) == LZO_E_OUTPUT_OVERRUN)
1396 * The buffer size is too small, try with a bigger one
1398 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1399 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1400 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1403 if (r != LZO_E_OK) {
1404 Qmsg(jcr, M_ERROR, 0, _("LZO uncompression error on file %s. ERR=%d\n"),
1405 jcr->last_fname, r);
1408 *data = jcr->compress_buf;
1409 *length = compress_len;
1410 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1414 Qmsg(jcr, M_ERROR, 0, _("Compression algorithm 0x%x found, but not supported!\n"), comp_magic);
1423 * NOTE! We only use uLong and Byte because they are
1424 * needed by the zlib routines, they should not otherwise
1425 * be used in Bacula.
1427 compress_len = jcr->compress_buf_size;
1428 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1429 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1430 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1433 * The buffer size is too small, try with a bigger one
1435 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1436 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1437 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1441 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1442 jcr->last_fname, zlib_strerror(stat));
1445 *data = jcr->compress_buf;
1446 *length = compress_len;
1447 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1450 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1456 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1459 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1460 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1461 unser_uint32(ctx->packet_len);
1462 ctx->packet_len += CRYPTO_LEN_SIZE;
1466 bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp)
1468 if (jcr->crypto.digest) {
1469 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1472 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1474 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1475 jcr->last_fname, be.bstrerror(bfd->berrno));
1478 } else if (bwrite(bfd, data, length) != (ssize_t)length) {
1480 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
1481 jcr->last_fname, be.bstrerror(bfd->berrno));
1489 * In the context of jcr, write data to bfd.
1490 * We write buflen bytes in buf at addr. addr is updated in place.
1491 * The flags specify whether to use sparse files or compression.
1492 * Return value is the number of bytes written, or -1 on errors.
1494 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
1495 uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx)
1497 char *wbuf; /* write buffer */
1498 uint32_t wsize; /* write size */
1499 uint32_t rsize; /* read size */
1500 uint32_t decrypted_len = 0; /* Decryption output length */
1501 char ec1[50]; /* Buffer printing huge values */
1504 jcr->ReadBytes += rsize;
1508 if (flags & FO_ENCRYPT) {
1509 ASSERT(cipher_ctx->cipher);
1512 * NOTE: We must implement block preserving semantics for the
1513 * non-streaming compression and sparse code.
1515 * Grow the crypto buffer, if necessary.
1516 * crypto_cipher_update() will process only whole blocks,
1517 * buffering the remaining input.
1519 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1520 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1523 * Decrypt the input block
1525 if (!crypto_cipher_update(cipher_ctx->cipher,
1526 (const u_int8_t *)wbuf,
1528 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1531 * Decryption failed. Shouldn't happen.
1533 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1537 if (decrypted_len == 0) {
1539 * No full block of encrypted data available, write more data
1544 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1546 cipher_ctx->buf_len += decrypted_len;
1547 wbuf = cipher_ctx->buf;
1550 * If one full preserved block is available, write it to disk,
1551 * and then buffer any remaining data. This should be effecient
1552 * as long as Bacula's block size is not significantly smaller than the
1553 * encryption block size (extremely unlikely!)
1555 unser_crypto_packet_len(cipher_ctx);
1556 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1558 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1560 * No full preserved block is available.
1566 * We have one full block, set up the filter input buffers
1568 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1569 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1570 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1571 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1574 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1575 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1580 if (flags & FO_COMPRESS) {
1581 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1586 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1589 jcr->JobBytes += wsize;
1591 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1594 * Clean up crypto buffers
1596 if (flags & FO_ENCRYPT) {
1597 /* Move any remaining data to start of buffer */
1598 if (cipher_ctx->buf_len > 0) {
1599 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1600 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1601 cipher_ctx->buf_len);
1604 * The packet was successfully written, reset the length so that the next
1605 * packet length may be re-read by unser_crypto_packet_len()
1607 cipher_ctx->packet_len = 0;
1616 * If extracting, close any previous stream
1618 static bool close_previous_stream(JCR *jcr, r_ctx &rctx)
1621 * If extracting, it was from previous stream, so
1622 * close the output file and validate the signature.
1625 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1626 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1627 Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1628 is_bopen(&rctx.bfd));
1631 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1632 deallocate_cipher(rctx);
1633 deallocate_fork_cipher(rctx);
1636 if (rctx.jcr->plugin) {
1637 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1639 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1641 rctx.extract = false;
1644 * Now perform the delayed restore of some specific data streams.
1646 if (!pop_delayed_data_streams(jcr, rctx)) {
1651 * Verify the cryptographic signature, if any
1653 rctx.type = rctx.attr->type;
1654 verify_signature(rctx.jcr, rctx);
1659 free_signature(rctx);
1661 rctx.jcr->ff->flags = 0;
1662 Dmsg0(130, "Stop extracting.\n");
1663 } else if (is_bopen(&rctx.bfd)) {
1664 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1665 Dmsg0(000, "=== logic error !open\n");
1673 * In the context of jcr, flush any remaining data from the cipher context,
1674 * writing it to bfd.
1675 * Return value is true on success, false on failure.
1677 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
1678 RESTORE_CIPHER_CTX *cipher_ctx)
1680 uint32_t decrypted_len = 0;
1681 char *wbuf; /* write buffer */
1682 uint32_t wsize; /* write size */
1683 char ec1[50]; /* Buffer printing huge values */
1684 bool second_pass = false;
1688 * Write out the remaining block and free the cipher context
1690 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
1691 cipher_ctx->block_size);
1693 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1696 * Writing out the final, buffered block failed. Shouldn't happen.
1698 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1699 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1702 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1704 * If nothing new was decrypted, and our output buffer is empty, return
1706 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1710 cipher_ctx->buf_len += decrypted_len;
1712 unser_crypto_packet_len(cipher_ctx);
1713 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1714 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1716 * Decrypted, possibly decompressed output here.
1718 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
1719 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1720 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1722 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1723 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1728 if (flags & FO_COMPRESS) {
1729 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1734 Dmsg0(130, "Call store_data\n");
1735 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1738 jcr->JobBytes += wsize;
1739 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1742 * Move any remaining data to start of buffer
1744 if (cipher_ctx->buf_len > 0) {
1745 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1746 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1747 cipher_ctx->buf_len);
1750 * The packet was successfully written, reset the length so that the next
1751 * packet length may be re-read by unser_crypto_packet_len()
1753 cipher_ctx->packet_len = 0;
1755 if (cipher_ctx->buf_len >0 && !second_pass) {
1763 cipher_ctx->buf_len = 0;
1764 cipher_ctx->packet_len = 0;
1769 static void deallocate_cipher(r_ctx &rctx)
1772 * Flush and deallocate previous stream's cipher context
1774 if (rctx.cipher_ctx.cipher) {
1775 flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, rctx.comp_stream, &rctx.cipher_ctx);
1776 crypto_cipher_free(rctx.cipher_ctx.cipher);
1777 rctx.cipher_ctx.cipher = NULL;
1781 static void deallocate_fork_cipher(r_ctx &rctx)
1785 * Flush and deallocate previous stream's fork cipher context
1787 if (rctx.fork_cipher_ctx.cipher) {
1788 flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, rctx.comp_stream, &rctx.fork_cipher_ctx);
1789 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1790 rctx.fork_cipher_ctx.cipher = NULL;
1794 static void free_signature(r_ctx &rctx)
1797 crypto_sign_free(rctx.sig);
1802 static void free_session(r_ctx &rctx)
1805 crypto_session_free(rctx.cs);
1812 * This code if implemented goes above
1814 #ifdef stbernard_implemented
1815 / #if defined(HAVE_WIN32)
1816 bool bResumeOfmOnExit = FALSE;
1817 if (isOpenFileManagerRunning()) {
1818 if ( pauseOpenFileManager() ) {
1819 Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") );
1820 bResumeOfmOnExit = TRUE;
1823 Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") );
1827 char username[UNLEN+1];
1828 DWORD usize = sizeof(username);
1829 int privs = enable_backup_privileges(NULL, 1);
1830 if (GetUserName(username, &usize)) {
1831 Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username,
1833 Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n"));