2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon restore.c Restorefiles.
31 * Kern Sibbald, November MM
41 const bool have_darwin_os = true;
43 const bool have_darwin_os = false;
46 #if defined(HAVE_CRYPTO)
47 const bool have_crypto = true;
49 const bool have_crypto = false;
53 const bool have_acl = true;
55 const bool have_acl = false;
59 const bool have_sha2 = true;
61 const bool have_sha2 = false;
64 #if defined(HAVE_XATTR)
65 const bool have_xattr = true;
67 const bool have_xattr = false;
71 * Data received from Storage Daemon
73 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
76 * Forward referenced functions
78 #if defined(HAVE_LIBZ)
79 static const char *zlib_strerror(int stat);
80 const bool have_libz = true;
82 const bool have_libz = false;
85 static void deallocate_cipher(r_ctx &rctx);
86 static void deallocate_fork_cipher(r_ctx &rctx);
87 static void free_signature(r_ctx &rctx);
88 static void free_session(r_ctx &rctx);
89 static void close_previous_stream(r_ctx &rctx);
91 static bool verify_signature(JCR *jcr, r_ctx &rctx);
92 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
93 uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx);
94 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
95 RESTORE_CIPHER_CTX *cipher_ctx);
98 * Close a bfd check that we are at the expected file offset.
99 * Makes use of some code from set_attributes().
101 static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
103 char ec1[50], ec2[50];
106 fsize = blseek(bfd, 0, SEEK_CUR);
108 if (fsize > 0 && fsize != osize) {
109 Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
110 jcr->last_fname, edit_uint64(osize, ec1),
111 edit_uint64(fsize, ec2));
117 #ifdef HAVE_DARWIN_OS
118 bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
120 struct attrlist attrList;
122 memset(&attrList, 0, sizeof(attrList));
123 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
124 attrList.commonattr = ATTR_CMN_FNDRINFO;
126 Dmsg0(130, "Restoring Finder Info\n");
127 jcr->ff->flags |= FO_HFSPLUS;
129 Jmsg(jcr, M_ERROR, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
133 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
134 Jmsg(jcr, M_ERROR, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
141 bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
148 * Restore the requested files.
150 void do_restore(JCR *jcr)
153 uint32_t VolSessionId, VolSessionTime;
155 char ec1[50]; /* Buffer printing huge values */
156 uint32_t buf_size; /* client buffer size */
158 intmax_t rsrc_len = 0; /* Original length of resource fork */
161 /* ***FIXME*** make configurable */
162 crypto_digest_t signing_algorithm = have_sha2 ?
163 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
164 memset(&rctx, 0, sizeof(rctx));
168 * The following variables keep track of "known unknowns"
170 int non_support_data = 0;
171 int non_support_attr = 0;
172 int non_support_rsrc = 0;
173 int non_support_finfo = 0;
174 int non_support_acl = 0;
175 int non_support_progname = 0;
176 int non_support_crypto = 0;
177 int non_support_xattr = 0;
179 sd = jcr->store_bsock;
180 set_jcr_job_status(jcr, JS_Running);
183 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
186 buf_size = client->max_network_buffer_size;
188 buf_size = 0; /* use default */
190 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
191 set_jcr_job_status(jcr, JS_ErrorTerminated);
194 jcr->buf_size = sd->msglen;
197 * St Bernard code goes here if implemented -- see end of file
201 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
202 jcr->compress_buf = get_memory(compress_buf_size);
203 jcr->compress_buf_size = compress_buf_size;
207 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
208 if (have_darwin_os) {
209 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
214 * Get a record from the Storage daemon. We are guaranteed to
215 * receive records in the following order:
216 * 1. Stream record header
217 * 2. Stream data (one or more of the following in the order given)
218 * a. Attributes (Unix or Win32)
219 * b. Possibly stream encryption session data (e.g., symmetric session key)
220 * c. File data for the file
221 * d. Alternate data stream (e.g. Resource Fork)
225 * h. Possibly a cryptographic signature
226 * i. Possibly MD5 or SHA1 record
229 * NOTE: We keep track of two bacula file descriptors:
230 * 1. bfd for file data.
231 * This fd is opened for non empty files when an attribute stream is
232 * encountered and closed when we find the next attribute stream.
233 * 2. fork_bfd for alternate data streams
234 * This fd is opened every time we encounter a new alternate data
235 * stream for the current file. When we find any other stream, we
237 * The expected size of the stream, fork_len, should be set when
239 * 3. Not all the stream data records are required -- e.g. if there
240 * is no fork, there is no alternate data stream, no ACL, ...
243 binit(&rctx.forkbfd);
244 attr = rctx.attr = new_attr(jcr);
246 jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
247 memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t));
248 jcr->acl_data->content = get_pool_memory(PM_MESSAGE);
251 jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
252 memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t));
253 jcr->xattr_data->content = get_pool_memory(PM_MESSAGE);
256 while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
258 * Remember previous stream type
260 rctx.prev_stream = rctx.stream;
263 * First we expect a Stream Record Header
265 if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
266 &rctx.stream, &rctx.size) != 5) {
267 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
270 Dmsg5(50, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
271 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
274 * Now we expect the Stream Data
276 if (bget_msg(sd) < 0) {
277 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
280 if (rctx.size != (uint32_t)sd->msglen) {
281 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
282 sd->msglen, rctx.size);
283 Dmsg2(50, "Actual data size %d not same as header %d\n",
284 sd->msglen, rctx.size);
287 Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
288 sd->msglen, rctx.extract);
291 * If we change streams, close and reset alternate data streams
293 if (rctx.prev_stream != rctx.stream) {
294 if (is_bopen(&rctx.forkbfd)) {
295 deallocate_fork_cipher(rctx);
296 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
299 * Use an impossible value and set a proper one below
306 * File Attributes stream
308 switch (rctx.stream) {
309 case STREAM_UNIX_ATTRIBUTES:
310 case STREAM_UNIX_ATTRIBUTES_EX:
312 * if any previous stream open, close it
314 close_previous_stream(rctx);
317 * TODO: manage deleted files
319 if (rctx.type == FT_DELETED) { /* deleted file */
324 * Unpack attributes and do sanity check them
326 if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, attr)) {
330 if (file_index != attr->file_index) {
331 Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"),
332 file_index, attr->file_index);
333 Dmsg0(200, "File index error\n");
338 Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
339 attr->attr, attr->attrEx);
341 attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
343 if (!is_restore_stream_supported(attr->data_stream)) {
344 if (!non_support_data++) {
345 Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"),
346 stream_to_ascii(attr->data_stream));
351 build_attr_output_fnames(jcr, attr);
354 * Try to actually create the file, which returns a status telling
355 * us if we need to extract or not.
357 jcr->num_files_examined++;
358 rctx.extract = false;
360 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
362 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
365 pm_strcpy(jcr->last_fname, attr->ofname);
366 jcr->last_type = attr->type;
368 Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
372 pm_strcpy(jcr->last_fname, attr->ofname);
373 jcr->last_type = attr->type;
377 * File created and we expect file data
385 * File created, but there is no content
388 print_ls_output(jcr, attr);
390 if (have_darwin_os) {
392 * Only restore the resource fork for regular files
394 from_base64(&rsrc_len, attr->attrEx);
395 if (attr->type == FT_REG && rsrc_len > 0) {
400 * Count the resource forks not as regular files being restored.
411 * set attributes now because file will not be extracted
414 plugin_set_attributes(jcr, attr, &rctx.bfd);
416 set_attributes(jcr, attr, &rctx.bfd);
426 case STREAM_ENCRYPTED_SESSION_DATA:
427 crypto_error_t cryptoerr;
430 * Is this an unexpected session data entry?
433 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
434 rctx.extract = false;
440 * Do we have any keys at all?
442 if (!jcr->crypto.pki_recipients) {
443 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
444 rctx.extract = false;
449 if (jcr->crypto.digest) {
450 crypto_digest_free(jcr->crypto.digest);
452 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
453 if (!jcr->crypto.digest) {
454 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
455 rctx.extract = false;
461 * Decode and save session keys.
463 cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
464 jcr->crypto.pki_recipients, &rctx.cs);
466 case CRYPTO_ERROR_NONE:
471 case CRYPTO_ERROR_NORECIPIENT:
472 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
474 case CRYPTO_ERROR_DECRYPTION:
475 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
481 Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
485 if (cryptoerr != CRYPTO_ERROR_NONE) {
486 rctx.extract = false;
493 case STREAM_FILE_DATA:
494 case STREAM_SPARSE_DATA:
495 case STREAM_WIN32_DATA:
496 case STREAM_GZIP_DATA:
497 case STREAM_SPARSE_GZIP_DATA:
498 case STREAM_WIN32_GZIP_DATA:
499 case STREAM_ENCRYPTED_FILE_DATA:
500 case STREAM_ENCRYPTED_WIN32_DATA:
501 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
502 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
504 * Force an expected, consistent stream type here
506 if (rctx.extract && (rctx.prev_stream == rctx.stream
507 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
508 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
509 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
512 if (rctx.stream == STREAM_SPARSE_DATA ||
513 rctx.stream == STREAM_SPARSE_GZIP_DATA) {
514 rctx.flags |= FO_SPARSE;
517 if (rctx.stream == STREAM_GZIP_DATA
518 || rctx.stream == STREAM_SPARSE_GZIP_DATA
519 || rctx.stream == STREAM_WIN32_GZIP_DATA
520 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
521 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
522 rctx.flags |= FO_GZIP;
525 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
526 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
527 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
528 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
530 * Set up a decryption context
532 if (!rctx.cipher_ctx.cipher) {
534 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
535 rctx.extract = false;
540 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
541 &rctx.cipher_ctx.block_size)) == NULL) {
542 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
544 rctx.extract = false;
549 rctx.flags |= FO_ENCRYPT;
552 if (is_win32_stream(rctx.stream) && !have_win32_api()) {
553 set_portable_backup(&rctx.bfd);
555 * "decompose" BackupWrite data
557 rctx.flags |= FO_WIN32DECOMP;
560 if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
561 rctx.flags, &rctx.cipher_ctx) < 0) {
562 rctx.extract = false;
570 * Resource fork stream - only recorded after a file to be restored
571 * Silently ignore if we cannot write - we already reported that
573 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
574 case STREAM_MACOS_FORK_DATA:
575 if (have_darwin_os) {
577 jcr->ff->flags |= FO_HFSPLUS;
579 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
580 rctx.fork_flags |= FO_ENCRYPT;
583 * Set up a decryption context
585 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
587 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
588 rctx.extract = false;
593 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
594 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
596 rctx.extract = false;
604 if (rctx.prev_stream != rctx.stream) {
605 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
606 Jmsg(jcr, M_ERROR, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
607 rctx.extract = false;
611 rctx.fork_size = rsrc_len;
612 Dmsg0(130, "Restoring resource fork\n");
615 if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
616 &rctx.fork_cipher_ctx) < 0) {
617 rctx.extract = false;
618 bclose(&rctx.forkbfd);
627 case STREAM_HFSPLUS_ATTRIBUTES:
628 if (have_darwin_os) {
629 if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
637 case STREAM_UNIX_ACCESS_ACL:
638 case STREAM_UNIX_DEFAULT_ACL:
639 case STREAM_ACL_AIX_TEXT:
640 case STREAM_ACL_DARWIN_ACCESS_ACL:
641 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
642 case STREAM_ACL_FREEBSD_ACCESS_ACL:
643 case STREAM_ACL_HPUX_ACL_ENTRY:
644 case STREAM_ACL_IRIX_DEFAULT_ACL:
645 case STREAM_ACL_IRIX_ACCESS_ACL:
646 case STREAM_ACL_LINUX_DEFAULT_ACL:
647 case STREAM_ACL_LINUX_ACCESS_ACL:
648 case STREAM_ACL_TRU64_DEFAULT_ACL:
649 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
650 case STREAM_ACL_TRU64_ACCESS_ACL:
651 case STREAM_ACL_SOLARIS_ACLENT:
652 case STREAM_ACL_SOLARIS_ACE:
654 * Do not restore ACLs when
655 * a) The current file is not extracted
656 * b) and it is not a directory (they are never "extracted")
657 * c) or the file name is empty
659 if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
663 pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen);
664 jcr->acl_data->content_length = sd->msglen;
665 switch (parse_acl_streams(jcr, rctx.stream)) {
666 case bacl_exit_fatal:
668 case bacl_exit_error:
670 * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
671 * print the error message set by the lower level routine in jcr->errmsg.
673 if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
674 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
676 jcr->acl_data->nr_errors++;
686 case STREAM_XATTR_OPENBSD:
687 case STREAM_XATTR_SOLARIS_SYS:
688 case STREAM_XATTR_SOLARIS:
689 case STREAM_XATTR_DARWIN:
690 case STREAM_XATTR_FREEBSD:
691 case STREAM_XATTR_LINUX:
692 case STREAM_XATTR_NETBSD:
694 * Do not restore Extended Attributes when
695 * a) The current file is not extracted
696 * b) and it is not a directory (they are never "extracted")
697 * c) or the file name is empty
699 if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
703 pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
704 jcr->xattr_data->content_length = sd->msglen;
705 switch (parse_xattr_streams(jcr, rctx.stream)) {
706 case bxattr_exit_fatal:
708 case bxattr_exit_error:
710 * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
711 * print the error message set by the lower level routine in jcr->errmsg.
713 if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
714 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
716 jcr->xattr_data->nr_errors++;
726 case STREAM_SIGNED_DIGEST:
728 * Is this an unexpected signature?
731 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
732 free_signature(rctx);
738 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
739 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
743 case STREAM_MD5_DIGEST:
744 case STREAM_SHA1_DIGEST:
745 case STREAM_SHA256_DIGEST:
746 case STREAM_SHA512_DIGEST:
749 case STREAM_PROGRAM_NAMES:
750 case STREAM_PROGRAM_DATA:
751 if (!non_support_progname) {
752 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
753 non_support_progname++;
757 case STREAM_PLUGIN_NAME:
758 close_previous_stream(rctx);
759 Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
760 plugin_name_stream(jcr, sd->msg);
763 case STREAM_RESTORE_OBJECT:
764 close_previous_stream(rctx);
768 close_previous_stream(rctx);
769 Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
771 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
773 } /* end switch(stream) */
774 } /* end while get_msg() */
777 * If output file is still open, it was the last one in the
778 * archive since we just hit an end of file, so close the file.
780 if (is_bopen(&rctx.forkbfd)) {
781 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
784 close_previous_stream(rctx);
785 set_jcr_job_status(jcr, JS_Terminated);
789 set_jcr_job_status(jcr, JS_ErrorTerminated);
793 * First output the statistics.
795 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
796 edit_uint64(jcr->JobBytes, ec1));
797 if (have_acl && jcr->acl_data->nr_errors > 0) {
798 Jmsg(jcr, M_ERROR, 0, _("Encountered %ld acl errors while doing restore\n"),
799 jcr->acl_data->nr_errors);
801 if (have_xattr && jcr->xattr_data->nr_errors > 0) {
802 Jmsg(jcr, M_ERROR, 0, _("Encountered %ld xattr errors while doing restore\n"),
803 jcr->xattr_data->nr_errors);
805 if (non_support_data > 1 || non_support_attr > 1) {
806 Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
807 non_support_data, non_support_attr);
809 if (non_support_rsrc) {
810 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
812 if (non_support_finfo) {
813 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
815 if (non_support_acl) {
816 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
818 if (non_support_crypto) {
819 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
821 if (non_support_xattr) {
822 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
826 * Free Signature & Crypto Data
828 free_signature(rctx);
830 if (jcr->crypto.digest) {
831 crypto_digest_free(jcr->crypto.digest);
832 jcr->crypto.digest = NULL;
836 * Free file cipher restore context
838 if (rctx.cipher_ctx.cipher) {
839 crypto_cipher_free(rctx.cipher_ctx.cipher);
840 rctx.cipher_ctx.cipher = NULL;
843 if (rctx.cipher_ctx.buf) {
844 free_pool_memory(rctx.cipher_ctx.buf);
845 rctx.cipher_ctx.buf = NULL;
849 * Free alternate stream cipher restore context
851 if (rctx.fork_cipher_ctx.cipher) {
852 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
853 rctx.fork_cipher_ctx.cipher = NULL;
855 if (rctx.fork_cipher_ctx.buf) {
856 free_pool_memory(rctx.fork_cipher_ctx.buf);
857 rctx.fork_cipher_ctx.buf = NULL;
860 if (jcr->compress_buf) {
861 free_pool_memory(jcr->compress_buf);
862 jcr->compress_buf = NULL;
863 jcr->compress_buf_size = 0;
866 if (have_acl && jcr->acl_data) {
867 free_pool_memory(jcr->acl_data->content);
869 jcr->acl_data = NULL;
872 if (have_xattr && jcr->xattr_data) {
873 free_pool_memory(jcr->xattr_data->content);
874 free(jcr->xattr_data);
875 jcr->xattr_data = NULL;
878 bclose(&rctx.forkbfd);
880 free_attr(rctx.attr);
885 * Convert ZLIB error code into an ASCII message
887 static const char *zlib_strerror(int stat)
894 return _("Zlib errno");
896 return _("Zlib stream error");
898 return _("Zlib data error");
900 return _("Zlib memory error");
902 return _("Zlib buffer error");
903 case Z_VERSION_ERROR:
904 return _("Zlib version error");
911 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
913 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
914 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
918 * Verify the signature for the last restored file
919 * Return value is either true (signature correct)
920 * or false (signature could not be verified).
921 * TODO landonf: Implement without using find_one_file and
922 * without re-reading the file.
924 static bool verify_signature(JCR *jcr, r_ctx &rctx)
926 X509_KEYPAIR *keypair;
927 DIGEST *digest = NULL;
929 uint64_t saved_bytes;
930 crypto_digest_t signing_algorithm = have_sha2 ?
931 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
932 crypto_digest_t algorithm;
933 SIGNATURE *sig = rctx.sig;
936 if (!jcr->crypto.pki_sign) {
943 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
944 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
952 * Iterate through the trusted signers
954 foreach_alist(keypair, jcr->crypto.pki_signers) {
955 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
957 case CRYPTO_ERROR_NONE:
958 Dmsg0(50, "== Got digest\n");
960 * We computed jcr->crypto.digest using signing_algorithm while writing
961 * the file. If it is not the same as the algorithm used for
962 * this file, punt by releasing the computed algorithm and
963 * computing by re-reading the file.
965 if (algorithm != signing_algorithm) {
966 if (jcr->crypto.digest) {
967 crypto_digest_free(jcr->crypto.digest);
968 jcr->crypto.digest = NULL;
971 if (jcr->crypto.digest) {
973 * Use digest computed while writing the file to verify the signature
975 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
976 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
977 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
978 jcr->last_fname, crypto_strerror(err));
983 * Signature found, digest allocated. Old method,
984 * re-read the file and compute the digest
986 jcr->crypto.digest = digest;
989 * Checksum the entire file
990 * Make sure we don't modify JobBytes by saving and restoring it
992 saved_bytes = jcr->JobBytes;
993 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
994 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
996 jcr->JobBytes = saved_bytes;
999 jcr->JobBytes = saved_bytes;
1002 * Verify the signature
1004 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
1005 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1006 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1007 jcr->last_fname, crypto_strerror(err));
1010 jcr->crypto.digest = NULL;
1016 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
1017 crypto_digest_free(digest);
1020 case CRYPTO_ERROR_NOSIGNER:
1022 * Signature not found, try again
1025 crypto_digest_free(digest);
1031 * Something strange happened (that shouldn't happen!)...
1033 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
1041 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
1045 crypto_digest_free(digest);
1050 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length)
1055 unser_begin(*data, SPARSE_FADDR_SIZE);
1056 unser_uint64(faddr);
1057 if (*addr != faddr) {
1059 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
1061 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
1062 edit_uint64(*addr, ec1), jcr->last_fname,
1063 be.bstrerror(bfd->berrno));
1067 *data += SPARSE_FADDR_SIZE;
1068 *length -= SPARSE_FADDR_SIZE;
1072 bool decompress_data(JCR *jcr, char **data, uint32_t *length)
1077 char ec1[50]; /* Buffer printing huge values */
1080 * NOTE! We only use uLong and Byte because they are
1081 * needed by the zlib routines, they should not otherwise
1082 * be used in Bacula.
1084 compress_len = jcr->compress_buf_size;
1085 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1086 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1087 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1090 * The buffer size is too small, try with a bigger one
1092 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1093 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1094 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1098 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1099 jcr->last_fname, zlib_strerror(stat));
1102 *data = jcr->compress_buf;
1103 *length = compress_len;
1104 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1107 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1112 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1115 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1116 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1117 unser_uint32(ctx->packet_len);
1118 ctx->packet_len += CRYPTO_LEN_SIZE;
1122 bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp)
1124 if (jcr->crypto.digest) {
1125 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1128 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1130 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1131 jcr->last_fname, be.bstrerror(bfd->berrno));
1134 } else if (bwrite(bfd, data, length) != (ssize_t)length) {
1136 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
1137 jcr->last_fname, be.bstrerror(bfd->berrno));
1145 * In the context of jcr, write data to bfd.
1146 * We write buflen bytes in buf at addr. addr is updated in place.
1147 * The flags specify whether to use sparse files or compression.
1148 * Return value is the number of bytes written, or -1 on errors.
1150 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
1151 uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx)
1153 char *wbuf; /* write buffer */
1154 uint32_t wsize; /* write size */
1155 uint32_t rsize; /* read size */
1156 uint32_t decrypted_len = 0; /* Decryption output length */
1157 char ec1[50]; /* Buffer printing huge values */
1160 jcr->ReadBytes += rsize;
1164 if (flags & FO_ENCRYPT) {
1165 ASSERT(cipher_ctx->cipher);
1168 * NOTE: We must implement block preserving semantics for the
1169 * non-streaming compression and sparse code.
1171 * Grow the crypto buffer, if necessary.
1172 * crypto_cipher_update() will process only whole blocks,
1173 * buffering the remaining input.
1175 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1176 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1179 * Decrypt the input block
1181 if (!crypto_cipher_update(cipher_ctx->cipher,
1182 (const u_int8_t *)wbuf,
1184 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1187 * Decryption failed. Shouldn't happen.
1189 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1193 if (decrypted_len == 0) {
1195 * No full block of encrypted data available, write more data
1200 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1202 cipher_ctx->buf_len += decrypted_len;
1203 wbuf = cipher_ctx->buf;
1206 * If one full preserved block is available, write it to disk,
1207 * and then buffer any remaining data. This should be effecient
1208 * as long as Bacula's block size is not significantly smaller than the
1209 * encryption block size (extremely unlikely!)
1211 unser_crypto_packet_len(cipher_ctx);
1212 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1214 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1216 * No full preserved block is available.
1222 * We have one full block, set up the filter input buffers
1224 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1225 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1226 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1227 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1230 if (flags & FO_SPARSE) {
1231 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1236 if (flags & FO_GZIP) {
1237 if (!decompress_data(jcr, &wbuf, &wsize)) {
1242 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1245 jcr->JobBytes += wsize;
1247 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1250 * Clean up crypto buffers
1252 if (flags & FO_ENCRYPT) {
1253 /* Move any remaining data to start of buffer */
1254 if (cipher_ctx->buf_len > 0) {
1255 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1256 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1257 cipher_ctx->buf_len);
1260 * The packet was successfully written, reset the length so that the next
1261 * packet length may be re-read by unser_crypto_packet_len()
1263 cipher_ctx->packet_len = 0;
1273 * If extracting, close any previous stream
1275 static void close_previous_stream(r_ctx &rctx)
1278 * If extracting, it was from previous stream, so
1279 * close the output file and validate the signature.
1282 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1283 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1284 Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1285 is_bopen(&rctx.bfd));
1288 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1289 deallocate_cipher(rctx);
1290 deallocate_fork_cipher(rctx);
1293 if (rctx.jcr->plugin) {
1294 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1296 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1298 rctx.extract = false;
1301 * Verify the cryptographic signature, if any
1303 rctx.type = rctx.attr->type;
1304 verify_signature(rctx.jcr, rctx);
1309 free_signature(rctx);
1311 rctx.jcr->ff->flags = 0;
1312 Dmsg0(130, "Stop extracting.\n");
1313 } else if (is_bopen(&rctx.bfd)) {
1314 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1315 Dmsg0(000, "=== logic error !open\n");
1322 * In the context of jcr, flush any remaining data from the cipher context,
1323 * writing it to bfd.
1324 * Return value is true on success, false on failure.
1326 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
1327 RESTORE_CIPHER_CTX *cipher_ctx)
1329 uint32_t decrypted_len = 0;
1330 char *wbuf; /* write buffer */
1331 uint32_t wsize; /* write size */
1332 char ec1[50]; /* Buffer printing huge values */
1333 bool second_pass = false;
1337 * Write out the remaining block and free the cipher context
1339 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
1340 cipher_ctx->block_size);
1342 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1345 * Writing out the final, buffered block failed. Shouldn't happen.
1347 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1348 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1351 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1353 * If nothing new was decrypted, and our output buffer is empty, return
1355 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1359 cipher_ctx->buf_len += decrypted_len;
1361 unser_crypto_packet_len(cipher_ctx);
1362 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1363 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1365 * Decrypted, possibly decompressed output here.
1367 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
1368 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1369 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1371 if (flags & FO_SPARSE) {
1372 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1377 if (flags & FO_GZIP) {
1378 if (!decompress_data(jcr, &wbuf, &wsize)) {
1383 Dmsg0(130, "Call store_data\n");
1384 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1387 jcr->JobBytes += wsize;
1388 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1391 * Move any remaining data to start of buffer
1393 if (cipher_ctx->buf_len > 0) {
1394 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1395 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1396 cipher_ctx->buf_len);
1399 * The packet was successfully written, reset the length so that the next
1400 * packet length may be re-read by unser_crypto_packet_len()
1402 cipher_ctx->packet_len = 0;
1404 if (cipher_ctx->buf_len >0 && !second_pass) {
1412 cipher_ctx->buf_len = 0;
1413 cipher_ctx->packet_len = 0;
1418 static void deallocate_cipher(r_ctx &rctx)
1421 * Flush and deallocate previous stream's cipher context
1423 if (rctx.cipher_ctx.cipher) {
1424 flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx);
1425 crypto_cipher_free(rctx.cipher_ctx.cipher);
1426 rctx.cipher_ctx.cipher = NULL;
1430 static void deallocate_fork_cipher(r_ctx &rctx)
1434 * Flush and deallocate previous stream's fork cipher context
1436 if (rctx.fork_cipher_ctx.cipher) {
1437 flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx);
1438 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1439 rctx.fork_cipher_ctx.cipher = NULL;
1443 static void free_signature(r_ctx &rctx)
1446 crypto_sign_free(rctx.sig);
1451 static void free_session(r_ctx &rctx)
1454 crypto_session_free(rctx.cs);
1461 * This code if implemented goes above
1463 #ifdef stbernard_implemented
1464 / #if defined(HAVE_WIN32)
1465 bool bResumeOfmOnExit = FALSE;
1466 if (isOpenFileManagerRunning()) {
1467 if ( pauseOpenFileManager() ) {
1468 Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") );
1469 bResumeOfmOnExit = TRUE;
1472 Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") );
1476 char username[UNLEN+1];
1477 DWORD usize = sizeof(username);
1478 int privs = enable_backup_privileges(NULL, 1);
1479 if (GetUserName(username, &usize)) {
1480 Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username,
1482 Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n"));