2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2012 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version three of the GNU Affero General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU Affero General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon restore.c Restorefiles.
31 * Kern Sibbald, November MM
42 const bool have_darwin_os = true;
44 const bool have_darwin_os = false;
47 #if defined(HAVE_CRYPTO)
48 const bool have_crypto = true;
50 const bool have_crypto = false;
54 const bool have_acl = true;
56 const bool have_acl = false;
60 const bool have_sha2 = true;
62 const bool have_sha2 = false;
65 #if defined(HAVE_XATTR)
66 const bool have_xattr = true;
68 const bool have_xattr = false;
72 * Data received from Storage Daemon
74 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
77 * Forward referenced functions
79 #if defined(HAVE_LIBZ)
80 static const char *zlib_strerror(int stat);
81 const bool have_libz = true;
83 const bool have_libz = false;
86 const bool have_lzo = true;
88 const bool have_lzo = false;
91 static void deallocate_cipher(r_ctx &rctx);
92 static void deallocate_fork_cipher(r_ctx &rctx);
93 static void free_signature(r_ctx &rctx);
94 static void free_session(r_ctx &rctx);
95 static bool close_previous_stream(JCR *jcr, r_ctx &rctx);
96 static bool verify_signature(JCR *jcr, r_ctx &rctx);
97 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
98 uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx);
99 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
100 RESTORE_CIPHER_CTX *cipher_ctx);
103 * Close a bfd check that we are at the expected file offset.
104 * Makes use of some code from set_attributes().
106 static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
108 char ec1[50], ec2[50];
111 fsize = blseek(bfd, 0, SEEK_CUR);
113 if (fsize > 0 && fsize != osize) {
114 Qmsg3(jcr, M_WARNING, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
115 jcr->last_fname, edit_uint64(osize, ec1),
116 edit_uint64(fsize, ec2));
122 #ifdef HAVE_DARWIN_OS
123 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
125 struct attrlist attrList;
127 memset(&attrList, 0, sizeof(attrList));
128 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
129 attrList.commonattr = ATTR_CMN_FNDRINFO;
131 Dmsg0(130, "Restoring Finder Info\n");
132 jcr->ff->flags |= FO_HFSPLUS;
134 Jmsg(jcr, M_WARNING, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
138 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
139 Jmsg(jcr, M_WARNING, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
146 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
153 * Cleanup of delayed restore stack with streams for later
156 static inline void drop_delayed_restore_streams(r_ctx &rctx, bool reuse)
158 RESTORE_DATA_STREAM *rds;
160 if (!rctx.delayed_streams ||
161 rctx.delayed_streams->empty()) {
165 foreach_alist(rds, rctx.delayed_streams) {
169 rctx.delayed_streams->destroy();
171 rctx.delayed_streams->init(10, owned_by_alist);
176 * Push a data stream onto the delayed restore stack for
179 static inline void push_delayed_restore_stream(r_ctx &rctx, BSOCK *sd)
181 RESTORE_DATA_STREAM *rds;
183 if (!rctx.delayed_streams) {
184 rctx.delayed_streams = New(alist(10, owned_by_alist));
187 rds = (RESTORE_DATA_STREAM *)malloc(sizeof(RESTORE_DATA_STREAM));
188 rds->stream = rctx.stream;
189 rds->content = (char *)malloc(sd->msglen);
190 memcpy(rds->content, sd->msg, sd->msglen);
191 rds->content_length = sd->msglen;
193 rctx.delayed_streams->append(rds);
197 * Perform a restore of an ACL using the stream received.
198 * This can either be a delayed restore or direct restore.
200 static inline bool do_restore_acl(JCR *jcr,
203 uint32_t content_length)
206 switch (parse_acl_streams(jcr, stream, content, content_length)) {
207 case bacl_exit_fatal:
209 case bacl_exit_error:
211 * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
212 * print the error message set by the lower level routine in jcr->errmsg.
214 if (jcr->acl_data->u.parse->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
215 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
217 jcr->acl_data->u.parse->nr_errors++;
226 * Perform a restore of an XATTR using the stream received.
227 * This can either be a delayed restore or direct restore.
229 static inline bool do_restore_xattr(JCR *jcr,
232 uint32_t content_length)
234 switch (parse_xattr_streams(jcr, stream, content, content_length)) {
235 case bxattr_exit_fatal:
237 case bxattr_exit_error:
239 * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
240 * print the error message set by the lower level routine in jcr->errmsg.
242 if (jcr->xattr_data->u.parse->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
243 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
245 jcr->xattr_data->u.parse->nr_errors++;
254 * Restore any data streams that are restored after the file
255 * is fully restored and has its attributes restored. Things
256 * like acls and xattr are restored after we set the file
257 * attributes otherwise we might clear some security flags
258 * by setting the attributes.
260 static inline bool pop_delayed_data_streams(JCR *jcr, r_ctx &rctx)
262 RESTORE_DATA_STREAM *rds;
265 * See if there is anything todo.
267 if (!rctx.delayed_streams ||
268 rctx.delayed_streams->empty()) {
273 * Only process known delayed data streams here.
274 * If you start using more delayed data streams
275 * be sure to add them in this loop and add the
278 * Currently we support delayed data stream
279 * processing for the following type of streams:
283 foreach_alist(rds, rctx.delayed_streams) {
284 switch (rds->stream) {
285 case STREAM_UNIX_ACCESS_ACL:
286 case STREAM_UNIX_DEFAULT_ACL:
287 case STREAM_ACL_AIX_TEXT:
288 case STREAM_ACL_DARWIN_ACCESS_ACL:
289 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
290 case STREAM_ACL_FREEBSD_ACCESS_ACL:
291 case STREAM_ACL_HPUX_ACL_ENTRY:
292 case STREAM_ACL_IRIX_DEFAULT_ACL:
293 case STREAM_ACL_IRIX_ACCESS_ACL:
294 case STREAM_ACL_LINUX_DEFAULT_ACL:
295 case STREAM_ACL_LINUX_ACCESS_ACL:
296 case STREAM_ACL_TRU64_DEFAULT_ACL:
297 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
298 case STREAM_ACL_TRU64_ACCESS_ACL:
299 case STREAM_ACL_SOLARIS_ACLENT:
300 case STREAM_ACL_SOLARIS_ACE:
301 case STREAM_ACL_AFS_TEXT:
302 case STREAM_ACL_AIX_AIXC:
303 case STREAM_ACL_AIX_NFS4:
304 case STREAM_ACL_FREEBSD_NFS4_ACL:
305 if (!do_restore_acl(jcr, rds->stream, rds->content, rds->content_length)) {
310 case STREAM_XATTR_IRIX:
311 case STREAM_XATTR_TRU64:
312 case STREAM_XATTR_AIX:
313 case STREAM_XATTR_OPENBSD:
314 case STREAM_XATTR_SOLARIS_SYS:
315 case STREAM_XATTR_DARWIN:
316 case STREAM_XATTR_FREEBSD:
317 case STREAM_XATTR_LINUX:
318 case STREAM_XATTR_NETBSD:
319 if (!do_restore_xattr(jcr, rds->stream, rds->content, rds->content_length)) {
325 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
332 * We processed the stack so we can destroy it.
334 rctx.delayed_streams->destroy();
337 * (Re)Initialize the stack for a new use.
339 rctx.delayed_streams->init(10, owned_by_alist);
346 * Destroy the content of the stack and (re)initialize it for a new use.
348 drop_delayed_restore_streams(rctx, true);
354 * Restore the requested files.
356 void do_restore(JCR *jcr)
359 uint32_t VolSessionId, VolSessionTime;
361 char ec1[50]; /* Buffer printing huge values */
362 uint32_t buf_size; /* client buffer size */
364 int64_t rsrc_len = 0; /* Original length of resource fork */
367 /* ***FIXME*** make configurable */
368 crypto_digest_t signing_algorithm = have_sha2 ?
369 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
370 memset(&rctx, 0, sizeof(rctx));
374 * The following variables keep track of "known unknowns"
376 int non_support_data = 0;
377 int non_support_attr = 0;
378 int non_support_rsrc = 0;
379 int non_support_finfo = 0;
380 int non_support_acl = 0;
381 int non_support_progname = 0;
382 int non_support_crypto = 0;
383 int non_support_xattr = 0;
385 sd = jcr->store_bsock;
386 jcr->setJobStatus(JS_Running);
389 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
392 buf_size = client->max_network_buffer_size;
394 buf_size = 0; /* use default */
396 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
397 jcr->setJobStatus(JS_ErrorTerminated);
400 jcr->buf_size = sd->msglen;
403 * St Bernard code goes here if implemented -- see end of file
406 /* use the same buffer size to decompress both gzip and lzo */
407 if (have_libz || have_lzo) {
408 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
409 jcr->compress_buf = get_memory(compress_buf_size);
410 jcr->compress_buf_size = compress_buf_size;
414 if (lzo_init() != LZO_E_OK) {
415 Jmsg(jcr, M_FATAL, 0, _("LZO init failed\n"));
421 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
422 if (have_darwin_os) {
423 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
428 * Get a record from the Storage daemon. We are guaranteed to
429 * receive records in the following order:
430 * 1. Stream record header
431 * 2. Stream data (one or more of the following in the order given)
432 * a. Attributes (Unix or Win32)
433 * b. Possibly stream encryption session data (e.g., symmetric session key)
434 * c. File data for the file
435 * d. Alternate data stream (e.g. Resource Fork)
439 * h. Possibly a cryptographic signature
440 * i. Possibly MD5 or SHA1 record
443 * NOTE: We keep track of two bacula file descriptors:
444 * 1. bfd for file data.
445 * This fd is opened for non empty files when an attribute stream is
446 * encountered and closed when we find the next attribute stream.
447 * 2. fork_bfd for alternate data streams
448 * This fd is opened every time we encounter a new alternate data
449 * stream for the current file. When we find any other stream, we
451 * The expected size of the stream, fork_len, should be set when
453 * 3. Not all the stream data records are required -- e.g. if there
454 * is no fork, there is no alternate data stream, no ACL, ...
457 binit(&rctx.forkbfd);
458 attr = rctx.attr = new_attr(jcr);
460 jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
461 memset(jcr->acl_data, 0, sizeof(acl_data_t));
462 jcr->acl_data->u.parse = (acl_parse_data_t *)malloc(sizeof(acl_parse_data_t));
463 memset(jcr->acl_data->u.parse, 0, sizeof(acl_parse_data_t));
466 jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
467 memset(jcr->xattr_data, 0, sizeof(xattr_data_t));
468 jcr->xattr_data->u.parse = (xattr_parse_data_t *)malloc(sizeof(xattr_parse_data_t));
469 memset(jcr->xattr_data->u.parse, 0, sizeof(xattr_parse_data_t));
472 while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
474 * Remember previous stream type
476 rctx.prev_stream = rctx.stream;
479 * First we expect a Stream Record Header
481 if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
482 &rctx.full_stream, &rctx.size) != 5) {
483 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
486 /* Strip off new stream high bits */
487 rctx.stream = rctx.full_stream & STREAMMASK_TYPE;
488 Dmsg5(150, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
489 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
492 * Now we expect the Stream Data
494 if (bget_msg(sd) < 0) {
495 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
498 if (rctx.size != (uint32_t)sd->msglen) {
499 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
500 sd->msglen, rctx.size);
501 Dmsg2(50, "Actual data size %d not same as header %d\n",
502 sd->msglen, rctx.size);
505 Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
506 sd->msglen, rctx.extract);
509 * If we change streams, close and reset alternate data streams
511 if (rctx.prev_stream != rctx.stream) {
512 if (is_bopen(&rctx.forkbfd)) {
513 deallocate_fork_cipher(rctx);
514 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
517 * Use an impossible value and set a proper one below
524 * File Attributes stream
526 switch (rctx.stream) {
527 case STREAM_UNIX_ATTRIBUTES:
528 case STREAM_UNIX_ATTRIBUTES_EX:
530 * if any previous stream open, close it
532 if (!close_previous_stream(jcr, rctx)) {
537 * TODO: manage deleted files
539 if (rctx.type == FT_DELETED) { /* deleted file */
543 * Restore objects should be ignored here -- they are
544 * returned at the beginning of the restore.
546 if (IS_FT_OBJECT(rctx.type)) {
551 * Unpack attributes and do sanity check them
553 if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) {
557 Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
558 attr->attr, attr->attrEx);
559 Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen,
560 strlen(attr->attrEx), sd->msg);
562 attr->data_stream = decode_stat(attr->attr, &attr->statp, sizeof(attr->statp), &attr->LinkFI);
564 if (!is_restore_stream_supported(attr->data_stream)) {
565 if (!non_support_data++) {
566 Jmsg(jcr, M_WARNING, 0, _("%s stream not supported on this Client.\n"),
567 stream_to_ascii(attr->data_stream));
572 build_attr_output_fnames(jcr, attr);
575 * Try to actually create the file, which returns a status telling
576 * us if we need to extract or not.
578 jcr->num_files_examined++;
579 rctx.extract = false;
580 stat = CF_CORE; /* By default, let Bacula's core handle it */
583 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
586 if (stat == CF_CORE) {
587 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
590 pm_strcpy(jcr->last_fname, attr->ofname);
591 jcr->last_type = attr->type;
593 Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
601 * File created and we expect file data
609 * File created, but there is no content
612 print_ls_output(jcr, attr);
614 if (have_darwin_os) {
616 * Only restore the resource fork for regular files
618 from_base64(&rsrc_len, attr->attrEx);
619 if (attr->type == FT_REG && rsrc_len > 0) {
624 * Do not count the resource forks as regular files being restored.
635 * set attributes now because file will not be extracted
638 plugin_set_attributes(jcr, attr, &rctx.bfd);
640 set_attributes(jcr, attr, &rctx.bfd);
650 case STREAM_ENCRYPTED_SESSION_DATA:
651 crypto_error_t cryptoerr;
654 * Is this an unexpected session data entry?
657 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
658 rctx.extract = false;
664 * Do we have any keys at all?
666 if (!jcr->crypto.pki_recipients) {
667 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
668 rctx.extract = false;
673 if (jcr->crypto.digest) {
674 crypto_digest_free(jcr->crypto.digest);
676 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
677 if (!jcr->crypto.digest) {
678 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
679 rctx.extract = false;
685 * Decode and save session keys.
687 cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
688 jcr->crypto.pki_recipients, &rctx.cs);
690 case CRYPTO_ERROR_NONE:
695 case CRYPTO_ERROR_NORECIPIENT:
696 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
698 case CRYPTO_ERROR_DECRYPTION:
699 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
705 Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
709 if (cryptoerr != CRYPTO_ERROR_NONE) {
710 rctx.extract = false;
717 case STREAM_FILE_DATA:
718 case STREAM_SPARSE_DATA:
719 case STREAM_WIN32_DATA:
720 case STREAM_GZIP_DATA:
721 case STREAM_SPARSE_GZIP_DATA:
722 case STREAM_WIN32_GZIP_DATA:
723 case STREAM_COMPRESSED_DATA:
724 case STREAM_SPARSE_COMPRESSED_DATA:
725 case STREAM_WIN32_COMPRESSED_DATA:
726 case STREAM_ENCRYPTED_FILE_DATA:
727 case STREAM_ENCRYPTED_WIN32_DATA:
728 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
729 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
730 case STREAM_ENCRYPTED_FILE_COMPRESSED_DATA:
731 case STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA:
733 * Force an expected, consistent stream type here
735 if (rctx.extract && (rctx.prev_stream == rctx.stream
736 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
737 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
738 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
741 if (rctx.stream == STREAM_SPARSE_DATA
742 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
743 || rctx.stream == STREAM_SPARSE_GZIP_DATA) {
744 rctx.flags |= FO_SPARSE;
747 if (rctx.stream == STREAM_GZIP_DATA
748 || rctx.stream == STREAM_SPARSE_GZIP_DATA
749 || rctx.stream == STREAM_WIN32_GZIP_DATA
750 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
751 || rctx.stream == STREAM_COMPRESSED_DATA
752 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
753 || rctx.stream == STREAM_WIN32_COMPRESSED_DATA
754 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
755 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
756 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
757 rctx.flags |= FO_COMPRESS;
758 rctx.comp_stream = rctx.stream;
761 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
762 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
763 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
764 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
765 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
766 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
768 * Set up a decryption context
770 if (!rctx.cipher_ctx.cipher) {
772 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
773 rctx.extract = false;
778 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
779 &rctx.cipher_ctx.block_size)) == NULL) {
780 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
782 rctx.extract = false;
787 rctx.flags |= FO_ENCRYPT;
790 if (is_win32_stream(rctx.stream) && !have_win32_api()) {
791 set_portable_backup(&rctx.bfd);
793 * "decompose" BackupWrite data
795 rctx.flags |= FO_WIN32DECOMP;
798 if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
799 rctx.flags, rctx.stream, &rctx.cipher_ctx) < 0) {
800 rctx.extract = false;
808 * Resource fork stream - only recorded after a file to be restored
809 * Silently ignore if we cannot write - we already reported that
811 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
812 case STREAM_MACOS_FORK_DATA:
813 if (have_darwin_os) {
815 jcr->ff->flags |= FO_HFSPLUS;
817 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
818 rctx.fork_flags |= FO_ENCRYPT;
821 * Set up a decryption context
823 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
825 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
826 rctx.extract = false;
831 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
832 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
834 rctx.extract = false;
842 if (rctx.prev_stream != rctx.stream) {
843 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
844 Jmsg(jcr, M_WARNING, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
845 rctx.extract = false;
849 rctx.fork_size = rsrc_len;
850 Dmsg0(130, "Restoring resource fork\n");
853 if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
854 rctx.stream, &rctx.fork_cipher_ctx) < 0) {
855 rctx.extract = false;
856 bclose(&rctx.forkbfd);
865 case STREAM_HFSPLUS_ATTRIBUTES:
866 if (have_darwin_os) {
867 if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
875 case STREAM_UNIX_ACCESS_ACL:
876 case STREAM_UNIX_DEFAULT_ACL:
877 case STREAM_ACL_AIX_TEXT:
878 case STREAM_ACL_DARWIN_ACCESS_ACL:
879 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
880 case STREAM_ACL_FREEBSD_ACCESS_ACL:
881 case STREAM_ACL_HPUX_ACL_ENTRY:
882 case STREAM_ACL_IRIX_DEFAULT_ACL:
883 case STREAM_ACL_IRIX_ACCESS_ACL:
884 case STREAM_ACL_LINUX_DEFAULT_ACL:
885 case STREAM_ACL_LINUX_ACCESS_ACL:
886 case STREAM_ACL_TRU64_DEFAULT_ACL:
887 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
888 case STREAM_ACL_TRU64_ACCESS_ACL:
889 case STREAM_ACL_SOLARIS_ACLENT:
890 case STREAM_ACL_SOLARIS_ACE:
891 case STREAM_ACL_AFS_TEXT:
892 case STREAM_ACL_AIX_AIXC:
893 case STREAM_ACL_AIX_NFS4:
894 case STREAM_ACL_FREEBSD_NFS4_ACL:
896 * Do not restore ACLs when
897 * a) The current file is not extracted
898 * b) and it is not a directory (they are never "extracted")
899 * c) or the file name is empty
901 if ((!rctx.extract &&
902 jcr->last_type != FT_DIREND) ||
903 (*jcr->last_fname == 0)) {
908 * For anything that is not a directory we delay
909 * the restore of acls till a later stage.
911 if (jcr->last_type != FT_DIREND) {
912 push_delayed_restore_stream(rctx, sd);
914 if (!do_restore_acl(jcr, rctx.stream, sd->msg, sd->msglen)) {
923 case STREAM_XATTR_IRIX:
924 case STREAM_XATTR_TRU64:
925 case STREAM_XATTR_AIX:
926 case STREAM_XATTR_OPENBSD:
927 case STREAM_XATTR_SOLARIS_SYS:
928 case STREAM_XATTR_DARWIN:
929 case STREAM_XATTR_FREEBSD:
930 case STREAM_XATTR_LINUX:
931 case STREAM_XATTR_NETBSD:
933 * Do not restore Extended Attributes when
934 * a) The current file is not extracted
935 * b) and it is not a directory (they are never "extracted")
936 * c) or the file name is empty
938 if ((!rctx.extract &&
939 jcr->last_type != FT_DIREND) ||
940 (*jcr->last_fname == 0)) {
945 * For anything that is not a directory we delay
946 * the restore of xattr till a later stage.
948 if (jcr->last_type != FT_DIREND) {
949 push_delayed_restore_stream(rctx, sd);
951 if (!do_restore_xattr(jcr, rctx.stream, sd->msg, sd->msglen)) {
960 case STREAM_XATTR_SOLARIS:
962 * Do not restore Extended Attributes when
963 * a) The current file is not extracted
964 * b) and it is not a directory (they are never "extracted")
965 * c) or the file name is empty
967 if ((!rctx.extract &&
968 jcr->last_type != FT_DIREND) ||
969 (*jcr->last_fname == 0)) {
973 if (!do_restore_xattr(jcr, rctx.stream, sd->msg, sd->msglen)) {
981 case STREAM_SIGNED_DIGEST:
983 * Is this an unexpected signature?
986 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
987 free_signature(rctx);
993 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
994 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
998 case STREAM_MD5_DIGEST:
999 case STREAM_SHA1_DIGEST:
1000 case STREAM_SHA256_DIGEST:
1001 case STREAM_SHA512_DIGEST:
1004 case STREAM_PROGRAM_NAMES:
1005 case STREAM_PROGRAM_DATA:
1006 if (!non_support_progname) {
1007 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
1008 non_support_progname++;
1012 case STREAM_PLUGIN_NAME:
1013 if (!close_previous_stream(jcr, rctx)) {
1016 Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
1017 plugin_name_stream(jcr, sd->msg);
1020 case STREAM_RESTORE_OBJECT:
1021 break; /* these are sent by Director */
1024 if (!close_previous_stream(jcr, rctx)) {
1027 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
1029 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
1031 } /* end switch(stream) */
1032 } /* end while get_msg() */
1035 * If output file is still open, it was the last one in the
1036 * archive since we just hit an end of file, so close the file.
1038 if (is_bopen(&rctx.forkbfd)) {
1039 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
1042 if (!close_previous_stream(jcr, rctx)) {
1045 jcr->setJobStatus(JS_Terminated);
1049 jcr->setJobStatus(JS_ErrorTerminated);
1053 * First output the statistics.
1055 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
1056 edit_uint64(jcr->JobBytes, ec1));
1057 if (have_acl && jcr->acl_data->u.parse->nr_errors > 0) {
1058 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld acl errors while doing restore\n"),
1059 jcr->acl_data->u.parse->nr_errors);
1061 if (have_xattr && jcr->xattr_data->u.parse->nr_errors > 0) {
1062 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld xattr errors while doing restore\n"),
1063 jcr->xattr_data->u.parse->nr_errors);
1065 if (non_support_data > 1 || non_support_attr > 1) {
1066 Jmsg(jcr, M_WARNING, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
1067 non_support_data, non_support_attr);
1069 if (non_support_rsrc) {
1070 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
1072 if (non_support_finfo) {
1073 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_finfo);
1075 if (non_support_acl) {
1076 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
1078 if (non_support_crypto) {
1079 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
1081 if (non_support_xattr) {
1082 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
1086 * Free Signature & Crypto Data
1088 free_signature(rctx);
1090 if (jcr->crypto.digest) {
1091 crypto_digest_free(jcr->crypto.digest);
1092 jcr->crypto.digest = NULL;
1096 * Free file cipher restore context
1098 if (rctx.cipher_ctx.cipher) {
1099 crypto_cipher_free(rctx.cipher_ctx.cipher);
1100 rctx.cipher_ctx.cipher = NULL;
1103 if (rctx.cipher_ctx.buf) {
1104 free_pool_memory(rctx.cipher_ctx.buf);
1105 rctx.cipher_ctx.buf = NULL;
1109 * Free alternate stream cipher restore context
1111 if (rctx.fork_cipher_ctx.cipher) {
1112 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1113 rctx.fork_cipher_ctx.cipher = NULL;
1115 if (rctx.fork_cipher_ctx.buf) {
1116 free_pool_memory(rctx.fork_cipher_ctx.buf);
1117 rctx.fork_cipher_ctx.buf = NULL;
1120 if (jcr->compress_buf) {
1121 free_pool_memory(jcr->compress_buf);
1122 jcr->compress_buf = NULL;
1123 jcr->compress_buf_size = 0;
1126 if (have_acl && jcr->acl_data) {
1127 free(jcr->acl_data->u.parse);
1128 free(jcr->acl_data);
1129 jcr->acl_data = NULL;
1132 if (have_xattr && jcr->xattr_data) {
1133 free(jcr->xattr_data->u.parse);
1134 free(jcr->xattr_data);
1135 jcr->xattr_data = NULL;
1139 * Free the delayed stream stack list.
1141 if (rctx.delayed_streams) {
1142 drop_delayed_restore_streams(rctx, false);
1143 delete rctx.delayed_streams;
1146 bclose(&rctx.forkbfd);
1148 free_attr(rctx.attr);
1153 * Convert ZLIB error code into an ASCII message
1155 static const char *zlib_strerror(int stat)
1162 return _("Zlib errno");
1163 case Z_STREAM_ERROR:
1164 return _("Zlib stream error");
1166 return _("Zlib data error");
1168 return _("Zlib memory error");
1170 return _("Zlib buffer error");
1171 case Z_VERSION_ERROR:
1172 return _("Zlib version error");
1179 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
1181 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
1182 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
1186 * Verify the signature for the last restored file
1187 * Return value is either true (signature correct)
1188 * or false (signature could not be verified).
1189 * TODO landonf: Implement without using find_one_file and
1190 * without re-reading the file.
1192 static bool verify_signature(JCR *jcr, r_ctx &rctx)
1194 X509_KEYPAIR *keypair;
1195 DIGEST *digest = NULL;
1197 uint64_t saved_bytes;
1198 crypto_digest_t signing_algorithm = have_sha2 ?
1199 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
1200 crypto_digest_t algorithm;
1201 SIGNATURE *sig = rctx.sig;
1204 if (!jcr->crypto.pki_sign) {
1211 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
1212 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
1220 * Iterate through the trusted signers
1222 foreach_alist(keypair, jcr->crypto.pki_signers) {
1223 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
1225 case CRYPTO_ERROR_NONE:
1226 Dmsg0(50, "== Got digest\n");
1228 * We computed jcr->crypto.digest using signing_algorithm while writing
1229 * the file. If it is not the same as the algorithm used for
1230 * this file, punt by releasing the computed algorithm and
1231 * computing by re-reading the file.
1233 if (algorithm != signing_algorithm) {
1234 if (jcr->crypto.digest) {
1235 crypto_digest_free(jcr->crypto.digest);
1236 jcr->crypto.digest = NULL;
1239 if (jcr->crypto.digest) {
1241 * Use digest computed while writing the file to verify the signature
1243 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
1244 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1245 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1246 jcr->last_fname, crypto_strerror(err));
1251 * Signature found, digest allocated. Old method,
1252 * re-read the file and compute the digest
1254 jcr->crypto.digest = digest;
1257 * Checksum the entire file
1258 * Make sure we don't modify JobBytes by saving and restoring it
1260 saved_bytes = jcr->JobBytes;
1261 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
1262 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
1264 jcr->JobBytes = saved_bytes;
1267 jcr->JobBytes = saved_bytes;
1270 * Verify the signature
1272 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
1273 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1274 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1275 jcr->last_fname, crypto_strerror(err));
1278 jcr->crypto.digest = NULL;
1284 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
1285 crypto_digest_free(digest);
1288 case CRYPTO_ERROR_NOSIGNER:
1290 * Signature not found, try again
1293 crypto_digest_free(digest);
1299 * Something strange happened (that shouldn't happen!)...
1301 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
1309 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
1313 crypto_digest_free(digest);
1318 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length)
1323 unser_begin(*data, OFFSET_FADDR_SIZE);
1324 unser_uint64(faddr);
1325 if (*addr != faddr) {
1327 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
1329 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
1330 edit_uint64(*addr, ec1), jcr->last_fname,
1331 be.bstrerror(bfd->berrno));
1335 *data += OFFSET_FADDR_SIZE;
1336 *length -= OFFSET_FADDR_SIZE;
1340 bool decompress_data(JCR *jcr, int32_t stream, char **data, uint32_t *length)
1342 #if defined(HAVE_LZO) || defined(HAVE_LIBZ)
1343 char ec1[50]; /* Buffer printing huge values */
1346 Dmsg1(200, "Stream found in decompress_data(): %d\n", stream);
1347 if(stream == STREAM_COMPRESSED_DATA || stream == STREAM_SPARSE_COMPRESSED_DATA || stream == STREAM_WIN32_COMPRESSED_DATA
1348 || stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA || stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA)
1350 uint32_t comp_magic, comp_len;
1351 uint16_t comp_level, comp_version;
1353 lzo_uint compress_len;
1354 const unsigned char *cbuf;
1355 int r, real_compress_len;
1358 /* read compress header */
1360 unser_begin(*data, sizeof(comp_stream_header));
1361 unser_uint32(comp_magic);
1362 unser_uint32(comp_len);
1363 unser_uint16(comp_level);
1364 unser_uint16(comp_version);
1365 Dmsg4(200, "Compressed data stream found: magic=0x%x, len=%d, level=%d, ver=0x%x\n", comp_magic, comp_len,
1366 comp_level, comp_version);
1369 if (comp_version != COMP_HEAD_VERSION) {
1370 Qmsg(jcr, M_ERROR, 0, _("Compressed header version error. version=0x%x\n"), comp_version);
1374 if (comp_len + sizeof(comp_stream_header) != *length) {
1375 Qmsg(jcr, M_ERROR, 0, _("Compressed header size error. comp_len=%d, msglen=%d\n"),
1379 switch(comp_magic) {
1381 case COMPRESS_LZO1X:
1382 compress_len = jcr->compress_buf_size;
1383 cbuf = (const unsigned char*)*data + sizeof(comp_stream_header);
1384 real_compress_len = *length - sizeof(comp_stream_header);
1385 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1386 while ((r=lzo1x_decompress_safe(cbuf, real_compress_len,
1387 (unsigned char *)jcr->compress_buf, &compress_len, NULL)) == LZO_E_OUTPUT_OVERRUN)
1390 * The buffer size is too small, try with a bigger one
1392 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1393 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1394 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1397 if (r != LZO_E_OK) {
1398 Qmsg(jcr, M_ERROR, 0, _("LZO uncompression error on file %s. ERR=%d\n"),
1399 jcr->last_fname, r);
1402 *data = jcr->compress_buf;
1403 *length = compress_len;
1404 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1408 Qmsg(jcr, M_ERROR, 0, _("Compression algorithm 0x%x found, but not supported!\n"), comp_magic);
1417 * NOTE! We only use uLong and Byte because they are
1418 * needed by the zlib routines, they should not otherwise
1419 * be used in Bacula.
1421 compress_len = jcr->compress_buf_size;
1422 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1423 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1424 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1427 * The buffer size is too small, try with a bigger one
1429 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1430 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1431 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1435 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1436 jcr->last_fname, zlib_strerror(stat));
1439 *data = jcr->compress_buf;
1440 *length = compress_len;
1441 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1444 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1450 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1453 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1454 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1455 unser_uint32(ctx->packet_len);
1456 ctx->packet_len += CRYPTO_LEN_SIZE;
1460 bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp)
1462 if (jcr->crypto.digest) {
1463 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1466 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1468 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1469 jcr->last_fname, be.bstrerror(bfd->berrno));
1472 } else if (bwrite(bfd, data, length) != (ssize_t)length) {
1474 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
1475 jcr->last_fname, be.bstrerror(bfd->berrno));
1483 * In the context of jcr, write data to bfd.
1484 * We write buflen bytes in buf at addr. addr is updated in place.
1485 * The flags specify whether to use sparse files or compression.
1486 * Return value is the number of bytes written, or -1 on errors.
1488 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
1489 uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx)
1491 char *wbuf; /* write buffer */
1492 uint32_t wsize; /* write size */
1493 uint32_t rsize; /* read size */
1494 uint32_t decrypted_len = 0; /* Decryption output length */
1495 char ec1[50]; /* Buffer printing huge values */
1498 jcr->ReadBytes += rsize;
1502 if (flags & FO_ENCRYPT) {
1503 ASSERT(cipher_ctx->cipher);
1506 * NOTE: We must implement block preserving semantics for the
1507 * non-streaming compression and sparse code.
1509 * Grow the crypto buffer, if necessary.
1510 * crypto_cipher_update() will process only whole blocks,
1511 * buffering the remaining input.
1513 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1514 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1517 * Decrypt the input block
1519 if (!crypto_cipher_update(cipher_ctx->cipher,
1520 (const u_int8_t *)wbuf,
1522 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1525 * Decryption failed. Shouldn't happen.
1527 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1531 if (decrypted_len == 0) {
1533 * No full block of encrypted data available, write more data
1538 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1540 cipher_ctx->buf_len += decrypted_len;
1541 wbuf = cipher_ctx->buf;
1544 * If one full preserved block is available, write it to disk,
1545 * and then buffer any remaining data. This should be effecient
1546 * as long as Bacula's block size is not significantly smaller than the
1547 * encryption block size (extremely unlikely!)
1549 unser_crypto_packet_len(cipher_ctx);
1550 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1552 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1554 * No full preserved block is available.
1560 * We have one full block, set up the filter input buffers
1562 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1563 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1564 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1565 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1568 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1569 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1574 if (flags & FO_COMPRESS) {
1575 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1580 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1583 jcr->JobBytes += wsize;
1585 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1588 * Clean up crypto buffers
1590 if (flags & FO_ENCRYPT) {
1591 /* Move any remaining data to start of buffer */
1592 if (cipher_ctx->buf_len > 0) {
1593 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1594 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1595 cipher_ctx->buf_len);
1598 * The packet was successfully written, reset the length so that the next
1599 * packet length may be re-read by unser_crypto_packet_len()
1601 cipher_ctx->packet_len = 0;
1610 * If extracting, close any previous stream
1612 static bool close_previous_stream(JCR *jcr, r_ctx &rctx)
1615 * If extracting, it was from previous stream, so
1616 * close the output file and validate the signature.
1619 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1620 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1621 Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1622 is_bopen(&rctx.bfd));
1625 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1626 deallocate_cipher(rctx);
1627 deallocate_fork_cipher(rctx);
1630 if (rctx.jcr->plugin) {
1631 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1633 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1635 rctx.extract = false;
1638 * Now perform the delayed restore of some specific data streams.
1640 if (!pop_delayed_data_streams(jcr, rctx)) {
1645 * Verify the cryptographic signature, if any
1647 rctx.type = rctx.attr->type;
1648 verify_signature(rctx.jcr, rctx);
1653 free_signature(rctx);
1655 rctx.jcr->ff->flags = 0;
1656 Dmsg0(130, "Stop extracting.\n");
1657 } else if (is_bopen(&rctx.bfd)) {
1658 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1659 Dmsg0(000, "=== logic error !open\n");
1667 * In the context of jcr, flush any remaining data from the cipher context,
1668 * writing it to bfd.
1669 * Return value is true on success, false on failure.
1671 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
1672 RESTORE_CIPHER_CTX *cipher_ctx)
1674 uint32_t decrypted_len = 0;
1675 char *wbuf; /* write buffer */
1676 uint32_t wsize; /* write size */
1677 char ec1[50]; /* Buffer printing huge values */
1678 bool second_pass = false;
1682 * Write out the remaining block and free the cipher context
1684 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
1685 cipher_ctx->block_size);
1687 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1690 * Writing out the final, buffered block failed. Shouldn't happen.
1692 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1693 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1696 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1698 * If nothing new was decrypted, and our output buffer is empty, return
1700 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1704 cipher_ctx->buf_len += decrypted_len;
1706 unser_crypto_packet_len(cipher_ctx);
1707 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1708 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1710 * Decrypted, possibly decompressed output here.
1712 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
1713 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1714 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1716 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1717 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1722 if (flags & FO_COMPRESS) {
1723 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1728 Dmsg0(130, "Call store_data\n");
1729 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1732 jcr->JobBytes += wsize;
1733 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1736 * Move any remaining data to start of buffer
1738 if (cipher_ctx->buf_len > 0) {
1739 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1740 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1741 cipher_ctx->buf_len);
1744 * The packet was successfully written, reset the length so that the next
1745 * packet length may be re-read by unser_crypto_packet_len()
1747 cipher_ctx->packet_len = 0;
1749 if (cipher_ctx->buf_len >0 && !second_pass) {
1757 cipher_ctx->buf_len = 0;
1758 cipher_ctx->packet_len = 0;
1763 static void deallocate_cipher(r_ctx &rctx)
1766 * Flush and deallocate previous stream's cipher context
1768 if (rctx.cipher_ctx.cipher) {
1769 flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, rctx.comp_stream, &rctx.cipher_ctx);
1770 crypto_cipher_free(rctx.cipher_ctx.cipher);
1771 rctx.cipher_ctx.cipher = NULL;
1775 static void deallocate_fork_cipher(r_ctx &rctx)
1779 * Flush and deallocate previous stream's fork cipher context
1781 if (rctx.fork_cipher_ctx.cipher) {
1782 flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, rctx.comp_stream, &rctx.fork_cipher_ctx);
1783 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1784 rctx.fork_cipher_ctx.cipher = NULL;
1788 static void free_signature(r_ctx &rctx)
1791 crypto_sign_free(rctx.sig);
1796 static void free_session(r_ctx &rctx)
1799 crypto_session_free(rctx.cs);
1806 * This code if implemented goes above
1808 #ifdef stbernard_implemented
1809 / #if defined(HAVE_WIN32)
1810 bool bResumeOfmOnExit = FALSE;
1811 if (isOpenFileManagerRunning()) {
1812 if ( pauseOpenFileManager() ) {
1813 Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") );
1814 bResumeOfmOnExit = TRUE;
1817 Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") );
1821 char username[UNLEN+1];
1822 DWORD usize = sizeof(username);
1823 int privs = enable_backup_privileges(NULL, 1);
1824 if (GetUserName(username, &usize)) {
1825 Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username,
1827 Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n"));