2 Bacula® - The Network Backup Solution
4 Copyright (C) 2000-2010 Free Software Foundation Europe e.V.
6 The main author of Bacula is Kern Sibbald, with contributions from
7 many others, a complete list can be found in the file AUTHORS.
8 This program is Free Software; you can redistribute it and/or
9 modify it under the terms of version two of the GNU General Public
10 License as published by the Free Software Foundation and included
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 Bacula® is a registered trademark of Kern Sibbald.
24 The licensor of Bacula is the Free Software Foundation Europe
25 (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
26 Switzerland, email:ftf@fsfeurope.org.
29 * Bacula File Daemon restore.c Restorefiles.
31 * Kern Sibbald, November MM
41 const bool have_darwin_os = true;
43 const bool have_darwin_os = false;
46 #if defined(HAVE_CRYPTO)
47 const bool have_crypto = true;
49 const bool have_crypto = false;
53 const bool have_acl = true;
55 const bool have_acl = false;
59 const bool have_sha2 = true;
61 const bool have_sha2 = false;
64 #if defined(HAVE_XATTR)
65 const bool have_xattr = true;
67 const bool have_xattr = false;
71 * Data received from Storage Daemon
73 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
76 * Forward referenced functions
78 #if defined(HAVE_LIBZ)
79 static const char *zlib_strerror(int stat);
80 const bool have_libz = true;
82 const bool have_libz = false;
85 static void deallocate_cipher(r_ctx &rctx);
86 static void deallocate_fork_cipher(r_ctx &rctx);
87 static void free_signature(r_ctx &rctx);
88 static void free_session(r_ctx &rctx);
89 static void close_previous_stream(r_ctx &rctx);
91 static bool verify_signature(JCR *jcr, r_ctx &rctx);
92 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
93 uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx);
94 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
95 RESTORE_CIPHER_CTX *cipher_ctx);
98 * Close a bfd check that we are at the expected file offset.
99 * Makes use of some code from set_attributes().
101 static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
103 char ec1[50], ec2[50];
106 fsize = blseek(bfd, 0, SEEK_CUR);
108 if (fsize > 0 && fsize != osize) {
109 Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
110 jcr->last_fname, edit_uint64(osize, ec1),
111 edit_uint64(fsize, ec2));
117 #ifdef HAVE_DARWIN_OS
118 bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
120 struct attrlist attrList;
122 memset(&attrList, 0, sizeof(attrList));
123 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
124 attrList.commonattr = ATTR_CMN_FNDRINFO;
126 Dmsg0(130, "Restoring Finder Info\n");
127 jcr->ff->flags |= FO_HFSPLUS;
129 Jmsg(jcr, M_ERROR, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
133 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
134 Jmsg(jcr, M_ERROR, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
141 bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
148 * Restore the requested files.
150 void do_restore(JCR *jcr)
153 uint32_t VolSessionId, VolSessionTime;
155 char ec1[50]; /* Buffer printing huge values */
156 uint32_t buf_size; /* client buffer size */
158 intmax_t rsrc_len = 0; /* Original length of resource fork */
161 /* ***FIXME*** make configurable */
162 crypto_digest_t signing_algorithm = have_sha2 ?
163 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
164 memset(&rctx, 0, sizeof(rctx));
168 * The following variables keep track of "known unknowns"
170 int non_support_data = 0;
171 int non_support_attr = 0;
172 int non_support_rsrc = 0;
173 int non_support_finfo = 0;
174 int non_support_acl = 0;
175 int non_support_progname = 0;
176 int non_support_crypto = 0;
177 int non_support_xattr = 0;
179 sd = jcr->store_bsock;
180 set_jcr_job_status(jcr, JS_Running);
183 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
186 buf_size = client->max_network_buffer_size;
188 buf_size = 0; /* use default */
190 if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
191 set_jcr_job_status(jcr, JS_ErrorTerminated);
194 jcr->buf_size = sd->msglen;
197 * St Bernard code goes here if implemented -- see end of file
201 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
202 jcr->compress_buf = get_memory(compress_buf_size);
203 jcr->compress_buf_size = compress_buf_size;
207 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
208 if (have_darwin_os) {
209 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
214 * Get a record from the Storage daemon. We are guaranteed to
215 * receive records in the following order:
216 * 1. Stream record header
217 * 2. Stream data (one or more of the following in the order given)
218 * a. Attributes (Unix or Win32)
219 * b. Possibly stream encryption session data (e.g., symmetric session key)
220 * c. File data for the file
221 * d. Alternate data stream (e.g. Resource Fork)
225 * h. Possibly a cryptographic signature
226 * i. Possibly MD5 or SHA1 record
229 * NOTE: We keep track of two bacula file descriptors:
230 * 1. bfd for file data.
231 * This fd is opened for non empty files when an attribute stream is
232 * encountered and closed when we find the next attribute stream.
233 * 2. fork_bfd for alternate data streams
234 * This fd is opened every time we encounter a new alternate data
235 * stream for the current file. When we find any other stream, we
237 * The expected size of the stream, fork_len, should be set when
239 * 3. Not all the stream data records are required -- e.g. if there
240 * is no fork, there is no alternate data stream, no ACL, ...
243 binit(&rctx.forkbfd);
244 attr = rctx.attr = new_attr(jcr);
246 jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
247 memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t));
248 jcr->acl_data->content = get_pool_memory(PM_MESSAGE);
251 jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
252 memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t));
253 jcr->xattr_data->content = get_pool_memory(PM_MESSAGE);
256 while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
258 * Remember previous stream type
260 rctx.prev_stream = rctx.stream;
263 * First we expect a Stream Record Header
265 if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
266 &rctx.stream, &rctx.size) != 5) {
267 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
270 Dmsg5(50, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
271 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
274 * Now we expect the Stream Data
276 if (bget_msg(sd) < 0) {
277 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
280 if (rctx.size != (uint32_t)sd->msglen) {
281 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
282 sd->msglen, rctx.size);
283 Dmsg2(50, "Actual data size %d not same as header %d\n",
284 sd->msglen, rctx.size);
287 Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
288 sd->msglen, rctx.extract);
291 * If we change streams, close and reset alternate data streams
293 if (rctx.prev_stream != rctx.stream) {
294 if (is_bopen(&rctx.forkbfd)) {
295 deallocate_fork_cipher(rctx);
296 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
299 * Use an impossible value and set a proper one below
306 * File Attributes stream
308 switch (rctx.stream) {
309 case STREAM_UNIX_ATTRIBUTES:
310 case STREAM_UNIX_ATTRIBUTES_EX:
312 * if any previous stream open, close it
314 close_previous_stream(rctx);
317 * TODO: manage deleted files
319 if (rctx.type == FT_DELETED) { /* deleted file */
324 * Unpack attributes and do sanity check them
326 if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) {
330 Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
331 attr->attr, attr->attrEx);
332 Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen,
333 strlen(attr->attrEx), sd->msg);
335 attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
337 if (!is_restore_stream_supported(attr->data_stream)) {
338 if (!non_support_data++) {
339 Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"),
340 stream_to_ascii(attr->data_stream));
345 build_attr_output_fnames(jcr, attr);
348 * Try to actually create the file, which returns a status telling
349 * us if we need to extract or not.
351 jcr->num_files_examined++;
352 rctx.extract = false;
354 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
356 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
359 pm_strcpy(jcr->last_fname, attr->ofname);
360 jcr->last_type = attr->type;
362 Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
366 pm_strcpy(jcr->last_fname, attr->ofname);
367 jcr->last_type = attr->type;
371 * File created and we expect file data
379 * File created, but there is no content
382 print_ls_output(jcr, attr);
384 if (have_darwin_os) {
386 * Only restore the resource fork for regular files
388 from_base64(&rsrc_len, attr->attrEx);
389 if (attr->type == FT_REG && rsrc_len > 0) {
394 * Count the resource forks not as regular files being restored.
405 * set attributes now because file will not be extracted
408 plugin_set_attributes(jcr, attr, &rctx.bfd);
410 set_attributes(jcr, attr, &rctx.bfd);
420 case STREAM_ENCRYPTED_SESSION_DATA:
421 crypto_error_t cryptoerr;
424 * Is this an unexpected session data entry?
427 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
428 rctx.extract = false;
434 * Do we have any keys at all?
436 if (!jcr->crypto.pki_recipients) {
437 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
438 rctx.extract = false;
443 if (jcr->crypto.digest) {
444 crypto_digest_free(jcr->crypto.digest);
446 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
447 if (!jcr->crypto.digest) {
448 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
449 rctx.extract = false;
455 * Decode and save session keys.
457 cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
458 jcr->crypto.pki_recipients, &rctx.cs);
460 case CRYPTO_ERROR_NONE:
465 case CRYPTO_ERROR_NORECIPIENT:
466 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
468 case CRYPTO_ERROR_DECRYPTION:
469 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
475 Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
479 if (cryptoerr != CRYPTO_ERROR_NONE) {
480 rctx.extract = false;
487 case STREAM_FILE_DATA:
488 case STREAM_SPARSE_DATA:
489 case STREAM_WIN32_DATA:
490 case STREAM_GZIP_DATA:
491 case STREAM_SPARSE_GZIP_DATA:
492 case STREAM_WIN32_GZIP_DATA:
493 case STREAM_ENCRYPTED_FILE_DATA:
494 case STREAM_ENCRYPTED_WIN32_DATA:
495 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
496 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
498 * Force an expected, consistent stream type here
500 if (rctx.extract && (rctx.prev_stream == rctx.stream
501 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
502 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
503 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
506 if (rctx.stream == STREAM_SPARSE_DATA ||
507 rctx.stream == STREAM_SPARSE_GZIP_DATA) {
508 rctx.flags |= FO_SPARSE;
511 if (rctx.stream == STREAM_GZIP_DATA
512 || rctx.stream == STREAM_SPARSE_GZIP_DATA
513 || rctx.stream == STREAM_WIN32_GZIP_DATA
514 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
515 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
516 rctx.flags |= FO_GZIP;
519 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
520 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
521 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
522 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
524 * Set up a decryption context
526 if (!rctx.cipher_ctx.cipher) {
528 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
529 rctx.extract = false;
534 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
535 &rctx.cipher_ctx.block_size)) == NULL) {
536 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
538 rctx.extract = false;
543 rctx.flags |= FO_ENCRYPT;
546 if (is_win32_stream(rctx.stream) && !have_win32_api()) {
547 set_portable_backup(&rctx.bfd);
549 * "decompose" BackupWrite data
551 rctx.flags |= FO_WIN32DECOMP;
554 if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
555 rctx.flags, &rctx.cipher_ctx) < 0) {
556 rctx.extract = false;
564 * Resource fork stream - only recorded after a file to be restored
565 * Silently ignore if we cannot write - we already reported that
567 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
568 case STREAM_MACOS_FORK_DATA:
569 if (have_darwin_os) {
571 jcr->ff->flags |= FO_HFSPLUS;
573 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
574 rctx.fork_flags |= FO_ENCRYPT;
577 * Set up a decryption context
579 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
581 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
582 rctx.extract = false;
587 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
588 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
590 rctx.extract = false;
598 if (rctx.prev_stream != rctx.stream) {
599 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
600 Jmsg(jcr, M_ERROR, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
601 rctx.extract = false;
605 rctx.fork_size = rsrc_len;
606 Dmsg0(130, "Restoring resource fork\n");
609 if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
610 &rctx.fork_cipher_ctx) < 0) {
611 rctx.extract = false;
612 bclose(&rctx.forkbfd);
621 case STREAM_HFSPLUS_ATTRIBUTES:
622 if (have_darwin_os) {
623 if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
631 case STREAM_UNIX_ACCESS_ACL:
632 case STREAM_UNIX_DEFAULT_ACL:
633 case STREAM_ACL_AIX_TEXT:
634 case STREAM_ACL_DARWIN_ACCESS_ACL:
635 case STREAM_ACL_FREEBSD_DEFAULT_ACL:
636 case STREAM_ACL_FREEBSD_ACCESS_ACL:
637 case STREAM_ACL_HPUX_ACL_ENTRY:
638 case STREAM_ACL_IRIX_DEFAULT_ACL:
639 case STREAM_ACL_IRIX_ACCESS_ACL:
640 case STREAM_ACL_LINUX_DEFAULT_ACL:
641 case STREAM_ACL_LINUX_ACCESS_ACL:
642 case STREAM_ACL_TRU64_DEFAULT_ACL:
643 case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
644 case STREAM_ACL_TRU64_ACCESS_ACL:
645 case STREAM_ACL_SOLARIS_ACLENT:
646 case STREAM_ACL_SOLARIS_ACE:
648 * Do not restore ACLs when
649 * a) The current file is not extracted
650 * b) and it is not a directory (they are never "extracted")
651 * c) or the file name is empty
653 if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
657 pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen);
658 jcr->acl_data->content_length = sd->msglen;
659 switch (parse_acl_streams(jcr, rctx.stream)) {
660 case bacl_exit_fatal:
662 case bacl_exit_error:
664 * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
665 * print the error message set by the lower level routine in jcr->errmsg.
667 if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
668 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
670 jcr->acl_data->nr_errors++;
680 case STREAM_XATTR_OPENBSD:
681 case STREAM_XATTR_SOLARIS_SYS:
682 case STREAM_XATTR_SOLARIS:
683 case STREAM_XATTR_DARWIN:
684 case STREAM_XATTR_FREEBSD:
685 case STREAM_XATTR_LINUX:
686 case STREAM_XATTR_NETBSD:
688 * Do not restore Extended Attributes when
689 * a) The current file is not extracted
690 * b) and it is not a directory (they are never "extracted")
691 * c) or the file name is empty
693 if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
697 pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
698 jcr->xattr_data->content_length = sd->msglen;
699 switch (parse_xattr_streams(jcr, rctx.stream)) {
700 case bxattr_exit_fatal:
702 case bxattr_exit_error:
704 * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
705 * print the error message set by the lower level routine in jcr->errmsg.
707 if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
708 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
710 jcr->xattr_data->nr_errors++;
720 case STREAM_SIGNED_DIGEST:
722 * Is this an unexpected signature?
725 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
726 free_signature(rctx);
732 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
733 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
737 case STREAM_MD5_DIGEST:
738 case STREAM_SHA1_DIGEST:
739 case STREAM_SHA256_DIGEST:
740 case STREAM_SHA512_DIGEST:
743 case STREAM_PROGRAM_NAMES:
744 case STREAM_PROGRAM_DATA:
745 if (!non_support_progname) {
746 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
747 non_support_progname++;
751 case STREAM_PLUGIN_NAME:
752 close_previous_stream(rctx);
753 Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
754 plugin_name_stream(jcr, sd->msg);
758 close_previous_stream(rctx);
759 Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
761 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
763 } /* end switch(stream) */
764 } /* end while get_msg() */
767 * If output file is still open, it was the last one in the
768 * archive since we just hit an end of file, so close the file.
770 if (is_bopen(&rctx.forkbfd)) {
771 bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
774 close_previous_stream(rctx);
775 set_jcr_job_status(jcr, JS_Terminated);
779 set_jcr_job_status(jcr, JS_ErrorTerminated);
783 * First output the statistics.
785 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
786 edit_uint64(jcr->JobBytes, ec1));
787 if (have_acl && jcr->acl_data->nr_errors > 0) {
788 Jmsg(jcr, M_ERROR, 0, _("Encountered %ld acl errors while doing restore\n"),
789 jcr->acl_data->nr_errors);
791 if (have_xattr && jcr->xattr_data->nr_errors > 0) {
792 Jmsg(jcr, M_ERROR, 0, _("Encountered %ld xattr errors while doing restore\n"),
793 jcr->xattr_data->nr_errors);
795 if (non_support_data > 1 || non_support_attr > 1) {
796 Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
797 non_support_data, non_support_attr);
799 if (non_support_rsrc) {
800 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
802 if (non_support_finfo) {
803 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
805 if (non_support_acl) {
806 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
808 if (non_support_crypto) {
809 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
811 if (non_support_xattr) {
812 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
816 * Free Signature & Crypto Data
818 free_signature(rctx);
820 if (jcr->crypto.digest) {
821 crypto_digest_free(jcr->crypto.digest);
822 jcr->crypto.digest = NULL;
826 * Free file cipher restore context
828 if (rctx.cipher_ctx.cipher) {
829 crypto_cipher_free(rctx.cipher_ctx.cipher);
830 rctx.cipher_ctx.cipher = NULL;
833 if (rctx.cipher_ctx.buf) {
834 free_pool_memory(rctx.cipher_ctx.buf);
835 rctx.cipher_ctx.buf = NULL;
839 * Free alternate stream cipher restore context
841 if (rctx.fork_cipher_ctx.cipher) {
842 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
843 rctx.fork_cipher_ctx.cipher = NULL;
845 if (rctx.fork_cipher_ctx.buf) {
846 free_pool_memory(rctx.fork_cipher_ctx.buf);
847 rctx.fork_cipher_ctx.buf = NULL;
850 if (jcr->compress_buf) {
851 free_pool_memory(jcr->compress_buf);
852 jcr->compress_buf = NULL;
853 jcr->compress_buf_size = 0;
856 if (have_acl && jcr->acl_data) {
857 free_pool_memory(jcr->acl_data->content);
859 jcr->acl_data = NULL;
862 if (have_xattr && jcr->xattr_data) {
863 free_pool_memory(jcr->xattr_data->content);
864 free(jcr->xattr_data);
865 jcr->xattr_data = NULL;
868 bclose(&rctx.forkbfd);
870 free_attr(rctx.attr);
875 * Convert ZLIB error code into an ASCII message
877 static const char *zlib_strerror(int stat)
884 return _("Zlib errno");
886 return _("Zlib stream error");
888 return _("Zlib data error");
890 return _("Zlib memory error");
892 return _("Zlib buffer error");
893 case Z_VERSION_ERROR:
894 return _("Zlib version error");
901 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
903 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
904 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
908 * Verify the signature for the last restored file
909 * Return value is either true (signature correct)
910 * or false (signature could not be verified).
911 * TODO landonf: Implement without using find_one_file and
912 * without re-reading the file.
914 static bool verify_signature(JCR *jcr, r_ctx &rctx)
916 X509_KEYPAIR *keypair;
917 DIGEST *digest = NULL;
919 uint64_t saved_bytes;
920 crypto_digest_t signing_algorithm = have_sha2 ?
921 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
922 crypto_digest_t algorithm;
923 SIGNATURE *sig = rctx.sig;
926 if (!jcr->crypto.pki_sign) {
933 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
934 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
942 * Iterate through the trusted signers
944 foreach_alist(keypair, jcr->crypto.pki_signers) {
945 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
947 case CRYPTO_ERROR_NONE:
948 Dmsg0(50, "== Got digest\n");
950 * We computed jcr->crypto.digest using signing_algorithm while writing
951 * the file. If it is not the same as the algorithm used for
952 * this file, punt by releasing the computed algorithm and
953 * computing by re-reading the file.
955 if (algorithm != signing_algorithm) {
956 if (jcr->crypto.digest) {
957 crypto_digest_free(jcr->crypto.digest);
958 jcr->crypto.digest = NULL;
961 if (jcr->crypto.digest) {
963 * Use digest computed while writing the file to verify the signature
965 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
966 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
967 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
968 jcr->last_fname, crypto_strerror(err));
973 * Signature found, digest allocated. Old method,
974 * re-read the file and compute the digest
976 jcr->crypto.digest = digest;
979 * Checksum the entire file
980 * Make sure we don't modify JobBytes by saving and restoring it
982 saved_bytes = jcr->JobBytes;
983 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
984 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
986 jcr->JobBytes = saved_bytes;
989 jcr->JobBytes = saved_bytes;
992 * Verify the signature
994 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
995 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
996 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
997 jcr->last_fname, crypto_strerror(err));
1000 jcr->crypto.digest = NULL;
1006 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
1007 crypto_digest_free(digest);
1010 case CRYPTO_ERROR_NOSIGNER:
1012 * Signature not found, try again
1015 crypto_digest_free(digest);
1021 * Something strange happened (that shouldn't happen!)...
1023 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
1031 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
1035 crypto_digest_free(digest);
1040 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length)
1045 unser_begin(*data, SPARSE_FADDR_SIZE);
1046 unser_uint64(faddr);
1047 if (*addr != faddr) {
1049 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
1051 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
1052 edit_uint64(*addr, ec1), jcr->last_fname,
1053 be.bstrerror(bfd->berrno));
1057 *data += SPARSE_FADDR_SIZE;
1058 *length -= SPARSE_FADDR_SIZE;
1062 bool decompress_data(JCR *jcr, char **data, uint32_t *length)
1067 char ec1[50]; /* Buffer printing huge values */
1070 * NOTE! We only use uLong and Byte because they are
1071 * needed by the zlib routines, they should not otherwise
1072 * be used in Bacula.
1074 compress_len = jcr->compress_buf_size;
1075 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1076 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1077 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1080 * The buffer size is too small, try with a bigger one
1082 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1083 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1084 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1088 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1089 jcr->last_fname, zlib_strerror(stat));
1092 *data = jcr->compress_buf;
1093 *length = compress_len;
1094 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1097 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1102 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1105 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1106 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1107 unser_uint32(ctx->packet_len);
1108 ctx->packet_len += CRYPTO_LEN_SIZE;
1112 bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp)
1114 if (jcr->crypto.digest) {
1115 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1118 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1120 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1121 jcr->last_fname, be.bstrerror(bfd->berrno));
1124 } else if (bwrite(bfd, data, length) != (ssize_t)length) {
1126 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
1127 jcr->last_fname, be.bstrerror(bfd->berrno));
1135 * In the context of jcr, write data to bfd.
1136 * We write buflen bytes in buf at addr. addr is updated in place.
1137 * The flags specify whether to use sparse files or compression.
1138 * Return value is the number of bytes written, or -1 on errors.
1140 int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
1141 uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx)
1143 char *wbuf; /* write buffer */
1144 uint32_t wsize; /* write size */
1145 uint32_t rsize; /* read size */
1146 uint32_t decrypted_len = 0; /* Decryption output length */
1147 char ec1[50]; /* Buffer printing huge values */
1150 jcr->ReadBytes += rsize;
1154 if (flags & FO_ENCRYPT) {
1155 ASSERT(cipher_ctx->cipher);
1158 * NOTE: We must implement block preserving semantics for the
1159 * non-streaming compression and sparse code.
1161 * Grow the crypto buffer, if necessary.
1162 * crypto_cipher_update() will process only whole blocks,
1163 * buffering the remaining input.
1165 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1166 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1169 * Decrypt the input block
1171 if (!crypto_cipher_update(cipher_ctx->cipher,
1172 (const u_int8_t *)wbuf,
1174 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1177 * Decryption failed. Shouldn't happen.
1179 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1183 if (decrypted_len == 0) {
1185 * No full block of encrypted data available, write more data
1190 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1192 cipher_ctx->buf_len += decrypted_len;
1193 wbuf = cipher_ctx->buf;
1196 * If one full preserved block is available, write it to disk,
1197 * and then buffer any remaining data. This should be effecient
1198 * as long as Bacula's block size is not significantly smaller than the
1199 * encryption block size (extremely unlikely!)
1201 unser_crypto_packet_len(cipher_ctx);
1202 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1204 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1206 * No full preserved block is available.
1212 * We have one full block, set up the filter input buffers
1214 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1215 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1216 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1217 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1220 if (flags & FO_SPARSE) {
1221 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1226 if (flags & FO_GZIP) {
1227 if (!decompress_data(jcr, &wbuf, &wsize)) {
1232 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1235 jcr->JobBytes += wsize;
1237 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1240 * Clean up crypto buffers
1242 if (flags & FO_ENCRYPT) {
1243 /* Move any remaining data to start of buffer */
1244 if (cipher_ctx->buf_len > 0) {
1245 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1246 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1247 cipher_ctx->buf_len);
1250 * The packet was successfully written, reset the length so that the next
1251 * packet length may be re-read by unser_crypto_packet_len()
1253 cipher_ctx->packet_len = 0;
1263 * If extracting, close any previous stream
1265 static void close_previous_stream(r_ctx &rctx)
1268 * If extracting, it was from previous stream, so
1269 * close the output file and validate the signature.
1272 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1273 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1274 Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1275 is_bopen(&rctx.bfd));
1278 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1279 deallocate_cipher(rctx);
1280 deallocate_fork_cipher(rctx);
1283 if (rctx.jcr->plugin) {
1284 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1286 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1288 rctx.extract = false;
1291 * Verify the cryptographic signature, if any
1293 rctx.type = rctx.attr->type;
1294 verify_signature(rctx.jcr, rctx);
1299 free_signature(rctx);
1301 rctx.jcr->ff->flags = 0;
1302 Dmsg0(130, "Stop extracting.\n");
1303 } else if (is_bopen(&rctx.bfd)) {
1304 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1305 Dmsg0(000, "=== logic error !open\n");
1312 * In the context of jcr, flush any remaining data from the cipher context,
1313 * writing it to bfd.
1314 * Return value is true on success, false on failure.
1316 bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
1317 RESTORE_CIPHER_CTX *cipher_ctx)
1319 uint32_t decrypted_len = 0;
1320 char *wbuf; /* write buffer */
1321 uint32_t wsize; /* write size */
1322 char ec1[50]; /* Buffer printing huge values */
1323 bool second_pass = false;
1327 * Write out the remaining block and free the cipher context
1329 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
1330 cipher_ctx->block_size);
1332 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1335 * Writing out the final, buffered block failed. Shouldn't happen.
1337 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1338 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1341 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1343 * If nothing new was decrypted, and our output buffer is empty, return
1345 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1349 cipher_ctx->buf_len += decrypted_len;
1351 unser_crypto_packet_len(cipher_ctx);
1352 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1353 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1355 * Decrypted, possibly decompressed output here.
1357 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
1358 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1359 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1361 if (flags & FO_SPARSE) {
1362 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
1367 if (flags & FO_GZIP) {
1368 if (!decompress_data(jcr, &wbuf, &wsize)) {
1373 Dmsg0(130, "Call store_data\n");
1374 if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1377 jcr->JobBytes += wsize;
1378 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1381 * Move any remaining data to start of buffer
1383 if (cipher_ctx->buf_len > 0) {
1384 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1385 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1386 cipher_ctx->buf_len);
1389 * The packet was successfully written, reset the length so that the next
1390 * packet length may be re-read by unser_crypto_packet_len()
1392 cipher_ctx->packet_len = 0;
1394 if (cipher_ctx->buf_len >0 && !second_pass) {
1402 cipher_ctx->buf_len = 0;
1403 cipher_ctx->packet_len = 0;
1408 static void deallocate_cipher(r_ctx &rctx)
1411 * Flush and deallocate previous stream's cipher context
1413 if (rctx.cipher_ctx.cipher) {
1414 flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx);
1415 crypto_cipher_free(rctx.cipher_ctx.cipher);
1416 rctx.cipher_ctx.cipher = NULL;
1420 static void deallocate_fork_cipher(r_ctx &rctx)
1424 * Flush and deallocate previous stream's fork cipher context
1426 if (rctx.fork_cipher_ctx.cipher) {
1427 flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx);
1428 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1429 rctx.fork_cipher_ctx.cipher = NULL;
1433 static void free_signature(r_ctx &rctx)
1436 crypto_sign_free(rctx.sig);
1441 static void free_session(r_ctx &rctx)
1444 crypto_session_free(rctx.cs);
1451 * This code if implemented goes above
1453 #ifdef stbernard_implemented
1454 / #if defined(HAVE_WIN32)
1455 bool bResumeOfmOnExit = FALSE;
1456 if (isOpenFileManagerRunning()) {
1457 if ( pauseOpenFileManager() ) {
1458 Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") );
1459 bResumeOfmOnExit = TRUE;
1462 Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") );
1466 char username[UNLEN+1];
1467 DWORD usize = sizeof(username);
1468 int privs = enable_backup_privileges(NULL, 1);
1469 if (GetUserName(username, &usize)) {
1470 Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username,
1472 Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n"));