Copyright (C) 2000-2005 Kern Sibbald
This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
+ modify it under the terms of the GNU General Public License
+ version 2 as amended with additional clauses defined in the
+ file LICENSE in the main source directory.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public
- License along with this program; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
/* Forward referenced functions */
static int save_file(FF_PKT *ff_pkt, void *pkt, bool top_level);
-static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, struct CHKSUM *chksum);
+static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *signature_digest);
static bool encode_and_send_attributes(JCR *jcr, FF_PKT *ff_pkt, int &data_stream);
static bool read_and_send_acl(JCR *jcr, int acltype, int stream);
free_pool_memory(jcr->acl_text);
- bnet_sig(sd, BNET_EOD); /* end of sending data */
-
stop_heartbeat_monitor(jcr);
+ bnet_sig(sd, BNET_EOD); /* end of sending data */
+
if (jcr->big_buf) {
free(jcr->big_buf);
jcr->big_buf = NULL;
static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
{
int stat, data_stream;
- struct CHKSUM chksum;
+ DIGEST *digest = NULL;
+ DIGEST *signing_digest = NULL;
+ int digest_stream = STREAM_NONE;
+ // TODO landonf: Allow the user to specify the digest algorithm
+#ifdef HAVE_SHA2
+ crypto_digest_t signing_algorithm = CRYPTO_DIGEST_SHA256;
+#else
+ crypto_digest_t signing_algorithm = CRYPTO_DIGEST_SHA1;
+#endif
BSOCK *sd;
JCR *jcr = (JCR *)vjcr;
case FT_DIRBEGIN:
return 1; /* not used */
case FT_NORECURSE:
+ Jmsg(jcr, M_INFO, 1, _(" Recursion turned off. Will not descend into %s\n"),
+ ff_pkt->fname);
+ ff_pkt->type = FT_DIREND; /* Backup only the directory entry */
+ break;
case FT_NOFSCHG:
- case FT_INVALIDFS:
- case FT_DIREND:
- if (ff_pkt->type == FT_NORECURSE) {
- Jmsg(jcr, M_INFO, 1, _(" Recursion turned off. Will not descend into %s\n"),
- ff_pkt->fname);
- } else if (ff_pkt->type == FT_NOFSCHG) {
- Jmsg(jcr, M_INFO, 1, _(" File system change prohibited. Will not descend into %s\n"),
- ff_pkt->fname);
- } else if (ff_pkt->type == FT_INVALIDFS) {
- Jmsg(jcr, M_INFO, 1, _(" Disallowed filesystem. Will not descend into %s\n"),
+ /* Suppress message for /dev filesystems */
+ if (strncmp(ff_pkt->fname, "/dev/", 5) != 0) {
+ Jmsg(jcr, M_INFO, 1, _(" Filesystem change prohibited. Will not descend into %s\n"),
ff_pkt->fname);
}
- ff_pkt->type = FT_DIREND; /* value is used below */
- Dmsg1(130, "FT_DIR saving: %s\n", ff_pkt->link);
+ ff_pkt->type = FT_DIREND; /* Backup only the directory entry */
+ break;
+ case FT_INVALIDFS:
+ Jmsg(jcr, M_INFO, 1, _(" Disallowed filesystem. Will not descend into %s\n"),
+ ff_pkt->fname);
+ ff_pkt->type = FT_DIREND; /* Backup only the directory entry */
+ break;
+ case FT_DIREND:
+ Dmsg1(130, "FT_DIREND: %s\n", ff_pkt->link);
break;
case FT_SPEC:
Dmsg1(130, "FT_SPEC saving: %s\n", ff_pkt->fname);
Dmsg1(130, "bfiled: sending %s to stored\n", ff_pkt->fname);
- if (!encode_and_send_attributes(jcr, ff_pkt, data_stream)) {
- return 0;
+ /*
+ * Setup for digest handling. If this fails, the digest will be set to NULL
+ * and not used.
+ */
+ if (ff_pkt->flags & FO_MD5) {
+ digest = crypto_digest_new(CRYPTO_DIGEST_MD5);
+ digest_stream = STREAM_MD5_DIGEST;
+
+ } else if (ff_pkt->flags & FO_SHA1) {
+ digest = crypto_digest_new(CRYPTO_DIGEST_SHA1);
+ digest_stream = STREAM_SHA1_DIGEST;
+
+ } else if (ff_pkt->flags & FO_SHA256) {
+ digest = crypto_digest_new(CRYPTO_DIGEST_SHA256);
+ digest_stream = STREAM_SHA256_DIGEST;
+
+ } else if (ff_pkt->flags & FO_SHA512) {
+ digest = crypto_digest_new(CRYPTO_DIGEST_SHA512);
+ digest_stream = STREAM_SHA512_DIGEST;
+ }
+
+ /* Did digest initialization fail? */
+ if (digest_stream != STREAM_NONE && digest == NULL) {
+ Jmsg(jcr, M_WARNING, 0, _("%s digest initialization failed\n"),
+ stream_to_ascii(digest_stream));
}
/*
- * Setup for signature handling.
- * Then initialise the file descriptor we use for data and other streams.
+ * Set up signature digest handling. If this fails, the signature digest will be set to
+ * NULL and not used.
*/
- chksum_init(&chksum, ff_pkt->flags);
+ // TODO landonf: We should really only calculate the digest once, for both verification and signing.
+ if (jcr->pki_sign) {
+ signing_digest = crypto_digest_new(signing_algorithm);
+ }
+
+ /* Full-stop if a failure occured initializing the signature digest */
+ if (jcr->pki_sign && signing_digest == NULL) {
+ Jmsg(jcr, M_NOTSAVED, 0, _("%s signature digest initialization failed\n"),
+ stream_to_ascii(signing_algorithm));
+ jcr->Errors++;
+ return 1;
+ }
+ /* Initialise the file descriptor we use for data and other streams. */
binit(&ff_pkt->bfd);
if (ff_pkt->flags & FO_PORTABLE) {
set_portable_backup(&ff_pkt->bfd); /* disable Win32 BackupRead() */
}
}
+ /* Send attributes -- must be done after binit() */
+ if (!encode_and_send_attributes(jcr, ff_pkt, data_stream)) {
+ return 0;
+ }
+
/*
* Open any file with data that we intend to save, then save it.
*
stop_thread_timer(tid);
tid = NULL;
}
- stat = send_data(jcr, data_stream, ff_pkt, &chksum);
+ stat = send_data(jcr, data_stream, ff_pkt, digest, signing_digest);
bclose(&ff_pkt->bfd);
if (!stat) {
return 0;
}
flags = ff_pkt->flags;
ff_pkt->flags &= ~(FO_GZIP|FO_SPARSE);
- stat = send_data(jcr, STREAM_MACOS_FORK_DATA, ff_pkt, &chksum);
+ stat = send_data(jcr, STREAM_MACOS_FORK_DATA, ff_pkt, digest);
ff_pkt->flags = flags;
bclose(&ff_pkt->bfd);
if (!stat) {
Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
memcpy(sd->msg, ff_pkt->hfsinfo.fndrinfo, 32);
sd->msglen = 32;
- chksum_update(&chksum, (unsigned char *)sd->msg, sd->msglen);
+ if (digest) {
+ crypto_digest_update(digest, sd->msg, sd->msglen);
+ }
+ if (signature_digest) {
+ crypto_digest_update(signature_digest, sd->msg, sd->msglen);
+ }
bnet_send(sd);
bnet_sig(sd, BNET_EOD);
}
}
}
- /* Terminate any signature and send it to Storage daemon and the Director */
- if (chksum.updated) {
- int stream = 0;
- chksum_final(&chksum);
- if (chksum.type == CHKSUM_MD5) {
- stream = STREAM_MD5_SIGNATURE;
- } else if (chksum.type == CHKSUM_SHA1) {
- stream = STREAM_SHA1_SIGNATURE;
- } else {
- Jmsg1(jcr, M_WARNING, 0, _("Unknown signature type %i.\n"), chksum.type);
+ /* Terminate the signing digest and send it to the Storage daemon */
+ if (signing_digest) {
+ SIGNATURE *sig;
+ size_t size = 0;
+ void *buf;
+
+ if ((sig = crypto_sign_new()) == NULL) {
+ Jmsg(jcr, M_FATAL, 0, _("Failed to allocate memory for stream signature.\n"));
+ return 0;
+ }
+
+ if (crypto_sign_add_signer(sig, signing_digest, jcr->pki_keypair) == false) {
+ Jmsg(jcr, M_FATAL, 0, _("An error occured while signing the stream.\n"));
+ return 0;
+ }
+
+ /* Get signature size */
+ if (crypto_sign_encode(sig, NULL, &size) == false) {
+ Jmsg(jcr, M_FATAL, 0, _("An error occured while signing the stream.\n"));
+ return 0;
+ }
+
+ /* Allocate signature data buffer */
+ buf = malloc(size);
+ if (!buf) {
+ free(buf);
+ return 0;
}
- if (stream != 0) {
- bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, stream);
+
+ /* Encode signature data */
+ if (crypto_sign_encode(sig, buf, &size) == false) {
+ Jmsg(jcr, M_FATAL, 0, _("An error occured while signing the stream.\n"));
+ return 0;
+ }
+
+ /* Send our header */
+ bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_SIGNED_DIGEST);
+ Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
+
+ /* Grow the bsock buffer to fit our message if necessary */
+ if ((size_t) sizeof_pool_memory(sd->msg) < size) {
+ sd->msg = realloc_pool_memory(sd->msg, size);
+ }
+
+ /* Copy our message over and send it */
+ memcpy(sd->msg, buf, size);
+ sd->msglen = size;
+ bnet_send(sd);
+ bnet_sig(sd, BNET_EOD); /* end of checksum */
+
+ crypto_digest_free(signing_digest);
+ crypto_sign_free(sig);
+ free(buf);
+ }
+
+ /* Terminate any digest and send it to Storage daemon and the Director */
+ if (digest) {
+ char md[CRYPTO_DIGEST_MAX_SIZE];
+ size_t size;
+
+ size = sizeof(md);
+
+ if (crypto_digest_finalize(digest, &md, &size)) {
+ bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, digest_stream);
Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
- memcpy(sd->msg, chksum.signature, chksum.length);
- sd->msglen = chksum.length;
+ memcpy(sd->msg, md, size);
+ sd->msglen = size;
bnet_send(sd);
bnet_sig(sd, BNET_EOD); /* end of checksum */
}
+
+ crypto_digest_free(digest);
}
return 1;
* Currently this is not a problem as the only other stream, resource forks,
* are not handled as sparse files.
*/
-int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, struct CHKSUM *chksum)
+int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *signing_digest)
{
BSOCK *sd = jcr->store_bsock;
uint64_t fileAddr = 0; /* file address */
char *rbuf, *wbuf;
int rsize = jcr->buf_size; /* read buffer size */
POOLMEM *msgsave;
+#ifdef FD_NO_SEND_TEST
+ return 1;
+#endif
msgsave = sd->msg;
rbuf = sd->msg; /* read buffer */
#endif
}
+ /* a RAW device read on win32 only works if the buffer is a multiple of 512 */
+#ifdef HAVE_WIN32
+ if (S_ISBLK(ff_pkt->statp.st_mode))
+ rsize = (rsize/512) * 512;
+#endif
+
/*
* Read the file data
*/
if (ff_pkt->flags & FO_SPARSE) {
ser_declare;
if (sd->msglen == rsize &&
- (fileAddr+sd->msglen < (uint64_t)ff_pkt->statp.st_size)) {
+ fileAddr+sd->msglen < (uint64_t)ff_pkt->statp.st_size ||
+ ((ff_pkt->type == FT_RAW || ff_pkt->type == FT_FIFO) &&
+ (uint64_t)ff_pkt->statp.st_size == 0)) {
sparseBlock = is_buf_zero(rbuf, rsize);
}
fileAddr += sd->msglen;
/* Update checksum if requested */
- chksum_update(chksum, (unsigned char *)rbuf, sd->msglen);
+ if (digest) {
+ crypto_digest_update(digest, rbuf, sd->msglen);
+ }
+
+ /* Update signing digest if requested */
+ if (signing_digest) {
+ crypto_digest_update(signing_digest, rbuf, sd->msglen);
+ }
#ifdef HAVE_LIBZ
/* Do compression if turned on */
}
sd->msg = wbuf; /* set correct write buffer */
if (!bnet_send(sd)) {
- Jmsg2(jcr, M_FATAL, 0, _("Network send error %d to SD. ERR=%s\n"),
- sd->msglen, bnet_strerror(sd));
+ Jmsg1(jcr, M_FATAL, 0, _("Network send error to SD. ERR=%s\n"),
+ bnet_strerror(sd));
sd->msg = msgsave; /* restore bnet buffer */
sd->msglen = 0;
return 0;
BSOCK *sd = jcr->store_bsock;
POOLMEM *msgsave;
int len;
+#ifdef FD_NO_SEND_TEST
+ return true;
+#endif
len = bacl_get(jcr, acltype);
if (len < 0) {
- Jmsg1(jcr, M_WARNING, 0, "Error reading ACL of %s\n", jcr->last_fname);
+ Jmsg1(jcr, M_WARNING, 0, _("Error reading ACL of %s\n"), jcr->last_fname);
return true;
}
if (len == 0) {