- Merge changes made to 1.38.3 into HEAD

[bacula/bacula] / bacula / src / filed / backup.c

diff --git a/bacula/src/filed/backup.c b/bacula/src/filed/backup.c
index cb489d6114bae9e9cd0a952a371d7d7fb409b13d..0431a0fc0a0bab1598e82e5d305a4976cf02510e 100644 (file)
--- a/bacula/src/filed/backup.c
+++ b/bacula/src/filed/backup.c
@@ -27,7 +27,7 @@
 
 /* Forward referenced functions */
 static int save_file(FF_PKT *ff_pkt, void *pkt, bool top_level);
-static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, struct CHKSUM *chksum);
+static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *signature_digest);
 static bool encode_and_send_attributes(JCR *jcr, FF_PKT *ff_pkt, int &data_stream);
 static bool read_and_send_acl(JCR *jcr, int acltype, int stream);
 
@@ -125,7 +125,15 @@ bool blast_data_to_storage_daemon(JCR *jcr, char *addr)
 static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
 {
    int stat, data_stream;
-   struct CHKSUM chksum;
+   DIGEST *digest = NULL;
+   DIGEST *signing_digest = NULL;
+   int digest_stream = STREAM_NONE;
+   // TODO landonf: Allow the user to specify the digest algorithm
+#ifdef HAVE_SHA2
+   crypto_digest_t signing_algorithm = CRYPTO_DIGEST_SHA256;
+#else
+   crypto_digest_t signing_algorithm = CRYPTO_DIGEST_SHA1;
+#endif
    BSOCK *sd;
    JCR *jcr = (JCR *)vjcr;
 
@@ -224,13 +232,51 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
 
    Dmsg1(130, "bfiled: sending %s to stored\n", ff_pkt->fname);
 
+   /*
+    * Setup for digest handling. If this fails, the digest will be set to NULL
+    * and not used.
+    */
+   if (ff_pkt->flags & FO_MD5) {
+      digest = crypto_digest_new(CRYPTO_DIGEST_MD5);
+      digest_stream = STREAM_MD5_DIGEST;
+
+   } else if (ff_pkt->flags & FO_SHA1) {
+      digest = crypto_digest_new(CRYPTO_DIGEST_SHA1);
+      digest_stream = STREAM_SHA1_DIGEST;
+
+   } else if (ff_pkt->flags & FO_SHA256) {
+      digest = crypto_digest_new(CRYPTO_DIGEST_SHA256);
+      digest_stream = STREAM_SHA256_DIGEST;
+
+   } else if (ff_pkt->flags & FO_SHA512) {
+      digest = crypto_digest_new(CRYPTO_DIGEST_SHA512);
+      digest_stream = STREAM_SHA512_DIGEST;
+   }
+
+   /* Did digest initialization fail? */
+   if (digest_stream != STREAM_NONE && digest == NULL) {
+      Jmsg(jcr, M_WARNING, 0, _("%s digest initialization failed\n"),
+         stream_to_ascii(digest_stream));
+   }
 
    /*
-    * Setup for signature handling.
-    * Then initialise the file descriptor we use for data and other streams.
+    * Set up signature digest handling. If this fails, the signature digest will be set to
+    * NULL and not used.
     */
-   chksum_init(&chksum, ff_pkt->flags);
+   // TODO landonf: We should really only calculate the digest once, for both verification and signing.
+   if (jcr->pki_sign) {
+      signing_digest = crypto_digest_new(signing_algorithm);
+   }
 
+   /* Full-stop if a failure occured initializing the signature digest */
+   if (jcr->pki_sign && signing_digest == NULL) {
+      Jmsg(jcr, M_NOTSAVED, 0, _("%s signature digest initialization failed\n"),
+         stream_to_ascii(signing_algorithm));
+      jcr->Errors++;
+      return 1;
+   }
+
+   /* Initialise the file descriptor we use for data and other streams. */
    binit(&ff_pkt->bfd);
    if (ff_pkt->flags & FO_PORTABLE) {
       set_portable_backup(&ff_pkt->bfd); /* disable Win32 BackupRead() */
@@ -243,6 +289,7 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
       }
    }
 
+   /* Send attributes -- must be done after binit() */
    if (!encode_and_send_attributes(jcr, ff_pkt, data_stream)) {
       return 0;
    }
@@ -279,7 +326,7 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
          stop_thread_timer(tid);
          tid = NULL;
       }
-      stat = send_data(jcr, data_stream, ff_pkt, &chksum);
+      stat = send_data(jcr, data_stream, ff_pkt, digest, signing_digest);
       bclose(&ff_pkt->bfd);
       if (!stat) {
          return 0;
@@ -305,7 +352,7 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
          }
          flags = ff_pkt->flags;
          ff_pkt->flags &= ~(FO_GZIP|FO_SPARSE);
-         stat = send_data(jcr, STREAM_MACOS_FORK_DATA, ff_pkt, &chksum);
+         stat = send_data(jcr, STREAM_MACOS_FORK_DATA, ff_pkt, digest);
          ff_pkt->flags = flags;
          bclose(&ff_pkt->bfd);
          if (!stat) {
@@ -318,7 +365,12 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
       Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
       memcpy(sd->msg, ff_pkt->hfsinfo.fndrinfo, 32);
       sd->msglen = 32;
-      chksum_update(&chksum, (unsigned char *)sd->msg, sd->msglen);
+      if (digest) {
+         crypto_digest_update(digest, sd->msg, sd->msglen);
+      }
+      if (signature_digest) {
+         crypto_digest_update(signature_digest, sd->msg, sd->msglen);
+      }
       bnet_send(sd);
       bnet_sig(sd, BNET_EOD);
    }
@@ -337,25 +389,78 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
       }
    }
 
-   /* Terminate any signature and send it to Storage daemon and the Director */
-   if (chksum.updated) {
-      int stream = 0;
-      chksum_final(&chksum);
-      if (chksum.type == CHKSUM_MD5) {
-         stream = STREAM_MD5_SIGNATURE;
-      } else if (chksum.type == CHKSUM_SHA1) {
-         stream = STREAM_SHA1_SIGNATURE;
-      } else {
-         Jmsg1(jcr, M_WARNING, 0, _("Unknown signature type %i.\n"), chksum.type);
+   /* Terminate the signing digest and send it to the Storage daemon */
+   if (signing_digest) {
+      SIGNATURE *sig;
+      size_t size = 0;
+      void *buf;
+
+      if ((sig = crypto_sign_new()) == NULL) {
+         Jmsg(jcr, M_FATAL, 0, _("Failed to allocate memory for stream signature.\n"));
+         return 0;
+      }
+
+      if (crypto_sign_add_signer(sig, signing_digest, jcr->pki_keypair) == false) {
+         Jmsg(jcr, M_FATAL, 0, _("An error occured while signing the stream.\n"));
+         return 0;
+      }
+
+      /* Get signature size */
+      if (crypto_sign_encode(sig, NULL, &size) == false) {
+         Jmsg(jcr, M_FATAL, 0, _("An error occured while signing the stream.\n"));
+         return 0;
+      }
+
+      /* Allocate signature data buffer */
+      buf = malloc(size);
+      if (!buf) {
+         free(buf);
+         return 0;
+      }
+
+      /* Encode signature data */
+      if (crypto_sign_encode(sig, buf, &size) == false) {
+         Jmsg(jcr, M_FATAL, 0, _("An error occured while signing the stream.\n"));
+         return 0;
+      }
+
+      /* Send our header */
+      bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_SIGNED_DIGEST);
+      Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
+
+      /* Grow the bsock buffer to fit our message if necessary */
+      if ((size_t) sizeof_pool_memory(sd->msg) < size) {
+         sd->msg = realloc_pool_memory(sd->msg, size);
       }
-      if (stream != 0) {
-         bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, stream);
+
+      /* Copy our message over and send it */
+      memcpy(sd->msg, buf, size);
+      sd->msglen = size;
+      bnet_send(sd);
+      bnet_sig(sd, BNET_EOD);              /* end of checksum */
+
+      crypto_digest_free(signing_digest);
+      crypto_sign_free(sig);        
+      free(buf);
+   }
+
+   /* Terminate any digest and send it to Storage daemon and the Director */
+   if (digest) {
+      char md[CRYPTO_DIGEST_MAX_SIZE];
+      size_t size;
+
+      size = sizeof(md);
+
+      if (crypto_digest_finalize(digest, &md, &size)) {
+         bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, digest_stream);
          Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
-         memcpy(sd->msg, chksum.signature, chksum.length);
-         sd->msglen = chksum.length;
+         memcpy(sd->msg, md, size);
+         sd->msglen = size;
          bnet_send(sd);
          bnet_sig(sd, BNET_EOD);              /* end of checksum */
       }
+
+      crypto_digest_free(digest);
    }
 
    return 1;
@@ -371,7 +476,7 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
  * Currently this is not a problem as the only other stream, resource forks,
  * are not handled as sparse files.
  */
-static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, struct CHKSUM *chksum)
+int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *signing_digest)
 {
    BSOCK *sd = jcr->store_bsock;
    uint64_t fileAddr = 0;             /* file address */
@@ -449,7 +554,9 @@ static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, struct CHKSUM *chksum
       if (ff_pkt->flags & FO_SPARSE) {
          ser_declare;
          if (sd->msglen == rsize &&
-             (fileAddr+sd->msglen < (uint64_t)ff_pkt->statp.st_size)) {
+             fileAddr+sd->msglen < (uint64_t)ff_pkt->statp.st_size ||
+             ((ff_pkt->type == FT_RAW || ff_pkt->type == FT_FIFO) &&
+               (uint64_t)ff_pkt->statp.st_size == 0)) {
             sparseBlock = is_buf_zero(rbuf, rsize);
          }
 
@@ -461,7 +568,14 @@ static int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, struct CHKSUM *chksum
       fileAddr += sd->msglen;
 
       /* Update checksum if requested */
-      chksum_update(chksum, (unsigned char *)rbuf, sd->msglen);
+      if (digest) {
+         crypto_digest_update(digest, rbuf, sd->msglen);
+      }
+
+      /* Update signing digest if requested */
+      if (signing_digest) {
+         crypto_digest_update(signing_digest, rbuf, sd->msglen);
+      }
 
 #ifdef HAVE_LIBZ
       /* Do compression if turned on */