/*
Bacula® - The Network Backup Solution
- Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
+ Copyright (C) 2000-2011 Free Software Foundation Europe e.V.
The main author of Bacula is Kern Sibbald, with contributions from
many others, a complete list can be found in the file AUTHORS.
This program is Free Software; you can redistribute it and/or
- modify it under the terms of version two of the GNU General Public
+ modify it under the terms of version three of the GNU Affero General Public
License as published by the Free Software Foundation and included
in the file LICENSE.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Affero General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
- Bacula® is a registered trademark of John Walker.
+ Bacula® is a registered trademark of Kern Sibbald.
The licensor of Bacula is the Free Software Foundation Europe
(FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich,
Switzerland, email:ftf@fsfeurope.org.
*
* Kern Sibbald, November MM
*
- * Version $Id$
- *
*/
#include "bacula.h"
#include "filed.h"
+#include "ch.h"
+#include "restore.h"
#ifdef HAVE_DARWIN_OS
#include <sys/attr.h>
#endif
#ifdef HAVE_SHA2
- const bool have_sha2 = true;
+const bool have_sha2 = true;
#else
- const bool have_sha2 = false;
+const bool have_sha2 = false;
#endif
+#if defined(HAVE_XATTR)
+const bool have_xattr = true;
+#else
+const bool have_xattr = false;
+#endif
-/* Data received from Storage Daemon */
+/*
+ * Data received from Storage Daemon
+ */
static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
-typedef struct restore_cipher_ctx {
- CIPHER_CONTEXT *cipher;
- uint32_t block_size;
-
- POOLMEM *buf; /* Pointer to descryption buffer */
- int32_t buf_len; /* Count of bytes currently in buf */
- int32_t packet_len; /* Total bytes in packet */
-} RESTORE_CIPHER_CTX;
-
-struct r_ctx {
- JCR *jcr;
- int32_t stream;
- int32_t prev_stream;
- BFILE bfd; /* File content */
- uint64_t fileAddr; /* file write address */
- uint32_t size; /* Size of file */
- int flags; /* Options for extract_data() */
- BFILE forkbfd; /* Alternative data stream */
- uint64_t fork_addr; /* Write address for alternative stream */
- intmax_t fork_size; /* Size of alternate stream */
- int fork_flags; /* Options for extract_data() */
- int32_t type; /* file type FT_ */
-
- SIGNATURE *sig; /* Cryptographic signature (if any) for file */
- CRYPTO_SESSION *cs; /* Cryptographic session data (if any) for file */
- RESTORE_CIPHER_CTX cipher_ctx; /* Cryptographic restore context (if any) for file */
- RESTORE_CIPHER_CTX fork_cipher_ctx; /* Cryptographic restore context (if any) for alternative stream */
-};
-
-
-/* Forward referenced functions */
+/*
+ * Forward referenced functions
+ */
#if defined(HAVE_LIBZ)
static const char *zlib_strerror(int stat);
const bool have_libz = true;
#else
const bool have_libz = false;
#endif
+#ifdef HAVE_LZO
+const bool have_lzo = true;
+#else
+const bool have_lzo = false;
+#endif
+
static void deallocate_cipher(r_ctx &rctx);
static void deallocate_fork_cipher(r_ctx &rctx);
static void free_signature(r_ctx &rctx);
static void free_session(r_ctx &rctx);
-
-
+static void close_previous_stream(r_ctx &rctx);
static bool verify_signature(JCR *jcr, r_ctx &rctx);
int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
- uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx);
-bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
+ uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx);
+bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
RESTORE_CIPHER_CTX *cipher_ctx);
-
/*
* Close a bfd check that we are at the expected file offset.
- * Makes some code in set_attributes().
+ * Makes use of some code from set_attributes().
*/
static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize)
{
boffset_t fsize;
fsize = blseek(bfd, 0, SEEK_CUR);
- bclose(bfd); /* first close file */
+ bclose(bfd);
if (fsize > 0 && fsize != osize) {
- Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
+ Qmsg3(jcr, M_WARNING, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
jcr->last_fname, edit_uint64(osize, ec1),
edit_uint64(fsize, ec2));
return -1;
return 0;
}
+#ifdef HAVE_DARWIN_OS
+bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
+{
+ struct attrlist attrList;
+
+ memset(&attrList, 0, sizeof(attrList));
+ attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+ attrList.commonattr = ATTR_CMN_FNDRINFO;
+
+ Dmsg0(130, "Restoring Finder Info\n");
+ jcr->ff->flags |= FO_HFSPLUS;
+ if (buflen != 32) {
+ Jmsg(jcr, M_WARNING, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
+ return false;
+ }
+
+ if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
+ Jmsg(jcr, M_WARNING, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
+ return false;
+ }
+
+ return true;
+}
+#else
+bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
+{
+ return true;
+}
+#endif
/*
* Restore the requested files.
- *
*/
void do_restore(JCR *jcr)
{
BSOCK *sd;
uint32_t VolSessionId, VolSessionTime;
- bool extract = false;
int32_t file_index;
- char ec1[50]; /* Buffer printing huge values */
- uint32_t buf_size; /* client buffer size */
+ char ec1[50]; /* Buffer printing huge values */
+ uint32_t buf_size; /* client buffer size */
int stat;
- ATTR *attr;
- intmax_t rsrc_len = 0; /* Original length of resource fork */
+ int64_t rsrc_len = 0; /* Original length of resource fork */
r_ctx rctx;
+ ATTR *attr;
/* ***FIXME*** make configurable */
crypto_digest_t signing_algorithm = have_sha2 ?
CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
memset(&rctx, 0, sizeof(rctx));
rctx.jcr = jcr;
- /* The following variables keep track of "known unknowns" */
+ /*
+ * The following variables keep track of "known unknowns"
+ */
int non_support_data = 0;
int non_support_attr = 0;
int non_support_rsrc = 0;
int non_support_acl = 0;
int non_support_progname = 0;
int non_support_crypto = 0;
-
-#ifdef HAVE_DARWIN_OS
- struct attrlist attrList;
- memset(&attrList, 0, sizeof(attrList));
- attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
- attrList.commonattr = ATTR_CMN_FNDRINFO;
-#endif
-
+ int non_support_xattr = 0;
sd = jcr->store_bsock;
- set_jcr_job_status(jcr, JS_Running);
+ jcr->setJobStatus(JS_Running);
LockRes();
CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
buf_size = 0; /* use default */
}
if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
- set_jcr_job_status(jcr, JS_ErrorTerminated);
+ jcr->setJobStatus(JS_ErrorTerminated);
return;
}
jcr->buf_size = sd->msglen;
- /* St Bernard code goes here if implemented -- see end of file */
+ /*
+ * St Bernard code goes here if implemented -- see end of file
+ */
- if (have_libz) {
+ /* use the same buffer size to decompress both gzip and lzo */
+ if (have_libz || have_lzo) {
uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
- jcr->compress_buf = (char *)bmalloc(compress_buf_size);
+ jcr->compress_buf = get_memory(compress_buf_size);
jcr->compress_buf_size = compress_buf_size;
}
+#ifdef HAVE_LZO
+ if (lzo_init() != LZO_E_OK) {
+ Jmsg(jcr, M_FATAL, 0, _("LZO init failed\n"));
+ goto bail_out;
+ }
+#endif
+
if (have_crypto) {
rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
if (have_darwin_os) {
* d. Alternate data stream (e.g. Resource Fork)
* e. Finder info
* f. ACLs
- * g. Possibly a cryptographic signature
- * h. Possibly MD5 or SHA1 record
+ * g. XATTRs
+ * h. Possibly a cryptographic signature
+ * i. Possibly MD5 or SHA1 record
* 3. Repeat step 1
*
* NOTE: We keep track of two bacula file descriptors:
*/
binit(&rctx.bfd);
binit(&rctx.forkbfd);
- attr = new_attr(jcr);
- jcr->acl_text = get_pool_memory(PM_MESSAGE);
-
-
+ attr = rctx.attr = new_attr(jcr);
+ if (have_acl) {
+ jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
+ memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t));
+ jcr->acl_data->content = get_pool_memory(PM_MESSAGE);
+ }
+ if (have_xattr) {
+ jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
+ memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t));
+ jcr->xattr_data->content = get_pool_memory(PM_MESSAGE);
+ }
while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
- /* Remember previous stream type */
+ /*
+ * Remember previous stream type
+ */
rctx.prev_stream = rctx.stream;
- /* First we expect a Stream Record Header */
+ /*
+ * First we expect a Stream Record Header
+ */
if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
- &rctx.stream, &rctx.size) != 5) {
+ &rctx.full_stream, &rctx.size) != 5) {
Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
goto bail_out;
}
- Dmsg4(30, "Got hdr: Files=%d FilInx=%d Stream=%d, %s.\n",
- jcr->JobFiles, file_index, rctx.stream, stream_to_ascii(rctx.stream));
+ /* Strip off new stream high bits */
+ rctx.stream = rctx.full_stream & STREAMMASK_TYPE;
+ Dmsg5(150, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
+ jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
- /* * Now we expect the Stream Data */
+ /*
+ * Now we expect the Stream Data
+ */
if (bget_msg(sd) < 0) {
Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
goto bail_out;
if (rctx.size != (uint32_t)sd->msglen) {
Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
sd->msglen, rctx.size);
+ Dmsg2(50, "Actual data size %d not same as header %d\n",
+ sd->msglen, rctx.size);
goto bail_out;
}
- Dmsg3(30, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
- sd->msglen, extract);
+ Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
+ sd->msglen, rctx.extract);
- /* If we change streams, close and reset alternate data streams */
+ /*
+ * If we change streams, close and reset alternate data streams
+ */
if (rctx.prev_stream != rctx.stream) {
if (is_bopen(&rctx.forkbfd)) {
deallocate_fork_cipher(rctx);
bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
}
- rctx.fork_size = -1; /* Use an impossible value and set a proper one below */
+ /*
+ * Use an impossible value and set a proper one below
+ */
+ rctx.fork_size = -1;
rctx.fork_addr = 0;
}
- /* File Attributes stream */
+ /*
+ * File Attributes stream
+ */
switch (rctx.stream) {
case STREAM_UNIX_ATTRIBUTES:
case STREAM_UNIX_ATTRIBUTES_EX:
/*
- * If extracting, it was from previous stream, so
- * close the output file and validate the signature.
+ * if any previous stream open, close it
*/
- if (extract) {
- if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
- Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
- }
+ close_previous_stream(rctx);
- if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
- deallocate_cipher(rctx);
- deallocate_fork_cipher(rctx);
- }
-
- set_attributes(jcr, attr, &rctx.bfd);
- extract = false;
-
- /* Verify the cryptographic signature, if any */
- rctx.type = attr->type;
- verify_signature(jcr, rctx);
-
- /* Free Signature */
- free_signature(rctx);
- free_session(rctx);
- jcr->ff->flags = 0;
- Dmsg0(30, "Stop extracting.\n");
- } else if (is_bopen(&rctx.bfd)) {
- Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
- bclose(&rctx.bfd);
+ /*
+ * TODO: manage deleted files
+ */
+ if (rctx.type == FT_DELETED) { /* deleted file */
+ continue;
+ }
+ /*
+ * Restore objects should be ignored here -- they are
+ * returned at the beginning of the restore.
+ */
+ if (rctx.type == FT_RESTORE_FIRST) {
+ continue;
}
/*
* Unpack attributes and do sanity check them
*/
- if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, attr)) {
- goto bail_out;
- }
- if (file_index != attr->file_index) {
- Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"),
- file_index, attr->file_index);
- Dmsg0(100, "File index error\n");
+ if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) {
goto bail_out;
}
- Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
+ Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
attr->attr, attr->attrEx);
+ Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen,
+ strlen(attr->attrEx), sd->msg);
- attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
+ attr->data_stream = decode_stat(attr->attr, &attr->statp, sizeof(attr->statp), &attr->LinkFI);
if (!is_restore_stream_supported(attr->data_stream)) {
if (!non_support_data++) {
- Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"),
- stream_to_ascii(attr->data_stream));
+ Jmsg(jcr, M_WARNING, 0, _("%s stream not supported on this Client.\n"),
+ stream_to_ascii(attr->data_stream));
}
continue;
}
build_attr_output_fnames(jcr, attr);
/*
- * Now determine if we are extracting or not.
+ * Try to actually create the file, which returns a status telling
+ * us if we need to extract or not.
*/
jcr->num_files_examined++;
- extract = false;
- stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
- Dmsg2(30, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
+ rctx.extract = false;
+ if (jcr->plugin) {
+ stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
+ } else {
+ stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
+ }
+ jcr->lock();
+ pm_strcpy(jcr->last_fname, attr->ofname);
+ jcr->last_type = attr->type;
+ jcr->unlock();
+ Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat);
switch (stat) {
case CF_ERROR:
case CF_SKIP:
- break;
- case CF_EXTRACT: /* File created and we expect file data */
- extract = true;
- /* FALLTHROUGH */
- case CF_CREATED: /* File created, but there is no content */
- jcr->lock();
pm_strcpy(jcr->last_fname, attr->ofname);
jcr->last_type = attr->type;
- jcr->JobFiles++;
- jcr->unlock();
+ break;
+ case CF_EXTRACT:
+ /*
+ * File created and we expect file data
+ */
+ rctx.extract = true;
+ /*
+ * FALLTHROUGH
+ */
+ case CF_CREATED:
+ /*
+ * File created, but there is no content
+ */
rctx.fileAddr = 0;
print_ls_output(jcr, attr);
if (have_darwin_os) {
- /* Only restore the resource fork for regular files */
+ /*
+ * Only restore the resource fork for regular files
+ */
from_base64(&rsrc_len, attr->attrEx);
if (attr->type == FT_REG && rsrc_len > 0) {
- extract = true;
+ rctx.extract = true;
}
+
+ /*
+ * Count the resource forks not as regular files being restored.
+ */
+ if (rsrc_len == 0) {
+ jcr->JobFiles++;
+ }
+ } else {
+ jcr->JobFiles++;
}
- if (!extract) {
- /* set attributes now because file will not be extracted */
- set_attributes(jcr, attr, &rctx.bfd);
+
+ if (!rctx.extract) {
+ /*
+ * set attributes now because file will not be extracted
+ */
+ if (jcr->plugin) {
+ plugin_set_attributes(jcr, attr, &rctx.bfd);
+ } else {
+ set_attributes(jcr, attr, &rctx.bfd);
+ }
}
break;
}
break;
- /* Data stream */
+ /*
+ * Data stream
+ */
case STREAM_ENCRYPTED_SESSION_DATA:
crypto_error_t cryptoerr;
- /* Is this an unexpected session data entry? */
+ /*
+ * Is this an unexpected session data entry?
+ */
if (rctx.cs) {
Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
- extract = false;
+ rctx.extract = false;
bclose(&rctx.bfd);
continue;
}
- /* Do we have any keys at all? */
+ /*
+ * Do we have any keys at all?
+ */
if (!jcr->crypto.pki_recipients) {
Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
- extract = false;
+ rctx.extract = false;
bclose(&rctx.bfd);
break;
}
jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
if (!jcr->crypto.digest) {
Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
- extract = false;
+ rctx.extract = false;
bclose(&rctx.bfd);
break;
}
- /* Decode and save session keys. */
+ /*
+ * Decode and save session keys.
+ */
cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
jcr->crypto.pki_recipients, &rctx.cs);
switch(cryptoerr) {
case CRYPTO_ERROR_NONE:
- /* Success */
+ /*
+ * Success
+ */
break;
case CRYPTO_ERROR_NORECIPIENT:
Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
break;
default:
- /* Shouldn't happen */
+ /*
+ * Shouldn't happen
+ */
Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
break;
}
if (cryptoerr != CRYPTO_ERROR_NONE) {
- extract = false;
+ rctx.extract = false;
bclose(&rctx.bfd);
continue;
}
case STREAM_GZIP_DATA:
case STREAM_SPARSE_GZIP_DATA:
case STREAM_WIN32_GZIP_DATA:
+ case STREAM_COMPRESSED_DATA:
+ case STREAM_SPARSE_COMPRESSED_DATA:
+ case STREAM_WIN32_COMPRESSED_DATA:
case STREAM_ENCRYPTED_FILE_DATA:
case STREAM_ENCRYPTED_WIN32_DATA:
case STREAM_ENCRYPTED_FILE_GZIP_DATA:
case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
- /* Force an expected, consistent stream type here */
- if (extract && (rctx.prev_stream == rctx.stream
+ case STREAM_ENCRYPTED_FILE_COMPRESSED_DATA:
+ case STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA:
+ /*
+ * Force an expected, consistent stream type here
+ */
+ if (rctx.extract && (rctx.prev_stream == rctx.stream
|| rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
|| rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
|| rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
rctx.flags = 0;
- if (rctx.stream == STREAM_SPARSE_DATA ||
- rctx.stream == STREAM_SPARSE_GZIP_DATA) {
+ if (rctx.stream == STREAM_SPARSE_DATA
+ || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
+ || rctx.stream == STREAM_SPARSE_GZIP_DATA) {
rctx.flags |= FO_SPARSE;
}
|| rctx.stream == STREAM_SPARSE_GZIP_DATA
|| rctx.stream == STREAM_WIN32_GZIP_DATA
|| rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
+ || rctx.stream == STREAM_COMPRESSED_DATA
+ || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
+ || rctx.stream == STREAM_WIN32_COMPRESSED_DATA
+ || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
+ || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
|| rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
- rctx.flags |= FO_GZIP;
+ rctx.flags |= FO_COMPRESS;
+ rctx.comp_stream = rctx.stream;
}
if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
|| rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
|| rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
+ || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
+ || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
|| rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
- /* Set up a decryption context */
+ /*
+ * Set up a decryption context
+ */
if (!rctx.cipher_ctx.cipher) {
if (!rctx.cs) {
Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
- extract = false;
+ rctx.extract = false;
bclose(&rctx.bfd);
continue;
}
&rctx.cipher_ctx.block_size)) == NULL) {
Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
free_session(rctx);
- extract = false;
+ rctx.extract = false;
bclose(&rctx.bfd);
continue;
}
if (is_win32_stream(rctx.stream) && !have_win32_api()) {
set_portable_backup(&rctx.bfd);
- rctx.flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */
+ /*
+ * "decompose" BackupWrite data
+ */
+ rctx.flags |= FO_WIN32DECOMP;
}
- if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
- rctx.flags, &rctx.cipher_ctx) < 0) {
- extract = false;
+ if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
+ rctx.flags, rctx.stream, &rctx.cipher_ctx) < 0) {
+ rctx.extract = false;
bclose(&rctx.bfd);
continue;
}
}
break;
- /* Resource fork stream - only recorded after a file to be restored */
- /* Silently ignore if we cannot write - we already reported that */
+ /*
+ * Resource fork stream - only recorded after a file to be restored
+ * Silently ignore if we cannot write - we already reported that
+ */
case STREAM_ENCRYPTED_MACOS_FORK_DATA:
case STREAM_MACOS_FORK_DATA:
-#ifdef HAVE_DARWIN_OS
- rctx.fork_flags = 0;
- jcr->ff->flags |= FO_HFSPLUS;
-
- if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
- rctx.fork_flags |= FO_ENCRYPT;
-
- /* Set up a decryption context */
- if (extract && !rctx.fork_cipher_ctx.cipher) {
- if (!rctx.cs) {
- Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
- extract = false;
- bclose(&rctx.bfd);
- continue;
- }
+ if (have_darwin_os) {
+ rctx.fork_flags = 0;
+ jcr->ff->flags |= FO_HFSPLUS;
- if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
- Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
- free_session(rctx);
- extract = false;
- bclose(&rctx.bfd);
- continue;
+ if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
+ rctx.fork_flags |= FO_ENCRYPT;
+
+ /*
+ * Set up a decryption context
+ */
+ if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
+ if (!rctx.cs) {
+ Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
+ rctx.extract = false;
+ bclose(&rctx.bfd);
+ continue;
+ }
+
+ if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
+ Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
+ free_session(rctx);
+ rctx.extract = false;
+ bclose(&rctx.bfd);
+ continue;
+ }
}
}
- }
- if (extract) {
- if (rctx.prev_stream != rctx.stream) {
- if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
- Jmsg(jcr, M_ERROR, 0, _(" Cannot open resource fork for %s.\n"), jcr->last_fname);
- extract = false;
- continue;
- }
+ if (rctx.extract) {
+ if (rctx.prev_stream != rctx.stream) {
+ if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
+ Jmsg(jcr, M_WARNING, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
+ rctx.extract = false;
+ continue;
+ }
- rctx.fork_size = rsrc_len;
- Dmsg0(30, "Restoring resource fork\n");
- }
+ rctx.fork_size = rsrc_len;
+ Dmsg0(130, "Restoring resource fork\n");
+ }
- if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
- &rctx.fork_cipher_ctx) < 0) {
- extract = false;
- bclose(&rctx.forkbfd);
- continue;
+ if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
+ rctx.stream, &rctx.fork_cipher_ctx) < 0) {
+ rctx.extract = false;
+ bclose(&rctx.forkbfd);
+ continue;
+ }
}
+ } else {
+ non_support_rsrc++;
}
-#else
- non_support_rsrc++;
-#endif
break;
case STREAM_HFSPLUS_ATTRIBUTES:
-#ifdef HAVE_DARWIN_OS
- Dmsg0(30, "Restoring Finder Info\n");
- jcr->ff->flags |= FO_HFSPLUS;
- if (sd->msglen != 32) {
- Jmsg(jcr, M_ERROR, 0, _(" Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen);
- continue;
- }
- if (setattrlist(jcr->last_fname, &attrList, sd->msg, sd->msglen, 0) != 0) {
- Jmsg(jcr, M_ERROR, 0, _(" Could not set Finder Info on %s\n"), jcr->last_fname);
- continue;
+ if (have_darwin_os) {
+ if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
+ continue;
+ }
+ } else {
+ non_support_finfo++;
}
-#else
- non_support_finfo++;
-#endif
break;
case STREAM_UNIX_ACCESS_ACL:
+ case STREAM_UNIX_DEFAULT_ACL:
+ case STREAM_ACL_AIX_TEXT:
+ case STREAM_ACL_DARWIN_ACCESS_ACL:
+ case STREAM_ACL_FREEBSD_DEFAULT_ACL:
+ case STREAM_ACL_FREEBSD_ACCESS_ACL:
+ case STREAM_ACL_HPUX_ACL_ENTRY:
+ case STREAM_ACL_IRIX_DEFAULT_ACL:
+ case STREAM_ACL_IRIX_ACCESS_ACL:
+ case STREAM_ACL_LINUX_DEFAULT_ACL:
+ case STREAM_ACL_LINUX_ACCESS_ACL:
+ case STREAM_ACL_TRU64_DEFAULT_ACL:
+ case STREAM_ACL_TRU64_DEFAULT_DIR_ACL:
+ case STREAM_ACL_TRU64_ACCESS_ACL:
+ case STREAM_ACL_SOLARIS_ACLENT:
+ case STREAM_ACL_SOLARIS_ACE:
+ case STREAM_ACL_AFS_TEXT:
+ case STREAM_ACL_AIX_AIXC:
+ case STREAM_ACL_AIX_NFS4:
+ case STREAM_ACL_FREEBSD_NFS4_ACL:
+ /*
+ * Do not restore ACLs when
+ * a) The current file is not extracted
+ * b) and it is not a directory (they are never "extracted")
+ * c) or the file name is empty
+ */
+ if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
+ break;
+ }
if (have_acl) {
- pm_strcpy(jcr->acl_text, sd->msg);
- Dmsg2(400, "Restoring ACL type 0x%2x <%s>\n", BACL_TYPE_ACCESS, jcr->acl_text);
- if (bacl_set(jcr, BACL_TYPE_ACCESS) != 0) {
- Qmsg1(jcr, M_WARNING, 0, _("Can't restore ACL of %s\n"), jcr->last_fname);
+ pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen);
+ jcr->acl_data->content_length = sd->msglen;
+ switch (parse_acl_streams(jcr, rctx.stream)) {
+ case bacl_exit_fatal:
+ goto bail_out;
+ case bacl_exit_error:
+ /*
+ * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
+ * print the error message set by the lower level routine in jcr->errmsg.
+ */
+ if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
+ Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
+ }
+ jcr->acl_data->nr_errors++;
+ break;
+ case bacl_exit_ok:
+ break;
}
} else {
non_support_acl++;
}
break;
- case STREAM_UNIX_DEFAULT_ACL:
- if (have_acl) {
- pm_strcpy(jcr->acl_text, sd->msg);
- Dmsg2(400, "Restoring ACL type 0x%2x <%s>\n", BACL_TYPE_DEFAULT, jcr->acl_text);
- if (bacl_set(jcr, BACL_TYPE_DEFAULT) != 0) {
- Qmsg1(jcr, M_WARNING, 0, _("Can't restore default ACL of %s\n"), jcr->last_fname);
+ case STREAM_XATTR_IRIX:
+ case STREAM_XATTR_TRU64:
+ case STREAM_XATTR_AIX:
+ case STREAM_XATTR_OPENBSD:
+ case STREAM_XATTR_SOLARIS_SYS:
+ case STREAM_XATTR_SOLARIS:
+ case STREAM_XATTR_DARWIN:
+ case STREAM_XATTR_FREEBSD:
+ case STREAM_XATTR_LINUX:
+ case STREAM_XATTR_NETBSD:
+ /*
+ * Do not restore Extended Attributes when
+ * a) The current file is not extracted
+ * b) and it is not a directory (they are never "extracted")
+ * c) or the file name is empty
+ */
+ if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) {
+ break;
+ }
+ if (have_xattr) {
+ pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
+ jcr->xattr_data->content_length = sd->msglen;
+ switch (parse_xattr_streams(jcr, rctx.stream)) {
+ case bxattr_exit_fatal:
+ goto bail_out;
+ case bxattr_exit_error:
+ /*
+ * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
+ * print the error message set by the lower level routine in jcr->errmsg.
+ */
+ if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
+ Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
+ }
+ jcr->xattr_data->nr_errors++;
+ break;
+ case bxattr_exit_ok:
+ break;
}
} else {
- non_support_acl++;
+ non_support_xattr++;
}
break;
case STREAM_SIGNED_DIGEST:
- /* Is this an unexpected signature? */
+ /*
+ * Is this an unexpected signature?
+ */
if (rctx.sig) {
Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
free_signature(rctx);
continue;
}
- /* Save signature. */
- if (extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
+ /*
+ * Save signature.
+ */
+ if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
}
break;
break;
case STREAM_PLUGIN_NAME:
+ close_previous_stream(rctx);
+ Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg);
plugin_name_stream(jcr, sd->msg);
break;
- default:
- /* If extracting, wierd stream (not 1 or 2), close output file anyway */
- if (extract) {
- Dmsg1(30, "Found wierd stream %d\n", rctx.stream);
- if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
- Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
- }
- /* Flush and deallocate cipher context */
- deallocate_cipher(rctx);
- deallocate_fork_cipher(rctx);
-
- set_attributes(jcr, attr, &rctx.bfd);
+ case STREAM_RESTORE_OBJECT:
+ break; /* these are sent by Director */
- /* Verify the cryptographic signature if any */
- rctx.type = attr->type;
- verify_signature(jcr, rctx);
- extract = false;
- } else if (is_bopen(&rctx.bfd)) {
- Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
- bclose(&rctx.bfd);
- }
- Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
+ default:
+ close_previous_stream(rctx);
+ Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
rctx.stream);
Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
break;
} /* end switch(stream) */
-
} /* end while get_msg() */
- /* If output file is still open, it was the last one in the
+ /*
+ * If output file is still open, it was the last one in the
* archive since we just hit an end of file, so close the file.
*/
if (is_bopen(&rctx.forkbfd)) {
bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
}
- if (extract) {
- /* Flush and deallocate cipher context */
- deallocate_cipher(rctx);
- deallocate_fork_cipher(rctx);
-
- set_attributes(jcr, attr, &rctx.bfd);
-
- /* Verify the cryptographic signature on the last file, if any */
- rctx.type = attr->type;
- verify_signature(jcr, rctx);
- }
- if (is_bopen(&rctx.bfd)) {
- bclose(&rctx.bfd);
- }
-
- set_jcr_job_status(jcr, JS_Terminated);
+ close_previous_stream(rctx);
+ jcr->setJobStatus(JS_Terminated);
goto ok_out;
bail_out:
- set_jcr_job_status(jcr, JS_ErrorTerminated);
+ jcr->setJobStatus(JS_ErrorTerminated);
ok_out:
- /* Free Signature & Crypto Data */
+ /*
+ * First output the statistics.
+ */
+ Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
+ edit_uint64(jcr->JobBytes, ec1));
+ if (have_acl && jcr->acl_data->nr_errors > 0) {
+ Jmsg(jcr, M_WARNING, 0, _("Encountered %ld acl errors while doing restore\n"),
+ jcr->acl_data->nr_errors);
+ }
+ if (have_xattr && jcr->xattr_data->nr_errors > 0) {
+ Jmsg(jcr, M_WARNING, 0, _("Encountered %ld xattr errors while doing restore\n"),
+ jcr->xattr_data->nr_errors);
+ }
+ if (non_support_data > 1 || non_support_attr > 1) {
+ Jmsg(jcr, M_WARNING, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
+ non_support_data, non_support_attr);
+ }
+ if (non_support_rsrc) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
+ }
+ if (non_support_finfo) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
+ }
+ if (non_support_acl) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
+ }
+ if (non_support_crypto) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
+ }
+ if (non_support_xattr) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
+ }
+
+ /*
+ * Free Signature & Crypto Data
+ */
free_signature(rctx);
free_session(rctx);
if (jcr->crypto.digest) {
jcr->crypto.digest = NULL;
}
- /* Free file cipher restore context */
+ /*
+ * Free file cipher restore context
+ */
if (rctx.cipher_ctx.cipher) {
crypto_cipher_free(rctx.cipher_ctx.cipher);
rctx.cipher_ctx.cipher = NULL;
}
+
if (rctx.cipher_ctx.buf) {
free_pool_memory(rctx.cipher_ctx.buf);
rctx.cipher_ctx.buf = NULL;
}
- /* Free alternate stream cipher restore context */
+ /*
+ * Free alternate stream cipher restore context
+ */
if (rctx.fork_cipher_ctx.cipher) {
crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
rctx.fork_cipher_ctx.cipher = NULL;
}
if (jcr->compress_buf) {
- free(jcr->compress_buf);
+ free_pool_memory(jcr->compress_buf);
jcr->compress_buf = NULL;
jcr->compress_buf_size = 0;
}
- bclose(&rctx.forkbfd);
- bclose(&rctx.bfd);
- free_attr(attr);
- free_pool_memory(jcr->acl_text);
- Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
- edit_uint64(jcr->JobBytes, ec1));
- if (non_support_data > 1 || non_support_attr > 1) {
- Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
- non_support_data, non_support_attr);
- }
- if (non_support_rsrc) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
- }
- if (non_support_finfo) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
- }
- if (non_support_acl) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
+
+ if (have_acl && jcr->acl_data) {
+ free_pool_memory(jcr->acl_data->content);
+ free(jcr->acl_data);
+ jcr->acl_data = NULL;
}
- if (non_support_crypto) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
+
+ if (have_xattr && jcr->xattr_data) {
+ free_pool_memory(jcr->xattr_data->content);
+ free(jcr->xattr_data);
+ jcr->xattr_data = NULL;
}
+ bclose(&rctx.forkbfd);
+ bclose(&rctx.bfd);
+ free_attr(rctx.attr);
}
#ifdef HAVE_LIBZ
if (!jcr->crypto.pki_sign) {
- return true; /* no signature OK */
+ /*
+ * no signature OK
+ */
+ return true;
}
if (!sig) {
if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
return true;
}
- /* Iterate through the trusted signers */
+ /*
+ * Iterate through the trusted signers
+ */
foreach_alist(keypair, jcr->crypto.pki_signers) {
err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
switch (err) {
}
}
if (jcr->crypto.digest) {
- /* Use digest computed while writing the file to verify the signature */
+ /*
+ * Use digest computed while writing the file to verify the signature
+ */
if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
goto bail_out;
}
} else {
- /* Signature found, digest allocated. Old method,
+ /*
+ * Signature found, digest allocated. Old method,
* re-read the file and compute the digest
*/
jcr->crypto.digest = digest;
- /* Checksum the entire file */
- /* Make sure we don't modify JobBytes by saving and restoring it */
+ /*
+ * Checksum the entire file
+ * Make sure we don't modify JobBytes by saving and restoring it
+ */
saved_bytes = jcr->JobBytes;
if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
}
jcr->JobBytes = saved_bytes;
- /* Verify the signature */
+ /*
+ * Verify the signature
+ */
if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
jcr->crypto.digest = NULL;
}
- /* Valid signature */
+ /*
+ * Valid signature
+ */
Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
crypto_digest_free(digest);
return true;
case CRYPTO_ERROR_NOSIGNER:
- /* Signature not found, try again */
+ /*
+ * Signature not found, try again
+ */
if (digest) {
crypto_digest_free(digest);
digest = NULL;
}
continue;
default:
- /* Something strange happened (that shouldn't happen!)... */
+ /*
+ * Something strange happened (that shouldn't happen!)...
+ */
Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
goto bail_out;
}
}
- /* No signer */
+ /*
+ * No signer
+ */
Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
bail_out:
unser_declare;
uint64_t faddr;
char ec1[50];
- unser_begin(*data, SPARSE_FADDR_SIZE);
+ unser_begin(*data, OFFSET_FADDR_SIZE);
unser_uint64(faddr);
if (*addr != faddr) {
*addr = faddr;
return false;
}
}
- *data += SPARSE_FADDR_SIZE;
- *length -= SPARSE_FADDR_SIZE;
+ *data += OFFSET_FADDR_SIZE;
+ *length -= OFFSET_FADDR_SIZE;
return true;
}
-bool decompress_data(JCR *jcr, char **data, uint32_t *length)
+bool decompress_data(JCR *jcr, int32_t stream, char **data, uint32_t *length)
{
+ char ec1[50]; /* Buffer printing huge values */
+
+ Dmsg1(200, "Stream found in decompress_data(): %d\n", stream);
+ if(stream == STREAM_COMPRESSED_DATA || stream == STREAM_SPARSE_COMPRESSED_DATA || stream == STREAM_WIN32_COMPRESSED_DATA
+ || stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA || stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA)
+ {
+ uint32_t comp_magic, comp_len;
+ uint16_t comp_level, comp_version;
+#ifdef HAVE_LZO
+ lzo_uint compress_len;
+ const unsigned char *cbuf;
+ int r, real_compress_len;
+#endif
+
+ /* read compress header */
+ unser_declare;
+ unser_begin(*data, sizeof(comp_stream_header));
+ unser_uint32(comp_magic);
+ unser_uint32(comp_len);
+ unser_uint16(comp_level);
+ unser_uint16(comp_version);
+ Dmsg4(200, "Compressed data stream found: magic=0x%x, len=%d, level=%d, ver=0x%x\n", comp_magic, comp_len,
+ comp_level, comp_version);
+
+ /* version check */
+ if (comp_version != COMP_HEAD_VERSION) {
+ Qmsg(jcr, M_ERROR, 0, _("Compressed header version error. version=0x%x\n"), comp_version);
+ return false;
+ }
+ /* size check */
+ if (comp_len + sizeof(comp_stream_header) != *length) {
+ Qmsg(jcr, M_ERROR, 0, _("Compressed header size error. comp_len=%d, msglen=%d\n"),
+ comp_len, *length);
+ return false;
+ }
+ switch(comp_magic) {
+#ifdef HAVE_LZO
+ case COMPRESS_LZO1X:
+ compress_len = jcr->compress_buf_size;
+ cbuf = (const unsigned char*)*data + sizeof(comp_stream_header);
+ real_compress_len = *length - sizeof(comp_stream_header);
+ Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
+ while ((r=lzo1x_decompress_safe(cbuf, real_compress_len,
+ (unsigned char *)jcr->compress_buf, &compress_len, NULL)) == LZO_E_OUTPUT_OVERRUN)
+ {
+ /*
+ * The buffer size is too small, try with a bigger one
+ */
+ compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
+ Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
+ jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
+ compress_len);
+ }
+ if (r != LZO_E_OK) {
+ Qmsg(jcr, M_ERROR, 0, _("LZO uncompression error on file %s. ERR=%d\n"),
+ jcr->last_fname, r);
+ return false;
+ }
+ *data = jcr->compress_buf;
+ *length = compress_len;
+ Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
+ return true;
+#endif
+ default:
+ Qmsg(jcr, M_ERROR, 0, _("Compression algorithm 0x%x found, but not supported!\n"), comp_magic);
+ return false;
+ }
+ } else {
#ifdef HAVE_LIBZ
- uLong compress_len;
- int stat;
- char ec1[50]; /* Buffer printing huge values */
+ uLong compress_len;
+ int stat;
- /*
- * NOTE! We only use uLong and Byte because they are
- * needed by the zlib routines, they should not otherwise
- * be used in Bacula.
- */
- compress_len = jcr->compress_buf_size;
- Dmsg2(100, "Comp_len=%d msglen=%d\n", compress_len, *length);
- if ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
- (const Byte *)*data, (uLong)*length)) != Z_OK) {
- Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
- jcr->last_fname, zlib_strerror(stat));
- return false;
- }
- *data = jcr->compress_buf;
- *length = compress_len;
- Dmsg2(100, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
- return true;
+ /*
+ * NOTE! We only use uLong and Byte because they are
+ * needed by the zlib routines, they should not otherwise
+ * be used in Bacula.
+ */
+ compress_len = jcr->compress_buf_size;
+ Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
+ while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
+ (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
+ {
+ /*
+ * The buffer size is too small, try with a bigger one
+ */
+ compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
+ Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
+ jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
+ compress_len);
+ }
+ if (stat != Z_OK) {
+ Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
+ jcr->last_fname, zlib_strerror(stat));
+ return false;
+ }
+ *data = jcr->compress_buf;
+ *length = compress_len;
+ Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
+ return true;
#else
- Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
- return false;
+ Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
+ return false;
#endif
+ }
}
static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
* Return value is the number of bytes written, or -1 on errors.
*/
int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
- uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx)
+ uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx)
{
- char *wbuf; /* write buffer */
- uint32_t wsize; /* write size */
- uint32_t rsize; /* read size */
- uint32_t decrypted_len = 0; /* Decryption output length */
- char ec1[50]; /* Buffer printing huge values */
+ char *wbuf; /* write buffer */
+ uint32_t wsize; /* write size */
+ uint32_t rsize; /* read size */
+ uint32_t decrypted_len = 0; /* Decryption output length */
+ char ec1[50]; /* Buffer printing huge values */
rsize = buflen;
jcr->ReadBytes += rsize;
if (flags & FO_ENCRYPT) {
ASSERT(cipher_ctx->cipher);
- /* NOTE: We must implement block preserving semantics for the
- * non-streaming compression and sparse code. */
-
/*
+ * NOTE: We must implement block preserving semantics for the
+ * non-streaming compression and sparse code.
+ *
* Grow the crypto buffer, if necessary.
* crypto_cipher_update() will process only whole blocks,
* buffering the remaining input.
cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
- /* Decrypt the input block */
+ /*
+ * Decrypt the input block
+ */
if (!crypto_cipher_update(cipher_ctx->cipher,
(const u_int8_t *)wbuf,
wsize,
(u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
&decrypted_len)) {
- /* Decryption failed. Shouldn't happen. */
+ /*
+ * Decryption failed. Shouldn't happen.
+ */
Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
- return -1;
+ goto bail_out;
}
if (decrypted_len == 0) {
- /* No full block of encrypted data available, write more data */
+ /*
+ * No full block of encrypted data available, write more data
+ */
return 0;
}
- Dmsg2(100, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
+ Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
cipher_ctx->buf_len += decrypted_len;
wbuf = cipher_ctx->buf;
- /* If one full preserved block is available, write it to disk,
+ /*
+ * If one full preserved block is available, write it to disk,
* and then buffer any remaining data. This should be effecient
* as long as Bacula's block size is not significantly smaller than the
- * encryption block size (extremely unlikely!) */
+ * encryption block size (extremely unlikely!)
+ */
unser_crypto_packet_len(cipher_ctx);
Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
- /* No full preserved block is available. */
+ /*
+ * No full preserved block is available.
+ */
return 0;
}
- /* We have one full block, set up the filter input buffers */
+ /*
+ * We have one full block, set up the filter input buffers
+ */
wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
cipher_ctx->buf_len -= cipher_ctx->packet_len;
- Dmsg2(30, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
+ Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
}
- if (flags & FO_SPARSE) {
+ if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
- return -1;
+ goto bail_out;
}
}
- if (flags & FO_GZIP) {
- if (!decompress_data(jcr, &wbuf, &wsize)) {
- return -1;
+ if (flags & FO_COMPRESS) {
+ if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
+ goto bail_out;
}
}
if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
- return -1;
+ goto bail_out;
}
jcr->JobBytes += wsize;
*addr += wsize;
- Dmsg2(30, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
+ Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
- /* Clean up crypto buffers */
+ /*
+ * Clean up crypto buffers
+ */
if (flags & FO_ENCRYPT) {
/* Move any remaining data to start of buffer */
if (cipher_ctx->buf_len > 0) {
- Dmsg1(30, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
+ Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
cipher_ctx->buf_len);
}
- /* The packet was successfully written, reset the length so that the next
- * packet length may be re-read by unser_crypto_packet_len() */
+ /*
+ * The packet was successfully written, reset the length so that the next
+ * packet length may be re-read by unser_crypto_packet_len()
+ */
cipher_ctx->packet_len = 0;
}
-
return wsize;
+
+bail_out:
+ return -1;
}
+
+/*
+ * If extracting, close any previous stream
+ */
+static void close_previous_stream(r_ctx &rctx)
+{
+ /*
+ * If extracting, it was from previous stream, so
+ * close the output file and validate the signature.
+ */
+ if (rctx.extract) {
+ if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
+ Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
+ Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
+ is_bopen(&rctx.bfd));
+ }
+
+ if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
+ deallocate_cipher(rctx);
+ deallocate_fork_cipher(rctx);
+ }
+
+ if (rctx.jcr->plugin) {
+ plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
+ } else {
+ set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
+ }
+ rctx.extract = false;
+
+ /*
+ * Verify the cryptographic signature, if any
+ */
+ rctx.type = rctx.attr->type;
+ verify_signature(rctx.jcr, rctx);
+
+ /*
+ * Free Signature
+ */
+ free_signature(rctx);
+ free_session(rctx);
+ rctx.jcr->ff->flags = 0;
+ Dmsg0(130, "Stop extracting.\n");
+ } else if (is_bopen(&rctx.bfd)) {
+ Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
+ Dmsg0(000, "=== logic error !open\n");
+ bclose(&rctx.bfd);
+ }
+}
+
+
/*
* In the context of jcr, flush any remaining data from the cipher context,
* writing it to bfd.
* Return value is true on success, false on failure.
*/
-bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
+bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
RESTORE_CIPHER_CTX *cipher_ctx)
{
uint32_t decrypted_len = 0;
bool second_pass = false;
again:
- /* Write out the remaining block and free the cipher context */
+ /*
+ * Write out the remaining block and free the cipher context
+ */
cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
- cipher_ctx->block_size);
+ cipher_ctx->block_size);
if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
&decrypted_len)) {
- /* Writing out the final, buffered block failed. Shouldn't happen. */
+ /*
+ * Writing out the final, buffered block failed. Shouldn't happen.
+ */
Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
}
- Dmsg2(30, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
- /* If nothing new was decrypted, and our output buffer is empty, return */
+ Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
+ /*
+ * If nothing new was decrypted, and our output buffer is empty, return
+ */
if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
return true;
}
unser_crypto_packet_len(cipher_ctx);
Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
- wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; /* Decrypted, possibly decompressed output here. */
+ /*
+ * Decrypted, possibly decompressed output here.
+ */
+ wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
cipher_ctx->buf_len -= cipher_ctx->packet_len;
- Dmsg2(30, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
+ Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
- if (flags & FO_SPARSE) {
+ if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
return false;
}
}
- if (flags & FO_GZIP) {
- if (!decompress_data(jcr, &wbuf, &wsize)) {
+ if (flags & FO_COMPRESS) {
+ if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
return false;
}
}
- Dmsg0(30, "Call store_data\n");
+ Dmsg0(130, "Call store_data\n");
if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
return false;
}
jcr->JobBytes += wsize;
- Dmsg2(30, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
+ Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
- /* Move any remaining data to start of buffer */
+ /*
+ * Move any remaining data to start of buffer
+ */
if (cipher_ctx->buf_len > 0) {
- Dmsg1(30, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
+ Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
cipher_ctx->buf_len);
}
- /* The packet was successfully written, reset the length so that the next
- * packet length may be re-read by unser_crypto_packet_len() */
+ /*
+ * The packet was successfully written, reset the length so that the next
+ * packet length may be re-read by unser_crypto_packet_len()
+ */
cipher_ctx->packet_len = 0;
if (cipher_ctx->buf_len >0 && !second_pass) {
goto again;
}
- /* Stop decryption */
+ /*
+ * Stop decryption
+ */
cipher_ctx->buf_len = 0;
cipher_ctx->packet_len = 0;
static void deallocate_cipher(r_ctx &rctx)
{
- /* Flush and deallocate previous stream's cipher context */
+ /*
+ * Flush and deallocate previous stream's cipher context
+ */
if (rctx.cipher_ctx.cipher) {
- flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx);
+ flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, rctx.comp_stream, &rctx.cipher_ctx);
crypto_cipher_free(rctx.cipher_ctx.cipher);
rctx.cipher_ctx.cipher = NULL;
}
static void deallocate_fork_cipher(r_ctx &rctx)
{
- /* Flush and deallocate previous stream's fork cipher context */
+ /*
+ * Flush and deallocate previous stream's fork cipher context
+ */
if (rctx.fork_cipher_ctx.cipher) {
- flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx);
+ flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, rctx.comp_stream, &rctx.fork_cipher_ctx);
crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
rctx.fork_cipher_ctx.cipher = NULL;
}
}
-/* This code if implemented goes above */
+/*
+ * This code if implemented goes above
+ */
#ifdef stbernard_implemented
/ #if defined(HAVE_WIN32)
bool bResumeOfmOnExit = FALSE;
projects / bacula / bacula / blobdiff