/*
Bacula® - The Network Backup Solution
- Copyright (C) 2000-2008 Free Software Foundation Europe e.V.
+ Copyright (C) 2000-2010 Free Software Foundation Europe e.V.
The main author of Bacula is Kern Sibbald, with contributions from
many others, a complete list can be found in the file AUTHORS.
This program is Free Software; you can redistribute it and/or
- modify it under the terms of version two of the GNU General Public
+ modify it under the terms of version three of the GNU Affero General Public
License as published by the Free Software Foundation and included
in the file LICENSE.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Affero General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
02110-1301, USA.
*
* Kern Sibbald, November MM
*
- * Version $Id$
- *
*/
#include "bacula.h"
#include "filed.h"
+#include "restore.h"
#ifdef HAVE_DARWIN_OS
#include <sys/attr.h>
const bool have_xattr = false;
#endif
-/* Data received from Storage Daemon */
+/*
+ * Data received from Storage Daemon
+ */
static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
-typedef struct restore_cipher_ctx {
- CIPHER_CONTEXT *cipher;
- uint32_t block_size;
-
- POOLMEM *buf; /* Pointer to descryption buffer */
- int32_t buf_len; /* Count of bytes currently in buf */
- int32_t packet_len; /* Total bytes in packet */
-} RESTORE_CIPHER_CTX;
-
-struct r_ctx {
- JCR *jcr;
- int32_t stream;
- int32_t prev_stream;
- BFILE bfd; /* File content */
- uint64_t fileAddr; /* file write address */
- uint32_t size; /* Size of file */
- int flags; /* Options for extract_data() */
- BFILE forkbfd; /* Alternative data stream */
- uint64_t fork_addr; /* Write address for alternative stream */
- intmax_t fork_size; /* Size of alternate stream */
- int fork_flags; /* Options for extract_data() */
- int32_t type; /* file type FT_ */
- ATTR *attr; /* Pointer to attributes */
- bool extract; /* set when extracting */
-
- SIGNATURE *sig; /* Cryptographic signature (if any) for file */
- CRYPTO_SESSION *cs; /* Cryptographic session data (if any) for file */
- RESTORE_CIPHER_CTX cipher_ctx; /* Cryptographic restore context (if any) for file */
- RESTORE_CIPHER_CTX fork_cipher_ctx; /* Cryptographic restore context (if any) for alternative stream */
-};
-
-
-/* Forward referenced functions */
+/*
+ * Forward referenced functions
+ */
#if defined(HAVE_LIBZ)
static const char *zlib_strerror(int stat);
const bool have_libz = true;
static void free_session(r_ctx &rctx);
static void close_previous_stream(r_ctx &rctx);
-
-
static bool verify_signature(JCR *jcr, r_ctx &rctx);
-int32_t extract_data(JCR *jcr, r_ctx &rctx, POOLMEM *buf, int32_t buflen,
+int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx);
bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
RESTORE_CIPHER_CTX *cipher_ctx);
-
/*
* Close a bfd check that we are at the expected file offset.
* Makes use of some code from set_attributes().
boffset_t fsize;
fsize = blseek(bfd, 0, SEEK_CUR);
- bclose(bfd); /* first close file */
+ bclose(bfd);
if (fsize > 0 && fsize != osize) {
Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
jcr->last_fname, edit_uint64(osize, ec1),
return 0;
}
+#ifdef HAVE_DARWIN_OS
+bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
+{
+ struct attrlist attrList;
+
+ memset(&attrList, 0, sizeof(attrList));
+ attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
+ attrList.commonattr = ATTR_CMN_FNDRINFO;
+
+ Dmsg0(130, "Restoring Finder Info\n");
+ jcr->ff->flags |= FO_HFSPLUS;
+ if (buflen != 32) {
+ Jmsg(jcr, M_ERROR, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen);
+ return false;
+ }
+
+ if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
+ Jmsg(jcr, M_ERROR, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname);
+ return false;
+ }
+
+ return true;
+}
+#else
+bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
+{
+ return true;
+}
+#endif
/*
* Restore the requested files.
- *
*/
void do_restore(JCR *jcr)
{
BSOCK *sd;
uint32_t VolSessionId, VolSessionTime;
int32_t file_index;
- char ec1[50]; /* Buffer printing huge values */
- uint32_t buf_size; /* client buffer size */
+ char ec1[50]; /* Buffer printing huge values */
+ uint32_t buf_size; /* client buffer size */
int stat;
intmax_t rsrc_len = 0; /* Original length of resource fork */
r_ctx rctx;
memset(&rctx, 0, sizeof(rctx));
rctx.jcr = jcr;
- /* The following variables keep track of "known unknowns" */
+ /*
+ * The following variables keep track of "known unknowns"
+ */
int non_support_data = 0;
int non_support_attr = 0;
int non_support_rsrc = 0;
int non_support_crypto = 0;
int non_support_xattr = 0;
-#ifdef HAVE_DARWIN_OS
- struct attrlist attrList;
- memset(&attrList, 0, sizeof(attrList));
- attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
- attrList.commonattr = ATTR_CMN_FNDRINFO;
-#endif
-
-
sd = jcr->store_bsock;
set_jcr_job_status(jcr, JS_Running);
}
jcr->buf_size = sd->msglen;
- /* St Bernard code goes here if implemented -- see end of file */
+ /*
+ * St Bernard code goes here if implemented -- see end of file
+ */
if (have_libz) {
uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
- jcr->compress_buf = (char *)bmalloc(compress_buf_size);
+ jcr->compress_buf = get_memory(compress_buf_size);
jcr->compress_buf_size = compress_buf_size;
}
binit(&rctx.forkbfd);
attr = rctx.attr = new_attr(jcr);
if (have_acl) {
- jcr->acl_data = get_pool_memory(PM_MESSAGE);
+ jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t));
+ memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t));
+ jcr->acl_data->content = get_pool_memory(PM_MESSAGE);
}
if (have_xattr) {
- jcr->xattr_data = get_pool_memory(PM_MESSAGE);
+ jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t));
+ memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t));
+ jcr->xattr_data->content = get_pool_memory(PM_MESSAGE);
}
while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
- /* Remember previous stream type */
+ /*
+ * Remember previous stream type
+ */
rctx.prev_stream = rctx.stream;
- /* First we expect a Stream Record Header */
+ /*
+ * First we expect a Stream Record Header
+ */
if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
&rctx.stream, &rctx.size) != 5) {
Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
goto bail_out;
}
- Dmsg5(50, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
+ Dmsg5(150, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
- /* * Now we expect the Stream Data */
+ /*
+ * Now we expect the Stream Data
+ */
if (bget_msg(sd) < 0) {
Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
goto bail_out;
Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
sd->msglen, rctx.extract);
- /* If we change streams, close and reset alternate data streams */
+ /*
+ * If we change streams, close and reset alternate data streams
+ */
if (rctx.prev_stream != rctx.stream) {
if (is_bopen(&rctx.forkbfd)) {
deallocate_fork_cipher(rctx);
bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size);
}
- rctx.fork_size = -1; /* Use an impossible value and set a proper one below */
+ /*
+ * Use an impossible value and set a proper one below
+ */
+ rctx.fork_size = -1;
rctx.fork_addr = 0;
}
- /* File Attributes stream */
+ /*
+ * File Attributes stream
+ */
switch (rctx.stream) {
case STREAM_UNIX_ATTRIBUTES:
case STREAM_UNIX_ATTRIBUTES_EX:
- close_previous_stream(rctx); /* if any previous stream open, close it */
-
+ /*
+ * if any previous stream open, close it
+ */
+ close_previous_stream(rctx);
- /* TODO: manage deleted files */
+ /*
+ * TODO: manage deleted files
+ */
if (rctx.type == FT_DELETED) { /* deleted file */
continue;
}
+ /*
+ * Restore objects should be ignored here -- they are
+ * returned at the beginning of the restore.
+ */
+ if (rctx.type == FT_RESTORE_FIRST) {
+ continue;
+ }
/*
* Unpack attributes and do sanity check them
*/
- if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, attr)) {
- goto bail_out;
- }
-#ifdef xxx
- if (file_index != attr->file_index) {
- Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"),
- file_index, attr->file_index);
- Dmsg0(200, "File index error\n");
+ if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) {
goto bail_out;
}
-#endif
- Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
+ Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
attr->attr, attr->attrEx);
+ Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen,
+ strlen(attr->attrEx), sd->msg);
attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
/*
* Try to actually create the file, which returns a status telling
- * us if we need to extract or not.
+ * us if we need to extract or not.
*/
jcr->num_files_examined++;
rctx.extract = false;
pm_strcpy(jcr->last_fname, attr->ofname);
jcr->last_type = attr->type;
break;
- case CF_EXTRACT: /* File created and we expect file data */
+ case CF_EXTRACT:
+ /*
+ * File created and we expect file data
+ */
rctx.extract = true;
- /* FALLTHROUGH */
- case CF_CREATED: /* File created, but there is no content */
- jcr->JobFiles++;
+ /*
+ * FALLTHROUGH
+ */
+ case CF_CREATED:
+ /*
+ * File created, but there is no content
+ */
rctx.fileAddr = 0;
print_ls_output(jcr, attr);
if (have_darwin_os) {
- /* Only restore the resource fork for regular files */
+ /*
+ * Only restore the resource fork for regular files
+ */
from_base64(&rsrc_len, attr->attrEx);
if (attr->type == FT_REG && rsrc_len > 0) {
rctx.extract = true;
}
+
+ /*
+ * Count the resource forks not as regular files being restored.
+ */
+ if (rsrc_len == 0) {
+ jcr->JobFiles++;
+ }
+ } else {
+ jcr->JobFiles++;
}
+
if (!rctx.extract) {
- /* set attributes now because file will not be extracted */
+ /*
+ * set attributes now because file will not be extracted
+ */
if (jcr->plugin) {
plugin_set_attributes(jcr, attr, &rctx.bfd);
} else {
}
break;
- /* Data stream */
+ /*
+ * Data stream
+ */
case STREAM_ENCRYPTED_SESSION_DATA:
crypto_error_t cryptoerr;
- /* Is this an unexpected session data entry? */
+ /*
+ * Is this an unexpected session data entry?
+ */
if (rctx.cs) {
Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
rctx.extract = false;
continue;
}
- /* Do we have any keys at all? */
+ /*
+ * Do we have any keys at all?
+ */
if (!jcr->crypto.pki_recipients) {
Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
rctx.extract = false;
break;
}
- /* Decode and save session keys. */
+ /*
+ * Decode and save session keys.
+ */
cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen,
jcr->crypto.pki_recipients, &rctx.cs);
switch(cryptoerr) {
case CRYPTO_ERROR_NONE:
- /* Success */
+ /*
+ * Success
+ */
break;
case CRYPTO_ERROR_NORECIPIENT:
Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
break;
default:
- /* Shouldn't happen */
+ /*
+ * Shouldn't happen
+ */
Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr));
break;
}
case STREAM_ENCRYPTED_WIN32_DATA:
case STREAM_ENCRYPTED_FILE_GZIP_DATA:
case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
- /* Force an expected, consistent stream type here */
+ /*
+ * Force an expected, consistent stream type here
+ */
if (rctx.extract && (rctx.prev_stream == rctx.stream
|| rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
|| rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
|| rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
|| rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
|| rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
- /* Set up a decryption context */
+ /*
+ * Set up a decryption context
+ */
if (!rctx.cipher_ctx.cipher) {
if (!rctx.cs) {
Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
if (is_win32_stream(rctx.stream) && !have_win32_api()) {
set_portable_backup(&rctx.bfd);
- rctx.flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */
+ /*
+ * "decompose" BackupWrite data
+ */
+ rctx.flags |= FO_WIN32DECOMP;
}
- if (extract_data(jcr, rctx, sd->msg, sd->msglen, &rctx.fileAddr,
+ if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr,
rctx.flags, &rctx.cipher_ctx) < 0) {
+ rctx.extract = false;
bclose(&rctx.bfd);
continue;
}
}
break;
- /* Resource fork stream - only recorded after a file to be restored */
- /* Silently ignore if we cannot write - we already reported that */
+ /*
+ * Resource fork stream - only recorded after a file to be restored
+ * Silently ignore if we cannot write - we already reported that
+ */
case STREAM_ENCRYPTED_MACOS_FORK_DATA:
case STREAM_MACOS_FORK_DATA:
-#ifdef HAVE_DARWIN_OS
- rctx.fork_flags = 0;
- jcr->ff->flags |= FO_HFSPLUS;
+ if (have_darwin_os) {
+ rctx.fork_flags = 0;
+ jcr->ff->flags |= FO_HFSPLUS;
- if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
- rctx.fork_flags |= FO_ENCRYPT;
+ if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
+ rctx.fork_flags |= FO_ENCRYPT;
- /* Set up a decryption context */
- if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
- if (!rctx.cs) {
- Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
- rctx.extract = false;
- bclose(&rctx.bfd);
- continue;
- }
+ /*
+ * Set up a decryption context
+ */
+ if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
+ if (!rctx.cs) {
+ Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
+ rctx.extract = false;
+ bclose(&rctx.bfd);
+ continue;
+ }
- if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
- Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
- free_session(rctx);
- rctx.extract = false;
- bclose(&rctx.bfd);
- continue;
+ if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
+ Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
+ free_session(rctx);
+ rctx.extract = false;
+ bclose(&rctx.bfd);
+ continue;
+ }
}
}
- }
- if (rctx.extract) {
- if (rctx.prev_stream != rctx.stream) {
- if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
- Jmsg(jcr, M_ERROR, 0, _(" Cannot open resource fork for %s.\n"), jcr->last_fname);
+ if (rctx.extract) {
+ if (rctx.prev_stream != rctx.stream) {
+ if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
+ Jmsg(jcr, M_ERROR, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
+ rctx.extract = false;
+ continue;
+ }
+
+ rctx.fork_size = rsrc_len;
+ Dmsg0(130, "Restoring resource fork\n");
+ }
+
+ if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
+ &rctx.fork_cipher_ctx) < 0) {
rctx.extract = false;
+ bclose(&rctx.forkbfd);
continue;
}
-
- rctx.fork_size = rsrc_len;
- Dmsg0(130, "Restoring resource fork\n");
- }
-
- if (extract_data(jcr, rctx, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags,
- &rctx.fork_cipher_ctx) < 0) {
- bclose(&rctx.forkbfd);
- continue;
}
+ } else {
+ non_support_rsrc++;
}
-#else
- non_support_rsrc++;
-#endif
break;
case STREAM_HFSPLUS_ATTRIBUTES:
-#ifdef HAVE_DARWIN_OS
- Dmsg0(130, "Restoring Finder Info\n");
- jcr->ff->flags |= FO_HFSPLUS;
- if (sd->msglen != 32) {
- Jmsg(jcr, M_ERROR, 0, _(" Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen);
- continue;
- }
- if (setattrlist(jcr->last_fname, &attrList, sd->msg, sd->msglen, 0) != 0) {
- Jmsg(jcr, M_ERROR, 0, _(" Could not set Finder Info on %s\n"), jcr->last_fname);
- continue;
+ if (have_darwin_os) {
+ if (!restore_finderinfo(jcr, sd->msg, sd->msglen)) {
+ continue;
+ }
+ } else {
+ non_support_finfo++;
}
-#else
- non_support_finfo++;
-#endif
break;
case STREAM_UNIX_ACCESS_ACL:
case STREAM_ACL_TRU64_ACCESS_ACL:
case STREAM_ACL_SOLARIS_ACLENT:
case STREAM_ACL_SOLARIS_ACE:
+ case STREAM_ACL_AFS_TEXT:
+ case STREAM_ACL_AIX_AIXC:
+ case STREAM_ACL_AIX_NFS4:
/*
* Do not restore ACLs when
* a) The current file is not extracted
break;
}
if (have_acl) {
- pm_memcpy(jcr->acl_data, sd->msg, sd->msglen);
- jcr->acl_data_len = sd->msglen;
- if (!parse_acl_stream(jcr, rctx.stream)) {
- Qmsg1(jcr, M_WARNING, 0, _("Can't restore ACLs of %s\n"), jcr->last_fname);
+ pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen);
+ jcr->acl_data->content_length = sd->msglen;
+ switch (parse_acl_streams(jcr, rctx.stream)) {
+ case bacl_exit_fatal:
+ goto bail_out;
+ case bacl_exit_error:
+ /*
+ * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB
+ * print the error message set by the lower level routine in jcr->errmsg.
+ */
+ if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) {
+ Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
+ }
+ jcr->acl_data->nr_errors++;
+ break;
+ case bacl_exit_ok:
+ break;
}
} else {
non_support_acl++;
}
break;
+ case STREAM_XATTR_IRIX:
+ case STREAM_XATTR_TRU64:
+ case STREAM_XATTR_AIX:
+ case STREAM_XATTR_OPENBSD:
case STREAM_XATTR_SOLARIS_SYS:
case STREAM_XATTR_SOLARIS:
case STREAM_XATTR_DARWIN:
break;
}
if (have_xattr) {
- pm_memcpy(jcr->xattr_data, sd->msg, sd->msglen);
- jcr->xattr_data_len = sd->msglen;
- if (!parse_xattr_stream(jcr, rctx.stream)) {
- Qmsg1(jcr, M_WARNING, 0, _("Can't restore Extended Attributes of %s\n"), jcr->last_fname);
+ pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen);
+ jcr->xattr_data->content_length = sd->msglen;
+ switch (parse_xattr_streams(jcr, rctx.stream)) {
+ case bxattr_exit_fatal:
+ goto bail_out;
+ case bxattr_exit_error:
+ /*
+ * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB
+ * print the error message set by the lower level routine in jcr->errmsg.
+ */
+ if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) {
+ Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
+ }
+ jcr->xattr_data->nr_errors++;
+ break;
+ case bxattr_exit_ok:
+ break;
}
} else {
non_support_xattr++;
break;
case STREAM_SIGNED_DIGEST:
- /* Is this an unexpected signature? */
+ /*
+ * Is this an unexpected signature?
+ */
if (rctx.sig) {
Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
free_signature(rctx);
continue;
}
- /* Save signature. */
+ /*
+ * Save signature.
+ */
if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) {
Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
}
plugin_name_stream(jcr, sd->msg);
break;
+ case STREAM_RESTORE_OBJECT:
+ break; /* these are sent by Director */
+
default:
close_previous_stream(rctx);
Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg);
break;
} /* end switch(stream) */
-
} /* end while get_msg() */
/*
set_jcr_job_status(jcr, JS_ErrorTerminated);
ok_out:
- /* Free Signature & Crypto Data */
+ /*
+ * First output the statistics.
+ */
+ Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
+ edit_uint64(jcr->JobBytes, ec1));
+ if (have_acl && jcr->acl_data->nr_errors > 0) {
+ Jmsg(jcr, M_ERROR, 0, _("Encountered %ld acl errors while doing restore\n"),
+ jcr->acl_data->nr_errors);
+ }
+ if (have_xattr && jcr->xattr_data->nr_errors > 0) {
+ Jmsg(jcr, M_ERROR, 0, _("Encountered %ld xattr errors while doing restore\n"),
+ jcr->xattr_data->nr_errors);
+ }
+ if (non_support_data > 1 || non_support_attr > 1) {
+ Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
+ non_support_data, non_support_attr);
+ }
+ if (non_support_rsrc) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
+ }
+ if (non_support_finfo) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
+ }
+ if (non_support_acl) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
+ }
+ if (non_support_crypto) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
+ }
+ if (non_support_xattr) {
+ Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
+ }
+
+ /*
+ * Free Signature & Crypto Data
+ */
free_signature(rctx);
free_session(rctx);
if (jcr->crypto.digest) {
jcr->crypto.digest = NULL;
}
- /* Free file cipher restore context */
+ /*
+ * Free file cipher restore context
+ */
if (rctx.cipher_ctx.cipher) {
crypto_cipher_free(rctx.cipher_ctx.cipher);
rctx.cipher_ctx.cipher = NULL;
}
+
if (rctx.cipher_ctx.buf) {
free_pool_memory(rctx.cipher_ctx.buf);
rctx.cipher_ctx.buf = NULL;
}
- /* Free alternate stream cipher restore context */
+ /*
+ * Free alternate stream cipher restore context
+ */
if (rctx.fork_cipher_ctx.cipher) {
crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
rctx.fork_cipher_ctx.cipher = NULL;
}
if (jcr->compress_buf) {
- free(jcr->compress_buf);
+ free_pool_memory(jcr->compress_buf);
jcr->compress_buf = NULL;
jcr->compress_buf_size = 0;
}
- if (have_xattr && jcr->xattr_data) {
- free_pool_memory(jcr->xattr_data);
- jcr->xattr_data = NULL;
- }
if (have_acl && jcr->acl_data) {
- free_pool_memory(jcr->acl_data);
+ free_pool_memory(jcr->acl_data->content);
+ free(jcr->acl_data);
jcr->acl_data = NULL;
}
+ if (have_xattr && jcr->xattr_data) {
+ free_pool_memory(jcr->xattr_data->content);
+ free(jcr->xattr_data);
+ jcr->xattr_data = NULL;
+ }
+
bclose(&rctx.forkbfd);
bclose(&rctx.bfd);
free_attr(rctx.attr);
- Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
- edit_uint64(jcr->JobBytes, ec1));
- if (non_support_data > 1 || non_support_attr > 1) {
- Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
- non_support_data, non_support_attr);
- }
- if (non_support_rsrc) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
- }
- if (non_support_finfo) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_support_rsrc);
- }
- if (non_support_acl) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl);
- }
- if (non_support_crypto) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl);
- }
- if (non_support_xattr) {
- Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr);
- }
-
}
#ifdef HAVE_LIBZ
if (!jcr->crypto.pki_sign) {
- return true; /* no signature OK */
+ /*
+ * no signature OK
+ */
+ return true;
}
if (!sig) {
if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
return true;
}
- /* Iterate through the trusted signers */
+ /*
+ * Iterate through the trusted signers
+ */
foreach_alist(keypair, jcr->crypto.pki_signers) {
err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
switch (err) {
}
}
if (jcr->crypto.digest) {
- /* Use digest computed while writing the file to verify the signature */
+ /*
+ * Use digest computed while writing the file to verify the signature
+ */
if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
goto bail_out;
}
} else {
- /* Signature found, digest allocated. Old method,
+ /*
+ * Signature found, digest allocated. Old method,
* re-read the file and compute the digest
*/
jcr->crypto.digest = digest;
- /* Checksum the entire file */
- /* Make sure we don't modify JobBytes by saving and restoring it */
+ /*
+ * Checksum the entire file
+ * Make sure we don't modify JobBytes by saving and restoring it
+ */
saved_bytes = jcr->JobBytes;
if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) {
Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
}
jcr->JobBytes = saved_bytes;
- /* Verify the signature */
+ /*
+ * Verify the signature
+ */
if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
jcr->crypto.digest = NULL;
}
- /* Valid signature */
+ /*
+ * Valid signature
+ */
Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
crypto_digest_free(digest);
return true;
case CRYPTO_ERROR_NOSIGNER:
- /* Signature not found, try again */
+ /*
+ * Signature not found, try again
+ */
if (digest) {
crypto_digest_free(digest);
digest = NULL;
}
continue;
default:
- /* Something strange happened (that shouldn't happen!)... */
+ /*
+ * Something strange happened (that shouldn't happen!)...
+ */
Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
goto bail_out;
}
}
- /* No signer */
+ /*
+ * No signer
+ */
Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
bail_out:
#ifdef HAVE_LIBZ
uLong compress_len;
int stat;
- char ec1[50]; /* Buffer printing huge values */
+ char ec1[50]; /* Buffer printing huge values */
/*
* NOTE! We only use uLong and Byte because they are
- * needed by the zlib routines, they should not otherwise
- * be used in Bacula.
+ * needed by the zlib routines, they should not otherwise
+ * be used in Bacula.
*/
compress_len = jcr->compress_buf_size;
Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
- if ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
- (const Byte *)*data, (uLong)*length)) != Z_OK) {
+ while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
+ (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
+ {
+ /*
+ * The buffer size is too small, try with a bigger one
+ */
+ compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
+ Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
+ jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
+ compress_len);
+ }
+ if (stat != Z_OK) {
Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
- jcr->last_fname, zlib_strerror(stat));
+ jcr->last_fname, zlib_strerror(stat));
return false;
}
*data = jcr->compress_buf;
* The flags specify whether to use sparse files or compression.
* Return value is the number of bytes written, or -1 on errors.
*/
-int32_t extract_data(JCR *jcr, r_ctx &rctx, POOLMEM *buf, int32_t buflen,
- uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx)
+int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
+ uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx)
{
- BFILE *bfd = &rctx.bfd;
- char *wbuf; /* write buffer */
- uint32_t wsize; /* write size */
- uint32_t rsize; /* read size */
- uint32_t decrypted_len = 0; /* Decryption output length */
- char ec1[50]; /* Buffer printing huge values */
+ char *wbuf; /* write buffer */
+ uint32_t wsize; /* write size */
+ uint32_t rsize; /* read size */
+ uint32_t decrypted_len = 0; /* Decryption output length */
+ char ec1[50]; /* Buffer printing huge values */
rsize = buflen;
jcr->ReadBytes += rsize;
if (flags & FO_ENCRYPT) {
ASSERT(cipher_ctx->cipher);
- /* NOTE: We must implement block preserving semantics for the
- * non-streaming compression and sparse code. */
-
/*
+ * NOTE: We must implement block preserving semantics for the
+ * non-streaming compression and sparse code.
+ *
* Grow the crypto buffer, if necessary.
* crypto_cipher_update() will process only whole blocks,
* buffering the remaining input.
cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
- /* Decrypt the input block */
+ /*
+ * Decrypt the input block
+ */
if (!crypto_cipher_update(cipher_ctx->cipher,
(const u_int8_t *)wbuf,
wsize,
(u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
&decrypted_len)) {
- /* Decryption failed. Shouldn't happen. */
+ /*
+ * Decryption failed. Shouldn't happen.
+ */
Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
goto bail_out;
}
if (decrypted_len == 0) {
- /* No full block of encrypted data available, write more data */
+ /*
+ * No full block of encrypted data available, write more data
+ */
return 0;
}
cipher_ctx->buf_len += decrypted_len;
wbuf = cipher_ctx->buf;
- /* If one full preserved block is available, write it to disk,
+ /*
+ * If one full preserved block is available, write it to disk,
* and then buffer any remaining data. This should be effecient
* as long as Bacula's block size is not significantly smaller than the
- * encryption block size (extremely unlikely!) */
+ * encryption block size (extremely unlikely!)
+ */
unser_crypto_packet_len(cipher_ctx);
Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
- /* No full preserved block is available. */
+ /*
+ * No full preserved block is available.
+ */
return 0;
}
- /* We have one full block, set up the filter input buffers */
+ /*
+ * We have one full block, set up the filter input buffers
+ */
wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
cipher_ctx->buf_len -= cipher_ctx->packet_len;
Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
}
- if (flags & FO_SPARSE) {
+ if ((flags & FO_SPARSE) || (flags & FO_DELTA)) {
if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
goto bail_out;
}
*addr += wsize;
Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
- /* Clean up crypto buffers */
+ /*
+ * Clean up crypto buffers
+ */
if (flags & FO_ENCRYPT) {
/* Move any remaining data to start of buffer */
if (cipher_ctx->buf_len > 0) {
memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
cipher_ctx->buf_len);
}
- /* The packet was successfully written, reset the length so that the next
- * packet length may be re-read by unser_crypto_packet_len() */
+ /*
+ * The packet was successfully written, reset the length so that the next
+ * packet length may be re-read by unser_crypto_packet_len()
+ */
cipher_ctx->packet_len = 0;
}
return wsize;
bail_out:
- rctx.extract = false;
return -1;
-
}
}
rctx.extract = false;
- /* Verify the cryptographic signature, if any */
+ /*
+ * Verify the cryptographic signature, if any
+ */
rctx.type = rctx.attr->type;
verify_signature(rctx.jcr, rctx);
- /* Free Signature */
+ /*
+ * Free Signature
+ */
free_signature(rctx);
free_session(rctx);
rctx.jcr->ff->flags = 0;
bool second_pass = false;
again:
- /* Write out the remaining block and free the cipher context */
+ /*
+ * Write out the remaining block and free the cipher context
+ */
cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len +
- cipher_ctx->block_size);
+ cipher_ctx->block_size);
if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
&decrypted_len)) {
- /* Writing out the final, buffered block failed. Shouldn't happen. */
+ /*
+ * Writing out the final, buffered block failed. Shouldn't happen.
+ */
Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
}
Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
- /* If nothing new was decrypted, and our output buffer is empty, return */
+ /*
+ * If nothing new was decrypted, and our output buffer is empty, return
+ */
if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
return true;
}
unser_crypto_packet_len(cipher_ctx);
Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
- wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; /* Decrypted, possibly decompressed output here. */
+ /*
+ * Decrypted, possibly decompressed output here.
+ */
+ wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE];
cipher_ctx->buf_len -= cipher_ctx->packet_len;
Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
- if (flags & FO_SPARSE) {
+ if ((flags & FO_SPARSE) || (flags & FO_DELTA)) {
if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) {
return false;
}
jcr->JobBytes += wsize;
Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
- /* Move any remaining data to start of buffer */
+ /*
+ * Move any remaining data to start of buffer
+ */
if (cipher_ctx->buf_len > 0) {
Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
cipher_ctx->buf_len);
}
- /* The packet was successfully written, reset the length so that the next
- * packet length may be re-read by unser_crypto_packet_len() */
+ /*
+ * The packet was successfully written, reset the length so that the next
+ * packet length may be re-read by unser_crypto_packet_len()
+ */
cipher_ctx->packet_len = 0;
if (cipher_ctx->buf_len >0 && !second_pass) {
goto again;
}
- /* Stop decryption */
+ /*
+ * Stop decryption
+ */
cipher_ctx->buf_len = 0;
cipher_ctx->packet_len = 0;
static void deallocate_cipher(r_ctx &rctx)
{
- /* Flush and deallocate previous stream's cipher context */
+ /*
+ * Flush and deallocate previous stream's cipher context
+ */
if (rctx.cipher_ctx.cipher) {
flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx);
crypto_cipher_free(rctx.cipher_ctx.cipher);
static void deallocate_fork_cipher(r_ctx &rctx)
{
- /* Flush and deallocate previous stream's fork cipher context */
+ /*
+ * Flush and deallocate previous stream's fork cipher context
+ */
if (rctx.fork_cipher_ctx.cipher) {
flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx);
crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
}
-/* This code if implemented goes above */
+/*
+ * This code if implemented goes above
+ */
#ifdef stbernard_implemented
/ #if defined(HAVE_WIN32)
bool bResumeOfmOnExit = FALSE;