/*
- * Bacula File Daemon restore.c Restorefiles.
+ * Bacula File Daemon restore.c Restorefiles.
*
* Kern Sibbald, November MM
*
*
*/
/*
- Copyright (C) 2000-2004 Kern Sibbald and John Walker
+ Copyright (C) 2000-2005 Kern Sibbald
This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
+ modify it under the terms of the GNU General Public License
+ version 2 as amended with additional clauses defined in the
+ file LICENSE in the main source directory.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public
- License along with this program; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
#include "bacula.h"
#include "filed.h"
-#ifdef HAVE_ACL
-#include <sys/acl.h>
-#include <acl/libacl.h>
-#endif
-
#ifdef HAVE_DARWIN_OS
#include <sys/attr.h>
#endif
static const char *zlib_strerror(int stat);
#endif
-#define RETRY 10 /* retry wait time */
+int verify_signature(JCR *jcr, SIGNATURE *sig);
+int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
+ uint64_t *addr, int flags);
-#ifdef HAVE_DARWIN_OS
-/* helper routine for closing resource forks */
+#define RETRY 10 /* retry wait time */
+
+/*
+ * Close a bfd check that we are at the expected file offset.
+ * Makes some code in set_attributes().
+ */
int bclose_chksize(JCR *jcr, BFILE *bfd, off_t osize)
{
char ec1[50], ec2[50];
fsize = blseek(bfd, 0, SEEK_CUR);
bclose(bfd); /* first close file */
if (fsize > 0 && fsize != osize) {
- Jmsg3(jcr, M_ERROR, 0, _("File size of resource fork for restored file %s not correct. Original %s, restored %s.\n"),
- jcr->last_fname, edit_uint64(osize, ec1),
- edit_uint64(fsize, ec2));
+ Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
+ jcr->last_fname, edit_uint64(osize, ec1),
+ edit_uint64(fsize, ec2));
return -1;
}
return 0;
}
-#endif
/*
* Restore the requested files.
void do_restore(JCR *jcr)
{
BSOCK *sd;
- int32_t stream;
- uint32_t size;
+ int32_t stream = 0;
+ int32_t prev_stream;
uint32_t VolSessionId, VolSessionTime;
- int32_t file_index;
bool extract = false;
- BFILE bfd;
+ int32_t file_index;
+ char ec1[50]; /* Buffer printing huge values */
+
+ BFILE bfd; /* File content */
+ uint64_t fileAddr = 0; /* file write address */
+ uint32_t size; /* Size of file */
+ BFILE altbfd; /* Alternative data stream */
+ uint64_t alt_addr = 0; /* Write address for alternative stream */
+ intmax_t alt_size = 0; /* Size of alternate stream */
+ SIGNATURE *sig = NULL; /* Cryptographic signature (if any) for file */
+ CRYPTO_SESSION *cs = NULL; /* Cryptographic session data (if any) for file */
+ int flags; /* Options for extract_data() */
int stat;
- uint32_t total = 0; /* Job total but only 32 bits for debug */
- char *wbuf; /* write buffer */
- uint32_t wsize; /* write size */
- uint64_t fileAddr = 0; /* file write address */
+ ATTR *attr;
+
+ /* The following variables keep track of "known unknowns" */
int non_support_data = 0;
int non_support_attr = 0;
int non_support_rsrc = 0;
int non_support_finfo = 0;
int non_support_acl = 0;
- int prog_name_msg = 0;
- ATTR *attr;
-#ifdef HAVE_ACL
- acl_t acl;
-#endif
- BFILE rsrc_bfd; /* we often check if it is open */
-#ifdef HAVE_DARWIN_OS
- off_t rsrcAddr = 0;
- off_t rsrc_len; /* original length of resource fork */
+ int non_support_progname = 0;
- /* TODO: initialise attrList once elsewhere? */
+ /* Finally, set up for special configurations */
+#ifdef HAVE_DARWIN_OS
+ intmax_t rsrc_len = 0; /* Original length of resource fork */
struct attrlist attrList;
+
memset(&attrList, 0, sizeof(attrList));
attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
attrList.commonattr = ATTR_CMN_FNDRINFO;
#endif
- binit(&rsrc_bfd);
- binit(&bfd);
sd = jcr->store_bsock;
set_jcr_job_status(jcr, JS_Running);
if (client) {
buf_size = client->max_network_buffer_size;
} else {
- buf_size = 0; /* use default */
+ buf_size = 0; /* use default */
}
if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) {
set_jcr_job_status(jcr, JS_ErrorTerminated);
}
jcr->buf_size = sd->msglen;
- attr = new_attr();
-
#ifdef HAVE_LIBZ
uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
jcr->compress_buf = (char *)bmalloc(compress_buf_size);
+ jcr->compress_buf_size = compress_buf_size;
#endif
/*
* Get a record from the Storage daemon. We are guaranteed to
- * receive records in the following order:
- * 1. Stream record header
- * 2. Stream data
- * a. Attributes (Unix or Win32)
- * or b. File data for the file
- * or c. Resource fork
- * or d. Finder info
- * or e. ACLs
- * or f. Possibly MD5 or SHA1 record
- * 3. Repeat step 1
+ * receive records in the following order:
+ * 1. Stream record header
+ * 2. Stream data
+ * a. Attributes (Unix or Win32)
+ * b. Possibly stream encryption session data (e.g., symmetric session key)
+ * or c. File data for the file
+ * or d. Alternate data stream (e.g. Resource Fork)
+ * or e. Finder info
+ * or f. ACLs
+ * or g. Possibly a cryptographic signature
+ * or h. Possibly MD5 or SHA1 record
+ * 3. Repeat step 1
+ *
+ * NOTE: We keep track of two bacula file descriptors:
+ * 1. bfd for file data.
+ * This fd is opened for non empty files when an attribute stream is
+ * encountered and closed when we find the next attribute stream.
+ * 2. alt_bfd for alternate data streams
+ * This fd is opened every time we encounter a new alternate data
+ * stream for the current file. When we find any other stream, we
+ * close it again.
+ * The expected size of the stream, alt_len, should be set when
+ * opening the fd.
*/
+ binit(&bfd);
+ binit(&altbfd);
+ attr = new_attr();
+ jcr->acl_text = get_pool_memory(PM_MESSAGE);
+
while (bget_msg(sd) >= 0 && !job_canceled(jcr)) {
- /*
- * First we expect a Stream Record Header
- */
+ /* Remember previous stream type */
+ prev_stream = stream;
+
+ /* First we expect a Stream Record Header */
if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index,
- &stream, &size) != 5) {
- Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
- goto bail_out;
+ &stream, &size) != 5) {
+ Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg);
+ goto bail_out;
}
Dmsg2(30, "Got hdr: FilInx=%d Stream=%d.\n", file_index, stream);
- /*
- * Now we expect the Stream Data
- */
+ /* * Now we expect the Stream Data */
if (bget_msg(sd) < 0) {
- Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), bnet_strerror(sd));
- goto bail_out;
+ Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), bnet_strerror(sd));
+ goto bail_out;
}
if (size != (uint32_t)sd->msglen) {
- Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"), sd->msglen, size);
- goto bail_out;
+ Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"), sd->msglen, size);
+ goto bail_out;
}
Dmsg1(30, "Got stream data, len=%d\n", sd->msglen);
+ /* If we change streams, close and reset alternate data streams */
+ if (prev_stream != stream) {
+ if (is_bopen(&altbfd)) {
+ bclose_chksize(jcr, &altbfd, alt_size);
+ }
+ alt_size = -1; /* Use an impossible value and set a proper one below */
+ alt_addr = 0;
+ }
+
/* File Attributes stream */
switch (stream) {
case STREAM_UNIX_ATTRIBUTES:
case STREAM_UNIX_ATTRIBUTES_EX:
- Dmsg1(30, "Stream=Unix Attributes. extract=%d\n", extract);
- /* If extracting, it was from previous stream, so
- * close the output file.
- */
- if (extract) {
- if (!is_bopen(&bfd) && !is_bopen(&rsrc_bfd)) {
- Jmsg0(jcr, M_ERROR, 0, _("Logic error output file should be open\n"));
- }
-#ifdef HAVE_DARWIN_OS
- if (is_bopen(&rsrc_bfd)) {
- bclose_chksize(jcr, &rsrc_bfd, rsrc_len);
- }
-#endif
- if (is_bopen(&bfd)) {
- set_attributes(jcr, attr, &bfd);
- }
- extract = false;
- Dmsg0(30, "Stop extracting.\n");
- }
-
-
- if (!unpack_attributes_record(jcr, stream, sd->msg, attr)) {
- goto bail_out;
- }
- if (file_index != attr->file_index) {
- Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"),
- file_index, attr->file_index);
- Dmsg0(100, "File index error\n");
- goto bail_out;
- }
-
- Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
- attr->attr, attr->attrEx);
-
- attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
-
- if (!is_stream_supported(attr->data_stream)) {
- if (!non_support_data++) {
- Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"),
- stream_to_ascii(attr->data_stream));
- }
- continue;
- }
-
- build_attr_output_fnames(jcr, attr);
-
+ Dmsg1(30, "Stream=Unix Attributes. extract=%d\n", extract);
+ /*
+ * If extracting, it was from previous stream, so
+ * close the output file and validate the signature.
+ */
+ if (extract) {
+ if (size > 0 && !is_bopen(&bfd)) {
+ Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
+ }
+ set_attributes(jcr, attr, &bfd);
+ extract = false;
+
+ /* Verify the cryptographic signature, if any */
+ if (jcr->pki_sign) {
+ if (sig) {
+ if (!verify_signature(jcr, sig)) {
+ // TODO landonf: Better signature failure handling.
+ // The failure is reported to the director in verify_signature() ...
+ Dmsg1(100, "Bad signature on %s\n", jcr->last_fname);
+ } else {
+ Dmsg1(100, "Signature good on %s\n", jcr->last_fname);
+ }
+ } else {
+ Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"), jcr->last_fname);
+ }
+ }
+
+ /* Free Signature */
+ if (sig) {
+ crypto_sign_free(sig);
+ sig = NULL;
+ }
+
+ if (cs) {
+ crypto_session_free(cs);
+ cs = NULL;
+ }
+
+ Dmsg0(30, "Stop extracting.\n");
+ } else if (is_bopen(&bfd)) {
+ Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
+ bclose(&bfd);
+ }
+
+ /*
+ * Unpack and do sanity check fo attributes.
+ */
+ if (!unpack_attributes_record(jcr, stream, sd->msg, attr)) {
+ goto bail_out;
+ }
+ if (file_index != attr->file_index) {
+ Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"),
+ file_index, attr->file_index);
+ Dmsg0(100, "File index error\n");
+ goto bail_out;
+ }
+
+ Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname,
+ attr->attr, attr->attrEx);
+
+ attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI);
+
+ if (!is_restore_stream_supported(attr->data_stream)) {
+ if (!non_support_data++) {
+ Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"),
+ stream_to_ascii(attr->data_stream));
+ }
+ continue;
+ }
+
+ build_attr_output_fnames(jcr, attr);
+
+ /*
+ * Now determine if we are extracting or not.
+ */
+ jcr->num_files_examined++;
+ Dmsg1(30, "Outfile=%s\n", attr->ofname);
+ extract = false;
+ stat = create_file(jcr, attr, &bfd, jcr->replace);
+ switch (stat) {
+ case CF_ERROR:
+ case CF_SKIP:
+ break;
+ case CF_EXTRACT: /* File created and we expect file data */
+ extract = true;
+ /* FALLTHROUGH */
+ case CF_CREATED: /* File created, but there is no content */
+ P(jcr->mutex);
+ pm_strcpy(jcr->last_fname, attr->ofname);
+ V(jcr->mutex);
+ jcr->JobFiles++;
+ fileAddr = 0;
+ print_ls_output(jcr, attr);
#ifdef HAVE_DARWIN_OS
- from_base64(&rsrc_len, attr->attrEx);
+ /* Only restore the resource fork for regular files */
+ from_base64(&rsrc_len, attr->attrEx);
+ if (attr->type == FT_REG && rsrc_len > 0) {
+ extract = true;
+ }
#endif
-
- jcr->num_files_examined++;
-
- Dmsg1(30, "Outfile=%s\n", attr->ofname);
- extract = false;
- stat = create_file(jcr, attr, &bfd, jcr->replace);
- switch (stat) {
- case CF_ERROR:
- case CF_SKIP:
- break;
- case CF_EXTRACT:
- extract = true;
- /* FALLTHROUGH */
- case CF_CREATED:
- P(jcr->mutex);
- pm_strcpy(jcr->last_fname, attr->ofname);
- V(jcr->mutex);
- jcr->JobFiles++;
- fileAddr = 0;
- print_ls_output(jcr, attr);
- if (!extract) {
- /* set attributes now because file will not be extracted */
- set_attributes(jcr, attr, &bfd);
- }
-#ifdef HAVE_DARWIN_OS
- if (rsrc_len > 0) {
- rsrcAddr = 0;
- if (bopen_rsrc(&rsrc_bfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
- Jmsg(jcr, M_ERROR, 0, _(" Cannot open resource fork for %s"), jcr->last_fname);
- } else {
- Dmsg0(30, "Restoring resource fork");
- extract = true;
- }
- }
-#endif
- break;
- }
- break;
+ if (!extract) {
+ /* set attributes now because file will not be extracted */
+ set_attributes(jcr, attr, &bfd);
+ }
+ break;
+ }
+ break;
/* Data stream */
+ case STREAM_ENCRYPTED_SESSION_DATA:
+ Dmsg1(30, "Stream=Encrypted Session Data, size: %d\n", sd->msglen);
+ /* Save session keys . */
+ switch(crypto_session_decode(sd->msg, (size_t) sd->msglen, jcr->pki_recipients, &cs)) {
+ case CRYPTO_ERROR_NONE:
+ /* Success */
+ break;
+ case CRYPTO_ERROR_NORECIPIENT:
+ Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data."));
+ break;
+ case CRYPTO_ERROR_DECRYPTION:
+ Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed."));
+ break;
+ default:
+ /* Shouldn't happen */
+ Jmsg(jcr, M_ERROR, 0, _("An error occured while decoding encrypted session data stream."));
+ break;
+ }
+
+ break;
+
case STREAM_FILE_DATA:
case STREAM_SPARSE_DATA:
case STREAM_WIN32_DATA:
- if (extract) {
- if (stream == STREAM_SPARSE_DATA) {
- ser_declare;
- uint64_t faddr;
- char ec1[50];
-
- wbuf = sd->msg + SPARSE_FADDR_SIZE;
- wsize = sd->msglen - SPARSE_FADDR_SIZE;
- ser_begin(sd->msg, SPARSE_FADDR_SIZE);
- unser_uint64(faddr);
- if (fileAddr != faddr) {
- fileAddr = faddr;
- if (blseek(&bfd, (off_t)fileAddr, SEEK_SET) < 0) {
- berrno be;
- be.set_errno(bfd.berrno);
- Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
- edit_uint64(fileAddr, ec1), attr->ofname, be.strerror());
- extract = false;
- bclose(&bfd);
- if (is_bopen(&rsrc_bfd)) {
- bclose(&rsrc_bfd);
- }
- continue;
- }
- }
- } else {
- wbuf = sd->msg;
- wsize = sd->msglen;
- }
- Dmsg2(30, "Write %u bytes, total before write=%u\n", wsize, total);
- if ((uint32_t)bwrite(&bfd, wbuf, wsize) != wsize) {
- Dmsg0(0, "===Write error===\n");
- berrno be;
- be.set_errno(bfd.berrno);
- Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: ERR=%s\n"), attr->ofname,
- be.strerror());
- extract = false;
- bclose(&bfd);
- if (is_bopen(&rsrc_bfd)) {
- bclose(&rsrc_bfd);
- }
- continue;
- }
- total += wsize;
- jcr->JobBytes += wsize;
- jcr->ReadBytes += wsize;
- fileAddr += wsize;
- }
- break;
-
- /* GZIP data stream */
case STREAM_GZIP_DATA:
case STREAM_SPARSE_GZIP_DATA:
case STREAM_WIN32_GZIP_DATA:
-#ifdef HAVE_LIBZ
- if (extract) {
- uLong compress_len;
- int stat;
-
- if (stream == STREAM_SPARSE_GZIP_DATA) {
- ser_declare;
- uint64_t faddr;
- char ec1[50];
- wbuf = sd->msg + SPARSE_FADDR_SIZE;
- wsize = sd->msglen - SPARSE_FADDR_SIZE;
- ser_begin(sd->msg, SPARSE_FADDR_SIZE);
- unser_uint64(faddr);
- if (fileAddr != faddr) {
- fileAddr = faddr;
- if (blseek(&bfd, (off_t)fileAddr, SEEK_SET) < 0) {
- berrno be;
- be.set_errno(bfd.berrno);
- Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
- edit_uint64(fileAddr, ec1), attr->ofname, be.strerror());
- extract = false;
- bclose(&bfd);
- if (is_bopen(&rsrc_bfd)) {
- bclose(&rsrc_bfd);
- }
- continue;
- }
- }
- } else {
- wbuf = sd->msg;
- wsize = sd->msglen;
- }
- compress_len = compress_buf_size;
- Dmsg2(100, "Comp_len=%d msglen=%d\n", compress_len, wsize);
- if ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
- (const Byte *)wbuf, (uLong)wsize)) != Z_OK) {
- Jmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
- attr->ofname, zlib_strerror(stat));
- extract = false;
- bclose(&bfd);
- if (is_bopen(&rsrc_bfd)) {
- bclose(&rsrc_bfd);
- }
- continue;
- }
-
- Dmsg2(100, "Write uncompressed %d bytes, total before write=%d\n", compress_len, total);
- if ((uLong)bwrite(&bfd, jcr->compress_buf, compress_len) != compress_len) {
- Dmsg0(0, "===Write error===\n");
- berrno be;
- be.set_errno(bfd.berrno);
- Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"), attr->ofname, be.strerror());
- extract = false;
- bclose(&bfd);
- if (is_bopen(&rsrc_bfd)) {
- bclose(&rsrc_bfd);
- }
- continue;
- }
- total += compress_len;
- jcr->JobBytes += compress_len;
- jcr->ReadBytes += wsize;
- fileAddr += compress_len;
- }
-#else
- if (extract) {
- Jmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
- extract = false;
- bclose(&bfd);
- if (is_bopen(&rsrc_bfd)) {
- bclose(&rsrc_bfd);
- }
- continue;
- }
-#endif
- break;
+ /* Force an expected, consistent stream type here */
+ if (extract && (prev_stream == stream || prev_stream == STREAM_UNIX_ATTRIBUTES
+ || prev_stream == STREAM_UNIX_ATTRIBUTES_EX
+ || prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
+ flags = 0;
+ if (stream == STREAM_SPARSE_DATA || stream == STREAM_SPARSE_GZIP_DATA) {
+ flags |= FO_SPARSE;
+ }
+ if (stream == STREAM_GZIP_DATA || stream == STREAM_SPARSE_GZIP_DATA
+ || stream == STREAM_WIN32_GZIP_DATA) {
+ flags |= FO_GZIP;
+ }
+
+ if (is_win32_stream(stream) && !have_win32_api()) {
+ set_portable_backup(&bfd);
+ flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */
+ }
+
+ if (extract_data(jcr, &bfd, sd->msg, sd->msglen, &fileAddr, flags) < 0) {
+ extract = false;
+ bclose(&bfd);
+ continue;
+ }
+ }
+ break;
/* Resource fork stream - only recorded after a file to be restored */
/* Silently ignore if we cannot write - we already reported that */
case STREAM_MACOS_FORK_DATA:
#ifdef HAVE_DARWIN_OS
- if (is_bopen(&rsrc_bfd) && sd->msglen) {
- Dmsg2(30, "Write %u bytes, total before write=%u\n", sd->msglen, total);
- if (bwrite(&rsrc_bfd, sd->msg, sd->msglen) != sd->msglen) {
- Dmsg0(0, "===Write error===\n");
- berrno be;
- be.set_errno(rsrc_bfd.berrno);
- Jmsg2(jcr, M_ERROR, 0, _("Write error on resource fork of %s: ERR=%s\n"), jcr->last_fname,
- be.strerror());
- extract = false;
- if (is_bopen(&bfd)) {
- bclose(&bfd);
- }
- bclose(&rsrc_bfd);
- continue;
- }
- total += sd->msglen;
- jcr->JobBytes += sd->msglen;
- jcr->ReadBytes += sd->msglen;
- rsrcAddr += sd->msglen;
- }
- break;
+ if (extract) {
+ if (prev_stream != stream) {
+ if (bopen_rsrc(&altbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
+ Jmsg(jcr, M_ERROR, 0, _(" Cannot open resource fork for %s.\n"), jcr->last_fname);
+ extract = false;
+ continue;
+ }
+ alt_size = rsrc_len;
+ Dmsg0(30, "Restoring resource fork\n");
+ }
+ flags = 0;
+ if (extract_data(jcr, &altbfd, sd->msg, sd->msglen, &alt_addr, flags) < 0) {
+ extract = false;
+ bclose(&altbfd);
+ continue;
+ }
+ }
#else
- non_support_rsrc++;
+ non_support_rsrc++;
#endif
+ break;
case STREAM_HFSPLUS_ATTRIBUTES:
#ifdef HAVE_DARWIN_OS
- Dmsg0(30, "Restoring Finder Info");
- if (sd->msglen != 32) {
- Jmsg(jcr, M_ERROR, 0, _(" Invalid length of Finder Info (got %d, not 32)"), sd->msglen);
- continue;
- }
- if (setattrlist(jcr->last_fname, &attrList, sd->msg, sd->msglen, 0) != 0) {
- Jmsg(jcr, M_ERROR, 0, _(" Could not set Finder Info on %s"), jcr->last_fname);
- continue;
- }
- break;
+ Dmsg0(30, "Restoring Finder Info\n");
+ if (sd->msglen != 32) {
+ Jmsg(jcr, M_ERROR, 0, _(" Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen);
+ continue;
+ }
+ if (setattrlist(jcr->last_fname, &attrList, sd->msg, sd->msglen, 0) != 0) {
+ Jmsg(jcr, M_ERROR, 0, _(" Could not set Finder Info on %s\n"), jcr->last_fname);
+ continue;
+ }
#else
- non_support_finfo++;
+ non_support_finfo++;
#endif
-/*** FIXME ***/
-case STREAM_UNIX_ATTRIBUTES_ACCESS_ACL:
+
+ case STREAM_UNIX_ATTRIBUTES_ACCESS_ACL:
#ifdef HAVE_ACL
- /* Recover Acess ACL from stream and check it */
- acl = acl_from_text(sd->msg);
- if (acl_valid(acl) != 0) {
- Jmsg1(jcr, M_WARNING, 0, "Failure in the ACL of %s! FD is not able to restore it!\n", jcr->last_fname);
- acl_free(acl);
- }
-
- /* Try to restore ACL */
- if (attr->type == FT_DIREND) {
- /* Directory */
- if (acl_set_file(jcr->last_fname, ACL_TYPE_ACCESS, acl) != 0) {
- Jmsg1(jcr, M_WARNING, 0, "Error! Can't restore ACL of directory: %s! Maybe system does not support ACLs!\n", jcr->last_fname);
- }
- /* File or Link */
- } else if (acl_set_file(jcr->last_fname, ACL_TYPE_ACCESS, acl) != 0) {
- Jmsg1(jcr, M_WARNING, 0, "Error! Can't restore ACL of file: %s! Maybe system does not support ACLs!\n", jcr->last_fname);
- }
- acl_free(acl);
- Dmsg1(200, "ACL of file: %s successfully restored!", jcr->last_fname);
- break;
-#else
- non_support_acl++;
- break; /* unconfigured, ignore */
+ pm_strcpy(jcr->acl_text, sd->msg);
+ Dmsg2(400, "Restoring ACL type 0x%2x <%s>\n", BACL_TYPE_ACCESS, jcr->acl_text);
+ if (bacl_set(jcr, BACL_TYPE_ACCESS) != 0) {
+ Qmsg1(jcr, M_WARNING, 0, _("Can't restore ACL of %s\n"), jcr->last_fname);
+ }
+#else
+ non_support_acl++;
#endif
+ break;
+
case STREAM_UNIX_ATTRIBUTES_DEFAULT_ACL:
#ifdef HAVE_ACL
- /* Recover Default ACL from stream and check it */
- acl = acl_from_text(sd->msg);
- if (acl_valid(acl) != 0) {
- Jmsg1(jcr, M_WARNING, 0, "Failure in the Default ACL of %s! FD is not able to restore it!\n", jcr->last_fname);
- acl_free(acl);
- }
-
- /* Try to restore ACL */
- if (attr->type == FT_DIREND) {
- /* Directory */
- if (acl_set_file(jcr->last_fname, ACL_TYPE_DEFAULT, acl) != 0) {
- Jmsg1(jcr, M_WARNING, 0, "Error! Can't restore Default ACL of directory: %s! Maybe system does not support ACLs!\n", jcr->last_fname);
- }
- }
- acl_free(acl);
- Dmsg1(200, "Default ACL of file: %s successfully restored!", jcr->last_fname);
- break;
-#else
- non_support_acl++;
- break; /* unconfigured, ignore */
+ pm_strcpy(jcr->acl_text, sd->msg);
+ Dmsg2(400, "Restoring ACL type 0x%2x <%s>\n", BACL_TYPE_DEFAULT, jcr->acl_text);
+ if (bacl_set(jcr, BACL_TYPE_DEFAULT) != 0) {
+ Qmsg1(jcr, M_WARNING, 0, _("Can't restore default ACL of %s\n"), jcr->last_fname);
+ }
+#else
+ non_support_acl++;
#endif
-/*** FIXME ***/
+ break;
- case STREAM_MD5_SIGNATURE:
- case STREAM_SHA1_SIGNATURE:
- break;
+ case STREAM_SIGNED_DIGEST:
+ /* Save signature. */
+ sig = crypto_sign_decode(sd->msg, (size_t) sd->msglen);
+ break;
+
+ case STREAM_MD5_DIGEST:
+ case STREAM_SHA1_DIGEST:
+ case STREAM_SHA256_DIGEST:
+ case STREAM_SHA512_DIGEST:
+ break;
case STREAM_PROGRAM_NAMES:
case STREAM_PROGRAM_DATA:
- if (!prog_name_msg) {
- Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
- prog_name_msg++;
- }
- break;
+ if (!non_support_progname) {
+ Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
+ non_support_progname++;
+ }
+ break;
default:
- /* If extracting, wierd stream (not 1 or 2), close output file anyway */
- if (extract) {
- Dmsg1(30, "Found wierd stream %d\n", stream);
- if (!is_bopen(&bfd)) {
- Jmsg0(jcr, M_ERROR, 0, _("Logic error output file should be open but is not.\n"));
- }
- set_attributes(jcr, attr, &bfd);
- extract = false;
- }
- Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"), stream);
- Dmsg2(0, "None of above!!! stream=%d data=%s\n", stream,sd->msg);
- break;
+ /* If extracting, wierd stream (not 1 or 2), close output file anyway */
+ if (extract) {
+ Dmsg1(30, "Found wierd stream %d\n", stream);
+ if (size > 0 && !is_bopen(&bfd)) {
+ Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
+ }
+ set_attributes(jcr, attr, &bfd);
+ extract = false;
+ } else if (is_bopen(&bfd)) {
+ Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
+ bclose(&bfd);
+ }
+ Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"), stream);
+ Dmsg2(0, "None of above!!! stream=%d data=%s\n", stream,sd->msg);
+ break;
} /* end switch(stream) */
} /* end while get_msg() */
/* If output file is still open, it was the last one in the
* archive since we just hit an end of file, so close the file.
*/
- if (is_bopen(&bfd)) {
+ if (is_bopen(&altbfd)) {
+ bclose_chksize(jcr, &altbfd, alt_size);
+ }
+ if (extract) {
set_attributes(jcr, attr, &bfd);
}
+ if (is_bopen(&bfd)) {
+ bclose(&bfd);
+ }
set_jcr_job_status(jcr, JS_Terminated);
goto ok_out;
if (jcr->compress_buf) {
free(jcr->compress_buf);
jcr->compress_buf = NULL;
+ jcr->compress_buf_size = 0;
}
-#ifdef HAVE_DARWIN_OS
- if (is_bopen(&rsrc_bfd)) {
- bclose_chksize(jcr, &rsrc_bfd, rsrc_len);
- }
-#endif
+ bclose(&altbfd);
bclose(&bfd);
free_attr(attr);
- Dmsg2(10, "End Do Restore. Files=%d Bytes=%" lld "\n", jcr->JobFiles,
- jcr->JobBytes);
+ free_pool_memory(jcr->acl_text);
+ Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
+ edit_uint64(jcr->JobBytes, ec1));
if (non_support_data > 1 || non_support_attr > 1) {
Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
- non_support_data, non_support_attr);
+ non_support_data, non_support_attr);
}
if (non_support_rsrc) {
Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc);
static const char *zlib_strerror(int stat)
{
if (stat >= 0) {
- return "None";
+ return _("None");
}
switch (stat) {
case Z_ERRNO:
- return "Zlib errno";
+ return _("Zlib errno");
case Z_STREAM_ERROR:
- return "Zlib stream error";
+ return _("Zlib stream error");
case Z_DATA_ERROR:
- return "Zlib data error";
+ return _("Zlib data error");
case Z_MEM_ERROR:
- return "Zlib memory error";
+ return _("Zlib memory error");
case Z_BUF_ERROR:
- return "Zlib buffer error";
+ return _("Zlib buffer error");
case Z_VERSION_ERROR:
- return "Zlib version error";
+ return _("Zlib version error");
default:
- return "*none*";
+ return _("*none*");
}
}
#endif
+
+static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level) {
+ JCR *jcr = (JCR *) pkt;
+ return (digest_file(jcr, ff_pkt, jcr->digest));
+}
+
+/*
+ * Verify the signature for the last restored file
+ * Return value is either true (signature correct)
+ * or false (signature could not be verified).
+ */
+int verify_signature(JCR *jcr, SIGNATURE *sig)
+{
+ X509_KEYPAIR *keypair;
+ DIGEST *digest = NULL;
+ crypto_error_t err;
+
+
+ /* Iterate through the trusted signers */
+ foreach_alist(keypair, jcr->pki_signers) {
+ err = crypto_sign_get_digest(sig, jcr->pki_keypair, &digest);
+
+ switch (err) {
+ case CRYPTO_ERROR_NONE:
+ /* Signature found, digest allocated */
+ jcr->digest = digest;
+
+ /* Checksum the entire file */
+ if (find_one_file(jcr, jcr->ff, do_file_digest, jcr, jcr->last_fname, (dev_t)-1, 1) != 0) {
+ Qmsg(jcr, M_ERROR, 0, _("Signature validation failed for %s: \n"), jcr->last_fname);
+ return false;
+ }
+
+ /* Verify the signature */
+ if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
+ Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
+ crypto_digest_free(digest);
+ return false;
+ }
+
+ /* Valid signature */
+ crypto_digest_free(digest);
+ return true;
+
+ case CRYPTO_ERROR_NOSIGNER:
+ /* Signature not found, try again */
+ continue;
+ default:
+ /* Something strange happened (that shouldn't happen!)... */
+ Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
+ if (digest) {
+ crypto_digest_free(digest);
+ }
+ return false;
+ }
+ }
+
+ /* Unreachable */
+ return false;
+}
+
+/*
+ * In the context of jcr, write data to bfd.
+ * We write buflen bytes in buf at addr. addr is updated in place.
+ * The flags specify whether to use sparse files or compression.
+ * Return value is the number of bytes written, or -1 on errors.
+ */
+int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
+ uint64_t *addr, int flags)
+{
+ int stat;
+ char *wbuf; /* write buffer */
+ uint32_t wsize; /* write size */
+ uint32_t rsize; /* read size */
+ char ec1[50]; /* Buffer printing huge values */
+
+ if (flags & FO_SPARSE) {
+ ser_declare;
+ uint64_t faddr;
+ char ec1[50];
+ wbuf = buf + SPARSE_FADDR_SIZE;
+ rsize = buflen - SPARSE_FADDR_SIZE;
+ ser_begin(buf, SPARSE_FADDR_SIZE);
+ unser_uint64(faddr);
+ if (*addr != faddr) {
+ *addr = faddr;
+ if (blseek(bfd, (off_t)*addr, SEEK_SET) < 0) {
+ berrno be;
+ Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
+ edit_uint64(*addr, ec1), jcr->last_fname,
+ be.strerror(bfd->berrno));
+ return -1;
+ }
+ }
+ } else {
+ wbuf = buf;
+ rsize = buflen;
+ }
+ wsize = rsize;
+
+ if (flags & FO_GZIP) {
+#ifdef HAVE_LIBZ
+ uLong compress_len;
+ /*
+ * NOTE! We only use uLong and Byte because they are
+ * needed by the zlib routines, they should not otherwise
+ * be used in Bacula.
+ */
+ compress_len = jcr->compress_buf_size;
+ Dmsg2(100, "Comp_len=%d msglen=%d\n", compress_len, wsize);
+ if ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
+ (const Byte *)wbuf, (uLong)rsize)) != Z_OK) {
+ Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
+ jcr->last_fname, zlib_strerror(stat));
+ return -1;
+ }
+ wbuf = jcr->compress_buf;
+ wsize = compress_len;
+ Dmsg2(100, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
+#else
+ Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
+ return -1;
+#endif
+ } else {
+ Dmsg2(30, "Write %u bytes, total before write=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
+ }
+
+ if (flags & FO_WIN32DECOMP) {
+ if (!processWin32BackupAPIBlock(bfd, wbuf, wsize)) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
+ jcr->last_fname, be.strerror(bfd->berrno));
+ return -1;
+ }
+ } else if (bwrite(bfd, wbuf, wsize) != (ssize_t)wsize) {
+ berrno be;
+ Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"),
+ jcr->last_fname, be.strerror(bfd->berrno));
+ return -1;
+ }
+
+ jcr->JobBytes += wsize;
+ jcr->ReadBytes += rsize;
+ *addr += wsize;
+
+ return wsize;
+}