X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;ds=sidebyside;f=bacula%2Fsrc%2Ffiled%2Frestore.c;h=4310c3be212216cb6a5f58a4b300a838d5889236;hb=ed0741139e4650b4867c9bf4edaaf494aaee705f;hp=898dfaaa591329b2ace9a2ed7b5bd8e345a22353;hpb=51d000d06124a2d9442d5a980944b3eebba2fa65;p=bacula%2Fbacula diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c index 898dfaaa59..4310c3be21 100644 --- a/bacula/src/filed/restore.c +++ b/bacula/src/filed/restore.c @@ -1,12 +1,12 @@ /* Bacula® - The Network Backup Solution - Copyright (C) 2000-2008 Free Software Foundation Europe e.V. + Copyright (C) 2000-2011 Free Software Foundation Europe e.V. The main author of Bacula is Kern Sibbald, with contributions from many others, a complete list can be found in the file AUTHORS. This program is Free Software; you can redistribute it and/or - modify it under the terms of version two of the GNU General Public + modify it under the terms of version three of the GNU Affero General Public License as published by the Free Software Foundation and included in the file LICENSE. @@ -15,7 +15,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public License + You should have received a copy of the GNU Affero General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. @@ -34,6 +34,7 @@ #include "bacula.h" #include "filed.h" +#include "ch.h" #include "restore.h" #ifdef HAVE_DARWIN_OS @@ -67,16 +68,26 @@ const bool have_xattr = true; const bool have_xattr = false; #endif -/* Data received from Storage Daemon */ +/* + * Data received from Storage Daemon + */ static char rec_header[] = "rechdr %ld %ld %ld %ld %ld"; -/* Forward referenced functions */ +/* + * Forward referenced functions + */ #if defined(HAVE_LIBZ) static const char *zlib_strerror(int stat); const bool have_libz = true; #else const bool have_libz = false; #endif +#ifdef HAVE_LZO +const bool have_lzo = true; +#else +const bool have_lzo = false; +#endif + static void deallocate_cipher(r_ctx &rctx); static void deallocate_fork_cipher(r_ctx &rctx); @@ -86,8 +97,8 @@ static void close_previous_stream(r_ctx &rctx); static bool verify_signature(JCR *jcr, r_ctx &rctx); int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, - uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx); -bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, + uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx); +bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx); /* @@ -100,9 +111,9 @@ static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize) boffset_t fsize; fsize = blseek(bfd, 0, SEEK_CUR); - bclose(bfd); /* first close file */ + bclose(bfd); if (fsize > 0 && fsize != osize) { - Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"), + Qmsg3(jcr, M_WARNING, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"), jcr->last_fname, edit_uint64(osize, ec1), edit_uint64(fsize, ec2)); return -1; @@ -122,12 +133,12 @@ bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen) Dmsg0(130, "Restoring Finder Info\n"); jcr->ff->flags |= FO_HFSPLUS; if (buflen != 32) { - Jmsg(jcr, M_ERROR, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen); + Jmsg(jcr, M_WARNING, 0, _("Invalid length of Finder Info (got %d, not 32)\n"), buflen); return false; } if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) { - Jmsg(jcr, M_ERROR, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname); + Jmsg(jcr, M_WARNING, 0, _("Could not set Finder Info on %s\n"), jcr->last_fname); return false; } @@ -142,17 +153,16 @@ bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen) /* * Restore the requested files. - * */ void do_restore(JCR *jcr) { BSOCK *sd; uint32_t VolSessionId, VolSessionTime; int32_t file_index; - char ec1[50]; /* Buffer printing huge values */ - uint32_t buf_size; /* client buffer size */ + char ec1[50]; /* Buffer printing huge values */ + uint32_t buf_size; /* client buffer size */ int stat; - intmax_t rsrc_len = 0; /* Original length of resource fork */ + int64_t rsrc_len = 0; /* Original length of resource fork */ r_ctx rctx; ATTR *attr; /* ***FIXME*** make configurable */ @@ -161,7 +171,9 @@ void do_restore(JCR *jcr) memset(&rctx, 0, sizeof(rctx)); rctx.jcr = jcr; - /* The following variables keep track of "known unknowns" */ + /* + * The following variables keep track of "known unknowns" + */ int non_support_data = 0; int non_support_attr = 0; int non_support_rsrc = 0; @@ -172,7 +184,7 @@ void do_restore(JCR *jcr) int non_support_xattr = 0; sd = jcr->store_bsock; - set_jcr_job_status(jcr, JS_Running); + jcr->setJobStatus(JS_Running); LockRes(); CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL); @@ -183,19 +195,29 @@ void do_restore(JCR *jcr) buf_size = 0; /* use default */ } if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) { - set_jcr_job_status(jcr, JS_ErrorTerminated); + jcr->setJobStatus(JS_ErrorTerminated); return; } jcr->buf_size = sd->msglen; - /* St Bernard code goes here if implemented -- see end of file */ + /* + * St Bernard code goes here if implemented -- see end of file + */ - if (have_libz) { + /* use the same buffer size to decompress both gzip and lzo */ + if (have_libz || have_lzo) { uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100; jcr->compress_buf = get_memory(compress_buf_size); jcr->compress_buf_size = compress_buf_size; } +#ifdef HAVE_LZO + if (lzo_init() != LZO_E_OK) { + Jmsg(jcr, M_FATAL, 0, _("LZO init failed\n")); + goto bail_out; + } +#endif + if (have_crypto) { rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE); if (have_darwin_os) { @@ -247,19 +269,27 @@ void do_restore(JCR *jcr) } while (bget_msg(sd) >= 0 && !job_canceled(jcr)) { - /* Remember previous stream type */ + /* + * Remember previous stream type + */ rctx.prev_stream = rctx.stream; - /* First we expect a Stream Record Header */ + /* + * First we expect a Stream Record Header + */ if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index, - &rctx.stream, &rctx.size) != 5) { + &rctx.full_stream, &rctx.size) != 5) { Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg); goto bail_out; } - Dmsg5(50, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n", + /* Strip off new stream high bits */ + rctx.stream = rctx.full_stream & STREAMMASK_TYPE; + Dmsg5(150, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n", jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream)); - /* * Now we expect the Stream Data */ + /* + * Now we expect the Stream Data + */ if (bget_msg(sd) < 0) { Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror()); goto bail_out; @@ -274,52 +304,64 @@ void do_restore(JCR *jcr) Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream), sd->msglen, rctx.extract); - /* If we change streams, close and reset alternate data streams */ + /* + * If we change streams, close and reset alternate data streams + */ if (rctx.prev_stream != rctx.stream) { if (is_bopen(&rctx.forkbfd)) { deallocate_fork_cipher(rctx); bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size); } - rctx.fork_size = -1; /* Use an impossible value and set a proper one below */ + /* + * Use an impossible value and set a proper one below + */ + rctx.fork_size = -1; rctx.fork_addr = 0; } - /* File Attributes stream */ + /* + * File Attributes stream + */ switch (rctx.stream) { case STREAM_UNIX_ATTRIBUTES: case STREAM_UNIX_ATTRIBUTES_EX: - close_previous_stream(rctx); /* if any previous stream open, close it */ - + /* + * if any previous stream open, close it + */ + close_previous_stream(rctx); - /* TODO: manage deleted files */ + /* + * TODO: manage deleted files + */ if (rctx.type == FT_DELETED) { /* deleted file */ continue; } + /* + * Restore objects should be ignored here -- they are + * returned at the beginning of the restore. + */ + if (rctx.type == FT_RESTORE_FIRST) { + continue; + } /* * Unpack attributes and do sanity check them */ - if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, attr)) { + if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, sd->msglen, attr)) { goto bail_out; } -#ifdef xxx - if (file_index != attr->file_index) { - Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"), - file_index, attr->file_index); - Dmsg0(200, "File index error\n"); - goto bail_out; - } -#endif - Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname, + Dmsg3(100, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname, attr->attr, attr->attrEx); + Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", sd->msglen, + strlen(attr->attrEx), sd->msg); - attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI); + attr->data_stream = decode_stat(attr->attr, &attr->statp, sizeof(attr->statp), &attr->LinkFI); if (!is_restore_stream_supported(attr->data_stream)) { if (!non_support_data++) { - Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"), - stream_to_ascii(attr->data_stream)); + Jmsg(jcr, M_WARNING, 0, _("%s stream not supported on this Client.\n"), + stream_to_ascii(attr->data_stream)); } continue; } @@ -328,7 +370,7 @@ void do_restore(JCR *jcr) /* * Try to actually create the file, which returns a status telling - * us if we need to extract or not. + * us if we need to extract or not. */ jcr->num_files_examined++; rctx.extract = false; @@ -348,15 +390,25 @@ void do_restore(JCR *jcr) pm_strcpy(jcr->last_fname, attr->ofname); jcr->last_type = attr->type; break; - case CF_EXTRACT: /* File created and we expect file data */ + case CF_EXTRACT: + /* + * File created and we expect file data + */ rctx.extract = true; - /* FALLTHROUGH */ - case CF_CREATED: /* File created, but there is no content */ + /* + * FALLTHROUGH + */ + case CF_CREATED: + /* + * File created, but there is no content + */ rctx.fileAddr = 0; print_ls_output(jcr, attr); if (have_darwin_os) { - /* Only restore the resource fork for regular files */ + /* + * Only restore the resource fork for regular files + */ from_base64(&rsrc_len, attr->attrEx); if (attr->type == FT_REG && rsrc_len > 0) { rctx.extract = true; @@ -373,7 +425,9 @@ void do_restore(JCR *jcr) } if (!rctx.extract) { - /* set attributes now because file will not be extracted */ + /* + * set attributes now because file will not be extracted + */ if (jcr->plugin) { plugin_set_attributes(jcr, attr, &rctx.bfd); } else { @@ -384,11 +438,15 @@ void do_restore(JCR *jcr) } break; - /* Data stream */ + /* + * Data stream + */ case STREAM_ENCRYPTED_SESSION_DATA: crypto_error_t cryptoerr; - /* Is this an unexpected session data entry? */ + /* + * Is this an unexpected session data entry? + */ if (rctx.cs) { Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n")); rctx.extract = false; @@ -396,7 +454,9 @@ void do_restore(JCR *jcr) continue; } - /* Do we have any keys at all? */ + /* + * Do we have any keys at all? + */ if (!jcr->crypto.pki_recipients) { Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n")); rctx.extract = false; @@ -415,12 +475,16 @@ void do_restore(JCR *jcr) break; } - /* Decode and save session keys. */ + /* + * Decode and save session keys. + */ cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen, jcr->crypto.pki_recipients, &rctx.cs); switch(cryptoerr) { case CRYPTO_ERROR_NONE: - /* Success */ + /* + * Success + */ break; case CRYPTO_ERROR_NORECIPIENT: Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n")); @@ -429,7 +493,9 @@ void do_restore(JCR *jcr) Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n")); break; default: - /* Shouldn't happen */ + /* + * Shouldn't happen + */ Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr)); break; } @@ -448,19 +514,27 @@ void do_restore(JCR *jcr) case STREAM_GZIP_DATA: case STREAM_SPARSE_GZIP_DATA: case STREAM_WIN32_GZIP_DATA: + case STREAM_COMPRESSED_DATA: + case STREAM_SPARSE_COMPRESSED_DATA: + case STREAM_WIN32_COMPRESSED_DATA: case STREAM_ENCRYPTED_FILE_DATA: case STREAM_ENCRYPTED_WIN32_DATA: case STREAM_ENCRYPTED_FILE_GZIP_DATA: case STREAM_ENCRYPTED_WIN32_GZIP_DATA: - /* Force an expected, consistent stream type here */ + case STREAM_ENCRYPTED_FILE_COMPRESSED_DATA: + case STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA: + /* + * Force an expected, consistent stream type here + */ if (rctx.extract && (rctx.prev_stream == rctx.stream || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) { rctx.flags = 0; - if (rctx.stream == STREAM_SPARSE_DATA || - rctx.stream == STREAM_SPARSE_GZIP_DATA) { + if (rctx.stream == STREAM_SPARSE_DATA + || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA + || rctx.stream == STREAM_SPARSE_GZIP_DATA) { rctx.flags |= FO_SPARSE; } @@ -468,15 +542,25 @@ void do_restore(JCR *jcr) || rctx.stream == STREAM_SPARSE_GZIP_DATA || rctx.stream == STREAM_WIN32_GZIP_DATA || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA + || rctx.stream == STREAM_COMPRESSED_DATA + || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA + || rctx.stream == STREAM_WIN32_COMPRESSED_DATA + || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA + || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) { - rctx.flags |= FO_GZIP; + rctx.flags |= FO_COMPRESS; + rctx.comp_stream = rctx.stream; } if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA + || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA + || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) { - /* Set up a decryption context */ + /* + * Set up a decryption context + */ if (!rctx.cipher_ctx.cipher) { if (!rctx.cs) { Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname); @@ -499,11 +583,14 @@ void do_restore(JCR *jcr) if (is_win32_stream(rctx.stream) && !have_win32_api()) { set_portable_backup(&rctx.bfd); - rctx.flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */ + /* + * "decompose" BackupWrite data + */ + rctx.flags |= FO_WIN32DECOMP; } if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr, - rctx.flags, &rctx.cipher_ctx) < 0) { + rctx.flags, rctx.stream, &rctx.cipher_ctx) < 0) { rctx.extract = false; bclose(&rctx.bfd); continue; @@ -524,7 +611,9 @@ void do_restore(JCR *jcr) if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) { rctx.fork_flags |= FO_ENCRYPT; - /* Set up a decryption context */ + /* + * Set up a decryption context + */ if (rctx.extract && !rctx.fork_cipher_ctx.cipher) { if (!rctx.cs) { Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname); @@ -546,7 +635,7 @@ void do_restore(JCR *jcr) if (rctx.extract) { if (rctx.prev_stream != rctx.stream) { if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) { - Jmsg(jcr, M_ERROR, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname); + Jmsg(jcr, M_WARNING, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname); rctx.extract = false; continue; } @@ -556,7 +645,7 @@ void do_restore(JCR *jcr) } if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags, - &rctx.fork_cipher_ctx) < 0) { + rctx.stream, &rctx.fork_cipher_ctx) < 0) { rctx.extract = false; bclose(&rctx.forkbfd); continue; @@ -593,6 +682,10 @@ void do_restore(JCR *jcr) case STREAM_ACL_TRU64_ACCESS_ACL: case STREAM_ACL_SOLARIS_ACLENT: case STREAM_ACL_SOLARIS_ACE: + case STREAM_ACL_AFS_TEXT: + case STREAM_ACL_AIX_AIXC: + case STREAM_ACL_AIX_NFS4: + case STREAM_ACL_FREEBSD_NFS4_ACL: /* * Do not restore ACLs when * a) The current file is not extracted @@ -614,7 +707,7 @@ void do_restore(JCR *jcr) * print the error message set by the lower level routine in jcr->errmsg. */ if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) { - Qmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg); + Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg); } jcr->acl_data->nr_errors++; break; @@ -626,6 +719,10 @@ void do_restore(JCR *jcr) } break; + case STREAM_XATTR_IRIX: + case STREAM_XATTR_TRU64: + case STREAM_XATTR_AIX: + case STREAM_XATTR_OPENBSD: case STREAM_XATTR_SOLARIS_SYS: case STREAM_XATTR_SOLARIS: case STREAM_XATTR_DARWIN: @@ -653,7 +750,7 @@ void do_restore(JCR *jcr) * print the error message set by the lower level routine in jcr->errmsg. */ if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) { - Qmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg); + Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg); } jcr->xattr_data->nr_errors++; break; @@ -666,13 +763,17 @@ void do_restore(JCR *jcr) break; case STREAM_SIGNED_DIGEST: - /* Is this an unexpected signature? */ + /* + * Is this an unexpected signature? + */ if (rctx.sig) { Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n")); free_signature(rctx); continue; } - /* Save signature. */ + /* + * Save signature. + */ if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) { Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname); } @@ -698,14 +799,16 @@ void do_restore(JCR *jcr) plugin_name_stream(jcr, sd->msg); break; + case STREAM_RESTORE_OBJECT: + break; /* these are sent by Director */ + default: close_previous_stream(rctx); - Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"), + Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"), rctx.stream); Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg); break; } /* end switch(stream) */ - } /* end while get_msg() */ /* @@ -717,11 +820,11 @@ void do_restore(JCR *jcr) } close_previous_stream(rctx); - set_jcr_job_status(jcr, JS_Terminated); + jcr->setJobStatus(JS_Terminated); goto ok_out; bail_out: - set_jcr_job_status(jcr, JS_ErrorTerminated); + jcr->setJobStatus(JS_ErrorTerminated); ok_out: /* @@ -730,15 +833,15 @@ ok_out: Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles, edit_uint64(jcr->JobBytes, ec1)); if (have_acl && jcr->acl_data->nr_errors > 0) { - Jmsg(jcr, M_ERROR, 0, _("Encountered %ld acl errors while doing restore\n"), + Jmsg(jcr, M_WARNING, 0, _("Encountered %ld acl errors while doing restore\n"), jcr->acl_data->nr_errors); } if (have_xattr && jcr->xattr_data->nr_errors > 0) { - Jmsg(jcr, M_ERROR, 0, _("Encountered %ld xattr errors while doing restore\n"), + Jmsg(jcr, M_WARNING, 0, _("Encountered %ld xattr errors while doing restore\n"), jcr->xattr_data->nr_errors); } if (non_support_data > 1 || non_support_attr > 1) { - Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"), + Jmsg(jcr, M_WARNING, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"), non_support_data, non_support_attr); } if (non_support_rsrc) { @@ -869,7 +972,10 @@ static bool verify_signature(JCR *jcr, r_ctx &rctx) if (!jcr->crypto.pki_sign) { - return true; /* no signature OK */ + /* + * no signature OK + */ + return true; } if (!sig) { if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) { @@ -880,7 +986,9 @@ static bool verify_signature(JCR *jcr, r_ctx &rctx) return true; } - /* Iterate through the trusted signers */ + /* + * Iterate through the trusted signers + */ foreach_alist(keypair, jcr->crypto.pki_signers) { err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest); switch (err) { @@ -899,7 +1007,9 @@ static bool verify_signature(JCR *jcr, r_ctx &rctx) } } if (jcr->crypto.digest) { - /* Use digest computed while writing the file to verify the signature */ + /* + * Use digest computed while writing the file to verify the signature + */ if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) { Dmsg1(50, "Bad signature on %s\n", jcr->last_fname); Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"), @@ -907,13 +1017,16 @@ static bool verify_signature(JCR *jcr, r_ctx &rctx) goto bail_out; } } else { - /* Signature found, digest allocated. Old method, + /* + * Signature found, digest allocated. Old method, * re-read the file and compute the digest */ jcr->crypto.digest = digest; - /* Checksum the entire file */ - /* Make sure we don't modify JobBytes by saving and restoring it */ + /* + * Checksum the entire file + * Make sure we don't modify JobBytes by saving and restoring it + */ saved_bytes = jcr->JobBytes; if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) { Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"), @@ -923,7 +1036,9 @@ static bool verify_signature(JCR *jcr, r_ctx &rctx) } jcr->JobBytes = saved_bytes; - /* Verify the signature */ + /* + * Verify the signature + */ if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) { Dmsg1(50, "Bad signature on %s\n", jcr->last_fname); Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"), @@ -933,26 +1048,34 @@ static bool verify_signature(JCR *jcr, r_ctx &rctx) jcr->crypto.digest = NULL; } - /* Valid signature */ + /* + * Valid signature + */ Dmsg1(50, "Signature good on %s\n", jcr->last_fname); crypto_digest_free(digest); return true; case CRYPTO_ERROR_NOSIGNER: - /* Signature not found, try again */ + /* + * Signature not found, try again + */ if (digest) { crypto_digest_free(digest); digest = NULL; } continue; default: - /* Something strange happened (that shouldn't happen!)... */ + /* + * Something strange happened (that shouldn't happen!)... + */ Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err)); goto bail_out; } } - /* No signer */ + /* + * No signer + */ Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname); bail_out: @@ -967,7 +1090,7 @@ bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *le unser_declare; uint64_t faddr; char ec1[50]; - unser_begin(*data, SPARSE_FADDR_SIZE); + unser_begin(*data, OFFSET_FADDR_SIZE); unser_uint64(faddr); if (*addr != faddr) { *addr = faddr; @@ -979,47 +1102,117 @@ bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *le return false; } } - *data += SPARSE_FADDR_SIZE; - *length -= SPARSE_FADDR_SIZE; + *data += OFFSET_FADDR_SIZE; + *length -= OFFSET_FADDR_SIZE; return true; } -bool decompress_data(JCR *jcr, char **data, uint32_t *length) +bool decompress_data(JCR *jcr, int32_t stream, char **data, uint32_t *length) { -#ifdef HAVE_LIBZ - uLong compress_len; - int stat; - char ec1[50]; /* Buffer printing huge values */ + char ec1[50]; /* Buffer printing huge values */ - /* - * NOTE! We only use uLong and Byte because they are - * needed by the zlib routines, they should not otherwise - * be used in Bacula. - */ - compress_len = jcr->compress_buf_size; - Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); - while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len, - (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR) + Dmsg1(200, "Stream found in decompress_data(): %d\n", stream); + if(stream == STREAM_COMPRESSED_DATA || stream == STREAM_SPARSE_COMPRESSED_DATA || stream == STREAM_WIN32_COMPRESSED_DATA + || stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA || stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA) { - /* The buffer size is too small, try with a bigger one */ - compress_len = jcr->compress_buf_size = jcr->compress_buf_size + jcr->compress_buf_size >> 1; + uint32_t comp_magic, comp_len; + uint16_t comp_level, comp_version; +#ifdef HAVE_LZO + lzo_uint compress_len; + const unsigned char *cbuf; + int r, real_compress_len; +#endif + + /* read compress header */ + unser_declare; + unser_begin(*data, sizeof(comp_stream_header)); + unser_uint32(comp_magic); + unser_uint32(comp_len); + unser_uint16(comp_level); + unser_uint16(comp_version); + Dmsg4(200, "Compressed data stream found: magic=0x%x, len=%d, level=%d, ver=0x%x\n", comp_magic, comp_len, + comp_level, comp_version); + + /* version check */ + if (comp_version != COMP_HEAD_VERSION) { + Qmsg(jcr, M_ERROR, 0, _("Compressed header version error. version=0x%x\n"), comp_version); + return false; + } + /* size check */ + if (comp_len + sizeof(comp_stream_header) != *length) { + Qmsg(jcr, M_ERROR, 0, _("Compressed header size error. comp_len=%d, msglen=%d\n"), + comp_len, *length); + return false; + } + switch(comp_magic) { +#ifdef HAVE_LZO + case COMPRESS_LZO1X: + compress_len = jcr->compress_buf_size; + cbuf = (const unsigned char*)*data + sizeof(comp_stream_header); + real_compress_len = *length - sizeof(comp_stream_header); + Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); + while ((r=lzo1x_decompress_safe(cbuf, real_compress_len, + (unsigned char *)jcr->compress_buf, &compress_len, NULL)) == LZO_E_OUTPUT_OVERRUN) + { + /* + * The buffer size is too small, try with a bigger one + */ + compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1); + Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); + jcr->compress_buf = check_pool_memory_size(jcr->compress_buf, + compress_len); + } + if (r != LZO_E_OK) { + Qmsg(jcr, M_ERROR, 0, _("LZO uncompression error on file %s. ERR=%d\n"), + jcr->last_fname, r); + return false; + } + *data = jcr->compress_buf; + *length = compress_len; + Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1)); + return true; +#endif + default: + Qmsg(jcr, M_ERROR, 0, _("Compression algorithm 0x%x found, but not supported!\n"), comp_magic); + return false; + } + } else { +#ifdef HAVE_LIBZ + uLong compress_len; + int stat; + + /* + * NOTE! We only use uLong and Byte because they are + * needed by the zlib routines, they should not otherwise + * be used in Bacula. + */ + compress_len = jcr->compress_buf_size; Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); - jcr->compress_buf = check_pool_memory_size(jcr->compress_buf, - compress_len); - } - if (stat != Z_OK) { - Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"), - jcr->last_fname, zlib_strerror(stat)); - return false; - } - *data = jcr->compress_buf; - *length = compress_len; - Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1)); - return true; + while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len, + (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR) + { + /* + * The buffer size is too small, try with a bigger one + */ + compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1); + Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); + jcr->compress_buf = check_pool_memory_size(jcr->compress_buf, + compress_len); + } + if (stat != Z_OK) { + Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"), + jcr->last_fname, zlib_strerror(stat)); + return false; + } + *data = jcr->compress_buf; + *length = compress_len; + Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1)); + return true; #else - Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n")); - return false; + Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n")); + return false; #endif + } } static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx) @@ -1061,13 +1254,13 @@ bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win * Return value is the number of bytes written, or -1 on errors. */ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, - uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx) + uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx) { - char *wbuf; /* write buffer */ - uint32_t wsize; /* write size */ - uint32_t rsize; /* read size */ - uint32_t decrypted_len = 0; /* Decryption output length */ - char ec1[50]; /* Buffer printing huge values */ + char *wbuf; /* write buffer */ + uint32_t wsize; /* write size */ + uint32_t rsize; /* read size */ + uint32_t decrypted_len = 0; /* Decryption output length */ + char ec1[50]; /* Buffer printing huge values */ rsize = buflen; jcr->ReadBytes += rsize; @@ -1077,10 +1270,10 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, if (flags & FO_ENCRYPT) { ASSERT(cipher_ctx->cipher); - /* NOTE: We must implement block preserving semantics for the - * non-streaming compression and sparse code. */ - /* + * NOTE: We must implement block preserving semantics for the + * non-streaming compression and sparse code. + * * Grow the crypto buffer, if necessary. * crypto_cipher_update() will process only whole blocks, * buffering the remaining input. @@ -1088,19 +1281,25 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len + wsize + cipher_ctx->block_size); - /* Decrypt the input block */ + /* + * Decrypt the input block + */ if (!crypto_cipher_update(cipher_ctx->cipher, (const u_int8_t *)wbuf, wsize, (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len], &decrypted_len)) { - /* Decryption failed. Shouldn't happen. */ + /* + * Decryption failed. Shouldn't happen. + */ Jmsg(jcr, M_FATAL, 0, _("Decryption error\n")); goto bail_out; } if (decrypted_len == 0) { - /* No full block of encrypted data available, write more data */ + /* + * No full block of encrypted data available, write more data + */ return 0; } @@ -1109,33 +1308,39 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, cipher_ctx->buf_len += decrypted_len; wbuf = cipher_ctx->buf; - /* If one full preserved block is available, write it to disk, + /* + * If one full preserved block is available, write it to disk, * and then buffer any remaining data. This should be effecient * as long as Bacula's block size is not significantly smaller than the - * encryption block size (extremely unlikely!) */ + * encryption block size (extremely unlikely!) + */ unser_crypto_packet_len(cipher_ctx); Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE); if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) { - /* No full preserved block is available. */ + /* + * No full preserved block is available. + */ return 0; } - /* We have one full block, set up the filter input buffers */ + /* + * We have one full block, set up the filter input buffers + */ wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE; wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */ cipher_ctx->buf_len -= cipher_ctx->packet_len; Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len); } - if (flags & FO_SPARSE) { + if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) { if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) { goto bail_out; } } - if (flags & FO_GZIP) { - if (!decompress_data(jcr, &wbuf, &wsize)) { + if (flags & FO_COMPRESS) { + if (!decompress_data(jcr, stream, &wbuf, &wsize)) { goto bail_out; } } @@ -1147,7 +1352,9 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, *addr += wsize; Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1)); - /* Clean up crypto buffers */ + /* + * Clean up crypto buffers + */ if (flags & FO_ENCRYPT) { /* Move any remaining data to start of buffer */ if (cipher_ctx->buf_len > 0) { @@ -1155,8 +1362,10 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len], cipher_ctx->buf_len); } - /* The packet was successfully written, reset the length so that the next - * packet length may be re-read by unser_crypto_packet_len() */ + /* + * The packet was successfully written, reset the length so that the next + * packet length may be re-read by unser_crypto_packet_len() + */ cipher_ctx->packet_len = 0; } return wsize; @@ -1194,11 +1403,15 @@ static void close_previous_stream(r_ctx &rctx) } rctx.extract = false; - /* Verify the cryptographic signature, if any */ + /* + * Verify the cryptographic signature, if any + */ rctx.type = rctx.attr->type; verify_signature(rctx.jcr, rctx); - /* Free Signature */ + /* + * Free Signature + */ free_signature(rctx); free_session(rctx); rctx.jcr->ff->flags = 0; @@ -1216,7 +1429,7 @@ static void close_previous_stream(r_ctx &rctx) * writing it to bfd. * Return value is true on success, false on failure. */ -bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, +bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, int32_t stream, RESTORE_CIPHER_CTX *cipher_ctx) { uint32_t decrypted_len = 0; @@ -1226,19 +1439,25 @@ bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, bool second_pass = false; again: - /* Write out the remaining block and free the cipher context */ + /* + * Write out the remaining block and free the cipher context + */ cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len + - cipher_ctx->block_size); + cipher_ctx->block_size); if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len], &decrypted_len)) { - /* Writing out the final, buffered block failed. Shouldn't happen. */ + /* + * Writing out the final, buffered block failed. Shouldn't happen. + */ Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"), cipher_ctx->buf_len, decrypted_len, jcr->last_fname); } Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len); - /* If nothing new was decrypted, and our output buffer is empty, return */ + /* + * If nothing new was decrypted, and our output buffer is empty, return + */ if (decrypted_len == 0 && cipher_ctx->buf_len == 0) { return true; } @@ -1248,18 +1467,21 @@ again: unser_crypto_packet_len(cipher_ctx); Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE); wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE; - wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; /* Decrypted, possibly decompressed output here. */ + /* + * Decrypted, possibly decompressed output here. + */ + wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; cipher_ctx->buf_len -= cipher_ctx->packet_len; Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len); - if (flags & FO_SPARSE) { + if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) { if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) { return false; } } - if (flags & FO_GZIP) { - if (!decompress_data(jcr, &wbuf, &wsize)) { + if (flags & FO_COMPRESS) { + if (!decompress_data(jcr, stream, &wbuf, &wsize)) { return false; } } @@ -1271,14 +1493,18 @@ again: jcr->JobBytes += wsize; Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1)); - /* Move any remaining data to start of buffer */ + /* + * Move any remaining data to start of buffer + */ if (cipher_ctx->buf_len > 0) { Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len); memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len], cipher_ctx->buf_len); } - /* The packet was successfully written, reset the length so that the next - * packet length may be re-read by unser_crypto_packet_len() */ + /* + * The packet was successfully written, reset the length so that the next + * packet length may be re-read by unser_crypto_packet_len() + */ cipher_ctx->packet_len = 0; if (cipher_ctx->buf_len >0 && !second_pass) { @@ -1286,7 +1512,9 @@ again: goto again; } - /* Stop decryption */ + /* + * Stop decryption + */ cipher_ctx->buf_len = 0; cipher_ctx->packet_len = 0; @@ -1295,9 +1523,11 @@ again: static void deallocate_cipher(r_ctx &rctx) { - /* Flush and deallocate previous stream's cipher context */ + /* + * Flush and deallocate previous stream's cipher context + */ if (rctx.cipher_ctx.cipher) { - flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx); + flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, rctx.comp_stream, &rctx.cipher_ctx); crypto_cipher_free(rctx.cipher_ctx.cipher); rctx.cipher_ctx.cipher = NULL; } @@ -1306,9 +1536,11 @@ static void deallocate_cipher(r_ctx &rctx) static void deallocate_fork_cipher(r_ctx &rctx) { - /* Flush and deallocate previous stream's fork cipher context */ + /* + * Flush and deallocate previous stream's fork cipher context + */ if (rctx.fork_cipher_ctx.cipher) { - flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx); + flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, rctx.comp_stream, &rctx.fork_cipher_ctx); crypto_cipher_free(rctx.fork_cipher_ctx.cipher); rctx.fork_cipher_ctx.cipher = NULL; } @@ -1331,7 +1563,9 @@ static void free_session(r_ctx &rctx) } -/* This code if implemented goes above */ +/* + * This code if implemented goes above + */ #ifdef stbernard_implemented / #if defined(HAVE_WIN32) bool bResumeOfmOnExit = FALSE;