X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=bacula%2Fsrc%2Ffiled%2Frestore.c;h=f9e8c5f8cb827b2f3db94c28b0335364fc22919b;hb=5c53840c9a02cefaaa45aee96c02c6f9cdaf3703;hp=ada10e9cae42d4531a441d13482db8330a61b458;hpb=38a904747f731644cd1a10befd09847e52e5e2af;p=bacula%2Fbacula diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c index ada10e9cae..f9e8c5f8cb 100644 --- a/bacula/src/filed/restore.c +++ b/bacula/src/filed/restore.c @@ -1,75 +1,150 @@ /* - * Bacula File Daemon restore.c Restorefiles. - * - * Kern Sibbald, November MM - * - * Version $Id$ - * - */ -/* - Copyright (C) 2000-2005 Kern Sibbald + Bacula® - The Network Backup Solution + + Copyright (C) 2000-2008 Free Software Foundation Europe e.V. - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License as - published by the Free Software Foundation; either version 2 of - the License, or (at your option) any later version. + The main author of Bacula is Kern Sibbald, with contributions from + many others, a complete list can be found in the file AUTHORS. + This program is Free Software; you can redistribute it and/or + modify it under the terms of version two of the GNU General Public + License as published by the Free Software Foundation and included + in the file LICENSE. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - You should have received a copy of the GNU General Public - License along with this program; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA. + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + 02110-1301, USA. + Bacula® is a registered trademark of Kern Sibbald. + The licensor of Bacula is the Free Software Foundation Europe + (FSFE), Fiduciary Program, Sumatrastrasse 25, 8006 Zürich, + Switzerland, email:ftf@fsfeurope.org. +*/ +/* + * Bacula File Daemon restore.c Restorefiles. + * + * Kern Sibbald, November MM + * */ #include "bacula.h" #include "filed.h" -#ifdef HAVE_ACL -#include -#include -#endif - #ifdef HAVE_DARWIN_OS #include +const bool have_darwin_os = true; +#else +const bool have_darwin_os = false; +#endif + +#if defined(HAVE_CRYPTO) +const bool have_crypto = true; +#else +const bool have_crypto = false; +#endif + +#if defined(HAVE_ACL) +const bool have_acl = true; +#else +const bool have_acl = false; +#endif + +#ifdef HAVE_SHA2 +const bool have_sha2 = true; +#else +const bool have_sha2 = false; +#endif + +#if defined(HAVE_XATTR) +const bool have_xattr = true; +#else +const bool have_xattr = false; #endif /* Data received from Storage Daemon */ static char rec_header[] = "rechdr %ld %ld %ld %ld %ld"; +typedef struct restore_cipher_ctx { + CIPHER_CONTEXT *cipher; + uint32_t block_size; + + POOLMEM *buf; /* Pointer to descryption buffer */ + int32_t buf_len; /* Count of bytes currently in buf */ + int32_t packet_len; /* Total bytes in packet */ +} RESTORE_CIPHER_CTX; + +struct r_ctx { + JCR *jcr; + int32_t stream; + int32_t prev_stream; + BFILE bfd; /* File content */ + uint64_t fileAddr; /* file write address */ + uint32_t size; /* Size of file */ + int flags; /* Options for extract_data() */ + BFILE forkbfd; /* Alternative data stream */ + uint64_t fork_addr; /* Write address for alternative stream */ + intmax_t fork_size; /* Size of alternate stream */ + int fork_flags; /* Options for extract_data() */ + int32_t type; /* file type FT_ */ + ATTR *attr; /* Pointer to attributes */ + bool extract; /* set when extracting */ + + SIGNATURE *sig; /* Cryptographic signature (if any) for file */ + CRYPTO_SESSION *cs; /* Cryptographic session data (if any) for file */ + RESTORE_CIPHER_CTX cipher_ctx; /* Cryptographic restore context (if any) for file */ + RESTORE_CIPHER_CTX fork_cipher_ctx; /* Cryptographic restore context (if any) for alternative stream */ +}; + + /* Forward referenced functions */ -#ifdef HAVE_LIBZ +#if defined(HAVE_LIBZ) static const char *zlib_strerror(int stat); +const bool have_libz = true; +#else +const bool have_libz = false; #endif + +static void deallocate_cipher(r_ctx &rctx); +static void deallocate_fork_cipher(r_ctx &rctx); +static void free_signature(r_ctx &rctx); +static void free_session(r_ctx &rctx); +static void close_previous_stream(r_ctx &rctx); + + + +static bool verify_signature(JCR *jcr, r_ctx &rctx); int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, - uint64_t *addr, int flags); + uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx); +bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, + RESTORE_CIPHER_CTX *cipher_ctx); -#define RETRY 10 /* retry wait time */ /* * Close a bfd check that we are at the expected file offset. - * Makes some code in set_attributes(). + * Makes use of some code from set_attributes(). */ -int bclose_chksize(JCR *jcr, BFILE *bfd, off_t osize) +static int bclose_chksize(JCR *jcr, BFILE *bfd, boffset_t osize) { char ec1[50], ec2[50]; - off_t fsize; + boffset_t fsize; fsize = blseek(bfd, 0, SEEK_CUR); - bclose(bfd); /* first close file */ + bclose(bfd); /* first close file */ if (fsize > 0 && fsize != osize) { - Jmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"), - jcr->last_fname, edit_uint64(osize, ec1), - edit_uint64(fsize, ec2)); + Qmsg3(jcr, M_ERROR, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"), + jcr->last_fname, edit_uint64(osize, ec1), + edit_uint64(fsize, ec2)); return -1; } return 0; } + /* * Restore the requested files. * @@ -77,21 +152,19 @@ int bclose_chksize(JCR *jcr, BFILE *bfd, off_t osize) void do_restore(JCR *jcr) { BSOCK *sd; - int32_t stream, prev_stream; uint32_t VolSessionId, VolSessionTime; - bool extract = false; int32_t file_index; - char ec1[50]; /* Buffer printing huge values */ - - BFILE bfd; /* File content */ - uint64_t fileAddr = 0; /* file write address */ - uint32_t size; /* Size of file */ - BFILE altbfd; /* Alternative data stream */ - uint64_t alt_addr = 0; /* Write address for alternative stream */ - intmax_t alt_size = 0; /* Size of alternate stream */ - int flags; /* Options for extract_data() */ + char ec1[50]; /* Buffer printing huge values */ + uint32_t buf_size; /* client buffer size */ int stat; + intmax_t rsrc_len = 0; /* Original length of resource fork */ + r_ctx rctx; ATTR *attr; + /* ***FIXME*** make configurable */ + crypto_digest_t signing_algorithm = have_sha2 ? + CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1; + memset(&rctx, 0, sizeof(rctx)); + rctx.jcr = jcr; /* The following variables keep track of "known unknowns" */ int non_support_data = 0; @@ -100,31 +173,27 @@ void do_restore(JCR *jcr) int non_support_finfo = 0; int non_support_acl = 0; int non_support_progname = 0; + int non_support_crypto = 0; + int non_support_xattr = 0; - /* Finally, set up for special configurations */ -#ifdef HAVE_ACL - acl_t acl; -#endif #ifdef HAVE_DARWIN_OS - intmax_t rsrc_len = 0; /* Original length of resource fork */ struct attrlist attrList; - memset(&attrList, 0, sizeof(attrList)); attrList.bitmapcount = ATTR_BIT_MAP_COUNT; attrList.commonattr = ATTR_CMN_FNDRINFO; #endif + sd = jcr->store_bsock; set_jcr_job_status(jcr, JS_Running); LockRes(); CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL); UnlockRes(); - uint32_t buf_size; if (client) { buf_size = client->max_network_buffer_size; } else { - buf_size = 0; /* use default */ + buf_size = 0; /* use default */ } if (!bnet_set_buffer_size(sd, buf_size, BNET_SETBUF_WRITE)) { set_jcr_job_status(jcr, JS_ErrorTerminated); @@ -132,340 +201,565 @@ void do_restore(JCR *jcr) } jcr->buf_size = sd->msglen; -#ifdef HAVE_LIBZ - uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100; - jcr->compress_buf = (char *)bmalloc(compress_buf_size); - jcr->compress_buf_size = compress_buf_size; -#endif + /* St Bernard code goes here if implemented -- see end of file */ + + if (have_libz) { + uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100; + jcr->compress_buf = get_memory(compress_buf_size); + jcr->compress_buf_size = compress_buf_size; + } + if (have_crypto) { + rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE); + if (have_darwin_os) { + rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE); + } + } + /* * Get a record from the Storage daemon. We are guaranteed to - * receive records in the following order: - * 1. Stream record header - * 2. Stream data - * a. Attributes (Unix or Win32) - * or b. File data for the file - * or c. Alternate data stream (e.g. Resource Fork) - * or d. Finder info - * or e. ACLs - * or f. Possibly MD5 or SHA1 record - * 3. Repeat step 1 + * receive records in the following order: + * 1. Stream record header + * 2. Stream data (one or more of the following in the order given) + * a. Attributes (Unix or Win32) + * b. Possibly stream encryption session data (e.g., symmetric session key) + * c. File data for the file + * d. Alternate data stream (e.g. Resource Fork) + * e. Finder info + * f. ACLs + * g. XATTRs + * h. Possibly a cryptographic signature + * i. Possibly MD5 or SHA1 record + * 3. Repeat step 1 * * NOTE: We keep track of two bacula file descriptors: - * 1. bfd for file data. - * This fd is opened for non empty files when an attribute stream is - * encountered and closed when we find the next attribute stream. - * 2. alt_bfd for alternate data streams - * This fd is opened every time we encounter a new alternate data - * stream for the current file. When we find any other stream, we - * close it again. - * The expected size of the stream, alt_len, should be set when - * opening the fd. + * 1. bfd for file data. + * This fd is opened for non empty files when an attribute stream is + * encountered and closed when we find the next attribute stream. + * 2. fork_bfd for alternate data streams + * This fd is opened every time we encounter a new alternate data + * stream for the current file. When we find any other stream, we + * close it again. + * The expected size of the stream, fork_len, should be set when + * opening the fd. + * 3. Not all the stream data records are required -- e.g. if there + * is no fork, there is no alternate data stream, no ACL, ... */ - binit(&bfd); - binit(&altbfd); - attr = new_attr(); + binit(&rctx.bfd); + binit(&rctx.forkbfd); + attr = rctx.attr = new_attr(jcr); + if (have_acl) { + jcr->acl_data = (acl_data_t *)malloc(sizeof(acl_data_t)); + memset((caddr_t)jcr->acl_data, 0, sizeof(acl_data_t)); + jcr->acl_data->content = get_pool_memory(PM_MESSAGE); + } + if (have_xattr) { + jcr->xattr_data = (xattr_data_t *)malloc(sizeof(xattr_data_t)); + memset((caddr_t)jcr->xattr_data, 0, sizeof(xattr_data_t)); + jcr->xattr_data->content = get_pool_memory(PM_MESSAGE); + } while (bget_msg(sd) >= 0 && !job_canceled(jcr)) { /* Remember previous stream type */ - prev_stream = stream; + rctx.prev_stream = rctx.stream; /* First we expect a Stream Record Header */ if (sscanf(sd->msg, rec_header, &VolSessionId, &VolSessionTime, &file_index, - &stream, &size) != 5) { + &rctx.stream, &rctx.size) != 5) { Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), sd->msg); - goto bail_out; + goto bail_out; } - Dmsg2(30, "Got hdr: FilInx=%d Stream=%d.\n", file_index, stream); + Dmsg5(50, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n", + jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream)); /* * Now we expect the Stream Data */ if (bget_msg(sd) < 0) { - Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), bnet_strerror(sd)); - goto bail_out; + Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror()); + goto bail_out; } - if (size != (uint32_t)sd->msglen) { - Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"), sd->msglen, size); - goto bail_out; + if (rctx.size != (uint32_t)sd->msglen) { + Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"), + sd->msglen, rctx.size); + Dmsg2(50, "Actual data size %d not same as header %d\n", + sd->msglen, rctx.size); + goto bail_out; } - Dmsg1(30, "Got stream data, len=%d\n", sd->msglen); + Dmsg3(130, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream), + sd->msglen, rctx.extract); /* If we change streams, close and reset alternate data streams */ - if (prev_stream != stream) { - if (is_bopen(&altbfd)) { - bclose_chksize(jcr, &altbfd, alt_size); - } - alt_size = -1; /* Use an impossible value and set a proper one below */ - alt_addr = 0; + if (rctx.prev_stream != rctx.stream) { + if (is_bopen(&rctx.forkbfd)) { + deallocate_fork_cipher(rctx); + bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size); + } + rctx.fork_size = -1; /* Use an impossible value and set a proper one below */ + rctx.fork_addr = 0; } /* File Attributes stream */ - switch (stream) { + switch (rctx.stream) { case STREAM_UNIX_ATTRIBUTES: case STREAM_UNIX_ATTRIBUTES_EX: - Dmsg1(30, "Stream=Unix Attributes. extract=%d\n", extract); - /* - * If extracting, it was from previous stream, so - * close the output file. - */ - if (extract) { - if (size > 0 && !is_bopen(&bfd)) { - Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should be open\n")); - } - set_attributes(jcr, attr, &bfd); - extract = false; - Dmsg0(30, "Stop extracting.\n"); - } else if (is_bopen(&bfd)) { - Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n")); - bclose(&bfd); - } - - /* - * Unpack and do sanity check fo attributes. - */ - if (!unpack_attributes_record(jcr, stream, sd->msg, attr)) { - goto bail_out; - } - if (file_index != attr->file_index) { + close_previous_stream(rctx); /* if any previous stream open, close it */ + + + /* TODO: manage deleted files */ + if (rctx.type == FT_DELETED) { /* deleted file */ + continue; + } + + /* + * Unpack attributes and do sanity check them + */ + if (!unpack_attributes_record(jcr, rctx.stream, sd->msg, attr)) { + goto bail_out; + } +#ifdef xxx + if (file_index != attr->file_index) { Jmsg(jcr, M_FATAL, 0, _("Record header file index %ld not equal record index %ld\n"), - file_index, attr->file_index); - Dmsg0(100, "File index error\n"); - goto bail_out; - } + file_index, attr->file_index); + Dmsg0(200, "File index error\n"); + goto bail_out; + } +#endif Dmsg3(200, "File %s\nattrib=%s\nattribsEx=%s\n", attr->fname, - attr->attr, attr->attrEx); + attr->attr, attr->attrEx); - attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI); + attr->data_stream = decode_stat(attr->attr, &attr->statp, &attr->LinkFI); - if (!is_stream_supported(attr->data_stream)) { - if (!non_support_data++) { + if (!is_restore_stream_supported(attr->data_stream)) { + if (!non_support_data++) { Jmsg(jcr, M_ERROR, 0, _("%s stream not supported on this Client.\n"), - stream_to_ascii(attr->data_stream)); - } - continue; - } - - build_attr_output_fnames(jcr, attr); - - /* - * Now determine if we are extracting or not. - */ - jcr->num_files_examined++; - Dmsg1(30, "Outfile=%s\n", attr->ofname); - extract = false; - stat = create_file(jcr, attr, &bfd, jcr->replace); - switch (stat) { - case CF_ERROR: - case CF_SKIP: - break; - case CF_EXTRACT: /* File created and we expect file data */ - extract = true; - /* FALLTHROUGH */ - case CF_CREATED: /* File created, but there is no content */ - P(jcr->mutex); - pm_strcpy(jcr->last_fname, attr->ofname); - V(jcr->mutex); - jcr->JobFiles++; - fileAddr = 0; - print_ls_output(jcr, attr); -#ifdef HAVE_DARWIN_OS - /* Only restore the resource fork for regular files */ - from_base64(&rsrc_len, attr->attrEx); - if (attr->type == FT_REG && rsrc_len > 0) { - extract = true; - } -#endif - if (!extract) { - /* set attributes now because file will not be extracted */ - set_attributes(jcr, attr, &bfd); - } - break; - } - break; + stream_to_ascii(attr->data_stream)); + } + continue; + } + + build_attr_output_fnames(jcr, attr); + + /* + * Try to actually create the file, which returns a status telling + * us if we need to extract or not. + */ + jcr->num_files_examined++; + rctx.extract = false; + if (jcr->plugin) { + stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace); + } else { + stat = create_file(jcr, attr, &rctx.bfd, jcr->replace); + } + jcr->lock(); + pm_strcpy(jcr->last_fname, attr->ofname); + jcr->last_type = attr->type; + jcr->unlock(); + Dmsg2(130, "Outfile=%s create_file stat=%d\n", attr->ofname, stat); + switch (stat) { + case CF_ERROR: + case CF_SKIP: + pm_strcpy(jcr->last_fname, attr->ofname); + jcr->last_type = attr->type; + break; + case CF_EXTRACT: /* File created and we expect file data */ + rctx.extract = true; + /* FALLTHROUGH */ + case CF_CREATED: /* File created, but there is no content */ + rctx.fileAddr = 0; + print_ls_output(jcr, attr); + + if (have_darwin_os) { + /* Only restore the resource fork for regular files */ + from_base64(&rsrc_len, attr->attrEx); + if (attr->type == FT_REG && rsrc_len > 0) { + rctx.extract = true; + } + + /* + * Count the resource forks not as regular files being restored. + */ + if (rsrc_len == 0) { + jcr->JobFiles++; + } + } else { + jcr->JobFiles++; + } + + if (!rctx.extract) { + /* set attributes now because file will not be extracted */ + if (jcr->plugin) { + plugin_set_attributes(jcr, attr, &rctx.bfd); + } else { + set_attributes(jcr, attr, &rctx.bfd); + } + } + break; + } + break; /* Data stream */ + case STREAM_ENCRYPTED_SESSION_DATA: + crypto_error_t cryptoerr; + + /* Is this an unexpected session data entry? */ + if (rctx.cs) { + Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n")); + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + + /* Do we have any keys at all? */ + if (!jcr->crypto.pki_recipients) { + Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n")); + rctx.extract = false; + bclose(&rctx.bfd); + break; + } + + if (jcr->crypto.digest) { + crypto_digest_free(jcr->crypto.digest); + } + jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm); + if (!jcr->crypto.digest) { + Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n")); + rctx.extract = false; + bclose(&rctx.bfd); + break; + } + + /* Decode and save session keys. */ + cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (uint32_t)sd->msglen, + jcr->crypto.pki_recipients, &rctx.cs); + switch(cryptoerr) { + case CRYPTO_ERROR_NONE: + /* Success */ + break; + case CRYPTO_ERROR_NORECIPIENT: + Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n")); + break; + case CRYPTO_ERROR_DECRYPTION: + Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n")); + break; + default: + /* Shouldn't happen */ + Jmsg1(jcr, M_ERROR, 0, _("An error occurred while decoding encrypted session data stream: %s\n"), crypto_strerror(cryptoerr)); + break; + } + + if (cryptoerr != CRYPTO_ERROR_NONE) { + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + + break; + case STREAM_FILE_DATA: case STREAM_SPARSE_DATA: case STREAM_WIN32_DATA: case STREAM_GZIP_DATA: case STREAM_SPARSE_GZIP_DATA: case STREAM_WIN32_GZIP_DATA: - /* Force an expected, consistent stream type here */ - if (extract && (prev_stream == stream || prev_stream == STREAM_UNIX_ATTRIBUTES - || prev_stream == STREAM_UNIX_ATTRIBUTES_EX)) { - flags = 0; - if (stream == STREAM_SPARSE_DATA || stream == STREAM_SPARSE_GZIP_DATA) { - flags |= FO_SPARSE; - } - if (stream == STREAM_GZIP_DATA || stream == STREAM_SPARSE_GZIP_DATA - || stream == STREAM_WIN32_GZIP_DATA) { - flags |= FO_GZIP; - } - if (extract_data(jcr, &bfd, sd->msg, sd->msglen, &fileAddr, flags) < 0) { - extract = false; - bclose(&bfd); - continue; - } - } - break; - - /* Resource fork stream - only recorded after a file to be restored */ - /* Silently ignore if we cannot write - we already reported that */ + case STREAM_ENCRYPTED_FILE_DATA: + case STREAM_ENCRYPTED_WIN32_DATA: + case STREAM_ENCRYPTED_FILE_GZIP_DATA: + case STREAM_ENCRYPTED_WIN32_GZIP_DATA: + /* Force an expected, consistent stream type here */ + if (rctx.extract && (rctx.prev_stream == rctx.stream + || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES + || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX + || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) { + rctx.flags = 0; + + if (rctx.stream == STREAM_SPARSE_DATA || + rctx.stream == STREAM_SPARSE_GZIP_DATA) { + rctx.flags |= FO_SPARSE; + } + + if (rctx.stream == STREAM_GZIP_DATA + || rctx.stream == STREAM_SPARSE_GZIP_DATA + || rctx.stream == STREAM_WIN32_GZIP_DATA + || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA + || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) { + rctx.flags |= FO_GZIP; + } + + if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA + || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA + || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA + || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) { + /* Set up a decryption context */ + if (!rctx.cipher_ctx.cipher) { + if (!rctx.cs) { + Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname); + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + + if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, + &rctx.cipher_ctx.block_size)) == NULL) { + Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname); + free_session(rctx); + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + } + rctx.flags |= FO_ENCRYPT; + } + + if (is_win32_stream(rctx.stream) && !have_win32_api()) { + set_portable_backup(&rctx.bfd); + rctx.flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */ + } + + if (extract_data(jcr, &rctx.bfd, sd->msg, sd->msglen, &rctx.fileAddr, + rctx.flags, &rctx.cipher_ctx) < 0) { + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + } + break; + + /* + * Resource fork stream - only recorded after a file to be restored + * Silently ignore if we cannot write - we already reported that + */ + case STREAM_ENCRYPTED_MACOS_FORK_DATA: case STREAM_MACOS_FORK_DATA: -#ifdef HAVE_DARWIN_OS - if (extract) { - if (prev_stream != stream) { - if (bopen_rsrc(&altbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) { - Jmsg(jcr, M_ERROR, 0, _(" Cannot open resource fork for %s\n"), jcr->last_fname); - extract = false; - continue; - } - alt_size = rsrc_len; - Dmsg0(30, "Restoring resource fork\n"); - } - flags = 0; - if (extract_data(jcr, &altbfd, sd->msg, sd->msglen, &alt_addr, flags) < 0) { - extract = false; - bclose(&altbfd); - continue; - } - } -#else - non_support_rsrc++; -#endif - break; + if (have_darwin_os) { + rctx.fork_flags = 0; + jcr->ff->flags |= FO_HFSPLUS; + + if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) { + rctx.fork_flags |= FO_ENCRYPT; + + /* Set up a decryption context */ + if (rctx.extract && !rctx.fork_cipher_ctx.cipher) { + if (!rctx.cs) { + Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname); + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + + if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) { + Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname); + free_session(rctx); + rctx.extract = false; + bclose(&rctx.bfd); + continue; + } + } + } + + if (rctx.extract) { + if (rctx.prev_stream != rctx.stream) { + if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) { + Jmsg(jcr, M_ERROR, 0, _(" Cannot open resource fork for %s.\n"), jcr->last_fname); + rctx.extract = false; + continue; + } + + rctx.fork_size = rsrc_len; + Dmsg0(130, "Restoring resource fork\n"); + } + + if (extract_data(jcr, &rctx.forkbfd, sd->msg, sd->msglen, &rctx.fork_addr, rctx.fork_flags, + &rctx.fork_cipher_ctx) < 0) { + rctx.extract = false; + bclose(&rctx.forkbfd); + continue; + } + } + } else { + non_support_rsrc++; + } + break; case STREAM_HFSPLUS_ATTRIBUTES: -#ifdef HAVE_DARWIN_OS - Dmsg0(30, "Restoring Finder Info\n"); - if (sd->msglen != 32) { - Jmsg(jcr, M_ERROR, 0, _(" Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen); - continue; - } - if (setattrlist(jcr->last_fname, &attrList, sd->msg, sd->msglen, 0) != 0) { - Jmsg(jcr, M_ERROR, 0, _(" Could not set Finder Info on %s\n"), jcr->last_fname); - continue; - } -#else - non_support_finfo++; -#endif - break; - -/*** FIXME ***/ -case STREAM_UNIX_ATTRIBUTES_ACCESS_ACL: -#ifdef HAVE_ACL - /* Recover Acess ACL from stream and check it */ - acl = acl_from_text(sd->msg); - if (acl_valid(acl) != 0) { - Jmsg1(jcr, M_WARNING, 0, "Failure in the ACL of %s! FD is not able to restore it!\n", jcr->last_fname); - acl_free(acl); - } - - /* Try to restore ACL */ - if (attr->type == FT_DIREND) { - /* Directory */ - if (acl_set_file(jcr->last_fname, ACL_TYPE_ACCESS, acl) != 0) { - Jmsg1(jcr, M_WARNING, 0, "Error! Can't restore ACL of directory: %s! Maybe system does not support ACLs!\n", jcr->last_fname); - } - /* File or Link */ - } else if (acl_set_file(jcr->last_fname, ACL_TYPE_ACCESS, acl) != 0) { - Jmsg1(jcr, M_WARNING, 0, "Error! Can't restore ACL of file: %s! Maybe system does not support ACLs!\n", jcr->last_fname); - } - acl_free(acl); - Dmsg1(200, "ACL of file: %s successfully restored!\n", jcr->last_fname); - break; -#else - non_support_acl++; - break; /* unconfigured, ignore */ -#endif - case STREAM_UNIX_ATTRIBUTES_DEFAULT_ACL: -#ifdef HAVE_ACL - /* Recover Default ACL from stream and check it */ - acl = acl_from_text(sd->msg); - if (acl_valid(acl) != 0) { - Jmsg1(jcr, M_WARNING, 0, "Failure in the Default ACL of %s! FD is not able to restore it!\n", jcr->last_fname); - acl_free(acl); - } - - /* Try to restore ACL */ - if (attr->type == FT_DIREND) { - /* Directory */ - if (acl_set_file(jcr->last_fname, ACL_TYPE_DEFAULT, acl) != 0) { - Jmsg1(jcr, M_WARNING, 0, "Error! Can't restore Default ACL of directory: %s! Maybe system does not support ACLs!\n", jcr->last_fname); - } - } - acl_free(acl); - Dmsg1(200, "Default ACL of file: %s successfully restored!\n", jcr->last_fname); - break; -#else - non_support_acl++; - break; /* unconfigured, ignore */ -#endif -/*** FIXME ***/ + if (have_darwin_os) { + Dmsg0(130, "Restoring Finder Info\n"); + jcr->ff->flags |= FO_HFSPLUS; + if (sd->msglen != 32) { + Jmsg(jcr, M_ERROR, 0, _(" Invalid length of Finder Info (got %d, not 32)\n"), sd->msglen); + continue; + } + if (setattrlist(jcr->last_fname, &attrList, sd->msg, sd->msglen, 0) != 0) { + Jmsg(jcr, M_ERROR, 0, _(" Could not set Finder Info on %s\n"), jcr->last_fname); + continue; + } + } else { + non_support_finfo++; + } + break; + + case STREAM_UNIX_ACCESS_ACL: + case STREAM_UNIX_DEFAULT_ACL: + case STREAM_ACL_AIX_TEXT: + case STREAM_ACL_DARWIN_ACCESS_ACL: + case STREAM_ACL_FREEBSD_DEFAULT_ACL: + case STREAM_ACL_FREEBSD_ACCESS_ACL: + case STREAM_ACL_HPUX_ACL_ENTRY: + case STREAM_ACL_IRIX_DEFAULT_ACL: + case STREAM_ACL_IRIX_ACCESS_ACL: + case STREAM_ACL_LINUX_DEFAULT_ACL: + case STREAM_ACL_LINUX_ACCESS_ACL: + case STREAM_ACL_TRU64_DEFAULT_ACL: + case STREAM_ACL_TRU64_DEFAULT_DIR_ACL: + case STREAM_ACL_TRU64_ACCESS_ACL: + case STREAM_ACL_SOLARIS_ACLENT: + case STREAM_ACL_SOLARIS_ACE: + /* + * Do not restore ACLs when + * a) The current file is not extracted + * b) and it is not a directory (they are never "extracted") + * c) or the file name is empty + */ + if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) { + break; + } + if (have_acl) { + pm_memcpy(jcr->acl_data->content, sd->msg, sd->msglen); + jcr->acl_data->content_length = sd->msglen; + switch (parse_acl_streams(jcr, rctx.stream)) { + case bacl_exit_fatal: + goto bail_out; + case bacl_exit_error: + /* + * Non-fatal errors, count them and when the number is under ACL_REPORT_ERR_MAX_PER_JOB + * print the error message set by the lower level routine in jcr->errmsg. + */ + if (jcr->acl_data->nr_errors < ACL_REPORT_ERR_MAX_PER_JOB) { + Qmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg); + } + jcr->acl_data->nr_errors++; + break; + case bacl_exit_ok: + break; + } + } else { + non_support_acl++; + } + break; + + case STREAM_XATTR_SOLARIS_SYS: + case STREAM_XATTR_SOLARIS: + case STREAM_XATTR_DARWIN: + case STREAM_XATTR_FREEBSD: + case STREAM_XATTR_LINUX: + case STREAM_XATTR_NETBSD: + /* + * Do not restore Extended Attributes when + * a) The current file is not extracted + * b) and it is not a directory (they are never "extracted") + * c) or the file name is empty + */ + if ((!rctx.extract && jcr->last_type != FT_DIREND) || (*jcr->last_fname == 0)) { + break; + } + if (have_xattr) { + pm_memcpy(jcr->xattr_data->content, sd->msg, sd->msglen); + jcr->xattr_data->content_length = sd->msglen; + switch (parse_xattr_streams(jcr, rctx.stream)) { + case bxattr_exit_fatal: + goto bail_out; + case bxattr_exit_error: + /* + * Non-fatal errors, count them and when the number is under XATTR_REPORT_ERR_MAX_PER_JOB + * print the error message set by the lower level routine in jcr->errmsg. + */ + if (jcr->xattr_data->nr_errors < XATTR_REPORT_ERR_MAX_PER_JOB) { + Qmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg); + } + jcr->xattr_data->nr_errors++; + break; + case bxattr_exit_ok: + break; + } + } else { + non_support_xattr++; + } + break; + + case STREAM_SIGNED_DIGEST: + /* Is this an unexpected signature? */ + if (rctx.sig) { + Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n")); + free_signature(rctx); + continue; + } + /* Save signature. */ + if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)sd->msg, (uint32_t)sd->msglen)) == NULL) { + Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname); + } + break; - case STREAM_MD5_SIGNATURE: - case STREAM_SHA1_SIGNATURE: - break; + case STREAM_MD5_DIGEST: + case STREAM_SHA1_DIGEST: + case STREAM_SHA256_DIGEST: + case STREAM_SHA512_DIGEST: + break; case STREAM_PROGRAM_NAMES: case STREAM_PROGRAM_DATA: - if (!non_support_progname) { + if (!non_support_progname) { Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n"); - non_support_progname++; - } - break; + non_support_progname++; + } + break; + + case STREAM_PLUGIN_NAME: + close_previous_stream(rctx); + Dmsg1(50, "restore stream_plugin_name=%s\n", sd->msg); + plugin_name_stream(jcr, sd->msg); + break; default: - /* If extracting, wierd stream (not 1 or 2), close output file anyway */ - if (extract) { - Dmsg1(30, "Found wierd stream %d\n", stream); - if (size > 0 && !is_bopen(&bfd)) { - Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should be open\n")); - } - set_attributes(jcr, attr, &bfd); - extract = false; - } else if (is_bopen(&bfd)) { - Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n")); - bclose(&bfd); - } - Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"), stream); - Dmsg2(0, "None of above!!! stream=%d data=%s\n", stream,sd->msg); - break; + close_previous_stream(rctx); + Jmsg(jcr, M_ERROR, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"), + rctx.stream); + Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, sd->msg); + break; } /* end switch(stream) */ } /* end while get_msg() */ - /* If output file is still open, it was the last one in the + /* + * If output file is still open, it was the last one in the * archive since we just hit an end of file, so close the file. */ - if (is_bopen(&altbfd)) { - bclose_chksize(jcr, &altbfd, alt_size); - } - if (extract) { - set_attributes(jcr, attr, &bfd); - } - if (is_bopen(&bfd)) { - bclose(&bfd); + if (is_bopen(&rctx.forkbfd)) { + bclose_chksize(jcr, &rctx.forkbfd, rctx.fork_size); } + + close_previous_stream(rctx); set_jcr_job_status(jcr, JS_Terminated); goto ok_out; bail_out: set_jcr_job_status(jcr, JS_ErrorTerminated); + ok_out: - if (jcr->compress_buf) { - free(jcr->compress_buf); - jcr->compress_buf = NULL; - jcr->compress_buf_size = 0; - } - bclose(&altbfd); - bclose(&bfd); - free_attr(attr); + /* + * First output the statistics. + */ Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles, edit_uint64(jcr->JobBytes, ec1)); + if (have_acl && jcr->acl_data->nr_errors > 0) { + Jmsg(jcr, M_ERROR, 0, _("Encountered %ld acl errors while doing restore\n"), + jcr->acl_data->nr_errors); + } + if (have_xattr && jcr->xattr_data->nr_errors > 0) { + Jmsg(jcr, M_ERROR, 0, _("Encountered %ld xattr errors while doing restore\n"), + jcr->xattr_data->nr_errors); + } if (non_support_data > 1 || non_support_attr > 1) { Jmsg(jcr, M_ERROR, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"), - non_support_data, non_support_attr); + non_support_data, non_support_attr); } if (non_support_rsrc) { Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_support_rsrc); @@ -476,7 +770,69 @@ ok_out: if (non_support_acl) { Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_support_acl); } + if (non_support_crypto) { + Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_support_acl); + } + if (non_support_xattr) { + Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_support_xattr); + } + + /* + * Free Signature & Crypto Data + */ + free_signature(rctx); + free_session(rctx); + if (jcr->crypto.digest) { + crypto_digest_free(jcr->crypto.digest); + jcr->crypto.digest = NULL; + } + + /* + * Free file cipher restore context + */ + if (rctx.cipher_ctx.cipher) { + crypto_cipher_free(rctx.cipher_ctx.cipher); + rctx.cipher_ctx.cipher = NULL; + } + + if (rctx.cipher_ctx.buf) { + free_pool_memory(rctx.cipher_ctx.buf); + rctx.cipher_ctx.buf = NULL; + } + /* + * Free alternate stream cipher restore context + */ + if (rctx.fork_cipher_ctx.cipher) { + crypto_cipher_free(rctx.fork_cipher_ctx.cipher); + rctx.fork_cipher_ctx.cipher = NULL; + } + if (rctx.fork_cipher_ctx.buf) { + free_pool_memory(rctx.fork_cipher_ctx.buf); + rctx.fork_cipher_ctx.buf = NULL; + } + + if (jcr->compress_buf) { + free_pool_memory(jcr->compress_buf); + jcr->compress_buf = NULL; + jcr->compress_buf_size = 0; + } + + if (have_acl && jcr->acl_data) { + free_pool_memory(jcr->acl_data->content); + free(jcr->acl_data); + jcr->acl_data = NULL; + } + + if (have_xattr && jcr->xattr_data) { + free_pool_memory(jcr->xattr_data->content); + free(jcr->xattr_data); + jcr->xattr_data = NULL; + } + + bclose(&rctx.forkbfd); + bclose(&rctx.bfd); + free_attr(rctx.attr); } #ifdef HAVE_LIBZ @@ -486,99 +842,536 @@ ok_out: static const char *zlib_strerror(int stat) { if (stat >= 0) { - return "None"; + return _("None"); } switch (stat) { case Z_ERRNO: - return "Zlib errno"; + return _("Zlib errno"); case Z_STREAM_ERROR: - return "Zlib stream error"; + return _("Zlib stream error"); case Z_DATA_ERROR: - return "Zlib data error"; + return _("Zlib data error"); case Z_MEM_ERROR: - return "Zlib memory error"; + return _("Zlib memory error"); case Z_BUF_ERROR: - return "Zlib buffer error"; + return _("Zlib buffer error"); case Z_VERSION_ERROR: - return "Zlib version error"; + return _("Zlib version error"); default: - return "*none*"; + return _("*none*"); } } #endif +static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level) +{ + Dmsg1(50, "do_file_digest jcr=%p\n", jcr); + return (digest_file(jcr, ff_pkt, jcr->crypto.digest)); +} + /* - * In the context of jcr, write data to bfd. - * We write buflen bytes in buf at addr. addr is updated in place. - * The flags specify whether to use sparse files or compression. - * Return value is the number of bytes written, or -1 on errors. + * Verify the signature for the last restored file + * Return value is either true (signature correct) + * or false (signature could not be verified). + * TODO landonf: Implement without using find_one_file and + * without re-reading the file. */ -int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, - uint64_t *addr, int flags) +static bool verify_signature(JCR *jcr, r_ctx &rctx) { - uLong compress_len; - int stat; - char *wbuf; /* write buffer */ - uint32_t wsize; /* write size */ - uint32_t rsize; /* read size */ - char ec1[50]; /* Buffer printing huge values */ + X509_KEYPAIR *keypair; + DIGEST *digest = NULL; + crypto_error_t err; + uint64_t saved_bytes; + crypto_digest_t signing_algorithm = have_sha2 ? + CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1; + crypto_digest_t algorithm; + SIGNATURE *sig = rctx.sig; - if (flags & FO_SPARSE) { - ser_declare; + + if (!jcr->crypto.pki_sign) { + return true; /* no signature OK */ + } + if (!sig) { + if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) { + Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"), + jcr->last_fname); + goto bail_out; + } + return true; + } + + /* Iterate through the trusted signers */ + foreach_alist(keypair, jcr->crypto.pki_signers) { + err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest); + switch (err) { + case CRYPTO_ERROR_NONE: + Dmsg0(50, "== Got digest\n"); + /* + * We computed jcr->crypto.digest using signing_algorithm while writing + * the file. If it is not the same as the algorithm used for + * this file, punt by releasing the computed algorithm and + * computing by re-reading the file. + */ + if (algorithm != signing_algorithm) { + if (jcr->crypto.digest) { + crypto_digest_free(jcr->crypto.digest); + jcr->crypto.digest = NULL; + } + } + if (jcr->crypto.digest) { + /* Use digest computed while writing the file to verify the signature */ + if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) { + Dmsg1(50, "Bad signature on %s\n", jcr->last_fname); + Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"), + jcr->last_fname, crypto_strerror(err)); + goto bail_out; + } + } else { + /* Signature found, digest allocated. Old method, + * re-read the file and compute the digest + */ + jcr->crypto.digest = digest; + + /* Checksum the entire file */ + /* Make sure we don't modify JobBytes by saving and restoring it */ + saved_bytes = jcr->JobBytes; + if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, (dev_t)-1, 1) != 0) { + Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"), + jcr->last_fname); + jcr->JobBytes = saved_bytes; + goto bail_out; + } + jcr->JobBytes = saved_bytes; + + /* Verify the signature */ + if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) { + Dmsg1(50, "Bad signature on %s\n", jcr->last_fname); + Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"), + jcr->last_fname, crypto_strerror(err)); + goto bail_out; + } + jcr->crypto.digest = NULL; + } + + /* Valid signature */ + Dmsg1(50, "Signature good on %s\n", jcr->last_fname); + crypto_digest_free(digest); + return true; + + case CRYPTO_ERROR_NOSIGNER: + /* Signature not found, try again */ + if (digest) { + crypto_digest_free(digest); + digest = NULL; + } + continue; + default: + /* Something strange happened (that shouldn't happen!)... */ + Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err)); + goto bail_out; + } + } + + /* No signer */ + Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname); + +bail_out: + if (digest) { + crypto_digest_free(digest); + } + return false; +} + +bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length) +{ + unser_declare; uint64_t faddr; char ec1[50]; - wbuf = buf + SPARSE_FADDR_SIZE; - rsize = buflen - SPARSE_FADDR_SIZE; - ser_begin(buf, SPARSE_FADDR_SIZE); + unser_begin(*data, SPARSE_FADDR_SIZE); unser_uint64(faddr); if (*addr != faddr) { - *addr = faddr; - if (blseek(bfd, (off_t)*addr, SEEK_SET) < 0) { - berrno be; - be.set_errno(bfd->berrno); + *addr = faddr; + if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) { + berrno be; Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"), - edit_uint64(*addr, ec1), jcr->last_fname, be.strerror()); - return -1; - } + edit_uint64(*addr, ec1), jcr->last_fname, + be.bstrerror(bfd->berrno)); + return false; + } } - } else { - wbuf = buf; - rsize = buflen; - } - wsize = rsize; + *data += SPARSE_FADDR_SIZE; + *length -= SPARSE_FADDR_SIZE; + return true; +} - if (flags & FO_GZIP) { +bool decompress_data(JCR *jcr, char **data, uint32_t *length) +{ #ifdef HAVE_LIBZ - compress_len = jcr->compress_buf_size; - Dmsg2(100, "Comp_len=%d msglen=%d\n", compress_len, wsize); - if ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len, - (const Byte *)wbuf, (uLong)rsize)) != Z_OK) { - Jmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"), - jcr->last_fname, zlib_strerror(stat)); - return -1; - } - wbuf = jcr->compress_buf; - wsize = compress_len; - Dmsg2(100, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1)); + uLong compress_len; + int stat; + char ec1[50]; /* Buffer printing huge values */ + + /* + * NOTE! We only use uLong and Byte because they are + * needed by the zlib routines, they should not otherwise + * be used in Bacula. + */ + compress_len = jcr->compress_buf_size; + Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); + while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len, + (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR) + { + /* The buffer size is too small, try with a bigger one */ + compress_len = jcr->compress_buf_size = jcr->compress_buf_size + jcr->compress_buf_size >> 1; + Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length); + jcr->compress_buf = check_pool_memory_size(jcr->compress_buf, + compress_len); + } + if (stat != Z_OK) { + Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"), + jcr->last_fname, zlib_strerror(stat)); + return false; + } + *data = jcr->compress_buf; + *length = compress_len; + Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1)); + return true; #else - Jmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n")); - return -1; + Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n")); + return false; #endif - } else { - Dmsg2(30, "Write %u bytes, total before write=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1)); +} + +static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx) +{ + unser_declare; + if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) { + unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE); + unser_uint32(ctx->packet_len); + ctx->packet_len += CRYPTO_LEN_SIZE; } +} - if ((uLong)bwrite(bfd, wbuf, wsize) != wsize) { - Dmsg0(0, "===Write error===\n"); +bool store_data(JCR *jcr, BFILE *bfd, char *data, const int32_t length, bool win32_decomp) +{ + if (jcr->crypto.digest) { + crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length); + } + if (win32_decomp) { + if (!processWin32BackupAPIBlock(bfd, data, length)) { + berrno be; + Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"), + jcr->last_fname, be.bstrerror(bfd->berrno)); + return false; + } + } else if (bwrite(bfd, data, length) != (ssize_t)length) { berrno be; - be.set_errno(bfd->berrno); - Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"), jcr->last_fname, be.strerror()); - return -1; + Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: %s\n"), + jcr->last_fname, be.bstrerror(bfd->berrno)); + return false; } - jcr->JobBytes += wsize; + return true; +} + +/* + * In the context of jcr, write data to bfd. + * We write buflen bytes in buf at addr. addr is updated in place. + * The flags specify whether to use sparse files or compression. + * Return value is the number of bytes written, or -1 on errors. + */ +int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, + uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx) +{ + char *wbuf; /* write buffer */ + uint32_t wsize; /* write size */ + uint32_t rsize; /* read size */ + uint32_t decrypted_len = 0; /* Decryption output length */ + char ec1[50]; /* Buffer printing huge values */ + + rsize = buflen; jcr->ReadBytes += rsize; + wsize = rsize; + wbuf = buf; + + if (flags & FO_ENCRYPT) { + ASSERT(cipher_ctx->cipher); + + /* NOTE: We must implement block preserving semantics for the + * non-streaming compression and sparse code. */ + + /* + * Grow the crypto buffer, if necessary. + * crypto_cipher_update() will process only whole blocks, + * buffering the remaining input. + */ + cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, + cipher_ctx->buf_len + wsize + cipher_ctx->block_size); + + /* Decrypt the input block */ + if (!crypto_cipher_update(cipher_ctx->cipher, + (const u_int8_t *)wbuf, + wsize, + (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len], + &decrypted_len)) { + /* Decryption failed. Shouldn't happen. */ + Jmsg(jcr, M_FATAL, 0, _("Decryption error\n")); + goto bail_out; + } + + if (decrypted_len == 0) { + /* No full block of encrypted data available, write more data */ + return 0; + } + + Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize); + + cipher_ctx->buf_len += decrypted_len; + wbuf = cipher_ctx->buf; + + /* If one full preserved block is available, write it to disk, + * and then buffer any remaining data. This should be effecient + * as long as Bacula's block size is not significantly smaller than the + * encryption block size (extremely unlikely!) */ + unser_crypto_packet_len(cipher_ctx); + Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE); + + if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) { + /* No full preserved block is available. */ + return 0; + } + + /* We have one full block, set up the filter input buffers */ + wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE; + wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */ + cipher_ctx->buf_len -= cipher_ctx->packet_len; + Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len); + } + + if (flags & FO_SPARSE) { + if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) { + goto bail_out; + } + } + + if (flags & FO_GZIP) { + if (!decompress_data(jcr, &wbuf, &wsize)) { + goto bail_out; + } + } + + if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) { + goto bail_out; + } + jcr->JobBytes += wsize; *addr += wsize; + Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1)); + /* Clean up crypto buffers */ + if (flags & FO_ENCRYPT) { + /* Move any remaining data to start of buffer */ + if (cipher_ctx->buf_len > 0) { + Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len); + memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len], + cipher_ctx->buf_len); + } + /* The packet was successfully written, reset the length so that the next + * packet length may be re-read by unser_crypto_packet_len() */ + cipher_ctx->packet_len = 0; + } return wsize; + +bail_out: + return -1; +} + + +/* + * If extracting, close any previous stream + */ +static void close_previous_stream(r_ctx &rctx) +{ + /* + * If extracting, it was from previous stream, so + * close the output file and validate the signature. + */ + if (rctx.extract) { + if (rctx.size > 0 && !is_bopen(&rctx.bfd)) { + Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n")); + Dmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size, + is_bopen(&rctx.bfd)); + } + + if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) { + deallocate_cipher(rctx); + deallocate_fork_cipher(rctx); + } + + if (rctx.jcr->plugin) { + plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd); + } else { + set_attributes(rctx.jcr, rctx.attr, &rctx.bfd); + } + rctx.extract = false; + + /* Verify the cryptographic signature, if any */ + rctx.type = rctx.attr->type; + verify_signature(rctx.jcr, rctx); + + /* Free Signature */ + free_signature(rctx); + free_session(rctx); + rctx.jcr->ff->flags = 0; + Dmsg0(130, "Stop extracting.\n"); + } else if (is_bopen(&rctx.bfd)) { + Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n")); + Dmsg0(000, "=== logic error !open\n"); + bclose(&rctx.bfd); + } +} + + +/* + * In the context of jcr, flush any remaining data from the cipher context, + * writing it to bfd. + * Return value is true on success, false on failure. + */ +bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, + RESTORE_CIPHER_CTX *cipher_ctx) +{ + uint32_t decrypted_len = 0; + char *wbuf; /* write buffer */ + uint32_t wsize; /* write size */ + char ec1[50]; /* Buffer printing huge values */ + bool second_pass = false; + +again: + /* Write out the remaining block and free the cipher context */ + cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf, cipher_ctx->buf_len + + cipher_ctx->block_size); + + if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len], + &decrypted_len)) { + /* Writing out the final, buffered block failed. Shouldn't happen. */ + Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"), + cipher_ctx->buf_len, decrypted_len, jcr->last_fname); + } + + Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len); + /* If nothing new was decrypted, and our output buffer is empty, return */ + if (decrypted_len == 0 && cipher_ctx->buf_len == 0) { + return true; + } + + cipher_ctx->buf_len += decrypted_len; + + unser_crypto_packet_len(cipher_ctx); + Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE); + wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE; + wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; /* Decrypted, possibly decompressed output here. */ + cipher_ctx->buf_len -= cipher_ctx->packet_len; + Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len); + + if (flags & FO_SPARSE) { + if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize)) { + return false; + } + } + + if (flags & FO_GZIP) { + if (!decompress_data(jcr, &wbuf, &wsize)) { + return false; + } + } + + Dmsg0(130, "Call store_data\n"); + if (!store_data(jcr, bfd, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) { + return false; + } + jcr->JobBytes += wsize; + Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1)); + + /* Move any remaining data to start of buffer */ + if (cipher_ctx->buf_len > 0) { + Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len); + memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len], + cipher_ctx->buf_len); + } + /* The packet was successfully written, reset the length so that the next + * packet length may be re-read by unser_crypto_packet_len() */ + cipher_ctx->packet_len = 0; + + if (cipher_ctx->buf_len >0 && !second_pass) { + second_pass = true; + goto again; + } + + /* Stop decryption */ + cipher_ctx->buf_len = 0; + cipher_ctx->packet_len = 0; + + return true; +} + +static void deallocate_cipher(r_ctx &rctx) +{ + /* Flush and deallocate previous stream's cipher context */ + if (rctx.cipher_ctx.cipher) { + flush_cipher(rctx.jcr, &rctx.bfd, &rctx.fileAddr, rctx.flags, &rctx.cipher_ctx); + crypto_cipher_free(rctx.cipher_ctx.cipher); + rctx.cipher_ctx.cipher = NULL; + } } + +static void deallocate_fork_cipher(r_ctx &rctx) +{ + + /* Flush and deallocate previous stream's fork cipher context */ + if (rctx.fork_cipher_ctx.cipher) { + flush_cipher(rctx.jcr, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, &rctx.fork_cipher_ctx); + crypto_cipher_free(rctx.fork_cipher_ctx.cipher); + rctx.fork_cipher_ctx.cipher = NULL; + } +} + +static void free_signature(r_ctx &rctx) +{ + if (rctx.sig) { + crypto_sign_free(rctx.sig); + rctx.sig = NULL; + } +} + +static void free_session(r_ctx &rctx) +{ + if (rctx.cs) { + crypto_session_free(rctx.cs); + rctx.cs = NULL; + } +} + + +/* This code if implemented goes above */ +#ifdef stbernard_implemented +/ #if defined(HAVE_WIN32) + bool bResumeOfmOnExit = FALSE; + if (isOpenFileManagerRunning()) { + if ( pauseOpenFileManager() ) { + Jmsg(jcr, M_INFO, 0, _("Open File Manager paused\n") ); + bResumeOfmOnExit = TRUE; + } + else { + Jmsg(jcr, M_ERROR, 0, _("FAILED to pause Open File Manager\n") ); + } + } + { + char username[UNLEN+1]; + DWORD usize = sizeof(username); + int privs = enable_backup_privileges(NULL, 1); + if (GetUserName(username, &usize)) { + Jmsg2(jcr, M_INFO, 0, _("Running as '%s'. Privmask=%#08x\n"), username, + } else { + Jmsg(jcr, M_WARNING, 0, _("Failed to retrieve current UserName\n")); + } + } +#endif