uint64_t fileAddr; /* file write address */
uint32_t size; /* Size of file */
int flags; /* Options for extract_data() */
- BFILE forkbfd; /* Alternative data stream */
- uint64_t fork_addr; /* Write address for alternative stream */
- intmax_t fork_size; /* Size of alternate stream */
- int fork_flags; /* Options for extract_data() */
+ BFILE forkbfd; /* Alternative data stream */
+ uint64_t fork_addr; /* Write address for alternative stream */
+ intmax_t fork_size; /* Size of alternate stream */
+ int fork_flags; /* Options for extract_data() */
+ int32_t type; /* file type FT_ */
SIGNATURE *sig; /* Cryptographic signature (if any) for file */
CRYPTO_SESSION *cs; /* Cryptographic session data (if any) for file */
-static bool verify_signature(JCR *jcr, SIGNATURE *sig);
+static bool verify_signature(JCR *jcr, r_ctx &rctx);
int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen,
uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx);
bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags,
extract = false;
/* Verify the cryptographic signature, if any */
- verify_signature(jcr, rctx.sig);
+ rctx.type = attr->type;
+ verify_signature(jcr, rctx);
/* Free Signature */
free_signature(rctx);
set_attributes(jcr, attr, &rctx.bfd);
/* Verify the cryptographic signature if any */
- verify_signature(jcr, rctx.sig);
+ rctx.type = attr->type;
+ verify_signature(jcr, rctx);
extract = false;
} else if (is_bopen(&rctx.bfd)) {
Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
set_attributes(jcr, attr, &rctx.bfd);
/* Verify the cryptographic signature on the last file, if any */
- verify_signature(jcr, rctx.sig);
+ rctx.type = attr->type;
+ verify_signature(jcr, rctx);
}
if (is_bopen(&rctx.bfd)) {
* TODO landonf: Implement without using find_one_file and
* without re-reading the file.
*/
-static bool verify_signature(JCR *jcr, SIGNATURE *sig)
+static bool verify_signature(JCR *jcr, r_ctx &rctx)
{
X509_KEYPAIR *keypair;
DIGEST *digest = NULL;
crypto_digest_t signing_algorithm = have_sha2 ?
CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
crypto_digest_t algorithm;
+ SIGNATURE *sig = rctx.sig;
if (!jcr->pki_sign) {
return true; /* no signature OK */
}
if (!sig) {
- Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
- jcr->last_fname);
+ if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
+ Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
+ jcr->last_fname);
+ goto bail_out;
+ }
+ return true;
}
/* Iterate through the trusted signers */
Dmsg2(dbglvl, "jid=%u search changers for %s\n", (int)rctx.jcr->JobId,
rctx.device_name);
foreach_res(changer, R_AUTOCHANGER) {
- Dmsg2(dbglvl, "jid=%u Try match changer res=%s\n",
- (int)rctx.jcr->JobId, changer->hdr.name);
+ Dmsg3(dbglvl, "jid=%u Try match changer res=%s device=%s\n",
+ (int)rctx.jcr->JobId, changer->hdr.name, rctx.device_name);
/* Find resource, and make sure we were able to open it */
if (fnmatch(rctx.device_name, changer->hdr.name, 0) == 0) {
DEVRES *device;
/* Try each device in this AutoChanger */
foreach_alist(device, changer->device) {
- Dmsg2(dbglvl, "jid=%u Try changer device %s\n",
- (int)rctx.jcr->JobId, device->hdr.name);
if (device->dev == vol->dev) {
Dmsg2(dbglvl, "jid=%u Found changer device %s\n",
(int)rctx.jcr->JobId, device->hdr.name);
return true;
}
+ Dmsg2(dbglvl, "jid=%u Incorrect changer device %s\n",
+ (int)rctx.jcr->JobId, device->hdr.name);
}
}
}
rctx.device_name = device_name;
rctx.device = vol->dev->device;
- if (!vol->dev->is_autochanger()) {
+ if (vol->dev->is_autochanger()) {
+ Dmsg2(dbglvl, "jid=%u vol=%s is in changer\n", (int)rctx.jcr->JobId,
+ vol->vol_name);
if (!is_vol_in_autochanger(rctx, vol)) {
continue;
}