backup.c: Send the cryptographic session data for all files. This includes zero-lengt...

restore.c: Allocate the cipher decryption context on-demand, thus disabling decryption / allocation of cipher context for zero-length files.

Fixes: #838
Regression tests passed:
  - compressed-encrypt-test
  - data-encrypt-test
  - encrypt-bug-test

git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@4663 91ce42f0-d328-0410-95d8-f526ca767f89

diff --git a/bacula/src/filed/backup.c b/bacula/src/filed/backup.c
index 83ba1d4f6565ad0214345f5a65a0db250eb3bea8..c39c457f7fd86dd221aa32b976d904ec75d1cd98 100644 (file)
--- a/bacula/src/filed/backup.c
+++ b/bacula/src/filed/backup.c
@@ -401,6 +401,27 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
       goto bail_out;
    }
 
+   /* Set up the encryption context and send the session data to the SD */
+   if (has_file_data && jcr->pki_encrypt) {
+      /* Send our header */
+      Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
+      bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
+
+      /* Grow the bsock buffer to fit our message if necessary */
+      if (sizeof_pool_memory(sd->msg) < jcr->pki_session_encoded_size) {
+         sd->msg = realloc_pool_memory(sd->msg, jcr->pki_session_encoded_size);
+      }
+
+      /* Copy our message over and send it */
+      memcpy(sd->msg, jcr->pki_session_encoded, jcr->pki_session_encoded_size);
+      sd->msglen = jcr->pki_session_encoded_size;
+      jcr->JobBytes += sd->msglen;
+
+      Dmsg1(100, "Send data len=%d\n", sd->msglen);
+      bnet_send(sd);
+      bnet_sig(sd, BNET_EOD);
+   }
+
    /*
     * Open any file with data that we intend to save, then save it.
     *
@@ -444,27 +465,6 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
          tid = NULL;
       }
 
-      /* Set up the encryption context, send the session data to the SD */
-      if (jcr->pki_encrypt) {
-         /* Send our header */
-         Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
-         bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
-
-         /* Grow the bsock buffer to fit our message if necessary */
-         if (sizeof_pool_memory(sd->msg) < jcr->pki_session_encoded_size) {
-            sd->msg = realloc_pool_memory(sd->msg, jcr->pki_session_encoded_size);
-         }
-
-         /* Copy our message over and send it */
-         memcpy(sd->msg, jcr->pki_session_encoded, jcr->pki_session_encoded_size);
-         sd->msglen = jcr->pki_session_encoded_size;
-         jcr->JobBytes += sd->msglen;
-
-         Dmsg1(100, "Send data len=%d\n", sd->msglen);
-         bnet_send(sd);
-         bnet_sig(sd, BNET_EOD);
-      }
-
       stat = send_data(jcr, data_stream, ff_pkt, digest, signing_digest);
 
       if (ff_pkt->flags & FO_CHKCHANGES) {

diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c
index 8c5a8ac6d7854a306786af4b97a5e668d90d0e85..ca15bda551d8a3d0a68b00e4ad506cd21639edce 100644 (file)
--- a/bacula/src/filed/restore.c
+++ b/bacula/src/filed/restore.c
@@ -436,16 +436,6 @@ void do_restore(JCR *jcr)
             continue;
          }
 
-         /* Set up a decryption context */
-         if ((cipher_ctx.cipher = crypto_cipher_new(cs, false, &cipher_ctx.block_size)) == NULL) {
-            Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
-            crypto_session_free(cs);
-            cs = NULL;
-            extract = false;
-            bclose(&bfd);
-            continue;
-         }
-
          break;
 
       case STREAM_FILE_DATA:
@@ -477,12 +467,24 @@ void do_restore(JCR *jcr)
             if (stream == STREAM_ENCRYPTED_FILE_DATA
                   || stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
                   || stream == STREAM_ENCRYPTED_WIN32_DATA
-                  || stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
+                  || stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {               
+               /* Set up a decryption context */
                if (!cipher_ctx.cipher) {
-                  Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
-                  extract = false;
-                  bclose(&bfd);
-                  continue;
+                  if (!cs) {
+                     Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
+                     extract = false;
+                     bclose(&bfd);
+                     continue;
+                  }
+
+                  if ((cipher_ctx.cipher = crypto_cipher_new(cs, false, &cipher_ctx.block_size)) == NULL) {
+                     Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
+                     crypto_session_free(cs);
+                     cs = NULL;
+                     extract = false;
+                     bclose(&bfd);
+                     continue;
+                  }
                }
                flags |= FO_ENCRYPT;
             }