From: Landon Fuller Date: Sun, 29 Apr 2007 20:47:09 +0000 (+0000) Subject: backup.c: Send the cryptographic session data for all files. This includes zero-lengt... X-Git-Tag: Release-7.0.0~6466 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=6bf6fc7db09acd631c0257d0f7c1e6affcb6d1ea;p=bacula%2Fbacula backup.c: Send the cryptographic session data for all files. This includes zero-length files with non-zero-length resource forks. restore.c: Allocate the cipher decryption context on-demand, thus disabling decryption / allocation of cipher context for zero-length files. Fixes: #838 Regression tests passed: - compressed-encrypt-test - data-encrypt-test - encrypt-bug-test git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@4663 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/src/filed/backup.c b/bacula/src/filed/backup.c index 83ba1d4f65..c39c457f7f 100644 --- a/bacula/src/filed/backup.c +++ b/bacula/src/filed/backup.c @@ -401,6 +401,27 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level) goto bail_out; } + /* Set up the encryption context and send the session data to the SD */ + if (has_file_data && jcr->pki_encrypt) { + /* Send our header */ + Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA); + bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA); + + /* Grow the bsock buffer to fit our message if necessary */ + if (sizeof_pool_memory(sd->msg) < jcr->pki_session_encoded_size) { + sd->msg = realloc_pool_memory(sd->msg, jcr->pki_session_encoded_size); + } + + /* Copy our message over and send it */ + memcpy(sd->msg, jcr->pki_session_encoded, jcr->pki_session_encoded_size); + sd->msglen = jcr->pki_session_encoded_size; + jcr->JobBytes += sd->msglen; + + Dmsg1(100, "Send data len=%d\n", sd->msglen); + bnet_send(sd); + bnet_sig(sd, BNET_EOD); + } + /* * Open any file with data that we intend to save, then save it. * @@ -444,27 +465,6 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level) tid = NULL; } - /* Set up the encryption context, send the session data to the SD */ - if (jcr->pki_encrypt) { - /* Send our header */ - Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA); - bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA); - - /* Grow the bsock buffer to fit our message if necessary */ - if (sizeof_pool_memory(sd->msg) < jcr->pki_session_encoded_size) { - sd->msg = realloc_pool_memory(sd->msg, jcr->pki_session_encoded_size); - } - - /* Copy our message over and send it */ - memcpy(sd->msg, jcr->pki_session_encoded, jcr->pki_session_encoded_size); - sd->msglen = jcr->pki_session_encoded_size; - jcr->JobBytes += sd->msglen; - - Dmsg1(100, "Send data len=%d\n", sd->msglen); - bnet_send(sd); - bnet_sig(sd, BNET_EOD); - } - stat = send_data(jcr, data_stream, ff_pkt, digest, signing_digest); if (ff_pkt->flags & FO_CHKCHANGES) { diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c index 8c5a8ac6d7..ca15bda551 100644 --- a/bacula/src/filed/restore.c +++ b/bacula/src/filed/restore.c @@ -436,16 +436,6 @@ void do_restore(JCR *jcr) continue; } - /* Set up a decryption context */ - if ((cipher_ctx.cipher = crypto_cipher_new(cs, false, &cipher_ctx.block_size)) == NULL) { - Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname); - crypto_session_free(cs); - cs = NULL; - extract = false; - bclose(&bfd); - continue; - } - break; case STREAM_FILE_DATA: @@ -477,12 +467,24 @@ void do_restore(JCR *jcr) if (stream == STREAM_ENCRYPTED_FILE_DATA || stream == STREAM_ENCRYPTED_FILE_GZIP_DATA || stream == STREAM_ENCRYPTED_WIN32_DATA - || stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) { + || stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) { + /* Set up a decryption context */ if (!cipher_ctx.cipher) { - Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname); - extract = false; - bclose(&bfd); - continue; + if (!cs) { + Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname); + extract = false; + bclose(&bfd); + continue; + } + + if ((cipher_ctx.cipher = crypto_cipher_new(cs, false, &cipher_ctx.block_size)) == NULL) { + Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname); + crypto_session_free(cs); + cs = NULL; + extract = false; + bclose(&bfd); + continue; + } } flags |= FO_ENCRYPT; }