From: Kern Sibbald Date: Sat, 24 Jun 2006 14:28:29 +0000 (+0000) Subject: - Turn on new bsnprintf() code. X-Git-Tag: Release-2.0.0~823 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=fd1127c11499aa464cf534f4bfc4ac515438670f;p=bacula%2Fbacula - Turn on new bsnprintf() code. - Fix crypto when not using openssl. I previously overlooked this. git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@3070 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/kes-1.39 b/bacula/kes-1.39 index 7cf7ca131f..ce51bc5743 100644 --- a/bacula/kes-1.39 +++ b/bacula/kes-1.39 @@ -3,6 +3,8 @@ General: 24Jun06 +- Turn on new bsnprintf() code. +- Fix crypto when not using openssl. I previously overlooked this. - Eliminate crypto type punning problems by eliminating void * and using uint8_t * instead. - Harden authentication failure in FD by single threading errors diff --git a/bacula/src/filed/backup.c b/bacula/src/filed/backup.c index 400244d077..363710d468 100644 --- a/bacula/src/filed/backup.c +++ b/bacula/src/filed/backup.c @@ -85,7 +85,7 @@ bool blast_data_to_storage_daemon(JCR *jcr, char *addr) jcr->compress_buf = get_memory(jcr->compress_buf_size); #ifdef HAVE_LIBZ - z_stream *pZlibStream = (z_stream*) malloc(sizeof(z_stream)); + z_stream *pZlibStream = (z_stream*)malloc(sizeof(z_stream)); if (pZlibStream) { pZlibStream->zalloc = Z_NULL; pZlibStream->zfree = Z_NULL; @@ -103,13 +103,13 @@ bool blast_data_to_storage_daemon(JCR *jcr, char *addr) * structure. We use a single session key for each backup, so we'll encode * the session data only once. */ if (jcr->pki_encrypt) { - size_t size = 0; + uint32_t size = 0; /* Create per-job session encryption context */ jcr->pki_session = crypto_session_new(cipher, jcr->pki_recipients); /* Get the session data size */ - if (crypto_session_encode(jcr->pki_session, NULL, &size) == false) { + if (crypto_session_encode(jcr->pki_session, (uint8_t *)0, &size) == false) { Jmsg(jcr, M_FATAL, 0, _("An error occured while encrypting the stream.\n")); return 0; } @@ -165,7 +165,7 @@ bool blast_data_to_storage_daemon(JCR *jcr, char *addr) if (jcr->pZLIB_compress_workset) { /* Free the zlib stream */ #ifdef HAVE_LIBZ - deflateEnd((z_stream *) jcr->pZLIB_compress_workset); + deflateEnd((z_stream *)jcr->pZLIB_compress_workset); #endif free (jcr->pZLIB_compress_workset); jcr->pZLIB_compress_workset = NULL; @@ -582,10 +582,10 @@ int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *sign int rsize = jcr->buf_size; /* read buffer size */ POOLMEM *msgsave; CIPHER_CONTEXT *cipher_ctx = NULL; /* Quell bogus uninitialized warnings */ - const void *cipher_input; - size_t cipher_input_len; - size_t cipher_block_size; - size_t encrypted_len; + const uint8_t *cipher_input; + uint32_t cipher_input_len; + uint32_t cipher_block_size; + uint32_t encrypted_len; #ifdef FD_NO_SEND_TEST return 1; #endif @@ -593,7 +593,7 @@ int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *sign msgsave = sd->msg; rbuf = sd->msg; /* read buffer */ wbuf = sd->msg; /* write buffer */ - cipher_input = rbuf; /* encrypt uncompressed data */ + cipher_input = (uint8_t *)rbuf; /* encrypt uncompressed data */ Dmsg1(300, "Saving data, type=%d\n", ff_pkt->type); @@ -612,7 +612,7 @@ int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *sign max_compress_len = jcr->compress_buf_size; /* set max length */ } wbuf = jcr->compress_buf; /* compressed output here */ - cipher_input = jcr->compress_buf; /* encrypt compressed data */ + cipher_input = (uint8_t *)jcr->compress_buf; /* encrypt compressed data */ /* * Only change zlib parameters if there is no pending operation. @@ -757,7 +757,7 @@ int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *sign if (ff_pkt->flags & FO_ENCRYPT) { /* Encrypt the input block */ - if (crypto_cipher_update(cipher_ctx, cipher_input, cipher_input_len, jcr->crypto_buf, &encrypted_len)) { + if (crypto_cipher_update(cipher_ctx, cipher_input, cipher_input_len, (uint8_t *)jcr->crypto_buf, &encrypted_len)) { if (encrypted_len == 0) { /* No full block of data available, read more data */ continue; @@ -793,7 +793,7 @@ int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *sign /* Send any remaining encrypted data + padding */ if (ff_pkt->flags & FO_ENCRYPT) { - if (!crypto_cipher_finalize(cipher_ctx, jcr->crypto_buf, &encrypted_len)) { + if (!crypto_cipher_finalize(cipher_ctx, (uint8_t *)jcr->crypto_buf, &encrypted_len)) { /* Padding failed. Shouldn't happen. */ Jmsg(jcr, M_FATAL, 0, _("Encryption padding error\n")); goto err; diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c index a44e758e40..630e80ce9c 100644 --- a/bacula/src/filed/restore.c +++ b/bacula/src/filed/restore.c @@ -7,7 +7,7 @@ * */ /* - Copyright (C) 2000-2005 Kern Sibbald + Copyright (C) 2000-2006 Kern Sibbald This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License @@ -28,12 +28,21 @@ #include #endif +#if defined(HAVE_CRYPTO) +const bool have_crypto = true; +#else +const bool have_crypto = false; +#endif + /* Data received from Storage Daemon */ static char rec_header[] = "rechdr %ld %ld %ld %ld %ld"; /* Forward referenced functions */ -#ifdef HAVE_LIBZ +#if defined(HAVE_LIBZ) static const char *zlib_strerror(int stat); +const bool have_libz = true; +#else +const bool have_libz = false; #endif int verify_signature(JCR *jcr, SIGNATURE *sig); @@ -151,15 +160,15 @@ void do_restore(JCR *jcr) } #endif -#ifdef HAVE_LIBZ - uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100; - jcr->compress_buf = (char *)bmalloc(compress_buf_size); - jcr->compress_buf_size = compress_buf_size; -#endif + if (have_libz) { + uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100; + jcr->compress_buf = (char *)bmalloc(compress_buf_size); + jcr->compress_buf_size = compress_buf_size; + } -#ifdef HAVE_CRYPTO - jcr->crypto_buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE); -#endif + if (have_crypto) { + jcr->crypto_buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE); + } /* * Get a record from the Storage daemon. We are guaranteed to @@ -628,7 +637,6 @@ ok_out: } -#ifdef HAVE_LIBZ /* * Convert ZLIB error code into an ASCII message */ @@ -654,10 +662,10 @@ static const char *zlib_strerror(int stat) return _("*none*"); } } -#endif -static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level) { - JCR *jcr = (JCR *) pkt; +static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level) +{ + JCR *jcr = (JCR *)pkt; return (digest_file(jcr, ff_pkt, jcr->digest)); } @@ -734,9 +742,9 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, uint32_t wsize; /* write size */ uint32_t rsize; /* read size */ char ec1[50]; /* Buffer printing huge values */ - const void *cipher_input; /* Decryption input */ - size_t cipher_input_len; /* Decryption input length */ - size_t decrypted_len = 0; /* Decryption output length */ + const uint8_t *cipher_input; /* Decryption input */ + uint32_t cipher_input_len; /* Decryption input length */ + uint32_t decrypted_len = 0; /* Decryption output length */ if (flags & FO_SPARSE) { ser_declare; @@ -761,8 +769,8 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, rsize = buflen; } wsize = rsize; - cipher_input = wbuf; - cipher_input_len = wsize; + cipher_input = (uint8_t *)wbuf; + cipher_input_len = (uint32_t)wsize; if (flags & FO_GZIP) { #ifdef HAVE_LIBZ @@ -782,7 +790,7 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, } wbuf = jcr->compress_buf; wsize = compress_len; - cipher_input = jcr->compress_buf; /* decrypt decompressed data */ + cipher_input = (uint8_t *)jcr->compress_buf; /* decrypt decompressed data */ cipher_input_len = compress_len; Dmsg2(100, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1)); #else @@ -805,7 +813,7 @@ int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, /* Encrypt the input block */ - if (!crypto_cipher_update(cipher, cipher_input, cipher_input_len, jcr->crypto_buf, &decrypted_len)) { + if (!crypto_cipher_update(cipher, cipher_input, cipher_input_len, (uint8_t *)jcr->crypto_buf, &decrypted_len)) { /* Decryption failed. Shouldn't happen. */ Jmsg(jcr, M_FATAL, 0, _("Decryption error\n")); return -1; @@ -863,7 +871,7 @@ bool flush_cipher(JCR *jcr, BFILE *bfd, int flags, CIPHER_CONTEXT *cipher, size_ /* Write out the remaining block and free the cipher context */ jcr->crypto_buf = check_pool_memory_size(jcr->crypto_buf, cipher_block_size); - if (!crypto_cipher_finalize(cipher, jcr->crypto_buf, &decrypted_len)) { + if (!crypto_cipher_finalize(cipher, (uint8_t *)jcr->crypto_buf, &decrypted_len)) { /* Writing out the final, buffered block failed. Shouldn't happen. */ Jmsg1(jcr, M_FATAL, 0, _("Decryption error for %s\n"), jcr->last_fname); } diff --git a/bacula/src/lib/crypto.c b/bacula/src/lib/crypto.c index 9a3815e71d..aa6738000b 100644 --- a/bacula/src/lib/crypto.c +++ b/bacula/src/lib/crypto.c @@ -626,7 +626,8 @@ err: * Returns: true on success * false on failure */ -bool crypto_digest_update (DIGEST *digest, const uint8_t *data, uint32_t length) { +bool crypto_digest_update(DIGEST *digest, const uint8_t *data, uint32_t length) +{ if (EVP_DigestUpdate(&digest->ctx, data, length) == 0) { return true; } else { @@ -1296,8 +1297,9 @@ err: * Returns: true on success, number of bytes output in written * false on failure */ -bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, size_t length, const void *dest, size_t *written) { - if (!EVP_CipherUpdate(&cipher_ctx->ctx, (unsigned char *) dest, (int *) written, (const unsigned char *) data, length)) { +bool crypto_cipher_update(CIPHER_CONTEXT *cipher_ctx, const uint8_t *data, uint32_t length, const uint8_t *dest, uint32_t *written) +{ + if (!EVP_CipherUpdate(&cipher_ctx->ctx, (unsigned char *)dest, (int *)written, (const unsigned char *)data, length)) { /* This really shouldn't fail */ return false; } else { @@ -1449,7 +1451,7 @@ DIGEST *crypto_digest_new (crypto_digest_t type) return (digest); } -bool crypto_digest_update(DIGEST *digest, const void *data, size_t length) +bool crypto_digest_update(DIGEST *digest, const uint8_t *data, uint32_t length) { switch (digest->type) { case CRYPTO_DIGEST_MD5: @@ -1470,8 +1472,8 @@ bool crypto_digest_update(DIGEST *digest, const void *data, size_t length) } } -bool crypto_digest_finalize(DIGEST *digest, void *dest, size_t *length) { - +bool crypto_digest_finalize(DIGEST *digest, uint8_t *dest, uint32_t *length) +{ switch (digest->type) { case CRYPTO_DIGEST_MD5: /* Guard against programmer error by either the API client or @@ -1514,9 +1516,9 @@ crypto_error_t crypto_sign_get_digest (SIGNATURE *sig, X509_KEYPAIR *keypair, DI crypto_error_t crypto_sign_verify (SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST *digest) { return CRYPTO_ERROR_INTERNAL; } int crypto_sign_add_signer (SIGNATURE *sig, DIGEST *digest, X509_KEYPAIR *keypair) { return false; } -int crypto_sign_encode (SIGNATURE *sig, void *dest, size_t *length) { return false; } +int crypto_sign_encode (SIGNATURE *sig, uint8_t *dest, uint32_t *length) { return false; } -SIGNATURE *crypto_sign_decode (const void *sigData, size_t length) { return NULL; } +SIGNATURE *crypto_sign_decode (const uint8_t *sigData, uint32_t length) { return NULL; } void crypto_sign_free (SIGNATURE *sig) { } @@ -1529,12 +1531,12 @@ void crypto_keypair_free (X509_KEYPAIR *keypair) { } CRYPTO_SESSION *crypto_session_new (crypto_cipher_t cipher, alist *pubkeys) { return NULL; } void crypto_session_free (CRYPTO_SESSION *cs) { } -bool crypto_session_encode (CRYPTO_SESSION *cs, void *dest, size_t *length) { return false; } -crypto_error_t crypto_session_decode (const void *data, size_t length, alist *keypairs, CRYPTO_SESSION **session) { return CRYPTO_ERROR_INTERNAL; } +bool crypto_session_encode (CRYPTO_SESSION *cs, uint8_t *dest, uint32_t *length) { return false; } +crypto_error_t crypto_session_decode(const uint8_t *data, uint32_t length, alist *keypairs, CRYPTO_SESSION **session) { return CRYPTO_ERROR_INTERNAL; } -CIPHER_CONTEXT *crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, size_t *blocksize) { return NULL; } -bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, size_t length, const void *dest, size_t *written) { return false; } -bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, void *dest, size_t *written) { return false; } +CIPHER_CONTEXT *crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, uint32_t *blocksize) { return NULL; } +bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const uint8_t *data, uint32_t length, const uint8_t *dest, uint32_t *written) { return false; } +bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, uint8_t *dest, uint32_t *written) { return false; } void crypto_cipher_free (CIPHER_CONTEXT *cipher_ctx) { } #endif /* HAVE_CRYPTO */ diff --git a/bacula/src/lib/protos.h b/bacula/src/lib/protos.h index 5d1adaa159..118989c0de 100644 --- a/bacula/src/lib/protos.h +++ b/bacula/src/lib/protos.h @@ -135,8 +135,8 @@ bool crypto_session_encode (CRYPTO_SESSION *cs, uint8_t *des crypto_error_t crypto_session_decode (const uint8_t *data, uint32_t length, alist *keypairs, CRYPTO_SESSION **session); CRYPTO_SESSION * crypto_session_decode (const uint8_t *data, uint32_t length); CIPHER_CONTEXT * crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, uint32_t *blocksize); -bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, uint32_t length, const void *dest, size_t *written); -bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, void *dest, size_t *written); +bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const uint8_t *data, uint32_t length, const uint8_t *dest, uint32_t *written); +bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, uint8_t *dest, uint32_t *written); void crypto_cipher_free (CIPHER_CONTEXT *cipher_ctx); X509_KEYPAIR * crypto_keypair_new (void); X509_KEYPAIR * crypto_keypair_dup (X509_KEYPAIR *keypair); diff --git a/bacula/src/stored/dev.c b/bacula/src/stored/dev.c index 7d59e9dc94..bc763c0ce8 100644 --- a/bacula/src/stored/dev.c +++ b/bacula/src/stored/dev.c @@ -288,9 +288,7 @@ DEVICE::open(DCR *dcr, int omode) open_file_device(dcr, omode); } state |= preserve; /* reset any important state info */ - if (preserve) { - Dmsg1(000, "preserve=0x%x\n", preserve); - } + Dmsg1(100, "preserve=0x%x\n", preserve); return fd; } diff --git a/bacula/src/version.h b/bacula/src/version.h index 13fb7a8d85..a9c8cf99fe 100644 --- a/bacula/src/version.h +++ b/bacula/src/version.h @@ -17,7 +17,7 @@ /* If this is set stdout will not be closed on startup */ #define DEVELOPER 1 -/* #define USE_BSNPRINTF */ +#define USE_BSNPRINTF 1 /* Debug flags not normally turned on */