From 0b29ad35dbbaf9752caf4a22a1d35753ece297de Mon Sep 17 00:00:00 2001 From: Kern Sibbald Date: Tue, 19 Jun 2007 09:48:44 +0000 Subject: [PATCH] kes Fix bad return in FD when encryption signature not found. Probably caused a crash. kes Inhibit missing encryption signature error messages for file types where no signature computed. kes Correct inverted check on autochanger in reservation system. kes Tweak debug code in autochanger reservation. git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@5040 91ce42f0-d328-0410-95d8-f526ca767f89 --- bacula/src/filed/restore.c | 31 ++++++++++++++++++++----------- bacula/src/stored/reserve.c | 12 +++++++----- bacula/src/version.h | 4 ++-- bacula/technotes-2.1 | 9 ++++++++- 4 files changed, 37 insertions(+), 19 deletions(-) diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c index 4b1157bccb..d6d6fe7590 100644 --- a/bacula/src/filed/restore.c +++ b/bacula/src/filed/restore.c @@ -83,10 +83,11 @@ struct r_ctx { uint64_t fileAddr; /* file write address */ uint32_t size; /* Size of file */ int flags; /* Options for extract_data() */ - BFILE forkbfd; /* Alternative data stream */ - uint64_t fork_addr; /* Write address for alternative stream */ - intmax_t fork_size; /* Size of alternate stream */ - int fork_flags; /* Options for extract_data() */ + BFILE forkbfd; /* Alternative data stream */ + uint64_t fork_addr; /* Write address for alternative stream */ + intmax_t fork_size; /* Size of alternate stream */ + int fork_flags; /* Options for extract_data() */ + int32_t type; /* file type FT_ */ SIGNATURE *sig; /* Cryptographic signature (if any) for file */ CRYPTO_SESSION *cs; /* Cryptographic session data (if any) for file */ @@ -110,7 +111,7 @@ static void free_session(r_ctx &rctx); -static bool verify_signature(JCR *jcr, SIGNATURE *sig); +static bool verify_signature(JCR *jcr, r_ctx &rctx); int32_t extract_data(JCR *jcr, BFILE *bfd, POOLMEM *buf, int32_t buflen, uint64_t *addr, int flags, RESTORE_CIPHER_CTX *cipher_ctx); bool flush_cipher(JCR *jcr, BFILE *bfd, uint64_t *addr, int flags, @@ -302,7 +303,8 @@ void do_restore(JCR *jcr) extract = false; /* Verify the cryptographic signature, if any */ - verify_signature(jcr, rctx.sig); + rctx.type = attr->type; + verify_signature(jcr, rctx); /* Free Signature */ free_signature(rctx); @@ -643,7 +645,8 @@ void do_restore(JCR *jcr) set_attributes(jcr, attr, &rctx.bfd); /* Verify the cryptographic signature if any */ - verify_signature(jcr, rctx.sig); + rctx.type = attr->type; + verify_signature(jcr, rctx); extract = false; } else if (is_bopen(&rctx.bfd)) { Jmsg0(jcr, M_ERROR, 0, _("Logic error: output file should not be open\n")); @@ -671,7 +674,8 @@ void do_restore(JCR *jcr) set_attributes(jcr, attr, &rctx.bfd); /* Verify the cryptographic signature on the last file, if any */ - verify_signature(jcr, rctx.sig); + rctx.type = attr->type; + verify_signature(jcr, rctx); } if (is_bopen(&rctx.bfd)) { @@ -785,7 +789,7 @@ static int do_file_digest(FF_PKT *ff_pkt, void *pkt, bool top_level) * TODO landonf: Implement without using find_one_file and * without re-reading the file. */ -static bool verify_signature(JCR *jcr, SIGNATURE *sig) +static bool verify_signature(JCR *jcr, r_ctx &rctx) { X509_KEYPAIR *keypair; DIGEST *digest = NULL; @@ -794,14 +798,19 @@ static bool verify_signature(JCR *jcr, SIGNATURE *sig) crypto_digest_t signing_algorithm = have_sha2 ? CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1; crypto_digest_t algorithm; + SIGNATURE *sig = rctx.sig; if (!jcr->pki_sign) { return true; /* no signature OK */ } if (!sig) { - Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"), - jcr->last_fname); + if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) { + Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"), + jcr->last_fname); + goto bail_out; + } + return true; } /* Iterate through the trusted signers */ diff --git a/bacula/src/stored/reserve.c b/bacula/src/stored/reserve.c index 17a74d7d59..c27bb08f7e 100644 --- a/bacula/src/stored/reserve.c +++ b/bacula/src/stored/reserve.c @@ -818,20 +818,20 @@ static bool is_vol_in_autochanger(RCTX &rctx, VOLRES *vol) Dmsg2(dbglvl, "jid=%u search changers for %s\n", (int)rctx.jcr->JobId, rctx.device_name); foreach_res(changer, R_AUTOCHANGER) { - Dmsg2(dbglvl, "jid=%u Try match changer res=%s\n", - (int)rctx.jcr->JobId, changer->hdr.name); + Dmsg3(dbglvl, "jid=%u Try match changer res=%s device=%s\n", + (int)rctx.jcr->JobId, changer->hdr.name, rctx.device_name); /* Find resource, and make sure we were able to open it */ if (fnmatch(rctx.device_name, changer->hdr.name, 0) == 0) { DEVRES *device; /* Try each device in this AutoChanger */ foreach_alist(device, changer->device) { - Dmsg2(dbglvl, "jid=%u Try changer device %s\n", - (int)rctx.jcr->JobId, device->hdr.name); if (device->dev == vol->dev) { Dmsg2(dbglvl, "jid=%u Found changer device %s\n", (int)rctx.jcr->JobId, device->hdr.name); return true; } + Dmsg2(dbglvl, "jid=%u Incorrect changer device %s\n", + (int)rctx.jcr->JobId, device->hdr.name); } } } @@ -919,7 +919,9 @@ bool find_suitable_device_for_job(JCR *jcr, RCTX &rctx) rctx.device_name = device_name; rctx.device = vol->dev->device; - if (!vol->dev->is_autochanger()) { + if (vol->dev->is_autochanger()) { + Dmsg2(dbglvl, "jid=%u vol=%s is in changer\n", (int)rctx.jcr->JobId, + vol->vol_name); if (!is_vol_in_autochanger(rctx, vol)) { continue; } diff --git a/bacula/src/version.h b/bacula/src/version.h index 1e8013f975..8a7039fc4d 100644 --- a/bacula/src/version.h +++ b/bacula/src/version.h @@ -4,8 +4,8 @@ #undef VERSION #define VERSION "2.1.19" -#define BDATE "18 June 2007" -#define LSMDATE "18Jun07" +#define BDATE "19 June 2007" +#define LSMDATE "19Jun07" #define PROG_COPYRIGHT "Copyright (C) %d-2007 Free Software Foundation Europe e.V.\n" #define BYEAR "2007" /* year for copyright messages in progs */ diff --git a/bacula/technotes-2.1 b/bacula/technotes-2.1 index 0fb9a1dcfb..29285b6a34 100644 --- a/bacula/technotes-2.1 +++ b/bacula/technotes-2.1 @@ -1,7 +1,14 @@ Technical notes on version 2.1 General: -18Jun08 +19Jun07 +kes Fix bad return in FD when encryption signature not found. + Probably caused a crash. +kes Inhibit missing encryption signature error messages for + file types where no signature computed. +kes Correct inverted check on autochanger in reservation system. +kes Tweak debug code in autochanger reservation. +18Jun07 kes Add some additional locking in the cats directory in subroutines that modify packet variables called from batch insert. kes Rework how dcrs are allocated. new_dcr() can now be called -- 2.39.5