From 6bf6fc7db09acd631c0257d0f7c1e6affcb6d1ea Mon Sep 17 00:00:00 2001
From: Landon Fuller <landonf@opendarwin.org>
Date: Sun, 29 Apr 2007 20:47:09 +0000
Subject: [PATCH] backup.c: Send the cryptographic session data for all files.
 This includes zero-length files with non-zero-length resource forks.
 restore.c: Allocate the cipher decryption context on-demand, thus disabling
 decryption / allocation of cipher context for zero-length files.

Fixes: #838
Regression tests passed:
  - compressed-encrypt-test
  - data-encrypt-test
  - encrypt-bug-test


git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@4663 91ce42f0-d328-0410-95d8-f526ca767f89
---
 bacula/src/filed/backup.c  | 42 +++++++++++++++++++-------------------
 bacula/src/filed/restore.c | 32 +++++++++++++++--------------
 2 files changed, 38 insertions(+), 36 deletions(-)

diff --git a/bacula/src/filed/backup.c b/bacula/src/filed/backup.c
index 83ba1d4f65..c39c457f7f 100644
--- a/bacula/src/filed/backup.c
+++ b/bacula/src/filed/backup.c
@@ -401,6 +401,27 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
       goto bail_out;
    }
 
+   /* Set up the encryption context and send the session data to the SD */
+   if (has_file_data && jcr->pki_encrypt) {
+      /* Send our header */
+      Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
+      bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
+
+      /* Grow the bsock buffer to fit our message if necessary */
+      if (sizeof_pool_memory(sd->msg) < jcr->pki_session_encoded_size) {
+         sd->msg = realloc_pool_memory(sd->msg, jcr->pki_session_encoded_size);
+      }
+
+      /* Copy our message over and send it */
+      memcpy(sd->msg, jcr->pki_session_encoded, jcr->pki_session_encoded_size);
+      sd->msglen = jcr->pki_session_encoded_size;
+      jcr->JobBytes += sd->msglen;
+
+      Dmsg1(100, "Send data len=%d\n", sd->msglen);
+      bnet_send(sd);
+      bnet_sig(sd, BNET_EOD);
+   }
+
    /*
     * Open any file with data that we intend to save, then save it.
     *
@@ -444,27 +465,6 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level)
          tid = NULL;
       }
 
-      /* Set up the encryption context, send the session data to the SD */
-      if (jcr->pki_encrypt) {
-         /* Send our header */
-         Dmsg2(100, "Send hdr fi=%ld stream=%d\n", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
-         bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, STREAM_ENCRYPTED_SESSION_DATA);
-
-         /* Grow the bsock buffer to fit our message if necessary */
-         if (sizeof_pool_memory(sd->msg) < jcr->pki_session_encoded_size) {
-            sd->msg = realloc_pool_memory(sd->msg, jcr->pki_session_encoded_size);
-         }
-
-         /* Copy our message over and send it */
-         memcpy(sd->msg, jcr->pki_session_encoded, jcr->pki_session_encoded_size);
-         sd->msglen = jcr->pki_session_encoded_size;
-         jcr->JobBytes += sd->msglen;
-
-         Dmsg1(100, "Send data len=%d\n", sd->msglen);
-         bnet_send(sd);
-         bnet_sig(sd, BNET_EOD);
-      }
-
       stat = send_data(jcr, data_stream, ff_pkt, digest, signing_digest);
 
       if (ff_pkt->flags & FO_CHKCHANGES) {
diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c
index 8c5a8ac6d7..ca15bda551 100644
--- a/bacula/src/filed/restore.c
+++ b/bacula/src/filed/restore.c
@@ -436,16 +436,6 @@ void do_restore(JCR *jcr)
             continue;
          }
 
-         /* Set up a decryption context */
-         if ((cipher_ctx.cipher = crypto_cipher_new(cs, false, &cipher_ctx.block_size)) == NULL) {
-            Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
-            crypto_session_free(cs);
-            cs = NULL;
-            extract = false;
-            bclose(&bfd);
-            continue;
-         }
-
          break;
 
       case STREAM_FILE_DATA:
@@ -477,12 +467,24 @@ void do_restore(JCR *jcr)
             if (stream == STREAM_ENCRYPTED_FILE_DATA
                   || stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
                   || stream == STREAM_ENCRYPTED_WIN32_DATA
-                  || stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
+                  || stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {               
+               /* Set up a decryption context */
                if (!cipher_ctx.cipher) {
-                  Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
-                  extract = false;
-                  bclose(&bfd);
-                  continue;
+                  if (!cs) {
+                     Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
+                     extract = false;
+                     bclose(&bfd);
+                     continue;
+                  }
+
+                  if ((cipher_ctx.cipher = crypto_cipher_new(cs, false, &cipher_ctx.block_size)) == NULL) {
+                     Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
+                     crypto_session_free(cs);
+                     cs = NULL;
+                     extract = false;
+                     bclose(&bfd);
+                     continue;
+                  }
                }
                flags |= FO_ENCRYPT;
             }
-- 
2.39.5