1 /*
2 Bacula(R) - The Network Backup Solution
3
4 Copyright (C) 2000-2020 Kern Sibbald
5
6 The original author of Bacula is Kern Sibbald, with contributions
7 from many others, a complete list can be found in the file AUTHORS.
8
9 You may use this file and others of this release according to the
10 license defined in the LICENSE file, which includes the Affero General
11 Public License, v3.0 ("AGPLv3") and some additional permissions and
12 terms pursuant to its AGPLv3 Section 7.
13
14 This notice must be preserved when any source code is
15 conveyed and/or propagated.
16
17 Bacula(R) is a registered trademark of Kern Sibbald.
18 */
19 /*
20 * Bacula File Daemon restore.c Restorefiles.
21 *
22 * Kern Sibbald, November MM
23 *
24 */
25
26 #include "bacula.h"
27 #include "filed.h"
28 #include "ch.h"
29 #include "restore.h"
30
31 #ifdef HAVE_DARWIN_OS
32 #include <sys/attr.h>
33 const bool have_darwin_os = true;
34 #else
35 const bool have_darwin_os = false;
36 #endif
37
38 #if defined(HAVE_CRYPTO)
39 const bool have_crypto = true;
40 #else
41 const bool have_crypto = false;
42 #endif
43
44 #if defined(HAVE_ACL)
45 const bool have_acl = true;
46 #else
47 const bool have_acl = false;
48 #endif
49
50 #ifdef HAVE_SHA2
51 const bool have_sha2 = true;
52 #else
53 const bool have_sha2 = false;
54 #endif
55
56 #if defined(HAVE_XATTR)
57 const bool have_xattr = true;
58 #else
59 const bool have_xattr = false;
60 #endif
61
62 /* Data received from Storage Daemon */
63 static char rec_header[] = "rechdr %ld %ld %ld %ld %ld";
64
65 /* Forward referenced functions */
66 #if defined(HAVE_LIBZ)
67 static const char *zlib_strerror(int stat);
68 const bool have_libz = true;
69 #else
70 const bool have_libz = false;
71 #endif
72 #ifdef HAVE_LZO
73 const bool have_lzo = true;
74 #else
75 const bool have_lzo = false;
76 #endif
77
78 static void deallocate_cipher(r_ctx &rctx);
79 static void deallocate_fork_cipher(r_ctx &rctx);
80 static bool verify_signature(r_ctx &rctx);
81 static void free_signature(r_ctx &rctx);
82 static void free_session(r_ctx &rctx);
83 static bool close_previous_stream(r_ctx &rctx);
84 static int32_t extract_data(r_ctx &rctx, POOLMEM *buf, int32_t buflen);
85 static bool flush_cipher(r_ctx &rctx, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
86 RESTORE_CIPHER_CTX *cipher_ctx);
87
88 /*
89 * Close a bfd check that we are at the expected file offset.
90 * Makes use of some code from set_attributes().
91 */
bclose_chksize(r_ctx & rctx,BFILE * bfd,boffset_t osize)92 static int bclose_chksize(r_ctx &rctx, BFILE *bfd, boffset_t osize)
93 {
94 char ec1[50], ec2[50];
95 boffset_t fsize;
96 JCR *jcr = rctx.jcr;
97
98 fsize = blseek(bfd, 0, SEEK_CUR);
99 bclose(bfd); /* first close file */
100 if (fsize > 0 && fsize != osize) {
101 Qmsg3(jcr, M_WARNING, 0, _("Size of data or stream of %s not correct. Original %s, restored %s.\n"),
102 jcr->last_fname, edit_uint64(osize, ec1),
103 edit_uint64(fsize, ec2));
104 return -1;
105 }
106 return 0;
107 }
108
109 #ifdef HAVE_DARWIN_OS
restore_finderinfo(JCR * jcr,POOLMEM * buf,int32_t buflen)110 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
111 {
112 struct attrlist attrList;
113
114 bmemset(&attrList, 0, sizeof(attrList));
115 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
116 attrList.commonattr = ATTR_CMN_FNDRINFO;
117
118 Dmsg0(130, "Restoring Finder Info\n");
119 jcr->ff->flags |= FO_HFSPLUS;
120 if (buflen != 32) {
121 Jmsg(jcr, M_WARNING, 0, _("Invalid length of Finder Info (got %d, wanted 32)\n"), buflen);
122 return false;
123 }
124
125 if (setattrlist(jcr->last_fname, &attrList, buf, buflen, 0) != 0) {
126 Jmsg(jcr, M_WARNING, 0, _("Error setting Finder Info on \"%s\"\n"), jcr->last_fname);
127 return false;
128 }
129
130 return true;
131 }
132 #else
133
restore_finderinfo(JCR * jcr,POOLMEM * buf,int32_t buflen)134 static bool restore_finderinfo(JCR *jcr, POOLMEM *buf, int32_t buflen)
135 {
136 return true;
137 }
138
139 #endif
140
141 /*
142 * Cleanup of delayed restore stack with streams for later processing.
143 */
drop_delayed_restore_streams(r_ctx & rctx,bool reuse)144 static void drop_delayed_restore_streams(r_ctx &rctx, bool reuse)
145 {
146 RESTORE_DATA_STREAM *rds;
147
148 if (!rctx.delayed_streams) {
149 if (reuse) {
150 rctx.delayed_streams = New(alist(10, owned_by_alist));
151 }
152 return;
153 }
154 if (rctx.delayed_streams->empty()) {
155 return;
156 }
157
158 foreach_alist(rds, rctx.delayed_streams) {
159 if (rds->content) {
160 free(rds->content);
161 rds->content = NULL;
162 }
163 }
164 rctx.delayed_streams->destroy();
165 if (reuse) {
166 rctx.delayed_streams->init(10, owned_by_alist);
167 }
168 }
169
170
171 /*
172 * Push a data stream onto the delayed restore stack for
173 * later processing.
174 */
push_delayed_restore_stream(r_ctx & rctx,char * msg,int msglen)175 static inline void push_delayed_restore_stream(r_ctx &rctx, char *msg, int msglen)
176 {
177 RESTORE_DATA_STREAM *rds;
178
179 if (msglen <= 0) {
180 return;
181 }
182 if (!rctx.delayed_streams) {
183 rctx.delayed_streams = New(alist(10, owned_by_alist));
184 }
185
186 rds = (RESTORE_DATA_STREAM *)malloc(sizeof(RESTORE_DATA_STREAM));
187 rds->stream = rctx.stream;
188 rds->content = (char *)malloc(msglen);
189 memcpy(rds->content, msg, msglen);
190 rds->content_length = msglen;
191 rctx.delayed_streams->append(rds);
192 }
193
194 /*
195 * Perform a restore of an ACL using the stream received.
196 * This can either be a delayed restore or direct restore.
197 */
do_restore_acl(JCR * jcr,int stream,char * content,uint32_t content_length)198 static inline bool do_restore_acl(JCR *jcr, int stream, char *content,
199 uint32_t content_length)
200 {
201 #ifdef HAVE_ACL
202 if (!jcr->bacl) {
203 return true;
204 }
205 switch (jcr->bacl->restore_acl(jcr, stream, content, content_length)) {
206 case bRC_BACL_fatal:
207 return false;
208 case bRC_BACL_error:
209 /*
210 * Non-fatal errors, count them and when the number is under ACL_MAX_ERROR_PRINT_PER_JOB
211 * print the error message set by the lower level routine in jcr->errmsg.
212 */
213 if (jcr->bacl->get_acl_nr_errors() < ACL_MAX_ERROR_PRINT_PER_JOB) {
214 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
215 }
216 break;
217 default:
218 break;
219 }
220 #endif
221 return true;
222 }
223
224 /*
225 * Perform a restore of an XATTR using the stream received.
226 * This can either be a delayed restore or direct restore.
227 */
do_restore_xattr(JCR * jcr,int stream,char * content,uint32_t content_length)228 static inline bool do_restore_xattr(JCR *jcr, int stream, char *content,
229 uint32_t content_length)
230 {
231 #ifdef HAVE_XATTR
232 if (!jcr->bxattr) {
233 return true;
234 }
235
236 switch (jcr->bxattr->restore_xattr(jcr, stream, content, content_length)) {
237 case bRC_BXATTR_fatal:
238 return false;
239 case bRC_BXATTR_error:
240 /*
241 * Non-fatal errors, count them and when the number is under XATTR_MAX_ERROR_PRINT_PER_JOB
242 * print the error message set by the lower level routine in jcr->errmsg.
243 */
244 if (jcr->bxattr->get_xattr_nr_errors() < XATTR_MAX_ERROR_PRINT_PER_JOB) {
245 Jmsg(jcr, M_WARNING, 0, "%s", jcr->errmsg);
246 }
247 break;
248 default:
249 break;
250 }
251 #endif
252 return true;
253 }
254
255 /*
256 * Restore any data streams that are restored after the file
257 * is fully restored and has its attributes restored. Things
258 * like acls and xattr are restored after we set the file
259 * attributes otherwise we might clear some security flags
260 * by setting the attributes.
261 */
pop_delayed_data_streams(r_ctx & rctx)262 static inline bool pop_delayed_data_streams(r_ctx &rctx)
263 {
264 RESTORE_DATA_STREAM *rds;
265 JCR *jcr = rctx.jcr;
266
267 /*
268 * See if there is anything todo.
269 */
270 if (!rctx.delayed_streams ||
271 rctx.delayed_streams->empty()) {
272 return true;
273 }
274
275 /*
276 * Only process known delayed data streams here.
277 * If you start using more delayed data streams
278 * be sure to add them in this loop and add the
279 * proper calls here.
280 *
281 * Currently we support delayed data stream
282 * processing for the following type of streams:
283 * - *_ACL_*
284 * - *_XATTR_*
285 */
286 foreach_alist(rds, rctx.delayed_streams) {
287 Dmsg1(10, "Delayed Stream=%d\n", rds->stream);
288 switch (rds->stream) {
289 case STREAM_UNIX_ACCESS_ACL:
290 case STREAM_UNIX_DEFAULT_ACL:
291 case STREAM_XACL_AIX_TEXT:
292 case STREAM_XACL_DARWIN_ACCESS:
293 case STREAM_XACL_FREEBSD_DEFAULT:
294 case STREAM_XACL_FREEBSD_ACCESS:
295 case STREAM_XACL_HPUX_ACL_ENTRY:
296 case STREAM_XACL_IRIX_DEFAULT:
297 case STREAM_XACL_IRIX_ACCESS:
298 case STREAM_XACL_LINUX_DEFAULT:
299 case STREAM_XACL_LINUX_ACCESS:
300 case STREAM_XACL_TRU64_DEFAULT:
301 case STREAM_XACL_TRU64_DEFAULT_DIR:
302 case STREAM_XACL_TRU64_ACCESS:
303 case STREAM_XACL_SOLARIS_POSIX:
304 case STREAM_XACL_SOLARIS_NFS4:
305 case STREAM_XACL_AFS_TEXT:
306 case STREAM_XACL_AIX_AIXC:
307 case STREAM_XACL_AIX_NFS4:
308 case STREAM_XACL_FREEBSD_NFS4:
309 case STREAM_XACL_HURD_DEFAULT:
310 case STREAM_XACL_HURD_ACCESS:
311 case STREAM_XACL_PLUGIN_ACL:
312 case STREAM_XACL_GPFS_ACL_DEFAULT:
313 case STREAM_XACL_GPFS_ACL_ACCESS:
314 if (!do_restore_acl(jcr, rds->stream, rds->content, rds->content_length)) {
315 goto get_out;
316 }
317 break;
318 case STREAM_XACL_PLUGIN_XATTR:
319 case STREAM_XACL_HURD_XATTR:
320 case STREAM_XACL_IRIX_XATTR:
321 case STREAM_XACL_TRU64_XATTR:
322 case STREAM_XACL_AIX_XATTR:
323 case STREAM_XACL_OPENBSD_XATTR:
324 case STREAM_XACL_SOLARIS_SYS_XATTR:
325 case STREAM_XACL_DARWIN_XATTR:
326 case STREAM_XACL_FREEBSD_XATTR:
327 case STREAM_XACL_LINUX_XATTR:
328 case STREAM_XACL_NETBSD_XATTR:
329 if (!do_restore_xattr(jcr, rds->stream, rds->content, rds->content_length)) {
330 goto get_out;
331 }
332 break;
333 default:
334 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
335 rds->stream);
336 Dmsg2(0, "Unknown stream=%d data=%s\n", rds->stream, rds->content);
337 break;
338 }
339 if (rds->content) {
340 free(rds->content);
341 rds->content = NULL;
342 }
343 }
344
345 drop_delayed_restore_streams(rctx, true);
346 return true;
347
348 get_out:
349 drop_delayed_restore_streams(rctx, true);
350 return false;
351 }
352
353
354 /*
355 * Restore the requested files.
356 */
do_restore(JCR * jcr)357 void do_restore(JCR *jcr)
358 {
359 BSOCK *sd;
360 uint32_t VolSessionId, VolSessionTime;
361 int32_t file_index;
362 char ec1[50]; /* Buffer printing huge values */
363 uint32_t buf_size; /* client buffer size */
364 int stat;
365 int64_t rsrc_len = 0; /* Original length of resource fork */
366 r_ctx rctx;
367 ATTR *attr;
368 int bget_ret = 0;
369 /* ***FIXME*** make configurable */
370 crypto_digest_t signing_algorithm = have_sha2 ?
371 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
372 bmemset(&rctx, 0, sizeof(rctx));
373 rctx.jcr = jcr;
374
375 /* The following variables keep track of "known unknowns" */
376 int non_suppored_data = 0;
377 int non_suppored_attr = 0;
378 int non_suppored_rsrc = 0;
379 int non_suppored_finfo = 0;
380 int non_suppored_acl = 0;
381 int non_suppored_progname = 0;
382 int non_suppored_crypto = 0;
383 int non_suppored_xattr = 0;
384
385 sd = jcr->store_bsock;
386 jcr->setJobStatus(JS_Running);
387
388 LockRes();
389 CLIENT *client = (CLIENT *)GetNextRes(R_CLIENT, NULL);
390 UnlockRes();
391 if (client) {
392 buf_size = client->max_network_buffer_size;
393 } else {
394 buf_size = 0; /* use default */
395 }
396 if (!sd->set_buffer_size(buf_size, BNET_SETBUF_WRITE)) {
397 jcr->setJobStatus(JS_ErrorTerminated);
398 return;
399 }
400 jcr->buf_size = sd->msglen;
401
402 /* use the same buffer size to decompress both gzip and lzo */
403 if (have_libz || have_lzo) {
404 uint32_t compress_buf_size = jcr->buf_size + 12 + ((jcr->buf_size+999) / 1000) + 100;
405 jcr->compress_buf = get_memory(compress_buf_size);
406 jcr->compress_buf_size = compress_buf_size;
407 }
408
409 GetMsg *fdmsg = get_msg_buffer(jcr, sd, rec_header);
410
411 fdmsg->start_read_sock();
412 bmessage *bmsg = fdmsg->new_msg(); /* get a message, to exchange with fdmsg */
413
414 #ifdef HAVE_LZO
415 if (lzo_init() != LZO_E_OK) {
416 Jmsg(jcr, M_FATAL, 0, _("LZO init failed\n"));
417 goto get_out;
418 }
419 #endif
420
421 if (have_crypto) {
422 rctx.cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
423 if (have_darwin_os) {
424 rctx.fork_cipher_ctx.buf = get_memory(CRYPTO_CIPHER_MAX_BLOCK_SIZE);
425 }
426 }
427
428 /*
429 * Get a record from the Storage daemon. We are guaranteed to
430 * receive records in the following order:
431 * 1. Stream record header
432 * 2. Stream data (one or more of the following in the order given)
433 * a. Attributes (Unix or Windows)
434 * b. Possibly stream encryption session data (e.g., symmetric session key)
435 * c. File data for the file
436 * d. Alternate data stream (e.g. Resource Fork)
437 * e. Finder info
438 * f. ACLs
439 * g. XATTRs
440 * h. Possibly a cryptographic signature
441 * i. Possibly MD5 or SHA1 record
442 * 3. Repeat step 1
443 *
444 * NOTE: We keep track of two bacula file descriptors:
445 * 1. bfd for file data.
446 * This fd is opened for non empty files when an attribute stream is
447 * encountered and closed when we find the next attribute stream.
448 * 2. fork_bfd for alternate data streams
449 * This fd is opened every time we encounter a new alternate data
450 * stream for the current file. When we find any other stream, we
451 * close it again.
452 * The expected size of the stream, fork_len, should be set when
453 * opening the fd.
454 * 3. Not all the stream data records are required -- e.g. if there
455 * is no fork, there is no alternate data stream, no ACL, ...
456 */
457 binit(&rctx.bfd);
458 binit(&rctx.forkbfd);
459 attr = rctx.attr = new_attr(jcr);
460 #ifdef HAVE_ACL
461 jcr->bacl = (BACL*)new_bacl();
462 #endif
463 #ifdef HAVE_XATTR
464 jcr->bxattr = (BXATTR*)new_bxattr();
465 #endif
466
467 Dsm_check(200);
468 while ((bget_ret = fdmsg->bget_msg(&bmsg)) >= 0 && !job_canceled(jcr)) {
469 time_t now = time(NULL);
470 if (jcr->last_stat_time == 0) {
471 jcr->last_stat_time = now;
472 jcr->stat_interval = 30; /* Default 30 seconds */
473 } else if (now >= jcr->last_stat_time + jcr->stat_interval) {
474 jcr->dir_bsock->fsend("Progress JobId=%ld files=%ld bytes=%lld bps=%ld\n",
475 jcr->JobId, jcr->JobFiles, jcr->JobBytes, jcr->LastRate);
476 jcr->last_stat_time = now;
477 }
478
479 /* Remember previous stream type */
480 rctx.prev_stream = rctx.stream;
481
482 /* First we expect a Stream Record Header */
483 Dsm_check(200);
484 if (sscanf(bmsg->rbuf, rec_header, &VolSessionId, &VolSessionTime, &file_index,
485 &rctx.full_stream, &rctx.size) != 5) {
486 Jmsg1(jcr, M_FATAL, 0, _("Record header scan error: %s\n"), bmsg->rbuf);
487 goto get_out;
488 }
489 /* Strip off new stream high bits */
490 rctx.stream = rctx.full_stream & STREAMMASK_TYPE;
491 Dmsg5(DT_DEDUP|600, "Got hdr: Files=%d FilInx=%d size=%d Stream=%d, %s.\n",
492 jcr->JobFiles, file_index, rctx.size, rctx.stream, stream_to_ascii(rctx.stream));
493
494 /* Now we expect the Stream Data */
495 if ((bget_ret = fdmsg->bget_msg(&bmsg)) < 0) {
496 if (bget_ret != BNET_EXT_TERMINATE) {
497 Jmsg1(jcr, M_FATAL, 0, _("Data record error. ERR=%s\n"), sd->bstrerror());
498 } else {
499 /* The error has been handled somewhere else, just quit */
500 }
501 goto get_out;
502 }
503 if (rctx.size != (uint32_t)bmsg->origlen) {
504 Jmsg2(jcr, M_FATAL, 0, _("Actual data size %d not same as header %d\n"),
505 bmsg->origlen, rctx.size);
506 Dmsg2(50, "Actual data size %d not same as header %d\n",
507 bmsg->origlen, rctx.size);
508 goto get_out;
509 }
510 Dmsg3(DT_DEDUP|620, "Got stream: %s len=%d extract=%d\n", stream_to_ascii(rctx.stream),
511 bmsg->msglen, rctx.extract);
512
513 /* If we change streams, close and reset alternate data streams */
514 if (rctx.prev_stream != rctx.stream) {
515 if (is_bopen(&rctx.forkbfd)) {
516 deallocate_fork_cipher(rctx);
517 bclose_chksize(rctx, &rctx.forkbfd, rctx.fork_size);
518 }
519 /* Use an impossible value and set a proper one below */
520 rctx.fork_size = -1;
521 rctx.fork_addr = 0;
522 }
523
524 /* File Attributes stream */
525 switch (rctx.stream) {
526 case STREAM_UNIX_ATTRIBUTES:
527 case STREAM_UNIX_ATTRIBUTES_EX:
528 /* if any previous stream open, close it */
529 if (!close_previous_stream(rctx)) {
530 goto get_out;
531 }
532
533 /*
534 * TODO: manage deleted files
535 */
536 if (rctx.type == FT_DELETED) { /* deleted file */
537 continue;
538 }
539 /*
540 * Restore objects should be ignored here -- they are
541 * returned at the beginning of the restore.
542 */
543 if (IS_FT_OBJECT(rctx.type)) {
544 continue;
545 }
546
547 /*
548 * Unpack attributes and do sanity check them
549 */
550 if (!unpack_attributes_record(jcr, rctx.stream, bmsg->rbuf, bmsg->rbuflen, attr)) {
551 goto get_out;
552 }
553
554 attr->data_stream = decode_stat(attr->attr, &attr->statp, sizeof(attr->statp), &attr->LinkFI);
555
556 Dmsg5(100, "Stream %d: %s, File %s\nattrib=%s\nattribsEx=%s\n",
557 attr->data_stream, stream_to_ascii(attr->data_stream),
558 attr->fname, attr->attr, attr->attrEx);
559 Dmsg3(100, "=== msglen=%d attrExlen=%d msg=%s\n", bmsg->rbuflen,
560 strlen(attr->attrEx), bmsg->rbuf);
561
562 if (!is_restore_stream_supported(attr->data_stream)) {
563 Dmsg2(15, "Non-supported data stream %d: %s\n",
564 attr->data_stream, stream_to_ascii(attr->data_stream));
565 if (!non_suppored_data++) {
566 Jmsg(jcr, M_WARNING, 0, _("%s stream not supported on this Client.\n"),
567 stream_to_ascii(attr->data_stream));
568 }
569 continue;
570 }
571
572 build_attr_output_fnames(jcr, attr);
573
574 /*
575 * Try to actually create the file, which returns a status telling
576 * us if we need to extract or not.
577 */
578 jcr->num_files_examined++;
579 rctx.extract = false;
580 stat = CF_CORE; /* By default, let Bacula's core handle it */
581
582 if (jcr->plugin) {
583 stat = plugin_create_file(jcr, attr, &rctx.bfd, jcr->replace);
584 }
585
586 if (stat == CF_CORE) {
587 stat = create_file(jcr, attr, &rctx.bfd, jcr->replace);
588 }
589 jcr->lock();
590 pm_strcpy(jcr->last_fname, attr->ofname);
591 jcr->last_type = attr->type;
592 jcr->unlock();
593 Dmsg4(130, "Outfile=%s create_file stat=%d type=%ld rdev=%d\n", attr->ofname, stat, attr->type, attr->statp.st_rdev);
594 switch (stat) {
595 case CF_ERROR:
596 case CF_SKIP:
597 jcr->JobFiles++;
598 break;
599 case CF_EXTRACT: /* File created and we expect file data */
600 rctx.extract = true;
601 #ifdef HAVE_WIN32
602 if (attr->type==FT_DIREND && attr->statp.st_rdev==WIN32_MOUNT_POINT) {
603 /* this is a directory that is a mount point,
604 * don't restore the mount point, only the directory */
605 Dmsg1(50, "Don't restore mount point information Outfile=%s\n", attr->ofname);
606 rctx.extract = false;
607 }
608 #endif
609 /* FALLTHROUGH WANTED */
610 case CF_CREATED: /* File created, but there is no content */
611 /* File created, but there is no content */
612 rctx.fileAddr = 0;
613 print_ls_output(jcr, attr);
614
615 if (have_darwin_os) {
616 /* Only restore the resource fork for regular files */
617 from_base64(&rsrc_len, attr->attrEx);
618 if (attr->type == FT_REG && rsrc_len > 0) {
619 rctx.extract = true;
620 }
621
622 /*
623 * Do not count the resource forks as regular files being restored.
624 */
625 if (rsrc_len == 0) {
626 jcr->JobFiles++;
627 }
628 } else {
629 jcr->JobFiles++;
630 }
631
632 if (!rctx.extract) {
633 /* set attributes now because file will not be extracted */
634 if (jcr->plugin) {
635 plugin_set_attributes(jcr, attr, &rctx.bfd);
636 } else {
637 set_attributes(jcr, attr, &rctx.bfd);
638 }
639 }
640 break;
641 }
642
643 break;
644
645 /* Data stream */
646 case STREAM_ENCRYPTED_SESSION_DATA:
647 crypto_error_t cryptoerr;
648
649 /* The current file will not be extracted, do not create a crypto session */
650 if (!rctx.extract) {
651 break;
652 }
653
654 /* Is this an unexpected session data entry? */
655 if (rctx.cs) {
656 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic session data stream.\n"));
657 rctx.extract = false;
658 bclose(&rctx.bfd);
659 continue;
660 }
661
662 /* Do we have any keys at all? */
663 if (!jcr->crypto.pki_recipients) {
664 Jmsg(jcr, M_ERROR, 0, _("No private decryption keys have been defined to decrypt encrypted backup data.\n"));
665 rctx.extract = false;
666 bclose(&rctx.bfd);
667 break;
668 }
669
670 if (jcr->crypto.digest) {
671 crypto_digest_free(jcr->crypto.digest);
672 }
673 jcr->crypto.digest = crypto_digest_new(jcr, signing_algorithm);
674 if (!jcr->crypto.digest) {
675 Jmsg0(jcr, M_FATAL, 0, _("Could not create digest.\n"));
676 rctx.extract = false;
677 bclose(&rctx.bfd);
678 break;
679 }
680
681 /* Decode and save session keys. */
682 cryptoerr = crypto_session_decode((uint8_t *)bmsg->rbuf, (uint32_t)bmsg->rbuflen,
683 jcr->crypto.pki_recipients, &rctx.cs);
684 switch (cryptoerr) {
685 case CRYPTO_ERROR_NONE:
686 /* Success */
687 break;
688 case CRYPTO_ERROR_NORECIPIENT:
689 Jmsg(jcr, M_ERROR, 0, _("Missing private key required to decrypt encrypted backup data.\n"));
690 break;
691 case CRYPTO_ERROR_DECRYPTION:
692 Jmsg(jcr, M_ERROR, 0, _("Decrypt of the session key failed.\n"));
693 break;
694 case CRYPTO_ERROR_NOSIGNER:
695 Jmsg(jcr, M_ERROR, 0, _("Signer not found. Decryption failed.\n"));
696 break;
697 case CRYPTO_ERROR_INVALID_DIGEST:
698 Jmsg(jcr, M_ERROR, 0, _("Unsupported digest algorithm. Decrypt failed.\n"));
699 break;
700 case CRYPTO_ERROR_INVALID_CRYPTO:
701 Jmsg(jcr, M_ERROR, 0, _("Unsupported encryption algorithm. Decrypt failed.\n"));
702 break;
703 default:
704 /* This shouldn't happen */
705 Jmsg2(jcr, M_ERROR, 0, _("An error=%d occurred while decoding encrypted session data stream: ERR=%s\n"),
706 cryptoerr, crypto_strerror(cryptoerr));
707 break;
708 }
709
710 if (cryptoerr != CRYPTO_ERROR_NONE) {
711 rctx.extract = false;
712 bclose(&rctx.bfd);
713 continue;
714 }
715
716 break;
717
718 case STREAM_FILE_DATA:
719 case STREAM_SPARSE_DATA:
720 case STREAM_WIN32_DATA:
721 case STREAM_GZIP_DATA:
722 case STREAM_SPARSE_GZIP_DATA:
723 case STREAM_WIN32_GZIP_DATA:
724 case STREAM_COMPRESSED_DATA:
725 case STREAM_SPARSE_COMPRESSED_DATA:
726 case STREAM_WIN32_COMPRESSED_DATA:
727 case STREAM_ENCRYPTED_FILE_DATA:
728 case STREAM_ENCRYPTED_WIN32_DATA:
729 case STREAM_ENCRYPTED_FILE_GZIP_DATA:
730 case STREAM_ENCRYPTED_WIN32_GZIP_DATA:
731 case STREAM_ENCRYPTED_FILE_COMPRESSED_DATA:
732 case STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA:
733 /* Force an expected, consistent stream type here */
734 if (rctx.extract && (rctx.prev_stream == rctx.stream
735 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES
736 || rctx.prev_stream == STREAM_UNIX_ATTRIBUTES_EX
737 || rctx.prev_stream == STREAM_ENCRYPTED_SESSION_DATA)) {
738 rctx.flags = 0;
739
740 if (rctx.full_stream & STREAM_BIT_DEDUPLICATION_DATA){
741 rctx.flags |= FO_DEDUPLICATION;
742 Dmsg0(DT_DEDUP|645, "REHYDRATION client side\n");
743 }
744
745 if (rctx.stream == STREAM_SPARSE_DATA
746 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
747 || rctx.stream == STREAM_SPARSE_GZIP_DATA)
748 {
749 rctx.flags |= FO_SPARSE;
750 }
751
752 if (rctx.full_stream & STREAM_BIT_OFFSETS) {
753 rctx.flags |= FO_OFFSETS;
754 }
755
756 if (rctx.stream == STREAM_GZIP_DATA
757 || rctx.stream == STREAM_SPARSE_GZIP_DATA
758 || rctx.stream == STREAM_WIN32_GZIP_DATA
759 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
760 || rctx.stream == STREAM_COMPRESSED_DATA
761 || rctx.stream == STREAM_SPARSE_COMPRESSED_DATA
762 || rctx.stream == STREAM_WIN32_COMPRESSED_DATA
763 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
764 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
765 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
766 rctx.flags |= FO_COMPRESS;
767 rctx.comp_stream = rctx.stream;
768 }
769
770 if (rctx.stream == STREAM_ENCRYPTED_FILE_DATA
771 || rctx.stream == STREAM_ENCRYPTED_FILE_GZIP_DATA
772 || rctx.stream == STREAM_ENCRYPTED_WIN32_DATA
773 || rctx.stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA
774 || rctx.stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA
775 || rctx.stream == STREAM_ENCRYPTED_WIN32_GZIP_DATA) {
776 /* Set up a decryption context */
777 if (!rctx.cipher_ctx.cipher) {
778 if (!rctx.cs) {
779 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
780 rctx.extract = false;
781 bclose(&rctx.bfd);
782 continue;
783 }
784
785 if ((rctx.cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false,
786 &rctx.cipher_ctx.block_size)) == NULL) {
787 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
788 free_session(rctx);
789 rctx.extract = false;
790 bclose(&rctx.bfd);
791 continue;
792 }
793 }
794 rctx.flags |= FO_ENCRYPT;
795 }
796
797 if (is_win32_stream(rctx.stream) &&
798 (win32decomp || !have_win32_api())) {
799 set_portable_backup(&rctx.bfd);
800 rctx.flags |= FO_WIN32DECOMP; /* "decompose" BackupWrite data */
801 }
802
803 if (extract_data(rctx, bmsg->rbuf, bmsg->rbuflen) < 0) {
804 rctx.extract = false;
805 bclose(&rctx.bfd);
806 continue;
807 }
808 }
809 break;
810
811 /*
812 * Resource fork stream - only recorded after a file to be restored
813 * Silently ignore if we cannot write - we already reported that
814 */
815 case STREAM_ENCRYPTED_MACOS_FORK_DATA:
816 case STREAM_MACOS_FORK_DATA:
817 if (have_darwin_os) {
818 rctx.fork_flags = 0;
819 jcr->ff->flags |= FO_HFSPLUS;
820
821 if (rctx.stream == STREAM_ENCRYPTED_MACOS_FORK_DATA) {
822 rctx.fork_flags |= FO_ENCRYPT;
823
824 /* Set up a decryption context */
825 if (rctx.extract && !rctx.fork_cipher_ctx.cipher) {
826 if (!rctx.cs) {
827 Jmsg1(jcr, M_ERROR, 0, _("Missing encryption session data stream for %s\n"), jcr->last_fname);
828 rctx.extract = false;
829 bclose(&rctx.bfd);
830 continue;
831 }
832
833 if ((rctx.fork_cipher_ctx.cipher = crypto_cipher_new(rctx.cs, false, &rctx.fork_cipher_ctx.block_size)) == NULL) {
834 Jmsg1(jcr, M_ERROR, 0, _("Failed to initialize decryption context for %s\n"), jcr->last_fname);
835 free_session(rctx);
836 rctx.extract = false;
837 bclose(&rctx.bfd);
838 continue;
839 }
840 }
841 }
842
843 if (rctx.extract) {
844 if (rctx.prev_stream != rctx.stream) {
845 if (bopen_rsrc(&rctx.forkbfd, jcr->last_fname, O_WRONLY | O_TRUNC | O_BINARY, 0) < 0) {
846 Jmsg(jcr, M_WARNING, 0, _("Cannot open resource fork for %s.\n"), jcr->last_fname);
847 rctx.extract = false;
848 continue;
849 }
850
851 rctx.fork_size = rsrc_len;
852 Dmsg0(130, "Restoring resource fork\n");
853 }
854
855 if (extract_data(rctx, bmsg->rbuf, bmsg->rbuflen) < 0) {
856 rctx.extract = false;
857 bclose(&rctx.forkbfd);
858 continue;
859 }
860 }
861 } else {
862 non_suppored_rsrc++;
863 }
864 break;
865
866 case STREAM_HFSPLUS_ATTRIBUTES:
867 if (have_darwin_os) {
868 if (!restore_finderinfo(jcr, bmsg->rbuf, bmsg->rbuflen)) {
869 continue;
870 }
871 } else {
872 non_suppored_finfo++;
873 }
874 break;
875
876 case STREAM_UNIX_ACCESS_ACL:
877 case STREAM_UNIX_DEFAULT_ACL:
878 case STREAM_XACL_AIX_TEXT:
879 case STREAM_XACL_DARWIN_ACCESS:
880 case STREAM_XACL_FREEBSD_DEFAULT:
881 case STREAM_XACL_FREEBSD_ACCESS:
882 case STREAM_XACL_HPUX_ACL_ENTRY:
883 case STREAM_XACL_IRIX_DEFAULT:
884 case STREAM_XACL_IRIX_ACCESS:
885 case STREAM_XACL_LINUX_DEFAULT:
886 case STREAM_XACL_LINUX_ACCESS:
887 case STREAM_XACL_TRU64_DEFAULT:
888 case STREAM_XACL_TRU64_DEFAULT_DIR:
889 case STREAM_XACL_TRU64_ACCESS:
890 case STREAM_XACL_SOLARIS_POSIX:
891 case STREAM_XACL_SOLARIS_NFS4:
892 case STREAM_XACL_AFS_TEXT:
893 case STREAM_XACL_AIX_AIXC:
894 case STREAM_XACL_AIX_NFS4:
895 case STREAM_XACL_FREEBSD_NFS4:
896 case STREAM_XACL_HURD_DEFAULT:
897 case STREAM_XACL_HURD_ACCESS:
898 case STREAM_XACL_PLUGIN_ACL:
899 case STREAM_XACL_GPFS_ACL_DEFAULT:
900 case STREAM_XACL_GPFS_ACL_ACCESS:
901 /*
902 * Do not restore ACLs when
903 * a) The current file is not extracted
904 * b) and it is not a directory (they are never "extracted")
905 * c) and it is not a symlink (they are never "extracted")
906 * d) or the file name is empty
907 */
908 if ((!rctx.extract &&
909 jcr->last_type != FT_DIREND &&
910 jcr->last_type != FT_LNK) ||
911 (*jcr->last_fname == 0)) {
912 break;
913 }
914 if (have_acl) {
915 /*
916 * For anything that is not a directory we delay
917 * the restore of acls till a later stage.
918 */
919 if (jcr->last_type != FT_DIREND) {
920 push_delayed_restore_stream(rctx, bmsg->rbuf, bmsg->rbuflen);
921 } else {
922 if (!do_restore_acl(jcr, rctx.stream, bmsg->rbuf, bmsg->rbuflen)) {
923 goto get_out;
924 }
925 }
926 } else {
927 non_suppored_acl++;
928 }
929 break;
930
931 case STREAM_XACL_PLUGIN_XATTR:
932 case STREAM_XACL_HURD_XATTR:
933 case STREAM_XACL_IRIX_XATTR:
934 case STREAM_XACL_TRU64_XATTR:
935 case STREAM_XACL_AIX_XATTR:
936 case STREAM_XACL_OPENBSD_XATTR:
937 case STREAM_XACL_SOLARIS_SYS_XATTR:
938 case STREAM_XACL_DARWIN_XATTR:
939 case STREAM_XACL_FREEBSD_XATTR:
940 case STREAM_XACL_LINUX_XATTR:
941 case STREAM_XACL_NETBSD_XATTR:
942 /*
943 * Do not restore Extended Attributes when
944 * a) The current file is not extracted
945 * b) and it is not a directory (they are never "extracted")
946 * c) and it is not a symlink (they are never "extracted")
947 * d) or the file name is empty
948 */
949 if ((!rctx.extract &&
950 jcr->last_type != FT_DIREND &&
951 jcr->last_type != FT_LNK) ||
952 (*jcr->last_fname == 0)) {
953 break;
954 }
955 if (have_xattr) {
956 /*
957 * For anything that is not a directory we delay
958 * the restore of xattr till a later stage.
959 */
960 if (jcr->last_type != FT_DIREND) {
961 push_delayed_restore_stream(rctx, bmsg->rbuf, bmsg->rbuflen);
962 } else {
963 if (!do_restore_xattr(jcr, rctx.stream, bmsg->rbuf, bmsg->rbuflen)) {
964 goto get_out;
965 }
966 }
967 } else {
968 non_suppored_xattr++;
969 }
970 break;
971
972 case STREAM_XACL_SOLARIS_XATTR:
973 /*
974 * Do not restore Extended Attributes when
975 * a) The current file is not extracted
976 * b) and it is not a directory (they are never "extracted")
977 * c) or the file name is empty
978 */
979 if ((!rctx.extract &&
980 jcr->last_type != FT_DIREND) ||
981 (*jcr->last_fname == 0)) {
982 break;
983 }
984 if (have_xattr) {
985 if (!do_restore_xattr(jcr, rctx.stream, bmsg->rbuf, bmsg->rbuflen)) {
986 goto get_out;
987 }
988 } else {
989 non_suppored_xattr++;
990 }
991 break;
992
993 case STREAM_SIGNED_DIGEST:
994 /* Is this an unexpected signature? */
995 if (rctx.sig) {
996 Jmsg0(jcr, M_ERROR, 0, _("Unexpected cryptographic signature data stream.\n"));
997 free_signature(rctx);
998 continue;
999 }
1000 /* Save signature. */
1001 if (rctx.extract && (rctx.sig = crypto_sign_decode(jcr, (uint8_t *)bmsg->rbuf, (uint32_t)bmsg->rbuflen)) == NULL) {
1002 Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
1003 }
1004 break;
1005
1006 case STREAM_MD5_DIGEST:
1007 case STREAM_SHA1_DIGEST:
1008 case STREAM_SHA256_DIGEST:
1009 case STREAM_SHA512_DIGEST:
1010 break;
1011
1012 case STREAM_PROGRAM_NAMES:
1013 case STREAM_PROGRAM_DATA:
1014 if (!non_suppored_progname) {
1015 Pmsg0(000, "Got Program Name or Data Stream. Ignored.\n");
1016 non_suppored_progname++;
1017 }
1018 break;
1019
1020 case STREAM_PLUGIN_NAME:
1021 if (!close_previous_stream(rctx)) {
1022 goto get_out;
1023 }
1024 Dmsg1(150, "restore stream_plugin_name=%s\n", bmsg->rbuf);
1025 plugin_name_stream(jcr, bmsg->rbuf);
1026 break;
1027
1028 case STREAM_RESTORE_OBJECT:
1029 break; /* these are sent by Director */
1030
1031 default:
1032 if (!close_previous_stream(rctx)) {
1033 goto get_out;
1034 }
1035 Jmsg(jcr, M_WARNING, 0, _("Unknown stream=%d ignored. This shouldn't happen!\n"),
1036 rctx.stream);
1037 Dmsg2(0, "Unknown stream=%d data=%s\n", rctx.stream, bmsg->rbuf);
1038 break;
1039 } /* end switch(stream) */
1040
1041 /* Debug code: check if we must hangup or blowup */
1042 if (handle_hangup_blowup(jcr, jcr->JobFiles, jcr->JobBytes)) {
1043 sd->close();
1044 goto get_out;
1045 }
1046
1047 Dsm_check(200);
1048 } /* end while bufmsg->bget_msg(&bmsg)) */
1049
1050 if (bget_ret == BNET_EXT_TERMINATE) {
1051 goto get_out;
1052 }
1053 /*
1054 * If output file is still open, it was the last one in the
1055 * archive since we just hit an end of file, so close the file.
1056 */
1057 if (is_bopen(&rctx.forkbfd)) {
1058 bclose_chksize(rctx, &rctx.forkbfd, rctx.fork_size);
1059 }
1060
1061 if (!close_previous_stream(rctx)) {
1062 goto get_out;
1063 }
1064 jcr->setJobStatus(JS_Terminated);
1065 goto ok_out;
1066
1067 get_out:
1068 jcr->setJobStatus(JS_ErrorTerminated);
1069
1070 ok_out:
1071 Dsm_check(200);
1072 Dmsg0(DT_DEDUP|215, "wait BufferedMsg\n");
1073 fdmsg->wait_read_sock(jcr->is_job_canceled());
1074 delete bmsg;
1075 free_GetMsg(fdmsg);
1076 Dsm_check(200);
1077 /*
1078 * First output the statistics.
1079 */
1080 Dmsg2(10, "End Do Restore. Files=%d Bytes=%s\n", jcr->JobFiles,
1081 edit_uint64(jcr->JobBytes, ec1));
1082
1083 #ifdef HAVE_ACL
1084 if (jcr->bacl && jcr->bacl->get_acl_nr_errors() > 0) {
1085 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld acl errors while doing restore\n"), jcr->bacl->get_acl_nr_errors());
1086 }
1087 #endif
1088 #ifdef HAVE_XATTR
1089 if (jcr->bxattr && jcr->bxattr->get_xattr_nr_errors() > 0) {
1090 Jmsg(jcr, M_WARNING, 0, _("Encountered %ld xattr errors while doing restore\n"), jcr->bxattr->get_xattr_nr_errors());
1091 }
1092 #endif
1093
1094 if (non_suppored_data > 1 || non_suppored_attr > 1) {
1095 Jmsg(jcr, M_WARNING, 0, _("%d non-supported data streams and %d non-supported attrib streams ignored.\n"),
1096 non_suppored_data, non_suppored_attr);
1097 }
1098 if (non_suppored_rsrc) {
1099 Jmsg(jcr, M_INFO, 0, _("%d non-supported resource fork streams ignored.\n"), non_suppored_rsrc);
1100 }
1101 if (non_suppored_finfo) {
1102 Jmsg(jcr, M_INFO, 0, _("%d non-supported Finder Info streams ignored.\n"), non_suppored_finfo);
1103 }
1104 if (non_suppored_acl) {
1105 Jmsg(jcr, M_INFO, 0, _("%d non-supported acl streams ignored.\n"), non_suppored_acl);
1106 }
1107 if (non_suppored_crypto) {
1108 Jmsg(jcr, M_INFO, 0, _("%d non-supported crypto streams ignored.\n"), non_suppored_acl);
1109 }
1110 if (non_suppored_xattr) {
1111 Jmsg(jcr, M_INFO, 0, _("%d non-supported xattr streams ignored.\n"), non_suppored_xattr);
1112 }
1113
1114 /* Free Signature & Crypto Data */
1115 free_signature(rctx);
1116 free_session(rctx);
1117 if (jcr->crypto.digest) {
1118 crypto_digest_free(jcr->crypto.digest);
1119 jcr->crypto.digest = NULL;
1120 }
1121
1122 /* Free file cipher restore context */
1123 if (rctx.cipher_ctx.cipher) {
1124 crypto_cipher_free(rctx.cipher_ctx.cipher);
1125 rctx.cipher_ctx.cipher = NULL;
1126 }
1127
1128 if (rctx.cipher_ctx.buf) {
1129 free_pool_memory(rctx.cipher_ctx.buf);
1130 rctx.cipher_ctx.buf = NULL;
1131 }
1132
1133 /* Free alternate stream cipher restore context */
1134 if (rctx.fork_cipher_ctx.cipher) {
1135 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1136 rctx.fork_cipher_ctx.cipher = NULL;
1137 }
1138 if (rctx.fork_cipher_ctx.buf) {
1139 free_pool_memory(rctx.fork_cipher_ctx.buf);
1140 rctx.fork_cipher_ctx.buf = NULL;
1141 }
1142
1143 if (jcr->compress_buf) {
1144 free_pool_memory(jcr->compress_buf);
1145 jcr->compress_buf = NULL;
1146 jcr->compress_buf_size = 0;
1147 }
1148
1149 #ifdef HAVE_ACL
1150 if (jcr->bacl) {
1151 delete(jcr->bacl);
1152 jcr->bacl = NULL;
1153 }
1154 #endif
1155 #ifdef HAVE_XATTR
1156 if (jcr->bxattr) {
1157 delete(jcr->bxattr);
1158 jcr->bxattr = NULL;
1159 }
1160 #endif
1161
1162 /* Free the delayed stream stack list. */
1163 if (rctx.delayed_streams) {
1164 drop_delayed_restore_streams(rctx, false);
1165 delete rctx.delayed_streams;
1166 }
1167
1168 if (rctx.efs) {
1169 rctx.efs->stop();
1170 rctx.efs->destroy();
1171 free(rctx.efs);
1172 rctx.efs = NULL;
1173 }
1174 Dsm_check(200);
1175 bclose(&rctx.forkbfd);
1176 bclose(&rctx.bfd);
1177 free_attr(rctx.attr);
1178 }
1179
1180 #ifdef HAVE_LIBZ
1181 /*
1182 * Convert ZLIB error code into an ASCII message
1183 */
zlib_strerror(int stat)1184 static const char *zlib_strerror(int stat)
1185 {
1186 if (stat >= 0) {
1187 return _("None");
1188 }
1189 switch (stat) {
1190 case Z_ERRNO:
1191 return _("Zlib errno");
1192 case Z_STREAM_ERROR:
1193 return _("Zlib stream error");
1194 case Z_DATA_ERROR:
1195 return _("Zlib data error");
1196 case Z_MEM_ERROR:
1197 return _("Zlib memory error");
1198 case Z_BUF_ERROR:
1199 return _("Zlib buffer error");
1200 case Z_VERSION_ERROR:
1201 return _("Zlib version error");
1202 default:
1203 return _("*none*");
1204 }
1205 }
1206 #endif
1207
do_file_digest(JCR * jcr,FF_PKT * ff_pkt,bool top_level)1208 static int do_file_digest(JCR *jcr, FF_PKT *ff_pkt, bool top_level)
1209 {
1210 Dmsg1(50, "do_file_digest jcr=%p\n", jcr);
1211 return (digest_file(jcr, ff_pkt, jcr->crypto.digest));
1212 }
1213
sparse_data(JCR * jcr,BFILE * bfd,uint64_t * addr,char ** data,uint32_t * length,int flags)1214 bool sparse_data(JCR *jcr, BFILE *bfd, uint64_t *addr, char **data, uint32_t *length, int flags)
1215 {
1216 unser_declare;
1217 uint64_t faddr;
1218 char ec1[50];
1219 unser_begin(*data, OFFSET_FADDR_SIZE);
1220 unser_uint64(faddr);
1221 if (*addr != faddr) {
1222 *addr = faddr;
1223 if (blseek(bfd, (boffset_t)*addr, SEEK_SET) < 0) {
1224 berrno be;
1225 Jmsg3(jcr, M_ERROR, 0, _("Seek to %s error on %s: ERR=%s\n"),
1226 edit_uint64(*addr, ec1), jcr->last_fname,
1227 be.bstrerror(bfd->berrno));
1228 return false;
1229 }
1230 }
1231 *data += OFFSET_FADDR_SIZE;
1232 *length -= OFFSET_FADDR_SIZE;
1233 return true;
1234 }
1235
decompress_data(JCR * jcr,int32_t stream,char ** data,uint32_t * length)1236 bool decompress_data(JCR *jcr, int32_t stream, char **data, uint32_t *length)
1237 {
1238 #if defined(HAVE_LZO) || defined(HAVE_LIBZ)
1239 char ec1[50]; /* Buffer printing huge values */
1240 #endif
1241
1242 Dmsg1(200, "Stream found in decompress_data(): %d\n", stream);
1243 if(stream == STREAM_COMPRESSED_DATA || stream == STREAM_SPARSE_COMPRESSED_DATA || stream == STREAM_WIN32_COMPRESSED_DATA
1244 || stream == STREAM_ENCRYPTED_FILE_COMPRESSED_DATA || stream == STREAM_ENCRYPTED_WIN32_COMPRESSED_DATA)
1245 {
1246 uint32_t comp_magic, comp_len;
1247 uint16_t comp_level, comp_version;
1248 #ifdef HAVE_LZO
1249 lzo_uint compress_len;
1250 const unsigned char *cbuf;
1251 int r, real_compress_len;
1252 #endif
1253
1254 /* read compress header */
1255 unser_declare;
1256 unser_begin(*data, sizeof(comp_stream_header));
1257 unser_uint32(comp_magic);
1258 unser_uint32(comp_len);
1259 unser_uint16(comp_level);
1260 unser_uint16(comp_version);
1261 Dmsg4(200, "Compressed data stream found: magic=0x%x, len=%d, level=%d, ver=0x%x\n", comp_magic, comp_len,
1262 comp_level, comp_version);
1263
1264 /* version check */
1265 if (comp_version != COMP_HEAD_VERSION) {
1266 Qmsg(jcr, M_ERROR, 0, _("Compressed header version error. Got=0x%x want=0x%x\n"), comp_version, COMP_HEAD_VERSION);
1267 return false;
1268 }
1269 /* size check */
1270 if (comp_len + sizeof(comp_stream_header) != *length) {
1271 Qmsg(jcr, M_ERROR, 0, _("Compressed header size error. comp_len=%d, msglen=%d\n"),
1272 comp_len, *length);
1273 return false;
1274 }
1275 switch(comp_magic) {
1276 #ifdef HAVE_LZO
1277 case COMPRESS_LZO1X:
1278 compress_len = jcr->compress_buf_size;
1279 cbuf = (const unsigned char*)*data + sizeof(comp_stream_header);
1280 real_compress_len = *length - sizeof(comp_stream_header);
1281 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1282 while ((r=lzo1x_decompress_safe(cbuf, real_compress_len,
1283 (unsigned char *)jcr->compress_buf, &compress_len, NULL)) == LZO_E_OUTPUT_OVERRUN)
1284 {
1285 /*
1286 * The buffer size is too small, try with a bigger one
1287 */
1288 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1289 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1290 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1291 compress_len);
1292 }
1293 if (r != LZO_E_OK) {
1294 Qmsg(jcr, M_ERROR, 0, _("LZO uncompression error on file %s. ERR=%d\n"),
1295 jcr->last_fname, r);
1296 return false;
1297 }
1298 *data = jcr->compress_buf;
1299 *length = compress_len;
1300 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1301 return true;
1302 #endif
1303 default:
1304 Qmsg(jcr, M_ERROR, 0, _("Compression algorithm 0x%x found, but not supported!\n"), comp_magic);
1305 return false;
1306 }
1307 } else {
1308 #ifdef HAVE_LIBZ
1309 uLong compress_len;
1310 int stat;
1311
1312 /*
1313 * NOTE! We only use uLong and Byte because they are
1314 * needed by the zlib routines, they should not otherwise
1315 * be used in Bacula.
1316 */
1317 compress_len = jcr->compress_buf_size;
1318 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1319 while ((stat=uncompress((Byte *)jcr->compress_buf, &compress_len,
1320 (const Byte *)*data, (uLong)*length)) == Z_BUF_ERROR)
1321 {
1322 /* The buffer size is too small, try with a bigger one. */
1323 compress_len = jcr->compress_buf_size = jcr->compress_buf_size + (jcr->compress_buf_size >> 1);
1324 Dmsg2(200, "Comp_len=%d msglen=%d\n", compress_len, *length);
1325 jcr->compress_buf = check_pool_memory_size(jcr->compress_buf,
1326 compress_len);
1327 }
1328 if (stat != Z_OK) {
1329 Qmsg(jcr, M_ERROR, 0, _("Uncompression error on file %s. ERR=%s\n"),
1330 jcr->last_fname, zlib_strerror(stat));
1331 return false;
1332 }
1333 *data = jcr->compress_buf;
1334 *length = compress_len;
1335 Dmsg2(200, "Write uncompressed %d bytes, total before write=%s\n", compress_len, edit_uint64(jcr->JobBytes, ec1));
1336 return true;
1337 #else
1338 Qmsg(jcr, M_ERROR, 0, _("GZIP data stream found, but GZIP not configured!\n"));
1339 return false;
1340 #endif
1341 }
1342 }
1343
unser_crypto_packet_len(RESTORE_CIPHER_CTX * ctx)1344 static void unser_crypto_packet_len(RESTORE_CIPHER_CTX *ctx)
1345 {
1346 unser_declare;
1347 if (ctx->packet_len == 0 && ctx->buf_len >= CRYPTO_LEN_SIZE) {
1348 unser_begin(&ctx->buf[0], CRYPTO_LEN_SIZE);
1349 unser_uint32(ctx->packet_len);
1350 ctx->packet_len += CRYPTO_LEN_SIZE;
1351 }
1352 }
1353
store_data(r_ctx & rctx,char * data,const int32_t length,bool win32_decomp)1354 static bool store_data(r_ctx &rctx, char *data, const int32_t length, bool win32_decomp)
1355 {
1356 JCR *jcr = rctx.jcr;
1357 BFILE *bfd = &rctx.bfd;
1358 ssize_t wstat;
1359
1360 if (jcr->crypto.digest) {
1361 crypto_digest_update(jcr->crypto.digest, (uint8_t *)data, length);
1362 }
1363 #ifdef TEST_WORKER
1364 if (!test_write_efs_data(rctx, data, length)) {
1365 berrno be;
1366 Jmsg2(jcr, M_ERROR, 0, _("Write error on %s: ERR=%s\n"),
1367 jcr->last_fname, be.bstrerror(bfd->berrno));
1368 return false;
1369 }
1370 return true;
1371 #endif
1372
1373 #ifdef HAVE_WIN32
1374 if (bfd->fattrs & FILE_ATTRIBUTE_ENCRYPTED) {
1375 if (!p_WriteEncryptedFileRaw) {
1376 Jmsg0(jcr, M_FATAL, 0, _("Windows Encrypted data not supported on this OS.\n"));
1377 return false;
1378 }
1379 if (!win_write_efs_data(rctx, data, length)) {
1380 berrno be;
1381 Jmsg2(jcr, M_ERROR, 0, _("Encrypted file write error on %s: ERR=%s\n"),
1382 jcr->last_fname, be.bstrerror(bfd->berrno));
1383 return false;
1384 }
1385 return true;
1386 }
1387 #endif
1388 if (win32_decomp) {
1389 if (!processWin32BackupAPIBlock(bfd, data, length)) {
1390 berrno be;
1391 Jmsg2(jcr, M_ERROR, 0, _("Write error in Win32 Block Decomposition on %s: %s\n"),
1392 jcr->last_fname, be.bstrerror(bfd->berrno));
1393 return false;
1394 }
1395 } else if ((wstat=bwrite(bfd, data, length)) != (ssize_t)length) {
1396 berrno be;
1397 int type = M_ERROR;
1398 int len = strlen(jcr->last_fname);
1399 /*
1400 * If this is the first write and the "file" is a directory
1401 * or a drive letter, then only issue a warning as we are
1402 * not able to reset the metadata, then continue.
1403 * If the above is true and we have an error code 91
1404 * (directory not empty), supress the error entirely.
1405 */
1406 if (bfd->block == 0 && len >= 2 && (jcr->last_fname[len-1] == '/' ||
1407 jcr->last_fname[len-1] == ':')) {
1408 type = M_WARNING;
1409 if (bfd->lerror == 91) { /* Directory not empty */
1410 type = 0; /* suppress error */
1411 }
1412 }
1413 if (type != 0) {
1414 if (wstat >= 0) {
1415 /* Insufficient bytes written */
1416 Jmsg4(jcr, type, 0, _("Wrong write size error at byte=%lld block=%d wanted=%d wrote=%d\n"),
1417 bfd->total_bytes, bfd->block, length, wstat);
1418 } else {
1419 /* Error */
1420 Jmsg6(jcr, type, 0, _("Write error at byte=%lld block=%d write_len=%d lerror=%d on %s: ERR=%s\n"),
1421 bfd->total_bytes, bfd->block, length, bfd->lerror,
1422 jcr->last_fname, be.bstrerror(bfd->berrno));
1423 }
1424 }
1425
1426 /* Ignore errors? */
1427 if (type == M_WARNING || type == 0 || no_win32_write_errors) {
1428 return true;
1429 }
1430 return false;
1431 }
1432 return true;
1433 }
1434
1435 /*
1436 * In the context of jcr, write data to bfd.
1437 * We write buflen bytes in buf at addr. addr is updated in place.
1438 * The flags specify whether to use sparse files or compression.
1439 * Return value is the number of bytes written, or -1 on errors.
1440 */
extract_data(r_ctx & rctx,POOLMEM * buf,int32_t buflen)1441 int32_t extract_data(r_ctx &rctx, POOLMEM *buf, int32_t buflen)
1442 {
1443 JCR *jcr = rctx.jcr;
1444 BFILE *bfd = &rctx.bfd;
1445 int flags = rctx.flags;
1446 int32_t stream = rctx.stream;
1447 RESTORE_CIPHER_CTX *cipher_ctx = &rctx.cipher_ctx;
1448 char *wbuf; /* write buffer */
1449 uint32_t wsize; /* write size */
1450 uint32_t rsize; /* read size */
1451 uint32_t decrypted_len = 0; /* Decryption output length */
1452 char ec1[50]; /* Buffer printing huge values */
1453
1454 rsize = buflen;
1455 jcr->ReadBytes += rsize;
1456 wsize = rsize;
1457 wbuf = buf;
1458
1459 if (flags & FO_ENCRYPT) {
1460 ASSERT(cipher_ctx->cipher);
1461
1462 /*
1463 * Grow the crypto buffer, if necessary.
1464 * crypto_cipher_update() will process only whole blocks,
1465 * buffering the remaining input.
1466 */
1467 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1468 cipher_ctx->buf_len + wsize + cipher_ctx->block_size);
1469
1470 /* Decrypt the input block */
1471 if (!crypto_cipher_update(cipher_ctx->cipher,
1472 (const u_int8_t *)wbuf,
1473 wsize,
1474 (u_int8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1475 &decrypted_len)) {
1476 /* Decryption failed. Shouldn't happen. */
1477 Jmsg(jcr, M_FATAL, 0, _("Decryption error\n"));
1478 goto get_out;
1479 }
1480
1481 if (decrypted_len == 0) {
1482 /* No full block of encrypted data available, write more data */
1483 return 0;
1484 }
1485
1486 Dmsg2(200, "decrypted len=%d encrypted len=%d\n", decrypted_len, wsize);
1487
1488 cipher_ctx->buf_len += decrypted_len;
1489 wbuf = cipher_ctx->buf;
1490
1491 /* If one full preserved block is available, write it to disk,
1492 * and then buffer any remaining data. This should be effecient
1493 * as long as Bacula's block size is not significantly smaller than the
1494 * encryption block size (extremely unlikely!)
1495 */
1496 unser_crypto_packet_len(cipher_ctx);
1497 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1498
1499 if (cipher_ctx->packet_len == 0 || cipher_ctx->buf_len < cipher_ctx->packet_len) {
1500 /* No full preserved block is available. */
1501 return 0;
1502 }
1503
1504 /* We have one full block, set up the filter input buffers */
1505 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1506 wbuf = &wbuf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1507 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1508 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1509 }
1510
1511 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1512 if (!sparse_data(jcr, bfd, &rctx.fileAddr, &wbuf, &wsize, flags)) {
1513 goto get_out;
1514 }
1515 }
1516
1517 if (flags & FO_COMPRESS) {
1518 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1519 goto get_out;
1520 }
1521 }
1522
1523 if (!store_data(rctx, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1524 goto get_out;
1525 }
1526 jcr->JobBytes += wsize;
1527 rctx.fileAddr += wsize;
1528 Dmsg2(130, "Write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1529
1530 /* Clean up crypto buffers */
1531 if (flags & FO_ENCRYPT) {
1532 /* Move any remaining data to start of buffer */
1533 if (cipher_ctx->buf_len > 0) {
1534 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1535 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1536 cipher_ctx->buf_len);
1537 }
1538 /* The packet was successfully written, reset the length so that
1539 * the next packet length may be re-read by unser_crypto_packet_len() */
1540 cipher_ctx->packet_len = 0;
1541 }
1542 return wsize;
1543
1544 get_out:
1545 return -1;
1546 }
1547
1548 /*
1549 * If extracting, close any previous stream
1550 */
close_previous_stream(r_ctx & rctx)1551 static bool close_previous_stream(r_ctx &rctx)
1552 {
1553 bool rtn = true;
1554
1555 /*
1556 * If extracting, it was from previous stream, so
1557 * close the output file and validate the signature.
1558 */
1559 if (rctx.extract) {
1560 if (rctx.size > 0 && !is_bopen(&rctx.bfd)) {
1561 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should be open\n"));
1562 Pmsg2(000, "=== logic error size=%d bopen=%d\n", rctx.size,
1563 is_bopen(&rctx.bfd));
1564 }
1565
1566 if (rctx.prev_stream != STREAM_ENCRYPTED_SESSION_DATA) {
1567 deallocate_cipher(rctx);
1568 deallocate_fork_cipher(rctx);
1569 }
1570
1571 if (rctx.efs) {
1572 rctx.efs->finish_work();
1573 bclose(&rctx.bfd);
1574 rctx.count = 0;
1575 }
1576
1577 if (rctx.jcr->plugin) {
1578 plugin_set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1579 } else {
1580 set_attributes(rctx.jcr, rctx.attr, &rctx.bfd);
1581 }
1582 rctx.extract = false;
1583
1584 /* Now perform the delayed restore of some specific data streams. */
1585 rtn = pop_delayed_data_streams(rctx);
1586
1587 /* Verify the cryptographic signature, if any */
1588 rctx.type = rctx.attr->type;
1589 verify_signature(rctx);
1590
1591 /* Free Signature */
1592 free_signature(rctx);
1593 free_session(rctx);
1594 rctx.jcr->ff->flags = 0;
1595 Dmsg0(130, "Stop extracting.\n");
1596 } else if (is_bopen(&rctx.bfd)) {
1597 Jmsg0(rctx.jcr, M_ERROR, 0, _("Logic error: output file should not be open\n"));
1598 Pmsg0(000, "=== logic error !open\n");
1599 bclose(&rctx.bfd);
1600 } else {
1601 rtn = pop_delayed_data_streams(rctx);
1602 }
1603
1604 return rtn;
1605 }
1606
1607 /*
1608 * In the context of jcr, flush any remaining data from the cipher context,
1609 * writing it to bfd.
1610 * Return value is true on success, false on failure.
1611 */
flush_cipher(r_ctx & rctx,BFILE * bfd,uint64_t * addr,int flags,int32_t stream,RESTORE_CIPHER_CTX * cipher_ctx)1612 bool flush_cipher(r_ctx &rctx, BFILE *bfd, uint64_t *addr, int flags, int32_t stream,
1613 RESTORE_CIPHER_CTX *cipher_ctx)
1614 {
1615 JCR *jcr = rctx.jcr;
1616 uint32_t decrypted_len = 0;
1617 char *wbuf; /* write buffer */
1618 uint32_t wsize; /* write size */
1619 char ec1[50]; /* Buffer printing huge values */
1620 bool second_pass = false;
1621
1622 again:
1623 /* Write out the remaining block and free the cipher context */
1624 cipher_ctx->buf = check_pool_memory_size(cipher_ctx->buf,
1625 cipher_ctx->buf_len + cipher_ctx->block_size);
1626
1627 if (!crypto_cipher_finalize(cipher_ctx->cipher, (uint8_t *)&cipher_ctx->buf[cipher_ctx->buf_len],
1628 &decrypted_len)) {
1629 /* Writing out the final, buffered block failed. Shouldn't happen. */
1630 Jmsg3(jcr, M_ERROR, 0, _("Decryption error. buf_len=%d decrypt_len=%d on file %s\n"),
1631 cipher_ctx->buf_len, decrypted_len, jcr->last_fname);
1632 }
1633
1634 Dmsg2(130, "Flush decrypt len=%d buf_len=%d\n", decrypted_len, cipher_ctx->buf_len);
1635 /* If nothing new was decrypted, and our output buffer is empty, return */
1636 if (decrypted_len == 0 && cipher_ctx->buf_len == 0) {
1637 return true;
1638 }
1639
1640 cipher_ctx->buf_len += decrypted_len;
1641
1642 unser_crypto_packet_len(cipher_ctx);
1643 Dmsg1(500, "Crypto unser block size=%d\n", cipher_ctx->packet_len - CRYPTO_LEN_SIZE);
1644 wsize = cipher_ctx->packet_len - CRYPTO_LEN_SIZE;
1645 /* Decrypted, possibly decompressed output here. */
1646 wbuf = &cipher_ctx->buf[CRYPTO_LEN_SIZE]; /* Skip the block length header */
1647 cipher_ctx->buf_len -= cipher_ctx->packet_len;
1648 Dmsg2(130, "Encryption writing full block, %u bytes, remaining %u bytes in buffer\n", wsize, cipher_ctx->buf_len);
1649
1650 if ((flags & FO_SPARSE) || (flags & FO_OFFSETS)) {
1651 if (!sparse_data(jcr, bfd, addr, &wbuf, &wsize, flags)) {
1652 return false;
1653 }
1654 }
1655
1656 if (flags & FO_COMPRESS) {
1657 if (!decompress_data(jcr, stream, &wbuf, &wsize)) {
1658 return false;
1659 }
1660 }
1661
1662 Dmsg0(130, "Call store_data\n");
1663 if (!store_data(rctx, wbuf, wsize, (flags & FO_WIN32DECOMP) != 0)) {
1664 return false;
1665 }
1666 jcr->JobBytes += wsize;
1667 Dmsg2(130, "Flush write %u bytes, JobBytes=%s\n", wsize, edit_uint64(jcr->JobBytes, ec1));
1668
1669 /* Move any remaining data to start of buffer. */
1670 if (cipher_ctx->buf_len > 0) {
1671 Dmsg1(130, "Moving %u buffered bytes to start of buffer\n", cipher_ctx->buf_len);
1672 memmove(cipher_ctx->buf, &cipher_ctx->buf[cipher_ctx->packet_len],
1673 cipher_ctx->buf_len);
1674 }
1675 /* The packet was successfully written, reset the length so that the next
1676 * packet length may be re-read by unser_crypto_packet_len() */
1677 cipher_ctx->packet_len = 0;
1678
1679 if (cipher_ctx->buf_len >0 && !second_pass) {
1680 second_pass = true;
1681 goto again;
1682 }
1683
1684 /* Stop decryption */
1685 cipher_ctx->buf_len = 0;
1686 cipher_ctx->packet_len = 0;
1687
1688 return true;
1689 }
1690
deallocate_cipher(r_ctx & rctx)1691 static void deallocate_cipher(r_ctx &rctx)
1692 {
1693 /* Flush and deallocate previous stream's cipher context */
1694 if (rctx.cipher_ctx.cipher) {
1695 flush_cipher(rctx, &rctx.bfd, &rctx.fileAddr, rctx.flags, rctx.comp_stream, &rctx.cipher_ctx);
1696 crypto_cipher_free(rctx.cipher_ctx.cipher);
1697 rctx.cipher_ctx.cipher = NULL;
1698 }
1699 }
1700
deallocate_fork_cipher(r_ctx & rctx)1701 static void deallocate_fork_cipher(r_ctx &rctx)
1702 {
1703
1704 /* Flush and deallocate previous stream's fork cipher context */
1705 if (rctx.fork_cipher_ctx.cipher) {
1706 flush_cipher(rctx, &rctx.forkbfd, &rctx.fork_addr, rctx.fork_flags, rctx.comp_stream, &rctx.fork_cipher_ctx);
1707 crypto_cipher_free(rctx.fork_cipher_ctx.cipher);
1708 rctx.fork_cipher_ctx.cipher = NULL;
1709 }
1710 }
1711
free_signature(r_ctx & rctx)1712 static void free_signature(r_ctx &rctx)
1713 {
1714 if (rctx.sig) {
1715 crypto_sign_free(rctx.sig);
1716 rctx.sig = NULL;
1717 }
1718 }
1719
free_session(r_ctx & rctx)1720 static void free_session(r_ctx &rctx)
1721 {
1722 if (rctx.cs) {
1723 crypto_session_free(rctx.cs);
1724 rctx.cs = NULL;
1725 }
1726 }
1727
1728 /*
1729 * Verify the signature for the last restored file
1730 * Return value is either true (signature correct)
1731 * or false (signature could not be verified).
1732 * TODO landonf: Implement without using find_one_file and
1733 * without re-reading the file.
1734 */
verify_signature(r_ctx & rctx)1735 static bool verify_signature(r_ctx &rctx)
1736 {
1737 JCR *jcr = rctx.jcr;
1738 X509_KEYPAIR *keypair;
1739 DIGEST *digest = NULL;
1740 crypto_error_t err;
1741 uint64_t saved_bytes;
1742 crypto_digest_t signing_algorithm = have_sha2 ?
1743 CRYPTO_DIGEST_SHA256 : CRYPTO_DIGEST_SHA1;
1744 crypto_digest_t algorithm;
1745 SIGNATURE *sig = rctx.sig;
1746
1747
1748 if (!jcr->crypto.pki_sign) {
1749 /* no signature OK */
1750 return true;
1751 }
1752 if (!sig) {
1753 if (rctx.type == FT_REGE || rctx.type == FT_REG || rctx.type == FT_RAW) {
1754 Jmsg1(jcr, M_ERROR, 0, _("Missing cryptographic signature for %s\n"),
1755 jcr->last_fname);
1756 goto get_out;
1757 }
1758 return true;
1759 }
1760
1761 /* Iterate through the trusted signers */
1762 foreach_alist(keypair, jcr->crypto.pki_signers) {
1763 err = crypto_sign_get_digest(sig, jcr->crypto.pki_keypair, algorithm, &digest);
1764 switch (err) {
1765 case CRYPTO_ERROR_NONE:
1766 Dmsg0(50, "== Got digest\n");
1767 /*
1768 * We computed jcr->crypto.digest using signing_algorithm while writing
1769 * the file. If it is not the same as the algorithm used for
1770 * this file, punt by releasing the computed algorithm and
1771 * computing by re-reading the file.
1772 */
1773 if (algorithm != signing_algorithm) {
1774 if (jcr->crypto.digest) {
1775 crypto_digest_free(jcr->crypto.digest);
1776 jcr->crypto.digest = NULL;
1777 }
1778 }
1779 if (jcr->crypto.digest) {
1780 /* Use digest computed while writing the file to verify
1781 * the signature */
1782 if ((err = crypto_sign_verify(sig, keypair, jcr->crypto.digest)) != CRYPTO_ERROR_NONE) {
1783 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1784 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1785 jcr->last_fname, crypto_strerror(err));
1786 goto get_out;
1787 }
1788 } else {
1789 /* Signature found, digest allocated. Old method,
1790 * re-read the file and compute the digest */
1791 jcr->crypto.digest = digest;
1792
1793 /* Checksum the entire file
1794 * Make sure we don't modify JobBytes by saving and
1795 * restoring it */
1796 saved_bytes = jcr->JobBytes;
1797 if (find_one_file(jcr, jcr->ff, do_file_digest, jcr->last_fname, jcr->last_fname, (dev_t)-1, 1) != 0) {
1798 Jmsg(jcr, M_ERROR, 0, _("Digest one file failed for file: %s\n"),
1799 jcr->last_fname);
1800 jcr->JobBytes = saved_bytes;
1801 jcr->crypto.digest = NULL;
1802 goto get_out;
1803 }
1804 jcr->JobBytes = saved_bytes;
1805
1806 /* Verify the signature */
1807 if ((err = crypto_sign_verify(sig, keypair, digest)) != CRYPTO_ERROR_NONE) {
1808 Dmsg1(50, "Bad signature on %s\n", jcr->last_fname);
1809 Jmsg2(jcr, M_ERROR, 0, _("Signature validation failed for file %s: ERR=%s\n"),
1810 jcr->last_fname, crypto_strerror(err));
1811 jcr->crypto.digest = NULL;
1812 goto get_out;
1813 }
1814 jcr->crypto.digest = NULL;
1815 }
1816
1817 /* Valid signature */
1818 Dmsg1(50, "Signature good on %s\n", jcr->last_fname);
1819 crypto_digest_free(digest);
1820 return true;
1821
1822 case CRYPTO_ERROR_NOSIGNER:
1823 /* Signature not found, try again */
1824 if (digest) {
1825 crypto_digest_free(digest);
1826 digest = NULL;
1827 }
1828 continue;
1829 default:
1830 /* Something strange happened (that shouldn't happen!)... */
1831 Qmsg2(jcr, M_ERROR, 0, _("Signature validation failed for %s: %s\n"), jcr->last_fname, crypto_strerror(err));
1832 goto get_out;
1833 }
1834 }
1835
1836 /* No signer */
1837 Dmsg1(50, "Could not find a valid public key for signature on %s\n", jcr->last_fname);
1838
1839 get_out:
1840 if (digest) {
1841 crypto_digest_free(digest);
1842 }
1843 return false;
1844 }
1845