bool bnet_tls_server(TLS_CONTEXT *ctx, BSOCK * bsock, alist *verify_list)
{
TLS_CONNECTION *tls;
JCR *jcr = bsock->jcr();
tls = new_tls_connection(ctx, bsock->m_fd);
if (!tls) {
Qmsg0(bsock->jcr(), M_FATAL, 0, _("TLS connection initialization failed.\n"));
return false;
}
bsock->tls = tls;
/* Initiate TLS Negotiation */
if (!tls_bsock_accept(bsock)) {
Qmsg0(bsock->jcr(), M_FATAL, 0, _("TLS Negotiation failed.\n"));
goto err;
}
if (verify_list) {
if (!tls_postconnect_verify_cn(jcr, tls, verify_list)) {
Qmsg1(bsock->jcr(), M_FATAL, 0, _("TLS certificate verification failed."
" Peer certificate did not match a required commonName\n"),
bsock->host());
goto err;
}
}
Dmsg0(50, "TLS server negotiation established.\n");
return true;
err:
free_tls_connection(tls);
bsock->tls = NULL;
return false;
}
/*
* Establish a TLS connection -- client side
* Returns: true on success
* false on failure
*/
bool bnet_tls_client(TLS_CONTEXT *ctx, BSOCK *bsock, alist *verify_list)
{
TLS_CONNECTION *tls;
JCR *jcr = bsock->jcr();
tls = new_tls_connection(ctx, bsock->m_fd);
if (!tls) {
Qmsg0(bsock->jcr(), M_FATAL, 0, _("TLS connection initialization failed.\n"));
return false;
}
bsock->tls = tls;
/* Initiate TLS Negotiation */
if (!tls_bsock_connect(bsock)) {
goto err;
}
/* If there's an Allowed CN verify list, use that to validate the remote
* certificate's CN. Otherwise, we use standard host/CN matching. */
if (verify_list) {
if (!tls_postconnect_verify_cn(jcr, tls, verify_list)) {
Qmsg1(bsock->jcr(), M_FATAL, 0, _("TLS certificate verification failed."
" Peer certificate did not match a required commonName\n"),
bsock->host());
goto err;
}
} else if (!tls_postconnect_verify_host(jcr, tls, bsock->host())) {
/* If host is 127.0.0.1, try localhost */
if (strcmp(bsock->host(), "127.0.0.1") != 0 ||
!tls_postconnect_verify_host(jcr, tls, "localhost")) {
Qmsg1(bsock->jcr(), M_FATAL, 0, _("TLS host certificate verification failed. Host name \"%s\" did not match presented certificate\n"),
bsock->host());
goto err;
}
}
Dmsg0(50, "TLS client negotiation established.\n");
return true;
err:
free_tls_connection(tls);
bsock->tls = NULL;
return false;
}
/*
* Despool spooled attributes
*/
bool BSOCK::despool(void update_attr_spool_size(ssize_t size), ssize_t tsize)
{
int32_t pktsiz;
size_t nbytes;
ssize_t last = 0, size = 0;
int count = 0;
JCR *jcr = get_jcr();
if (lseek(m_spool_fd, 0, SEEK_SET) == -1) {
Qmsg(jcr, M_FATAL, 0, _("attr spool I/O error.\n"));
return false;
}
#if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
posix_fadvise(m_spool_fd, 0, 0, POSIX_FADV_WILLNEED);
#endif
while ((nbytes = read(m_spool_fd, (char *)&pktsiz, sizeof(int32_t))) == sizeof(int32_t)) {
size += sizeof(int32_t);
msglen = ntohl(pktsiz);
if (msglen > 0) {
if (msglen > (int32_t)sizeof_pool_memory(msg)) {
msg = realloc_pool_memory(msg, msglen + 1);
}
nbytes = read(m_spool_fd, msg, msglen);
if (nbytes != (size_t)msglen) {
berrno be;
Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
Qmsg1(get_jcr(), M_FATAL, 0, _("read attr spool error. ERR=%s\n"), be.bstrerror());
update_attr_spool_size(tsize - last);
return false;
}
size += nbytes;
if ((++count & 0x3F) == 0) {
update_attr_spool_size(size - last);
last = size;
}
}
send();
if (jcr && job_canceled(jcr)) {
return false;
}
}
update_attr_spool_size(tsize - last);
return true;
}
/*
* Update File Attributes in the catalog with data read from
* the storage daemon spool file. We receive the filename and
* we try to read it.
*/
bool despool_attributes_from_file(JCR *jcr, const char *file)
{
bool retval = false;
int32_t pktsiz;
size_t nbytes;
ssize_t size = 0;
int32_t msglen; /* message length */
FILE *spool_fd = NULL;
POOLMEM *msg = get_pool_memory(PM_MESSAGE);
Dmsg0(100, "Begin despool_attributes_from_file\n");
if (jcr->is_job_canceled() || !jcr->res.pool->catalog_files || !jcr->db) {
goto bail_out; /* user disabled cataloging */
}
spool_fd = fopen(file, "rb");
if (!spool_fd) {
Dmsg0(100, "cancel despool_attributes_from_file\n");
/* send an error message */
goto bail_out;
}
#if defined(HAVE_POSIX_FADVISE) && defined(POSIX_FADV_WILLNEED)
posix_fadvise(fileno(spool_fd), 0, 0, POSIX_FADV_WILLNEED);
#endif
while (fread((char *)&pktsiz, 1, sizeof(int32_t), spool_fd) == sizeof(int32_t)) {
size += sizeof(int32_t);
msglen = ntohl(pktsiz);
if (msglen > 0) {
if (msglen > (int32_t) sizeof_pool_memory(msg)) {
msg = realloc_pool_memory(msg, msglen + 1);
}
nbytes = fread(msg, 1, msglen, spool_fd);
if (nbytes != (size_t) msglen) {
berrno be;
Dmsg2(400, "nbytes=%d msglen=%d\n", nbytes, msglen);
Qmsg1(jcr, M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
be.bstrerror());
goto bail_out;
}
size += nbytes;
}
if (!jcr->is_job_canceled()) {
update_attribute(jcr, msg, msglen);
if (jcr->is_job_canceled()) {
goto bail_out;
}
}
}
if (ferror(spool_fd)) {
berrno be;
Qmsg1(jcr, M_FATAL, 0, _("fread attr spool error. ERR=%s\n"),
be.bstrerror());
goto bail_out;
}
retval = true;
bail_out:
if (spool_fd) {
fclose(spool_fd);
}
if (jcr->is_job_canceled()) {
cancel_storage_daemon_job(jcr);
}
free_pool_memory(msg);
Dmsg1(100, "End despool_attributes_from_file retval=%i\n", retval);
return retval;
}
/*
* Open a TCP connection to the server
* Returns NULL
* Returns BSOCK * pointer on success
*
*/
bool BSOCK::open(JCR *jcr, const char *name, char *host, char *service,
int port, utime_t heart_beat, int *fatal)
{
int sockfd = -1;
dlist *addr_list;
IPADDR *ipaddr;
bool connected = false;
int turnon = 1;
const char *errstr;
int save_errno = 0;
/*
* Fill in the structure serv_addr with the address of
* the server that we want to connect with.
*/
if ((addr_list = bnet_host2ipaddrs(host, 0, &errstr)) == NULL) {
/* Note errstr is not malloc'ed */
Qmsg2(jcr, M_ERROR, 0, _("gethostbyname() for host \"%s\" failed: ERR=%s\n"),
host, errstr);
Dmsg2(100, "bnet_host2ipaddrs() for host %s failed: ERR=%s\n",
host, errstr);
*fatal = 1;
return false;
}
foreach_dlist(ipaddr, addr_list) {
ipaddr->set_port_net(htons(port));
char allbuf[256 * 10];
char curbuf[256];
Dmsg2(100, "Current %sAll %s\n",
ipaddr->build_address_str(curbuf, sizeof(curbuf)),
build_addresses_str(addr_list, allbuf, sizeof(allbuf)));
/* Open a TCP socket */
if ((sockfd = socket(ipaddr->get_family(), SOCK_STREAM, 0)) < 0) {
berrno be;
save_errno = errno;
*fatal = 1;
Pmsg3(000, _("Socket open error. proto=%d port=%d. ERR=%s\n"),
ipaddr->get_family(), ipaddr->get_port_host_order(), be.bstrerror());
continue;
}
/* Bind to the source address if it is set */
if (src_addr) {
if (bind(sockfd, src_addr->get_sockaddr(), src_addr->get_sockaddr_len()) < 0) {
berrno be;
save_errno = errno;
*fatal = 1;
Pmsg2(000, _("Source address bind error. proto=%d. ERR=%s\n"),
src_addr->get_family(), be.bstrerror() );
continue;
}
}
/*
* Keep socket from timing out from inactivity
*/
if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, (sockopt_val_t)&turnon, sizeof(turnon)) < 0) {
berrno be;
Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPALIVE on socket: %s\n"),
be.bstrerror());
}
#if defined(TCP_KEEPIDLE)
if (heart_beat) {
int opt = heart_beat
if (setsockopt(sockfd, IPPROTO_IP, TCP_KEEPIDLE, (sockopt_val_t)&opt, sizeof(opt)) < 0) {
berrno be;
Qmsg1(jcr, M_WARNING, 0, _("Cannot set SO_KEEPIDLE on socket: %s\n"),
be.bstrerror());
}
}
#endif
/* connect to server */
if (::connect(sockfd, ipaddr->get_sockaddr(), ipaddr->get_sockaddr_len()) < 0) {
save_errno = errno;
socketClose(sockfd);
continue;
}
*fatal = 0;
connected = true;
break;
}
/*
* Create the file, or the directory
*
* fname is the original filename
* ofile is the output filename (may be in a different directory)
*
* Returns: CF_SKIP if file should be skipped
* CF_ERROR on error
* CF_EXTRACT file created and data to restore
* CF_CREATED file created no data to restore
*
* Note, we create the file here, except for special files,
* we do not set the attributes because we want to first
* write the file, then when the writing is done, set the
* attributes.
* So, we return with the file descriptor open for normal
* files.
*
*/
int create_file(JCR *jcr, ATTR *attr, BFILE *bfd, int replace)
{
mode_t new_mode, parent_mode;
int flags;
uid_t uid;
gid_t gid;
int pnl;
bool exists = false;
struct stat mstatp;
bfd->reparse_point = false;
if (is_win32_stream(attr->data_stream)) {
set_win32_backup(bfd);
} else {
set_portable_backup(bfd);
}
new_mode = attr->statp.st_mode;
Dmsg3(200, "type=%d newmode=%x file=%s\n", attr->type, new_mode, attr->ofname);
parent_mode = S_IWUSR | S_IXUSR | new_mode;
gid = attr->statp.st_gid;
uid = attr->statp.st_uid;
#ifdef HAVE_WIN32
if (!bfd->use_backup_api) {
// eliminate invalid windows filename characters from foreign filenames
char *ch = (char *)attr->ofname;
if (ch[0] != 0 && ch[1] != 0) {
ch += 2;
while (*ch) {
switch (*ch) {
case ':':
case '<':
case '>':
case '*':
case '?':
case '|':
*ch = '_';
break;
}
ch++;
}
}
}
#endif
Dmsg2(400, "Replace=%c %d\n", (char)replace, replace);
if (lstat(attr->ofname, &mstatp) == 0) {
exists = true;
switch (replace) {
case REPLACE_IFNEWER:
if (attr->statp.st_mtime <= mstatp.st_mtime) {
Qmsg(jcr, M_SKIPPED, 0, _("File skipped. Not newer: %s\n"), attr->ofname);
return CF_SKIP;
}
break;
case REPLACE_IFOLDER:
if (attr->statp.st_mtime >= mstatp.st_mtime) {
Qmsg(jcr, M_SKIPPED, 0, _("File skipped. Not older: %s\n"), attr->ofname);
return CF_SKIP;
}
break;
case REPLACE_NEVER:
Qmsg(jcr, M_SKIPPED, 0, _("File skipped. Already exists: %s\n"), attr->ofname);
return CF_SKIP;
case REPLACE_ALWAYS:
break;
}
}
switch (attr->type) {
case FT_RAW: /* raw device to be written */
case FT_FIFO: /* FIFO to be written to */
case FT_LNKSAVED: /* Hard linked, file already saved */
case FT_LNK:
case FT_SPEC: /* fifo, ... to be backed up */
case FT_REGE: /* empty file */
case FT_REG: /* regular file */
/*
* Note, we do not delete FT_RAW because these are device files
* or FIFOs that should already exist. If we blow it away,
* we may blow away a FIFO that is being used to read the
* restore data, or we may blow away a partition definition.
*/
if (exists && attr->type != FT_RAW && attr->type != FT_FIFO) {
/* Get rid of old copy */
Dmsg1(400, "unlink %s\n", attr->ofname);
if (unlink(attr->ofname) == -1) {
berrno be;
Qmsg(jcr, M_ERROR, 0, _("File %s already exists and could not be replaced. ERR=%s.\n"),
attr->ofname, be.bstrerror());
/* Continue despite error */
}
}
/*
* Here we do some preliminary work for all the above
* types to create the path to the file if it does
* not already exist. Below, we will split to
* do the file type specific work
*/
pnl = separate_path_and_file(jcr, attr->fname, attr->ofname);
if (pnl < 0) {
return CF_ERROR;
}
/*
* If path length is <= 0 we are making a file in the root
* directory. Assume that the directory already exists.
*/
if (pnl > 0) {
char savechr;
savechr = attr->ofname[pnl];
attr->ofname[pnl] = 0; /* terminate path */
if (!path_already_seen(jcr, attr->ofname, pnl)) {
Dmsg1(400, "Make path %s\n", attr->ofname);
/*
* If we need to make the directory, ensure that it is with
* execute bit set (i.e. parent_mode), and preserve what already
* exists. Normally, this should do nothing.
*/
if (!makepath(attr, attr->ofname, parent_mode, parent_mode, uid, gid, 1)) {
Dmsg1(10, "Could not make path. %s\n", attr->ofname);
attr->ofname[pnl] = savechr; /* restore full name */
return CF_ERROR;
}
}
attr->ofname[pnl] = savechr; /* restore full name */
}
/* Now we do the specific work for each file type */
switch(attr->type) {
case FT_REGE:
case FT_REG:
Dmsg1(100, "Create=%s\n", attr->ofname);
flags = O_WRONLY | O_CREAT | O_TRUNC | O_BINARY; /* O_NOFOLLOW; */
if (IS_CTG(attr->statp.st_mode)) {
flags |= O_CTG; /* set contiguous bit if needed */
}
if (is_bopen(bfd)) {
Qmsg1(jcr, M_ERROR, 0, _("bpkt already open fid=%d\n"), bfd->fid);
bclose(bfd);
}
if ((bopen(bfd, attr->ofname, flags, S_IRUSR | S_IWUSR)) < 0) {
berrno be;
be.set_errno(bfd->berrno);
Qmsg2(jcr, M_ERROR, 0, _("Could not create %s: ERR=%s\n"),
attr->ofname, be.bstrerror());
Dmsg2(100,"Could not create %s: ERR=%s\n", attr->ofname, be.bstrerror());
return CF_ERROR;
}
return CF_EXTRACT;
#ifndef HAVE_WIN32 // none of these exists on MS Windows
case FT_RAW: /* Bacula raw device e.g. /dev/sda1 */
case FT_FIFO: /* Bacula fifo to save data */
case FT_SPEC:
if (S_ISFIFO(attr->statp.st_mode)) {
Dmsg1(400, "Restore fifo: %s\n", attr->ofname);
if (mkfifo(attr->ofname, attr->statp.st_mode) != 0 && errno != EEXIST) {
berrno be;
Qmsg2(jcr, M_ERROR, 0, _("Cannot make fifo %s: ERR=%s\n"),
attr->ofname, be.bstrerror());
return CF_ERROR;
}
} else if (S_ISSOCK(attr->statp.st_mode)) {
Dmsg1(200, "Skipping restore of socket: %s\n", attr->ofname);
#ifdef S_IFDOOR // Solaris high speed RPC mechanism
} else if (S_ISDOOR(attr->statp.st_mode)) {
Dmsg1(200, "Skipping restore of door file: %s\n", attr->ofname);
#endif
#ifdef S_IFPORT // Solaris event port for handling AIO
} else if (S_ISPORT(attr->statp.st_mode)) {
Dmsg1(200, "Skipping restore of event port file: %s\n", attr->ofname);
#endif
} else {
Dmsg1(400, "Restore node: %s\n", attr->ofname);
if (mknod(attr->ofname, attr->statp.st_mode, attr->statp.st_rdev) != 0 && errno != EEXIST) {
berrno be;
Qmsg2(jcr, M_ERROR, 0, _("Cannot make node %s: ERR=%s\n"),
attr->ofname, be.bstrerror());
return CF_ERROR;
}
}
/*
* Here we are going to attempt to restore to a FIFO, which
* means that the FIFO must already exist, AND there must
* be some process already attempting to read from the
* FIFO, so we open it write-only.
*/
if (attr->type == FT_RAW || attr->type == FT_FIFO) {
btimer_t *tid;
Dmsg1(400, "FT_RAW|FT_FIFO %s\n", attr->ofname);
flags = O_WRONLY | O_BINARY;
/* Timeout open() in 60 seconds */
if (attr->type == FT_FIFO) {
Dmsg0(400, "Set FIFO timer\n");
tid = start_thread_timer(jcr, pthread_self(), 60);
} else {
tid = NULL;
}
if (is_bopen(bfd)) {
Qmsg1(jcr, M_ERROR, 0, _("bpkt already open fid=%d\n"), bfd->fid);
}
Dmsg2(400, "open %s flags=0x%x\n", attr->ofname, flags);
if ((bopen(bfd, attr->ofname, flags, 0)) < 0) {
berrno be;
be.set_errno(bfd->berrno);
Qmsg2(jcr, M_ERROR, 0, _("Could not open %s: ERR=%s\n"),
attr->ofname, be.bstrerror());
Dmsg2(400, "Could not open %s: ERR=%s\n", attr->ofname, be.bstrerror());
stop_thread_timer(tid);
return CF_ERROR;
}
stop_thread_timer(tid);
return CF_EXTRACT;
}
Dmsg1(400, "FT_SPEC %s\n", attr->ofname);
return CF_CREATED;
case FT_LNK:
Dmsg2(130, "FT_LNK should restore: %s -> %s\n", attr->ofname, attr->olname);
if (symlink(attr->olname, attr->ofname) != 0 && errno != EEXIST) {
berrno be;
Qmsg3(jcr, M_ERROR, 0, _("Could not symlink %s -> %s: ERR=%s\n"),
attr->ofname, attr->olname, be.bstrerror());
return CF_ERROR;
}
return CF_CREATED;
case FT_LNKSAVED: /* Hard linked, file already saved */
Dmsg2(130, "Hard link %s => %s\n", attr->ofname, attr->olname);
if (link(attr->olname, attr->ofname) != 0) {
berrno be;
#ifdef HAVE_CHFLAGS
struct stat s;
/*
* If using BSD user flags, maybe has a file flag
* preventing this. So attempt to disable, retry link,
* and reset flags.
* Note that BSD securelevel may prevent disabling flag.
*/
if (stat(attr->olname, &s) == 0 && s.st_flags != 0) {
if (chflags(attr->olname, 0) == 0) {
if (link(attr->olname, attr->ofname) != 0) {
/* restore original file flags even when linking failed */
if (chflags(attr->olname, s.st_flags) < 0) {
Qmsg2(jcr, M_ERROR, 0, _("Could not restore file flags for file %s: ERR=%s\n"),
attr->olname, be.bstrerror());
}
#endif /* HAVE_CHFLAGS */
Qmsg3(jcr, M_ERROR, 0, _("Could not hard link %s -> %s: ERR=%s\n"),
attr->ofname, attr->olname, be.bstrerror());
Dmsg3(200, "Could not hard link %s -> %s: ERR=%s\n",
attr->ofname, attr->olname, be.bstrerror());
return CF_ERROR;
#ifdef HAVE_CHFLAGS
}
/* finally restore original file flags */
if (chflags(attr->olname, s.st_flags) < 0) {
Qmsg2(jcr, M_ERROR, 0, _("Could not restore file flags for file %s: ERR=%s\n"),
attr->olname, be.bstrerror());
}
} else {
Qmsg2(jcr, M_ERROR, 0, _("Could not reset file flags for file %s: ERR=%s\n"),
attr->olname, be.bstrerror());
}
} else {
Qmsg3(jcr, M_ERROR, 0, _("Could not hard link %s -> %s: ERR=%s\n"),
attr->ofname, attr->olname, be.bstrerror());
return CF_ERROR;
}
#endif /* HAVE_CHFLAGS */
}
return CF_CREATED;
#endif
} /* End inner switch */
case FT_REPARSE:
bfd->reparse_point = true;
/* Fall through wanted */
case FT_DIRBEGIN:
case FT_DIREND:
Dmsg2(200, "Make dir mode=%o dir=%s\n", new_mode, attr->ofname);
if (!makepath(attr, attr->ofname, new_mode, parent_mode, uid, gid, 0)) {
return CF_ERROR;
}
/*
* If we are using the Win32 Backup API, we open the
* directory so that the security info will be read
* and saved.
*/
if (!is_portable_backup(bfd)) {
if (is_bopen(bfd)) {
Qmsg1(jcr, M_ERROR, 0, _("bpkt already open fid=%d\n"), bfd->fid);
}
if ((bopen(bfd, attr->ofname, O_WRONLY|O_BINARY, 0)) < 0) {
berrno be;
be.set_errno(bfd->berrno);
#ifdef HAVE_WIN32
/* Check for trying to create a drive, if so, skip */
if (attr->ofname[1] == ':' &&
IsPathSeparator(attr->ofname[2]) &&
attr->ofname[3] == '\0') {
return CF_SKIP;
}
#endif
Qmsg2(jcr, M_ERROR, 0, _("Could not open %s: ERR=%s\n"),
attr->ofname, be.bstrerror());
return CF_ERROR;
}
return CF_EXTRACT;
} else {
return CF_CREATED;
}
case FT_DELETED:
Qmsg2(jcr, M_INFO, 0, _("Original file %s have been deleted: type=%d\n"), attr->fname, attr->type);
break;
/* The following should not occur */
case FT_NOACCESS:
case FT_NOFOLLOW:
case FT_NOSTAT:
case FT_DIRNOCHG:
case FT_NOCHG:
case FT_ISARCH:
case FT_NORECURSE:
case FT_NOFSCHG:
case FT_NOOPEN:
Qmsg2(jcr, M_ERROR, 0, _("Original file %s not saved: type=%d\n"), attr->fname, attr->type);
break;
default:
Qmsg2(jcr, M_ERROR, 0, _("Unknown file type %d; not restored: %s\n"), attr->type, attr->fname);
break;
}
return CF_ERROR;
}
