*** client-src/client_util.c 2002/10/30 17:31:19 1.1 --- client-src/client_util.c 2002/10/31 17:47:17 *************** *** 396,401 **** --- 396,402 ---- options->krb4_auth = 0; options->kencrypt = 0; #endif + options->sencrypt = 0; options->exclude_file = NULL; options->exclude_list = NULL; options->include_file = NULL; *************** *** 548,553 **** --- 549,564 ---- options->kencrypt = 1; } #endif + else if(strcmp(tok, "sencrypt") == 0) { + if(options->sencrypt != 0) { + dbprintf(("%s: multiple sencrypt option\n", + debug_prefix(NULL))); + if(verbose) { + printf("ERROR [multiple sencrypt option]\n"); + } + } + options->sencrypt = 1; + } else if(strcmp(tok, "exclude-optional") == 0) { if(options->exclude_optional != 0) { dbprintf(("%s: multiple exclude-optional option\n", *** client-src/client_util.h 2002/10/30 17:30:04 1.1 --- client-src/client_util.h 2002/10/31 17:47:18 *************** *** 51,56 **** --- 51,57 ---- int krb4_auth; int kencrypt; #endif + int sencrypt; } option_t; typedef struct g_option_s { *** client-src/sendbackup-dump.c 2002/10/30 17:12:58 1.1 --- client-src/sendbackup-dump.c 2002/10/31 17:47:18 *************** *** 128,133 **** --- 128,134 ---- char *cmd = NULL; char *indexcmd = NULL; char level_str[NUM_STR_SIZE]; + int cryptout, compout; ap_snprintf(level_str, sizeof(level_str), "%d", level); *************** *** 136,141 **** --- 137,154 ---- NAUGHTY_BITS; + dumpout = dataf; + cryptpid = -1; + cryptout = -1; + if(options->sencrypt) { + cryptout = dumpout; + cryptpid = pipespawn(ENCRYPT_PATH, STDIN_PIPE, + &dumpout, &cryptout, &mesgf, + ENCRYPT_PATH, ENCRYPT_OPT, NULL); + } + + comppid = -1; + compout = -1; if(options->compress == COMPR_FAST || options->compress == COMPR_BEST) { char *compopt = skip_argument; *************** *** 146,153 **** compopt = COMPRESS_FAST_OPT; } #endif comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &dataf, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s: pid %ld: %s", debug_prefix_time("-dump"), (long)comppid, COMPRESS_PATH)); --- 159,167 ---- compopt = COMPRESS_FAST_OPT; } #endif + compout = dumpout; comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &compout, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s: pid %ld: %s", debug_prefix_time("-dump"), (long)comppid, COMPRESS_PATH)); *************** *** 155,163 **** dbprintf((" %s", compopt)); } dbprintf(("\n")); - } else { - dumpout = dataf; - comppid = -1; } /* invoke dump */ --- 169,174 ---- *************** *** 375,380 **** --- 386,393 ---- aclose(mesgf); if (options->createindex) aclose(indexf); + if (compout >= 0) aclose(compout); + if (cryptout >= 0) aclose(cryptout); } static void end_backup(status) *** client-src/sendbackup-gnutar.c 2002/10/30 17:21:21 1.1 --- client-src/sendbackup-gnutar.c 2002/10/31 17:47:18 *************** *** 148,153 **** --- 148,154 ---- amandates_t *amdates; time_t prev_dumptime; char *error_pn = NULL; + int cryptout, compout; error_pn = stralloc2(get_pname(), "-smbclient"); *************** *** 156,161 **** --- 157,174 ---- NAUGHTY_BITS; + dumpout = dataf; + cryptpid = -1; + cryptout = -1; + if(options->sencrypt) { + cryptout = dumpout; + cryptpid = pipespawn(ENCRYPT_PATH, STDIN_PIPE, + &dumpout, &cryptout, &mesgf, + ENCRYPT_PATH, ENCRYPT_OPT, NULL); + } + + comppid = -1; + compout = -1; if(options->compress == COMPR_FAST || options->compress == COMPR_BEST) { char *compopt = skip_argument; *************** *** 166,173 **** compopt = COMPRESS_FAST_OPT; } #endif comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &dataf, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s: pid %ld: %s", debug_prefix_time("-gnutar"), (long)comppid, COMPRESS_PATH)); --- 179,187 ---- compopt = COMPRESS_FAST_OPT; } #endif + compout = dumpout; comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &compout, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s: pid %ld: %s", debug_prefix_time("-gnutar"), (long)comppid, COMPRESS_PATH)); *************** *** 175,183 **** dbprintf((" %s", compopt)); } dbprintf(("\n")); - } else { - dumpout = dataf; - comppid = -1; } #ifdef GNUTAR_LISTED_INCREMENTAL_DIR /* { */ --- 189,194 ---- *************** *** 545,550 **** --- 556,563 ---- aclose(mesgf); if (options->createindex) aclose(indexf); + if (compout >= 0) aclose(compout); + if (cryptout >= 0) aclose(cryptout); } static void end_backup(goterror) *** client-src/sendbackup.c 2002/10/30 17:25:06 1.1 --- client-src/sendbackup.c 2002/10/31 17:47:19 *************** *** 41,46 **** --- 41,47 ---- #define TIMEOUT 30 + int cryptpid = -1; int comppid = -1; int dumppid = -1; int tarpid = -1; *************** *** 88,93 **** --- 89,95 ---- char *bsd_opt = ""; char *krb4_opt = ""; char *kencrypt_opt = ""; + char *sencrypt_opt = ""; char *index_opt = ""; char *exclude_file_opt; char *exclude_list_opt; *************** *** 108,113 **** --- 110,116 ---- if(options->krb4_auth) krb4_opt = "krb4-auth;"; if(options->kencrypt) kencrypt_opt = "kencrypt;"; #endif + if(options->sencrypt) sencrypt_opt = "sencrypt;"; if(options->createindex) index_opt = "index;"; exclude_file_opt = stralloc(""); *************** *** 130,135 **** --- 133,139 ---- bsd_opt, krb4_opt, kencrypt_opt, + sencrypt_opt, index_opt, exclude_file_opt, exclude_list_opt, *************** *** 502,507 **** --- 506,512 ---- if(pid == comppid) return "compress"; if(pid == encpid) return "kencrypt"; if(pid == indexpid) return "index"; + if(pid == cryptpid) return "sencrypt"; return "unknown"; } *** client-src/sendbackup.h 2002/10/30 17:29:01 1.1 --- client-src/sendbackup.h 2002/10/31 17:47:19 *************** *** 83,85 **** --- 83,94 ---- extern backup_program_t *programs[], *program; + #ifndef ENCRYPT_PATH + #define ENCRYPT_PATH "/local/bin/sst" + #ifdef ENCRYPT_OPT + #undef ENCRYPT_OPT + #endif + #define ENCRYPT_OPT "-celv" + /* #define ENCRYPT_OPT "-celddd" /* enable debugging messages */ + #endif + extern int cryptpid; *** common-src/amfeatures.c 2002/10/30 18:07:25 1.1 --- common-src/amfeatures.c 2002/10/31 17:47:39 *************** *** 91,96 **** --- 91,98 ---- am_add_feature(f, fe_options_krb4_auth); am_add_feature(f, fe_options_kencrypt); + am_add_feature(f, fe_options_sencrypt); + am_add_feature(f, fe_req_options_maxdumps); am_add_feature(f, fe_req_options_hostname); am_add_feature(f, fe_req_options_features); *************** *** 138,143 **** --- 140,147 ---- am_add_feature(f, fe_options_exclude_list); am_add_feature(f, fe_options_krb4_auth); am_add_feature(f, fe_options_kencrypt); + + am_add_feature(f, fe_options_sencrypt); am_add_feature(f, fe_req_options_maxdumps); am_add_feature(f, fe_req_options_hostname); *** common-src/amfeatures.h 2002/10/30 18:06:41 1.1 --- common-src/amfeatures.h 2002/10/31 17:47:40 *************** *** 112,117 **** --- 112,119 ---- fe_options_bsd_auth, fe_options_krb4_auth, fe_options_kencrypt, + + fe_options_sencrypt, fe_req_options_maxdumps, fe_req_options_hostname, *** server-src/amadmin.c 2002/10/30 17:37:07 1.1 --- server-src/amadmin.c 2002/10/31 17:48:07 *************** *** 1486,1491 **** --- 1486,1492 ---- break; } printf(" kencrypt %s\n", (dp->kencrypt? "YES" : "NO")); + printf(" sencrypt %s\n", (dp->sencrypt? "YES" : "NO")); printf(" holdingdisk %s\n", (!dp->no_hold? "YES" : "NO")); printf(" record %s\n", (dp->record? "YES" : "NO")); *** server-src/conffile.c 2002/10/30 17:37:50 1.1 --- server-src/conffile.c 2002/10/31 17:48:08 *************** *** 87,93 **** OPTIONS, PRIORITY, FREQUENCY, INDEX, STARTTIME, COMPRESS, AUTH, STRATEGY, SKIP_INCR, SKIP_FULL, RECORD, HOLDING, ! EXCLUDE, INCLUDE, KENCRYPT, IGNORE, COMPRATE, /* tape type */ /*COMMENT,*/ BLOCKSIZE, FILE_PAD, LBL_TEMPL, FILEMARK, LENGTH, SPEED, --- 87,93 ---- OPTIONS, PRIORITY, FREQUENCY, INDEX, STARTTIME, COMPRESS, AUTH, STRATEGY, SKIP_INCR, SKIP_FULL, RECORD, HOLDING, ! EXCLUDE, INCLUDE, KENCRYPT, SENCRYPT, IGNORE, COMPRATE, /* tape type */ /*COMMENT,*/ BLOCKSIZE, FILE_PAD, LBL_TEMPL, FILEMARK, LENGTH, SPEED, *************** *** 1203,1208 **** --- 1203,1209 ---- { "INCLUDE", INCLUDE }, { "INDEX", INDEX }, { "KENCRYPT", KENCRYPT }, + { "SENCRYPT", SENCRYPT }, { "MAXCYCLE", MAXCYCLE }, /* XXX - historical */ { "MAXDUMPS", MAXDUMPS }, { "OPTIONS", OPTIONS }, /* XXX - historical */ *************** *** 1314,1319 **** --- 1315,1324 ---- get_simple(&tmpval, &dpcur.s_kencrypt, BOOL); dpcur.kencrypt = (tmpval.i != 0); break; + case SENCRYPT: + get_simple(&tmpval, &dpcur.s_sencrypt, BOOL); + dpcur.sencrypt = (tmpval.i != 0); + break; case MAXCYCLE: get_simple((val_t *)&conf_maxcycle, &dpcur.s_maxcycle, INT); break; *************** *** 1425,1430 **** --- 1430,1436 ---- dpcur.skip_incr = dpcur.skip_full = 0; dpcur.no_hold = 0; dpcur.kencrypt = 0; + dpcur.sencrypt = 0; dpcur.ignore = 0; dpcur.index = 0; *************** *** 1449,1454 **** --- 1455,1461 ---- dpcur.s_skip_full = 0; dpcur.s_no_hold = 0; dpcur.s_kencrypt = 0; + dpcur.s_sencrypt = 0; dpcur.s_ignore = 0; dpcur.s_index = 0; } *************** *** 1506,1511 **** --- 1513,1519 ---- dtcopy(skip_full, s_skip_full); dtcopy(no_hold, s_no_hold); dtcopy(kencrypt, s_kencrypt); + dtcopy(sencrypt, s_sencrypt); dtcopy(ignore, s_ignore); dtcopy(index, s_index); } *************** *** 1796,1801 **** --- 1804,1810 ---- { "EXCLUDE-FILE", EXCLUDE_FILE }, { "EXCLUDE-LIST", EXCLUDE_LIST }, { "KENCRYPT", KENCRYPT }, + { "SENCRYPT", SENCRYPT }, { "SKIP-FULL", SKIP_FULL }, { "SKIP-INCR", SKIP_INCR }, { NULL, IDENT } *************** *** 1825,1830 **** --- 1834,1840 ---- dpcur.exclude_list = append_sl(dpcur.exclude_list, stralloc(tokenval.s)); break; case KENCRYPT: ckseen(&dpcur.s_kencrypt); dpcur.kencrypt = 1; break; + case SENCRYPT: ckseen(&dpcur.s_sencrypt); dpcur.sencrypt = 1; break; case SKIP_INCR: ckseen(&dpcur.s_skip_incr); dpcur.skip_incr= 1; break; case SKIP_FULL: ckseen(&dpcur.s_skip_full); dpcur.skip_full= 1; break; case INDEX: ckseen(&dpcur.s_index); dpcur.index = 1; break; *************** *** 2867,2872 **** --- 2877,2883 ---- if(dp->skip_full) printf(" SKIP-FULL"); if(dp->no_hold) printf(" NO-HOLD"); if(dp->kencrypt) printf(" KENCRYPT"); + if(dp->sencrypt) printf(" SENCRYPT"); /* an ignored disk will never reach this point */ assert(!dp->ignore); if(dp->index) printf(" INDEX"); *** server-src/conffile.h 2002/10/30 17:41:50 1.1 --- server-src/conffile.h 2002/10/31 17:48:08 *************** *** 152,157 **** --- 152,158 ---- unsigned int skip_full:1; unsigned int no_hold:1; unsigned int kencrypt:1; + unsigned int sencrypt:1; unsigned int ignore:1; unsigned int index:1; *************** *** 179,184 **** --- 180,186 ---- int s_skip_full; int s_no_hold; int s_kencrypt; + int s_sencrypt; int s_ignore; int s_index; } dumptype_t; *** server-src/diskfile.c 2002/10/30 17:43:02 1.1 --- server-src/diskfile.c 2002/10/31 17:48:08 *************** *** 428,433 **** --- 428,434 ---- disk->skip_full = dtype->skip_full; disk->no_hold = dtype->no_hold; disk->kencrypt = dtype->kencrypt; + disk->sencrypt = dtype->sencrypt; disk->index = dtype->index; disk->todo = 1; *************** *** 547,552 **** --- 548,554 ---- { char *auth_opt = NULL; char *kencrypt_opt = ""; + char *sencrypt_opt = ""; char *compress_opt = ""; char *record_opt = ""; char *index_opt = ""; *************** *** 601,606 **** --- 603,619 ---- } } + if(dp->sencrypt) { + if(am_has_feature(their_features, fe_options_sencrypt)) { + sencrypt_opt = "sencrypt;"; + } + else if(fdout) { + fprintf(fdout, + "WARNING: %s:%s does not support sencrypt\n", + dp->host->hostname, dp->name); + } + } + switch(dp->compress) { case COMP_FAST: if(am_has_feature(their_features, fe_options_compress_fast)) { *************** *** 788,793 **** --- 801,807 ---- result = vstralloc(";", auth_opt, kencrypt_opt, + sencrypt_opt, compress_opt, record_opt, index_opt, *** server-src/diskfile.h 2002/10/30 17:42:35 1.1 --- server-src/diskfile.h 2002/10/31 17:48:08 *************** *** 80,85 **** --- 80,86 ---- unsigned int skip_full:1; /* fulls done externally ? */ unsigned int no_hold:1; /* don't use holding disk ? */ unsigned int kencrypt:1; + unsigned int sencrypt:1; unsigned int index:1; /* produce an index ? */ int spindle; /* spindle # - for parallel dumps */ int inprogress; /* being dumped now? */ *** server-src/dumper.c 2002/10/30 17:55:20 1.1 --- server-src/dumper.c 2002/10/31 17:48:08 *************** *** 112,117 **** --- 112,128 ---- static am_feature_t *our_features = NULL; static char *our_feature_string = NULL; + int decrypt, cryptpid; + + #ifndef DECRYPT_PATH + #define DECRYPT_PATH "/local/bin/sst" + #ifdef DECRYPT_OPT + #undef DECRYPT_OPT + #endif + #define DECRYPT_OPT "-slv" + /* #define DECRYPT_OPT "-slddd" /* for debugging messages */ + #endif /* DECRYPT_PATH */ + /* local functions */ int main P((int main_argc, char **main_argv)); int do_dump P((int mesgfd, int datafd, int indexfd, int outfd)); *************** *** 142,147 **** --- 153,159 ---- srvcompress = srvcomp_fast; else srvcompress = srvcomp_none; + decrypt = (strstr(options, "sencrypt;") != NULL); } void service_ports_init() *************** *** 1109,1114 **** --- 1121,1127 ---- fd_set readset, selectset; struct timeval timeout; int outpipe[2]; + int netpipe[2]; int header_done; /* flag - header has been written */ char *indexfile_tmp = NULL; char *indexfile_real = NULL; *************** *** 1174,1179 **** --- 1187,1233 ---- unlink(errfname); /* so it goes away on close */ amfree(errfname); + /* insert pipe in the *READ* side, if decryption is desired */ + cryptpid = -1; + if (decrypt) { + int tmpfd; + + tmpfd = datafd; + if(socketpair(AF_UNIX, SOCK_STREAM, 0, netpipe) == -1) + error("socketpair: %s", strerror(errno)); + datafd = netpipe[0]; + if(datafd < 0 || datafd >= FD_SETSIZE) { + aclose(netpipe[0]); + aclose(netpipe[1]); + errstr = newstralloc(errstr, "descriptor out of range"); + errno = EMFILE; + goto failed; + } + switch(cryptpid=fork()) { + case -1: + errstr = newstralloc2(errstr, "couldn't fork: ", strerror(errno)); + goto failed; + default: + aclose(netpipe[1]); + aclose(tmpfd); + break; + case 0: + aclose(netpipe[0]); + /* child acts on stdin/stdout */ + if (dup2(netpipe[1],1) == -1) + fprintf(stderr, "err dup2 out: %s\n", strerror(errno)); + if (dup2(tmpfd, 0) == -1) + fprintf(stderr, "err dup2 in: %s\n", strerror(errno)); + for(tmpfd = 3; tmpfd <= FD_SETSIZE; ++tmpfd) { + close(tmpfd); + } + /* now spawn sst to take care of the rest */ + execlp(DECRYPT_PATH, DECRYPT_PATH, DECRYPT_OPT, (char *)0); + error("error: couldn't exec %s.\n", DECRYPT_PATH); + } + /* Now the pipe has been inserted. */ + } + /* insert pipe in the *READ* side, if server-side compression is desired */ compresspid = -1; if (srvcompress) { *************** *** 1544,1549 **** --- 1598,1615 ---- else if ( killerr == -1 ) { if(errno != ESRCH) fprintf(stderr,"%s: can't kill index command: %s\n", + get_pname(),strerror(errno)); + } + } + + if(cryptpid != -1) { + killerr = kill(cryptpid,SIGTERM); + if(killerr == 0) { + fprintf(stderr,"%s: kill decrypt command\n",get_pname()); + } + else if ( killerr == -1 ) { + if(errno != ESRCH) + fprintf(stderr,"%s: can't kill decrypt command: %s\n", get_pname(),strerror(errno)); } }