proxmox-backup/src/backup/mod.rs

//! Server/client-specific parts for what's otherwise in pbs-datastore.

use anyhow::{bail, Error};

// Note: .pcat1 => Proxmox Catalog Format version 1
pub const CATALOG_NAME: &str = "catalog.pcat1.didx";

/// Unix system user used by proxmox-backup-proxy
pub const BACKUP_USER_NAME: &str = "backup";
/// Unix system group used by proxmox-backup-proxy
pub const BACKUP_GROUP_NAME: &str = "backup";

/// Return User info for the 'backup' user (``getpwnam_r(3)``)
pub fn backup_user() -> Result<nix::unistd::User, Error> {
    if cfg!(test) {
        // fix permission problems with regressions test (when run as non-root).
        Ok(nix::unistd::User::from_uid(nix::unistd::Uid::current())?.unwrap())
    } else {
        match nix::unistd::User::from_name(BACKUP_USER_NAME)? {
            Some(user) => Ok(user),
            None => bail!("Unable to lookup backup user."),
        }
    }
}

/// Return Group info for the 'backup' group (``getgrnam(3)``)
pub fn backup_group() -> Result<nix::unistd::Group, Error> {
    if cfg!(test) {
        // fix permission problems with regressions test (when run as non-root).
        Ok(nix::unistd::Group::from_gid(nix::unistd::Gid::current())?.unwrap())
    } else {
        match nix::unistd::Group::from_name(BACKUP_GROUP_NAME)? {
            Some(group) => Ok(group),
            None => bail!("Unable to lookup backup user."),
        }
    }
}

pub use pbs_datastore::backup_info;
pub use pbs_datastore::backup_info::*;
pub use pbs_datastore::catalog;
pub use pbs_datastore::catalog::*;
pub use pbs_datastore::checksum_reader;
pub use pbs_datastore::checksum_reader::*;
pub use pbs_datastore::checksum_writer;
pub use pbs_datastore::checksum_writer::*;
pub use pbs_datastore::chunk_stat;
pub use pbs_datastore::chunk_stat::*;
pub use pbs_datastore::chunk_store;
pub use pbs_datastore::chunk_store::*;
pub use pbs_datastore::chunker;
pub use pbs_datastore::chunker::*;
pub use pbs_datastore::crypt_config;
pub use pbs_datastore::crypt_config::*;
pub use pbs_datastore::crypt_reader;
pub use pbs_datastore::crypt_reader::*;
pub use pbs_datastore::crypt_writer;
pub use pbs_datastore::crypt_writer::*;
pub use pbs_datastore::data_blob;
pub use pbs_datastore::data_blob::*;
pub use pbs_datastore::data_blob_reader;
pub use pbs_datastore::data_blob_reader::*;
pub use pbs_datastore::data_blob_writer;
pub use pbs_datastore::data_blob_writer::*;
pub use pbs_datastore::file_formats;
pub use pbs_datastore::file_formats::*;
pub use pbs_datastore::index;
pub use pbs_datastore::index::*;
pub use pbs_datastore::key_derivation;
pub use pbs_datastore::key_derivation::*;
pub use pbs_datastore::manifest;
pub use pbs_datastore::manifest::*;
pub use pbs_datastore::prune;
pub use pbs_datastore::prune::*;

pub use pbs_datastore::store_progress::StoreProgress;

pub use pbs_datastore::cached_chunk_reader::*;
pub use pbs_datastore::dynamic_index::*;
pub use pbs_datastore::fixed_index;
pub use pbs_datastore::fixed_index::*;

pub use pbs_datastore::read_chunk::*;

// Split
mod read_chunk;
pub use read_chunk::*;

mod datastore;
pub use datastore::*;

mod verify;
pub use verify::*;

pub struct BackupLockGuard(std::fs::File);

/// Open or create a lock file owned by user "backup" and lock it.
///
/// Owner/Group of the file is set to backup/backup.
/// File mode is 0660.
/// Default timeout is 10 seconds.
///
/// Note: This method needs to be called by user "root" or "backup".
pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(
    path: P,
    timeout: Option<std::time::Duration>,
    exclusive: bool,
) -> Result<BackupLockGuard, Error> {
    let user = backup_user()?;
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(nix::sys::stat::Mode::from_bits_truncate(0o660))
        .owner(user.uid)
        .group(user.gid);

    let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));

    let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;
    Ok(BackupLockGuard(file))
}

/// Atomically write data to file owned by "root:backup" with permission "0640"
///
/// Only the superuser can write those files, but group 'backup' can read them.
pub fn replace_backup_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
) -> Result<(), Error> {
    let backup_user = backup_user()?;
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= backup
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(backup_user.gid);

    proxmox::tools::fs::replace_file(path, data, options)?;

    Ok(())
}

/// Atomically write data to file owned by "root:root" with permission "0600"
///
/// Only the superuser can read and write those files.
pub fn replace_secret_config<P: AsRef<std::path::Path>>(
    path: P,
    data: &[u8],
) -> Result<(), Error> {
    let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);
    // set the correct owner/group/permissions while saving file
    // owner(rw) = root, group(r)= root
    let options = proxmox::tools::fs::CreateOptions::new()
        .perm(mode)
        .owner(nix::unistd::ROOT)
        .group(nix::unistd::Gid::from_raw(0));

    proxmox::tools::fs::replace_file(path, data, options)?;

    Ok(())
}
moving more code to pbs-datastore prune and fixed/dynamic index Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-08 08:07:01 +00:00			`//! Server/client-specific parts for what's otherwise in pbs-datastore.`
create backup mod in backup.rs, improve docu 2018-12-31 15:08:04 +00:00
switch from failure to anyhow Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2020-04-17 12:11:25 +00:00			`use anyhow::{bail, Error};`
remove tools::getpwnam_ugid, impl. crate::backup::backup_user() And use new nix::unistd::User struct. 2019-12-19 09:20:13 +00:00
change catalog format, use dynamic index to store catalog. In order to remove size restriction of a single blob. 2019-11-08 09:35:48 +00:00			`// Note: .pcat1 => Proxmox Catalog Format version 1`
			`pub const CATALOG_NAME: &str = "catalog.pcat1.didx";`
src/backup.rs: define INDEX_BLOB_NAME here 2019-09-03 11:15:44 +00:00
remove tools::getpwnam_ugid, impl. crate::backup::backup_user() And use new nix::unistd::User struct. 2019-12-19 09:20:13 +00:00			`/// Unix system user used by proxmox-backup-proxy`
			`pub const BACKUP_USER_NAME: &str = "backup";`
backup: add BACKUP_GROUP_NAME const and backup_group helper Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-08-26 08:02:18 +00:00			`/// Unix system group used by proxmox-backup-proxy`
			`pub const BACKUP_GROUP_NAME: &str = "backup";`
remove tools::getpwnam_ugid, impl. crate::backup::backup_user() And use new nix::unistd::User struct. 2019-12-19 09:20:13 +00:00
			/// Return User info for the 'backup' user (``getpwnam_r(3)``)
			`pub fn backup_user() -> Result<nix::unistd::User, Error> {`
fix regression test file permission problems By simply using the current user/group instead of backup:backup 2021-07-21 06:12:51 +00:00			`if cfg!(test) {`
			`// fix permission problems with regressions test (when run as non-root).`
			`Ok(nix::unistd::User::from_uid(nix::unistd::Uid::current())?.unwrap())`
			`} else {`
			`match nix::unistd::User::from_name(BACKUP_USER_NAME)? {`
			`Some(user) => Ok(user),`
			`None => bail!("Unable to lookup backup user."),`
			`}`
remove tools::getpwnam_ugid, impl. crate::backup::backup_user() And use new nix::unistd::User struct. 2019-12-19 09:20:13 +00:00			`}`
			`}`

backup: add BACKUP_GROUP_NAME const and backup_group helper Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-08-26 08:02:18 +00:00			/// Return Group info for the 'backup' group (``getgrnam(3)``)
			`pub fn backup_group() -> Result<nix::unistd::Group, Error> {`
fix regression test file permission problems By simply using the current user/group instead of backup:backup 2021-07-21 06:12:51 +00:00			`if cfg!(test) {`
			`// fix permission problems with regressions test (when run as non-root).`
			`Ok(nix::unistd::Group::from_gid(nix::unistd::Gid::current())?.unwrap())`
			`} else {`
			`match nix::unistd::Group::from_name(BACKUP_GROUP_NAME)? {`
			`Some(group) => Ok(group),`
			`None => bail!("Unable to lookup backup user."),`
			`}`
backup: add BACKUP_GROUP_NAME const and backup_group helper Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2020-08-26 08:02:18 +00:00			`}`
			`}`

move manifest and backup_info to pbs-datastore Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-07 09:34:45 +00:00			`pub use pbs_datastore::backup_info;`
			`pub use pbs_datastore::backup_info::*;`
add pbs-datastore module Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-06 10:49:10 +00:00			`pub use pbs_datastore::catalog;`
add pbs-api-types subcrate, move key_derivation move key_derivation to pbs-datastore pbs-api-types should only contain "basic" types which * are usually required by clients * don't depend on pbs-related code directly Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-07 07:04:09 +00:00			`pub use pbs_datastore::catalog::*;`
			`pub use pbs_datastore::checksum_reader;`
			`pub use pbs_datastore::checksum_reader::*;`
			`pub use pbs_datastore::checksum_writer;`
			`pub use pbs_datastore::checksum_writer::*;`
move chunk_stat, read_chunk to pbs-datastore Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-08 07:17:28 +00:00			`pub use pbs_datastore::chunk_stat;`
			`pub use pbs_datastore::chunk_stat::*;`
move chunk_store to pbs-datastore Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-07 12:37:47 +00:00			`pub use pbs_datastore::chunk_store;`
			`pub use pbs_datastore::chunk_store::*;`
add pbs-api-types subcrate, move key_derivation move key_derivation to pbs-datastore pbs-api-types should only contain "basic" types which * are usually required by clients * don't depend on pbs-related code directly Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-07 07:04:09 +00:00			`pub use pbs_datastore::chunker;`
			`pub use pbs_datastore::chunker::*;`
add pbs-datastore module Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-06 10:49:10 +00:00			`pub use pbs_datastore::crypt_config;`
			`pub use pbs_datastore::crypt_config::*;`
			`pub use pbs_datastore::crypt_reader;`
			`pub use pbs_datastore::crypt_reader::*;`
			`pub use pbs_datastore::crypt_writer;`
			`pub use pbs_datastore::crypt_writer::*;`
			`pub use pbs_datastore::data_blob;`
			`pub use pbs_datastore::data_blob::*;`
			`pub use pbs_datastore::data_blob_reader;`
			`pub use pbs_datastore::data_blob_reader::*;`
			`pub use pbs_datastore::data_blob_writer;`
			`pub use pbs_datastore::data_blob_writer::*;`
add pbs-api-types subcrate, move key_derivation move key_derivation to pbs-datastore pbs-api-types should only contain "basic" types which * are usually required by clients * don't depend on pbs-related code directly Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-07 07:04:09 +00:00			`pub use pbs_datastore::file_formats;`
			`pub use pbs_datastore::file_formats::*;`
			`pub use pbs_datastore::index;`
			`pub use pbs_datastore::index::*;`
			`pub use pbs_datastore::key_derivation;`
			`pub use pbs_datastore::key_derivation::*;`
move manifest and backup_info to pbs-datastore Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-07 09:34:45 +00:00			`pub use pbs_datastore::manifest;`
			`pub use pbs_datastore::manifest::*;`
moving more code to pbs-datastore prune and fixed/dynamic index Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-08 08:07:01 +00:00			`pub use pbs_datastore::prune;`
			`pub use pbs_datastore::prune::*;`

move more api types for the client Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-09 12:26:42 +00:00			`pub use pbs_datastore::store_progress::StoreProgress;`

move CachedChunkReader to pbs-datastore this was actually still missing from the previous commit Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-21 12:20:00 +00:00			`pub use pbs_datastore::cached_chunk_reader::*;`
moving more code to pbs-datastore prune and fixed/dynamic index Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-08 08:07:01 +00:00			`pub use pbs_datastore::dynamic_index::*;`
			`pub use pbs_datastore::fixed_index;`
			`pub use pbs_datastore::fixed_index::*;`

move chunk_stat, read_chunk to pbs-datastore Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-08 07:17:28 +00:00			`pub use pbs_datastore::read_chunk::*;`
src/backup/catalog_blob.rs: moved catalog impl. from pxar And avoid loading catalog into memory. 2019-08-16 10:27:17 +00:00
move chunk_stat, read_chunk to pbs-datastore Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> 2021-07-08 07:17:28 +00:00			`// Split`
src/backup/read_chunk.rs: move read chunk trait into extra file And implement LocalChunkReader. 2019-07-02 06:22:29 +00:00			`mod read_chunk;`
			`pub use read_chunk::*;`

simplify backup lib structure (pub use xxx:*), improve doc 2019-02-12 13:13:31 +00:00			`mod datastore;`
			`pub use datastore::*;`
src/backup/catalog_shell.rs: impl shell to inspect and restore a snapshot via the catalog Signed-off-by: Christian Ebner <c.ebner@proxmox.com> 2019-11-21 11:47:51 +00:00
src/api2/admin/datastore.rs: add verify api 2020-06-24 11:11:45 +00:00			`mod verify;`
			`pub use verify::*;`

use new atomic_open_or_create_file Factor out open_backup_lockfile() method to acquire locks owned by user backup with permission 0660. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> 2021-07-20 11:51:54 +00:00			`pub struct BackupLockGuard(std::fs::File);`

			`/// Open or create a lock file owned by user "backup" and lock it.`
			`///`
			`/// Owner/Group of the file is set to backup/backup.`
			`/// File mode is 0660.`
			`/// Default timeout is 10 seconds.`
			`///`
			`/// Note: This method needs to be called by user "root" or "backup".`
			`pub fn open_backup_lockfile<P: AsRef<std::path::Path>>(`
			`path: P,`
			`timeout: Option<std::time::Duration>,`
			`exclusive: bool,`
			`) -> Result<BackupLockGuard, Error> {`
			`let user = backup_user()?;`
			`let options = proxmox::tools::fs::CreateOptions::new()`
			`.perm(nix::sys::stat::Mode::from_bits_truncate(0o660))`
			`.owner(user.uid)`
			`.group(user.gid);`

			`let timeout = timeout.unwrap_or(std::time::Duration::new(10, 0));`

			`let file = proxmox::tools::fs::open_file_locked(&path, timeout, exclusive, options)?;`
			`Ok(BackupLockGuard(file))`
			`}`
add helpers to write configuration files 2021-07-20 11:51:55 +00:00
			`/// Atomically write data to file owned by "root:backup" with permission "0640"`
			`///`
			`/// Only the superuser can write those files, but group 'backup' can read them.`
			`pub fn replace_backup_config<P: AsRef<std::path::Path>>(`
			`path: P,`
			`data: &[u8],`
			`) -> Result<(), Error> {`
			`let backup_user = backup_user()?;`
			`let mode = nix::sys::stat::Mode::from_bits_truncate(0o0640);`
			`// set the correct owner/group/permissions while saving file`
			`// owner(rw) = root, group(r)= backup`
			`let options = proxmox::tools::fs::CreateOptions::new()`
			`.perm(mode)`
			`.owner(nix::unistd::ROOT)`
			`.group(backup_user.gid);`

			`proxmox::tools::fs::replace_file(path, data, options)?;`

			`Ok(())`
			`}`

			`/// Atomically write data to file owned by "root:root" with permission "0600"`
			`///`
			`/// Only the superuser can read and write those files.`
			`pub fn replace_secret_config<P: AsRef<std::path::Path>>(`
			`path: P,`
			`data: &[u8],`
			`) -> Result<(), Error> {`
			`let mode = nix::sys::stat::Mode::from_bits_truncate(0o0600);`
			`// set the correct owner/group/permissions while saving file`
			`// owner(rw) = root, group(r)= root`
			`let options = proxmox::tools::fs::CreateOptions::new()`
			`.perm(mode)`
			`.owner(nix::unistd::ROOT)`
			`.group(nix::unistd::Gid::from_raw(0));`

			`proxmox::tools::fs::replace_file(path, data, options)?;`

			`Ok(())`
			`}`