chunk readers: ensure chunk/index CryptMode matches
an encrypted Index should never reference a plain-text chunk, and an unencrypted Index should never reference an encrypted chunk. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
committed by
Dietmar Maurer
Dietmar Maurer
parent
2d55beeca0
commit
14f6c9cb8b
@ -1182,6 +1182,7 @@ fn complete_backup_source(arg: &str, param: &HashMap<String, String>) -> Vec<Str
|
||||
async fn dump_image<W: Write>(
|
||||
client: Arc<BackupReader>,
|
||||
crypt_config: Option<Arc<CryptConfig>>,
|
||||
crypt_mode: CryptMode,
|
||||
index: FixedIndexReader,
|
||||
mut writer: W,
|
||||
verbose: bool,
|
||||
@ -1189,7 +1190,7 @@ async fn dump_image<W: Write>(
|
||||
|
||||
let most_used = index.find_most_used_chunks(8);
|
||||
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, crypt_mode, most_used);
|
||||
|
||||
// Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
|
||||
// and thus slows down reading. Instead, directly use RemoteChunkReader
|
||||
@ -1340,7 +1341,12 @@ async fn restore(param: Value) -> Result<Value, Error> {
|
||||
.map_err(|err| format_err!("unable to pipe data - {}", err))?;
|
||||
}
|
||||
|
||||
} else if archive_type == ArchiveType::Blob {
|
||||
return Ok(Value::Null);
|
||||
}
|
||||
|
||||
let file_info = manifest.lookup_file_info(&archive_name)?;
|
||||
|
||||
if archive_type == ArchiveType::Blob {
|
||||
|
||||
let mut reader = client.download_blob(&manifest, &archive_name).await?;
|
||||
|
||||
@ -1365,7 +1371,7 @@ async fn restore(param: Value) -> Result<Value, Error> {
|
||||
|
||||
let most_used = index.find_most_used_chunks(8);
|
||||
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
|
||||
|
||||
let mut reader = BufferedDynamicReader::new(index, chunk_reader);
|
||||
|
||||
@ -1412,7 +1418,7 @@ async fn restore(param: Value) -> Result<Value, Error> {
|
||||
.map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?
|
||||
};
|
||||
|
||||
dump_image(client.clone(), crypt_config.clone(), index, &mut writer, verbose).await?;
|
||||
dump_image(client.clone(), crypt_config.clone(), file_info.chunk_crypt_mode(), index, &mut writer, verbose).await?;
|
||||
}
|
||||
|
||||
Ok(Value::Null)
|
||||
|
||||
@ -97,7 +97,9 @@ async fn dump_catalog(param: Value) -> Result<Value, Error> {
|
||||
|
||||
let most_used = index.find_most_used_chunks(8);
|
||||
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
||||
let file_info = manifest.lookup_file_info(&CATALOG_NAME)?;
|
||||
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
|
||||
|
||||
let mut reader = BufferedDynamicReader::new(index, chunk_reader);
|
||||
|
||||
@ -200,7 +202,9 @@ async fn catalog_shell(param: Value) -> Result<(), Error> {
|
||||
|
||||
let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
|
||||
let most_used = index.find_most_used_chunks(8);
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config.clone(), most_used);
|
||||
|
||||
let file_info = manifest.lookup_file_info(&server_archive_name)?;
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config.clone(), file_info.chunk_crypt_mode(), most_used);
|
||||
let reader = BufferedDynamicReader::new(index, chunk_reader);
|
||||
let archive_size = reader.archive_size();
|
||||
let reader: proxmox_backup::pxar::fuse::Reader =
|
||||
@ -216,7 +220,9 @@ async fn catalog_shell(param: Value) -> Result<(), Error> {
|
||||
manifest.verify_file(CATALOG_NAME, &csum, size)?;
|
||||
|
||||
let most_used = index.find_most_used_chunks(8);
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
||||
|
||||
let file_info = manifest.lookup_file_info(&CATALOG_NAME)?;
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
|
||||
let mut reader = BufferedDynamicReader::new(index, chunk_reader);
|
||||
let mut catalogfile = std::fs::OpenOptions::new()
|
||||
.write(true)
|
||||
|
||||
@ -141,10 +141,12 @@ async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
|
||||
|
||||
let (manifest, _) = client.download_manifest().await?;
|
||||
|
||||
let file_info = manifest.lookup_file_info(&archive_name)?;
|
||||
|
||||
if server_archive_name.ends_with(".didx") {
|
||||
let index = client.download_dynamic_index(&manifest, &server_archive_name).await?;
|
||||
let most_used = index.find_most_used_chunks(8);
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
|
||||
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
|
||||
let reader = BufferedDynamicReader::new(index, chunk_reader);
|
||||
let archive_size = reader.archive_size();
|
||||
let reader: proxmox_backup::pxar::fuse::Reader =
|
||||
|
||||
Reference in New Issue
Block a user