src/backup/manifest.rs: add verify_file

This commit is contained in:
Dietmar Maurer 2019-10-13 10:09:12 +02:00
parent 511a47bd73
commit f06b820ac0
3 changed files with 55 additions and 67 deletions

View File

@ -28,6 +28,31 @@ impl BackupManifest {
self.files.push(FileInfo { filename, size, csum }); self.files.push(FileInfo { filename, size, csum });
} }
fn lookup_file_info(&self, name: &str) -> Result<&FileInfo, Error> {
let info = self.files.iter().find(|item| item.filename == name);
match info {
None => bail!("manifest does not contain file '{}'", name),
Some(info) => Ok(info),
}
}
pub fn verify_file(&self, name: &str, csum: &[u8; 32], size: u64) -> Result<(), Error> {
let info = self.lookup_file_info(name)?;
if size != info.size {
bail!("wrong size for file '{}' ({} != {}", name, info.size, size);
}
if csum != &info.csum {
bail!("wrong checksum for file '{}'", name);
}
Ok(())
}
pub fn into_json(self) -> Value { pub fn into_json(self) -> Value {
json!({ json!({
"backup-type": self.snapshot.group().backup_type(), "backup-type": self.snapshot.group().backup_type(),
@ -54,6 +79,7 @@ impl TryFrom<Value> for BackupManifest {
use crate::tools::{required_string_property, required_integer_property, required_array_property}; use crate::tools::{required_string_property, required_integer_property, required_array_property};
proxmox::tools::try_block!({
let backup_type = required_string_property(&data, "backup_type")?; let backup_type = required_string_property(&data, "backup_type")?;
let backup_id = required_string_property(&data, "backup_id")?; let backup_id = required_string_property(&data, "backup_id")?;
let backup_time = required_integer_property(&data, "backup_time")?; let backup_time = required_integer_property(&data, "backup_time")?;
@ -68,7 +94,8 @@ impl TryFrom<Value> for BackupManifest {
let size = required_integer_property(item, "size")? as u64; let size = required_integer_property(item, "size")? as u64;
files.push(FileInfo { filename, size, csum }); files.push(FileInfo { filename, size, csum });
} }
Ok(Self { files, snapshot }) Ok(Self { files, snapshot })
}).map_err(|err: Error| format_err!("unable to parse backup manifest - {}", err))
} }
} }

View File

@ -489,7 +489,7 @@ fn dump_catalog(
true, true,
).await?; ).await?;
let backup_index = client.download_manifest().await?; let manifest = client.download_manifest().await?;
let blob_file = std::fs::OpenOptions::new() let blob_file = std::fs::OpenOptions::new()
.read(true) .read(true)
@ -500,7 +500,7 @@ fn dump_catalog(
let mut blob_file = client.download(CATALOG_BLOB_NAME, blob_file).await?; let mut blob_file = client.download(CATALOG_BLOB_NAME, blob_file).await?;
let (csum, size) = compute_file_csum(&mut blob_file)?; let (csum, size) = compute_file_csum(&mut blob_file)?;
verify_index_file(&backup_index, CATALOG_BLOB_NAME, &csum, size)?; manifest.verify_file(CATALOG_BLOB_NAME, &csum, size)?;
blob_file.seek(SeekFrom::Start(0))?; blob_file.seek(SeekFrom::Start(0))?;
@ -877,46 +877,6 @@ fn restore(
async_main(restore_do(param)) async_main(restore_do(param))
} }
fn verify_index_file(backup_index: &Value, name: &str, csum: &[u8; 32], size: u64) -> Result<(), Error> {
let files = backup_index["files"]
.as_array()
.ok_or_else(|| format_err!("mailformed index - missing 'files' property"))?;
let info = files.iter().find(|v| {
match v["filename"].as_str() {
Some(filename) => filename == name,
None => false,
}
});
let info = match info {
None => bail!("index does not contain file '{}'", name),
Some(info) => info,
};
match info["size"].as_u64() {
None => bail!("index does not contain property 'size' for file '{}'", name),
Some(expected_size) => {
if expected_size != size {
bail!("verify index failed - wrong size for file '{}' ({} != {}", name, expected_size, size);
}
}
};
match info["csum"].as_str() {
None => bail!("index does not contain property 'csum' for file '{}'", name),
Some(expected_csum) => {
let expected_csum = &proxmox::tools::hex_to_digest(expected_csum)?;
if expected_csum != csum {
bail!("verify index failed - wrong checksum for file '{}'", name);
}
}
};
Ok(())
}
fn dump_image<W: Write>( fn dump_image<W: Write>(
client: Arc<BackupReader>, client: Arc<BackupReader>,
crypt_config: Option<Arc<CryptConfig>>, crypt_config: Option<Arc<CryptConfig>>,
@ -1036,10 +996,10 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
.custom_flags(libc::O_TMPFILE) .custom_flags(libc::O_TMPFILE)
.open("/tmp")?; .open("/tmp")?;
let backup_index = client.download_manifest().await?; let manifest = client.download_manifest().await?;
if server_archive_name == MANIFEST_BLOB_NAME { if server_archive_name == MANIFEST_BLOB_NAME {
let backup_index_data = backup_index.to_string(); let backup_index_data = manifest.into_json().to_string();
if let Some(target) = target { if let Some(target) = target {
file_set_contents(target, backup_index_data.as_bytes(), None)?; file_set_contents(target, backup_index_data.as_bytes(), None)?;
} else { } else {
@ -1053,7 +1013,7 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
let mut tmpfile = client.download(&server_archive_name, tmpfile).await?; let mut tmpfile = client.download(&server_archive_name, tmpfile).await?;
let (csum, size) = compute_file_csum(&mut tmpfile)?; let (csum, size) = compute_file_csum(&mut tmpfile)?;
verify_index_file(&backup_index, &server_archive_name, &csum, size)?; manifest.verify_file(&server_archive_name, &csum, size)?;
tmpfile.seek(SeekFrom::Start(0))?; tmpfile.seek(SeekFrom::Start(0))?;
let mut reader = DataBlobReader::new(tmpfile, crypt_config)?; let mut reader = DataBlobReader::new(tmpfile, crypt_config)?;
@ -1081,8 +1041,7 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
// Note: do not use values stored in index (not trusted) - instead, computed them again // Note: do not use values stored in index (not trusted) - instead, computed them again
let (csum, size) = index.compute_csum(); let (csum, size) = index.compute_csum();
manifest.verify_file(&server_archive_name, &csum, size)?;
verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
let most_used = index.find_most_used_chunks(8); let most_used = index.find_most_used_chunks(8);
@ -1119,8 +1078,7 @@ async fn restore_do(param: Value) -> Result<Value, Error> {
// Note: do not use values stored in index (not trusted) - instead, computed them again // Note: do not use values stored in index (not trusted) - instead, computed them again
let (csum, size) = index.compute_csum(); let (csum, size) = index.compute_csum();
manifest.verify_file(&server_archive_name, &csum, size)?;
verify_index_file(&backup_index, &server_archive_name, &csum, size)?;
let mut writer = if let Some(target) = target { let mut writer = if let Some(target) = target {
std::fs::OpenOptions::new() std::fs::OpenOptions::new()
@ -1760,7 +1718,7 @@ async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
.custom_flags(libc::O_TMPFILE) .custom_flags(libc::O_TMPFILE)
.open("/tmp")?; .open("/tmp")?;
let backup_index = client.download_manifest().await?; let manifest = client.download_manifest().await?;
if server_archive_name.ends_with(".didx") { if server_archive_name.ends_with(".didx") {
let tmpfile = client.download(&server_archive_name, tmpfile).await?; let tmpfile = client.download(&server_archive_name, tmpfile).await?;
@ -1769,7 +1727,7 @@ async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
// Note: do not use values stored in index (not trusted) - instead, computed them again // Note: do not use values stored in index (not trusted) - instead, computed them again
let (csum, size) = index.compute_csum(); let (csum, size) = index.compute_csum();
verify_index_file(&backup_index, &server_archive_name, &csum, size)?; manifest.verify_file(&server_archive_name, &csum, size)?;
let most_used = index.find_most_used_chunks(8); let most_used = index.find_most_used_chunks(8);
let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used); let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);

View File

@ -121,13 +121,16 @@ impl BackupReader {
} }
/// Download backup manifest (index.json) /// Download backup manifest (index.json)
pub async fn download_manifest(&self) -> Result<Value, Error> { pub async fn download_manifest(&self) -> Result<BackupManifest, Error> {
use std::convert::TryFrom;
let raw_data = self.download(MANIFEST_BLOB_NAME, Vec::with_capacity(64*1024)).await?; let raw_data = self.download(MANIFEST_BLOB_NAME, Vec::with_capacity(64*1024)).await?;
let blob = DataBlob::from_raw(raw_data)?; let blob = DataBlob::from_raw(raw_data)?;
blob.verify_crc()?; blob.verify_crc()?;
let data = blob.decode(self.crypt_config.as_ref().map(Arc::as_ref))?; let data = blob.decode(self.crypt_config.as_ref().map(Arc::as_ref))?;
let result: Value = serde_json::from_slice(&data[..])?; let json: Value = serde_json::from_slice(&data[..])?;
Ok(result)
BackupManifest::try_from(json)
} }
} }