From fb6026b66b550bc47f09f6407a74d8b0fde4fe0c Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Mon, 23 Sep 2019 10:56:53 +0200
Subject: [PATCH] backup writer api: verify checksum inside close

---
 src/api2/backup.rs             | 10 ++++++++--
 src/api2/backup/environment.rs | 20 +++++++++++++++-----
 src/client/http_client.rs      |  1 +
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/src/api2/backup.rs b/src/api2/backup.rs
index d07d2519..746236b5 100644
--- a/src/api2/backup.rs
+++ b/src/api2/backup.rs
@@ -413,6 +413,7 @@ pub fn api_method_close_dynamic_index() -> ApiMethod {
             .required("size", IntegerSchema::new("File size. This is used to verify that the server got all data.")
                       .minimum(1)
             )
+            .required("csum", StringSchema::new("Digest list checksum."))
     )
 }
 
@@ -425,10 +426,12 @@ fn close_dynamic_index (
     let wid = tools::required_integer_param(&param, "wid")? as usize;
     let chunk_count = tools::required_integer_param(&param, "chunk-count")? as u64;
     let size = tools::required_integer_param(&param, "size")? as u64;
+    let csum_str = tools::required_string_param(&param, "csum")?;
+    let csum = proxmox::tools::hex_to_digest(csum_str)?;
 
     let env: &BackupEnvironment = rpcenv.as_ref();
 
-    env.dynamic_writer_close(wid, chunk_count, size)?;
+    env.dynamic_writer_close(wid, chunk_count, size, csum)?;
 
     env.log(format!("sucessfully closed dynamic index {}", wid));
 
@@ -449,6 +452,7 @@ pub fn api_method_close_fixed_index() -> ApiMethod {
             .required("size", IntegerSchema::new("File size. This is used to verify that the server got all data.")
                       .minimum(1)
             )
+            .required("csum", StringSchema::new("Digest list checksum."))
     )
 }
 
@@ -461,10 +465,12 @@ fn close_fixed_index (
     let wid = tools::required_integer_param(&param, "wid")? as usize;
     let chunk_count = tools::required_integer_param(&param, "chunk-count")? as u64;
     let size = tools::required_integer_param(&param, "size")? as u64;
+    let csum_str = tools::required_string_param(&param, "csum")?;
+    let csum = proxmox::tools::hex_to_digest(csum_str)?;
 
     let env: &BackupEnvironment = rpcenv.as_ref();
 
-    env.fixed_writer_close(wid, chunk_count, size)?;
+    env.fixed_writer_close(wid, chunk_count, size, csum)?;
 
     env.log(format!("sucessfully closed fixed index {}", wid));
 
diff --git a/src/api2/backup/environment.rs b/src/api2/backup/environment.rs
index 0260ac6e..c0feda5a 100644
--- a/src/api2/backup/environment.rs
+++ b/src/api2/backup/environment.rs
@@ -326,7 +326,7 @@ impl BackupEnvironment {
     }
 
     /// Close dynamic writer
-    pub fn dynamic_writer_close(&self, wid: usize, chunk_count: u64, size: u64) -> Result<(), Error> {
+    pub fn dynamic_writer_close(&self, wid: usize, chunk_count: u64, size: u64, csum: [u8; 32]) -> Result<(), Error> {
         let mut state = self.state.lock().unwrap();
 
         state.ensure_unfinished()?;
@@ -346,7 +346,12 @@ impl BackupEnvironment {
 
         let uuid = data.index.uuid;
 
-        let csum = data.index.close()?;
+        let expected_csum = data.index.close()?;
+
+        println!("server checksum {:?} client: {:?}", expected_csum, csum);
+        if csum != expected_csum {
+            bail!("dynamic writer '{}' close failed - got unexpected checksum", data.name);
+        }
 
         self.log_upload_stat(&data.name, &csum, &uuid, size, chunk_count, &data.upload_stat);
 
@@ -356,7 +361,7 @@ impl BackupEnvironment {
     }
 
     /// Close fixed writer
-    pub fn fixed_writer_close(&self, wid: usize, chunk_count: u64, size: u64) -> Result<(), Error> {
+    pub fn fixed_writer_close(&self, wid: usize, chunk_count: u64, size: u64, csum: [u8; 32]) -> Result<(), Error> {
         let mut state = self.state.lock().unwrap();
 
         state.ensure_unfinished()?;
@@ -382,9 +387,14 @@ impl BackupEnvironment {
 
         let uuid = data.index.uuid;
 
-        let csum = data.index.close()?;
+        let expected_csum = data.index.close()?;
 
-        self.log_upload_stat(&data.name, &csum, &uuid, size, chunk_count, &data.upload_stat);
+        println!("server checksum {:?} client: {:?}", expected_csum, csum);
+        if csum != expected_csum {
+            bail!("fixed writer '{}' close failed - got unexpected checksum", data.name);
+        }
+
+        self.log_upload_stat(&data.name, &expected_csum, &uuid, size, chunk_count, &data.upload_stat);
 
         state.file_counter += 1;
 
diff --git a/src/client/http_client.rs b/src/client/http_client.rs
index 3cc63636..20b64236 100644
--- a/src/client/http_client.rs
+++ b/src/client/http_client.rs
@@ -749,6 +749,7 @@ impl BackupClient {
             "wid": wid ,
             "chunk-count": chunk_count,
             "size": size,
+            "csum": proxmox::tools::digest_to_hex(&csum),
         });
         let _value = self.h2.post(&close_path, Some(param)).await?;
         Ok(BackupStats {