*** client-src/sendbackup-dump.c 2002/04/03 00:44:35 1.1 --- client-src/sendbackup-dump.c 2002/05/24 22:54:13 *************** *** 144,149 **** --- 144,150 ---- char *cmd = NULL; char *indexcmd = NULL; char level_str[NUM_STR_SIZE]; + int cryptout, compout; ap_snprintf(level_str, sizeof(level_str), "%d", level); *************** *** 152,157 **** --- 153,170 ---- NAUGHTY_BITS; + dumpout = dataf; + cryptpid = -1; + cryptout = -1; + if(sencrypt) { + cryptout = dumpout; + cryptpid = pipespawn(ENCRYPT_PATH, STDIN_PIPE, + &dumpout, &cryptout, &mesgf, + ENCRYPT_PATH, ENCRYPT_OPT, NULL); + } + + comppid = -1; + compout = -1; if(compress) { char *compopt = skip_argument; *************** *** 162,169 **** compopt = COMPRESS_FAST_OPT; } #endif comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &dataf, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s-gnutar: pid %ld: %s", get_pname(), (long)comppid, COMPRESS_PATH)); --- 175,183 ---- compopt = COMPRESS_FAST_OPT; } #endif + compout = dumpout; comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &compout, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s-gnutar: pid %ld: %s", get_pname(), (long)comppid, COMPRESS_PATH)); *************** *** 171,179 **** dbprintf((" %s", compopt)); } dbprintf(("\n")); - } else { - dumpout = dataf; - comppid = -1; } /* invoke dump */ --- 185,190 ---- *************** *** 387,392 **** --- 398,405 ---- aclose(mesgf); if (createindex) aclose(indexf); + if (compout >= 0) aclose(compout); + if (cryptout >= 0) aclose(cryptout); } static void end_backup(status) *** client-src/sendbackup-gnutar.c 2002/04/03 00:55:41 1.1 --- client-src/sendbackup-gnutar.c 2002/05/24 22:53:53 *************** *** 142,153 **** --- 142,167 ---- struct tm *gmtm; amandates_t *amdates; time_t prev_dumptime; + int cryptout, compout; + fprintf(stderr, "%s: start [%s:%s level %d]\n", get_pname(), host, disk, level); NAUGHTY_BITS; + dumpout = dataf; + cryptpid = -1; + cryptout = -1; + if(sencrypt) { + cryptout = dumpout; + cryptpid = pipespawn(ENCRYPT_PATH, STDIN_PIPE, + &dumpout, &cryptout, &mesgf, + ENCRYPT_PATH, ENCRYPT_OPT, NULL); + } + + comppid = -1; + compout = -1; if(compress) { char *compopt = skip_argument; *************** *** 158,165 **** compopt = COMPRESS_FAST_OPT; } #endif comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &dataf, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s-gnutar: pid %ld: %s", get_pname(), (long)comppid, COMPRESS_PATH)); --- 172,180 ---- compopt = COMPRESS_FAST_OPT; } #endif + compout = dumpout; comppid = pipespawn(COMPRESS_PATH, STDIN_PIPE, ! &dumpout, &compout, &mesgf, COMPRESS_PATH, compopt, NULL); dbprintf(("%s-gnutar: pid %ld: %s", get_pname(), (long)comppid, COMPRESS_PATH)); *************** *** 167,175 **** dbprintf((" %s", compopt)); } dbprintf(("\n")); - } else { - dumpout = dataf; - comppid = -1; } #ifdef GNUTAR_LISTED_INCREMENTAL_DIR /* { */ --- 182,187 ---- *************** *** 459,464 **** --- 471,478 ---- aclose(mesgf); if (createindex) aclose(indexf); + if (compout >= 0) aclose(compout); + if (cryptout >= 0) aclose(cryptout); } static void end_backup(goterror) *** client-src/sendbackup.c 2002/04/03 01:01:46 1.1 --- client-src/sendbackup.c 2002/04/03 00:42:41 *************** *** 39,44 **** --- 39,45 ---- #define TIMEOUT 30 + int cryptpid = -1; int comppid = -1; int dumppid = -1; int tarpid = -1; *************** *** 67,72 **** --- 68,75 ---- backup_program_t *program = NULL; + int sencrypt; + /* local functions */ int main P((int argc, char **argv)); void parse_options P((char *str, char *disk)); *************** *** 150,155 **** --- 153,159 ---- krb4_auth = strstr(str, "krb4-auth") != NULL; kencrypt = strstr(str, "kencrypt") != NULL; #endif + sencrypt = strstr(str, "sencrypt") != NULL; createindex = strstr(str, "index") != NULL; } *************** *** 161,166 **** --- 165,171 ---- char *bsd_opt = ""; char *krb4_opt = ""; char *kencrypt_opt = ""; + char *sencrypt_opt = ""; char *index_opt = ""; if(compress == COMPR_BEST) *************** *** 173,178 **** --- 178,184 ---- if(krb4_auth) krb4_opt = "krb4-auth;"; if(kencrypt) kencrypt_opt = "kencrypt;"; #endif + if(sencrypt) sencrypt_opt = "sencrypt;"; if(createindex) index_opt = "index;"; optstr = newvstralloc(optstr, *************** *** 182,187 **** --- 188,194 ---- bsd_opt, krb4_opt, kencrypt_opt, + sencrypt_opt, index_opt, estr ? estr : "", NULL); *************** *** 505,510 **** --- 512,518 ---- if(pid == comppid) return "compress"; if(pid == encpid) return "kencrypt"; if(pid == indexpid) return "index"; + if(pid == cryptpid) return "sencrypt"; return "unknown"; } *** client-src/sendbackup.h 2002/04/03 00:03:53 1.1 --- client-src/sendbackup.h 2002/04/03 00:42:41 *************** *** 80,82 **** --- 80,92 ---- extern char *efile; extern char *estr; + + #ifndef ENCRYPT_PATH + #define ENCRYPT_PATH "/local/bin/sst" + #ifdef ENCRYPT_OPT + #undef ENCRYPT_OPT + #endif + #define ENCRYPT_OPT "-celv" + /* #define ENCRYPT_OPT "-celddd" /* enable debugging messages */ + #endif + extern int sencrypt, cryptpid; *** server-src/amadmin.c 2002/04/03 02:04:37 1.1 --- server-src/amadmin.c 2002/04/03 02:06:57 *************** *** 1494,1499 **** --- 1494,1500 ---- break; } printf(" kencrypt %s\n", (dp->kencrypt? "YES" : "NO")); + printf(" sencrypt %s\n", (dp->sencrypt? "YES" : "NO")); printf(" holdingdisk %s\n", (!dp->no_hold? "YES" : "NO")); printf(" record %s\n", (dp->record? "YES" : "NO")); *** server-src/conffile.c 2002/04/03 02:04:37 1.1 --- server-src/conffile.c 2002/04/03 02:06:57 *************** *** 86,92 **** OPTIONS, PRIORITY, FREQUENCY, INDEX, STARTTIME, COMPRESS, AUTH, STRATEGY, SKIP_INCR, SKIP_FULL, RECORD, HOLDING, ! EXCLUDE, KENCRYPT, IGNORE, COMPRATE, /* tape type */ /*COMMENT,*/ LBL_TEMPL, FILEMARK, LENGTH, SPEED, --- 86,92 ---- OPTIONS, PRIORITY, FREQUENCY, INDEX, STARTTIME, COMPRESS, AUTH, STRATEGY, SKIP_INCR, SKIP_FULL, RECORD, HOLDING, ! EXCLUDE, KENCRYPT, SENCRYPT, IGNORE, COMPRATE, /* tape type */ /*COMMENT,*/ LBL_TEMPL, FILEMARK, LENGTH, SPEED, *************** *** 1060,1065 **** --- 1060,1066 ---- { "IGNORE", IGNORE }, { "INDEX", INDEX }, { "KENCRYPT", KENCRYPT }, + { "SENCRYPT", SENCRYPT }, { "MAXCYCLE", MAXCYCLE }, /* XXX - historical */ { "MAXDUMPS", MAXDUMPS }, { "OPTIONS", OPTIONS }, /* XXX - historical */ *************** *** 1165,1170 **** --- 1166,1175 ---- get_simple(&tmpval, &dpcur.s_kencrypt, BOOL); dpcur.kencrypt = (tmpval.i != 0); break; + case SENCRYPT: + get_simple(&tmpval, &dpcur.s_sencrypt, BOOL); + dpcur.sencrypt = (tmpval.i != 0); + break; case MAXCYCLE: get_simple((val_t *)&conf_maxcycle, &dpcur.s_maxcycle, INT); break; *************** *** 1271,1276 **** --- 1276,1282 ---- dpcur.skip_incr = dpcur.skip_full = 0; dpcur.no_hold = 0; dpcur.kencrypt = 0; + dpcur.sencrypt = 0; dpcur.ignore = 0; dpcur.index = 0; *************** *** 1292,1297 **** --- 1298,1304 ---- dpcur.s_skip_full = 0; dpcur.s_no_hold = 0; dpcur.s_kencrypt = 0; + dpcur.s_sencrypt = 0; dpcur.s_ignore = 0; dpcur.s_index = 0; } *************** *** 1347,1352 **** --- 1354,1360 ---- dtcopy(skip_full, s_skip_full); dtcopy(no_hold, s_no_hold); dtcopy(kencrypt, s_kencrypt); + dtcopy(sencrypt, s_sencrypt); dtcopy(ignore, s_ignore); dtcopy(index, s_index); } *************** *** 1595,1600 **** --- 1603,1609 ---- { "EXCLUDE-FILE", EXCLUDE_FILE }, { "EXCLUDE-LIST", EXCLUDE_LIST }, { "KENCRYPT", KENCRYPT }, + { "SENCRYPT", SENCRYPT }, { "SKIP-FULL", SKIP_FULL }, { "SKIP-INCR", SKIP_INCR }, { NULL, IDENT } *************** *** 1626,1631 **** --- 1635,1641 ---- dpcur.exclude_list = 1; break; case KENCRYPT: ckseen(&dpcur.s_kencrypt); dpcur.kencrypt = 1; break; + case SENCRYPT: ckseen(&dpcur.s_sencrypt); dpcur.sencrypt = 1; break; case SKIP_INCR: ckseen(&dpcur.s_skip_incr); dpcur.skip_incr= 1; break; case SKIP_FULL: ckseen(&dpcur.s_skip_full); dpcur.skip_full= 1; break; case INDEX: ckseen(&dpcur.s_index); dpcur.index = 1; break; *************** *** 2446,2451 **** --- 2456,2462 ---- if(dp->skip_full) printf(" SKIP-FULL"); if(dp->no_hold) printf(" NO-HOLD"); if(dp->kencrypt) printf(" KENCRYPT"); + if(dp->sencrypt) printf(" SENCRYPT"); /* an ignored disk will never reach this point */ assert(!dp->ignore); if(dp->index) printf(" INDEX"); *** server-src/conffile.h 2002/04/03 02:04:37 1.1 --- server-src/conffile.h 2002/04/03 02:06:57 *************** *** 115,120 **** --- 115,121 ---- unsigned int skip_full:1; unsigned int no_hold:1; unsigned int kencrypt:1; + unsigned int sencrypt:1; unsigned int ignore:1; unsigned int index:1; *************** *** 137,142 **** --- 138,144 ---- int s_skip_full; int s_no_hold; int s_kencrypt; + int s_sencrypt; int s_ignore; int s_index; } dumptype_t; *** server-src/diskfile.c 2002/04/03 02:04:37 1.1 --- server-src/diskfile.c 2002/04/03 02:06:57 *************** *** 367,372 **** --- 367,373 ---- disk->skip_full = dtype->skip_full; disk->no_hold = dtype->no_hold; disk->kencrypt = dtype->kencrypt; + disk->sencrypt = dtype->sencrypt; disk->index = dtype->index; skip_whitespace(s, ch); *************** *** 482,487 **** --- 483,489 ---- static char *str = NULL; char *auth_opt = ""; char *kencrypt_opt = ""; + char *sencrypt_opt = ""; char *compress_opt = ""; char *record_opt = ""; char *index_opt = ""; *************** *** 497,502 **** --- 499,505 ---- auth_opt = "krb4-auth;"; if(dp->kencrypt) kencrypt_opt = "kencrypt;"; } + if(dp->sencrypt) sencrypt_opt = "sencrypt;"; switch(dp->compress) { case COMP_FAST: *************** *** 525,530 **** --- 528,534 ---- return vstralloc(";", auth_opt, kencrypt_opt, + sencrypt_opt, compress_opt, record_opt, index_opt, *** server-src/diskfile.h 2002/04/03 02:04:37 1.1 --- server-src/diskfile.h 2002/04/03 02:06:57 *************** *** 73,78 **** --- 73,79 ---- int skip_full:1; /* fulls done externally ? */ int no_hold:1; /* don't use holding disk ? */ int kencrypt:1; + int sencrypt:1; int index:1; /* produce an index ? */ int spindle; /* spindle # - for parallel dumps */ int inprogress; /* being dumped now? */ *** server-src/dumper.c 2002/04/03 02:04:37 1.1 --- server-src/dumper.c 2002/04/03 02:06:57 *************** *** 105,110 **** --- 105,121 ---- int indexfd = -1; int amanda_port; + int decrypt, cryptpid; + + #ifndef DECRYPT_PATH + #define DECRYPT_PATH "/local/bin/sst" + #ifdef DECRYPT_OPT + #undef DECRYPT_OPT + #endif + #define DECRYPT_OPT "-slv" + /* #define DECRYPT_OPT "-slddd" /* for debugging messages */ + #endif /* DECRYPT_PATH */ + /* local functions */ int main P((int main_argc, char **main_argv)); static cmd_t getcmd P((void)); *************** *** 138,143 **** --- 149,155 ---- srvcompress = srvcomp_fast; else srvcompress = srvcomp_none; + decrypt = (strstr(options, "sencrypt;") != NULL); } void service_ports_init() *************** *** 952,957 **** --- 964,970 ---- fd_set readset, selectset; struct timeval timeout; int outpipe[2]; + int netpipe[2]; int header_done; /* flag - header has been written */ char *indexfile_tmp = NULL; char *indexfile_real = NULL; *************** *** 1018,1023 **** --- 1031,1077 ---- } amfree(errfname); + /* insert pipe in the *READ* side, if decryption is desired */ + cryptpid = -1; + if (decrypt) { + int tmpfd; + + tmpfd = datafd; + if(socketpair(AF_UNIX, SOCK_STREAM, 0, netpipe) == -1) + error("socketpair: %s", strerror(errno)); + datafd = netpipe[0]; + if(datafd < 0 || datafd >= FD_SETSIZE) { + aclose(netpipe[0]); + aclose(netpipe[1]); + errstr = newstralloc(errstr, "descriptor out of range"); + errno = EMFILE; + goto failed; + } + switch(cryptpid=fork()) { + case -1: + errstr = newstralloc2(errstr, "couldn't fork: ", strerror(errno)); + goto failed; + default: + aclose(netpipe[1]); + aclose(tmpfd); + break; + case 0: + aclose(netpipe[0]); + /* child acts on stdin/stdout */ + if (dup2(netpipe[1],1) == -1) + fprintf(stderr, "err dup2 out: %s\n", strerror(errno)); + if (dup2(tmpfd, 0) == -1) + fprintf(stderr, "err dup2 in: %s\n", strerror(errno)); + for(tmpfd = 3; tmpfd <= FD_SETSIZE; ++tmpfd) { + close(tmpfd); + } + /* now spawn sst to take care of the rest */ + execlp(DECRYPT_PATH, DECRYPT_PATH, DECRYPT_OPT, (char *)0); + error("error: couldn't exec %s.\n", DECRYPT_PATH); + } + /* Now the pipe has been inserted. */ + } + /* insert pipe in the *READ* side, if server-side compression is desired */ compresspid = -1; if (srvcompress) { *************** *** 1395,1400 **** --- 1449,1466 ---- if(errno != ESRCH) fprintf(stderr,"%s: can't kill index command: %s\n", get_pname(),strerror(errno)); + } + } + + if(cryptpid != -1) { + killerr = kill(cryptpid,SIGTERM); + if(killerr == 0) { + fprintf(stderr,"%s: kill decrypt command\n",get_pname()); + } + else if ( killerr == -1 ) { + if(errno != ESRCH) + fprintf(stderr,"%s: can't kill decrypt command: %s\n", + get_pname(), strerror(errno)); } }