From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E965469CDD for ; Mon, 10 Aug 2020 13:25:55 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id E3FAA147B5 for ; Mon, 10 Aug 2020 13:25:25 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 29951147AB for ; Mon, 10 Aug 2020 13:25:25 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id ECAB044548 for ; Mon, 10 Aug 2020 13:25:24 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pbs-devel@lists.proxmox.com Date: Mon, 10 Aug 2020 13:25:06 +0200 Message-Id: <20200810112509.70129-4-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200810112509.70129-1-f.gruenbichler@proxmox.com> References: <20200810112509.70129-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.045 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pbs-devel] [PATCH proxmox-backup 2/5] datastore api: verify blob/index csum from manifest X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2020 11:25:56 -0000 when dowloading decoded files. Signed-off-by: Fabian Grünbichler --- src/api2/admin/datastore.rs | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/api2/admin/datastore.rs b/src/api2/admin/datastore.rs index d535b4d2..462b8d9c 100644 --- a/src/api2/admin/datastore.rs +++ b/src/api2/admin/datastore.rs @@ -951,7 +951,7 @@ fn download_file_decoded( let allowed = (user_privs & PRIV_DATASTORE_READ) != 0; if !allowed { check_backup_owner(&datastore, backup_dir.group(), &userid)?; } - let (_manifest, files) = read_backup_index(&datastore, &backup_dir)?; + let (manifest, files) = read_backup_index(&datastore, &backup_dir)?; for file in files { if file.filename == file_name && file.crypt_mode == Some(CryptMode::Encrypt) { bail!("cannot decode '{}' - is encrypted", file_name); @@ -970,6 +970,8 @@ fn download_file_decoded( "didx" => { let index = DynamicIndexReader::open(&path) .map_err(|err| format_err!("unable to read dynamic index '{:?}' - {}", &path, err))?; + let (csum, size) = index.compute_csum(); + manifest.verify_file(&file_name, &csum, size)?; let chunk_reader = LocalChunkReader::new(datastore, None); let reader = AsyncIndexReader::new(index, chunk_reader); @@ -983,6 +985,9 @@ fn download_file_decoded( let index = FixedIndexReader::open(&path) .map_err(|err| format_err!("unable to read fixed index '{:?}' - {}", &path, err))?; + let (csum, size) = index.compute_csum(); + manifest.verify_file(&file_name, &csum, size)?; + let chunk_reader = LocalChunkReader::new(datastore, None); let reader = AsyncIndexReader::new(index, chunk_reader); Body::wrap_stream(AsyncReaderStream::with_buffer_size(reader, 4*1024*1024) @@ -995,6 +1000,8 @@ fn download_file_decoded( let file = std::fs::File::open(&path) .map_err(|err| http_err!(BAD_REQUEST, "File open failed: {}", err))?; + // FIXME: load full blob to verify index checksum? + Body::wrap_stream( WrappedReaderStream::new(DataBlobReader::new(file, None)?) .map_err(move |err| { @@ -1135,7 +1142,7 @@ fn catalog( let file_name = CATALOG_NAME; - let (_manifest, files) = read_backup_index(&datastore, &backup_dir)?; + let (manifest, files) = read_backup_index(&datastore, &backup_dir)?; for file in files { if file.filename == file_name && file.crypt_mode == Some(CryptMode::Encrypt) { bail!("cannot decode '{}' - is encrypted", file_name); @@ -1149,6 +1156,9 @@ fn catalog( let index = DynamicIndexReader::open(&path) .map_err(|err| format_err!("unable to read dynamic index '{:?}' - {}", &path, err))?; + let (csum, size) = index.compute_csum(); + manifest.verify_file(&file_name, &csum, size)?; + let chunk_reader = LocalChunkReader::new(datastore, None); let reader = BufferedDynamicReader::new(index, chunk_reader); @@ -1255,7 +1265,7 @@ fn pxar_file_download( let mut split = components.splitn(2, |c| *c == '/' as u8); let pxar_name = std::str::from_utf8(split.next().unwrap())?; let file_path = split.next().ok_or(format_err!("filepath looks strange '{}'", filepath))?; - let (_manifest, files) = read_backup_index(&datastore, &backup_dir)?; + let (manifest, files) = read_backup_index(&datastore, &backup_dir)?; for file in files { if file.filename == pxar_name && file.crypt_mode == Some(CryptMode::Encrypt) { bail!("cannot decode '{}' - is encrypted", pxar_name); @@ -1269,6 +1279,9 @@ fn pxar_file_download( let index = DynamicIndexReader::open(&path) .map_err(|err| format_err!("unable to read dynamic index '{:?}' - {}", &path, err))?; + let (csum, size) = index.compute_csum(); + manifest.verify_file(&pxar_name, &csum, size)?; + let chunk_reader = LocalChunkReader::new(datastore, None); let reader = BufferedDynamicReader::new(index, chunk_reader); let archive_size = reader.archive_size(); -- 2.20.1