]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-client.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vsock_client: support authorization header
[proxmox-backup.git] / src / bin / proxmox-backup-client.rs
CommitLineData
f1a83e97 1use std::collections::HashSet;
0351f23b
WB		 2use std::convert::TryFrom;
3use std::io::{self, Read, Write, Seek, SeekFrom};
4use std::os::unix::io::{FromRawFd, RawFd};
c443f58b
WB		 5use std::path::{Path, PathBuf};
6use std::pin::Pin;
7use std::sync::{Arc, Mutex};
a6f87283 8use std::task::Context;
c443f58b
WB		 9
10use anyhow::{bail, format_err, Error};
c443f58b 11use futures::future::FutureExt;
c443f58b 12use futures::stream::{StreamExt, TryStreamExt};
c443f58b 13use serde_json::{json, Value};
c443f58b 14use tokio::sync::mpsc;
7c667013 15use tokio_stream::wrappers::ReceiverStream;
c443f58b 16use xdg::BaseDirectories;
2761d6a4 17
c443f58b 18use pathpatterns::{MatchEntry, MatchType, PatternFlag};
6a7be83e
DM		 19use proxmox::{
20 tools::{
21 time::{strftime_local, epoch_i64},
22 fs::{file_get_contents, file_get_json, replace_file, CreateOptions, image_size},
23 },
24 api::{
25 api,
26 ApiHandler,
27 ApiMethod,
28 RpcEnvironment,
29 schema::*,
30 cli::*,
31 },
32};
a6f87283 33use pxar::accessor::{MaybeReady, ReadAt, ReadAtOperation};
ff5d3707 34
f1d76ecf
DC		 35use proxmox_backup::tools::{
36 self,
37 StdChannelWriter,
38 TokioWriterAdapter,
39};
bbf9e7e9 40use proxmox_backup::api2::types::*;
e39974af 41use proxmox_backup::api2::version;
151c6ce2 42use proxmox_backup::client::*;
c443f58b 43use proxmox_backup::pxar::catalog::*;
4d16badf
WB		 44use proxmox_backup::backup::{
45 archive_type,
0351f23b 46 decrypt_key,
8acfd15d 47 rsa_encrypt_key_config,
4d16badf
WB		 48 verify_chunk_size,
49 ArchiveType,
8e6e18b7 50 AsyncReadChunk,
4d16badf
WB		 51 BackupDir,
52 BackupGroup,
53 BackupManifest,
54 BufferedDynamicReader,
f28d9088 55 CATALOG_NAME,
4d16badf
WB		 56 CatalogReader,
57 CatalogWriter,
4d16badf
WB		 58 ChunkStream,
59 CryptConfig,
f28d9088 60 CryptMode,
4d16badf 61 DynamicIndexReader,
9990af30 62 ENCRYPTED_KEY_BLOB_NAME,
4d16badf
WB		 63 FixedChunkStream,
64 FixedIndexReader,
8acfd15d 65 KeyConfig,
4d16badf 66 IndexFile,
4d16badf 67 MANIFEST_BLOB_NAME,
4d16badf
WB		 68 Shell,
69};
ae0be2dd 70
caea8d61
DM		 71mod proxmox_backup_client;
72use proxmox_backup_client::*;
73
f1a83e97
SR		 74mod proxmox_client_tools;
75use proxmox_client_tools::*;
2665cef7 76
d0a03d40
DM		 77fn record_repository(repo: &BackupRepository) {
78
79 let base = match BaseDirectories::with_prefix("proxmox-backup") {
80 Ok(v) => v,
81 _ => return,
82 };
83
84 // usually $HOME/.cache/proxmox-backup/repo-list
85 let path = match base.place_cache_file("repo-list") {
86 Ok(v) => v,
87 _ => return,
88 };
89
11377a47 90 let mut data = file_get_json(&path, None).unwrap_or_else(|_| json!({}));
d0a03d40
DM		 91
92 let repo = repo.to_string();
93
94 data[&repo] = json!{ data[&repo].as_i64().unwrap_or(0) + 1 };
95
96 let mut map = serde_json::map::Map::new();
97
98 loop {
99 let mut max_used = 0;
100 let mut max_repo = None;
101 for (repo, count) in data.as_object().unwrap() {
102 if map.contains_key(repo) { continue; }
103 if let Some(count) = count.as_i64() {
104 if count > max_used {
105 max_used = count;
106 max_repo = Some(repo);
107 }
108 }
109 }
110 if let Some(repo) = max_repo {
111 map.insert(repo.to_owned(), json!(max_used));
112 } else {
113 break;
114 }
115 if map.len() > 10 { // store max. 10 repos
116 break;
117 }
118 }
119
120 let new_data = json!(map);
121
feaa1ad3 122 let _ = replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new());
d0a03d40
DM		 123}
124
42af4b8f
DM		 125async fn api_datastore_list_snapshots(
126 client: &HttpClient,
127 store: &str,
128 group: Option<BackupGroup>,
f24fc116 129) -> Result<Value, Error> {
42af4b8f
DM		 130
131 let path = format!("api2/json/admin/datastore/{}/snapshots", store);
132
133 let mut args = json!({});
134 if let Some(group) = group {
135 args["backup-type"] = group.backup_type().into();
136 args["backup-id"] = group.backup_id().into();
137 }
138
139 let mut result = client.get(&path, Some(args)).await?;
140
f24fc116 141 Ok(result["data"].take())
42af4b8f
DM		 142}
143
43abba4b 144pub async fn api_datastore_latest_snapshot(
27c9affb
DM		 145 client: &HttpClient,
146 store: &str,
147 group: BackupGroup,
6a7be83e 148) -> Result<(String, String, i64), Error> {
27c9affb 149
f24fc116
DM		 150 let list = api_datastore_list_snapshots(client, store, Some(group.clone())).await?;
151 let mut list: Vec<SnapshotListItem> = serde_json::from_value(list)?;
27c9affb
DM		 152
153 if list.is_empty() {
154 bail!("backup group {:?} does not contain any snapshots.", group.group_path());
155 }
156
157 list.sort_unstable_by(|a, b| b.backup_time.cmp(&a.backup_time));
158
6a7be83e 159 let backup_time = list[0].backup_time;
27c9affb
DM		 160
161 Ok((group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time))
162}
163
e9722f8b 164async fn backup_directory<P: AsRef<Path>>(
cf9271e2 165 client: &BackupWriter,
17d6979a 166 dir_path: P,
247cdbce 167 archive_name: &str,
36898ffc 168 chunk_size: Option<usize>,
f1d76ecf 169 catalog: Arc<Mutex<CatalogWriter<TokioWriterAdapter<StdChannelWriter>>>>,
77486a60 170 pxar_create_options: proxmox_backup::pxar::PxarCreateOptions,
e43b9175 171 upload_options: UploadOptions,
2c3891d1 172) -> Result<BackupStats, Error> {
33d64b81 173
6fc053ed
CE		 174 let pxar_stream = PxarBackupStream::open(
175 dir_path.as_ref(),
6fc053ed 176 catalog,
77486a60 177 pxar_create_options,
6fc053ed 178 )?;
e9722f8b 179 let mut chunk_stream = ChunkStream::new(pxar_stream, chunk_size);
ff3d3100 180
0bfcea6a 181 let (tx, rx) = mpsc::channel(10); // allow to buffer 10 chunks
5e7a09be 182
7c667013 183 let stream = ReceiverStream::new(rx)
e9722f8b 184 .map_err(Error::from);
17d6979a 185
c4ff3dce 186 // spawn chunker inside a separate task so that it can run parallel
e9722f8b 187 tokio::spawn(async move {
db0cb9ce
WB		 188 while let Some(v) = chunk_stream.next().await {
189 let _ = tx.send(v).await;
190 }
e9722f8b 191 });
17d6979a 192
e43b9175
FG		 193 if upload_options.fixed_size.is_some() {
194 bail!("cannot backup directory with fixed chunk size!");
195 }
196
e9722f8b 197 let stats = client
e43b9175 198 .upload_stream(archive_name, stream, upload_options)
e9722f8b 199 .await?;
bcd879cf 200
2c3891d1 201 Ok(stats)
bcd879cf
DM		 202}
203
e9722f8b 204async fn backup_image<P: AsRef<Path>>(
cf9271e2 205 client: &BackupWriter,
6af905c1
DM		 206 image_path: P,
207 archive_name: &str,
36898ffc 208 chunk_size: Option<usize>,
e43b9175 209 upload_options: UploadOptions,
2c3891d1 210) -> Result<BackupStats, Error> {
6af905c1 211
6af905c1
DM		 212 let path = image_path.as_ref().to_owned();
213
e9722f8b 214 let file = tokio::fs::File::open(path).await?;
6af905c1 215
db0cb9ce 216 let stream = tokio_util::codec::FramedRead::new(file, tokio_util::codec::BytesCodec::new())
6af905c1
DM		 217 .map_err(Error::from);
218
36898ffc 219 let stream = FixedChunkStream::new(stream, chunk_size.unwrap_or(4*1024*1024));
6af905c1 220
e43b9175
FG		 221 if upload_options.fixed_size.is_none() {
222 bail!("cannot backup image with dynamic chunk size!");
223 }
224
e9722f8b 225 let stats = client
e43b9175 226 .upload_stream(archive_name, stream, upload_options)
e9722f8b 227 .await?;
6af905c1 228
2c3891d1 229 Ok(stats)
6af905c1
DM		 230}
231
a47a02ae
DM		 232#[api(
233 input: {
234 properties: {
235 repository: {
236 schema: REPO_URL_SCHEMA,
237 optional: true,
238 },
239 "output-format": {
240 schema: OUTPUT_FORMAT,
241 optional: true,
242 },
243 }
244 }
245)]
246/// List backup groups.
247async fn list_backup_groups(param: Value) -> Result<Value, Error> {
812c6f87 248
c81b2b7c
DM		 249 let output_format = get_output_format(&param);
250
2665cef7 251 let repo = extract_repository_from_value(&param)?;
812c6f87 252
f3fde36b 253 let client = connect(&repo)?;
812c6f87 254
d0a03d40 255 let path = format!("api2/json/admin/datastore/{}/groups", repo.store());
812c6f87 256
8a8a4703 257 let mut result = client.get(&path, None).await?;
812c6f87 258
d0a03d40
DM		 259 record_repository(&repo);
260
c81b2b7c
DM		 261 let render_group_path = |_v: &Value, record: &Value| -> Result<String, Error> {
262 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
263 let group = BackupGroup::new(item.backup_type, item.backup_id);
264 Ok(group.group_path().to_str().unwrap().to_owned())
265 };
812c6f87 266
18deda40
DM		 267 let render_last_backup = |_v: &Value, record: &Value| -> Result<String, Error> {
268 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
e0e5b442 269 let snapshot = BackupDir::new(item.backup_type, item.backup_id, item.last_backup)?;
18deda40 270 Ok(snapshot.relative_path().to_str().unwrap().to_owned())
c81b2b7c 271 };
812c6f87 272
c81b2b7c
DM		 273 let render_files = |_v: &Value, record: &Value| -> Result<String, Error> {
274 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
4939255f 275 Ok(tools::format::render_backup_file_list(&item.files))
c81b2b7c 276 };
812c6f87 277
c81b2b7c
DM		 278 let options = default_table_format_options()
279 .sortby("backup-type", false)
280 .sortby("backup-id", false)
281 .column(ColumnConfig::new("backup-id").renderer(render_group_path).header("group"))
18deda40
DM		 282 .column(
283 ColumnConfig::new("last-backup")
284 .renderer(render_last_backup)
285 .header("last snapshot")
286 .right_align(false)
287 )
c81b2b7c
DM		 288 .column(ColumnConfig::new("backup-count"))
289 .column(ColumnConfig::new("files").renderer(render_files));
ad20d198 290
c81b2b7c 291 let mut data: Value = result["data"].take();
ad20d198 292
b2362a12 293 let return_type = &proxmox_backup::api2::admin::datastore::API_METHOD_LIST_GROUPS.returns;
812c6f87 294
b2362a12 295 format_and_print_result_full(&mut data, return_type, &output_format, &options);
34a816cc 296
812c6f87
DM		 297 Ok(Value::Null)
298}
299
344add38
DW		 300#[api(
301 input: {
302 properties: {
303 repository: {
304 schema: REPO_URL_SCHEMA,
305 optional: true,
306 },
307 group: {
308 type: String,
309 description: "Backup group.",
310 },
311 "new-owner": {
e6dc35ac 312 type: Authid,
344add38
DW		 313 },
314 }
315 }
316)]
317/// Change owner of a backup group
318async fn change_backup_owner(group: String, mut param: Value) -> Result<(), Error> {
319
320 let repo = extract_repository_from_value(&param)?;
321
f3fde36b 322 let mut client = connect(&repo)?;
344add38
DW		 323
324 param.as_object_mut().unwrap().remove("repository");
325
326 let group: BackupGroup = group.parse()?;
327
328 param["backup-type"] = group.backup_type().into();
329 param["backup-id"] = group.backup_id().into();
330
331 let path = format!("api2/json/admin/datastore/{}/change-owner", repo.store());
332 client.post(&path, Some(param)).await?;
333
334 record_repository(&repo);
335
336 Ok(())
337}
338
a47a02ae
DM		 339#[api(
340 input: {
341 properties: {
342 repository: {
343 schema: REPO_URL_SCHEMA,
344 optional: true,
345 },
346 }
347 }
348)]
349/// Try to login. If successful, store ticket.
350async fn api_login(param: Value) -> Result<Value, Error> {
e240d8be
DM		 351
352 let repo = extract_repository_from_value(&param)?;
353
f3fde36b 354 let client = connect(&repo)?;
8a8a4703 355 client.login().await?;
e240d8be
DM		 356
357 record_repository(&repo);
358
359 Ok(Value::Null)
360}
361
a47a02ae
DM		 362#[api(
363 input: {
364 properties: {
365 repository: {
366 schema: REPO_URL_SCHEMA,
367 optional: true,
368 },
369 }
370 }
371)]
372/// Logout (delete stored ticket).
373fn api_logout(param: Value) -> Result<Value, Error> {
e240d8be
DM		 374
375 let repo = extract_repository_from_value(&param)?;
376
5030b7ce 377 delete_ticket_info("proxmox-backup", repo.host(), repo.user())?;
e240d8be
DM		 378
379 Ok(Value::Null)
380}
381
e39974af
TL		 382#[api(
383 input: {
384 properties: {
385 repository: {
386 schema: REPO_URL_SCHEMA,
387 optional: true,
388 },
389 "output-format": {
390 schema: OUTPUT_FORMAT,
391 optional: true,
392 },
393 }
394 }
395)]
396/// Show client and optional server version
397async fn api_version(param: Value) -> Result<(), Error> {
398
399 let output_format = get_output_format(&param);
400
401 let mut version_info = json!({
402 "client": {
403 "version": version::PROXMOX_PKG_VERSION,
404 "release": version::PROXMOX_PKG_RELEASE,
405 "repoid": version::PROXMOX_PKG_REPOID,
406 }
407 });
408
409 let repo = extract_repository_from_value(&param);
410 if let Ok(repo) = repo {
f3fde36b 411 let client = connect(&repo)?;
e39974af
TL		 412
413 match client.get("api2/json/version", None).await {
414 Ok(mut result) => version_info["server"] = result["data"].take(),
415 Err(e) => eprintln!("could not connect to server - {}", e),
416 }
417 }
418 if output_format == "text" {
419 println!("client version: {}.{}", version::PROXMOX_PKG_VERSION, version::PROXMOX_PKG_RELEASE);
420 if let Some(server) = version_info["server"].as_object() {
421 let server_version = server["version"].as_str().unwrap();
422 let server_release = server["release"].as_str().unwrap();
423 println!("server version: {}.{}", server_version, server_release);
424 }
425 } else {
426 format_and_print_result(&version_info, &output_format);
427 }
428
429 Ok(())
430}
431
a47a02ae 432#[api(
94913f35 433 input: {
a47a02ae
DM		 434 properties: {
435 repository: {
436 schema: REPO_URL_SCHEMA,
437 optional: true,
438 },
94913f35
DM		 439 "output-format": {
440 schema: OUTPUT_FORMAT,
441 optional: true,
442 },
443 },
444 },
a47a02ae
DM		 445)]
446/// Start garbage collection for a specific repository.
447async fn start_garbage_collection(param: Value) -> Result<Value, Error> {
8cc0d6af 448
2665cef7 449 let repo = extract_repository_from_value(&param)?;
c2043614
DM		 450
451 let output_format = get_output_format(&param);
8cc0d6af 452
f3fde36b 453 let mut client = connect(&repo)?;
8cc0d6af 454
d0a03d40 455 let path = format!("api2/json/admin/datastore/{}/gc", repo.store());
8cc0d6af 456
8a8a4703 457 let result = client.post(&path, None).await?;
8cc0d6af 458
8a8a4703 459 record_repository(&repo);
d0a03d40 460
e68269fc 461 view_task_result(&mut client, result, &output_format).await?;
e5f7def4 462
e5f7def4 463 Ok(Value::Null)
8cc0d6af 464}
33d64b81 465
6d233161 466struct CatalogUploadResult {
f1d76ecf 467 catalog_writer: Arc<Mutex<CatalogWriter<TokioWriterAdapter<StdChannelWriter>>>>,
6d233161
FG		 468 result: tokio::sync::oneshot::Receiver<Result<BackupStats, Error>>,
469}
470
bf6e3217 471fn spawn_catalog_upload(
3bad3e6e 472 client: Arc<BackupWriter>,
3638341a 473 encrypt: bool,
6d233161 474) -> Result<CatalogUploadResult, Error> {
f1d99e3f
DM		 475 let (catalog_tx, catalog_rx) = std::sync::mpsc::sync_channel(10); // allow to buffer 10 writes
476 let catalog_stream = crate::tools::StdChannelStream(catalog_rx);
bf6e3217
DM		 477 let catalog_chunk_size = 512*1024;
478 let catalog_chunk_stream = ChunkStream::new(catalog_stream, Some(catalog_chunk_size));
479
f1d76ecf 480 let catalog_writer = Arc::new(Mutex::new(CatalogWriter::new(TokioWriterAdapter::new(StdChannelWriter::new(catalog_tx)))?));
bf6e3217
DM		 481
482 let (catalog_result_tx, catalog_result_rx) = tokio::sync::oneshot::channel();
483
e43b9175
FG		 484 let upload_options = UploadOptions {
485 encrypt,
486 compress: true,
487 ..UploadOptions::default()
488 };
489
bf6e3217
DM		 490 tokio::spawn(async move {
491 let catalog_upload_result = client
e43b9175 492 .upload_stream(CATALOG_NAME, catalog_chunk_stream, upload_options)
bf6e3217
DM		 493 .await;
494
495 if let Err(ref err) = catalog_upload_result {
496 eprintln!("catalog upload error - {}", err);
497 client.cancel();
498 }
499
500 let _ = catalog_result_tx.send(catalog_upload_result);
501 });
502
6d233161 503 Ok(CatalogUploadResult { catalog_writer, result: catalog_result_rx })
bf6e3217
DM		 504}
505
2f26b866
FG		 506#[derive(Clone, Debug, Eq, PartialEq)]
507enum KeySource {
508 DefaultKey,
509 Fd,
510 Path(String),
511}
512
513fn format_key_source(source: &KeySource, key_type: &str) -> String {
514 match source {
515 KeySource::DefaultKey => format!("Using default {} key..", key_type),
516 KeySource::Fd => format!("Using {} key from file descriptor..", key_type),
517 KeySource::Path(path) => format!("Using {} key from '{}'..", key_type, path),
518 }
519}
520
521#[derive(Clone, Debug, Eq, PartialEq)]
522struct KeyWithSource {
523 pub source: KeySource,
524 pub key: Vec<u8>,
525}
526
527impl KeyWithSource {
528 pub fn from_fd(key: Vec<u8>) -> Self {
529 Self {
530 source: KeySource::Fd,
531 key,
532 }
533 }
534
535 pub fn from_default(key: Vec<u8>) -> Self {
536 Self {
537 source: KeySource::DefaultKey,
538 key,
539 }
540 }
541
542 pub fn from_path(path: String, key: Vec<u8>) -> Self {
543 Self {
544 source: KeySource::Path(path),
545 key,
546 }
547 }
548}
549
c6a7ea0a
FG		 550#[derive(Debug, Eq, PartialEq)]
551struct CryptoParams {
552 mode: CryptMode,
2f26b866 553 enc_key: Option<KeyWithSource>,
c0a87c12 554 // FIXME switch to openssl::rsa::rsa<openssl::pkey::Public> once that is Eq?
2f26b866 555 master_pubkey: Option<KeyWithSource>,
c6a7ea0a
FG		 556}
557
558fn crypto_parameters(param: &Value) -> Result<CryptoParams, Error> {
f28d9088
WB		 559 let keyfile = match param.get("keyfile") {
560 Some(Value::String(keyfile)) => Some(keyfile),
561 Some(_) => bail!("bad --keyfile parameter type"),
562 None => None,
563 };
564
0351f23b
WB		 565 let key_fd = match param.get("keyfd") {
566 Some(Value::Number(key_fd)) => Some(
567 RawFd::try_from(key_fd
568 .as_i64()
569 .ok_or_else(|| format_err!("bad key fd: {:?}", key_fd))?
570 )
571 .map_err(|err| format_err!("bad key fd: {:?}: {}", key_fd, err))?
572 ),
573 Some(_) => bail!("bad --keyfd parameter type"),
574 None => None,
575 };
576
c0a87c12
FG		 577 let master_pubkey_file = match param.get("master-pubkey-file") {
578 Some(Value::String(keyfile)) => Some(keyfile),
579 Some(_) => bail!("bad --master-pubkey-file parameter type"),
580 None => None,
581 };
582
583 let master_pubkey_fd = match param.get("master-pubkey-fd") {
584 Some(Value::Number(key_fd)) => Some(
585 RawFd::try_from(key_fd
586 .as_i64()
587 .ok_or_else(|| format_err!("bad master public key fd: {:?}", key_fd))?
588 )
589 .map_err(|err| format_err!("bad public master key fd: {:?}: {}", key_fd, err))?
590 ),
591 Some(_) => bail!("bad --master-pubkey-fd parameter type"),
592 None => None,
593 };
594
c6a7ea0a 595 let mode: Option<CryptMode> = match param.get("crypt-mode") {
f28d9088
WB		 596 Some(mode) => Some(serde_json::from_value(mode.clone())?),
597 None => None,
598 };
599
2f26b866 600 let key = match (keyfile, key_fd) {
0351f23b
WB		 601 (None, None) => None,
602 (Some(_), Some(_)) => bail!("--keyfile and --keyfd are mutually exclusive"),
2f26b866
FG		 603 (Some(keyfile), None) => Some(KeyWithSource::from_path(
604 keyfile.clone(),
605 file_get_contents(keyfile)?,
606 )),
0351f23b
WB		 607 (None, Some(fd)) => {
608 let input = unsafe { std::fs::File::from_raw_fd(fd) };
609 let mut data = Vec::new();
2f26b866
FG		 610 let _len: usize = { input }.read_to_end(&mut data).map_err(|err| {
611 format_err!("error reading encryption key from fd {}: {}", fd, err)
612 })?;
613 Some(KeyWithSource::from_fd(data))
0351f23b
WB		 614 }
615 };
616
2f26b866 617 let master_pubkey = match (master_pubkey_file, master_pubkey_fd) {
c0a87c12
FG		 618 (None, None) => None,
619 (Some(_), Some(_)) => bail!("--keyfile and --keyfd are mutually exclusive"),
2f26b866
FG		 620 (Some(keyfile), None) => Some(KeyWithSource::from_path(
621 keyfile.clone(),
622 file_get_contents(keyfile)?,
623 )),
c0a87c12
FG		 624 (None, Some(fd)) => {
625 let input = unsafe { std::fs::File::from_raw_fd(fd) };
626 let mut data = Vec::new();
2f26b866
FG		 627 let _len: usize = { input }
628 .read_to_end(&mut data)
629 .map_err(|err| format_err!("error reading master key from fd {}: {}", fd, err))?;
630 Some(KeyWithSource::from_fd(data))
c0a87c12
FG		 631 }
632 };
633
94328389
FG		 634 let res = match mode {
635 // no crypt mode, enable encryption if keys are available
2f26b866 636 None => match (key, master_pubkey) {
94328389
FG		 637 // only default keys if available
638 (None, None) => match key::read_optional_default_encryption_key()? {
639 None => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None },
640 enc_key => {
94328389
FG		 641 let master_pubkey = key::read_optional_default_master_pubkey()?;
642 CryptoParams {
643 mode: CryptMode::Encrypt,
644 enc_key,
645 master_pubkey,
646 }
647 },
648 },
649
650 // explicit master key, default enc key needed
651 (None, master_pubkey) => match key::read_optional_default_encryption_key()? {
652 None => bail!("--master-pubkey-file/--master-pubkey-fd specified, but no key available"),
653 enc_key => {
94328389
FG		 654 CryptoParams {
655 mode: CryptMode::Encrypt,
656 enc_key,
657 master_pubkey,
658 }
659 },
8c6854c8 660 },
96ee8577 661
94328389
FG		 662 // explicit keyfile, maybe default master key
663 (enc_key, None) => CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey: key::read_optional_default_master_pubkey()? },
c0a87c12 664
94328389
FG		 665 // explicit keyfile and master key
666 (enc_key, master_pubkey) => CryptoParams { mode: CryptMode::Encrypt, enc_key, master_pubkey },
c0a87c12
FG		 667 },
668
94328389 669 // explicitly disabled encryption
2f26b866 670 Some(CryptMode::None) => match (key, master_pubkey) {
94328389
FG		 671 // no keys => OK, no encryption
672 (None, None) => CryptoParams { mode: CryptMode::None, enc_key: None, master_pubkey: None },
673
674 // --keyfile and --crypt-mode=none
675 (Some(_), _) => bail!("--keyfile/--keyfd and --crypt-mode=none are mutually exclusive"),
676
677 // --master-pubkey-file and --crypt-mode=none
678 (_, Some(_)) => bail!("--master-pubkey-file/--master-pubkey-fd and --crypt-mode=none are mutually exclusive"),
c0a87c12 679 },
96ee8577 680
94328389 681 // explicitly enabled encryption
2f26b866 682 Some(mode) => match (key, master_pubkey) {
94328389
FG		 683 // no key, maybe master key
684 (None, master_pubkey) => match key::read_optional_default_encryption_key()? {
685 None => bail!("--crypt-mode without --keyfile and no default key file available"),
c0a87c12
FG		 686 enc_key => {
687 eprintln!("Encrypting with default encryption key!");
94328389
FG		 688 let master_pubkey = match master_pubkey {
689 None => key::read_optional_default_master_pubkey()?,
690 master_pubkey => master_pubkey,
691 };
692
c0a87c12 693 CryptoParams {
94328389 694 mode,
c0a87c12
FG		 695 enc_key,
696 master_pubkey,
697 }
698 },
94328389 699 },
c0a87c12 700
94328389
FG		 701 // --keyfile and --crypt-mode other than none
702 (enc_key, master_pubkey) => {
c0a87c12
FG		 703 let master_pubkey = match master_pubkey {
704 None => key::read_optional_default_master_pubkey()?,
705 master_pubkey => master_pubkey,
706 };
c6a7ea0a 707
94328389 708 CryptoParams { mode, enc_key, master_pubkey }
beb07279 709 },
c0a87c12 710 },
94328389 711 };
96ee8577 712
94328389 713 Ok(res)
96ee8577
WB		 714}
715
5bb057e5 716#[test]
c6a7ea0a 717// WARNING: there must only be one test for crypto_parameters as the default key handling is not
5bb057e5 718// safe w.r.t. concurrency
c6a7ea0a 719fn test_crypto_parameters_handling() -> Result<(), Error> {
2f26b866
FG		 720 let some_key = vec![1;1];
721 let default_key = vec![2;1];
5bb057e5 722
2f26b866
FG		 723 let some_master_key = vec![3;1];
724 let default_master_key = vec![4;1];
725
15d2c778
FG		 726 let keypath = "./target/testout/keyfile.test";
727 let master_keypath = "./target/testout/masterkeyfile.test";
728 let invalid_keypath = "./target/testout/invalid_keyfile.test";
1a89a779 729
c0a87c12
FG		 730 let no_key_res = CryptoParams {
731 enc_key: None,
732 master_pubkey: None,
733 mode: CryptMode::None,
734 };
735 let some_key_res = CryptoParams {
2f26b866
FG		 736 enc_key: Some(KeyWithSource::from_path(
737 keypath.to_string(),
738 some_key.clone(),
739 )),
c0a87c12
FG		 740 master_pubkey: None,
741 mode: CryptMode::Encrypt,
742 };
1a89a779 743 let some_key_some_master_res = CryptoParams {
2f26b866
FG		 744 enc_key: Some(KeyWithSource::from_path(
745 keypath.to_string(),
746 some_key.clone(),
747 )),
748 master_pubkey: Some(KeyWithSource::from_path(
749 master_keypath.to_string(),
750 some_master_key.clone(),
751 )),
1a89a779
FG		 752 mode: CryptMode::Encrypt,
753 };
754 let some_key_default_master_res = CryptoParams {
2f26b866
FG		 755 enc_key: Some(KeyWithSource::from_path(
756 keypath.to_string(),
757 some_key.clone(),
758 )),
759 master_pubkey: Some(KeyWithSource::from_default(default_master_key.clone())),
1a89a779
FG		 760 mode: CryptMode::Encrypt,
761 };
762
c0a87c12 763 let some_key_sign_res = CryptoParams {
2f26b866
FG		 764 enc_key: Some(KeyWithSource::from_path(
765 keypath.to_string(),
766 some_key.clone(),
767 )),
c0a87c12
FG		 768 master_pubkey: None,
769 mode: CryptMode::SignOnly,
770 };
771 let default_key_res = CryptoParams {
2f26b866 772 enc_key: Some(KeyWithSource::from_default(default_key.clone())),
c0a87c12
FG		 773 master_pubkey: None,
774 mode: CryptMode::Encrypt,
775 };
776 let default_key_sign_res = CryptoParams {
2f26b866 777 enc_key: Some(KeyWithSource::from_default(default_key.clone())),
c0a87c12
FG		 778 master_pubkey: None,
779 mode: CryptMode::SignOnly,
780 };
5bb057e5 781
2f26b866
FG		 782 replace_file(&keypath, &some_key, CreateOptions::default())?;
783 replace_file(&master_keypath, &some_master_key, CreateOptions::default())?;
5bb057e5
FG		 784
785 // no params, no default key == no key
c6a7ea0a 786 let res = crypto_parameters(&json!({}));
5bb057e5
FG		 787 assert_eq!(res.unwrap(), no_key_res);
788
789 // keyfile param == key from keyfile
c6a7ea0a 790 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 791 assert_eq!(res.unwrap(), some_key_res);
792
793 // crypt mode none == no key
c6a7ea0a 794 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 795 assert_eq!(res.unwrap(), no_key_res);
796
797 // crypt mode encrypt/sign-only, no keyfile, no default key == Error
c6a7ea0a
FG		 798 assert!(crypto_parameters(&json!({"crypt-mode": "sign-only"})).is_err());
799 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 800
801 // crypt mode none with explicit key == Error
c6a7ea0a 802 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 803
804 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 805 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 806 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 807 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 808 assert_eq!(res.unwrap(), some_key_res);
809
810 // invalid keyfile parameter always errors
c6a7ea0a
FG		 811 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
812 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
813 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
814 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 815
816 // now set a default key
2f26b866 817 unsafe { key::set_test_encryption_key(Ok(Some(default_key.clone()))); }
5bb057e5
FG		 818
819 // and repeat
820
821 // no params but default key == default key
c6a7ea0a 822 let res = crypto_parameters(&json!({}));
5bb057e5
FG		 823 assert_eq!(res.unwrap(), default_key_res);
824
825 // keyfile param == key from keyfile
c6a7ea0a 826 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 827 assert_eq!(res.unwrap(), some_key_res);
828
829 // crypt mode none == no key
c6a7ea0a 830 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 831 assert_eq!(res.unwrap(), no_key_res);
832
833 // crypt mode encrypt/sign-only, no keyfile, default key == default key with correct mode
c6a7ea0a 834 let res = crypto_parameters(&json!({"crypt-mode": "sign-only"}));
5bb057e5 835 assert_eq!(res.unwrap(), default_key_sign_res);
c6a7ea0a 836 let res = crypto_parameters(&json!({"crypt-mode": "encrypt"}));
5bb057e5
FG		 837 assert_eq!(res.unwrap(), default_key_res);
838
839 // crypt mode none with explicit key == Error
c6a7ea0a 840 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 841
842 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 843 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 844 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 845 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 846 assert_eq!(res.unwrap(), some_key_res);
847
848 // invalid keyfile parameter always errors
c6a7ea0a
FG		 849 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
850 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
851 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
852 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 853
854 // now make default key retrieval error
855 unsafe { key::set_test_encryption_key(Err(format_err!("test error"))); }
856
857 // and repeat
858
859 // no params, default key retrieval errors == Error
c6a7ea0a 860 assert!(crypto_parameters(&json!({})).is_err());
5bb057e5
FG		 861
862 // keyfile param == key from keyfile
c6a7ea0a 863 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 864 assert_eq!(res.unwrap(), some_key_res);
865
866 // crypt mode none == no key
c6a7ea0a 867 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 868 assert_eq!(res.unwrap(), no_key_res);
869
870 // crypt mode encrypt/sign-only, no keyfile, default key error == Error
c6a7ea0a
FG		 871 assert!(crypto_parameters(&json!({"crypt-mode": "sign-only"})).is_err());
872 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 873
874 // crypt mode none with explicit key == Error
c6a7ea0a 875 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 876
877 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 878 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 879 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 880 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 881 assert_eq!(res.unwrap(), some_key_res);
882
883 // invalid keyfile parameter always errors
c6a7ea0a
FG		 884 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
885 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
886 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
887 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
1a89a779
FG		 888
889 // now remove default key again
890 unsafe { key::set_test_encryption_key(Ok(None)); }
891 // set a default master key
2f26b866 892 unsafe { key::set_test_default_master_pubkey(Ok(Some(default_master_key.clone()))); }
1a89a779
FG		 893
894 // and use an explicit master key
895 assert!(crypto_parameters(&json!({"master-pubkey-file": master_keypath})).is_err());
896 // just a default == no key
897 let res = crypto_parameters(&json!({}));
898 assert_eq!(res.unwrap(), no_key_res);
899
900 // keyfile param == key from keyfile
901 let res = crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": master_keypath}));
902 assert_eq!(res.unwrap(), some_key_some_master_res);
903 // same with fallback to default master key
904 let res = crypto_parameters(&json!({"keyfile": keypath}));
905 assert_eq!(res.unwrap(), some_key_default_master_res);
906
907 // crypt mode none == error
908 assert!(crypto_parameters(&json!({"crypt-mode": "none", "master-pubkey-file": master_keypath})).is_err());
909 // with just default master key == no key
910 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
911 assert_eq!(res.unwrap(), no_key_res);
912
913 // crypt mode encrypt without enc key == error
914 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt", "master-pubkey-file": master_keypath})).is_err());
915 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
916
917 // crypt mode none with explicit key == Error
918 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath, "master-pubkey-file": master_keypath})).is_err());
919 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
920
921 // crypt mode encrypt with keyfile == key from keyfile with correct mode
922 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath, "master-pubkey-file": master_keypath}));
923 assert_eq!(res.unwrap(), some_key_some_master_res);
924 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
925 assert_eq!(res.unwrap(), some_key_default_master_res);
926
927 // invalid master keyfile parameter always errors when a key is passed, even with a valid
928 // default master key
929 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath})).is_err());
930 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath,"crypt-mode": "none"})).is_err());
931 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath,"crypt-mode": "sign-only"})).is_err());
932 assert!(crypto_parameters(&json!({"keyfile": keypath, "master-pubkey-file": invalid_keypath,"crypt-mode": "encrypt"})).is_err());
933
5bb057e5
FG		 934 Ok(())
935}
936
a47a02ae
DM		 937#[api(
938 input: {
939 properties: {
940 backupspec: {
941 type: Array,
942 description: "List of backup source specifications ([<label.ext>:<path>] ...)",
943 items: {
944 schema: BACKUP_SOURCE_SCHEMA,
945 }
946 },
947 repository: {
948 schema: REPO_URL_SCHEMA,
949 optional: true,
950 },
951 "include-dev": {
952 description: "Include mountpoints with same st_dev number (see ``man fstat``) as specified files.",
953 optional: true,
954 items: {
955 type: String,
956 description: "Path to file.",
957 }
958 },
58fcbf5a
FE		 959 "all-file-systems": {
960 type: Boolean,
961 description: "Include all mounted subdirectories.",
962 optional: true,
963 },
a47a02ae
DM		 964 keyfile: {
965 schema: KEYFILE_SCHEMA,
966 optional: true,
967 },
0351f23b
WB		 968 "keyfd": {
969 schema: KEYFD_SCHEMA,
970 optional: true,
971 },
c0a87c12
FG		 972 "master-pubkey-file": {
973 schema: MASTER_PUBKEY_FILE_SCHEMA,
974 optional: true,
975 },
976 "master-pubkey-fd": {
977 schema: MASTER_PUBKEY_FD_SCHEMA,
978 optional: true,
979 },
24be37e3
WB		 980 "crypt-mode": {
981 type: CryptMode,
96ee8577
WB		 982 optional: true,
983 },
a47a02ae
DM		 984 "skip-lost-and-found": {
985 type: Boolean,
986 description: "Skip lost+found directory.",
987 optional: true,
988 },
989 "backup-type": {
990 schema: BACKUP_TYPE_SCHEMA,
991 optional: true,
992 },
993 "backup-id": {
994 schema: BACKUP_ID_SCHEMA,
995 optional: true,
996 },
997 "backup-time": {
998 schema: BACKUP_TIME_SCHEMA,
999 optional: true,
1000 },
1001 "chunk-size": {
1002 schema: CHUNK_SIZE_SCHEMA,
1003 optional: true,
1004 },
189996cf
CE		 1005 "exclude": {
1006 type: Array,
1007 description: "List of paths or patterns for matching files to exclude.",
1008 optional: true,
1009 items: {
1010 type: String,
1011 description: "Path or match pattern.",
1012 }
1013 },
6fc053ed
CE		 1014 "entries-max": {
1015 type: Integer,
1016 description: "Max number of entries to hold in memory.",
1017 optional: true,
c443f58b 1018 default: proxmox_backup::pxar::ENCODER_MAX_ENTRIES as isize,
6fc053ed 1019 },
e02c3d46
DM		 1020 "verbose": {
1021 type: Boolean,
1022 description: "Verbose output.",
1023 optional: true,
1024 },
a47a02ae
DM		 1025 }
1026 }
1027)]
1028/// Create (host) backup.
1029async fn create_backup(
6049b71f
DM		 1030 param: Value,
1031 _info: &ApiMethod,
dd5495d6 1032 _rpcenv: &mut dyn RpcEnvironment,
6049b71f 1033) -> Result<Value, Error> {
ff5d3707 1034
2665cef7 1035 let repo = extract_repository_from_value(&param)?;
ae0be2dd
DM		 1036
1037 let backupspec_list = tools::required_array_param(&param, "backupspec")?;
a914a774 1038
eed6db39
DM		 1039 let all_file_systems = param["all-file-systems"].as_bool().unwrap_or(false);
1040
5b72c9b4
DM		 1041 let skip_lost_and_found = param["skip-lost-and-found"].as_bool().unwrap_or(false);
1042
219ef0e6
DM		 1043 let verbose = param["verbose"].as_bool().unwrap_or(false);
1044
ca5d0b61
DM		 1045 let backup_time_opt = param["backup-time"].as_i64();
1046
36898ffc 1047 let chunk_size_opt = param["chunk-size"].as_u64().map(|v| (v*1024) as usize);
2d9d143a 1048
247cdbce
DM		 1049 if let Some(size) = chunk_size_opt {
1050 verify_chunk_size(size)?;
2d9d143a
DM		 1051 }
1052
c6a7ea0a 1053 let crypto = crypto_parameters(&param)?;
6d0983db 1054
f69adc81 1055 let backup_id = param["backup-id"].as_str().unwrap_or(&proxmox::tools::nodename());
fba30411 1056
bbf9e7e9 1057 let backup_type = param["backup-type"].as_str().unwrap_or("host");
ca5d0b61 1058
2eeaacb9
DM		 1059 let include_dev = param["include-dev"].as_array();
1060
c443f58b
WB		 1061 let entries_max = param["entries-max"].as_u64()
1062 .unwrap_or(proxmox_backup::pxar::ENCODER_MAX_ENTRIES as u64);
6fc053ed 1063
189996cf 1064 let empty = Vec::new();
c443f58b
WB		 1065 let exclude_args = param["exclude"].as_array().unwrap_or(&empty);
1066
239e49f9 1067 let mut pattern_list = Vec::with_capacity(exclude_args.len());
c443f58b
WB		 1068 for entry in exclude_args {
1069 let entry = entry.as_str().ok_or_else(|| format_err!("Invalid pattern string slice"))?;
239e49f9 1070 pattern_list.push(
c443f58b
WB		 1071 MatchEntry::parse_pattern(entry, PatternFlag::PATH_NAME, MatchType::Exclude)
1072 .map_err(|err| format_err!("invalid exclude pattern entry: {}", err))?
1073 );
189996cf
CE		 1074 }
1075
2eeaacb9
DM		 1076 let mut devices = if all_file_systems { None } else { Some(HashSet::new()) };
1077
1078 if let Some(include_dev) = include_dev {
1079 if all_file_systems {
1080 bail!("option 'all-file-systems' conflicts with option 'include-dev'");
1081 }
1082
1083 let mut set = HashSet::new();
1084 for path in include_dev {
1085 let path = path.as_str().unwrap();
1086 let stat = nix::sys::stat::stat(path)
1087 .map_err(|err| format_err!("fstat {:?} failed - {}", path, err))?;
1088 set.insert(stat.st_dev);
1089 }
1090 devices = Some(set);
1091 }
1092
ae0be2dd 1093 let mut upload_list = vec![];
f2b4b4b9 1094 let mut target_set = HashSet::new();
a914a774 1095
ae0be2dd 1096 for backupspec in backupspec_list {
7cc3473a
DM		 1097 let spec = parse_backup_specification(backupspec.as_str().unwrap())?;
1098 let filename = &spec.config_string;
1099 let target = &spec.archive_name;
bcd879cf 1100
f2b4b4b9
SI		 1101 if target_set.contains(target) {
1102 bail!("got target twice: '{}'", target);
1103 }
1104 target_set.insert(target.to_string());
1105
eb1804c5
DM		 1106 use std::os::unix::fs::FileTypeExt;
1107
3fa71727
CE		 1108 let metadata = std::fs::metadata(filename)
1109 .map_err(|err| format_err!("unable to access '{}' - {}", filename, err))?;
eb1804c5 1110 let file_type = metadata.file_type();
23bb8780 1111
7cc3473a
DM		 1112 match spec.spec_type {
1113 BackupSpecificationType::PXAR => {
ec8a9bb9
DM		 1114 if !file_type.is_dir() {
1115 bail!("got unexpected file type (expected directory)");
1116 }
7cc3473a 1117 upload_list.push((BackupSpecificationType::PXAR, filename.to_owned(), format!("{}.didx", target), 0));
ec8a9bb9 1118 }
7cc3473a 1119 BackupSpecificationType::IMAGE => {
ec8a9bb9
DM		 1120 if !(file_type.is_file() || file_type.is_block_device()) {
1121 bail!("got unexpected file type (expected file or block device)");
1122 }
eb1804c5 1123
e18a6c9e 1124 let size = image_size(&PathBuf::from(filename))?;
23bb8780 1125
ec8a9bb9 1126 if size == 0 { bail!("got zero-sized file '{}'", filename); }
ae0be2dd 1127
7cc3473a 1128 upload_list.push((BackupSpecificationType::IMAGE, filename.to_owned(), format!("{}.fidx", target), size));
ec8a9bb9 1129 }
7cc3473a 1130 BackupSpecificationType::CONFIG => {
ec8a9bb9
DM		 1131 if !file_type.is_file() {
1132 bail!("got unexpected file type (expected regular file)");
1133 }
7cc3473a 1134 upload_list.push((BackupSpecificationType::CONFIG, filename.to_owned(), format!("{}.blob", target), metadata.len()));
ec8a9bb9 1135 }
7cc3473a 1136 BackupSpecificationType::LOGFILE => {
79679c2d
DM		 1137 if !file_type.is_file() {
1138 bail!("got unexpected file type (expected regular file)");
1139 }
7cc3473a 1140 upload_list.push((BackupSpecificationType::LOGFILE, filename.to_owned(), format!("{}.blob", target), metadata.len()));
ec8a9bb9 1141 }
ae0be2dd
DM		 1142 }
1143 }
1144
22a9189e 1145 let backup_time = backup_time_opt.unwrap_or_else(epoch_i64);
ae0be2dd 1146
f3fde36b 1147 let client = connect(&repo)?;
d0a03d40
DM		 1148 record_repository(&repo);
1149
6a7be83e 1150 println!("Starting backup: {}/{}/{}", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time)?);
ca5d0b61 1151
f69adc81 1152 println!("Client name: {}", proxmox::tools::nodename());
ca5d0b61 1153
6a7be83e 1154 let start_time = std::time::Instant::now();
ca5d0b61 1155
6a7be83e 1156 println!("Starting backup protocol: {}", strftime_local("%c", epoch_i64())?);
51144821 1157
c6a7ea0a 1158 let (crypt_config, rsa_encrypted_key) = match crypto.enc_key {
bb823140 1159 None => (None, None),
2f26b866
FG		 1160 Some(key_with_source) => {
1161 println!(
1162 "{}",
1163 format_key_source(&key_with_source.source, "encryption")
1164 );
1165
1166 let (key, created, fingerprint) =
1167 decrypt_key(&key_with_source.key, &key::get_encryption_key_password)?;
6f2626ae 1168 println!("Encryption key fingerprint: {}", fingerprint);
bb823140 1169
44288184 1170 let crypt_config = CryptConfig::new(key)?;
bb823140 1171
c0a87c12 1172 match crypto.master_pubkey {
2f26b866
FG		 1173 Some(pem_with_source) => {
1174 println!("{}", format_key_source(&pem_with_source.source, "master"));
1175
1176 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_with_source.key)?;
82a103c8 1177
1c86893d 1178 let mut key_config = KeyConfig::without_password(key)?;
82a103c8 1179 key_config.created = created; // keep original value
82a103c8 1180
8acfd15d 1181 let enc_key = rsa_encrypt_key_config(rsa, &key_config)?;
6f2626ae 1182
05389a01 1183 (Some(Arc::new(crypt_config)), Some(enc_key))
2f26b866 1184 },
05389a01 1185 _ => (Some(Arc::new(crypt_config)), None),
bb823140 1186 }
6d0983db
DM		 1187 }
1188 };
f98ac774 1189
8a8a4703
DM		 1190 let client = BackupWriter::start(
1191 client,
b957aa81 1192 crypt_config.clone(),
8a8a4703
DM		 1193 repo.store(),
1194 backup_type,
1195 &backup_id,
1196 backup_time,
1197 verbose,
61d7b501 1198 false
8a8a4703
DM		 1199 ).await?;
1200
8b7f8d3f
FG		 1201 let download_previous_manifest = match client.previous_backup_time().await {
1202 Ok(Some(backup_time)) => {
1203 println!(
1204 "Downloading previous manifest ({})",
1205 strftime_local("%c", backup_time)?
1206 );
1207 true
1208 }
1209 Ok(None) => {
1210 println!("No previous manifest available.");
1211 false
1212 }
1213 Err(_) => {
1214 // Fallback for outdated server, TODO remove/bubble up with 2.0
1215 true
1216 }
1217 };
1218
1219 let previous_manifest = if download_previous_manifest {
1220 match client.download_previous_manifest().await {
1221 Ok(previous_manifest) => {
1222 match previous_manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref)) {
1223 Ok(()) => Some(Arc::new(previous_manifest)),
1224 Err(err) => {
1225 println!("Couldn't re-use previous manifest - {}", err);
1226 None
1227 }
1228 }
23f9503a 1229 }
8b7f8d3f
FG		 1230 Err(err) => {
1231 println!("Couldn't download previous manifest - {}", err);
1232 None
1233 }
1234 }
1235 } else {
1236 None
b957aa81
DM		 1237 };
1238
6a7be83e 1239 let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
8a8a4703
DM		 1240 let mut manifest = BackupManifest::new(snapshot);
1241
5d85847f 1242 let mut catalog = None;
6d233161 1243 let mut catalog_result_rx = None;
8a8a4703
DM		 1244
1245 for (backup_type, filename, target, size) in upload_list {
1246 match backup_type {
7cc3473a 1247 BackupSpecificationType::CONFIG => {
e43b9175
FG		 1248 let upload_options = UploadOptions {
1249 compress: true,
c6a7ea0a 1250 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1251 ..UploadOptions::default()
1252 };
1253
5b32820e 1254 println!("Upload config file '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1255 let stats = client
e43b9175 1256 .upload_blob_from_file(&filename, &target, upload_options)
8a8a4703 1257 .await?;
c6a7ea0a 1258 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703 1259 }
7cc3473a 1260 BackupSpecificationType::LOGFILE => { // fixme: remove - not needed anymore ?
e43b9175
FG		 1261 let upload_options = UploadOptions {
1262 compress: true,
c6a7ea0a 1263 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1264 ..UploadOptions::default()
1265 };
1266
5b32820e 1267 println!("Upload log file '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1268 let stats = client
e43b9175 1269 .upload_blob_from_file(&filename, &target, upload_options)
8a8a4703 1270 .await?;
c6a7ea0a 1271 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703 1272 }
7cc3473a 1273 BackupSpecificationType::PXAR => {
5d85847f
DC		 1274 // start catalog upload on first use
1275 if catalog.is_none() {
c6a7ea0a 1276 let catalog_upload_res = spawn_catalog_upload(client.clone(), crypto.mode == CryptMode::Encrypt)?;
6d233161
FG		 1277 catalog = Some(catalog_upload_res.catalog_writer);
1278 catalog_result_rx = Some(catalog_upload_res.result);
5d85847f
DC		 1279 }
1280 let catalog = catalog.as_ref().unwrap();
1281
5b32820e 1282 println!("Upload directory '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1283 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
77486a60
FG		 1284
1285 let pxar_options = proxmox_backup::pxar::PxarCreateOptions {
1286 device_set: devices.clone(),
1287 patterns: pattern_list.clone(),
1288 entries_max: entries_max as usize,
1289 skip_lost_and_found,
1290 verbose,
1291 };
1292
e43b9175
FG		 1293 let upload_options = UploadOptions {
1294 previous_manifest: previous_manifest.clone(),
1295 compress: true,
c6a7ea0a 1296 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1297 ..UploadOptions::default()
1298 };
1299
8a8a4703
DM		 1300 let stats = backup_directory(
1301 &client,
1302 &filename,
1303 &target,
1304 chunk_size_opt,
8a8a4703 1305 catalog.clone(),
77486a60 1306 pxar_options,
e43b9175 1307 upload_options,
8a8a4703 1308 ).await?;
c6a7ea0a 1309 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703
DM		 1310 catalog.lock().unwrap().end_directory()?;
1311 }
7cc3473a 1312 BackupSpecificationType::IMAGE => {
8a8a4703 1313 println!("Upload image '{}' to '{:?}' as {}", filename, repo, target);
e43b9175
FG		 1314
1315 let upload_options = UploadOptions {
1316 previous_manifest: previous_manifest.clone(),
1317 fixed_size: Some(size),
1318 compress: true,
c6a7ea0a 1319 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1320 };
1321
8a8a4703
DM		 1322 let stats = backup_image(
1323 &client,
e43b9175 1324 &filename,
8a8a4703 1325 &target,
8a8a4703 1326 chunk_size_opt,
e43b9175 1327 upload_options,
8a8a4703 1328 ).await?;
c6a7ea0a 1329 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
6af905c1
DM		 1330 }
1331 }
8a8a4703 1332 }
4818c8b6 1333
8a8a4703 1334 // finalize and upload catalog
5d85847f 1335 if let Some(catalog) = catalog {
8a8a4703
DM		 1336 let mutex = Arc::try_unwrap(catalog)
1337 .map_err(|_| format_err!("unable to get catalog (still used)"))?;
1338 let mut catalog = mutex.into_inner().unwrap();
bf6e3217 1339
8a8a4703 1340 catalog.finish()?;
2761d6a4 1341
8a8a4703 1342 drop(catalog); // close upload stream
2761d6a4 1343
6d233161 1344 if let Some(catalog_result_rx) = catalog_result_rx {
5d85847f 1345 let stats = catalog_result_rx.await??;
c6a7ea0a 1346 manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum, crypto.mode)?;
5d85847f 1347 }
8a8a4703 1348 }
2761d6a4 1349
8a8a4703 1350 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
9990af30 1351 let target = ENCRYPTED_KEY_BLOB_NAME;
8a8a4703 1352 println!("Upload RSA encoded key to '{:?}' as {}", repo, target);
e43b9175 1353 let options = UploadOptions { compress: false, encrypt: false, ..UploadOptions::default() };
8a8a4703 1354 let stats = client
e43b9175 1355 .upload_blob_from_data(rsa_encrypted_key, target, options)
8a8a4703 1356 .await?;
c6a7ea0a 1357 manifest.add_file(target.to_string(), stats.size, stats.csum, crypto.mode)?;
8a8a4703 1358
8a8a4703 1359 }
8a8a4703 1360 // create manifest (index.json)
3638341a 1361 // manifests are never encrypted, but include a signature
dfa517ad 1362 let manifest = manifest.to_string(crypt_config.as_ref().map(Arc::as_ref))
b53f6379 1363 .map_err(|err| format_err!("unable to format manifest - {}", err))?;
3638341a 1364
b53f6379 1365
9688f6de 1366 if verbose { println!("Upload index.json to '{}'", repo) };
e43b9175 1367 let options = UploadOptions { compress: true, encrypt: false, ..UploadOptions::default() };
8a8a4703 1368 client
e43b9175 1369 .upload_blob_from_data(manifest.into_bytes(), MANIFEST_BLOB_NAME, options)
8a8a4703 1370 .await?;
2c3891d1 1371
8a8a4703 1372 client.finish().await?;
c4ff3dce 1373
6a7be83e
DM		 1374 let end_time = std::time::Instant::now();
1375 let elapsed = end_time.duration_since(start_time);
1376 println!("Duration: {:.2}s", elapsed.as_secs_f64());
3ec3ec3f 1377
6a7be83e 1378 println!("End Time: {}", strftime_local("%c", epoch_i64())?);
3d5c11e5 1379
8a8a4703 1380 Ok(Value::Null)
f98ea63d
DM		 1381}
1382
8e6e18b7 1383async fn dump_image<W: Write>(
88892ea8
DM		 1384 client: Arc<BackupReader>,
1385 crypt_config: Option<Arc<CryptConfig>>,
14f6c9cb 1386 crypt_mode: CryptMode,
88892ea8
DM		 1387 index: FixedIndexReader,
1388 mut writer: W,
fd04ca7a 1389 verbose: bool,
88892ea8
DM		 1390) -> Result<(), Error> {
1391
1392 let most_used = index.find_most_used_chunks(8);
1393
14f6c9cb 1394 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, crypt_mode, most_used);
88892ea8
DM		 1395
1396 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
1397 // and thus slows down reading. Instead, directly use RemoteChunkReader
fd04ca7a
DM		 1398 let mut per = 0;
1399 let mut bytes = 0;
1400 let start_time = std::time::Instant::now();
1401
88892ea8
DM		 1402 for pos in 0..index.index_count() {
1403 let digest = index.index_digest(pos).unwrap();
8e6e18b7 1404 let raw_data = chunk_reader.read_chunk(&digest).await?;
88892ea8 1405 writer.write_all(&raw_data)?;
fd04ca7a
DM		 1406 bytes += raw_data.len();
1407 if verbose {
1408 let next_per = ((pos+1)*100)/index.index_count();
1409 if per != next_per {
1410 eprintln!("progress {}% (read {} bytes, duration {} sec)",
1411 next_per, bytes, start_time.elapsed().as_secs());
1412 per = next_per;
1413 }
1414 }
88892ea8
DM		 1415 }
1416
fd04ca7a
DM		 1417 let end_time = std::time::Instant::now();
1418 let elapsed = end_time.duration_since(start_time);
1419 eprintln!("restore image complete (bytes={}, duration={:.2}s, speed={:.2}MB/s)",
1420 bytes,
1421 elapsed.as_secs_f64(),
1422 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
1423 );
1424
1425
88892ea8
DM		 1426 Ok(())
1427}
1428
dc155e9b 1429fn parse_archive_type(name: &str) -> (String, ArchiveType) {
2d32fe2c
TL		 1430 if name.ends_with(".didx") || name.ends_with(".fidx") || name.ends_with(".blob") {
1431 (name.into(), archive_type(name).unwrap())
1432 } else if name.ends_with(".pxar") {
dc155e9b
TL		 1433 (format!("{}.didx", name), ArchiveType::DynamicIndex)
1434 } else if name.ends_with(".img") {
1435 (format!("{}.fidx", name), ArchiveType::FixedIndex)
1436 } else {
1437 (format!("{}.blob", name), ArchiveType::Blob)
1438 }
1439}
1440
a47a02ae
DM		 1441#[api(
1442 input: {
1443 properties: {
1444 repository: {
1445 schema: REPO_URL_SCHEMA,
1446 optional: true,
1447 },
1448 snapshot: {
1449 type: String,
1450 description: "Group/Snapshot path.",
1451 },
1452 "archive-name": {
1453 description: "Backup archive name.",
1454 type: String,
1455 },
1456 target: {
1457 type: String,
90c815bf 1458 description: r###"Target directory path. Use '-' to write to standard output.
8a8a4703 1459
d1d74c43 1460We do not extract '.pxar' archives when writing to standard output.
8a8a4703 1461
a47a02ae
DM		 1462"###
1463 },
1464 "allow-existing-dirs": {
1465 type: Boolean,
1466 description: "Do not fail if directories already exists.",
1467 optional: true,
1468 },
1469 keyfile: {
1470 schema: KEYFILE_SCHEMA,
1471 optional: true,
1472 },
0351f23b
WB		 1473 "keyfd": {
1474 schema: KEYFD_SCHEMA,
1475 optional: true,
1476 },
24be37e3
WB		 1477 "crypt-mode": {
1478 type: CryptMode,
96ee8577
WB		 1479 optional: true,
1480 },
a47a02ae
DM		 1481 }
1482 }
1483)]
1484/// Restore backup repository.
1485async fn restore(param: Value) -> Result<Value, Error> {
2665cef7 1486 let repo = extract_repository_from_value(&param)?;
9f912493 1487
86eda3eb
DM		 1488 let verbose = param["verbose"].as_bool().unwrap_or(false);
1489
46d5aa0a
DM		 1490 let allow_existing_dirs = param["allow-existing-dirs"].as_bool().unwrap_or(false);
1491
d5c34d98
DM		 1492 let archive_name = tools::required_string_param(&param, "archive-name")?;
1493
f3fde36b 1494 let client = connect(&repo)?;
d0a03d40 1495
d0a03d40 1496 record_repository(&repo);
d5c34d98 1497
9f912493 1498 let path = tools::required_string_param(&param, "snapshot")?;
9f912493 1499
86eda3eb 1500 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
d6d3b353 1501 let group: BackupGroup = path.parse()?;
27c9affb 1502 api_datastore_latest_snapshot(&client, repo.store(), group).await?
d5c34d98 1503 } else {
a67f7d0a 1504 let snapshot: BackupDir = path.parse()?;
86eda3eb
DM		 1505 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1506 };
9f912493 1507
d5c34d98 1508 let target = tools::required_string_param(&param, "target")?;
bf125261 1509 let target = if target == "-" { None } else { Some(target) };
2ae7d196 1510
c6a7ea0a 1511 let crypto = crypto_parameters(&param)?;
2ae7d196 1512
c6a7ea0a 1513 let crypt_config = match crypto.enc_key {
86eda3eb 1514 None => None,
2f26b866
FG		 1515 Some(ref key) => {
1516 let (key, _, _) =
1517 decrypt_key(&key.key, &key::get_encryption_key_password).map_err(|err| {
1518 eprintln!("{}", format_key_source(&key.source, "encryption"));
1519 err
1520 })?;
86eda3eb
DM		 1521 Some(Arc::new(CryptConfig::new(key)?))
1522 }
1523 };
d5c34d98 1524
296c50ba
DM		 1525 let client = BackupReader::start(
1526 client,
1527 crypt_config.clone(),
1528 repo.store(),
1529 &backup_type,
1530 &backup_id,
1531 backup_time,
1532 true,
1533 ).await?;
86eda3eb 1534
48fbbfeb
FG		 1535 let (archive_name, archive_type) = parse_archive_type(archive_name);
1536
2107a5ae 1537 let (manifest, backup_index_data) = client.download_manifest().await?;
02fcf372 1538
48fbbfeb
FG		 1539 if archive_name == ENCRYPTED_KEY_BLOB_NAME && crypt_config.is_none() {
1540 eprintln!("Restoring encrypted key blob without original key - skipping manifest fingerprint check!")
1541 } else {
2f26b866
FG		 1542 if manifest.signature.is_some() {
1543 if let Some(key) = &crypto.enc_key {
1544 eprintln!("{}", format_key_source(&key.source, "encryption"));
1545 }
1546 if let Some(config) = &crypt_config {
1547 eprintln!("Fingerprint: {}", config.fingerprint());
1548 }
1549 }
48fbbfeb
FG		 1550 manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
1551 }
dc155e9b
TL		 1552
1553 if archive_name == MANIFEST_BLOB_NAME {
02fcf372 1554 if let Some(target) = target {
2107a5ae 1555 replace_file(target, &backup_index_data, CreateOptions::new())?;
02fcf372
DM		 1556 } else {
1557 let stdout = std::io::stdout();
1558 let mut writer = stdout.lock();
2107a5ae 1559 writer.write_all(&backup_index_data)
02fcf372
DM		 1560 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1561 }
1562
14f6c9cb
FG		 1563 return Ok(Value::Null);
1564 }
1565
1566 let file_info = manifest.lookup_file_info(&archive_name)?;
1567
1568 if archive_type == ArchiveType::Blob {
d2267b11 1569
dc155e9b 1570 let mut reader = client.download_blob(&manifest, &archive_name).await?;
f8100e96 1571
bf125261 1572 if let Some(target) = target {
0d986280
DM		 1573 let mut writer = std::fs::OpenOptions::new()
1574 .write(true)
1575 .create(true)
1576 .create_new(true)
1577 .open(target)
1578 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?;
1579 std::io::copy(&mut reader, &mut writer)?;
bf125261
DM		 1580 } else {
1581 let stdout = std::io::stdout();
1582 let mut writer = stdout.lock();
0d986280 1583 std::io::copy(&mut reader, &mut writer)
bf125261
DM		 1584 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1585 }
f8100e96 1586
dc155e9b 1587 } else if archive_type == ArchiveType::DynamicIndex {
86eda3eb 1588
dc155e9b 1589 let index = client.download_dynamic_index(&manifest, &archive_name).await?;
df65bd3d 1590
f4bf7dfc
DM		 1591 let most_used = index.find_most_used_chunks(8);
1592
14f6c9cb 1593 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
f4bf7dfc 1594
afb4cd28 1595 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
86eda3eb 1596
72064fd0
FG		 1597 let options = proxmox_backup::pxar::PxarExtractOptions {
1598 match_list: &[],
1599 extract_match_default: true,
1600 allow_existing_dirs,
1601 on_error: None,
1602 };
1603
bf125261 1604 if let Some(target) = target {
c443f58b
WB		 1605 proxmox_backup::pxar::extract_archive(
1606 pxar::decoder::Decoder::from_std(reader)?,
1607 Path::new(target),
5444fa94 1608 proxmox_backup::pxar::Flags::DEFAULT,
c443f58b
WB		 1609 |path| {
1610 if verbose {
1611 println!("{:?}", path);
1612 }
1613 },
72064fd0 1614 options,
c443f58b
WB		 1615 )
1616 .map_err(|err| format_err!("error extracting archive - {}", err))?;
bf125261 1617 } else {
88892ea8
DM		 1618 let mut writer = std::fs::OpenOptions::new()
1619 .write(true)
1620 .open("/dev/stdout")
1621 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?;
afb4cd28 1622
bf125261
DM		 1623 std::io::copy(&mut reader, &mut writer)
1624 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1625 }
dc155e9b 1626 } else if archive_type == ArchiveType::FixedIndex {
afb4cd28 1627
dc155e9b 1628 let index = client.download_fixed_index(&manifest, &archive_name).await?;
df65bd3d 1629
88892ea8
DM		 1630 let mut writer = if let Some(target) = target {
1631 std::fs::OpenOptions::new()
bf125261
DM		 1632 .write(true)
1633 .create(true)
1634 .create_new(true)
1635 .open(target)
88892ea8 1636 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?
bf125261 1637 } else {
88892ea8
DM		 1638 std::fs::OpenOptions::new()
1639 .write(true)
1640 .open("/dev/stdout")
1641 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?
1642 };
afb4cd28 1643
14f6c9cb 1644 dump_image(client.clone(), crypt_config.clone(), file_info.chunk_crypt_mode(), index, &mut writer, verbose).await?;
3031e44c 1645 }
fef44d4f
DM		 1646
1647 Ok(Value::Null)
45db6f89
DM		 1648}
1649
032d3ad8
DM		 1650const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
1651 &ApiHandler::Async(&prune),
1652 &ObjectSchema::new(
1653 "Prune a backup repository.",
1654 &proxmox_backup::add_common_prune_prameters!([
1655 ("dry-run", true, &BooleanSchema::new(
1656 "Just show what prune would do, but do not delete anything.")
1657 .schema()),
1658 ("group", false, &StringSchema::new("Backup group.").schema()),
1659 ], [
1660 ("output-format", true, &OUTPUT_FORMAT),
c48aa39f
DM		 1661 (
1662 "quiet",
1663 true,
1664 &BooleanSchema::new("Minimal output - only show removals.")
1665 .schema()
1666 ),
032d3ad8
DM		 1667 ("repository", true, &REPO_URL_SCHEMA),
1668 ])
1669 )
1670);
1671
1672fn prune<'a>(
1673 param: Value,
1674 _info: &ApiMethod,
1675 _rpcenv: &'a mut dyn RpcEnvironment,
1676) -> proxmox::api::ApiFuture<'a> {
1677 async move {
1678 prune_async(param).await
1679 }.boxed()
1680}
83b7db02 1681
032d3ad8 1682async fn prune_async(mut param: Value) -> Result<Value, Error> {
2665cef7 1683 let repo = extract_repository_from_value(&param)?;
83b7db02 1684
f3fde36b 1685 let mut client = connect(&repo)?;
83b7db02 1686
d0a03d40 1687 let path = format!("api2/json/admin/datastore/{}/prune", repo.store());
83b7db02 1688
9fdc3ef4 1689 let group = tools::required_string_param(&param, "group")?;
d6d3b353 1690 let group: BackupGroup = group.parse()?;
c2043614
DM		 1691
1692 let output_format = get_output_format(&param);
9fdc3ef4 1693
c48aa39f
DM		 1694 let quiet = param["quiet"].as_bool().unwrap_or(false);
1695
ea7a7ef2
DM		 1696 param.as_object_mut().unwrap().remove("repository");
1697 param.as_object_mut().unwrap().remove("group");
163e9bbe 1698 param.as_object_mut().unwrap().remove("output-format");
c48aa39f 1699 param.as_object_mut().unwrap().remove("quiet");
ea7a7ef2
DM		 1700
1701 param["backup-type"] = group.backup_type().into();
1702 param["backup-id"] = group.backup_id().into();
83b7db02 1703
db1e061d 1704 let mut result = client.post(&path, Some(param)).await?;
74fa81b8 1705
87c42375 1706 record_repository(&repo);
3b03abfe 1707
db1e061d
DM		 1708 let render_snapshot_path = |_v: &Value, record: &Value| -> Result<String, Error> {
1709 let item: PruneListItem = serde_json::from_value(record.to_owned())?;
e0e5b442 1710 let snapshot = BackupDir::new(item.backup_type, item.backup_id, item.backup_time)?;
db1e061d
DM		 1711 Ok(snapshot.relative_path().to_str().unwrap().to_owned())
1712 };
1713
c48aa39f
DM		 1714 let render_prune_action = |v: &Value, _record: &Value| -> Result<String, Error> {
1715 Ok(match v.as_bool() {
1716 Some(true) => "keep",
1717 Some(false) => "remove",
1718 None => "unknown",
1719 }.to_string())
1720 };
1721
db1e061d
DM		 1722 let options = default_table_format_options()
1723 .sortby("backup-type", false)
1724 .sortby("backup-id", false)
1725 .sortby("backup-time", false)
1726 .column(ColumnConfig::new("backup-id").renderer(render_snapshot_path).header("snapshot"))
74f7240b 1727 .column(ColumnConfig::new("backup-time").renderer(tools::format::render_epoch).header("date"))
c48aa39f 1728 .column(ColumnConfig::new("keep").renderer(render_prune_action).header("action"))
db1e061d
DM		 1729 ;
1730
b2362a12 1731 let return_type = &proxmox_backup::api2::admin::datastore::API_METHOD_PRUNE.returns;
db1e061d
DM		 1732
1733 let mut data = result["data"].take();
1734
c48aa39f
DM		 1735 if quiet {
1736 let list: Vec<Value> = data.as_array().unwrap().iter().filter(|item| {
1737 item["keep"].as_bool() == Some(false)
a375df6f 1738 }).cloned().collect();
c48aa39f
DM		 1739 data = list.into();
1740 }
1741
b2362a12 1742 format_and_print_result_full(&mut data, return_type, &output_format, &options);
d0a03d40 1743
43a406fd 1744 Ok(Value::Null)
83b7db02
DM		 1745}
1746
a47a02ae
DM		 1747#[api(
1748 input: {
1749 properties: {
1750 repository: {
1751 schema: REPO_URL_SCHEMA,
1752 optional: true,
1753 },
1754 "output-format": {
1755 schema: OUTPUT_FORMAT,
1756 optional: true,
1757 },
1758 }
f9beae9c
TL		 1759 },
1760 returns: {
1761 type: StorageStatus,
1762 },
a47a02ae
DM		 1763)]
1764/// Get repository status.
1765async fn status(param: Value) -> Result<Value, Error> {
34a816cc
DM		 1766
1767 let repo = extract_repository_from_value(&param)?;
1768
c2043614 1769 let output_format = get_output_format(&param);
34a816cc 1770
f3fde36b 1771 let client = connect(&repo)?;
34a816cc
DM		 1772
1773 let path = format!("api2/json/admin/datastore/{}/status", repo.store());
1774
1dc117bb 1775 let mut result = client.get(&path, None).await?;
14e08625 1776 let mut data = result["data"].take();
34a816cc
DM		 1777
1778 record_repository(&repo);
1779
390c5bdd
DM		 1780 let render_total_percentage = |v: &Value, record: &Value| -> Result<String, Error> {
1781 let v = v.as_u64().unwrap();
1782 let total = record["total"].as_u64().unwrap();
1783 let roundup = total/200;
1784 let per = ((v+roundup)*100)/total;
e23f5863
DM		 1785 let info = format!(" ({} %)", per);
1786 Ok(format!("{} {:>8}", v, info))
390c5bdd 1787 };
1dc117bb 1788
c2043614 1789 let options = default_table_format_options()
be2425ff 1790 .noheader(true)
e23f5863 1791 .column(ColumnConfig::new("total").renderer(render_total_percentage))
390c5bdd
DM		 1792 .column(ColumnConfig::new("used").renderer(render_total_percentage))
1793 .column(ColumnConfig::new("avail").renderer(render_total_percentage));
34a816cc 1794
b2362a12 1795 let return_type = &API_METHOD_STATUS.returns;
390c5bdd 1796
b2362a12 1797 format_and_print_result_full(&mut data, return_type, &output_format, &options);
34a816cc
DM		 1798
1799 Ok(Value::Null)
1800}
1801
c443f58b
WB		 1802use proxmox_backup::client::RemoteChunkReader;
1803/// This is a workaround until we have cleaned up the chunk/reader/... infrastructure for better
1804/// async use!
1805///
1806/// Ideally BufferedDynamicReader gets replaced so the LruCache maps to `BroadcastFuture<Chunk>`,
1807/// so that we can properly access it from multiple threads simultaneously while not issuing
1808/// duplicate simultaneous reads over http.
43abba4b 1809pub struct BufferedDynamicReadAt {
c443f58b
WB		 1810 inner: Mutex<BufferedDynamicReader<RemoteChunkReader>>,
1811}
1812
1813impl BufferedDynamicReadAt {
1814 fn new(inner: BufferedDynamicReader<RemoteChunkReader>) -> Self {
1815 Self {
1816 inner: Mutex::new(inner),
1817 }
1818 }
1819}
1820
a6f87283
WB		 1821impl ReadAt for BufferedDynamicReadAt {
1822 fn start_read_at<'a>(
1823 self: Pin<&'a Self>,
c443f58b 1824 _cx: &mut Context,
a6f87283 1825 buf: &'a mut [u8],
c443f58b 1826 offset: u64,
a6f87283 1827 ) -> MaybeReady<io::Result<usize>, ReadAtOperation<'a>> {
a6f87283 1828 MaybeReady::Ready(tokio::task::block_in_place(move || {
c443f58b
WB		 1829 let mut reader = self.inner.lock().unwrap();
1830 reader.seek(SeekFrom::Start(offset))?;
a6f87283
WB		 1831 Ok(reader.read(buf)?)
1832 }))
1833 }
1834
1835 fn poll_complete<'a>(
1836 self: Pin<&'a Self>,
1837 _op: ReadAtOperation<'a>,
1838 ) -> MaybeReady<io::Result<usize>, ReadAtOperation<'a>> {
1839 panic!("LocalDynamicReadAt::start_read_at returned Pending");
c443f58b
WB		 1840 }
1841}
1842
f2401311 1843fn main() {
33d64b81 1844
255f378a 1845 let backup_cmd_def = CliCommand::new(&API_METHOD_CREATE_BACKUP)
49fddd98 1846 .arg_param(&["backupspec"])
d0a03d40 1847 .completion_cb("repository", complete_repository)
49811347 1848 .completion_cb("backupspec", complete_backup_source)
6d0983db 1849 .completion_cb("keyfile", tools::complete_file_name)
c0a87c12 1850 .completion_cb("master-pubkey-file", tools::complete_file_name)
49811347 1851 .completion_cb("chunk-size", complete_chunk_size);
f8838fe9 1852
caea8d61
DM		 1853 let benchmark_cmd_def = CliCommand::new(&API_METHOD_BENCHMARK)
1854 .completion_cb("repository", complete_repository)
1855 .completion_cb("keyfile", tools::complete_file_name);
1856
255f378a 1857 let list_cmd_def = CliCommand::new(&API_METHOD_LIST_BACKUP_GROUPS)
d0a03d40 1858 .completion_cb("repository", complete_repository);
41c039e1 1859
255f378a 1860 let garbage_collect_cmd_def = CliCommand::new(&API_METHOD_START_GARBAGE_COLLECTION)
d0a03d40 1861 .completion_cb("repository", complete_repository);
8cc0d6af 1862
255f378a 1863 let restore_cmd_def = CliCommand::new(&API_METHOD_RESTORE)
49fddd98 1864 .arg_param(&["snapshot", "archive-name", "target"])
b2388518 1865 .completion_cb("repository", complete_repository)
08dc340a
DM		 1866 .completion_cb("snapshot", complete_group_or_snapshot)
1867 .completion_cb("archive-name", complete_archive_name)
1868 .completion_cb("target", tools::complete_file_name);
9f912493 1869
255f378a 1870 let prune_cmd_def = CliCommand::new(&API_METHOD_PRUNE)
49fddd98 1871 .arg_param(&["group"])
9fdc3ef4 1872 .completion_cb("group", complete_backup_group)
d0a03d40 1873 .completion_cb("repository", complete_repository);
9f912493 1874
255f378a 1875 let status_cmd_def = CliCommand::new(&API_METHOD_STATUS)
34a816cc
DM		 1876 .completion_cb("repository", complete_repository);
1877
255f378a 1878 let login_cmd_def = CliCommand::new(&API_METHOD_API_LOGIN)
e240d8be
DM		 1879 .completion_cb("repository", complete_repository);
1880
255f378a 1881 let logout_cmd_def = CliCommand::new(&API_METHOD_API_LOGOUT)
e240d8be 1882 .completion_cb("repository", complete_repository);
32efac1c 1883
e39974af
TL		 1884 let version_cmd_def = CliCommand::new(&API_METHOD_API_VERSION)
1885 .completion_cb("repository", complete_repository);
1886
344add38
DW		 1887 let change_owner_cmd_def = CliCommand::new(&API_METHOD_CHANGE_BACKUP_OWNER)
1888 .arg_param(&["group", "new-owner"])
1889 .completion_cb("group", complete_backup_group)
0224c3c2 1890 .completion_cb("new-owner", complete_auth_id)
344add38
DW		 1891 .completion_cb("repository", complete_repository);
1892
41c039e1 1893 let cmd_def = CliCommandMap::new()
48ef3c33 1894 .insert("backup", backup_cmd_def)
48ef3c33
DM		 1895 .insert("garbage-collect", garbage_collect_cmd_def)
1896 .insert("list", list_cmd_def)
1897 .insert("login", login_cmd_def)
1898 .insert("logout", logout_cmd_def)
1899 .insert("prune", prune_cmd_def)
1900 .insert("restore", restore_cmd_def)
a65e3e4b 1901 .insert("snapshot", snapshot_mgtm_cli())
48ef3c33 1902 .insert("status", status_cmd_def)
9696f519 1903 .insert("key", key::cli())
43abba4b 1904 .insert("mount", mount_cmd_def())
45f9b32e
SR		 1905 .insert("map", map_cmd_def())
1906 .insert("unmap", unmap_cmd_def())
5830c205 1907 .insert("catalog", catalog_mgmt_cli())
caea8d61 1908 .insert("task", task_mgmt_cli())
e39974af 1909 .insert("version", version_cmd_def)
344add38 1910 .insert("benchmark", benchmark_cmd_def)
731eeef2
DM		 1911 .insert("change-owner", change_owner_cmd_def)
1912
61205f00 1913 .alias(&["files"], &["snapshot", "files"])
edebd523 1914 .alias(&["forget"], &["snapshot", "forget"])
0c9209b0 1915 .alias(&["upload-log"], &["snapshot", "upload-log"])
731eeef2
DM		 1916 .alias(&["snapshots"], &["snapshot", "list"])
1917 ;
48ef3c33 1918
7b22acd0
DM		 1919 let rpcenv = CliEnvironment::new();
1920 run_cli_command(cmd_def, rpcenv, Some(|future| {
d08bc483
DM		 1921 proxmox_backup::tools::runtime::main(future)
1922 }));
ff5d3707 1923}
Proxmox Backup Server and Client