]> git.proxmox.com Git - proxmox-backup.git/blame - src/bin/proxmox-backup-client.rs
projects / proxmox-backup.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
client: refactor keyfile_parameters
[proxmox-backup.git] / src / bin / proxmox-backup-client.rs
CommitLineData
2eeaacb9 1use std::collections::{HashSet, HashMap};
0351f23b
WB		 2use std::convert::TryFrom;
3use std::io::{self, Read, Write, Seek, SeekFrom};
4use std::os::unix::io::{FromRawFd, RawFd};
c443f58b
WB		 5use std::path::{Path, PathBuf};
6use std::pin::Pin;
7use std::sync::{Arc, Mutex};
a6f87283 8use std::task::Context;
c443f58b
WB		 9
10use anyhow::{bail, format_err, Error};
c443f58b 11use futures::future::FutureExt;
c443f58b 12use futures::stream::{StreamExt, TryStreamExt};
c443f58b 13use serde_json::{json, Value};
c443f58b 14use tokio::sync::mpsc;
7c667013 15use tokio_stream::wrappers::ReceiverStream;
c443f58b 16use xdg::BaseDirectories;
2761d6a4 17
c443f58b 18use pathpatterns::{MatchEntry, MatchType, PatternFlag};
6a7be83e
DM		 19use proxmox::{
20 tools::{
21 time::{strftime_local, epoch_i64},
22 fs::{file_get_contents, file_get_json, replace_file, CreateOptions, image_size},
23 },
24 api::{
25 api,
26 ApiHandler,
27 ApiMethod,
28 RpcEnvironment,
29 schema::*,
30 cli::*,
31 },
32};
a6f87283 33use pxar::accessor::{MaybeReady, ReadAt, ReadAtOperation};
ff5d3707 34
fe0e04c6 35use proxmox_backup::tools;
0224c3c2 36use proxmox_backup::api2::access::user::UserWithTokens;
bbf9e7e9 37use proxmox_backup::api2::types::*;
e39974af 38use proxmox_backup::api2::version;
151c6ce2 39use proxmox_backup::client::*;
c443f58b 40use proxmox_backup::pxar::catalog::*;
4d16badf
WB		 41use proxmox_backup::backup::{
42 archive_type,
0351f23b 43 decrypt_key,
8acfd15d 44 rsa_encrypt_key_config,
4d16badf
WB		 45 verify_chunk_size,
46 ArchiveType,
8e6e18b7 47 AsyncReadChunk,
4d16badf
WB		 48 BackupDir,
49 BackupGroup,
50 BackupManifest,
51 BufferedDynamicReader,
f28d9088 52 CATALOG_NAME,
4d16badf
WB		 53 CatalogReader,
54 CatalogWriter,
4d16badf
WB		 55 ChunkStream,
56 CryptConfig,
f28d9088 57 CryptMode,
4d16badf 58 DynamicIndexReader,
9990af30 59 ENCRYPTED_KEY_BLOB_NAME,
4d16badf
WB		 60 FixedChunkStream,
61 FixedIndexReader,
8acfd15d 62 KeyConfig,
4d16badf 63 IndexFile,
4d16badf 64 MANIFEST_BLOB_NAME,
4d16badf
WB		 65 Shell,
66};
ae0be2dd 67
caea8d61
DM		 68mod proxmox_backup_client;
69use proxmox_backup_client::*;
70
a05c0c6f 71const ENV_VAR_PBS_FINGERPRINT: &str = "PBS_FINGERPRINT";
d1c65727 72const ENV_VAR_PBS_PASSWORD: &str = "PBS_PASSWORD";
a05c0c6f 73
33d64b81 74
caea8d61 75pub const REPO_URL_SCHEMA: Schema = StringSchema::new("Repository URL.")
255f378a
DM		 76 .format(&BACKUP_REPO_URL)
77 .max_length(256)
78 .schema();
d0a03d40 79
caea8d61 80pub const KEYFILE_SCHEMA: Schema = StringSchema::new(
a47a02ae
DM		 81 "Path to encryption key. All data will be encrypted using this key.")
82 .schema();
83
0351f23b
WB		 84pub const KEYFD_SCHEMA: Schema = IntegerSchema::new(
85 "Pass an encryption key via an already opened file descriptor.")
86 .minimum(0)
87 .schema();
88
a47a02ae
DM		 89const CHUNK_SIZE_SCHEMA: Schema = IntegerSchema::new(
90 "Chunk size in KB. Must be a power of 2.")
91 .minimum(64)
92 .maximum(4096)
93 .default(4096)
94 .schema();
95
2665cef7
DM		 96fn get_default_repository() -> Option<String> {
97 std::env::var("PBS_REPOSITORY").ok()
98}
99
caea8d61 100pub fn extract_repository_from_value(
2665cef7
DM		 101 param: &Value,
102) -> Result<BackupRepository, Error> {
103
104 let repo_url = param["repository"]
105 .as_str()
106 .map(String::from)
107 .or_else(get_default_repository)
108 .ok_or_else(|| format_err!("unable to get (default) repository"))?;
109
110 let repo: BackupRepository = repo_url.parse()?;
111
112 Ok(repo)
113}
114
115fn extract_repository_from_map(
116 param: &HashMap<String, String>,
117) -> Option<BackupRepository> {
118
119 param.get("repository")
120 .map(String::from)
121 .or_else(get_default_repository)
122 .and_then(|repo_url| repo_url.parse::<BackupRepository>().ok())
123}
124
d0a03d40
DM		 125fn record_repository(repo: &BackupRepository) {
126
127 let base = match BaseDirectories::with_prefix("proxmox-backup") {
128 Ok(v) => v,
129 _ => return,
130 };
131
132 // usually $HOME/.cache/proxmox-backup/repo-list
133 let path = match base.place_cache_file("repo-list") {
134 Ok(v) => v,
135 _ => return,
136 };
137
11377a47 138 let mut data = file_get_json(&path, None).unwrap_or_else(|_| json!({}));
d0a03d40
DM		 139
140 let repo = repo.to_string();
141
142 data[&repo] = json!{ data[&repo].as_i64().unwrap_or(0) + 1 };
143
144 let mut map = serde_json::map::Map::new();
145
146 loop {
147 let mut max_used = 0;
148 let mut max_repo = None;
149 for (repo, count) in data.as_object().unwrap() {
150 if map.contains_key(repo) { continue; }
151 if let Some(count) = count.as_i64() {
152 if count > max_used {
153 max_used = count;
154 max_repo = Some(repo);
155 }
156 }
157 }
158 if let Some(repo) = max_repo {
159 map.insert(repo.to_owned(), json!(max_used));
160 } else {
161 break;
162 }
163 if map.len() > 10 { // store max. 10 repos
164 break;
165 }
166 }
167
168 let new_data = json!(map);
169
feaa1ad3 170 let _ = replace_file(path, new_data.to_string().as_bytes(), CreateOptions::new());
d0a03d40
DM		 171}
172
43abba4b 173pub fn complete_repository(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
d0a03d40
DM		 174
175 let mut result = vec![];
176
177 let base = match BaseDirectories::with_prefix("proxmox-backup") {
178 Ok(v) => v,
179 _ => return result,
180 };
181
182 // usually $HOME/.cache/proxmox-backup/repo-list
183 let path = match base.place_cache_file("repo-list") {
184 Ok(v) => v,
185 _ => return result,
186 };
187
11377a47 188 let data = file_get_json(&path, None).unwrap_or_else(|_| json!({}));
d0a03d40
DM		 189
190 if let Some(map) = data.as_object() {
49811347 191 for (repo, _count) in map {
d0a03d40
DM		 192 result.push(repo.to_owned());
193 }
194 }
195
196 result
197}
198
f3fde36b
WB		 199fn connect(repo: &BackupRepository) -> Result<HttpClient, Error> {
200 connect_do(repo.host(), repo.port(), repo.auth_id())
201 .map_err(|err| format_err!("error building client for repository {} - {}", repo, err))
202}
d59dbeca 203
f3fde36b 204fn connect_do(server: &str, port: u16, auth_id: &Authid) -> Result<HttpClient, Error> {
a05c0c6f
DM		 205 let fingerprint = std::env::var(ENV_VAR_PBS_FINGERPRINT).ok();
206
d1c65727
DM		 207 use std::env::VarError::*;
208 let password = match std::env::var(ENV_VAR_PBS_PASSWORD) {
209 Ok(p) => Some(p),
210 Err(NotUnicode(_)) => bail!(format!("{} contains bad characters", ENV_VAR_PBS_PASSWORD)),
211 Err(NotPresent) => None,
212 };
213
93e3581c 214 let options = HttpClientOptions::new_interactive(password, fingerprint);
d59dbeca 215
34aa8e13 216 HttpClient::new(server, port, auth_id, options)
d59dbeca
DM		 217}
218
42af4b8f
DM		 219async fn api_datastore_list_snapshots(
220 client: &HttpClient,
221 store: &str,
222 group: Option<BackupGroup>,
f24fc116 223) -> Result<Value, Error> {
42af4b8f
DM		 224
225 let path = format!("api2/json/admin/datastore/{}/snapshots", store);
226
227 let mut args = json!({});
228 if let Some(group) = group {
229 args["backup-type"] = group.backup_type().into();
230 args["backup-id"] = group.backup_id().into();
231 }
232
233 let mut result = client.get(&path, Some(args)).await?;
234
f24fc116 235 Ok(result["data"].take())
42af4b8f
DM		 236}
237
43abba4b 238pub async fn api_datastore_latest_snapshot(
27c9affb
DM		 239 client: &HttpClient,
240 store: &str,
241 group: BackupGroup,
6a7be83e 242) -> Result<(String, String, i64), Error> {
27c9affb 243
f24fc116
DM		 244 let list = api_datastore_list_snapshots(client, store, Some(group.clone())).await?;
245 let mut list: Vec<SnapshotListItem> = serde_json::from_value(list)?;
27c9affb
DM		 246
247 if list.is_empty() {
248 bail!("backup group {:?} does not contain any snapshots.", group.group_path());
249 }
250
251 list.sort_unstable_by(|a, b| b.backup_time.cmp(&a.backup_time));
252
6a7be83e 253 let backup_time = list[0].backup_time;
27c9affb
DM		 254
255 Ok((group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time))
256}
257
e9722f8b 258async fn backup_directory<P: AsRef<Path>>(
cf9271e2 259 client: &BackupWriter,
17d6979a 260 dir_path: P,
247cdbce 261 archive_name: &str,
36898ffc 262 chunk_size: Option<usize>,
f1d99e3f 263 catalog: Arc<Mutex<CatalogWriter<crate::tools::StdChannelWriter>>>,
77486a60 264 pxar_create_options: proxmox_backup::pxar::PxarCreateOptions,
e43b9175 265 upload_options: UploadOptions,
2c3891d1 266) -> Result<BackupStats, Error> {
33d64b81 267
6fc053ed
CE		 268 let pxar_stream = PxarBackupStream::open(
269 dir_path.as_ref(),
6fc053ed 270 catalog,
77486a60 271 pxar_create_options,
6fc053ed 272 )?;
e9722f8b 273 let mut chunk_stream = ChunkStream::new(pxar_stream, chunk_size);
ff3d3100 274
0bfcea6a 275 let (tx, rx) = mpsc::channel(10); // allow to buffer 10 chunks
5e7a09be 276
7c667013 277 let stream = ReceiverStream::new(rx)
e9722f8b 278 .map_err(Error::from);
17d6979a 279
c4ff3dce 280 // spawn chunker inside a separate task so that it can run parallel
e9722f8b 281 tokio::spawn(async move {
db0cb9ce
WB		 282 while let Some(v) = chunk_stream.next().await {
283 let _ = tx.send(v).await;
284 }
e9722f8b 285 });
17d6979a 286
e43b9175
FG		 287 if upload_options.fixed_size.is_some() {
288 bail!("cannot backup directory with fixed chunk size!");
289 }
290
e9722f8b 291 let stats = client
e43b9175 292 .upload_stream(archive_name, stream, upload_options)
e9722f8b 293 .await?;
bcd879cf 294
2c3891d1 295 Ok(stats)
bcd879cf
DM		 296}
297
e9722f8b 298async fn backup_image<P: AsRef<Path>>(
cf9271e2 299 client: &BackupWriter,
6af905c1
DM		 300 image_path: P,
301 archive_name: &str,
36898ffc 302 chunk_size: Option<usize>,
e43b9175 303 upload_options: UploadOptions,
2c3891d1 304) -> Result<BackupStats, Error> {
6af905c1 305
6af905c1
DM		 306 let path = image_path.as_ref().to_owned();
307
e9722f8b 308 let file = tokio::fs::File::open(path).await?;
6af905c1 309
db0cb9ce 310 let stream = tokio_util::codec::FramedRead::new(file, tokio_util::codec::BytesCodec::new())
6af905c1
DM		 311 .map_err(Error::from);
312
36898ffc 313 let stream = FixedChunkStream::new(stream, chunk_size.unwrap_or(4*1024*1024));
6af905c1 314
e43b9175
FG		 315 if upload_options.fixed_size.is_none() {
316 bail!("cannot backup image with dynamic chunk size!");
317 }
318
e9722f8b 319 let stats = client
e43b9175 320 .upload_stream(archive_name, stream, upload_options)
e9722f8b 321 .await?;
6af905c1 322
2c3891d1 323 Ok(stats)
6af905c1
DM		 324}
325
a47a02ae
DM		 326#[api(
327 input: {
328 properties: {
329 repository: {
330 schema: REPO_URL_SCHEMA,
331 optional: true,
332 },
333 "output-format": {
334 schema: OUTPUT_FORMAT,
335 optional: true,
336 },
337 }
338 }
339)]
340/// List backup groups.
341async fn list_backup_groups(param: Value) -> Result<Value, Error> {
812c6f87 342
c81b2b7c
DM		 343 let output_format = get_output_format(&param);
344
2665cef7 345 let repo = extract_repository_from_value(&param)?;
812c6f87 346
f3fde36b 347 let client = connect(&repo)?;
812c6f87 348
d0a03d40 349 let path = format!("api2/json/admin/datastore/{}/groups", repo.store());
812c6f87 350
8a8a4703 351 let mut result = client.get(&path, None).await?;
812c6f87 352
d0a03d40
DM		 353 record_repository(&repo);
354
c81b2b7c
DM		 355 let render_group_path = |_v: &Value, record: &Value| -> Result<String, Error> {
356 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
357 let group = BackupGroup::new(item.backup_type, item.backup_id);
358 Ok(group.group_path().to_str().unwrap().to_owned())
359 };
812c6f87 360
18deda40
DM		 361 let render_last_backup = |_v: &Value, record: &Value| -> Result<String, Error> {
362 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
e0e5b442 363 let snapshot = BackupDir::new(item.backup_type, item.backup_id, item.last_backup)?;
18deda40 364 Ok(snapshot.relative_path().to_str().unwrap().to_owned())
c81b2b7c 365 };
812c6f87 366
c81b2b7c
DM		 367 let render_files = |_v: &Value, record: &Value| -> Result<String, Error> {
368 let item: GroupListItem = serde_json::from_value(record.to_owned())?;
4939255f 369 Ok(tools::format::render_backup_file_list(&item.files))
c81b2b7c 370 };
812c6f87 371
c81b2b7c
DM		 372 let options = default_table_format_options()
373 .sortby("backup-type", false)
374 .sortby("backup-id", false)
375 .column(ColumnConfig::new("backup-id").renderer(render_group_path).header("group"))
18deda40
DM		 376 .column(
377 ColumnConfig::new("last-backup")
378 .renderer(render_last_backup)
379 .header("last snapshot")
380 .right_align(false)
381 )
c81b2b7c
DM		 382 .column(ColumnConfig::new("backup-count"))
383 .column(ColumnConfig::new("files").renderer(render_files));
ad20d198 384
c81b2b7c 385 let mut data: Value = result["data"].take();
ad20d198 386
b2362a12 387 let return_type = &proxmox_backup::api2::admin::datastore::API_METHOD_LIST_GROUPS.returns;
812c6f87 388
b2362a12 389 format_and_print_result_full(&mut data, return_type, &output_format, &options);
34a816cc 390
812c6f87
DM		 391 Ok(Value::Null)
392}
393
344add38
DW		 394#[api(
395 input: {
396 properties: {
397 repository: {
398 schema: REPO_URL_SCHEMA,
399 optional: true,
400 },
401 group: {
402 type: String,
403 description: "Backup group.",
404 },
405 "new-owner": {
e6dc35ac 406 type: Authid,
344add38
DW		 407 },
408 }
409 }
410)]
411/// Change owner of a backup group
412async fn change_backup_owner(group: String, mut param: Value) -> Result<(), Error> {
413
414 let repo = extract_repository_from_value(&param)?;
415
f3fde36b 416 let mut client = connect(&repo)?;
344add38
DW		 417
418 param.as_object_mut().unwrap().remove("repository");
419
420 let group: BackupGroup = group.parse()?;
421
422 param["backup-type"] = group.backup_type().into();
423 param["backup-id"] = group.backup_id().into();
424
425 let path = format!("api2/json/admin/datastore/{}/change-owner", repo.store());
426 client.post(&path, Some(param)).await?;
427
428 record_repository(&repo);
429
430 Ok(())
431}
432
a47a02ae
DM		 433#[api(
434 input: {
435 properties: {
436 repository: {
437 schema: REPO_URL_SCHEMA,
438 optional: true,
439 },
440 }
441 }
442)]
443/// Try to login. If successful, store ticket.
444async fn api_login(param: Value) -> Result<Value, Error> {
e240d8be
DM		 445
446 let repo = extract_repository_from_value(&param)?;
447
f3fde36b 448 let client = connect(&repo)?;
8a8a4703 449 client.login().await?;
e240d8be
DM		 450
451 record_repository(&repo);
452
453 Ok(Value::Null)
454}
455
a47a02ae
DM		 456#[api(
457 input: {
458 properties: {
459 repository: {
460 schema: REPO_URL_SCHEMA,
461 optional: true,
462 },
463 }
464 }
465)]
466/// Logout (delete stored ticket).
467fn api_logout(param: Value) -> Result<Value, Error> {
e240d8be
DM		 468
469 let repo = extract_repository_from_value(&param)?;
470
5030b7ce 471 delete_ticket_info("proxmox-backup", repo.host(), repo.user())?;
e240d8be
DM		 472
473 Ok(Value::Null)
474}
475
e39974af
TL		 476#[api(
477 input: {
478 properties: {
479 repository: {
480 schema: REPO_URL_SCHEMA,
481 optional: true,
482 },
483 "output-format": {
484 schema: OUTPUT_FORMAT,
485 optional: true,
486 },
487 }
488 }
489)]
490/// Show client and optional server version
491async fn api_version(param: Value) -> Result<(), Error> {
492
493 let output_format = get_output_format(&param);
494
495 let mut version_info = json!({
496 "client": {
497 "version": version::PROXMOX_PKG_VERSION,
498 "release": version::PROXMOX_PKG_RELEASE,
499 "repoid": version::PROXMOX_PKG_REPOID,
500 }
501 });
502
503 let repo = extract_repository_from_value(&param);
504 if let Ok(repo) = repo {
f3fde36b 505 let client = connect(&repo)?;
e39974af
TL		 506
507 match client.get("api2/json/version", None).await {
508 Ok(mut result) => version_info["server"] = result["data"].take(),
509 Err(e) => eprintln!("could not connect to server - {}", e),
510 }
511 }
512 if output_format == "text" {
513 println!("client version: {}.{}", version::PROXMOX_PKG_VERSION, version::PROXMOX_PKG_RELEASE);
514 if let Some(server) = version_info["server"].as_object() {
515 let server_version = server["version"].as_str().unwrap();
516 let server_release = server["release"].as_str().unwrap();
517 println!("server version: {}.{}", server_version, server_release);
518 }
519 } else {
520 format_and_print_result(&version_info, &output_format);
521 }
522
523 Ok(())
524}
525
a47a02ae 526#[api(
94913f35 527 input: {
a47a02ae
DM		 528 properties: {
529 repository: {
530 schema: REPO_URL_SCHEMA,
531 optional: true,
532 },
94913f35
DM		 533 "output-format": {
534 schema: OUTPUT_FORMAT,
535 optional: true,
536 },
537 },
538 },
a47a02ae
DM		 539)]
540/// Start garbage collection for a specific repository.
541async fn start_garbage_collection(param: Value) -> Result<Value, Error> {
8cc0d6af 542
2665cef7 543 let repo = extract_repository_from_value(&param)?;
c2043614
DM		 544
545 let output_format = get_output_format(&param);
8cc0d6af 546
f3fde36b 547 let mut client = connect(&repo)?;
8cc0d6af 548
d0a03d40 549 let path = format!("api2/json/admin/datastore/{}/gc", repo.store());
8cc0d6af 550
8a8a4703 551 let result = client.post(&path, None).await?;
8cc0d6af 552
8a8a4703 553 record_repository(&repo);
d0a03d40 554
e68269fc 555 view_task_result(&mut client, result, &output_format).await?;
e5f7def4 556
e5f7def4 557 Ok(Value::Null)
8cc0d6af 558}
33d64b81 559
6d233161
FG		 560struct CatalogUploadResult {
561 catalog_writer: Arc<Mutex<CatalogWriter<crate::tools::StdChannelWriter>>>,
562 result: tokio::sync::oneshot::Receiver<Result<BackupStats, Error>>,
563}
564
bf6e3217 565fn spawn_catalog_upload(
3bad3e6e 566 client: Arc<BackupWriter>,
3638341a 567 encrypt: bool,
6d233161 568) -> Result<CatalogUploadResult, Error> {
f1d99e3f
DM		 569 let (catalog_tx, catalog_rx) = std::sync::mpsc::sync_channel(10); // allow to buffer 10 writes
570 let catalog_stream = crate::tools::StdChannelStream(catalog_rx);
bf6e3217
DM		 571 let catalog_chunk_size = 512*1024;
572 let catalog_chunk_stream = ChunkStream::new(catalog_stream, Some(catalog_chunk_size));
573
6d233161 574 let catalog_writer = Arc::new(Mutex::new(CatalogWriter::new(crate::tools::StdChannelWriter::new(catalog_tx))?));
bf6e3217
DM		 575
576 let (catalog_result_tx, catalog_result_rx) = tokio::sync::oneshot::channel();
577
e43b9175
FG		 578 let upload_options = UploadOptions {
579 encrypt,
580 compress: true,
581 ..UploadOptions::default()
582 };
583
bf6e3217
DM		 584 tokio::spawn(async move {
585 let catalog_upload_result = client
e43b9175 586 .upload_stream(CATALOG_NAME, catalog_chunk_stream, upload_options)
bf6e3217
DM		 587 .await;
588
589 if let Err(ref err) = catalog_upload_result {
590 eprintln!("catalog upload error - {}", err);
591 client.cancel();
592 }
593
594 let _ = catalog_result_tx.send(catalog_upload_result);
595 });
596
6d233161 597 Ok(CatalogUploadResult { catalog_writer, result: catalog_result_rx })
bf6e3217
DM		 598}
599
c6a7ea0a
FG		 600#[derive(Debug, Eq, PartialEq)]
601struct CryptoParams {
602 mode: CryptMode,
603 enc_key: Option<Vec<u8>>,
604}
605
606fn crypto_parameters(param: &Value) -> Result<CryptoParams, Error> {
f28d9088
WB		 607 let keyfile = match param.get("keyfile") {
608 Some(Value::String(keyfile)) => Some(keyfile),
609 Some(_) => bail!("bad --keyfile parameter type"),
610 None => None,
611 };
612
0351f23b
WB		 613 let key_fd = match param.get("keyfd") {
614 Some(Value::Number(key_fd)) => Some(
615 RawFd::try_from(key_fd
616 .as_i64()
617 .ok_or_else(|| format_err!("bad key fd: {:?}", key_fd))?
618 )
619 .map_err(|err| format_err!("bad key fd: {:?}: {}", key_fd, err))?
620 ),
621 Some(_) => bail!("bad --keyfd parameter type"),
622 None => None,
623 };
624
c6a7ea0a 625 let mode: Option<CryptMode> = match param.get("crypt-mode") {
f28d9088
WB		 626 Some(mode) => Some(serde_json::from_value(mode.clone())?),
627 None => None,
628 };
629
0351f23b
WB		 630 let keydata = match (keyfile, key_fd) {
631 (None, None) => None,
632 (Some(_), Some(_)) => bail!("--keyfile and --keyfd are mutually exclusive"),
beb07279 633 (Some(keyfile), None) => {
490560e0 634 eprintln!("Using encryption key file: {}", keyfile);
beb07279
SI		 635 Some(file_get_contents(keyfile)?)
636 },
0351f23b
WB		 637 (None, Some(fd)) => {
638 let input = unsafe { std::fs::File::from_raw_fd(fd) };
639 let mut data = Vec::new();
640 let _len: usize = { input }.read_to_end(&mut data)
641 .map_err(|err| {
642 format_err!("error reading encryption key from fd {}: {}", fd, err)
643 })?;
490560e0 644 eprintln!("Using encryption key from file descriptor");
0351f23b
WB		 645 Some(data)
646 }
647 };
648
c6a7ea0a 649 Ok(match (keydata, mode) {
96ee8577 650 // no parameters:
0351f23b 651 (None, None) => match key::read_optional_default_encryption_key()? {
c6a7ea0a
FG		 652 None => CryptoParams { enc_key: None, mode: CryptMode::None },
653 enc_key => {
490560e0 654 eprintln!("Encrypting with default encryption key!");
c6a7ea0a 655 CryptoParams { enc_key, mode: CryptMode::Encrypt }
8c6854c8 656 },
05389a01 657 },
96ee8577 658
f28d9088 659 // just --crypt-mode=none
c6a7ea0a 660 (None, Some(CryptMode::None)) => CryptoParams { enc_key: None, mode: CryptMode::None },
96ee8577 661
f28d9088 662 // just --crypt-mode other than none
c6a7ea0a 663 (None, Some(mode)) => match key::read_optional_default_encryption_key()? {
f28d9088 664 None => bail!("--crypt-mode without --keyfile and no default key file available"),
c6a7ea0a 665 enc_key => {
490560e0 666 eprintln!("Encrypting with default encryption key!");
c6a7ea0a
FG		 667
668 CryptoParams { enc_key, mode }
beb07279 669 },
96ee8577
WB		 670 }
671
672 // just --keyfile
c6a7ea0a 673 (enc_key, None) => CryptoParams { enc_key, mode: CryptMode::Encrypt },
96ee8577 674
f28d9088
WB		 675 // --keyfile and --crypt-mode=none
676 (Some(_), Some(CryptMode::None)) => {
0351f23b 677 bail!("--keyfile/--keyfd and --crypt-mode=none are mutually exclusive");
96ee8577
WB		 678 }
679
f28d9088 680 // --keyfile and --crypt-mode other than none
c6a7ea0a 681 (enc_key, Some(mode)) => CryptoParams { enc_key, mode },
96ee8577
WB		 682 })
683}
684
5bb057e5 685#[test]
c6a7ea0a 686// WARNING: there must only be one test for crypto_parameters as the default key handling is not
5bb057e5 687// safe w.r.t. concurrency
c6a7ea0a 688fn test_crypto_parameters_handling() -> Result<(), Error> {
5bb057e5
FG		 689 let some_key = Some(vec![1;1]);
690 let default_key = Some(vec![2;1]);
691
c6a7ea0a
FG		 692 let no_key_res = CryptoParams { enc_key: None, mode: CryptMode::None };
693 let some_key_res = CryptoParams { enc_key: some_key.clone(), mode: CryptMode::Encrypt };
694 let some_key_sign_res = CryptoParams { enc_key: some_key.clone(), mode: CryptMode::SignOnly };
695 let default_key_res = CryptoParams { enc_key: default_key.clone(), mode: CryptMode::Encrypt };
696 let default_key_sign_res = CryptoParams { enc_key: default_key.clone(), mode: CryptMode::SignOnly };
5bb057e5
FG		 697
698 let keypath = "./tests/keyfile.test";
699 replace_file(&keypath, some_key.as_ref().unwrap(), CreateOptions::default())?;
700 let invalid_keypath = "./tests/invalid_keyfile.test";
701
702 // no params, no default key == no key
c6a7ea0a 703 let res = crypto_parameters(&json!({}));
5bb057e5
FG		 704 assert_eq!(res.unwrap(), no_key_res);
705
706 // keyfile param == key from keyfile
c6a7ea0a 707 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 708 assert_eq!(res.unwrap(), some_key_res);
709
710 // crypt mode none == no key
c6a7ea0a 711 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 712 assert_eq!(res.unwrap(), no_key_res);
713
714 // crypt mode encrypt/sign-only, no keyfile, no default key == Error
c6a7ea0a
FG		 715 assert!(crypto_parameters(&json!({"crypt-mode": "sign-only"})).is_err());
716 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 717
718 // crypt mode none with explicit key == Error
c6a7ea0a 719 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 720
721 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 722 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 723 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 724 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 725 assert_eq!(res.unwrap(), some_key_res);
726
727 // invalid keyfile parameter always errors
c6a7ea0a
FG		 728 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
729 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
730 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
731 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 732
733 // now set a default key
734 unsafe { key::set_test_encryption_key(Ok(default_key.clone())); }
735
736 // and repeat
737
738 // no params but default key == default key
c6a7ea0a 739 let res = crypto_parameters(&json!({}));
5bb057e5
FG		 740 assert_eq!(res.unwrap(), default_key_res);
741
742 // keyfile param == key from keyfile
c6a7ea0a 743 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 744 assert_eq!(res.unwrap(), some_key_res);
745
746 // crypt mode none == no key
c6a7ea0a 747 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 748 assert_eq!(res.unwrap(), no_key_res);
749
750 // crypt mode encrypt/sign-only, no keyfile, default key == default key with correct mode
c6a7ea0a 751 let res = crypto_parameters(&json!({"crypt-mode": "sign-only"}));
5bb057e5 752 assert_eq!(res.unwrap(), default_key_sign_res);
c6a7ea0a 753 let res = crypto_parameters(&json!({"crypt-mode": "encrypt"}));
5bb057e5
FG		 754 assert_eq!(res.unwrap(), default_key_res);
755
756 // crypt mode none with explicit key == Error
c6a7ea0a 757 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 758
759 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 760 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 761 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 762 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 763 assert_eq!(res.unwrap(), some_key_res);
764
765 // invalid keyfile parameter always errors
c6a7ea0a
FG		 766 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
767 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
768 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
769 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 770
771 // now make default key retrieval error
772 unsafe { key::set_test_encryption_key(Err(format_err!("test error"))); }
773
774 // and repeat
775
776 // no params, default key retrieval errors == Error
c6a7ea0a 777 assert!(crypto_parameters(&json!({})).is_err());
5bb057e5
FG		 778
779 // keyfile param == key from keyfile
c6a7ea0a 780 let res = crypto_parameters(&json!({"keyfile": keypath}));
5bb057e5
FG		 781 assert_eq!(res.unwrap(), some_key_res);
782
783 // crypt mode none == no key
c6a7ea0a 784 let res = crypto_parameters(&json!({"crypt-mode": "none"}));
5bb057e5
FG		 785 assert_eq!(res.unwrap(), no_key_res);
786
787 // crypt mode encrypt/sign-only, no keyfile, default key error == Error
c6a7ea0a
FG		 788 assert!(crypto_parameters(&json!({"crypt-mode": "sign-only"})).is_err());
789 assert!(crypto_parameters(&json!({"crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 790
791 // crypt mode none with explicit key == Error
c6a7ea0a 792 assert!(crypto_parameters(&json!({"crypt-mode": "none", "keyfile": keypath})).is_err());
5bb057e5
FG		 793
794 // crypt mode sign-only/encrypt with keyfile == key from keyfile with correct mode
c6a7ea0a 795 let res = crypto_parameters(&json!({"crypt-mode": "sign-only", "keyfile": keypath}));
5bb057e5 796 assert_eq!(res.unwrap(), some_key_sign_res);
c6a7ea0a 797 let res = crypto_parameters(&json!({"crypt-mode": "encrypt", "keyfile": keypath}));
5bb057e5
FG		 798 assert_eq!(res.unwrap(), some_key_res);
799
800 // invalid keyfile parameter always errors
c6a7ea0a
FG		 801 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath})).is_err());
802 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "none"})).is_err());
803 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "sign-only"})).is_err());
804 assert!(crypto_parameters(&json!({"keyfile": invalid_keypath, "crypt-mode": "encrypt"})).is_err());
5bb057e5
FG		 805 Ok(())
806}
807
a47a02ae
DM		 808#[api(
809 input: {
810 properties: {
811 backupspec: {
812 type: Array,
813 description: "List of backup source specifications ([<label.ext>:<path>] ...)",
814 items: {
815 schema: BACKUP_SOURCE_SCHEMA,
816 }
817 },
818 repository: {
819 schema: REPO_URL_SCHEMA,
820 optional: true,
821 },
822 "include-dev": {
823 description: "Include mountpoints with same st_dev number (see ``man fstat``) as specified files.",
824 optional: true,
825 items: {
826 type: String,
827 description: "Path to file.",
828 }
829 },
58fcbf5a
FE		 830 "all-file-systems": {
831 type: Boolean,
832 description: "Include all mounted subdirectories.",
833 optional: true,
834 },
a47a02ae
DM		 835 keyfile: {
836 schema: KEYFILE_SCHEMA,
837 optional: true,
838 },
0351f23b
WB		 839 "keyfd": {
840 schema: KEYFD_SCHEMA,
841 optional: true,
842 },
24be37e3
WB		 843 "crypt-mode": {
844 type: CryptMode,
96ee8577
WB		 845 optional: true,
846 },
a47a02ae
DM		 847 "skip-lost-and-found": {
848 type: Boolean,
849 description: "Skip lost+found directory.",
850 optional: true,
851 },
852 "backup-type": {
853 schema: BACKUP_TYPE_SCHEMA,
854 optional: true,
855 },
856 "backup-id": {
857 schema: BACKUP_ID_SCHEMA,
858 optional: true,
859 },
860 "backup-time": {
861 schema: BACKUP_TIME_SCHEMA,
862 optional: true,
863 },
864 "chunk-size": {
865 schema: CHUNK_SIZE_SCHEMA,
866 optional: true,
867 },
189996cf
CE		 868 "exclude": {
869 type: Array,
870 description: "List of paths or patterns for matching files to exclude.",
871 optional: true,
872 items: {
873 type: String,
874 description: "Path or match pattern.",
875 }
876 },
6fc053ed
CE		 877 "entries-max": {
878 type: Integer,
879 description: "Max number of entries to hold in memory.",
880 optional: true,
c443f58b 881 default: proxmox_backup::pxar::ENCODER_MAX_ENTRIES as isize,
6fc053ed 882 },
e02c3d46
DM		 883 "verbose": {
884 type: Boolean,
885 description: "Verbose output.",
886 optional: true,
887 },
a47a02ae
DM		 888 }
889 }
890)]
891/// Create (host) backup.
892async fn create_backup(
6049b71f
DM		 893 param: Value,
894 _info: &ApiMethod,
dd5495d6 895 _rpcenv: &mut dyn RpcEnvironment,
6049b71f 896) -> Result<Value, Error> {
ff5d3707 897
2665cef7 898 let repo = extract_repository_from_value(&param)?;
ae0be2dd
DM		 899
900 let backupspec_list = tools::required_array_param(&param, "backupspec")?;
a914a774 901
eed6db39
DM		 902 let all_file_systems = param["all-file-systems"].as_bool().unwrap_or(false);
903
5b72c9b4
DM		 904 let skip_lost_and_found = param["skip-lost-and-found"].as_bool().unwrap_or(false);
905
219ef0e6
DM		 906 let verbose = param["verbose"].as_bool().unwrap_or(false);
907
ca5d0b61
DM		 908 let backup_time_opt = param["backup-time"].as_i64();
909
36898ffc 910 let chunk_size_opt = param["chunk-size"].as_u64().map(|v| (v*1024) as usize);
2d9d143a 911
247cdbce
DM		 912 if let Some(size) = chunk_size_opt {
913 verify_chunk_size(size)?;
2d9d143a
DM		 914 }
915
c6a7ea0a 916 let crypto = crypto_parameters(&param)?;
6d0983db 917
f69adc81 918 let backup_id = param["backup-id"].as_str().unwrap_or(&proxmox::tools::nodename());
fba30411 919
bbf9e7e9 920 let backup_type = param["backup-type"].as_str().unwrap_or("host");
ca5d0b61 921
2eeaacb9
DM		 922 let include_dev = param["include-dev"].as_array();
923
c443f58b
WB		 924 let entries_max = param["entries-max"].as_u64()
925 .unwrap_or(proxmox_backup::pxar::ENCODER_MAX_ENTRIES as u64);
6fc053ed 926
189996cf 927 let empty = Vec::new();
c443f58b
WB		 928 let exclude_args = param["exclude"].as_array().unwrap_or(&empty);
929
239e49f9 930 let mut pattern_list = Vec::with_capacity(exclude_args.len());
c443f58b
WB		 931 for entry in exclude_args {
932 let entry = entry.as_str().ok_or_else(|| format_err!("Invalid pattern string slice"))?;
239e49f9 933 pattern_list.push(
c443f58b
WB		 934 MatchEntry::parse_pattern(entry, PatternFlag::PATH_NAME, MatchType::Exclude)
935 .map_err(|err| format_err!("invalid exclude pattern entry: {}", err))?
936 );
189996cf
CE		 937 }
938
2eeaacb9
DM		 939 let mut devices = if all_file_systems { None } else { Some(HashSet::new()) };
940
941 if let Some(include_dev) = include_dev {
942 if all_file_systems {
943 bail!("option 'all-file-systems' conflicts with option 'include-dev'");
944 }
945
946 let mut set = HashSet::new();
947 for path in include_dev {
948 let path = path.as_str().unwrap();
949 let stat = nix::sys::stat::stat(path)
950 .map_err(|err| format_err!("fstat {:?} failed - {}", path, err))?;
951 set.insert(stat.st_dev);
952 }
953 devices = Some(set);
954 }
955
ae0be2dd 956 let mut upload_list = vec![];
f2b4b4b9 957 let mut target_set = HashSet::new();
a914a774 958
ae0be2dd 959 for backupspec in backupspec_list {
7cc3473a
DM		 960 let spec = parse_backup_specification(backupspec.as_str().unwrap())?;
961 let filename = &spec.config_string;
962 let target = &spec.archive_name;
bcd879cf 963
f2b4b4b9
SI		 964 if target_set.contains(target) {
965 bail!("got target twice: '{}'", target);
966 }
967 target_set.insert(target.to_string());
968
eb1804c5
DM		 969 use std::os::unix::fs::FileTypeExt;
970
3fa71727
CE		 971 let metadata = std::fs::metadata(filename)
972 .map_err(|err| format_err!("unable to access '{}' - {}", filename, err))?;
eb1804c5 973 let file_type = metadata.file_type();
23bb8780 974
7cc3473a
DM		 975 match spec.spec_type {
976 BackupSpecificationType::PXAR => {
ec8a9bb9
DM		 977 if !file_type.is_dir() {
978 bail!("got unexpected file type (expected directory)");
979 }
7cc3473a 980 upload_list.push((BackupSpecificationType::PXAR, filename.to_owned(), format!("{}.didx", target), 0));
ec8a9bb9 981 }
7cc3473a 982 BackupSpecificationType::IMAGE => {
ec8a9bb9
DM		 983 if !(file_type.is_file() || file_type.is_block_device()) {
984 bail!("got unexpected file type (expected file or block device)");
985 }
eb1804c5 986
e18a6c9e 987 let size = image_size(&PathBuf::from(filename))?;
23bb8780 988
ec8a9bb9 989 if size == 0 { bail!("got zero-sized file '{}'", filename); }
ae0be2dd 990
7cc3473a 991 upload_list.push((BackupSpecificationType::IMAGE, filename.to_owned(), format!("{}.fidx", target), size));
ec8a9bb9 992 }
7cc3473a 993 BackupSpecificationType::CONFIG => {
ec8a9bb9
DM		 994 if !file_type.is_file() {
995 bail!("got unexpected file type (expected regular file)");
996 }
7cc3473a 997 upload_list.push((BackupSpecificationType::CONFIG, filename.to_owned(), format!("{}.blob", target), metadata.len()));
ec8a9bb9 998 }
7cc3473a 999 BackupSpecificationType::LOGFILE => {
79679c2d
DM		 1000 if !file_type.is_file() {
1001 bail!("got unexpected file type (expected regular file)");
1002 }
7cc3473a 1003 upload_list.push((BackupSpecificationType::LOGFILE, filename.to_owned(), format!("{}.blob", target), metadata.len()));
ec8a9bb9 1004 }
ae0be2dd
DM		 1005 }
1006 }
1007
22a9189e 1008 let backup_time = backup_time_opt.unwrap_or_else(epoch_i64);
ae0be2dd 1009
f3fde36b 1010 let client = connect(&repo)?;
d0a03d40
DM		 1011 record_repository(&repo);
1012
6a7be83e 1013 println!("Starting backup: {}/{}/{}", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time)?);
ca5d0b61 1014
f69adc81 1015 println!("Client name: {}", proxmox::tools::nodename());
ca5d0b61 1016
6a7be83e 1017 let start_time = std::time::Instant::now();
ca5d0b61 1018
6a7be83e 1019 println!("Starting backup protocol: {}", strftime_local("%c", epoch_i64())?);
51144821 1020
c6a7ea0a 1021 let (crypt_config, rsa_encrypted_key) = match crypto.enc_key {
bb823140 1022 None => (None, None),
0351f23b 1023 Some(key) => {
6f2626ae
FG		 1024 let (key, created, fingerprint) = decrypt_key(&key, &key::get_encryption_key_password)?;
1025 println!("Encryption key fingerprint: {}", fingerprint);
bb823140 1026
44288184 1027 let crypt_config = CryptConfig::new(key)?;
bb823140 1028
05f17d1e 1029 match key::find_default_master_pubkey()? {
05389a01
WB		 1030 Some(ref path) if path.exists() => {
1031 let pem_data = file_get_contents(path)?;
1032 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
82a103c8 1033
1c86893d 1034 let mut key_config = KeyConfig::without_password(key)?;
82a103c8 1035 key_config.created = created; // keep original value
82a103c8 1036
8acfd15d 1037 let enc_key = rsa_encrypt_key_config(rsa, &key_config)?;
6f2626ae
FG		 1038 println!("Master key '{:?}'", path);
1039
05389a01
WB		 1040 (Some(Arc::new(crypt_config)), Some(enc_key))
1041 }
1042 _ => (Some(Arc::new(crypt_config)), None),
bb823140 1043 }
6d0983db
DM		 1044 }
1045 };
f98ac774 1046
8a8a4703
DM		 1047 let client = BackupWriter::start(
1048 client,
b957aa81 1049 crypt_config.clone(),
8a8a4703
DM		 1050 repo.store(),
1051 backup_type,
1052 &backup_id,
1053 backup_time,
1054 verbose,
61d7b501 1055 false
8a8a4703
DM		 1056 ).await?;
1057
8b7f8d3f
FG		 1058 let download_previous_manifest = match client.previous_backup_time().await {
1059 Ok(Some(backup_time)) => {
1060 println!(
1061 "Downloading previous manifest ({})",
1062 strftime_local("%c", backup_time)?
1063 );
1064 true
1065 }
1066 Ok(None) => {
1067 println!("No previous manifest available.");
1068 false
1069 }
1070 Err(_) => {
1071 // Fallback for outdated server, TODO remove/bubble up with 2.0
1072 true
1073 }
1074 };
1075
1076 let previous_manifest = if download_previous_manifest {
1077 match client.download_previous_manifest().await {
1078 Ok(previous_manifest) => {
1079 match previous_manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref)) {
1080 Ok(()) => Some(Arc::new(previous_manifest)),
1081 Err(err) => {
1082 println!("Couldn't re-use previous manifest - {}", err);
1083 None
1084 }
1085 }
23f9503a 1086 }
8b7f8d3f
FG		 1087 Err(err) => {
1088 println!("Couldn't download previous manifest - {}", err);
1089 None
1090 }
1091 }
1092 } else {
1093 None
b957aa81
DM		 1094 };
1095
6a7be83e 1096 let snapshot = BackupDir::new(backup_type, backup_id, backup_time)?;
8a8a4703
DM		 1097 let mut manifest = BackupManifest::new(snapshot);
1098
5d85847f 1099 let mut catalog = None;
6d233161 1100 let mut catalog_result_rx = None;
8a8a4703
DM		 1101
1102 for (backup_type, filename, target, size) in upload_list {
1103 match backup_type {
7cc3473a 1104 BackupSpecificationType::CONFIG => {
e43b9175
FG		 1105 let upload_options = UploadOptions {
1106 compress: true,
c6a7ea0a 1107 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1108 ..UploadOptions::default()
1109 };
1110
5b32820e 1111 println!("Upload config file '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1112 let stats = client
e43b9175 1113 .upload_blob_from_file(&filename, &target, upload_options)
8a8a4703 1114 .await?;
c6a7ea0a 1115 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703 1116 }
7cc3473a 1117 BackupSpecificationType::LOGFILE => { // fixme: remove - not needed anymore ?
e43b9175
FG		 1118 let upload_options = UploadOptions {
1119 compress: true,
c6a7ea0a 1120 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1121 ..UploadOptions::default()
1122 };
1123
5b32820e 1124 println!("Upload log file '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1125 let stats = client
e43b9175 1126 .upload_blob_from_file(&filename, &target, upload_options)
8a8a4703 1127 .await?;
c6a7ea0a 1128 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703 1129 }
7cc3473a 1130 BackupSpecificationType::PXAR => {
5d85847f
DC		 1131 // start catalog upload on first use
1132 if catalog.is_none() {
c6a7ea0a 1133 let catalog_upload_res = spawn_catalog_upload(client.clone(), crypto.mode == CryptMode::Encrypt)?;
6d233161
FG		 1134 catalog = Some(catalog_upload_res.catalog_writer);
1135 catalog_result_rx = Some(catalog_upload_res.result);
5d85847f
DC		 1136 }
1137 let catalog = catalog.as_ref().unwrap();
1138
5b32820e 1139 println!("Upload directory '{}' to '{}' as {}", filename, repo, target);
8a8a4703 1140 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
77486a60
FG		 1141
1142 let pxar_options = proxmox_backup::pxar::PxarCreateOptions {
1143 device_set: devices.clone(),
1144 patterns: pattern_list.clone(),
1145 entries_max: entries_max as usize,
1146 skip_lost_and_found,
1147 verbose,
1148 };
1149
e43b9175
FG		 1150 let upload_options = UploadOptions {
1151 previous_manifest: previous_manifest.clone(),
1152 compress: true,
c6a7ea0a 1153 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1154 ..UploadOptions::default()
1155 };
1156
8a8a4703
DM		 1157 let stats = backup_directory(
1158 &client,
1159 &filename,
1160 &target,
1161 chunk_size_opt,
8a8a4703 1162 catalog.clone(),
77486a60 1163 pxar_options,
e43b9175 1164 upload_options,
8a8a4703 1165 ).await?;
c6a7ea0a 1166 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
8a8a4703
DM		 1167 catalog.lock().unwrap().end_directory()?;
1168 }
7cc3473a 1169 BackupSpecificationType::IMAGE => {
8a8a4703 1170 println!("Upload image '{}' to '{:?}' as {}", filename, repo, target);
e43b9175
FG		 1171
1172 let upload_options = UploadOptions {
1173 previous_manifest: previous_manifest.clone(),
1174 fixed_size: Some(size),
1175 compress: true,
c6a7ea0a 1176 encrypt: crypto.mode == CryptMode::Encrypt,
e43b9175
FG		 1177 };
1178
8a8a4703
DM		 1179 let stats = backup_image(
1180 &client,
e43b9175 1181 &filename,
8a8a4703 1182 &target,
8a8a4703 1183 chunk_size_opt,
e43b9175 1184 upload_options,
8a8a4703 1185 ).await?;
c6a7ea0a 1186 manifest.add_file(target, stats.size, stats.csum, crypto.mode)?;
6af905c1
DM		 1187 }
1188 }
8a8a4703 1189 }
4818c8b6 1190
8a8a4703 1191 // finalize and upload catalog
5d85847f 1192 if let Some(catalog) = catalog {
8a8a4703
DM		 1193 let mutex = Arc::try_unwrap(catalog)
1194 .map_err(|_| format_err!("unable to get catalog (still used)"))?;
1195 let mut catalog = mutex.into_inner().unwrap();
bf6e3217 1196
8a8a4703 1197 catalog.finish()?;
2761d6a4 1198
8a8a4703 1199 drop(catalog); // close upload stream
2761d6a4 1200
6d233161 1201 if let Some(catalog_result_rx) = catalog_result_rx {
5d85847f 1202 let stats = catalog_result_rx.await??;
c6a7ea0a 1203 manifest.add_file(CATALOG_NAME.to_owned(), stats.size, stats.csum, crypto.mode)?;
5d85847f 1204 }
8a8a4703 1205 }
2761d6a4 1206
8a8a4703 1207 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
9990af30 1208 let target = ENCRYPTED_KEY_BLOB_NAME;
8a8a4703 1209 println!("Upload RSA encoded key to '{:?}' as {}", repo, target);
e43b9175 1210 let options = UploadOptions { compress: false, encrypt: false, ..UploadOptions::default() };
8a8a4703 1211 let stats = client
e43b9175 1212 .upload_blob_from_data(rsa_encrypted_key, target, options)
8a8a4703 1213 .await?;
c6a7ea0a 1214 manifest.add_file(target.to_string(), stats.size, stats.csum, crypto.mode)?;
8a8a4703 1215
8a8a4703 1216 }
8a8a4703 1217 // create manifest (index.json)
3638341a 1218 // manifests are never encrypted, but include a signature
dfa517ad 1219 let manifest = manifest.to_string(crypt_config.as_ref().map(Arc::as_ref))
b53f6379 1220 .map_err(|err| format_err!("unable to format manifest - {}", err))?;
3638341a 1221
b53f6379 1222
9688f6de 1223 if verbose { println!("Upload index.json to '{}'", repo) };
e43b9175 1224 let options = UploadOptions { compress: true, encrypt: false, ..UploadOptions::default() };
8a8a4703 1225 client
e43b9175 1226 .upload_blob_from_data(manifest.into_bytes(), MANIFEST_BLOB_NAME, options)
8a8a4703 1227 .await?;
2c3891d1 1228
8a8a4703 1229 client.finish().await?;
c4ff3dce 1230
6a7be83e
DM		 1231 let end_time = std::time::Instant::now();
1232 let elapsed = end_time.duration_since(start_time);
1233 println!("Duration: {:.2}s", elapsed.as_secs_f64());
3ec3ec3f 1234
6a7be83e 1235 println!("End Time: {}", strftime_local("%c", epoch_i64())?);
3d5c11e5 1236
8a8a4703 1237 Ok(Value::Null)
f98ea63d
DM		 1238}
1239
d0a03d40 1240fn complete_backup_source(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
f98ea63d
DM		 1241
1242 let mut result = vec![];
1243
1244 let data: Vec<&str> = arg.splitn(2, ':').collect();
1245
bff11030 1246 if data.len() != 2 {
8968258b
DM		 1247 result.push(String::from("root.pxar:/"));
1248 result.push(String::from("etc.pxar:/etc"));
bff11030
DM		 1249 return result;
1250 }
f98ea63d 1251
496a6784 1252 let files = tools::complete_file_name(data[1], param);
f98ea63d
DM		 1253
1254 for file in files {
1255 result.push(format!("{}:{}", data[0], file));
1256 }
1257
1258 result
ff5d3707 1259}
1260
8e6e18b7 1261async fn dump_image<W: Write>(
88892ea8
DM		 1262 client: Arc<BackupReader>,
1263 crypt_config: Option<Arc<CryptConfig>>,
14f6c9cb 1264 crypt_mode: CryptMode,
88892ea8
DM		 1265 index: FixedIndexReader,
1266 mut writer: W,
fd04ca7a 1267 verbose: bool,
88892ea8
DM		 1268) -> Result<(), Error> {
1269
1270 let most_used = index.find_most_used_chunks(8);
1271
14f6c9cb 1272 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, crypt_mode, most_used);
88892ea8
DM		 1273
1274 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
1275 // and thus slows down reading. Instead, directly use RemoteChunkReader
fd04ca7a
DM		 1276 let mut per = 0;
1277 let mut bytes = 0;
1278 let start_time = std::time::Instant::now();
1279
88892ea8
DM		 1280 for pos in 0..index.index_count() {
1281 let digest = index.index_digest(pos).unwrap();
8e6e18b7 1282 let raw_data = chunk_reader.read_chunk(&digest).await?;
88892ea8 1283 writer.write_all(&raw_data)?;
fd04ca7a
DM		 1284 bytes += raw_data.len();
1285 if verbose {
1286 let next_per = ((pos+1)*100)/index.index_count();
1287 if per != next_per {
1288 eprintln!("progress {}% (read {} bytes, duration {} sec)",
1289 next_per, bytes, start_time.elapsed().as_secs());
1290 per = next_per;
1291 }
1292 }
88892ea8
DM		 1293 }
1294
fd04ca7a
DM		 1295 let end_time = std::time::Instant::now();
1296 let elapsed = end_time.duration_since(start_time);
1297 eprintln!("restore image complete (bytes={}, duration={:.2}s, speed={:.2}MB/s)",
1298 bytes,
1299 elapsed.as_secs_f64(),
1300 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
1301 );
1302
1303
88892ea8
DM		 1304 Ok(())
1305}
1306
dc155e9b 1307fn parse_archive_type(name: &str) -> (String, ArchiveType) {
2d32fe2c
TL		 1308 if name.ends_with(".didx") || name.ends_with(".fidx") || name.ends_with(".blob") {
1309 (name.into(), archive_type(name).unwrap())
1310 } else if name.ends_with(".pxar") {
dc155e9b
TL		 1311 (format!("{}.didx", name), ArchiveType::DynamicIndex)
1312 } else if name.ends_with(".img") {
1313 (format!("{}.fidx", name), ArchiveType::FixedIndex)
1314 } else {
1315 (format!("{}.blob", name), ArchiveType::Blob)
1316 }
1317}
1318
a47a02ae
DM		 1319#[api(
1320 input: {
1321 properties: {
1322 repository: {
1323 schema: REPO_URL_SCHEMA,
1324 optional: true,
1325 },
1326 snapshot: {
1327 type: String,
1328 description: "Group/Snapshot path.",
1329 },
1330 "archive-name": {
1331 description: "Backup archive name.",
1332 type: String,
1333 },
1334 target: {
1335 type: String,
90c815bf 1336 description: r###"Target directory path. Use '-' to write to standard output.
8a8a4703 1337
5eee6d89 1338We do not extraxt '.pxar' archives when writing to standard output.
8a8a4703 1339
a47a02ae
DM		 1340"###
1341 },
1342 "allow-existing-dirs": {
1343 type: Boolean,
1344 description: "Do not fail if directories already exists.",
1345 optional: true,
1346 },
1347 keyfile: {
1348 schema: KEYFILE_SCHEMA,
1349 optional: true,
1350 },
0351f23b
WB		 1351 "keyfd": {
1352 schema: KEYFD_SCHEMA,
1353 optional: true,
1354 },
24be37e3
WB		 1355 "crypt-mode": {
1356 type: CryptMode,
96ee8577
WB		 1357 optional: true,
1358 },
a47a02ae
DM		 1359 }
1360 }
1361)]
1362/// Restore backup repository.
1363async fn restore(param: Value) -> Result<Value, Error> {
2665cef7 1364 let repo = extract_repository_from_value(&param)?;
9f912493 1365
86eda3eb
DM		 1366 let verbose = param["verbose"].as_bool().unwrap_or(false);
1367
46d5aa0a
DM		 1368 let allow_existing_dirs = param["allow-existing-dirs"].as_bool().unwrap_or(false);
1369
d5c34d98
DM		 1370 let archive_name = tools::required_string_param(&param, "archive-name")?;
1371
f3fde36b 1372 let client = connect(&repo)?;
d0a03d40 1373
d0a03d40 1374 record_repository(&repo);
d5c34d98 1375
9f912493 1376 let path = tools::required_string_param(&param, "snapshot")?;
9f912493 1377
86eda3eb 1378 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
d6d3b353 1379 let group: BackupGroup = path.parse()?;
27c9affb 1380 api_datastore_latest_snapshot(&client, repo.store(), group).await?
d5c34d98 1381 } else {
a67f7d0a 1382 let snapshot: BackupDir = path.parse()?;
86eda3eb
DM		 1383 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1384 };
9f912493 1385
d5c34d98 1386 let target = tools::required_string_param(&param, "target")?;
bf125261 1387 let target = if target == "-" { None } else { Some(target) };
2ae7d196 1388
c6a7ea0a 1389 let crypto = crypto_parameters(&param)?;
2ae7d196 1390
c6a7ea0a 1391 let crypt_config = match crypto.enc_key {
86eda3eb 1392 None => None,
0351f23b 1393 Some(key) => {
6f2626ae 1394 let (key, _, fingerprint) = decrypt_key(&key, &key::get_encryption_key_password)?;
490560e0 1395 eprintln!("Encryption key fingerprint: '{}'", fingerprint);
86eda3eb
DM		 1396 Some(Arc::new(CryptConfig::new(key)?))
1397 }
1398 };
d5c34d98 1399
296c50ba
DM		 1400 let client = BackupReader::start(
1401 client,
1402 crypt_config.clone(),
1403 repo.store(),
1404 &backup_type,
1405 &backup_id,
1406 backup_time,
1407 true,
1408 ).await?;
86eda3eb 1409
48fbbfeb
FG		 1410 let (archive_name, archive_type) = parse_archive_type(archive_name);
1411
2107a5ae 1412 let (manifest, backup_index_data) = client.download_manifest().await?;
02fcf372 1413
48fbbfeb
FG		 1414 if archive_name == ENCRYPTED_KEY_BLOB_NAME && crypt_config.is_none() {
1415 eprintln!("Restoring encrypted key blob without original key - skipping manifest fingerprint check!")
1416 } else {
1417 manifest.check_fingerprint(crypt_config.as_ref().map(Arc::as_ref))?;
1418 }
dc155e9b
TL		 1419
1420 if archive_name == MANIFEST_BLOB_NAME {
02fcf372 1421 if let Some(target) = target {
2107a5ae 1422 replace_file(target, &backup_index_data, CreateOptions::new())?;
02fcf372
DM		 1423 } else {
1424 let stdout = std::io::stdout();
1425 let mut writer = stdout.lock();
2107a5ae 1426 writer.write_all(&backup_index_data)
02fcf372
DM		 1427 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1428 }
1429
14f6c9cb
FG		 1430 return Ok(Value::Null);
1431 }
1432
1433 let file_info = manifest.lookup_file_info(&archive_name)?;
1434
1435 if archive_type == ArchiveType::Blob {
d2267b11 1436
dc155e9b 1437 let mut reader = client.download_blob(&manifest, &archive_name).await?;
f8100e96 1438
bf125261 1439 if let Some(target) = target {
0d986280
DM		 1440 let mut writer = std::fs::OpenOptions::new()
1441 .write(true)
1442 .create(true)
1443 .create_new(true)
1444 .open(target)
1445 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?;
1446 std::io::copy(&mut reader, &mut writer)?;
bf125261
DM		 1447 } else {
1448 let stdout = std::io::stdout();
1449 let mut writer = stdout.lock();
0d986280 1450 std::io::copy(&mut reader, &mut writer)
bf125261
DM		 1451 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1452 }
f8100e96 1453
dc155e9b 1454 } else if archive_type == ArchiveType::DynamicIndex {
86eda3eb 1455
dc155e9b 1456 let index = client.download_dynamic_index(&manifest, &archive_name).await?;
df65bd3d 1457
f4bf7dfc
DM		 1458 let most_used = index.find_most_used_chunks(8);
1459
14f6c9cb 1460 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, file_info.chunk_crypt_mode(), most_used);
f4bf7dfc 1461
afb4cd28 1462 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
86eda3eb 1463
72064fd0
FG		 1464 let options = proxmox_backup::pxar::PxarExtractOptions {
1465 match_list: &[],
1466 extract_match_default: true,
1467 allow_existing_dirs,
1468 on_error: None,
1469 };
1470
bf125261 1471 if let Some(target) = target {
c443f58b
WB		 1472 proxmox_backup::pxar::extract_archive(
1473 pxar::decoder::Decoder::from_std(reader)?,
1474 Path::new(target),
5444fa94 1475 proxmox_backup::pxar::Flags::DEFAULT,
c443f58b
WB		 1476 |path| {
1477 if verbose {
1478 println!("{:?}", path);
1479 }
1480 },
72064fd0 1481 options,
c443f58b
WB		 1482 )
1483 .map_err(|err| format_err!("error extracting archive - {}", err))?;
bf125261 1484 } else {
88892ea8
DM		 1485 let mut writer = std::fs::OpenOptions::new()
1486 .write(true)
1487 .open("/dev/stdout")
1488 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?;
afb4cd28 1489
bf125261
DM		 1490 std::io::copy(&mut reader, &mut writer)
1491 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1492 }
dc155e9b 1493 } else if archive_type == ArchiveType::FixedIndex {
afb4cd28 1494
dc155e9b 1495 let index = client.download_fixed_index(&manifest, &archive_name).await?;
df65bd3d 1496
88892ea8
DM		 1497 let mut writer = if let Some(target) = target {
1498 std::fs::OpenOptions::new()
bf125261
DM		 1499 .write(true)
1500 .create(true)
1501 .create_new(true)
1502 .open(target)
88892ea8 1503 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?
bf125261 1504 } else {
88892ea8
DM		 1505 std::fs::OpenOptions::new()
1506 .write(true)
1507 .open("/dev/stdout")
1508 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?
1509 };
afb4cd28 1510
14f6c9cb 1511 dump_image(client.clone(), crypt_config.clone(), file_info.chunk_crypt_mode(), index, &mut writer, verbose).await?;
3031e44c 1512 }
fef44d4f
DM		 1513
1514 Ok(Value::Null)
45db6f89
DM		 1515}
1516
032d3ad8
DM		 1517const API_METHOD_PRUNE: ApiMethod = ApiMethod::new(
1518 &ApiHandler::Async(&prune),
1519 &ObjectSchema::new(
1520 "Prune a backup repository.",
1521 &proxmox_backup::add_common_prune_prameters!([
1522 ("dry-run", true, &BooleanSchema::new(
1523 "Just show what prune would do, but do not delete anything.")
1524 .schema()),
1525 ("group", false, &StringSchema::new("Backup group.").schema()),
1526 ], [
1527 ("output-format", true, &OUTPUT_FORMAT),
c48aa39f
DM		 1528 (
1529 "quiet",
1530 true,
1531 &BooleanSchema::new("Minimal output - only show removals.")
1532 .schema()
1533 ),
032d3ad8
DM		 1534 ("repository", true, &REPO_URL_SCHEMA),
1535 ])
1536 )
1537);
1538
1539fn prune<'a>(
1540 param: Value,
1541 _info: &ApiMethod,
1542 _rpcenv: &'a mut dyn RpcEnvironment,
1543) -> proxmox::api::ApiFuture<'a> {
1544 async move {
1545 prune_async(param).await
1546 }.boxed()
1547}
83b7db02 1548
032d3ad8 1549async fn prune_async(mut param: Value) -> Result<Value, Error> {
2665cef7 1550 let repo = extract_repository_from_value(&param)?;
83b7db02 1551
f3fde36b 1552 let mut client = connect(&repo)?;
83b7db02 1553
d0a03d40 1554 let path = format!("api2/json/admin/datastore/{}/prune", repo.store());
83b7db02 1555
9fdc3ef4 1556 let group = tools::required_string_param(&param, "group")?;
d6d3b353 1557 let group: BackupGroup = group.parse()?;
c2043614
DM		 1558
1559 let output_format = get_output_format(&param);
9fdc3ef4 1560
c48aa39f
DM		 1561 let quiet = param["quiet"].as_bool().unwrap_or(false);
1562
ea7a7ef2
DM		 1563 param.as_object_mut().unwrap().remove("repository");
1564 param.as_object_mut().unwrap().remove("group");
163e9bbe 1565 param.as_object_mut().unwrap().remove("output-format");
c48aa39f 1566 param.as_object_mut().unwrap().remove("quiet");
ea7a7ef2
DM		 1567
1568 param["backup-type"] = group.backup_type().into();
1569 param["backup-id"] = group.backup_id().into();
83b7db02 1570
db1e061d 1571 let mut result = client.post(&path, Some(param)).await?;
74fa81b8 1572
87c42375 1573 record_repository(&repo);
3b03abfe 1574
db1e061d
DM		 1575 let render_snapshot_path = |_v: &Value, record: &Value| -> Result<String, Error> {
1576 let item: PruneListItem = serde_json::from_value(record.to_owned())?;
e0e5b442 1577 let snapshot = BackupDir::new(item.backup_type, item.backup_id, item.backup_time)?;
db1e061d
DM		 1578 Ok(snapshot.relative_path().to_str().unwrap().to_owned())
1579 };
1580
c48aa39f
DM		 1581 let render_prune_action = |v: &Value, _record: &Value| -> Result<String, Error> {
1582 Ok(match v.as_bool() {
1583 Some(true) => "keep",
1584 Some(false) => "remove",
1585 None => "unknown",
1586 }.to_string())
1587 };
1588
db1e061d
DM		 1589 let options = default_table_format_options()
1590 .sortby("backup-type", false)
1591 .sortby("backup-id", false)
1592 .sortby("backup-time", false)
1593 .column(ColumnConfig::new("backup-id").renderer(render_snapshot_path).header("snapshot"))
74f7240b 1594 .column(ColumnConfig::new("backup-time").renderer(tools::format::render_epoch).header("date"))
c48aa39f 1595 .column(ColumnConfig::new("keep").renderer(render_prune_action).header("action"))
db1e061d
DM		 1596 ;
1597
b2362a12 1598 let return_type = &proxmox_backup::api2::admin::datastore::API_METHOD_PRUNE.returns;
db1e061d
DM		 1599
1600 let mut data = result["data"].take();
1601
c48aa39f
DM		 1602 if quiet {
1603 let list: Vec<Value> = data.as_array().unwrap().iter().filter(|item| {
1604 item["keep"].as_bool() == Some(false)
a375df6f 1605 }).cloned().collect();
c48aa39f
DM		 1606 data = list.into();
1607 }
1608
b2362a12 1609 format_and_print_result_full(&mut data, return_type, &output_format, &options);
d0a03d40 1610
43a406fd 1611 Ok(Value::Null)
83b7db02
DM		 1612}
1613
a47a02ae
DM		 1614#[api(
1615 input: {
1616 properties: {
1617 repository: {
1618 schema: REPO_URL_SCHEMA,
1619 optional: true,
1620 },
1621 "output-format": {
1622 schema: OUTPUT_FORMAT,
1623 optional: true,
1624 },
1625 }
f9beae9c
TL		 1626 },
1627 returns: {
1628 type: StorageStatus,
1629 },
a47a02ae
DM		 1630)]
1631/// Get repository status.
1632async fn status(param: Value) -> Result<Value, Error> {
34a816cc
DM		 1633
1634 let repo = extract_repository_from_value(&param)?;
1635
c2043614 1636 let output_format = get_output_format(&param);
34a816cc 1637
f3fde36b 1638 let client = connect(&repo)?;
34a816cc
DM		 1639
1640 let path = format!("api2/json/admin/datastore/{}/status", repo.store());
1641
1dc117bb 1642 let mut result = client.get(&path, None).await?;
14e08625 1643 let mut data = result["data"].take();
34a816cc
DM		 1644
1645 record_repository(&repo);
1646
390c5bdd
DM		 1647 let render_total_percentage = |v: &Value, record: &Value| -> Result<String, Error> {
1648 let v = v.as_u64().unwrap();
1649 let total = record["total"].as_u64().unwrap();
1650 let roundup = total/200;
1651 let per = ((v+roundup)*100)/total;
e23f5863
DM		 1652 let info = format!(" ({} %)", per);
1653 Ok(format!("{} {:>8}", v, info))
390c5bdd 1654 };
1dc117bb 1655
c2043614 1656 let options = default_table_format_options()
be2425ff 1657 .noheader(true)
e23f5863 1658 .column(ColumnConfig::new("total").renderer(render_total_percentage))
390c5bdd
DM		 1659 .column(ColumnConfig::new("used").renderer(render_total_percentage))
1660 .column(ColumnConfig::new("avail").renderer(render_total_percentage));
34a816cc 1661
b2362a12 1662 let return_type = &API_METHOD_STATUS.returns;
390c5bdd 1663
b2362a12 1664 format_and_print_result_full(&mut data, return_type, &output_format, &options);
34a816cc
DM		 1665
1666 Ok(Value::Null)
1667}
1668
5a2df000 1669// like get, but simply ignore errors and return Null instead
e9722f8b 1670async fn try_get(repo: &BackupRepository, url: &str) -> Value {
024f11bb 1671
a05c0c6f 1672 let fingerprint = std::env::var(ENV_VAR_PBS_FINGERPRINT).ok();
d1c65727 1673 let password = std::env::var(ENV_VAR_PBS_PASSWORD).ok();
a05c0c6f 1674
93e3581c
FG		 1675 // ticket cache, but no questions asked
1676 let options = HttpClientOptions::new_interactive(password, fingerprint)
1677 .interactive(false);
d59dbeca 1678
34aa8e13 1679 let client = match HttpClient::new(repo.host(), repo.port(), repo.auth_id(), options) {
45cdce06
DM		 1680 Ok(v) => v,
1681 _ => return Value::Null,
1682 };
b2388518 1683
e9722f8b 1684 let mut resp = match client.get(url, None).await {
b2388518
DM		 1685 Ok(v) => v,
1686 _ => return Value::Null,
1687 };
1688
1689 if let Some(map) = resp.as_object_mut() {
1690 if let Some(data) = map.remove("data") {
1691 return data;
1692 }
1693 }
1694 Value::Null
1695}
1696
b2388518 1697fn complete_backup_group(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
3f06d6fb 1698 proxmox_backup::tools::runtime::main(async { complete_backup_group_do(param).await })
e9722f8b
WB		 1699}
1700
1701async fn complete_backup_group_do(param: &HashMap<String, String>) -> Vec<String> {
024f11bb 1702
b2388518
DM		 1703 let mut result = vec![];
1704
2665cef7 1705 let repo = match extract_repository_from_map(param) {
b2388518 1706 Some(v) => v,
024f11bb
DM		 1707 _ => return result,
1708 };
1709
b2388518
DM		 1710 let path = format!("api2/json/admin/datastore/{}/groups", repo.store());
1711
e9722f8b 1712 let data = try_get(&repo, &path).await;
b2388518
DM		 1713
1714 if let Some(list) = data.as_array() {
024f11bb 1715 for item in list {
98f0b972
DM		 1716 if let (Some(backup_id), Some(backup_type)) =
1717 (item["backup-id"].as_str(), item["backup-type"].as_str())
1718 {
1719 result.push(format!("{}/{}", backup_type, backup_id));
024f11bb
DM		 1720 }
1721 }
1722 }
1723
1724 result
1725}
1726
43abba4b 1727pub fn complete_group_or_snapshot(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
3f06d6fb 1728 proxmox_backup::tools::runtime::main(async { complete_group_or_snapshot_do(arg, param).await })
e9722f8b
WB		 1729}
1730
1731async fn complete_group_or_snapshot_do(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
b2388518 1732
b2388518 1733 if arg.matches('/').count() < 2 {
e9722f8b 1734 let groups = complete_backup_group_do(param).await;
543a260f 1735 let mut result = vec![];
b2388518
DM		 1736 for group in groups {
1737 result.push(group.to_string());
1738 result.push(format!("{}/", group));
1739 }
1740 return result;
1741 }
1742
e9722f8b 1743 complete_backup_snapshot_do(param).await
543a260f 1744}
b2388518 1745
3fb53e07 1746fn complete_backup_snapshot(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
3f06d6fb 1747 proxmox_backup::tools::runtime::main(async { complete_backup_snapshot_do(param).await })
e9722f8b
WB		 1748}
1749
1750async fn complete_backup_snapshot_do(param: &HashMap<String, String>) -> Vec<String> {
543a260f
DM		 1751
1752 let mut result = vec![];
1753
1754 let repo = match extract_repository_from_map(param) {
1755 Some(v) => v,
1756 _ => return result,
1757 };
1758
1759 let path = format!("api2/json/admin/datastore/{}/snapshots", repo.store());
b2388518 1760
e9722f8b 1761 let data = try_get(&repo, &path).await;
b2388518
DM		 1762
1763 if let Some(list) = data.as_array() {
1764 for item in list {
1765 if let (Some(backup_id), Some(backup_type), Some(backup_time)) =
1766 (item["backup-id"].as_str(), item["backup-type"].as_str(), item["backup-time"].as_i64())
1767 {
e0e5b442
FG		 1768 if let Ok(snapshot) = BackupDir::new(backup_type, backup_id, backup_time) {
1769 result.push(snapshot.relative_path().to_str().unwrap().to_owned());
1770 }
b2388518
DM		 1771 }
1772 }
1773 }
1774
1775 result
1776}
1777
45db6f89 1778fn complete_server_file_name(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
3f06d6fb 1779 proxmox_backup::tools::runtime::main(async { complete_server_file_name_do(param).await })
e9722f8b
WB		 1780}
1781
1782async fn complete_server_file_name_do(param: &HashMap<String, String>) -> Vec<String> {
08dc340a
DM		 1783
1784 let mut result = vec![];
1785
2665cef7 1786 let repo = match extract_repository_from_map(param) {
08dc340a
DM		 1787 Some(v) => v,
1788 _ => return result,
1789 };
1790
a67f7d0a 1791 let snapshot: BackupDir = match param.get("snapshot") {
08dc340a 1792 Some(path) => {
a67f7d0a 1793 match path.parse() {
08dc340a
DM		 1794 Ok(v) => v,
1795 _ => return result,
1796 }
1797 }
1798 _ => return result,
1799 };
1800
1801 let query = tools::json_object_to_query(json!({
1802 "backup-type": snapshot.group().backup_type(),
1803 "backup-id": snapshot.group().backup_id(),
6a7be83e 1804 "backup-time": snapshot.backup_time(),
08dc340a
DM		 1805 })).unwrap();
1806
1807 let path = format!("api2/json/admin/datastore/{}/files?{}", repo.store(), query);
1808
e9722f8b 1809 let data = try_get(&repo, &path).await;
08dc340a
DM		 1810
1811 if let Some(list) = data.as_array() {
1812 for item in list {
c4f025eb 1813 if let Some(filename) = item["filename"].as_str() {
08dc340a
DM		 1814 result.push(filename.to_owned());
1815 }
1816 }
1817 }
1818
45db6f89
DM		 1819 result
1820}
1821
1822fn complete_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
52c171e4 1823 complete_server_file_name(arg, param)
e9722f8b 1824 .iter()
708fab30 1825 .map(|v| tools::format::strip_server_file_extension(&v))
e9722f8b 1826 .collect()
08dc340a
DM		 1827}
1828
43abba4b 1829pub fn complete_pxar_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
0ec9e1b0
DM		 1830 complete_server_file_name(arg, param)
1831 .iter()
2995aedf
DM		 1832 .filter_map(|name| {
1833 if name.ends_with(".pxar.didx") {
708fab30 1834 Some(tools::format::strip_server_file_extension(name))
2995aedf
DM		 1835 } else {
1836 None
1837 }
1838 })
1839 .collect()
1840}
1841
1842pub fn complete_img_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1843 complete_server_file_name(arg, param)
1844 .iter()
1845 .filter_map(|name| {
1846 if name.ends_with(".img.fidx") {
708fab30 1847 Some(tools::format::strip_server_file_extension(name))
0ec9e1b0
DM		 1848 } else {
1849 None
1850 }
1851 })
1852 .collect()
1853}
1854
49811347
DM		 1855fn complete_chunk_size(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
1856
1857 let mut result = vec![];
1858
1859 let mut size = 64;
1860 loop {
1861 result.push(size.to_string());
11377a47 1862 size *= 2;
49811347
DM		 1863 if size > 4096 { break; }
1864 }
1865
1866 result
1867}
1868
0224c3c2
FG		 1869fn complete_auth_id(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1870 proxmox_backup::tools::runtime::main(async { complete_auth_id_do(param).await })
1871}
1872
1873async fn complete_auth_id_do(param: &HashMap<String, String>) -> Vec<String> {
1874
1875 let mut result = vec![];
1876
1877 let repo = match extract_repository_from_map(param) {
1878 Some(v) => v,
1879 _ => return result,
1880 };
1881
1882 let data = try_get(&repo, "api2/json/access/users?include_tokens=true").await;
1883
1884 if let Ok(parsed) = serde_json::from_value::<Vec<UserWithTokens>>(data) {
1885 for user in parsed {
1886 result.push(user.userid.to_string());
1887 for token in user.tokens {
1888 result.push(token.tokenid.to_string());
1889 }
1890 }
1891 };
1892
1893 result
1894}
1895
c443f58b
WB		 1896use proxmox_backup::client::RemoteChunkReader;
1897/// This is a workaround until we have cleaned up the chunk/reader/... infrastructure for better
1898/// async use!
1899///
1900/// Ideally BufferedDynamicReader gets replaced so the LruCache maps to `BroadcastFuture<Chunk>`,
1901/// so that we can properly access it from multiple threads simultaneously while not issuing
1902/// duplicate simultaneous reads over http.
43abba4b 1903pub struct BufferedDynamicReadAt {
c443f58b
WB		 1904 inner: Mutex<BufferedDynamicReader<RemoteChunkReader>>,
1905}
1906
1907impl BufferedDynamicReadAt {
1908 fn new(inner: BufferedDynamicReader<RemoteChunkReader>) -> Self {
1909 Self {
1910 inner: Mutex::new(inner),
1911 }
1912 }
1913}
1914
a6f87283
WB		 1915impl ReadAt for BufferedDynamicReadAt {
1916 fn start_read_at<'a>(
1917 self: Pin<&'a Self>,
c443f58b 1918 _cx: &mut Context,
a6f87283 1919 buf: &'a mut [u8],
c443f58b 1920 offset: u64,
a6f87283 1921 ) -> MaybeReady<io::Result<usize>, ReadAtOperation<'a>> {
a6f87283 1922 MaybeReady::Ready(tokio::task::block_in_place(move || {
c443f58b
WB		 1923 let mut reader = self.inner.lock().unwrap();
1924 reader.seek(SeekFrom::Start(offset))?;
a6f87283
WB		 1925 Ok(reader.read(buf)?)
1926 }))
1927 }
1928
1929 fn poll_complete<'a>(
1930 self: Pin<&'a Self>,
1931 _op: ReadAtOperation<'a>,
1932 ) -> MaybeReady<io::Result<usize>, ReadAtOperation<'a>> {
1933 panic!("LocalDynamicReadAt::start_read_at returned Pending");
c443f58b
WB		 1934 }
1935}
1936
f2401311 1937fn main() {
33d64b81 1938
255f378a 1939 let backup_cmd_def = CliCommand::new(&API_METHOD_CREATE_BACKUP)
49fddd98 1940 .arg_param(&["backupspec"])
d0a03d40 1941 .completion_cb("repository", complete_repository)
49811347 1942 .completion_cb("backupspec", complete_backup_source)
6d0983db 1943 .completion_cb("keyfile", tools::complete_file_name)
49811347 1944 .completion_cb("chunk-size", complete_chunk_size);
f8838fe9 1945
caea8d61
DM		 1946 let benchmark_cmd_def = CliCommand::new(&API_METHOD_BENCHMARK)
1947 .completion_cb("repository", complete_repository)
1948 .completion_cb("keyfile", tools::complete_file_name);
1949
255f378a 1950 let list_cmd_def = CliCommand::new(&API_METHOD_LIST_BACKUP_GROUPS)
d0a03d40 1951 .completion_cb("repository", complete_repository);
41c039e1 1952
255f378a 1953 let garbage_collect_cmd_def = CliCommand::new(&API_METHOD_START_GARBAGE_COLLECTION)
d0a03d40 1954 .completion_cb("repository", complete_repository);
8cc0d6af 1955
255f378a 1956 let restore_cmd_def = CliCommand::new(&API_METHOD_RESTORE)
49fddd98 1957 .arg_param(&["snapshot", "archive-name", "target"])
b2388518 1958 .completion_cb("repository", complete_repository)
08dc340a
DM		 1959 .completion_cb("snapshot", complete_group_or_snapshot)
1960 .completion_cb("archive-name", complete_archive_name)
1961 .completion_cb("target", tools::complete_file_name);
9f912493 1962
255f378a 1963 let prune_cmd_def = CliCommand::new(&API_METHOD_PRUNE)
49fddd98 1964 .arg_param(&["group"])
9fdc3ef4 1965 .completion_cb("group", complete_backup_group)
d0a03d40 1966 .completion_cb("repository", complete_repository);
9f912493 1967
255f378a 1968 let status_cmd_def = CliCommand::new(&API_METHOD_STATUS)
34a816cc
DM		 1969 .completion_cb("repository", complete_repository);
1970
255f378a 1971 let login_cmd_def = CliCommand::new(&API_METHOD_API_LOGIN)
e240d8be
DM		 1972 .completion_cb("repository", complete_repository);
1973
255f378a 1974 let logout_cmd_def = CliCommand::new(&API_METHOD_API_LOGOUT)
e240d8be 1975 .completion_cb("repository", complete_repository);
32efac1c 1976
e39974af
TL		 1977 let version_cmd_def = CliCommand::new(&API_METHOD_API_VERSION)
1978 .completion_cb("repository", complete_repository);
1979
344add38
DW		 1980 let change_owner_cmd_def = CliCommand::new(&API_METHOD_CHANGE_BACKUP_OWNER)
1981 .arg_param(&["group", "new-owner"])
1982 .completion_cb("group", complete_backup_group)
0224c3c2 1983 .completion_cb("new-owner", complete_auth_id)
344add38
DW		 1984 .completion_cb("repository", complete_repository);
1985
41c039e1 1986 let cmd_def = CliCommandMap::new()
48ef3c33 1987 .insert("backup", backup_cmd_def)
48ef3c33
DM		 1988 .insert("garbage-collect", garbage_collect_cmd_def)
1989 .insert("list", list_cmd_def)
1990 .insert("login", login_cmd_def)
1991 .insert("logout", logout_cmd_def)
1992 .insert("prune", prune_cmd_def)
1993 .insert("restore", restore_cmd_def)
a65e3e4b 1994 .insert("snapshot", snapshot_mgtm_cli())
48ef3c33 1995 .insert("status", status_cmd_def)
9696f519 1996 .insert("key", key::cli())
43abba4b 1997 .insert("mount", mount_cmd_def())
45f9b32e
SR		 1998 .insert("map", map_cmd_def())
1999 .insert("unmap", unmap_cmd_def())
5830c205 2000 .insert("catalog", catalog_mgmt_cli())
caea8d61 2001 .insert("task", task_mgmt_cli())
e39974af 2002 .insert("version", version_cmd_def)
344add38 2003 .insert("benchmark", benchmark_cmd_def)
731eeef2
DM		 2004 .insert("change-owner", change_owner_cmd_def)
2005
61205f00 2006 .alias(&["files"], &["snapshot", "files"])
edebd523 2007 .alias(&["forget"], &["snapshot", "forget"])
0c9209b0 2008 .alias(&["upload-log"], &["snapshot", "upload-log"])
731eeef2
DM		 2009 .alias(&["snapshots"], &["snapshot", "list"])
2010 ;
48ef3c33 2011
7b22acd0
DM		 2012 let rpcenv = CliEnvironment::new();
2013 run_cli_command(cmd_def, rpcenv, Some(|future| {
d08bc483
DM		 2014 proxmox_backup::tools::runtime::main(future)
2015 }));
ff5d3707 2016}
Proxmox Backup Server and Client