1 use std
::collections
::HashSet
;
3 use std
::os
::unix
::ffi
::OsStrExt
;
4 use std
::sync
::{Arc, Mutex}
;
5 use std
::path
::{Path, PathBuf}
;
8 use anyhow
::{bail, format_err, Error}
;
10 use hyper
::http
::request
::Parts
;
11 use hyper
::{header, Body, Response, StatusCode}
;
12 use serde_json
::{json, Value}
;
13 use tokio_stream
::wrappers
::ReceiverStream
;
16 api
, ApiResponseFuture
, ApiHandler
, ApiMethod
, Router
,
17 RpcEnvironment
, RpcEnvironmentType
, Permission
19 use proxmox
::api
::router
::{ReturnType, SubdirMap}
;
20 use proxmox
::api
::schema
::*;
21 use proxmox
::tools
::fs
::{replace_file, CreateOptions}
;
22 use proxmox
::{http_err, identity, list_subdirs_api_method, sortable}
;
24 use pxar
::accessor
::aio
::{Accessor, FileContents, FileEntry}
;
27 use crate::api2
::types
::*;
28 use crate::api2
::node
::rrd
::create_value_from_rrd
;
30 use crate::config
::datastore
;
31 use crate::config
::cached_user_info
::CachedUserInfo
;
33 use crate::server
::{jobstate::Job, WorkerTask}
;
36 zip
::{ZipEncoder, ZipEntry}
,
37 AsyncChannelWriter
, AsyncReaderStream
, WrappedReaderStream
,
40 use crate::config
::acl
::{
42 PRIV_DATASTORE_MODIFY
,
45 PRIV_DATASTORE_BACKUP
,
46 PRIV_DATASTORE_VERIFY
,
49 fn check_priv_or_backup_owner(
54 ) -> Result
<(), Error
> {
55 let user_info
= CachedUserInfo
::new()?
;
56 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", store
.name()]);
58 if privs
& required_privs
== 0 {
59 let owner
= store
.get_owner(group
)?
;
60 check_backup_owner(&owner
, auth_id
)?
;
65 fn check_backup_owner(
68 ) -> Result
<(), Error
> {
69 let correct_owner
= owner
== auth_id
70 || (owner
.is_token() && &Authid
::from(owner
.user().clone()) == auth_id
);
72 bail
!("backup owner check failed ({} != {})", auth_id
, owner
);
79 backup_dir
: &BackupDir
,
80 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
82 let (manifest
, index_size
) = store
.load_manifest(backup_dir
)?
;
84 let mut result
= Vec
::new();
85 for item
in manifest
.files() {
86 result
.push(BackupContent
{
87 filename
: item
.filename
.clone(),
88 crypt_mode
: Some(item
.crypt_mode
),
89 size
: Some(item
.size
),
93 result
.push(BackupContent
{
94 filename
: MANIFEST_BLOB_NAME
.to_string(),
95 crypt_mode
: match manifest
.signature
{
96 Some(_
) => Some(CryptMode
::SignOnly
),
97 None
=> Some(CryptMode
::None
),
99 size
: Some(index_size
),
102 Ok((manifest
, result
))
105 fn get_all_snapshot_files(
108 ) -> Result
<(BackupManifest
, Vec
<BackupContent
>), Error
> {
110 let (manifest
, mut files
) = read_backup_index(&store
, &info
.backup_dir
)?
;
112 let file_set
= files
.iter().fold(HashSet
::new(), |mut acc
, item
| {
113 acc
.insert(item
.filename
.clone());
117 for file
in &info
.files
{
118 if file_set
.contains(file
) { continue; }
119 files
.push(BackupContent
{
120 filename
: file
.to_string(),
126 Ok((manifest
, files
))
133 schema
: DATASTORE_SCHEMA
,
139 description
: "Returns the list of backup groups.",
145 permission
: &Permission
::Privilege(
146 &["datastore", "{store}"],
147 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
151 /// List backup groups.
154 rpcenv
: &mut dyn RpcEnvironment
,
155 ) -> Result
<Vec
<GroupListItem
>, Error
> {
157 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
158 let user_info
= CachedUserInfo
::new()?
;
159 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
161 let datastore
= DataStore
::lookup_datastore(&store
)?
;
162 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
164 let backup_groups
= BackupInfo
::list_backup_groups(&datastore
.base_path())?
;
166 let group_info
= backup_groups
168 .fold(Vec
::new(), |mut group_info
, group
| {
169 let owner
= match datastore
.get_owner(&group
) {
170 Ok(auth_id
) => auth_id
,
172 eprintln
!("Failed to get owner of group '{}/{}' - {}",
179 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
183 let snapshots
= match group
.list_backups(&datastore
.base_path()) {
184 Ok(snapshots
) => snapshots
,
190 let backup_count
: u64 = snapshots
.len() as u64;
191 if backup_count
== 0 {
195 let last_backup
= snapshots
197 .fold(&snapshots
[0], |last
, curr
| {
198 if curr
.is_finished()
199 && curr
.backup_dir
.backup_time() > last
.backup_dir
.backup_time() {
207 group_info
.push(GroupListItem
{
208 backup_type
: group
.backup_type().to_string(),
209 backup_id
: group
.backup_id().to_string(),
210 last_backup
: last_backup
.backup_dir
.backup_time(),
213 files
: last_backup
.files
,
226 schema
: DATASTORE_SCHEMA
,
229 schema
: BACKUP_TYPE_SCHEMA
,
232 schema
: BACKUP_ID_SCHEMA
,
235 schema
: BACKUP_TIME_SCHEMA
,
241 description
: "Returns the list of archive files inside a backup snapshots.",
247 permission
: &Permission
::Privilege(
248 &["datastore", "{store}"],
249 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
253 /// List snapshot files.
254 pub fn list_snapshot_files(
260 rpcenv
: &mut dyn RpcEnvironment
,
261 ) -> Result
<Vec
<BackupContent
>, Error
> {
263 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
264 let datastore
= DataStore
::lookup_datastore(&store
)?
;
266 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
268 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_READ
)?
;
270 let info
= BackupInfo
::new(&datastore
.base_path(), snapshot
)?
;
272 let (_manifest
, files
) = get_all_snapshot_files(&datastore
, &info
)?
;
281 schema
: DATASTORE_SCHEMA
,
284 schema
: BACKUP_TYPE_SCHEMA
,
287 schema
: BACKUP_ID_SCHEMA
,
290 schema
: BACKUP_TIME_SCHEMA
,
295 permission
: &Permission
::Privilege(
296 &["datastore", "{store}"],
297 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
301 /// Delete backup snapshot.
308 rpcenv
: &mut dyn RpcEnvironment
,
309 ) -> Result
<Value
, Error
> {
311 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
313 let snapshot
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
314 let datastore
= DataStore
::lookup_datastore(&store
)?
;
316 check_priv_or_backup_owner(&datastore
, snapshot
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
318 datastore
.remove_backup_dir(&snapshot
, false)?
;
327 schema
: DATASTORE_SCHEMA
,
331 schema
: BACKUP_TYPE_SCHEMA
,
335 schema
: BACKUP_ID_SCHEMA
,
341 description
: "Returns the list of snapshots.",
343 type: SnapshotListItem
,
347 permission
: &Permission
::Privilege(
348 &["datastore", "{store}"],
349 PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
,
353 /// List backup snapshots.
354 pub fn list_snapshots (
356 backup_type
: Option
<String
>,
357 backup_id
: Option
<String
>,
360 rpcenv
: &mut dyn RpcEnvironment
,
361 ) -> Result
<Vec
<SnapshotListItem
>, Error
> {
363 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
364 let user_info
= CachedUserInfo
::new()?
;
365 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
367 let list_all
= (user_privs
& PRIV_DATASTORE_AUDIT
) != 0;
369 let datastore
= DataStore
::lookup_datastore(&store
)?
;
371 let base_path
= datastore
.base_path();
373 let groups
= match (backup_type
, backup_id
) {
374 (Some(backup_type
), Some(backup_id
)) => {
375 let mut groups
= Vec
::with_capacity(1);
376 groups
.push(BackupGroup
::new(backup_type
, backup_id
));
379 (Some(backup_type
), None
) => {
380 BackupInfo
::list_backup_groups(&base_path
)?
382 .filter(|group
| group
.backup_type() == backup_type
)
385 (None
, Some(backup_id
)) => {
386 BackupInfo
::list_backup_groups(&base_path
)?
388 .filter(|group
| group
.backup_id() == backup_id
)
391 _
=> BackupInfo
::list_backup_groups(&base_path
)?
,
394 let info_to_snapshot_list_item
= |group
: &BackupGroup
, owner
, info
: BackupInfo
| {
395 let backup_type
= group
.backup_type().to_string();
396 let backup_id
= group
.backup_id().to_string();
397 let backup_time
= info
.backup_dir
.backup_time();
399 match get_all_snapshot_files(&datastore
, &info
) {
400 Ok((manifest
, files
)) => {
401 // extract the first line from notes
402 let comment
: Option
<String
> = manifest
.unprotected
["notes"]
404 .and_then(|notes
| notes
.lines().next())
407 let fingerprint
= match manifest
.fingerprint() {
410 eprintln
!("error parsing fingerprint: '{}'", err
);
415 let verification
= manifest
.unprotected
["verify_state"].clone();
416 let verification
: Option
<SnapshotVerifyState
> = match serde_json
::from_value(verification
) {
417 Ok(verify
) => verify
,
419 eprintln
!("error parsing verification state : '{}'", err
);
424 let size
= Some(files
.iter().map(|x
| x
.size
.unwrap_or(0)).sum());
439 eprintln
!("error during snapshot file listing: '{}'", err
);
443 .map(|filename
| BackupContent
{
467 .try_fold(Vec
::new(), |mut snapshots
, group
| {
468 let owner
= match datastore
.get_owner(group
) {
469 Ok(auth_id
) => auth_id
,
471 eprintln
!("Failed to get owner of group '{}/{}' - {}",
475 return Ok(snapshots
);
479 if !list_all
&& check_backup_owner(&owner
, &auth_id
).is_err() {
480 return Ok(snapshots
);
483 let group_backups
= group
.list_backups(&datastore
.base_path())?
;
488 .map(|info
| info_to_snapshot_list_item(&group
, Some(owner
.clone()), info
))
495 fn get_snapshots_count(store
: &DataStore
, filter_owner
: Option
<&Authid
>) -> Result
<Counts
, Error
> {
496 let base_path
= store
.base_path();
497 let groups
= BackupInfo
::list_backup_groups(&base_path
)?
;
501 let owner
= match store
.get_owner(&group
) {
504 eprintln
!("Failed to get owner of group '{}/{}' - {}",
513 Some(filter
) => check_backup_owner(&owner
, filter
).is_ok(),
517 .try_fold(Counts
::default(), |mut counts
, group
| {
518 let snapshot_count
= group
.list_backups(&base_path
)?
.len() as u64;
520 let type_count
= match group
.backup_type() {
521 "ct" => counts
.ct
.get_or_insert(Default
::default()),
522 "vm" => counts
.vm
.get_or_insert(Default
::default()),
523 "host" => counts
.host
.get_or_insert(Default
::default()),
524 _
=> counts
.other
.get_or_insert(Default
::default()),
527 type_count
.groups
+= 1;
528 type_count
.snapshots
+= snapshot_count
;
538 schema
: DATASTORE_SCHEMA
,
544 description
: "Include additional information like snapshot counts and GC status.",
550 type: DataStoreStatus
,
553 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
556 /// Get datastore status.
561 rpcenv
: &mut dyn RpcEnvironment
,
562 ) -> Result
<DataStoreStatus
, Error
> {
563 let datastore
= DataStore
::lookup_datastore(&store
)?
;
564 let storage
= crate::tools
::disks
::disk_usage(&datastore
.base_path())?
;
565 let (counts
, gc_status
) = if verbose
{
566 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
567 let user_info
= CachedUserInfo
::new()?
;
569 let store_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
570 let filter_owner
= if store_privs
& PRIV_DATASTORE_AUDIT
!= 0 {
576 let counts
= Some(get_snapshots_count(&datastore
, filter_owner
)?
);
577 let gc_status
= Some(datastore
.last_gc_status());
585 total
: storage
.total
,
587 avail
: storage
.avail
,
597 schema
: DATASTORE_SCHEMA
,
600 schema
: BACKUP_TYPE_SCHEMA
,
604 schema
: BACKUP_ID_SCHEMA
,
608 schema
: BACKUP_TIME_SCHEMA
,
617 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_VERIFY
| PRIV_DATASTORE_BACKUP
, true),
622 /// This function can verify a single backup snapshot, all backup from a backup group,
623 /// or all backups in the datastore.
626 backup_type
: Option
<String
>,
627 backup_id
: Option
<String
>,
628 backup_time
: Option
<i64>,
629 rpcenv
: &mut dyn RpcEnvironment
,
630 ) -> Result
<Value
, Error
> {
631 let datastore
= DataStore
::lookup_datastore(&store
)?
;
633 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
636 let mut backup_dir
= None
;
637 let mut backup_group
= None
;
638 let mut worker_type
= "verify";
640 match (backup_type
, backup_id
, backup_time
) {
641 (Some(backup_type
), Some(backup_id
), Some(backup_time
)) => {
642 worker_id
= format
!("{}:{}/{}/{:08X}", store
, backup_type
, backup_id
, backup_time
);
643 let dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
645 check_priv_or_backup_owner(&datastore
, dir
.group(), &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
647 backup_dir
= Some(dir
);
648 worker_type
= "verify_snapshot";
650 (Some(backup_type
), Some(backup_id
), None
) => {
651 worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
652 let group
= BackupGroup
::new(backup_type
, backup_id
);
654 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_VERIFY
)?
;
656 backup_group
= Some(group
);
657 worker_type
= "verify_group";
659 (None
, None
, None
) => {
660 worker_id
= store
.clone();
662 _
=> bail
!("parameters do not specify a backup group or snapshot"),
665 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
667 let upid_str
= WorkerTask
::new_thread(
673 let verified_chunks
= Arc
::new(Mutex
::new(HashSet
::with_capacity(1024*16)));
674 let corrupt_chunks
= Arc
::new(Mutex
::new(HashSet
::with_capacity(64)));
676 let failed_dirs
= if let Some(backup_dir
) = backup_dir
{
677 let mut res
= Vec
::new();
678 if !verify_backup_dir(
684 worker
.upid().clone(),
687 res
.push(backup_dir
.to_string());
690 } else if let Some(backup_group
) = backup_group
{
691 let failed_dirs
= verify_backup_group(
696 &mut StoreProgress
::new(1),
703 let privs
= CachedUserInfo
::new()?
704 .lookup_privs(&auth_id
, &["datastore", &store
]);
706 let owner
= if privs
& PRIV_DATASTORE_VERIFY
== 0 {
712 verify_all_backups(datastore
, worker
.clone(), worker
.upid(), owner
, None
)?
714 if failed_dirs
.len() > 0 {
715 worker
.log("Failed to verify the following snapshots/groups:");
716 for dir
in failed_dirs
{
717 worker
.log(format
!("\t{}", dir
));
719 bail
!("verification failed - please check the log for details");
729 macro_rules
! add_common_prune_prameters
{
730 ( [ $
( $list1
:tt
)* ] ) => {
731 add_common_prune_prameters
!([$
( $list1
)* ] , [])
733 ( [ $
( $list1
:tt
)* ] , [ $
( $list2
:tt
)* ] ) => {
739 &PRUNE_SCHEMA_KEEP_DAILY
,
744 &PRUNE_SCHEMA_KEEP_HOURLY
,
749 &PRUNE_SCHEMA_KEEP_LAST
,
754 &PRUNE_SCHEMA_KEEP_MONTHLY
,
759 &PRUNE_SCHEMA_KEEP_WEEKLY
,
764 &PRUNE_SCHEMA_KEEP_YEARLY
,
771 pub const API_RETURN_SCHEMA_PRUNE
: Schema
= ArraySchema
::new(
772 "Returns the list of snapshots and a flag indicating if there are kept or removed.",
773 &PruneListItem
::API_SCHEMA
776 pub const API_METHOD_PRUNE
: ApiMethod
= ApiMethod
::new(
777 &ApiHandler
::Sync(&prune
),
779 "Prune the datastore.",
780 &add_common_prune_prameters
!([
781 ("backup-id", false, &BACKUP_ID_SCHEMA
),
782 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
783 ("dry-run", true, &BooleanSchema
::new(
784 "Just show what prune would do, but do not delete anything.")
788 ("store", false, &DATASTORE_SCHEMA
),
791 .returns(ReturnType
::new(false, &API_RETURN_SCHEMA_PRUNE
))
792 .access(None
, &Permission
::Privilege(
793 &["datastore", "{store}"],
794 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_PRUNE
,
801 rpcenv
: &mut dyn RpcEnvironment
,
802 ) -> Result
<Value
, Error
> {
804 let store
= tools
::required_string_param(¶m
, "store")?
;
805 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
806 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
808 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
810 let dry_run
= param
["dry-run"].as_bool().unwrap_or(false);
812 let group
= BackupGroup
::new(backup_type
, backup_id
);
814 let datastore
= DataStore
::lookup_datastore(&store
)?
;
816 check_priv_or_backup_owner(&datastore
, &group
, &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
818 let prune_options
= PruneOptions
{
819 keep_last
: param
["keep-last"].as_u64(),
820 keep_hourly
: param
["keep-hourly"].as_u64(),
821 keep_daily
: param
["keep-daily"].as_u64(),
822 keep_weekly
: param
["keep-weekly"].as_u64(),
823 keep_monthly
: param
["keep-monthly"].as_u64(),
824 keep_yearly
: param
["keep-yearly"].as_u64(),
827 let worker_id
= format
!("{}:{}/{}", store
, backup_type
, backup_id
);
829 let mut prune_result
= Vec
::new();
831 let list
= group
.list_backups(&datastore
.base_path())?
;
833 let mut prune_info
= compute_prune_info(list
, &prune_options
)?
;
835 prune_info
.reverse(); // delete older snapshots first
837 let keep_all
= !prune_options
.keeps_something();
840 for (info
, mut keep
) in prune_info
{
841 if keep_all { keep = true; }
843 let backup_time
= info
.backup_dir
.backup_time();
844 let group
= info
.backup_dir
.group();
846 prune_result
.push(json
!({
847 "backup-type": group
.backup_type(),
848 "backup-id": group
.backup_id(),
849 "backup-time": backup_time
,
853 return Ok(json
!(prune_result
));
857 // We use a WorkerTask just to have a task log, but run synchrounously
858 let worker
= WorkerTask
::new("prune", Some(worker_id
), auth_id
, true)?
;
861 worker
.log("No prune selection - keeping all files.");
863 worker
.log(format
!("retention options: {}", prune_options
.cli_options_string()));
864 worker
.log(format
!("Starting prune on store \"{}\" group \"{}/{}\"",
865 store
, backup_type
, backup_id
));
868 for (info
, mut keep
) in prune_info
{
869 if keep_all { keep = true; }
871 let backup_time
= info
.backup_dir
.backup_time();
872 let timestamp
= info
.backup_dir
.backup_time_string();
873 let group
= info
.backup_dir
.group();
881 if keep { "keep" }
else { "remove" }
,
886 prune_result
.push(json
!({
887 "backup-type": group
.backup_type(),
888 "backup-id": group
.backup_id(),
889 "backup-time": backup_time
,
893 if !(dry_run
|| keep
) {
894 if let Err(err
) = datastore
.remove_backup_dir(&info
.backup_dir
, false) {
897 "failed to remove dir {:?}: {}",
898 info
.backup_dir
.relative_path(), err
905 worker
.log_result(&Ok(()));
907 Ok(json
!(prune_result
))
914 schema
: DATASTORE_SCHEMA
,
922 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_MODIFY
, false),
925 /// Start garbage collection.
926 fn start_garbage_collection(
929 rpcenv
: &mut dyn RpcEnvironment
,
930 ) -> Result
<Value
, Error
> {
932 let datastore
= DataStore
::lookup_datastore(&store
)?
;
933 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
935 let job
= Job
::new("garbage_collection", &store
)
936 .map_err(|_
| format_err
!("garbage collection already running"))?
;
938 let to_stdout
= rpcenv
.env_type() == RpcEnvironmentType
::CLI
;
940 let upid_str
= crate::server
::do_garbage_collection_job(job
, datastore
, &auth_id
, None
, to_stdout
)
941 .map_err(|err
| format_err
!("unable to start garbage collection job on datastore {} - {}", store
, err
))?
;
950 schema
: DATASTORE_SCHEMA
,
955 type: GarbageCollectionStatus
,
958 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
, false),
961 /// Garbage collection status.
962 pub fn garbage_collection_status(
965 _rpcenv
: &mut dyn RpcEnvironment
,
966 ) -> Result
<GarbageCollectionStatus
, Error
> {
968 let datastore
= DataStore
::lookup_datastore(&store
)?
;
970 let status
= datastore
.last_gc_status();
977 description
: "List the accessible datastores.",
979 items
: { type: DataStoreListItem }
,
982 permission
: &Permission
::Anybody
,
986 fn get_datastore_list(
989 rpcenv
: &mut dyn RpcEnvironment
,
990 ) -> Result
<Vec
<DataStoreListItem
>, Error
> {
992 let (config
, _digest
) = datastore
::config()?
;
994 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
995 let user_info
= CachedUserInfo
::new()?
;
997 let mut list
= Vec
::new();
999 for (store
, (_
, data
)) in &config
.sections
{
1000 let user_privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1001 let allowed
= (user_privs
& (PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
)) != 0;
1005 store
: store
.clone(),
1006 comment
: data
["comment"].as_str().map(String
::from
),
1016 pub const API_METHOD_DOWNLOAD_FILE
: ApiMethod
= ApiMethod
::new(
1017 &ApiHandler
::AsyncHttp(&download_file
),
1019 "Download single raw file from backup snapshot.",
1021 ("store", false, &DATASTORE_SCHEMA
),
1022 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1023 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1024 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1025 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1028 ).access(None
, &Permission
::Privilege(
1029 &["datastore", "{store}"],
1030 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1039 rpcenv
: Box
<dyn RpcEnvironment
>,
1040 ) -> ApiResponseFuture
{
1043 let store
= tools
::required_string_param(¶m
, "store")?
;
1044 let datastore
= DataStore
::lookup_datastore(store
)?
;
1046 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1048 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
1050 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1051 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1052 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1054 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1056 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1058 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1060 let mut path
= datastore
.base_path();
1061 path
.push(backup_dir
.relative_path());
1062 path
.push(&file_name
);
1064 let file
= tokio
::fs
::File
::open(&path
)
1066 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1068 let payload
= tokio_util
::codec
::FramedRead
::new(file
, tokio_util
::codec
::BytesCodec
::new())
1069 .map_ok(|bytes
| bytes
.freeze())
1070 .map_err(move |err
| {
1071 eprintln
!("error during streaming of '{:?}' - {}", &path
, err
);
1074 let body
= Body
::wrap_stream(payload
);
1076 // fixme: set other headers ?
1077 Ok(Response
::builder()
1078 .status(StatusCode
::OK
)
1079 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1086 pub const API_METHOD_DOWNLOAD_FILE_DECODED
: ApiMethod
= ApiMethod
::new(
1087 &ApiHandler
::AsyncHttp(&download_file_decoded
),
1089 "Download single decoded file from backup snapshot. Only works if it's not encrypted.",
1091 ("store", false, &DATASTORE_SCHEMA
),
1092 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1093 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1094 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1095 ("file-name", false, &BACKUP_ARCHIVE_NAME_SCHEMA
),
1098 ).access(None
, &Permission
::Privilege(
1099 &["datastore", "{store}"],
1100 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1104 fn download_file_decoded(
1109 rpcenv
: Box
<dyn RpcEnvironment
>,
1110 ) -> ApiResponseFuture
{
1113 let store
= tools
::required_string_param(¶m
, "store")?
;
1114 let datastore
= DataStore
::lookup_datastore(store
)?
;
1116 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1118 let file_name
= tools
::required_string_param(¶m
, "file-name")?
.to_owned();
1120 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1121 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1122 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1124 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1126 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1128 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1130 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1131 bail
!("cannot decode '{}' - is encrypted", file_name
);
1135 println
!("Download {} from {} ({}/{})", file_name
, store
, backup_dir
, file_name
);
1137 let mut path
= datastore
.base_path();
1138 path
.push(backup_dir
.relative_path());
1139 path
.push(&file_name
);
1141 let extension
= file_name
.rsplitn(2, '
.'
).next().unwrap();
1143 let body
= match extension
{
1145 let index
= DynamicIndexReader
::open(&path
)
1146 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1147 let (csum
, size
) = index
.compute_csum();
1148 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1150 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1151 let reader
= AsyncIndexReader
::new(index
, chunk_reader
);
1152 Body
::wrap_stream(AsyncReaderStream
::new(reader
)
1153 .map_err(move |err
| {
1154 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1159 let index
= FixedIndexReader
::open(&path
)
1160 .map_err(|err
| format_err
!("unable to read fixed index '{:?}' - {}", &path
, err
))?
;
1162 let (csum
, size
) = index
.compute_csum();
1163 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1165 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1166 let reader
= AsyncIndexReader
::new(index
, chunk_reader
);
1167 Body
::wrap_stream(AsyncReaderStream
::with_buffer_size(reader
, 4*1024*1024)
1168 .map_err(move |err
| {
1169 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1174 let file
= std
::fs
::File
::open(&path
)
1175 .map_err(|err
| http_err
!(BAD_REQUEST
, "File open failed: {}", err
))?
;
1177 // FIXME: load full blob to verify index checksum?
1180 WrappedReaderStream
::new(DataBlobReader
::new(file
, None
)?
)
1181 .map_err(move |err
| {
1182 eprintln
!("error during streaming of '{:?}' - {}", path
, err
);
1188 bail
!("cannot download '{}' files", extension
);
1192 // fixme: set other headers ?
1193 Ok(Response
::builder()
1194 .status(StatusCode
::OK
)
1195 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1202 pub const API_METHOD_UPLOAD_BACKUP_LOG
: ApiMethod
= ApiMethod
::new(
1203 &ApiHandler
::AsyncHttp(&upload_backup_log
),
1205 "Upload the client backup log file into a backup snapshot ('client.log.blob').",
1207 ("store", false, &DATASTORE_SCHEMA
),
1208 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1209 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1210 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1214 Some("Only the backup creator/owner is allowed to do this."),
1215 &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_BACKUP
, false)
1218 fn upload_backup_log(
1223 rpcenv
: Box
<dyn RpcEnvironment
>,
1224 ) -> ApiResponseFuture
{
1227 let store
= tools
::required_string_param(¶m
, "store")?
;
1228 let datastore
= DataStore
::lookup_datastore(store
)?
;
1230 let file_name
= CLIENT_LOG_BLOB_NAME
;
1232 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1233 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1234 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1236 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1238 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1239 let owner
= datastore
.get_owner(backup_dir
.group())?
;
1240 check_backup_owner(&owner
, &auth_id
)?
;
1242 let mut path
= datastore
.base_path();
1243 path
.push(backup_dir
.relative_path());
1244 path
.push(&file_name
);
1247 bail
!("backup already contains a log.");
1250 println
!("Upload backup log to {}/{}/{}/{}/{}", store
,
1251 backup_type
, backup_id
, backup_dir
.backup_time_string(), file_name
);
1254 .map_err(Error
::from
)
1255 .try_fold(Vec
::new(), |mut acc
, chunk
| {
1256 acc
.extend_from_slice(&*chunk
);
1257 future
::ok
::<_
, Error
>(acc
)
1261 // always verify blob/CRC at server side
1262 let blob
= DataBlob
::load_from_reader(&mut &data
[..])?
;
1264 replace_file(&path
, blob
.raw_data(), CreateOptions
::new())?
;
1266 // fixme: use correct formatter
1267 Ok(crate::server
::formatter
::json_response(Ok(Value
::Null
)))
1275 schema
: DATASTORE_SCHEMA
,
1278 schema
: BACKUP_TYPE_SCHEMA
,
1281 schema
: BACKUP_ID_SCHEMA
,
1284 schema
: BACKUP_TIME_SCHEMA
,
1287 description
: "Base64 encoded path.",
1293 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
, true),
1296 /// Get the entries of the given path of the catalog
1299 backup_type
: String
,
1305 rpcenv
: &mut dyn RpcEnvironment
,
1306 ) -> Result
<Value
, Error
> {
1307 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1309 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1311 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1313 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1315 let file_name
= CATALOG_NAME
;
1317 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1319 if file
.filename
== file_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1320 bail
!("cannot decode '{}' - is encrypted", file_name
);
1324 let mut path
= datastore
.base_path();
1325 path
.push(backup_dir
.relative_path());
1326 path
.push(file_name
);
1328 let index
= DynamicIndexReader
::open(&path
)
1329 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1331 let (csum
, size
) = index
.compute_csum();
1332 manifest
.verify_file(&file_name
, &csum
, size
)?
;
1334 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1335 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1337 let mut catalog_reader
= CatalogReader
::new(reader
);
1338 let mut current
= catalog_reader
.root()?
;
1339 let mut components
= vec
![];
1342 if filepath
!= "root" {
1343 components
= base64
::decode(filepath
)?
;
1344 if components
.len() > 0 && components
[0] == '
/'
as u8 {
1345 components
.remove(0);
1347 for component
in components
.split(|c
| *c
== '
/'
as u8) {
1348 if let Some(entry
) = catalog_reader
.lookup(¤t
, component
)?
{
1351 bail
!("path {:?} not found in catalog", &String
::from_utf8_lossy(&components
));
1356 let mut res
= Vec
::new();
1358 for direntry
in catalog_reader
.read_dir(¤t
)?
{
1359 let mut components
= components
.clone();
1360 components
.push('
/'
as u8);
1361 components
.extend(&direntry
.name
);
1362 let path
= base64
::encode(components
);
1363 let text
= String
::from_utf8_lossy(&direntry
.name
);
1364 let mut entry
= json
!({
1367 "type": CatalogEntryType
::from(&direntry
.attr
).to_string(),
1370 match direntry
.attr
{
1371 DirEntryAttribute
::Directory { start: _ }
=> {
1372 entry
["leaf"] = false.into();
1374 DirEntryAttribute
::File { size, mtime }
=> {
1375 entry
["size"] = size
.into();
1376 entry
["mtime"] = mtime
.into();
1386 fn recurse_files
<'a
, T
, W
>(
1387 zip
: &'a
mut ZipEncoder
<W
>,
1388 decoder
: &'a
mut Accessor
<T
>,
1391 ) -> Pin
<Box
<dyn Future
<Output
= Result
<(), Error
>> + Send
+ 'a
>>
1393 T
: Clone
+ pxar
::accessor
::ReadAt
+ Unpin
+ Send
+ Sync
+ '
static,
1394 W
: tokio
::io
::AsyncWrite
+ Unpin
+ Send
+ '
static,
1396 Box
::pin(async
move {
1397 let metadata
= file
.entry().metadata();
1398 let path
= file
.entry().path().strip_prefix(&prefix
)?
.to_path_buf();
1401 EntryKind
::File { .. }
=> {
1402 let entry
= ZipEntry
::new(
1404 metadata
.stat
.mtime
.secs
,
1405 metadata
.stat
.mode
as u16,
1408 zip
.add_entry(entry
, Some(file
.contents().await?
))
1410 .map_err(|err
| format_err
!("could not send file entry: {}", err
))?
;
1412 EntryKind
::Hardlink(_
) => {
1413 let realfile
= decoder
.follow_hardlink(&file
).await?
;
1414 let entry
= ZipEntry
::new(
1416 metadata
.stat
.mtime
.secs
,
1417 metadata
.stat
.mode
as u16,
1420 zip
.add_entry(entry
, Some(realfile
.contents().await?
))
1422 .map_err(|err
| format_err
!("could not send file entry: {}", err
))?
;
1424 EntryKind
::Directory
=> {
1425 let dir
= file
.enter_directory().await?
;
1426 let mut readdir
= dir
.read_dir();
1427 let entry
= ZipEntry
::new(
1429 metadata
.stat
.mtime
.secs
,
1430 metadata
.stat
.mode
as u16,
1433 zip
.add_entry
::<FileContents
<T
>>(entry
, None
).await?
;
1434 while let Some(entry
) = readdir
.next().await
{
1435 let entry
= entry?
.decode_entry().await?
;
1436 recurse_files(zip
, decoder
, prefix
, entry
).await?
;
1439 _
=> {}
// ignore all else
1447 pub const API_METHOD_PXAR_FILE_DOWNLOAD
: ApiMethod
= ApiMethod
::new(
1448 &ApiHandler
::AsyncHttp(&pxar_file_download
),
1450 "Download single file from pxar file of a backup snapshot. Only works if it's not encrypted.",
1452 ("store", false, &DATASTORE_SCHEMA
),
1453 ("backup-type", false, &BACKUP_TYPE_SCHEMA
),
1454 ("backup-id", false, &BACKUP_ID_SCHEMA
),
1455 ("backup-time", false, &BACKUP_TIME_SCHEMA
),
1456 ("filepath", false, &StringSchema
::new("Base64 encoded path").schema()),
1459 ).access(None
, &Permission
::Privilege(
1460 &["datastore", "{store}"],
1461 PRIV_DATASTORE_READ
| PRIV_DATASTORE_BACKUP
,
1465 fn pxar_file_download(
1470 rpcenv
: Box
<dyn RpcEnvironment
>,
1471 ) -> ApiResponseFuture
{
1474 let store
= tools
::required_string_param(¶m
, "store")?
;
1475 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1477 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1479 let filepath
= tools
::required_string_param(¶m
, "filepath")?
.to_owned();
1481 let backup_type
= tools
::required_string_param(¶m
, "backup-type")?
;
1482 let backup_id
= tools
::required_string_param(¶m
, "backup-id")?
;
1483 let backup_time
= tools
::required_integer_param(¶m
, "backup-time")?
;
1485 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1487 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_READ
)?
;
1489 let mut components
= base64
::decode(&filepath
)?
;
1490 if components
.len() > 0 && components
[0] == '
/'
as u8 {
1491 components
.remove(0);
1494 let mut split
= components
.splitn(2, |c
| *c
== '
/'
as u8);
1495 let pxar_name
= std
::str::from_utf8(split
.next().unwrap())?
;
1496 let file_path
= split
.next().ok_or(format_err
!("filepath looks strange '{}'", filepath
))?
;
1497 let (manifest
, files
) = read_backup_index(&datastore
, &backup_dir
)?
;
1499 if file
.filename
== pxar_name
&& file
.crypt_mode
== Some(CryptMode
::Encrypt
) {
1500 bail
!("cannot decode '{}' - is encrypted", pxar_name
);
1504 let mut path
= datastore
.base_path();
1505 path
.push(backup_dir
.relative_path());
1506 path
.push(pxar_name
);
1508 let index
= DynamicIndexReader
::open(&path
)
1509 .map_err(|err
| format_err
!("unable to read dynamic index '{:?}' - {}", &path
, err
))?
;
1511 let (csum
, size
) = index
.compute_csum();
1512 manifest
.verify_file(&pxar_name
, &csum
, size
)?
;
1514 let chunk_reader
= LocalChunkReader
::new(datastore
, None
, CryptMode
::None
);
1515 let reader
= BufferedDynamicReader
::new(index
, chunk_reader
);
1516 let archive_size
= reader
.archive_size();
1517 let reader
= LocalDynamicReadAt
::new(reader
);
1519 let decoder
= Accessor
::new(reader
, archive_size
).await?
;
1520 let root
= decoder
.open_root().await?
;
1522 .lookup(OsStr
::from_bytes(file_path
)).await?
1523 .ok_or(format_err
!("error opening '{:?}'", file_path
))?
;
1525 let body
= match file
.kind() {
1526 EntryKind
::File { .. }
=> Body
::wrap_stream(
1527 AsyncReaderStream
::new(file
.contents().await?
).map_err(move |err
| {
1528 eprintln
!("error during streaming of file '{:?}' - {}", filepath
, err
);
1532 EntryKind
::Hardlink(_
) => Body
::wrap_stream(
1533 AsyncReaderStream
::new(decoder
.follow_hardlink(&file
).await?
.contents().await?
)
1534 .map_err(move |err
| {
1536 "error during streaming of hardlink '{:?}' - {}",
1542 EntryKind
::Directory
=> {
1543 let (sender
, receiver
) = tokio
::sync
::mpsc
::channel(100);
1544 let mut prefix
= PathBuf
::new();
1545 let mut components
= file
.entry().path().components();
1546 components
.next_back(); // discar last
1547 for comp
in components
{
1551 let channelwriter
= AsyncChannelWriter
::new(sender
, 1024 * 1024);
1553 crate::server
::spawn_internal_task(async
move {
1554 let mut zipencoder
= ZipEncoder
::new(channelwriter
);
1555 let mut decoder
= decoder
;
1556 recurse_files(&mut zipencoder
, &mut decoder
, &prefix
, file
)
1558 .map_err(|err
| eprintln
!("error during creating of zip: {}", err
))?
;
1563 .map_err(|err
| eprintln
!("error during finishing of zip: {}", err
))
1566 Body
::wrap_stream(ReceiverStream
::new(receiver
).map_err(move |err
| {
1567 eprintln
!("error during streaming of zip '{:?}' - {}", filepath
, err
);
1571 other
=> bail
!("cannot download file of type {:?}", other
),
1574 // fixme: set other headers ?
1575 Ok(Response
::builder()
1576 .status(StatusCode
::OK
)
1577 .header(header
::CONTENT_TYPE
, "application/octet-stream")
1587 schema
: DATASTORE_SCHEMA
,
1590 type: RRDTimeFrameResolution
,
1598 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1601 /// Read datastore stats
1604 timeframe
: RRDTimeFrameResolution
,
1607 ) -> Result
<Value
, Error
> {
1609 create_value_from_rrd(
1610 &format
!("datastore/{}", store
),
1613 "read_ios", "read_bytes",
1614 "write_ios", "write_bytes",
1626 schema
: DATASTORE_SCHEMA
,
1629 schema
: BACKUP_TYPE_SCHEMA
,
1632 schema
: BACKUP_ID_SCHEMA
,
1635 schema
: BACKUP_TIME_SCHEMA
,
1640 permission
: &Permission
::Privilege(&["datastore", "{store}"], PRIV_DATASTORE_AUDIT
| PRIV_DATASTORE_BACKUP
, true),
1643 /// Get "notes" for a specific backup
1646 backup_type
: String
,
1649 rpcenv
: &mut dyn RpcEnvironment
,
1650 ) -> Result
<String
, Error
> {
1651 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1653 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1654 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1656 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_AUDIT
)?
;
1658 let (manifest
, _
) = datastore
.load_manifest(&backup_dir
)?
;
1660 let notes
= manifest
.unprotected
["notes"]
1664 Ok(String
::from(notes
))
1671 schema
: DATASTORE_SCHEMA
,
1674 schema
: BACKUP_TYPE_SCHEMA
,
1677 schema
: BACKUP_ID_SCHEMA
,
1680 schema
: BACKUP_TIME_SCHEMA
,
1683 description
: "A multiline text.",
1688 permission
: &Permission
::Privilege(&["datastore", "{store}"],
1689 PRIV_DATASTORE_MODIFY
| PRIV_DATASTORE_BACKUP
,
1693 /// Set "notes" for a specific backup
1696 backup_type
: String
,
1700 rpcenv
: &mut dyn RpcEnvironment
,
1701 ) -> Result
<(), Error
> {
1702 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1704 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1705 let backup_dir
= BackupDir
::new(backup_type
, backup_id
, backup_time
)?
;
1707 check_priv_or_backup_owner(&datastore
, backup_dir
.group(), &auth_id
, PRIV_DATASTORE_MODIFY
)?
;
1709 datastore
.update_manifest(&backup_dir
,|manifest
| {
1710 manifest
.unprotected
["notes"] = notes
.into();
1711 }).map_err(|err
| format_err
!("unable to update manifest blob - {}", err
))?
;
1720 schema
: DATASTORE_SCHEMA
,
1723 schema
: BACKUP_TYPE_SCHEMA
,
1726 schema
: BACKUP_ID_SCHEMA
,
1734 permission
: &Permission
::Anybody
,
1735 description
: "Datastore.Modify on whole datastore, or changing ownership between user and a user's token for owned backups with Datastore.Backup"
1738 /// Change owner of a backup group
1739 fn set_backup_owner(
1741 backup_type
: String
,
1744 rpcenv
: &mut dyn RpcEnvironment
,
1745 ) -> Result
<(), Error
> {
1747 let datastore
= DataStore
::lookup_datastore(&store
)?
;
1749 let backup_group
= BackupGroup
::new(backup_type
, backup_id
);
1751 let auth_id
: Authid
= rpcenv
.get_auth_id().unwrap().parse()?
;
1753 let user_info
= CachedUserInfo
::new()?
;
1755 let privs
= user_info
.lookup_privs(&auth_id
, &["datastore", &store
]);
1757 let allowed
= if (privs
& PRIV_DATASTORE_MODIFY
) != 0 {
1758 // High-privilege user/token
1760 } else if (privs
& PRIV_DATASTORE_BACKUP
) != 0 {
1761 let owner
= datastore
.get_owner(&backup_group
)?
;
1763 match (owner
.is_token(), new_owner
.is_token()) {
1765 // API token to API token, owned by same user
1766 let owner
= owner
.user();
1767 let new_owner
= new_owner
.user();
1768 owner
== new_owner
&& Authid
::from(owner
.clone()) == auth_id
1771 // API token to API token owner
1772 Authid
::from(owner
.user().clone()) == auth_id
1773 && new_owner
== auth_id
1776 // API token owner to API token
1778 && Authid
::from(new_owner
.user().clone()) == auth_id
1781 // User to User, not allowed for unprivileged users
1790 return Err(http_err
!(UNAUTHORIZED
,
1791 "{} does not have permission to change owner of backup group '{}' to {}",
1798 if !user_info
.is_active_auth_id(&new_owner
) {
1799 bail
!("{} '{}' is inactive or non-existent",
1800 if new_owner
.is_token() {
1801 "API token".to_string()
1808 datastore
.set_owner(&backup_group
, &new_owner
, true)?
;
1814 const DATASTORE_INFO_SUBDIRS
: SubdirMap
= &[
1818 .get(&API_METHOD_CATALOG
)
1823 .post(&API_METHOD_SET_BACKUP_OWNER
)
1828 .download(&API_METHOD_DOWNLOAD_FILE
)
1833 .download(&API_METHOD_DOWNLOAD_FILE_DECODED
)
1838 .get(&API_METHOD_LIST_SNAPSHOT_FILES
)
1843 .get(&API_METHOD_GARBAGE_COLLECTION_STATUS
)
1844 .post(&API_METHOD_START_GARBAGE_COLLECTION
)
1849 .get(&API_METHOD_LIST_GROUPS
)
1854 .get(&API_METHOD_GET_NOTES
)
1855 .put(&API_METHOD_SET_NOTES
)
1860 .post(&API_METHOD_PRUNE
)
1863 "pxar-file-download",
1865 .download(&API_METHOD_PXAR_FILE_DOWNLOAD
)
1870 .get(&API_METHOD_GET_RRD_STATS
)
1875 .get(&API_METHOD_LIST_SNAPSHOTS
)
1876 .delete(&API_METHOD_DELETE_SNAPSHOT
)
1881 .get(&API_METHOD_STATUS
)
1884 "upload-backup-log",
1886 .upload(&API_METHOD_UPLOAD_BACKUP_LOG
)
1891 .post(&API_METHOD_VERIFY
)
1895 const DATASTORE_INFO_ROUTER
: Router
= Router
::new()
1896 .get(&list_subdirs_api_method
!(DATASTORE_INFO_SUBDIRS
))
1897 .subdirs(DATASTORE_INFO_SUBDIRS
);
1900 pub const ROUTER
: Router
= Router
::new()
1901 .get(&API_METHOD_GET_DATASTORE_LIST
)
1902 .match_all("store", &DATASTORE_INFO_ROUTER
);