]> git.proxmox.com Git - proxmox-backup.git/blob - src/bin/proxmox-backup-client.rs
projects / proxmox-backup.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
avoid some clippy warnings
[proxmox-backup.git] / src / bin / proxmox-backup-client.rs
1 //#[macro_use]
2 extern crate proxmox_backup;
3
4 use failure::*;
5 use nix::unistd::{fork, ForkResult, pipe};
6 use std::os::unix::io::RawFd;
7 use chrono::{Local, Utc, TimeZone};
8 use std::path::{Path, PathBuf};
9 use std::collections::{HashSet, HashMap};
10 use std::ffi::OsStr;
11 use std::io::{BufReader, Read, Write, Seek, SeekFrom};
12 use std::os::unix::fs::OpenOptionsExt;
13
14 use proxmox::tools::fs::{file_get_contents, file_get_json, file_set_contents, image_size};
15
16 use proxmox_backup::tools;
17 use proxmox_backup::cli::*;
18 use proxmox_backup::api2::types::*;
19 use proxmox_backup::api_schema::*;
20 use proxmox_backup::api_schema::router::*;
21 use proxmox_backup::client::*;
22 use proxmox_backup::backup::*;
23 use proxmox_backup::pxar::{ self, catalog::* };
24
25 //use proxmox_backup::backup::image_index::*;
26 //use proxmox_backup::config::datastore;
27 //use proxmox_backup::pxar::encoder::*;
28 //use proxmox_backup::backup::datastore::*;
29
30 use serde_json::{json, Value};
31 //use hyper::Body;
32 use std::sync::{Arc, Mutex};
33 use regex::Regex;
34 use xdg::BaseDirectories;
35
36 use lazy_static::lazy_static;
37 use futures::*;
38 use tokio::sync::mpsc;
39
40 lazy_static! {
41 static ref BACKUPSPEC_REGEX: Regex = Regex::new(r"^([a-zA-Z0-9_-]+\.(?:pxar|img|conf|log)):(.+)$").unwrap();
42
43 static ref REPO_URL_SCHEMA: Arc<Schema> = Arc::new(
44 StringSchema::new("Repository URL.")
45 .format(BACKUP_REPO_URL.clone())
46 .max_length(256)
47 .into()
48 );
49 }
50
51
52 fn get_default_repository() -> Option<String> {
53 std::env::var("PBS_REPOSITORY").ok()
54 }
55
56 fn extract_repository_from_value(
57 param: &Value,
58 ) -> Result<BackupRepository, Error> {
59
60 let repo_url = param["repository"]
61 .as_str()
62 .map(String::from)
63 .or_else(get_default_repository)
64 .ok_or_else(|| format_err!("unable to get (default) repository"))?;
65
66 let repo: BackupRepository = repo_url.parse()?;
67
68 Ok(repo)
69 }
70
71 fn extract_repository_from_map(
72 param: &HashMap<String, String>,
73 ) -> Option<BackupRepository> {
74
75 param.get("repository")
76 .map(String::from)
77 .or_else(get_default_repository)
78 .and_then(|repo_url| repo_url.parse::<BackupRepository>().ok())
79 }
80
81 fn record_repository(repo: &BackupRepository) {
82
83 let base = match BaseDirectories::with_prefix("proxmox-backup") {
84 Ok(v) => v,
85 _ => return,
86 };
87
88 // usually $HOME/.cache/proxmox-backup/repo-list
89 let path = match base.place_cache_file("repo-list") {
90 Ok(v) => v,
91 _ => return,
92 };
93
94 let mut data = file_get_json(&path, None).unwrap_or_else(|_| json!({}));
95
96 let repo = repo.to_string();
97
98 data[&repo] = json!{ data[&repo].as_i64().unwrap_or(0) + 1 };
99
100 let mut map = serde_json::map::Map::new();
101
102 loop {
103 let mut max_used = 0;
104 let mut max_repo = None;
105 for (repo, count) in data.as_object().unwrap() {
106 if map.contains_key(repo) { continue; }
107 if let Some(count) = count.as_i64() {
108 if count > max_used {
109 max_used = count;
110 max_repo = Some(repo);
111 }
112 }
113 }
114 if let Some(repo) = max_repo {
115 map.insert(repo.to_owned(), json!(max_used));
116 } else {
117 break;
118 }
119 if map.len() > 10 { // store max. 10 repos
120 break;
121 }
122 }
123
124 let new_data = json!(map);
125
126 let _ = file_set_contents(path, new_data.to_string().as_bytes(), None);
127 }
128
129 fn complete_repository(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
130
131 let mut result = vec![];
132
133 let base = match BaseDirectories::with_prefix("proxmox-backup") {
134 Ok(v) => v,
135 _ => return result,
136 };
137
138 // usually $HOME/.cache/proxmox-backup/repo-list
139 let path = match base.place_cache_file("repo-list") {
140 Ok(v) => v,
141 _ => return result,
142 };
143
144 let data = file_get_json(&path, None).unwrap_or_else(|_| json!({}));
145
146 if let Some(map) = data.as_object() {
147 for (repo, _count) in map {
148 result.push(repo.to_owned());
149 }
150 }
151
152 result
153 }
154
155 fn compute_file_csum(file: &mut std::fs::File) -> Result<([u8; 32], u64), Error> {
156
157 file.seek(SeekFrom::Start(0))?;
158
159 let mut hasher = openssl::sha::Sha256::new();
160 let mut buffer = proxmox::tools::vec::undefined(256*1024);
161 let mut size: u64 = 0;
162
163 loop {
164 let count = match file.read(&mut buffer) {
165 Ok(count) => count,
166 Err(ref err) if err.kind() == std::io::ErrorKind::Interrupted => { continue; }
167 Err(err) => return Err(err.into()),
168 };
169 if count == 0 {
170 break;
171 }
172 size += count as u64;
173 hasher.update(&buffer[..count]);
174 }
175
176 let csum = hasher.finish();
177
178 Ok((csum, size))
179 }
180
181
182 async fn backup_directory<P: AsRef<Path>>(
183 client: &BackupWriter,
184 dir_path: P,
185 archive_name: &str,
186 chunk_size: Option<usize>,
187 device_set: Option<HashSet<u64>>,
188 verbose: bool,
189 skip_lost_and_found: bool,
190 crypt_config: Option<Arc<CryptConfig>>,
191 catalog: Arc<Mutex<CatalogBlobWriter<std::fs::File>>>,
192 ) -> Result<BackupStats, Error> {
193
194 let pxar_stream = PxarBackupStream::open(dir_path.as_ref(), device_set, verbose, skip_lost_and_found, catalog)?;
195 let mut chunk_stream = ChunkStream::new(pxar_stream, chunk_size);
196
197 let (mut tx, rx) = mpsc::channel(10); // allow to buffer 10 chunks
198
199 let stream = rx
200 .map_err(Error::from);
201
202 // spawn chunker inside a separate task so that it can run parallel
203 tokio::spawn(async move {
204 let _ = tx.send_all(&mut chunk_stream).await;
205 });
206
207 let stats = client
208 .upload_stream(archive_name, stream, "dynamic", None, crypt_config)
209 .await?;
210
211 Ok(stats)
212 }
213
214 async fn backup_image<P: AsRef<Path>>(
215 client: &BackupWriter,
216 image_path: P,
217 archive_name: &str,
218 image_size: u64,
219 chunk_size: Option<usize>,
220 _verbose: bool,
221 crypt_config: Option<Arc<CryptConfig>>,
222 ) -> Result<BackupStats, Error> {
223
224 let path = image_path.as_ref().to_owned();
225
226 let file = tokio::fs::File::open(path).await?;
227
228 let stream = tokio::codec::FramedRead::new(file, tokio::codec::BytesCodec::new())
229 .map_err(Error::from);
230
231 let stream = FixedChunkStream::new(stream, chunk_size.unwrap_or(4*1024*1024));
232
233 let stats = client
234 .upload_stream(archive_name, stream, "fixed", Some(image_size), crypt_config)
235 .await?;
236
237 Ok(stats)
238 }
239
240 fn strip_server_file_expenstion(name: &str) -> String {
241
242 if name.ends_with(".didx") || name.ends_with(".fidx") || name.ends_with(".blob") {
243 name[..name.len()-5].to_owned()
244 } else {
245 name.to_owned() // should not happen
246 }
247 }
248
249 fn list_backup_groups(
250 param: Value,
251 _info: &ApiMethod,
252 _rpcenv: &mut dyn RpcEnvironment,
253 ) -> Result<Value, Error> {
254
255 let repo = extract_repository_from_value(&param)?;
256
257 let client = HttpClient::new(repo.host(), repo.user(), None)?;
258
259 let path = format!("api2/json/admin/datastore/{}/groups", repo.store());
260
261 let mut result = async_main(async move {
262 client.get(&path, None).await
263 })?;
264
265 record_repository(&repo);
266
267 // fixme: implement and use output formatter instead ..
268 let list = result["data"].as_array_mut().unwrap();
269
270 list.sort_unstable_by(|a, b| {
271 let a_id = a["backup-id"].as_str().unwrap();
272 let a_backup_type = a["backup-type"].as_str().unwrap();
273 let b_id = b["backup-id"].as_str().unwrap();
274 let b_backup_type = b["backup-type"].as_str().unwrap();
275
276 let type_order = a_backup_type.cmp(b_backup_type);
277 if type_order == std::cmp::Ordering::Equal {
278 a_id.cmp(b_id)
279 } else {
280 type_order
281 }
282 });
283
284 let output_format = param["output-format"].as_str().unwrap_or("text").to_owned();
285
286 let mut result = vec![];
287
288 for item in list {
289
290 let id = item["backup-id"].as_str().unwrap();
291 let btype = item["backup-type"].as_str().unwrap();
292 let epoch = item["last-backup"].as_i64().unwrap();
293 let last_backup = Utc.timestamp(epoch, 0);
294 let backup_count = item["backup-count"].as_u64().unwrap();
295
296 let group = BackupGroup::new(btype, id);
297
298 let path = group.group_path().to_str().unwrap().to_owned();
299
300 let files = item["files"].as_array().unwrap().iter()
301 .map(|v| strip_server_file_expenstion(v.as_str().unwrap())).collect();
302
303 if output_format == "text" {
304 println!(
305 "{:20} | {} | {:5} | {}",
306 path,
307 BackupDir::backup_time_to_string(last_backup),
308 backup_count,
309 tools::join(&files, ' '),
310 );
311 } else {
312 result.push(json!({
313 "backup-type": btype,
314 "backup-id": id,
315 "last-backup": epoch,
316 "backup-count": backup_count,
317 "files": files,
318 }));
319 }
320 }
321
322 if output_format != "text" { format_and_print_result(&result.into(), &output_format); }
323
324 Ok(Value::Null)
325 }
326
327 fn list_snapshots(
328 param: Value,
329 _info: &ApiMethod,
330 _rpcenv: &mut dyn RpcEnvironment,
331 ) -> Result<Value, Error> {
332
333 let repo = extract_repository_from_value(&param)?;
334
335 let output_format = param["output-format"].as_str().unwrap_or("text").to_owned();
336
337 let client = HttpClient::new(repo.host(), repo.user(), None)?;
338
339 let path = format!("api2/json/admin/datastore/{}/snapshots", repo.store());
340
341 let mut args = json!({});
342 if let Some(path) = param["group"].as_str() {
343 let group = BackupGroup::parse(path)?;
344 args["backup-type"] = group.backup_type().into();
345 args["backup-id"] = group.backup_id().into();
346 }
347
348 let result = async_main(async move {
349 client.get(&path, Some(args)).await
350 })?;
351
352 record_repository(&repo);
353
354 let list = result["data"].as_array().unwrap();
355
356 let mut result = vec![];
357
358 for item in list {
359
360 let id = item["backup-id"].as_str().unwrap();
361 let btype = item["backup-type"].as_str().unwrap();
362 let epoch = item["backup-time"].as_i64().unwrap();
363
364 let snapshot = BackupDir::new(btype, id, epoch);
365
366 let path = snapshot.relative_path().to_str().unwrap().to_owned();
367
368 let files = item["files"].as_array().unwrap().iter()
369 .map(|v| strip_server_file_expenstion(v.as_str().unwrap())).collect();
370
371 if output_format == "text" {
372 let size_str = if let Some(size) = item["size"].as_u64() {
373 size.to_string()
374 } else {
375 String::from("-")
376 };
377 println!("{} | {} | {}", path, size_str, tools::join(&files, ' '));
378 } else {
379 let mut data = json!({
380 "backup-type": btype,
381 "backup-id": id,
382 "backup-time": epoch,
383 "files": files,
384 });
385 if let Some(size) = item["size"].as_u64() {
386 data["size"] = size.into();
387 }
388 result.push(data);
389 }
390 }
391
392 if output_format != "text" { format_and_print_result(&result.into(), &output_format); }
393
394 Ok(Value::Null)
395 }
396
397 fn forget_snapshots(
398 param: Value,
399 _info: &ApiMethod,
400 _rpcenv: &mut dyn RpcEnvironment,
401 ) -> Result<Value, Error> {
402
403 let repo = extract_repository_from_value(&param)?;
404
405 let path = tools::required_string_param(&param, "snapshot")?;
406 let snapshot = BackupDir::parse(path)?;
407
408 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
409
410 let path = format!("api2/json/admin/datastore/{}/snapshots", repo.store());
411
412 let result = async_main(async move {
413 client.delete(&path, Some(json!({
414 "backup-type": snapshot.group().backup_type(),
415 "backup-id": snapshot.group().backup_id(),
416 "backup-time": snapshot.backup_time().timestamp(),
417 }))).await
418 })?;
419
420 record_repository(&repo);
421
422 Ok(result)
423 }
424
425 fn api_login(
426 param: Value,
427 _info: &ApiMethod,
428 _rpcenv: &mut dyn RpcEnvironment,
429 ) -> Result<Value, Error> {
430
431 let repo = extract_repository_from_value(&param)?;
432
433 let client = HttpClient::new(repo.host(), repo.user(), None)?;
434 async_main(async move { client.login().await })?;
435
436 record_repository(&repo);
437
438 Ok(Value::Null)
439 }
440
441 fn api_logout(
442 param: Value,
443 _info: &ApiMethod,
444 _rpcenv: &mut dyn RpcEnvironment,
445 ) -> Result<Value, Error> {
446
447 let repo = extract_repository_from_value(&param)?;
448
449 delete_ticket_info(repo.host(), repo.user())?;
450
451 Ok(Value::Null)
452 }
453
454 fn dump_catalog(
455 param: Value,
456 _info: &ApiMethod,
457 _rpcenv: &mut dyn RpcEnvironment,
458 ) -> Result<Value, Error> {
459
460 let repo = extract_repository_from_value(&param)?;
461
462 let path = tools::required_string_param(&param, "snapshot")?;
463 let snapshot = BackupDir::parse(path)?;
464
465 let keyfile = param["keyfile"].as_str().map(PathBuf::from);
466
467 let crypt_config = match keyfile {
468 None => None,
469 Some(path) => {
470 let (key, _) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
471 Some(Arc::new(CryptConfig::new(key)?))
472 }
473 };
474
475 let client = HttpClient::new(repo.host(), repo.user(), None)?;
476
477 async_main(async move {
478 let client = BackupReader::start(
479 client,
480 crypt_config.clone(),
481 repo.store(),
482 &snapshot.group().backup_type(),
483 &snapshot.group().backup_id(),
484 snapshot.backup_time(),
485 true,
486 ).await?;
487
488 let manifest = client.download_manifest().await?;
489
490 let blob_file = std::fs::OpenOptions::new()
491 .read(true)
492 .write(true)
493 .custom_flags(libc::O_TMPFILE)
494 .open("/tmp")?;
495
496 let mut blob_file = client.download(CATALOG_BLOB_NAME, blob_file).await?;
497
498 let (csum, size) = compute_file_csum(&mut blob_file)?;
499 manifest.verify_file(CATALOG_BLOB_NAME, &csum, size)?;
500
501 blob_file.seek(SeekFrom::Start(0))?;
502
503 let reader = BufReader::new(blob_file);
504 let mut catalog_reader = CatalogBlobReader::new(reader, crypt_config)?;
505
506 catalog_reader.dump()?;
507
508 record_repository(&repo);
509
510 Ok::<(), Error>(())
511 })?;
512
513 Ok(Value::Null)
514 }
515
516 fn list_snapshot_files(
517 param: Value,
518 _info: &ApiMethod,
519 _rpcenv: &mut dyn RpcEnvironment,
520 ) -> Result<Value, Error> {
521
522 let repo = extract_repository_from_value(&param)?;
523
524 let path = tools::required_string_param(&param, "snapshot")?;
525 let snapshot = BackupDir::parse(path)?;
526
527 let output_format = param["output-format"].as_str().unwrap_or("text").to_owned();
528
529 let client = HttpClient::new(repo.host(), repo.user(), None)?;
530
531 let path = format!("api2/json/admin/datastore/{}/files", repo.store());
532
533 let mut result = async_main(async move {
534 client.get(&path, Some(json!({
535 "backup-type": snapshot.group().backup_type(),
536 "backup-id": snapshot.group().backup_id(),
537 "backup-time": snapshot.backup_time().timestamp(),
538 }))).await
539 })?;
540
541 record_repository(&repo);
542
543 let list: Value = result["data"].take();
544
545 if output_format == "text" {
546 for item in list.as_array().unwrap().iter() {
547 println!(
548 "{} {}",
549 strip_server_file_expenstion(item["filename"].as_str().unwrap()),
550 item["size"].as_u64().unwrap_or(0),
551 );
552 }
553 } else {
554 format_and_print_result(&list, &output_format);
555 }
556
557 Ok(Value::Null)
558 }
559
560 fn start_garbage_collection(
561 param: Value,
562 _info: &ApiMethod,
563 _rpcenv: &mut dyn RpcEnvironment,
564 ) -> Result<Value, Error> {
565
566 let repo = extract_repository_from_value(&param)?;
567
568 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
569
570 let path = format!("api2/json/admin/datastore/{}/gc", repo.store());
571
572 let result = async_main(async move { client.post(&path, None).await })?;
573
574 record_repository(&repo);
575
576 Ok(result)
577 }
578
579 fn parse_backupspec(value: &str) -> Result<(&str, &str), Error> {
580
581 if let Some(caps) = BACKUPSPEC_REGEX.captures(value) {
582 return Ok((caps.get(1).unwrap().as_str(), caps.get(2).unwrap().as_str()));
583 }
584 bail!("unable to parse directory specification '{}'", value);
585 }
586
587 fn create_backup(
588 param: Value,
589 _info: &ApiMethod,
590 _rpcenv: &mut dyn RpcEnvironment,
591 ) -> Result<Value, Error> {
592
593 let repo = extract_repository_from_value(&param)?;
594
595 let backupspec_list = tools::required_array_param(&param, "backupspec")?;
596
597 let all_file_systems = param["all-file-systems"].as_bool().unwrap_or(false);
598
599 let skip_lost_and_found = param["skip-lost-and-found"].as_bool().unwrap_or(false);
600
601 let verbose = param["verbose"].as_bool().unwrap_or(false);
602
603 let backup_time_opt = param["backup-time"].as_i64();
604
605 let chunk_size_opt = param["chunk-size"].as_u64().map(|v| (v*1024) as usize);
606
607 if let Some(size) = chunk_size_opt {
608 verify_chunk_size(size)?;
609 }
610
611 let keyfile = param["keyfile"].as_str().map(PathBuf::from);
612
613 let backup_id = param["backup-id"].as_str().unwrap_or(&proxmox::tools::nodename());
614
615 let backup_type = param["backup-type"].as_str().unwrap_or("host");
616
617 let include_dev = param["include-dev"].as_array();
618
619 let mut devices = if all_file_systems { None } else { Some(HashSet::new()) };
620
621 if let Some(include_dev) = include_dev {
622 if all_file_systems {
623 bail!("option 'all-file-systems' conflicts with option 'include-dev'");
624 }
625
626 let mut set = HashSet::new();
627 for path in include_dev {
628 let path = path.as_str().unwrap();
629 let stat = nix::sys::stat::stat(path)
630 .map_err(|err| format_err!("fstat {:?} failed - {}", path, err))?;
631 set.insert(stat.st_dev);
632 }
633 devices = Some(set);
634 }
635
636 let mut upload_list = vec![];
637
638 enum BackupType { PXAR, IMAGE, CONFIG, LOGFILE };
639
640 for backupspec in backupspec_list {
641 let (target, filename) = parse_backupspec(backupspec.as_str().unwrap())?;
642
643 use std::os::unix::fs::FileTypeExt;
644
645 let metadata = std::fs::metadata(filename)
646 .map_err(|err| format_err!("unable to access '{}' - {}", filename, err))?;
647 let file_type = metadata.file_type();
648
649 let extension = target.rsplit('.').next()
650 .ok_or_else(|| format_err!("missing target file extenion '{}'", target))?;
651
652 match extension {
653 "pxar" => {
654 if !file_type.is_dir() {
655 bail!("got unexpected file type (expected directory)");
656 }
657 upload_list.push((BackupType::PXAR, filename.to_owned(), format!("{}.didx", target), 0));
658 }
659 "img" => {
660
661 if !(file_type.is_file() || file_type.is_block_device()) {
662 bail!("got unexpected file type (expected file or block device)");
663 }
664
665 let size = image_size(&PathBuf::from(filename))?;
666
667 if size == 0 { bail!("got zero-sized file '{}'", filename); }
668
669 upload_list.push((BackupType::IMAGE, filename.to_owned(), format!("{}.fidx", target), size));
670 }
671 "conf" => {
672 if !file_type.is_file() {
673 bail!("got unexpected file type (expected regular file)");
674 }
675 upload_list.push((BackupType::CONFIG, filename.to_owned(), format!("{}.blob", target), metadata.len()));
676 }
677 "log" => {
678 if !file_type.is_file() {
679 bail!("got unexpected file type (expected regular file)");
680 }
681 upload_list.push((BackupType::LOGFILE, filename.to_owned(), format!("{}.blob", target), metadata.len()));
682 }
683 _ => {
684 bail!("got unknown archive extension '{}'", extension);
685 }
686 }
687 }
688
689 let backup_time = Utc.timestamp(backup_time_opt.unwrap_or_else(|| Utc::now().timestamp()), 0);
690
691 let client = HttpClient::new(repo.host(), repo.user(), None)?;
692 record_repository(&repo);
693
694 println!("Starting backup: {}/{}/{}", backup_type, backup_id, BackupDir::backup_time_to_string(backup_time));
695
696 println!("Client name: {}", proxmox::tools::nodename());
697
698 let start_time = Local::now();
699
700 println!("Starting protocol: {}", start_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
701
702 let (crypt_config, rsa_encrypted_key) = match keyfile {
703 None => (None, None),
704 Some(path) => {
705 let (key, created) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
706
707 let crypt_config = CryptConfig::new(key)?;
708
709 let path = master_pubkey_path()?;
710 if path.exists() {
711 let pem_data = file_get_contents(&path)?;
712 let rsa = openssl::rsa::Rsa::public_key_from_pem(&pem_data)?;
713 let enc_key = crypt_config.generate_rsa_encoded_key(rsa, created)?;
714 (Some(Arc::new(crypt_config)), Some(enc_key))
715 } else {
716 (Some(Arc::new(crypt_config)), None)
717 }
718 }
719 };
720
721 async_main(async move {
722 let client = BackupWriter::start(
723 client,
724 repo.store(),
725 backup_type,
726 &backup_id,
727 backup_time,
728 verbose,
729 ).await?;
730
731 let snapshot = BackupDir::new(backup_type, backup_id, backup_time.timestamp());
732 let mut manifest = BackupManifest::new(snapshot);
733
734 // fixme: encrypt/sign catalog?
735 let catalog_file = std::fs::OpenOptions::new()
736 .write(true)
737 .read(true)
738 .custom_flags(libc::O_TMPFILE)
739 .open("/tmp")?;
740
741 let catalog = Arc::new(Mutex::new(CatalogBlobWriter::new_compressed(catalog_file)?));
742 let mut upload_catalog = false;
743
744 for (backup_type, filename, target, size) in upload_list {
745 match backup_type {
746 BackupType::CONFIG => {
747 println!("Upload config file '{}' to '{:?}' as {}", filename, repo, target);
748 let stats = client
749 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
750 .await?;
751 manifest.add_file(target, stats.size, stats.csum);
752 }
753 BackupType::LOGFILE => { // fixme: remove - not needed anymore ?
754 println!("Upload log file '{}' to '{:?}' as {}", filename, repo, target);
755 let stats = client
756 .upload_blob_from_file(&filename, &target, crypt_config.clone(), true)
757 .await?;
758 manifest.add_file(target, stats.size, stats.csum);
759 }
760 BackupType::PXAR => {
761 upload_catalog = true;
762 println!("Upload directory '{}' to '{:?}' as {}", filename, repo, target);
763 catalog.lock().unwrap().start_directory(std::ffi::CString::new(target.as_str())?.as_c_str())?;
764 let stats = backup_directory(
765 &client,
766 &filename,
767 &target,
768 chunk_size_opt,
769 devices.clone(),
770 verbose,
771 skip_lost_and_found,
772 crypt_config.clone(),
773 catalog.clone(),
774 ).await?;
775 manifest.add_file(target, stats.size, stats.csum);
776 catalog.lock().unwrap().end_directory()?;
777 }
778 BackupType::IMAGE => {
779 println!("Upload image '{}' to '{:?}' as {}", filename, repo, target);
780 let stats = backup_image(
781 &client,
782 &filename,
783 &target,
784 size,
785 chunk_size_opt,
786 verbose,
787 crypt_config.clone(),
788 ).await?;
789 manifest.add_file(target, stats.size, stats.csum);
790 }
791 }
792 }
793
794 // finalize and upload catalog
795 if upload_catalog {
796 let mutex = Arc::try_unwrap(catalog)
797 .map_err(|_| format_err!("unable to get catalog (still used)"))?;
798 let mut catalog_file = mutex.into_inner().unwrap().finish()?;
799
800 let target = CATALOG_BLOB_NAME;
801
802 catalog_file.seek(SeekFrom::Start(0))?;
803
804 let stats = client.upload_blob(catalog_file, target).await?;
805 manifest.add_file(target.to_owned(), stats.size, stats.csum);
806 }
807
808 if let Some(rsa_encrypted_key) = rsa_encrypted_key {
809 let target = "rsa-encrypted.key";
810 println!("Upload RSA encoded key to '{:?}' as {}", repo, target);
811 let stats = client
812 .upload_blob_from_data(rsa_encrypted_key, target, None, false, false)
813 .await?;
814 manifest.add_file(format!("{}.blob", target), stats.size, stats.csum);
815
816 // openssl rsautl -decrypt -inkey master-private.pem -in rsa-encrypted.key -out t
817 /*
818 let mut buffer2 = vec![0u8; rsa.size() as usize];
819 let pem_data = file_get_contents("master-private.pem")?;
820 let rsa = openssl::rsa::Rsa::private_key_from_pem(&pem_data)?;
821 let len = rsa.private_decrypt(&buffer, &mut buffer2, openssl::rsa::Padding::PKCS1)?;
822 println!("TEST {} {:?}", len, buffer2);
823 */
824 }
825
826 // create manifest (index.json)
827 let manifest = manifest.into_json();
828
829 println!("Upload index.json to '{:?}'", repo);
830 let manifest = serde_json::to_string_pretty(&manifest)?.into();
831 client
832 .upload_blob_from_data(manifest, MANIFEST_BLOB_NAME, crypt_config.clone(), true, true)
833 .await?;
834
835 client.finish().await?;
836
837 let end_time = Local::now();
838 let elapsed = end_time.signed_duration_since(start_time);
839 println!("Duration: {}", elapsed);
840
841 println!("End Time: {}", end_time.to_rfc3339_opts(chrono::SecondsFormat::Secs, false));
842
843 Ok(Value::Null)
844 })
845 }
846
847 fn complete_backup_source(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
848
849 let mut result = vec![];
850
851 let data: Vec<&str> = arg.splitn(2, ':').collect();
852
853 if data.len() != 2 {
854 result.push(String::from("root.pxar:/"));
855 result.push(String::from("etc.pxar:/etc"));
856 return result;
857 }
858
859 let files = tools::complete_file_name(data[1], param);
860
861 for file in files {
862 result.push(format!("{}:{}", data[0], file));
863 }
864
865 result
866 }
867
868 fn restore(
869 param: Value,
870 _info: &ApiMethod,
871 _rpcenv: &mut dyn RpcEnvironment,
872 ) -> Result<Value, Error> {
873 async_main(restore_do(param))
874 }
875
876 fn dump_image<W: Write>(
877 client: Arc<BackupReader>,
878 crypt_config: Option<Arc<CryptConfig>>,
879 index: FixedIndexReader,
880 mut writer: W,
881 verbose: bool,
882 ) -> Result<(), Error> {
883
884 let most_used = index.find_most_used_chunks(8);
885
886 let mut chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
887
888 // Note: we avoid using BufferedFixedReader, because that add an additional buffer/copy
889 // and thus slows down reading. Instead, directly use RemoteChunkReader
890 let mut per = 0;
891 let mut bytes = 0;
892 let start_time = std::time::Instant::now();
893
894 for pos in 0..index.index_count() {
895 let digest = index.index_digest(pos).unwrap();
896 let raw_data = chunk_reader.read_chunk(&digest)?;
897 writer.write_all(&raw_data)?;
898 bytes += raw_data.len();
899 if verbose {
900 let next_per = ((pos+1)*100)/index.index_count();
901 if per != next_per {
902 eprintln!("progress {}% (read {} bytes, duration {} sec)",
903 next_per, bytes, start_time.elapsed().as_secs());
904 per = next_per;
905 }
906 }
907 }
908
909 let end_time = std::time::Instant::now();
910 let elapsed = end_time.duration_since(start_time);
911 eprintln!("restore image complete (bytes={}, duration={:.2}s, speed={:.2}MB/s)",
912 bytes,
913 elapsed.as_secs_f64(),
914 bytes as f64/(1024.0*1024.0*elapsed.as_secs_f64())
915 );
916
917
918 Ok(())
919 }
920
921 async fn restore_do(param: Value) -> Result<Value, Error> {
922 let repo = extract_repository_from_value(&param)?;
923
924 let verbose = param["verbose"].as_bool().unwrap_or(false);
925
926 let allow_existing_dirs = param["allow-existing-dirs"].as_bool().unwrap_or(false);
927
928 let archive_name = tools::required_string_param(&param, "archive-name")?;
929
930 let client = HttpClient::new(repo.host(), repo.user(), None)?;
931
932 record_repository(&repo);
933
934 let path = tools::required_string_param(&param, "snapshot")?;
935
936 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
937 let group = BackupGroup::parse(path)?;
938
939 let path = format!("api2/json/admin/datastore/{}/snapshots", repo.store());
940 let result = client.get(&path, Some(json!({
941 "backup-type": group.backup_type(),
942 "backup-id": group.backup_id(),
943 }))).await?;
944
945 let list = result["data"].as_array().unwrap();
946 if list.is_empty() {
947 bail!("backup group '{}' does not contain any snapshots:", path);
948 }
949
950 let epoch = list[0]["backup-time"].as_i64().unwrap();
951 let backup_time = Utc.timestamp(epoch, 0);
952 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
953 } else {
954 let snapshot = BackupDir::parse(path)?;
955 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
956 };
957
958 let target = tools::required_string_param(&param, "target")?;
959 let target = if target == "-" { None } else { Some(target) };
960
961 let keyfile = param["keyfile"].as_str().map(PathBuf::from);
962
963 let crypt_config = match keyfile {
964 None => None,
965 Some(path) => {
966 let (key, _) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
967 Some(Arc::new(CryptConfig::new(key)?))
968 }
969 };
970
971 let server_archive_name = if archive_name.ends_with(".pxar") {
972 format!("{}.didx", archive_name)
973 } else if archive_name.ends_with(".img") {
974 format!("{}.fidx", archive_name)
975 } else {
976 format!("{}.blob", archive_name)
977 };
978
979 let client = BackupReader::start(
980 client,
981 crypt_config.clone(),
982 repo.store(),
983 &backup_type,
984 &backup_id,
985 backup_time,
986 true,
987 ).await?;
988
989 let tmpfile = std::fs::OpenOptions::new()
990 .write(true)
991 .read(true)
992 .custom_flags(libc::O_TMPFILE)
993 .open("/tmp")?;
994
995 let manifest = client.download_manifest().await?;
996
997 if server_archive_name == MANIFEST_BLOB_NAME {
998 let backup_index_data = manifest.into_json().to_string();
999 if let Some(target) = target {
1000 file_set_contents(target, backup_index_data.as_bytes(), None)?;
1001 } else {
1002 let stdout = std::io::stdout();
1003 let mut writer = stdout.lock();
1004 writer.write_all(backup_index_data.as_bytes())
1005 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1006 }
1007
1008 } else if server_archive_name.ends_with(".blob") {
1009 let mut tmpfile = client.download(&server_archive_name, tmpfile).await?;
1010
1011 let (csum, size) = compute_file_csum(&mut tmpfile)?;
1012 manifest.verify_file(&server_archive_name, &csum, size)?;
1013
1014 tmpfile.seek(SeekFrom::Start(0))?;
1015 let mut reader = DataBlobReader::new(tmpfile, crypt_config)?;
1016
1017 if let Some(target) = target {
1018 let mut writer = std::fs::OpenOptions::new()
1019 .write(true)
1020 .create(true)
1021 .create_new(true)
1022 .open(target)
1023 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?;
1024 std::io::copy(&mut reader, &mut writer)?;
1025 } else {
1026 let stdout = std::io::stdout();
1027 let mut writer = stdout.lock();
1028 std::io::copy(&mut reader, &mut writer)
1029 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1030 }
1031
1032 } else if server_archive_name.ends_with(".didx") {
1033 let tmpfile = client.download(&server_archive_name, tmpfile).await?;
1034
1035 let index = DynamicIndexReader::new(tmpfile)
1036 .map_err(|err| format_err!("unable to read dynamic index '{}' - {}", archive_name, err))?;
1037
1038 // Note: do not use values stored in index (not trusted) - instead, computed them again
1039 let (csum, size) = index.compute_csum();
1040 manifest.verify_file(&server_archive_name, &csum, size)?;
1041
1042 let most_used = index.find_most_used_chunks(8);
1043
1044 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1045
1046 let mut reader = BufferedDynamicReader::new(index, chunk_reader);
1047
1048 if let Some(target) = target {
1049
1050 let feature_flags = pxar::flags::DEFAULT;
1051 let mut decoder = pxar::SequentialDecoder::new(&mut reader, feature_flags, |path| {
1052 if verbose {
1053 eprintln!("{:?}", path);
1054 }
1055 Ok(())
1056 });
1057 decoder.set_allow_existing_dirs(allow_existing_dirs);
1058
1059 decoder.restore(Path::new(target), &Vec::new())?;
1060 } else {
1061 let mut writer = std::fs::OpenOptions::new()
1062 .write(true)
1063 .open("/dev/stdout")
1064 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?;
1065
1066 std::io::copy(&mut reader, &mut writer)
1067 .map_err(|err| format_err!("unable to pipe data - {}", err))?;
1068 }
1069 } else if server_archive_name.ends_with(".fidx") {
1070 let tmpfile = client.download(&server_archive_name, tmpfile).await?;
1071
1072 let index = FixedIndexReader::new(tmpfile)
1073 .map_err(|err| format_err!("unable to read fixed index '{}' - {}", archive_name, err))?;
1074
1075 // Note: do not use values stored in index (not trusted) - instead, computed them again
1076 let (csum, size) = index.compute_csum();
1077 manifest.verify_file(&server_archive_name, &csum, size)?;
1078
1079 let mut writer = if let Some(target) = target {
1080 std::fs::OpenOptions::new()
1081 .write(true)
1082 .create(true)
1083 .create_new(true)
1084 .open(target)
1085 .map_err(|err| format_err!("unable to create target file {:?} - {}", target, err))?
1086 } else {
1087 std::fs::OpenOptions::new()
1088 .write(true)
1089 .open("/dev/stdout")
1090 .map_err(|err| format_err!("unable to open /dev/stdout - {}", err))?
1091 };
1092
1093 dump_image(client.clone(), crypt_config.clone(), index, &mut writer, verbose)?;
1094
1095 } else {
1096 bail!("unknown archive file extension (expected .pxar of .img)");
1097 }
1098
1099 Ok(Value::Null)
1100 }
1101
1102 fn upload_log(
1103 param: Value,
1104 _info: &ApiMethod,
1105 _rpcenv: &mut dyn RpcEnvironment,
1106 ) -> Result<Value, Error> {
1107
1108 let logfile = tools::required_string_param(&param, "logfile")?;
1109 let repo = extract_repository_from_value(&param)?;
1110
1111 let snapshot = tools::required_string_param(&param, "snapshot")?;
1112 let snapshot = BackupDir::parse(snapshot)?;
1113
1114 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
1115
1116 let keyfile = param["keyfile"].as_str().map(PathBuf::from);
1117
1118 let crypt_config = match keyfile {
1119 None => None,
1120 Some(path) => {
1121 let (key, _created) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1122 let crypt_config = CryptConfig::new(key)?;
1123 Some(Arc::new(crypt_config))
1124 }
1125 };
1126
1127 let data = file_get_contents(logfile)?;
1128
1129 let blob = DataBlob::encode(&data, crypt_config.as_ref().map(Arc::as_ref), true)?;
1130
1131 let raw_data = blob.into_inner();
1132
1133 let path = format!("api2/json/admin/datastore/{}/upload-backup-log", repo.store());
1134
1135 let args = json!({
1136 "backup-type": snapshot.group().backup_type(),
1137 "backup-id": snapshot.group().backup_id(),
1138 "backup-time": snapshot.backup_time().timestamp(),
1139 });
1140
1141 let body = hyper::Body::from(raw_data);
1142
1143 async_main(async move {
1144 client.upload("application/octet-stream", body, &path, Some(args)).await
1145 })
1146 }
1147
1148 fn prune(
1149 mut param: Value,
1150 _info: &ApiMethod,
1151 _rpcenv: &mut dyn RpcEnvironment,
1152 ) -> Result<Value, Error> {
1153
1154 let repo = extract_repository_from_value(&param)?;
1155
1156 let mut client = HttpClient::new(repo.host(), repo.user(), None)?;
1157
1158 let path = format!("api2/json/admin/datastore/{}/prune", repo.store());
1159
1160 let group = tools::required_string_param(&param, "group")?;
1161 let group = BackupGroup::parse(group)?;
1162
1163 param.as_object_mut().unwrap().remove("repository");
1164 param.as_object_mut().unwrap().remove("group");
1165
1166 param["backup-type"] = group.backup_type().into();
1167 param["backup-id"] = group.backup_id().into();
1168
1169 let _result = async_main(async move { client.post(&path, Some(param)).await })?;
1170
1171 record_repository(&repo);
1172
1173 Ok(Value::Null)
1174 }
1175
1176 fn status(
1177 param: Value,
1178 _info: &ApiMethod,
1179 _rpcenv: &mut dyn RpcEnvironment,
1180 ) -> Result<Value, Error> {
1181
1182 let repo = extract_repository_from_value(&param)?;
1183
1184 let output_format = param["output-format"].as_str().unwrap_or("text").to_owned();
1185
1186 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1187
1188 let path = format!("api2/json/admin/datastore/{}/status", repo.store());
1189
1190 let result = async_main(async move { client.get(&path, None).await })?;
1191 let data = &result["data"];
1192
1193 record_repository(&repo);
1194
1195 if output_format == "text" {
1196 let total = data["total"].as_u64().unwrap();
1197 let used = data["used"].as_u64().unwrap();
1198 let avail = data["avail"].as_u64().unwrap();
1199 let roundup = total/200;
1200
1201 println!(
1202 "total: {} used: {} ({} %) available: {}",
1203 total,
1204 used,
1205 ((used+roundup)*100)/total,
1206 avail,
1207 );
1208 } else {
1209 format_and_print_result(data, &output_format);
1210 }
1211
1212 Ok(Value::Null)
1213 }
1214
1215 // like get, but simply ignore errors and return Null instead
1216 async fn try_get(repo: &BackupRepository, url: &str) -> Value {
1217
1218 let client = match HttpClient::new(repo.host(), repo.user(), None) {
1219 Ok(v) => v,
1220 _ => return Value::Null,
1221 };
1222
1223 let mut resp = match client.get(url, None).await {
1224 Ok(v) => v,
1225 _ => return Value::Null,
1226 };
1227
1228 if let Some(map) = resp.as_object_mut() {
1229 if let Some(data) = map.remove("data") {
1230 return data;
1231 }
1232 }
1233 Value::Null
1234 }
1235
1236 fn complete_backup_group(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1237 async_main(async { complete_backup_group_do(param).await })
1238 }
1239
1240 async fn complete_backup_group_do(param: &HashMap<String, String>) -> Vec<String> {
1241
1242 let mut result = vec![];
1243
1244 let repo = match extract_repository_from_map(param) {
1245 Some(v) => v,
1246 _ => return result,
1247 };
1248
1249 let path = format!("api2/json/admin/datastore/{}/groups", repo.store());
1250
1251 let data = try_get(&repo, &path).await;
1252
1253 if let Some(list) = data.as_array() {
1254 for item in list {
1255 if let (Some(backup_id), Some(backup_type)) =
1256 (item["backup-id"].as_str(), item["backup-type"].as_str())
1257 {
1258 result.push(format!("{}/{}", backup_type, backup_id));
1259 }
1260 }
1261 }
1262
1263 result
1264 }
1265
1266 fn complete_group_or_snapshot(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1267 async_main(async { complete_group_or_snapshot_do(arg, param).await })
1268 }
1269
1270 async fn complete_group_or_snapshot_do(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1271
1272 if arg.matches('/').count() < 2 {
1273 let groups = complete_backup_group_do(param).await;
1274 let mut result = vec![];
1275 for group in groups {
1276 result.push(group.to_string());
1277 result.push(format!("{}/", group));
1278 }
1279 return result;
1280 }
1281
1282 complete_backup_snapshot_do(param).await
1283 }
1284
1285 fn complete_backup_snapshot(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1286 async_main(async { complete_backup_snapshot_do(param).await })
1287 }
1288
1289 async fn complete_backup_snapshot_do(param: &HashMap<String, String>) -> Vec<String> {
1290
1291 let mut result = vec![];
1292
1293 let repo = match extract_repository_from_map(param) {
1294 Some(v) => v,
1295 _ => return result,
1296 };
1297
1298 let path = format!("api2/json/admin/datastore/{}/snapshots", repo.store());
1299
1300 let data = try_get(&repo, &path).await;
1301
1302 if let Some(list) = data.as_array() {
1303 for item in list {
1304 if let (Some(backup_id), Some(backup_type), Some(backup_time)) =
1305 (item["backup-id"].as_str(), item["backup-type"].as_str(), item["backup-time"].as_i64())
1306 {
1307 let snapshot = BackupDir::new(backup_type, backup_id, backup_time);
1308 result.push(snapshot.relative_path().to_str().unwrap().to_owned());
1309 }
1310 }
1311 }
1312
1313 result
1314 }
1315
1316 fn complete_server_file_name(_arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1317 async_main(async { complete_server_file_name_do(param).await })
1318 }
1319
1320 async fn complete_server_file_name_do(param: &HashMap<String, String>) -> Vec<String> {
1321
1322 let mut result = vec![];
1323
1324 let repo = match extract_repository_from_map(param) {
1325 Some(v) => v,
1326 _ => return result,
1327 };
1328
1329 let snapshot = match param.get("snapshot") {
1330 Some(path) => {
1331 match BackupDir::parse(path) {
1332 Ok(v) => v,
1333 _ => return result,
1334 }
1335 }
1336 _ => return result,
1337 };
1338
1339 let query = tools::json_object_to_query(json!({
1340 "backup-type": snapshot.group().backup_type(),
1341 "backup-id": snapshot.group().backup_id(),
1342 "backup-time": snapshot.backup_time().timestamp(),
1343 })).unwrap();
1344
1345 let path = format!("api2/json/admin/datastore/{}/files?{}", repo.store(), query);
1346
1347 let data = try_get(&repo, &path).await;
1348
1349 if let Some(list) = data.as_array() {
1350 for item in list {
1351 if let Some(filename) = item["filename"].as_str() {
1352 result.push(filename.to_owned());
1353 }
1354 }
1355 }
1356
1357 result
1358 }
1359
1360 fn complete_archive_name(arg: &str, param: &HashMap<String, String>) -> Vec<String> {
1361 complete_server_file_name(arg, param)
1362 .iter()
1363 .map(|v| strip_server_file_expenstion(&v))
1364 .collect()
1365 }
1366
1367 fn complete_chunk_size(_arg: &str, _param: &HashMap<String, String>) -> Vec<String> {
1368
1369 let mut result = vec![];
1370
1371 let mut size = 64;
1372 loop {
1373 result.push(size.to_string());
1374 size *= 2;
1375 if size > 4096 { break; }
1376 }
1377
1378 result
1379 }
1380
1381 fn get_encryption_key_password() -> Result<Vec<u8>, Error> {
1382
1383 // fixme: implement other input methods
1384
1385 use std::env::VarError::*;
1386 match std::env::var("PBS_ENCRYPTION_PASSWORD") {
1387 Ok(p) => return Ok(p.as_bytes().to_vec()),
1388 Err(NotUnicode(_)) => bail!("PBS_ENCRYPTION_PASSWORD contains bad characters"),
1389 Err(NotPresent) => {
1390 // Try another method
1391 }
1392 }
1393
1394 // If we're on a TTY, query the user for a password
1395 if crate::tools::tty::stdin_isatty() {
1396 return Ok(crate::tools::tty::read_password("Encryption Key Password: ")?);
1397 }
1398
1399 bail!("no password input mechanism available");
1400 }
1401
1402 fn key_create(
1403 param: Value,
1404 _info: &ApiMethod,
1405 _rpcenv: &mut dyn RpcEnvironment,
1406 ) -> Result<Value, Error> {
1407
1408 let path = tools::required_string_param(&param, "path")?;
1409 let path = PathBuf::from(path);
1410
1411 let kdf = param["kdf"].as_str().unwrap_or("scrypt");
1412
1413 let key = proxmox::sys::linux::random_data(32)?;
1414
1415 if kdf == "scrypt" {
1416 // always read passphrase from tty
1417 if !crate::tools::tty::stdin_isatty() {
1418 bail!("unable to read passphrase - no tty");
1419 }
1420
1421 let password = crate::tools::tty::read_password("Encryption Key Password: ")?;
1422
1423 let key_config = encrypt_key_with_passphrase(&key, &password)?;
1424
1425 store_key_config(&path, false, key_config)?;
1426
1427 Ok(Value::Null)
1428 } else if kdf == "none" {
1429 let created = Local.timestamp(Local::now().timestamp(), 0);
1430
1431 store_key_config(&path, false, KeyConfig {
1432 kdf: None,
1433 created,
1434 modified: created,
1435 data: key,
1436 })?;
1437
1438 Ok(Value::Null)
1439 } else {
1440 unreachable!();
1441 }
1442 }
1443
1444 fn master_pubkey_path() -> Result<PathBuf, Error> {
1445 let base = BaseDirectories::with_prefix("proxmox-backup")?;
1446
1447 // usually $HOME/.config/proxmox-backup/master-public.pem
1448 let path = base.place_config_file("master-public.pem")?;
1449
1450 Ok(path)
1451 }
1452
1453 fn key_import_master_pubkey(
1454 param: Value,
1455 _info: &ApiMethod,
1456 _rpcenv: &mut dyn RpcEnvironment,
1457 ) -> Result<Value, Error> {
1458
1459 let path = tools::required_string_param(&param, "path")?;
1460 let path = PathBuf::from(path);
1461
1462 let pem_data = file_get_contents(&path)?;
1463
1464 if let Err(err) = openssl::pkey::PKey::public_key_from_pem(&pem_data) {
1465 bail!("Unable to decode PEM data - {}", err);
1466 }
1467
1468 let target_path = master_pubkey_path()?;
1469
1470 file_set_contents(&target_path, &pem_data, None)?;
1471
1472 println!("Imported public master key to {:?}", target_path);
1473
1474 Ok(Value::Null)
1475 }
1476
1477 fn key_create_master_key(
1478 _param: Value,
1479 _info: &ApiMethod,
1480 _rpcenv: &mut dyn RpcEnvironment,
1481 ) -> Result<Value, Error> {
1482
1483 // we need a TTY to query the new password
1484 if !crate::tools::tty::stdin_isatty() {
1485 bail!("unable to create master key - no tty");
1486 }
1487
1488 let rsa = openssl::rsa::Rsa::generate(4096)?;
1489 let pkey = openssl::pkey::PKey::from_rsa(rsa)?;
1490
1491 let new_pw = String::from_utf8(crate::tools::tty::read_password("Master Key Password: ")?)?;
1492 let verify_pw = String::from_utf8(crate::tools::tty::read_password("Verify Password: ")?)?;
1493
1494 if new_pw != verify_pw {
1495 bail!("Password verification fail!");
1496 }
1497
1498 if new_pw.len() < 5 {
1499 bail!("Password is too short!");
1500 }
1501
1502 let pub_key: Vec<u8> = pkey.public_key_to_pem()?;
1503 let filename_pub = "master-public.pem";
1504 println!("Writing public master key to {}", filename_pub);
1505 file_set_contents(filename_pub, pub_key.as_slice(), None)?;
1506
1507 let cipher = openssl::symm::Cipher::aes_256_cbc();
1508 let priv_key: Vec<u8> = pkey.private_key_to_pem_pkcs8_passphrase(cipher, new_pw.as_bytes())?;
1509
1510 let filename_priv = "master-private.pem";
1511 println!("Writing private master key to {}", filename_priv);
1512 file_set_contents(filename_priv, priv_key.as_slice(), None)?;
1513
1514 Ok(Value::Null)
1515 }
1516
1517 fn key_change_passphrase(
1518 param: Value,
1519 _info: &ApiMethod,
1520 _rpcenv: &mut dyn RpcEnvironment,
1521 ) -> Result<Value, Error> {
1522
1523 let path = tools::required_string_param(&param, "path")?;
1524 let path = PathBuf::from(path);
1525
1526 let kdf = param["kdf"].as_str().unwrap_or("scrypt");
1527
1528 // we need a TTY to query the new password
1529 if !crate::tools::tty::stdin_isatty() {
1530 bail!("unable to change passphrase - no tty");
1531 }
1532
1533 let (key, created) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1534
1535 if kdf == "scrypt" {
1536
1537 let new_pw = String::from_utf8(crate::tools::tty::read_password("New Password: ")?)?;
1538 let verify_pw = String::from_utf8(crate::tools::tty::read_password("Verify Password: ")?)?;
1539
1540 if new_pw != verify_pw {
1541 bail!("Password verification fail!");
1542 }
1543
1544 if new_pw.len() < 5 {
1545 bail!("Password is too short!");
1546 }
1547
1548 let mut new_key_config = encrypt_key_with_passphrase(&key, new_pw.as_bytes())?;
1549 new_key_config.created = created; // keep original value
1550
1551 store_key_config(&path, true, new_key_config)?;
1552
1553 Ok(Value::Null)
1554 } else if kdf == "none" {
1555 let modified = Local.timestamp(Local::now().timestamp(), 0);
1556
1557 store_key_config(&path, true, KeyConfig {
1558 kdf: None,
1559 created, // keep original value
1560 modified,
1561 data: key.to_vec(),
1562 })?;
1563
1564 Ok(Value::Null)
1565 } else {
1566 unreachable!();
1567 }
1568 }
1569
1570 fn key_mgmt_cli() -> CliCommandMap {
1571
1572 let kdf_schema: Arc<Schema> = Arc::new(
1573 StringSchema::new("Key derivation function. Choose 'none' to store the key unecrypted.")
1574 .format(Arc::new(ApiStringFormat::Enum(&["scrypt", "none"])))
1575 .default("scrypt")
1576 .into()
1577 );
1578
1579 let key_create_cmd_def = CliCommand::new(
1580 ApiMethod::new(
1581 key_create,
1582 ObjectSchema::new("Create a new encryption key.")
1583 .required("path", StringSchema::new("File system path."))
1584 .optional("kdf", kdf_schema.clone())
1585 ))
1586 .arg_param(vec!["path"])
1587 .completion_cb("path", tools::complete_file_name);
1588
1589 let key_change_passphrase_cmd_def = CliCommand::new(
1590 ApiMethod::new(
1591 key_change_passphrase,
1592 ObjectSchema::new("Change the passphrase required to decrypt the key.")
1593 .required("path", StringSchema::new("File system path."))
1594 .optional("kdf", kdf_schema.clone())
1595 ))
1596 .arg_param(vec!["path"])
1597 .completion_cb("path", tools::complete_file_name);
1598
1599 let key_create_master_key_cmd_def = CliCommand::new(
1600 ApiMethod::new(
1601 key_create_master_key,
1602 ObjectSchema::new("Create a new 4096 bit RSA master pub/priv key pair.")
1603 ));
1604
1605 let key_import_master_pubkey_cmd_def = CliCommand::new(
1606 ApiMethod::new(
1607 key_import_master_pubkey,
1608 ObjectSchema::new("Import a new RSA public key and use it as master key. The key is expected to be in '.pem' format.")
1609 .required("path", StringSchema::new("File system path."))
1610 ))
1611 .arg_param(vec!["path"])
1612 .completion_cb("path", tools::complete_file_name);
1613
1614 CliCommandMap::new()
1615 .insert("create".to_owned(), key_create_cmd_def.into())
1616 .insert("create-master-key".to_owned(), key_create_master_key_cmd_def.into())
1617 .insert("import-master-pubkey".to_owned(), key_import_master_pubkey_cmd_def.into())
1618 .insert("change-passphrase".to_owned(), key_change_passphrase_cmd_def.into())
1619 }
1620
1621
1622 fn mount(
1623 param: Value,
1624 _info: &ApiMethod,
1625 _rpcenv: &mut dyn RpcEnvironment,
1626 ) -> Result<Value, Error> {
1627 let verbose = param["verbose"].as_bool().unwrap_or(false);
1628 if verbose {
1629 // This will stay in foreground with debug output enabled as None is
1630 // passed for the RawFd.
1631 return async_main(mount_do(param, None));
1632 }
1633
1634 // Process should be deamonized.
1635 // Make sure to fork before the async runtime is instantiated to avoid troubles.
1636 let pipe = pipe()?;
1637 match fork() {
1638 Ok(ForkResult::Parent { .. }) => {
1639 nix::unistd::close(pipe.1).unwrap();
1640 // Blocks the parent process until we are ready to go in the child
1641 let _res = nix::unistd::read(pipe.0, &mut [0]).unwrap();
1642 Ok(Value::Null)
1643 }
1644 Ok(ForkResult::Child) => {
1645 nix::unistd::close(pipe.0).unwrap();
1646 nix::unistd::setsid().unwrap();
1647 async_main(mount_do(param, Some(pipe.1)))
1648 }
1649 Err(_) => bail!("failed to daemonize process"),
1650 }
1651 }
1652
1653 async fn mount_do(param: Value, pipe: Option<RawFd>) -> Result<Value, Error> {
1654 let repo = extract_repository_from_value(&param)?;
1655 let archive_name = tools::required_string_param(&param, "archive-name")?;
1656 let target = tools::required_string_param(&param, "target")?;
1657 let client = HttpClient::new(repo.host(), repo.user(), None)?;
1658
1659 record_repository(&repo);
1660
1661 let path = tools::required_string_param(&param, "snapshot")?;
1662 let (backup_type, backup_id, backup_time) = if path.matches('/').count() == 1 {
1663 let group = BackupGroup::parse(path)?;
1664
1665 let path = format!("api2/json/admin/datastore/{}/snapshots", repo.store());
1666 let result = client.get(&path, Some(json!({
1667 "backup-type": group.backup_type(),
1668 "backup-id": group.backup_id(),
1669 }))).await?;
1670
1671 let list = result["data"].as_array().unwrap();
1672 if list.is_empty() {
1673 bail!("backup group '{}' does not contain any snapshots:", path);
1674 }
1675
1676 let epoch = list[0]["backup-time"].as_i64().unwrap();
1677 let backup_time = Utc.timestamp(epoch, 0);
1678 (group.backup_type().to_owned(), group.backup_id().to_owned(), backup_time)
1679 } else {
1680 let snapshot = BackupDir::parse(path)?;
1681 (snapshot.group().backup_type().to_owned(), snapshot.group().backup_id().to_owned(), snapshot.backup_time())
1682 };
1683
1684 let keyfile = param["keyfile"].as_str().map(PathBuf::from);
1685 let crypt_config = match keyfile {
1686 None => None,
1687 Some(path) => {
1688 let (key, _) = load_and_decrtypt_key(&path, &get_encryption_key_password)?;
1689 Some(Arc::new(CryptConfig::new(key)?))
1690 }
1691 };
1692
1693 let server_archive_name = if archive_name.ends_with(".pxar") {
1694 format!("{}.didx", archive_name)
1695 } else {
1696 bail!("Can only mount pxar archives.");
1697 };
1698
1699 let client = BackupReader::start(
1700 client,
1701 crypt_config.clone(),
1702 repo.store(),
1703 &backup_type,
1704 &backup_id,
1705 backup_time,
1706 true,
1707 ).await?;
1708
1709 let tmpfile = std::fs::OpenOptions::new()
1710 .write(true)
1711 .read(true)
1712 .custom_flags(libc::O_TMPFILE)
1713 .open("/tmp")?;
1714
1715 let manifest = client.download_manifest().await?;
1716
1717 if server_archive_name.ends_with(".didx") {
1718 let tmpfile = client.download(&server_archive_name, tmpfile).await?;
1719 let index = DynamicIndexReader::new(tmpfile)
1720 .map_err(|err| format_err!("unable to read dynamic index '{}' - {}", archive_name, err))?;
1721
1722 // Note: do not use values stored in index (not trusted) - instead, computed them again
1723 let (csum, size) = index.compute_csum();
1724 manifest.verify_file(&server_archive_name, &csum, size)?;
1725
1726 let most_used = index.find_most_used_chunks(8);
1727 let chunk_reader = RemoteChunkReader::new(client.clone(), crypt_config, most_used);
1728 let reader = BufferedDynamicReader::new(index, chunk_reader);
1729 let decoder =
1730 pxar::Decoder::<Box<dyn pxar::fuse::ReadSeek>, fn(&Path) -> Result<(), Error>>::new(
1731 Box::new(reader),
1732 |_| Ok(()),
1733 )?;
1734 let options = OsStr::new("ro,default_permissions");
1735 let mut session = pxar::fuse::Session::from_decoder(decoder, &options, pipe.is_none())
1736 .map_err(|err| format_err!("pxar mount failed: {}", err))?;
1737
1738 // Mount the session but not call fuse deamonize as this will cause
1739 // issues with the runtime after the fork
1740 let deamonize = false;
1741 session.mount(&Path::new(target), deamonize)?;
1742
1743 if let Some(pipe) = pipe {
1744 nix::unistd::chdir(Path::new("/")).unwrap();
1745 // Finish creation of deamon by redirecting filedescriptors.
1746 let nullfd = nix::fcntl::open(
1747 "/dev/null",
1748 nix::fcntl::OFlag::O_RDWR,
1749 nix::sys::stat::Mode::empty(),
1750 ).unwrap();
1751 nix::unistd::dup2(nullfd, 0).unwrap();
1752 nix::unistd::dup2(nullfd, 1).unwrap();
1753 nix::unistd::dup2(nullfd, 2).unwrap();
1754 if nullfd > 2 {
1755 nix::unistd::close(nullfd).unwrap();
1756 }
1757 // Signal the parent process that we are done with the setup and it can
1758 // terminate.
1759 nix::unistd::write(pipe, &[0u8])?;
1760 nix::unistd::close(pipe).unwrap();
1761 }
1762
1763 let multithreaded = true;
1764 session.run_loop(multithreaded)?;
1765 } else {
1766 bail!("unknown archive file extension (expected .pxar)");
1767 }
1768
1769 Ok(Value::Null)
1770 }
1771
1772 fn main() {
1773
1774 let backup_source_schema: Arc<Schema> = Arc::new(
1775 StringSchema::new("Backup source specification ([<label>:<path>]).")
1776 .format(Arc::new(ApiStringFormat::Pattern(&BACKUPSPEC_REGEX)))
1777 .into()
1778 );
1779
1780 let backup_cmd_def = CliCommand::new(
1781 ApiMethod::new(
1782 create_backup,
1783 ObjectSchema::new("Create (host) backup.")
1784 .required(
1785 "backupspec",
1786 ArraySchema::new(
1787 "List of backup source specifications ([<label.ext>:<path>] ...)",
1788 backup_source_schema,
1789 ).min_length(1)
1790 )
1791 .optional("repository", REPO_URL_SCHEMA.clone())
1792 .optional(
1793 "include-dev",
1794 ArraySchema::new(
1795 "Include mountpoints with same st_dev number (see ``man fstat``) as specified files.",
1796 StringSchema::new("Path to file.").into()
1797 )
1798 )
1799 .optional(
1800 "keyfile",
1801 StringSchema::new("Path to encryption key. All data will be encrypted using this key."))
1802 .optional(
1803 "verbose",
1804 BooleanSchema::new("Verbose output.").default(false))
1805 .optional(
1806 "skip-lost-and-found",
1807 BooleanSchema::new("Skip lost+found directory").default(false))
1808 .optional(
1809 "backup-type",
1810 BACKUP_TYPE_SCHEMA.clone()
1811 )
1812 .optional(
1813 "backup-id",
1814 BACKUP_ID_SCHEMA.clone()
1815 )
1816 .optional(
1817 "backup-time",
1818 BACKUP_TIME_SCHEMA.clone()
1819 )
1820 .optional(
1821 "chunk-size",
1822 IntegerSchema::new("Chunk size in KB. Must be a power of 2.")
1823 .minimum(64)
1824 .maximum(4096)
1825 .default(4096)
1826 )
1827 ))
1828 .arg_param(vec!["backupspec"])
1829 .completion_cb("repository", complete_repository)
1830 .completion_cb("backupspec", complete_backup_source)
1831 .completion_cb("keyfile", tools::complete_file_name)
1832 .completion_cb("chunk-size", complete_chunk_size);
1833
1834 let upload_log_cmd_def = CliCommand::new(
1835 ApiMethod::new(
1836 upload_log,
1837 ObjectSchema::new("Upload backup log file.")
1838 .required("snapshot", StringSchema::new("Snapshot path."))
1839 .required("logfile", StringSchema::new("The path to the log file you want to upload."))
1840 .optional("repository", REPO_URL_SCHEMA.clone())
1841 .optional(
1842 "keyfile",
1843 StringSchema::new("Path to encryption key. All data will be encrypted using this key."))
1844 ))
1845 .arg_param(vec!["snapshot", "logfile"])
1846 .completion_cb("snapshot", complete_backup_snapshot)
1847 .completion_cb("logfile", tools::complete_file_name)
1848 .completion_cb("keyfile", tools::complete_file_name)
1849 .completion_cb("repository", complete_repository);
1850
1851 let list_cmd_def = CliCommand::new(
1852 ApiMethod::new(
1853 list_backup_groups,
1854 ObjectSchema::new("List backup groups.")
1855 .optional("repository", REPO_URL_SCHEMA.clone())
1856 .optional("output-format", OUTPUT_FORMAT.clone())
1857 ))
1858 .completion_cb("repository", complete_repository);
1859
1860 let snapshots_cmd_def = CliCommand::new(
1861 ApiMethod::new(
1862 list_snapshots,
1863 ObjectSchema::new("List backup snapshots.")
1864 .optional("group", StringSchema::new("Backup group."))
1865 .optional("repository", REPO_URL_SCHEMA.clone())
1866 .optional("output-format", OUTPUT_FORMAT.clone())
1867 ))
1868 .arg_param(vec!["group"])
1869 .completion_cb("group", complete_backup_group)
1870 .completion_cb("repository", complete_repository);
1871
1872 let forget_cmd_def = CliCommand::new(
1873 ApiMethod::new(
1874 forget_snapshots,
1875 ObjectSchema::new("Forget (remove) backup snapshots.")
1876 .required("snapshot", StringSchema::new("Snapshot path."))
1877 .optional("repository", REPO_URL_SCHEMA.clone())
1878 ))
1879 .arg_param(vec!["snapshot"])
1880 .completion_cb("repository", complete_repository)
1881 .completion_cb("snapshot", complete_backup_snapshot);
1882
1883 let garbage_collect_cmd_def = CliCommand::new(
1884 ApiMethod::new(
1885 start_garbage_collection,
1886 ObjectSchema::new("Start garbage collection for a specific repository.")
1887 .optional("repository", REPO_URL_SCHEMA.clone())
1888 ))
1889 .completion_cb("repository", complete_repository);
1890
1891 let restore_cmd_def = CliCommand::new(
1892 ApiMethod::new(
1893 restore,
1894 ObjectSchema::new("Restore backup repository.")
1895 .required("snapshot", StringSchema::new("Group/Snapshot path."))
1896 .required("archive-name", StringSchema::new("Backup archive name."))
1897 .required("target", StringSchema::new(r###"Target directory path. Use '-' to write to stdandard output.
1898
1899 We do not extraxt '.pxar' archives when writing to stdandard output.
1900
1901 "###
1902 ))
1903 .optional(
1904 "allow-existing-dirs",
1905 BooleanSchema::new("Do not fail if directories already exists.").default(false))
1906 .optional("repository", REPO_URL_SCHEMA.clone())
1907 .optional("keyfile", StringSchema::new("Path to encryption key."))
1908 .optional(
1909 "verbose",
1910 BooleanSchema::new("Verbose output.").default(false)
1911 )
1912 ))
1913 .arg_param(vec!["snapshot", "archive-name", "target"])
1914 .completion_cb("repository", complete_repository)
1915 .completion_cb("snapshot", complete_group_or_snapshot)
1916 .completion_cb("archive-name", complete_archive_name)
1917 .completion_cb("target", tools::complete_file_name);
1918
1919 let files_cmd_def = CliCommand::new(
1920 ApiMethod::new(
1921 list_snapshot_files,
1922 ObjectSchema::new("List snapshot files.")
1923 .required("snapshot", StringSchema::new("Snapshot path."))
1924 .optional("repository", REPO_URL_SCHEMA.clone())
1925 .optional("output-format", OUTPUT_FORMAT.clone())
1926 ))
1927 .arg_param(vec!["snapshot"])
1928 .completion_cb("repository", complete_repository)
1929 .completion_cb("snapshot", complete_backup_snapshot);
1930
1931 let catalog_cmd_def = CliCommand::new(
1932 ApiMethod::new(
1933 dump_catalog,
1934 ObjectSchema::new("Dump catalog.")
1935 .required("snapshot", StringSchema::new("Snapshot path."))
1936 .optional("repository", REPO_URL_SCHEMA.clone())
1937 ))
1938 .arg_param(vec!["snapshot"])
1939 .completion_cb("repository", complete_repository)
1940 .completion_cb("snapshot", complete_backup_snapshot);
1941
1942 let prune_cmd_def = CliCommand::new(
1943 ApiMethod::new(
1944 prune,
1945 proxmox_backup::api2::admin::datastore::add_common_prune_prameters(
1946 ObjectSchema::new("Prune backup repository.")
1947 .required("group", StringSchema::new("Backup group."))
1948 .optional("repository", REPO_URL_SCHEMA.clone())
1949 )
1950 ))
1951 .arg_param(vec!["group"])
1952 .completion_cb("group", complete_backup_group)
1953 .completion_cb("repository", complete_repository);
1954
1955 let status_cmd_def = CliCommand::new(
1956 ApiMethod::new(
1957 status,
1958 ObjectSchema::new("Get repository status.")
1959 .optional("repository", REPO_URL_SCHEMA.clone())
1960 .optional("output-format", OUTPUT_FORMAT.clone())
1961 ))
1962 .completion_cb("repository", complete_repository);
1963
1964 let login_cmd_def = CliCommand::new(
1965 ApiMethod::new(
1966 api_login,
1967 ObjectSchema::new("Try to login. If successful, store ticket.")
1968 .optional("repository", REPO_URL_SCHEMA.clone())
1969 ))
1970 .completion_cb("repository", complete_repository);
1971
1972 let logout_cmd_def = CliCommand::new(
1973 ApiMethod::new(
1974 api_logout,
1975 ObjectSchema::new("Logout (delete stored ticket).")
1976 .optional("repository", REPO_URL_SCHEMA.clone())
1977 ))
1978 .completion_cb("repository", complete_repository);
1979
1980 let mount_cmd_def = CliCommand::new(
1981 ApiMethod::new(
1982 mount,
1983 ObjectSchema::new("Mount pxar archive.")
1984 .required("snapshot", StringSchema::new("Group/Snapshot path."))
1985 .required("archive-name", StringSchema::new("Backup archive name."))
1986 .required("target", StringSchema::new("Target directory path."))
1987 .optional("repository", REPO_URL_SCHEMA.clone())
1988 .optional("keyfile", StringSchema::new("Path to encryption key."))
1989 .optional("verbose", BooleanSchema::new("Verbose output.").default(false))
1990 ))
1991 .arg_param(vec!["snapshot", "archive-name", "target"])
1992 .completion_cb("repository", complete_repository)
1993 .completion_cb("snapshot", complete_group_or_snapshot)
1994 .completion_cb("archive-name", complete_archive_name)
1995 .completion_cb("target", tools::complete_file_name);
1996
1997 let cmd_def = CliCommandMap::new()
1998 .insert("backup".to_owned(), backup_cmd_def.into())
1999 .insert("upload-log".to_owned(), upload_log_cmd_def.into())
2000 .insert("forget".to_owned(), forget_cmd_def.into())
2001 .insert("catalog".to_owned(), catalog_cmd_def.into())
2002 .insert("garbage-collect".to_owned(), garbage_collect_cmd_def.into())
2003 .insert("list".to_owned(), list_cmd_def.into())
2004 .insert("login".to_owned(), login_cmd_def.into())
2005 .insert("logout".to_owned(), logout_cmd_def.into())
2006 .insert("prune".to_owned(), prune_cmd_def.into())
2007 .insert("restore".to_owned(), restore_cmd_def.into())
2008 .insert("snapshots".to_owned(), snapshots_cmd_def.into())
2009 .insert("files".to_owned(), files_cmd_def.into())
2010 .insert("status".to_owned(), status_cmd_def.into())
2011 .insert("key".to_owned(), key_mgmt_cli().into())
2012 .insert("mount".to_owned(), mount_cmd_def.into());
2013
2014 run_cli_command(cmd_def.into());
2015 }
2016
2017 fn async_main<F: Future>(fut: F) -> <F as Future>::Output {
2018 let rt = tokio::runtime::Runtime::new().unwrap();
2019 let ret = rt.block_on(fut);
2020 rt.shutdown_now();
2021 ret
2022 }
Proxmox Backup Server and Client