├── .github
    └── workflows
    │   └── main.yml
├── COPYING.txt
├── Makefile
├── docs
    ├── readme.adoc
    ├── readme.md
    ├── snebu-client-backup.1
    ├── snebu-client-backup_1.adoc
    ├── snebu-client-listbackups.1
    ├── snebu-client-listbackups_1.adoc
    ├── snebu-client-plugin.5
    ├── snebu-client-plugin_5.adoc
    ├── snebu-client-restore.1
    ├── snebu-client-restore_1.adoc
    ├── snebu-client-validate.1
    ├── snebu-client-validate_1.adoc
    ├── snebu-client.1
    ├── snebu-client.conf.5
    ├── snebu-client.conf_5.adoc
    ├── snebu-client_1.adoc
    ├── snebu-concepts.adoc
    ├── snebu-expire.1
    ├── snebu-expire_1.adoc
    ├── snebu-intro.adoc
    ├── snebu-listbackups.1
    ├── snebu-listbackups_1.adoc
    ├── snebu-newbackup.1
    ├── snebu-newbackup_1.adoc
    ├── snebu-permissions.1
    ├── snebu-permissions_1.adoc
    ├── snebu-purge.1
    ├── snebu-purge_1.adoc
    ├── snebu-quickstart.adoc
    ├── snebu-reference.adoc
    ├── snebu-restore.1
    ├── snebu-restore_1.adoc
    ├── snebu-submitfiles.1
    ├── snebu-submitfiles_1.adoc
    ├── snebu.1
    ├── snebu.adoc
    ├── snebu_1.adoc
    ├── tarcrypt.1
    └── tarcrypt_1.adoc
├── readme.md
├── snebu-client
├── snebu-client-db-plugin-template
├── snebu-expire-purge.c
├── snebu-listbackups.c
├── snebu-main.c
├── snebu-newbackup.c
├── snebu-permissions.c
├── snebu-restore.c
├── snebu-submitfiles.c
├── snebu.conf
├── snebu_update_db.sql
├── tarcrypt.c
├── tarcrypt.txt
├── tarlib.c
└── tarlib.h


/.github/workflows/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: Test Build
 3 | 
 4 | # Use string "on" as bare "on" converts to a truthy value, causing 
 5 | # Code Inspector validation to fail.
 6 | "on":
 7 |   - push
 8 |   - pull_request
 9 | 
10 | jobs:
11 |   build:
12 | 
13 |     runs-on: ubuntu-20.04
14 | 
15 |     steps:
16 | 
17 |       - uses: actions/checkout@v2
18 | 
19 |       - name: install dependencies
20 |         run: sudo apt-get install -y liblzo2-dev libsqlite3-dev libssl-dev
21 | 
22 |       - name: make
23 |         run: make
24 | 
25 |       - name: make install
26 |         run: sudo make install
27 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | CC=gcc
 2 | PKGNAME=snebu
 3 | PROGS=snebu tarcrypt
 4 | SCRIPTS=snebu-client
 5 | CONFIGS=snebu.conf
 6 | SOWNER=snebu
 7 | SGROUP=snebu
 8 | MAN1=snebu.1 snebu-client.1 snebu-client-backup.1 snebu-client-listbackups.1 snebu-client-restore.1 snebu-client-validate.1 snebu-expire.1 snebu-listbackups.1 snebu-newbackup.1 snebu-permissions.1 snebu-purge.1 snebu-restore.1 snebu-submitfiles.1 tarcrypt.1
 9 | MAN5=snebu-client.conf.5 snebu-client-plugin.5
10 | DOC=readme.md snebu*.adoc
11 | LICENSE=COPYING.txt
12 | PREFIX=/usr/local
13 | DATADIR=${PREFIX}/share
14 | BINDIR=$(PREFIX)/bin
15 | MANDIR=$(DATADIR)/man
16 | DOCDIR=$(DATADIR)/doc
17 | ETCDIR=/etc
18 | all: $(PROGS)
19 | %.o: %.c
20 | 	$(CC) -D_GNU_SOURCE -std=c99 -c $< -o $@ -Wall $(CFLAGS)
21 | tarlib.o: tarlib.h
22 | tarcrypt.o: tarlib.h
23 | snebu-submitfiles.o: tarlib.h
24 | snebu-restore.o: tarlib.h
25 | 
26 | snebu: snebu-main.o snebu-newbackup.o tarlib.o snebu-submitfiles.o snebu-restore.o snebu-listbackups.o snebu-expire-purge.o snebu-permissions.o
27 | 	$(CC) -D_GNU_SOURCE -std=c99 $^ -o $@ -l sqlite3 -l crypto -l lzo2 -Wall $(CFLAGS) $(LDFLAGS)
28 | tarcrypt: tarcrypt.o tarlib.o
29 | 	$(CC) -D_GNU_SOURCE -std=c99 $^ -o $@ -l crypto -l ssl -l lzo2 -Wall $(CFLAGS) $(LDFLAGS)
30 | install: $(PROGS) $(SCRIPTS) $(CONFIGS)
31 | 	mkdir -p $(DESTDIR)$(BINDIR)
32 | 	mkdir -p $(DESTDIR)$(ETCDIR)
33 | 	mkdir -p $(DESTDIR)$(MANDIR)/man1
34 | 	mkdir -p $(DESTDIR)$(MANDIR)/man5
35 | 	mkdir -p $(DESTDIR)$(DOCDIR)/$(PKGNAME)
36 | 	install -p -m 755 $(PROGS) $(SCRIPTS) $(DESTDIR)$(BINDIR)/
37 | 	install -p -m 644  $(CONFIGS) $(DESTDIR)$(ETCDIR)/
38 | 	install -p -m 644 $(addprefix docs/,$(MAN1)) $(DESTDIR)$(MANDIR)/man1
39 | 	install -p -m 644 $(addprefix docs/,$(MAN5)) $(DESTDIR)$(MANDIR)/man5
40 | 	install -p -m 644 $(addprefix docs/,$(DOC)) $(DESTDIR)$(DOCDIR)/$(PKGNAME)
41 | 
42 | clean:
43 | 	rm -f $(PROGS) snebu-main.o snebu-newbackup.o tarlib.o snebu-submitfiles.o snebu-restore.o snebu-listbackups.o snebu-expire-purge.o snebu-permissions.o tarcrypt.o
44 | 
45 | 


--------------------------------------------------------------------------------
/docs/snebu-client-backup.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-CLIENT-BACKUP "1" "December 2020" "snebu-client-backup" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu-client backup \- Initiates a backup
 5 | .SH SYNOPSIS
 6 | .B snebu-client
 7 | \fBbackup \/\fR
 8 | [ \fB-n\fR \fIbackupname\fR ]
 9 | [ \fB-d\fR \fIdatestamp\fR ]
10 | [ \fB-r\fR \fIschedule\fR ]
11 | [ \fIfile\-list\fR ]
12 | .SH DESCRIPTION
13 | Initiates a system backup.
14 | By default, it will back up the local host to a local snebu install.
15 | You can also use this command to back up to a remote backup server,
16 | back up a remote host to either a local snebu installation,
17 | or back up a remote host to another remote backup server,
18 | depending on which options are chosen.
19 | .SH OPTIONS
20 | .TP
21 | \fB\-c\fR, \fB\-\-config\fR \fIconfig_file\fR
22 | Name of the configuration file.  Default is
23 | \fI/etc/snebu\-client.conf\/\fP.
24 | .TP
25 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
26 | Name of the backup.  Usually set to the server
27 | name that you are backing up.
28 | .TP
29 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
30 | Date stamp for this backup set.  The format is in
31 | time_t format, sames as the output of the "date\~+%s" command.
32 | .TP
33 | \fB\-r\fR, \fB\-\-retention\fR \fIschedule\fR
34 | Retention schedule for this backup set.  Typical
35 | values are "daily", "weekly", "monthly", "yearly".
36 | .TP
37 | \fB\-k\fR, \fB\-\-encryption\-key\fR \fIkeyfile\fR
38 | Turns on encryption, and specifies encryption
39 | key location.  May be specified more than once to
40 | encrypt with multiple keys.
41 | .IP
42 | The program "tarcrypt" needs to be present on the
43 | client for this option.  Keys are generated with
44 | the command:
45 | .IP
46 | \fBtarcrypt genkey \-f\fR \fIkeyfile\fR [ \fB-c\fR \fIcomment\fR ]
47 | .TP
48 | \fB\-C\fR, \fB\-\-changedir\fR \fIpath\fR
49 | Changes to the given directory path before backing up.
50 | .TP
51 | \fB\-\-graft\fR \fI/path/name/\fR\fB=\fR\fI/new/name/\fR
52 | Re\-write path names beginning with "\fI/path/name/\fR"
53 | to "\fI/new/name/\fR"
54 | .TP
55 | \fB\-f\fR, \fB\-\-force\-full\fR
56 | Force a full backup
57 | .TP
58 | \fB\-\-remote\-client\fR \fIhostname\fR
59 | Host name / IP address of remote host.  Used to
60 | backup a remote host to local backup server.
61 | .TP
62 | \fB\-\-remote\-user\fR \fIuserid\fR
63 | User ID for remote remote\-client.  Defaults to
64 | root.
65 | .TP
66 | \fB\-\-sudo\fR \fIuserid\fR
67 | Initial login User ID for remote remote\-client.
68 | This ID uses sudo to switch to remote\-user once
69 | logged in.
70 | .TP
71 | \fB\-\-backup\-server\fR \fIhostname\fR
72 | Host name / IP address of backup server.  Used to
73 | backup to a remote server.
74 | .TP
75 | \fB\-\-backup\-user\fR \fIuserid\fR
76 | User ID for remote backup\-server.
77 | .TP
78 | \fB\-\-plugin\fR \fIscriptname\fR
79 | Specifies an optional plug in script.  Usually
80 | used to perform database\-specific operations
81 | (such as enabling hot backup mode) for systems
82 | with a DB installed.
83 | .TP
84 | [ \fIfile\-list\fR ]
85 | List of files to backup.
86 | Overrides default specified in snebu-client.conf file.
87 | .SH "SEE ALSO"
88 | \fBtarcrypt\fR(1)
89 | 


--------------------------------------------------------------------------------
/docs/snebu-client-backup_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-client-backup(1) - Initiates a backup
 2 | 
 3 | 
 4 | ----
 5 | snebu-client backup  [ -n backupname ] [ -d datestamp ] [ -r schedule ] [ file-list ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | Initiates a system backup.
11 | By default, it will back up the local host to a local snebu install.
12 | You can also use this command to back up to a remote backup server,
13 | back up a remote host to either a local snebu installation,
14 | or back up a remote host to another remote backup server,
15 | depending on which options are chosen.
16 | 
17 | ==== Options
18 | 
19 | 
20 | *-c*, *--config* _config_file_::
21 | Name of the configuration file.  Default is
22 | _/etc/snebu-client.conf_.
23 | 
24 | *-n*, *--name* _backupname_::
25 | Name of the backup.  Usually set to the server
26 | name that you are backing up.
27 | 
28 | *-d*, *--date* _datestamp_::
29 | Date stamp for this backup set.  The format is in
30 | time_t format, sames as the output of the "date&nbsp;+%s" command.
31 | 
32 | *-r*, *--retention* _schedule_::
33 | Retention schedule for this backup set.  Typical
34 | values are "daily", "weekly", "monthly", "yearly".
35 | 
36 | *-k*, *--encryption-key* _keyfile_::
37 | Turns on encryption, and specifies encryption
38 | key location.  May be specified more than once to
39 | encrypt with multiple keys.
40 | * The program "tarcrypt" needs to be present on the
41 | client for this option.  Keys are generated with
42 | the command:
43 | * *tarcrypt genkey -f* _keyfile_ [ *-c* _comment_ ]
44 | 
45 | *-C*, *--changedir* _path_::
46 | Changes to the given directory path before backing up.
47 | 
48 | *--graft* _/path/name/_*=*_/new/name/_::
49 | Re-write path names beginning with "_/path/name/_"
50 | to "_/new/name/_"
51 | 
52 | *-f*, *--force-full*::
53 | Force a full backup
54 | 
55 | *--remote-client* _hostname_::
56 | Host name / IP address of remote host.  Used to
57 | backup a remote host to local backup server.
58 | 
59 | *--remote-user* _userid_::
60 | User ID for remote remote-client.  Defaults to
61 | root.
62 | 
63 | *--sudo* _userid_::
64 | Initial login User ID for remote remote-client.
65 | This ID uses sudo to switch to remote-user once
66 | logged in.
67 | 
68 | *--backup-server* _hostname_::
69 | Host name / IP address of backup server.  Used to
70 | backup to a remote server.
71 | 
72 | *--backup-user* _userid_::
73 | User ID for remote backup-server.
74 | 
75 | *--plugin* _scriptname_::
76 | Specifies an optional plug in script.  Usually
77 | used to perform database-specific operations
78 | (such as enabling hot backup mode) for systems
79 | with a DB installed.
80 | 
81 | [ _file-list_ ]::
82 | List of files to backup.
83 | Overrides default specified in snebu-client.conf file.
84 | 
85 | ==== See Also
86 | 
87 | *tarcrypt*(1)
88 | 


--------------------------------------------------------------------------------
/docs/snebu-client-listbackups.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-CLIENT-LISTBACKUPS "1" "December 2020" "snebu-client-listbackups" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu-client listbackups \- Lists backed up systems, backup sets, and file names
 5 | .SH SYNOPSIS
 6 | .B snebu-client
 7 | \fBlistbackups\fR
 8 | [ \fB-n\fR \fIhostname\fR [ \fB-d\fR \fIdatestamp\fR ]]
 9 | [ \fIfile_list\fR... ]
10 | .SH DESCRIPTION
11 | With no arguments specified, "listbackups" will return a list of all
12 | systems that are contained in the backup catalog.  Otherwise, when
13 | specifying the \fB\-n\fR parameter, a list of backup sets for that host is
14 | returned.
15 | .SH OPTIONS
16 | .TP
17 | \fB\-c\fR, \fB\-\-config\fR \fIconfig_file\fR
18 | Name of the configuration file.
19 | Default is \fI/etc/snebu\-client.conf\/\fP.
20 | .TP
21 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
22 | Name of the backup.
23 | Usually set to the server name that you are backing up.
24 | .TP
25 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
26 | Date stamp for this backup set.
27 | The format is in \fItime_t\fR format,
28 | sames as the output of the "date\~+%s" command.
29 | .TP
30 | [ \fIfile\-list\fR ]
31 | List of files to restore.  Defaults to all.
32 | 


--------------------------------------------------------------------------------
/docs/snebu-client-listbackups_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-client-listbackups(1) - Lists backed up systems, backup sets, and file names
 2 | 
 3 | 
 4 | ----
 5 | snebu-client listbackups [ -n hostname [ -d datestamp ]] [ file_list... ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | With no arguments specified, "listbackups" will return a list of all
11 | systems that are contained in the backup catalog.  Otherwise, when
12 | specifying the *-n* parameter, a list of backup sets for that host is
13 | returned.
14 | 
15 | ==== Options
16 | 
17 | 
18 | *-c*, *--config* _config_file_::
19 | Name of the configuration file.
20 | Default is _/etc/snebu-client.conf_.
21 | 
22 | *-n*, *--name* _backupname_::
23 | Name of the backup.
24 | Usually set to the server name that you are backing up.
25 | 
26 | *-d*, *--date* _datestamp_::
27 | Date stamp for this backup set.
28 | The format is in _time_t_ format,
29 | sames as the output of the "date&nbsp;+%s" command.
30 | 
31 | [ _file-list_ ]::
32 | List of files to restore.  Defaults to all.
33 | 


--------------------------------------------------------------------------------
/docs/snebu-client-plugin.5:
--------------------------------------------------------------------------------
  1 | .TH SNEBU-CLIENT-PLUGIN "5" "December 2020" "snebu-client-plugin" "File Formats"
  2 | .na
  3 | .SH NAME
  4 | snebu-client plugins - Defines pre-backup and post-backup scripts to run on a client.
  5 | .SH DESCRIPTION
  6 | Specifying the \fB--plugin\fR argument when executing a snebu-client backup operation will cause the specified plugin script to be incorporated into the backup process.  The plugin script defines at least two shell script functions -- \fBpluginpref()\fR, which executes prior to the backup, and \fBpluginpostf()\fR which executes after the backup has completed.  Two associated variables, \fBpluginpre\fR and \fBpluginpost\fR, contain the names of these two functions (so the functions themselves can be named anything, as long as the variables point to them).
  7 | 
  8 | This allows performing operations such as mounting a file system snapshot prior to a backup and removing the snapshot afterwards, or placing a database in hot backup mode at the beginning of the backup.  In the case of backing up a database, often times the backup will need to be completed in multiple stages -- place the DB in hot backup mode, gather a list of database files, back them up, take the DB out of hot backup mode, gather a list of files containing transaction logs that were created during the backup, and finally backing up those files.
  9 | 
 10 | To facilitate these type of backup steps, the \fBpluginpre\fR function can save the contents of the file include/exclude variables \fBINCLUDE\fR, \fBEXCLUDE\fR, and \fBEXCLUDEMATCH\fR.  Then set the variable \fBbkrepeat=1\fR, along with setting any other housekeeping variables used inside the plugin script.  Once it has completed the last stage, it can then restore the include/exclude variables, let the rest of the backup process continue, and then set \fBbkrepeat=0\fR to finish off the backup.
 11 | 
 12 | Note that the plugin runs on the same host that is running the snebu-client script.  So if you are doing \fIpush\fR backups from a client to a server, it will function as expected.  But if you are doing \fIpull\fR based backups (running snebu-client from the backup server), then be sure to have the pre and post functions perform their actions on the target server (referencing the \fBclientname\fR and \fIrmtuser\fR variables as appropriate).  Feel free to use the \fBrpcsh()\fR function defined in snebu-client (see function definition for brief description and usage).
 13 | .SS Functions and Variables
 14 | .TP
 15 | \fBpluginpref()\fR
 16 | Shell script code containing pre-backup procedures.
 17 | .PP
 18 | .TP
 19 | \fBpluginpostf()\fR
 20 | Shell script code containing post-backup procedures.
 21 | .PP
 22 | .TP
 23 | \fBpluginpre\fR
 24 | Variable containing name of pluginpre function
 25 | .PP
 26 | .TP
 27 | \fBpluginpost\fR
 28 | Variable containing name of pluginpost function
 29 | .PP
 30 | .PP
 31 | .TP
 32 | \fBbkrepeat\fR
 33 | Set bkrepeat=1 to repeat the backup with modifications to the include/exclude list.  Every time the backup repeats, the backup set is amended with the new file set.
 34 | .PP
 35 | .TP
 36 | \fBINCLUDE\fR
 37 | Shell array containing file include list (see \fBsnebu-client.conf(5)\fR)
 38 | .PP
 39 | .TP
 40 | \fBEXCLUDE\fR
 41 | Shell array containing file exclude list (see \fBsnebu-client.conf(5)\fR)
 42 | .PP
 43 | .TP
 44 | \fBEXCLUDEMATCH\fR
 45 | Shell array containing file exclude file pattern list (see \fBsnebu-client.conf(5)\fR)
 46 | 
 47 | .SH EXAMPLES
 48 | The following is a template that can be used when backing up a server containing a database.  In this case, the include/exclude list initially includes files to back up the entire server.  So this script does a hot backup of the database first, then adds to the exclude list the dbf files that were backed up initially, and then backs up the rest of the system.
 49 | 
 50 | The Since these functions get called at various times from the snebu-client script, the order of the various code fragments can become a bit confusing.  Pay attention to the "(Step x)" labels for the actual execution order in each fragment.
 51 | 
 52 | .nf
 53 | ### Snebu backup plugin template for databases
 54 | [ -z "${verbose}" ] && verbose=0
 55 | [ "${verbose}" -gt 0 ] && echo "Executing client plugin template" >&2
 56 | 
 57 | pluginpre=pluginpref
 58 | pluginpost=pluginpostf
 59 | # Initialize an internal housekeeping variable
 60 | # (Step 0)
 61 | dbstage=0
 62 | 
 63 | # Define the pre-backup script
 64 | pluginpref() {
 65 |     [ "${verbose}" -gt 0 ] &&
 66 | 	echo "Executing client plugin pre script" >&2
 67 |     # Stage 0 => haven't backed up the DB yet
 68 |     if [ "${dbstage}" = 0 ]
 69 |     then
 70 | 	# (Step 1)
 71 | 	# Save the current include/exclude list
 72 | 	OLD_INCLUDE=( "${INCLUDE[@]}" )
 73 | 	OLD_EXCLUDE=( "${EXCLUDE[@]}" )
 74 | 	OLD_EXCLUDEMATCH=( "${EXCLUDEMATCH[@]}" )
 75 | 
 76 | 	# Zero out exclude list
 77 | 	EXCLUDE=( )
 78 | 	EXCLUDEMATCH=( )
 79 | 
 80 | 	# Set the include list to include database files
 81 | 	DBF_FILES=( "$(
 82 | 	    # Function to list database filenames to standard output
 83 | 	    print_dbf_filenames
 84 | 	)" )
 85 | 	INCLUDE=( "${DBF_FILES[@]}" )
 86 | 
 87 | 	# Place DB in hot backup mode
 88 | 	begin_db_backup
 89 | 
 90 | 	# After this, snebu-client-backup takes over and backs up
 91 | 	# the above set include list.  Then control jumps to
 92 | 	# pluginpost() with dbstage still set to 0
 93 |     elif [ "${dbstage}" = 1 ]
 94 |     then
 95 | 	# (Step 3)
 96 | 	DBF_LOG_FILES=( "$(
 97 | 	    # Function to list archived transaction logs
 98 | 	    print_dbf_log_filenames
 99 | 	)" )
100 | 	INCLUDE=( "${DBF_LOG_FILES[@]}" )
101 | 
102 | 	# Back to the backup with the new include list, then
103 | 	# off to pluginpost again with dbstage set to 1
104 |     fi
105 | }
106 | 
107 | pluginpostf() {
108 |     [ "${verbose}" -gt 0 ] && echo "client plugin post" >&2
109 |     if [ "${dbstage}" = 0 ]
110 |     then
111 | 	# (Step 2)
112 | 	# Take DB out of hot backup mode
113 | 	end_db_backup
114 | 	
115 | 	# Define the next stage, and repeat the backup
116 | 	dbstage=1
117 | 	bkrepeat=1
118 | 
119 | 	# Now control jumps back to pluginpre() with dbstage=1
120 |     elif [ "${dbstage}" = 1 ]
121 |     then
122 | 	# (Step 4)
123 | 	# Restore the original include/exclude list, with the
124 | 	# database files added to the exclude list.
125 | 	INCLUDE=( "${OLD_INCLUDE[@]}" )
126 | 	EXCLUDE=( "${OLD_EXCLUDE[@]}" "${DBF_FILES[@]}" \\
127 | 	    "${DBF_LOG_FILES[@]}" )
128 | 	EXCLUDEMATCH=( "${OLD_EXCLUDEMATCH[@]}" )
129 | 
130 | 	# Define the next stage, and repeat the backup
131 | 	dbstage=2
132 | 	bkrepeat=1
133 | 
134 | 	# Control jumps back to pluginpre(), however no more pre-
135 | 	# processing is needed for stage 2, so the backup begins
136 | 	# again with the original client include/exclude (plus the
137 | 	# above database files added to the exclude).
138 |     elif [ "${dbstage}" = 2 ]
139 |     then
140 | 	# (Step 5)
141 | 	# Break the cycle, backup is completed for this host.
142 | 	bkrepeat=0
143 |     fi
144 | }
145 | 
146 | # Also, don't forget to fill in the functions referenced above:
147 | 
148 | begin_db_backup() {
149 |     [ "${verbose}" -gt 0 ] && echo "Begin DB backup" >&2
150 |     ### Steps to place DB in hot backup mode
151 |     ### Make sure to execute these on the target host being backed
152 |     ### up if running from the backup server (in pull mode)
153 | }
154 | 
155 | end_db_backup() {
156 |     [ "${verbose}" -gt 0 ] && echo "End DB backup" >&2
157 |     ### Steps to DB out of hot backup mode
158 |     ### Make sure to execute these on the target host being backed
159 |     ### up if running from the backup server (in pull mode)
160 | }
161 | 
162 | print_dbf_filenames() {
163 |     [ "${verbose}" -gt 0 ] &&  echo "Generating DBF filenames" >&2
164 |     ### Output list of dbf file names
165 |     ### Make sure to execute these on the target host being backed
166 |     ### up if running from the backup server (in pull mode)
167 | }
168 | 
169 | print_dbf_log_filenames() {
170 |     [ "${verbose}" -gt 0 ] &&  echo "Generating DBF log filenames" >&2
171 |     ### Output list of archived transaction log file names
172 |     ### Make sure to execute these on the target host being backed
173 |     ### up if running from the backup server (in pull mode)
174 | }
175 | 
176 | .fi
177 | .PP
178 | 


--------------------------------------------------------------------------------
/docs/snebu-client-plugin_5.adoc:
--------------------------------------------------------------------------------
  1 | === snebu-client-plugin(5) - Defines pre-backup and post-backup scripts to run on a client.
  2 | 
  3 | 
  4 | ==== Description
  5 | 
  6 | Specifying the *--plugin* argument when executing a snebu-client backup operation will cause the specified plugin script to be incorporated into the backup process.  The plugin script defines at least two shell script functions -- *pluginpref()*, which executes prior to the backup, and *pluginpostf()* which executes after the backup has completed.  Two associated variables, *pluginpre* and *pluginpost*, contain the names of these two functions (so the functions themselves can be named anything, as long as the variables point to them).
  7 | 
  8 | This allows performing operations such as mounting a file system snapshot prior to a backup and removing the snapshot afterwards, or placing a database in hot backup mode at the beginning of the backup.  In the case of backing up a database, often times the backup will need to be completed in multiple stages -- place the DB in hot backup mode, gather a list of database files, back them up, take the DB out of hot backup mode, gather a list of files containing transaction logs that were created during the backup, and finally backing up those files.
  9 | 
 10 | To facilitate these type of backup steps, the *pluginpre* function can save the contents of the file include/exclude variables *INCLUDE*, *EXCLUDE*, and *EXCLUDEMATCH*.  Then set the variable *bkrepeat=1*, along with setting any other housekeeping variables used inside the plugin script.  Once it has completed the last stage, it can then restore the include/exclude variables, let the rest of the backup process continue, and then set *bkrepeat=0* to finish off the backup.
 11 | 
 12 | Note that the plugin runs on the same host that is running the snebu-client script.  So if you are doing _push_ backups from a client to a server, it will function as expected.  But if you are doing _pull_ based backups (running snebu-client from the backup server), then be sure to have the pre and post functions perform their actions on the target server (referencing the *clientname* and _rmtuser_ variables as appropriate).  Feel free to use the *rpcsh()* function defined in snebu-client (see function definition for brief description and usage).
 13 | 
 14 | [discrete]
 15 | ==== Functions and Variables
 16 | 
 17 | 
 18 | *pluginpref()*::
 19 | Shell script code containing pre-backup procedures.
 20 | 
 21 | *pluginpostf()*::
 22 | Shell script code containing post-backup procedures.
 23 | 
 24 | *pluginpre*::
 25 | Variable containing name of pluginpre function
 26 | 
 27 | *pluginpost*::
 28 | Variable containing name of pluginpost function
 29 | 
 30 | *bkrepeat*::
 31 | Set bkrepeat=1 to repeat the backup with modifications to the include/exclude list.  Every time the backup repeats, the backup set is amended with the new file set.
 32 | 
 33 | *INCLUDE*::
 34 | Shell array containing file include list (see *snebu-client.conf(5)*)
 35 | 
 36 | *EXCLUDE*::
 37 | Shell array containing file exclude list (see *snebu-client.conf(5)*)
 38 | 
 39 | *EXCLUDEMATCH*::
 40 | Shell array containing file exclude file pattern list (see *snebu-client.conf(5)*)
 41 | 
 42 | ==== Examples
 43 | 
 44 | The following is a template that can be used when backing up a server containing a database.  In this case, the include/exclude list initially includes files to back up the entire server.  So this script does a hot backup of the database first, then adds to the exclude list the dbf files that were backed up initially, and then backs up the rest of the system.
 45 | 
 46 | The Since these functions get called at various times from the snebu-client script, the order of the various code fragments can become a bit confusing.  Pay attention to the "(Step x)" labels for the actual execution order in each fragment.
 47 | 
 48 | ....
 49 | ### Snebu backup plugin template for databases
 50 | [ -z "${verbose}" ] && verbose=0
 51 | [ "${verbose}" -gt 0 ] && echo "Executing client plugin template" >&2
 52 | 
 53 | pluginpre=pluginpref
 54 | pluginpost=pluginpostf
 55 | # Initialize an internal housekeeping variable
 56 | # (Step 0)
 57 | dbstage=0
 58 | 
 59 | # Define the pre-backup script
 60 | pluginpref() {
 61 |     [ "${verbose}" -gt 0 ] &&
 62 | 	echo "Executing client plugin pre script" >&2
 63 |     # Stage 0 => haven't backed up the DB yet
 64 |     if [ "${dbstage}" = 0 ]
 65 |     then
 66 | 	# (Step 1)
 67 | 	# Save the current include/exclude list
 68 | 	OLD_INCLUDE=( "${INCLUDE[@]}" )
 69 | 	OLD_EXCLUDE=( "${EXCLUDE[@]}" )
 70 | 	OLD_EXCLUDEMATCH=( "${EXCLUDEMATCH[@]}" )
 71 | 
 72 | 	# Zero out exclude list
 73 | 	EXCLUDE=( )
 74 | 	EXCLUDEMATCH=( )
 75 | 
 76 | 	# Set the include list to include database files
 77 | 	DBF_FILES=( "$(
 78 | 	    # Function to list database filenames to standard output
 79 | 	    print_dbf_filenames
 80 | 	)" )
 81 | 	INCLUDE=( "${DBF_FILES[@]}" )
 82 | 
 83 | 	# Place DB in hot backup mode
 84 | 	begin_db_backup
 85 | 
 86 | 	# After this, snebu-client-backup takes over and backs up
 87 | 	# the above set include list.  Then control jumps to
 88 | 	# pluginpost() with dbstage still set to 0
 89 |     elif [ "${dbstage}" = 1 ]
 90 |     then
 91 | 	# (Step 3)
 92 | 	DBF_LOG_FILES=( "$(
 93 | 	    # Function to list archived transaction logs
 94 | 	    print_dbf_log_filenames
 95 | 	)" )
 96 | 	INCLUDE=( "${DBF_LOG_FILES[@]}" )
 97 | 
 98 | 	# Back to the backup with the new include list, then
 99 | 	# off to pluginpost again with dbstage set to 1
100 |     fi
101 | }
102 | 
103 | pluginpostf() {
104 |     [ "${verbose}" -gt 0 ] && echo "client plugin post" >&2
105 |     if [ "${dbstage}" = 0 ]
106 |     then
107 | 	# (Step 2)
108 | 	# Take DB out of hot backup mode
109 | 	end_db_backup
110 | 	
111 | 	# Define the next stage, and repeat the backup
112 | 	dbstage=1
113 | 	bkrepeat=1
114 | 
115 | 	# Now control jumps back to pluginpre() with dbstage=1
116 |     elif [ "${dbstage}" = 1 ]
117 |     then
118 | 	# (Step 4)
119 | 	# Restore the original include/exclude list, with the
120 | 	# database files added to the exclude list.
121 | 	INCLUDE=( "${OLD_INCLUDE[@]}" )
122 | 	EXCLUDE=( "${OLD_EXCLUDE[@]}" "${DBF_FILES[@]}" \
123 | 	    "${DBF_LOG_FILES[@]}" )
124 | 	EXCLUDEMATCH=( "${OLD_EXCLUDEMATCH[@]}" )
125 | 
126 | 	# Define the next stage, and repeat the backup
127 | 	dbstage=2
128 | 	bkrepeat=1
129 | 
130 | 	# Control jumps back to pluginpre(), however no more pre-
131 | 	# processing is needed for stage 2, so the backup begins
132 | 	# again with the original client include/exclude (plus the
133 | 	# above database files added to the exclude).
134 |     elif [ "${dbstage}" = 2 ]
135 |     then
136 | 	# (Step 5)
137 | 	# Break the cycle, backup is completed for this host.
138 | 	bkrepeat=0
139 |     fi
140 | }
141 | 
142 | # Also, don't forget to fill in the functions referenced above:
143 | 
144 | begin_db_backup() {
145 |     [ "${verbose}" -gt 0 ] && echo "Begin DB backup" >&2
146 |     ### Steps to place DB in hot backup mode
147 |     ### Make sure to execute these on the target host being backed
148 |     ### up if running from the backup server (in pull mode)
149 | }
150 | 
151 | end_db_backup() {
152 |     [ "${verbose}" -gt 0 ] && echo "End DB backup" >&2
153 |     ### Steps to DB out of hot backup mode
154 |     ### Make sure to execute these on the target host being backed
155 |     ### up if running from the backup server (in pull mode)
156 | }
157 | 
158 | print_dbf_filenames() {
159 |     [ "${verbose}" -gt 0 ] &&  echo "Generating DBF filenames" >&2
160 |     ### Output list of dbf file names
161 |     ### Make sure to execute these on the target host being backed
162 |     ### up if running from the backup server (in pull mode)
163 | }
164 | 
165 | print_dbf_log_filenames() {
166 |     [ "${verbose}" -gt 0 ] &&  echo "Generating DBF log filenames" >&2
167 |     ### Output list of archived transaction log file names
168 |     ### Make sure to execute these on the target host being backed
169 |     ### up if running from the backup server (in pull mode)
170 | }
171 | ....
172 | 


--------------------------------------------------------------------------------
/docs/snebu-client-restore.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-CLIENT-RESTORE "1" "December 2020" "snebu-client-restore" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu-client restore \- Restores a backup
 5 | .SH SYNOPSIS
 6 | .B snebu-client
 7 | \fBrestore\fR
 8 | [ \fB-n\fR \fIbackupname\fR ]
 9 | [ \fB-d\fR \fIdatestamp\fR ]
10 | [ \fIfile-list\fR ]
11 | .SH DESCRIPTION
12 | Restores a given backup session identified by "\-n" and "\-d"
13 | parameters.  Use the "listbackups" subcommand to get a list of
14 | available backup sessions.
15 | .SH OPTIONS
16 | .TP
17 | \fB\-c\fR, \fB\-\-config\fR \fIconfig_file\fR
18 | Name of the configuration file.  Default is
19 | \fI/etc/snebu\-client.conf\/\fP.
20 | .TP
21 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
22 | Name of the backup.  Usually set to the server
23 | name that you are backing up.
24 | .TP
25 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
26 | Date stamp for this backup set.  The format is in
27 | time_t format, sames as the output of the "date
28 | +%s" command.
29 | .TP
30 | \fB\-\-decrypt\fR
31 | Turns on decryption.  Requires "tarcrypt" to be
32 | on the client.  Password(s) will be prompted for
33 | during restore.
34 | .IP
35 | By default, tarcrypt will be called if available
36 | which acts in pass through mode when processing
37 | unencrypted data.
38 | .TP
39 | \fB\-\-nodecrypt\fR
40 | Turns off decryption.  Will cause unexpected
41 | results if backup contains any encrypted files.
42 | .TP
43 | \fB\-C\fR, \fB\-\-changedir\fR \fIpath\fR
44 | Changes to the given directory path before restoring.
45 | .TP
46 | \fB\-\-graft\fR \fI/path/name/\fR\fB=\fR\fI/new/name/\fR
47 | Re\-write path names beginning with "\fI/path/name/\fR"
48 | to "\fI/new/name/\fR"
49 | .TP
50 | \fB\-\-remote\-client\fR \fIhostname\fR
51 | Host name / IP address of remote host.  Used to
52 | backup a remote host to local backup server.
53 | .TP
54 | \fB\-\-remote\-user\fR \fIuserid\fR
55 | User ID for remote remote\-client.
56 | Defaults to root.
57 | .TP
58 | \fB\-\-sudo\fR \fIuserid\fR
59 | Initial login User ID for remote remote\-client.
60 | This ID uses sudo to switch to remote\-user once
61 | logged in.
62 | .TP
63 | \fB\-\-backup\-server\fR \fIhostname\fR
64 | Host name / IP address of backup server.  Used to
65 | backup to a remote server.
66 | .TP
67 | \fB\-\-backup\-user\fR \fIuserid\fR
68 | User ID for remote backup\-server.
69 | .TP
70 | [ \fIfile\-list\fR ]
71 | List of files to restore.  Defaults to all.
72 | .SH "SEE ALSO"
73 | \fBtarcrypt\fR(1)
74 | .PP
75 | 


--------------------------------------------------------------------------------
/docs/snebu-client-restore_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-client-restore(1) - Restores a backup
 2 | 
 3 | 
 4 | ----
 5 | snebu-client restore [ -n backupname ] [ -d datestamp ] [ file-list ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | Restores a given backup session identified by "-n" and "-d"
11 | parameters.  Use the "listbackups" subcommand to get a list of
12 | available backup sessions.
13 | 
14 | ==== Options
15 | 
16 | 
17 | *-c*, *--config* _config_file_::
18 | Name of the configuration file.  Default is
19 | _/etc/snebu-client.conf_.
20 | 
21 | *-n*, *--name* _backupname_::
22 | Name of the backup.  Usually set to the server
23 | name that you are backing up.
24 | 
25 | *-d*, *--date* _datestamp_::
26 | Date stamp for this backup set.  The format is in
27 | time_t format, sames as the output of the "date
28 | +%s" command.
29 | 
30 | *--decrypt*::
31 | Turns on decryption.  Requires "tarcrypt" to be
32 | on the client.  Password(s) will be prompted for
33 | during restore.
34 | * By default, tarcrypt will be called if available
35 | which acts in pass through mode when processing
36 | unencrypted data.
37 | 
38 | *--nodecrypt*::
39 | Turns off decryption.  Will cause unexpected
40 | results if backup contains any encrypted files.
41 | 
42 | *-C*, *--changedir* _path_::
43 | Changes to the given directory path before restoring.
44 | 
45 | *--graft* _/path/name/_*=*_/new/name/_::
46 | Re-write path names beginning with "_/path/name/_"
47 | to "_/new/name/_"
48 | 
49 | *--remote-client* _hostname_::
50 | Host name / IP address of remote host.  Used to
51 | backup a remote host to local backup server.
52 | 
53 | *--remote-user* _userid_::
54 | User ID for remote remote-client.
55 | Defaults to root.
56 | 
57 | *--sudo* _userid_::
58 | Initial login User ID for remote remote-client.
59 | This ID uses sudo to switch to remote-user once
60 | logged in.
61 | 
62 | *--backup-server* _hostname_::
63 | Host name / IP address of backup server.  Used to
64 | backup to a remote server.
65 | 
66 | *--backup-user* _userid_::
67 | User ID for remote backup-server.
68 | 
69 | [ _file-list_ ]::
70 | List of files to restore.  Defaults to all.
71 | 
72 | ==== See Also
73 | 
74 | *tarcrypt*(1)
75 | 


--------------------------------------------------------------------------------
/docs/snebu-client-validate.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-CLIENT-VALIDATE "1" "December 2020" "snebu-client-validate" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu-client validate \- Compares a backup to file system contents
 5 | .SH SYNOPSIS
 6 | .B snebu-client
 7 | \fBvalidate\fR
 8 | \fB-n\fR \fIbackupname\fR
 9 | \fB-d\fR \fIdatestamp\fR
10 | [ \fIfile-list\fR ]
11 | .SH DESCRIPTION
12 | Compares the contents a given backup session identified by "\-n" and "\-d"
13 | parameters, to what is on the client.  Use the "listbackups" subcommand to
14 | get a list of available
15 | backup sessions.
16 | .SH OPTIONS
17 | .TP
18 | \fB\-c\fR, \fB\-\-config\fR \fIconfig_file\fR
19 | Name of the configuration file.  Default is
20 | \fI/etc/snebu\-client.conf\/\fP.
21 | .TP
22 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
23 | Name of the backup.  Usually set to the server
24 | name that you are backing up.
25 | .TP
26 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
27 | Date stamp for this backup set.  The format is in
28 | time_t format, sames as the output of the "date
29 | +%s" command.
30 | .TP
31 | \fB\-\-decrypt\fR
32 | Turns on decryption.  Requires "tarcrypt" to be
33 | on the client.  Password(s) will be prompted for
34 | during restore.
35 | .TP
36 | \fB\-C\fR, \fB\-\-changedir\fR \fIpath\fR
37 | Changes to the given directory path before validating
38 | .TP
39 | \fB\-\-remote\-client\fR \fIhostname\fR
40 | Host name / IP address of remote host.  Used to
41 | backup a remote host to local backup server.
42 | .TP
43 | \fB\-\-remote\-user\fR \fIuserid\fR
44 | User ID for remote remote\-client.  Defaults to
45 | root.
46 | .TP
47 | \fB\-\-sudo\fR \fIuserid\fR
48 | Initial login User ID for remote remote\-client.
49 | This ID uses sudo to switch to remote\-user once
50 | logged in.
51 | .TP
52 | \fB\-\-backup\-server\fR \fIhostname\fR
53 | Host name / IP address of backup server.  Used to
54 | backup to a remote server.
55 | .TP
56 | \fB\-\-backup\-user\fR \fIuserid\fR
57 | User ID for remote backup\-server.
58 | .TP
59 | [ \fIfile\-list\fR ]
60 | List of files to validate.  Defaults to all.
61 | .SH "SEE ALSO"
62 | \fBtarcrypt\fR(1)
63 | .PP 
64 | 


--------------------------------------------------------------------------------
/docs/snebu-client-validate_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-client-validate(1) - Compares a backup to file system contents
 2 | 
 3 | 
 4 | ----
 5 | snebu-client validate -n backupname -d datestamp [ file-list ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | Compares the contents a given backup session identified by "-n" and "-d"
11 | parameters, to what is on the client.  Use the "listbackups" subcommand to
12 | get a list of available
13 | backup sessions.
14 | 
15 | ==== Options
16 | 
17 | 
18 | *-c*, *--config* _config_file_::
19 | Name of the configuration file.  Default is
20 | _/etc/snebu-client.conf_.
21 | 
22 | *-n*, *--name* _backupname_::
23 | Name of the backup.  Usually set to the server
24 | name that you are backing up.
25 | 
26 | *-d*, *--date* _datestamp_::
27 | Date stamp for this backup set.  The format is in
28 | time_t format, sames as the output of the "date
29 | +%s" command.
30 | 
31 | *--decrypt*::
32 | Turns on decryption.  Requires "tarcrypt" to be
33 | on the client.  Password(s) will be prompted for
34 | during restore.
35 | 
36 | *-C*, *--changedir* _path_::
37 | Changes to the given directory path before validating
38 | 
39 | *--remote-client* _hostname_::
40 | Host name / IP address of remote host.  Used to
41 | backup a remote host to local backup server.
42 | 
43 | *--remote-user* _userid_::
44 | User ID for remote remote-client.  Defaults to
45 | root.
46 | 
47 | *--sudo* _userid_::
48 | Initial login User ID for remote remote-client.
49 | This ID uses sudo to switch to remote-user once
50 | logged in.
51 | 
52 | *--backup-server* _hostname_::
53 | Host name / IP address of backup server.  Used to
54 | backup to a remote server.
55 | 
56 | *--backup-user* _userid_::
57 | User ID for remote backup-server.
58 | 
59 | [ _file-list_ ]::
60 | List of files to validate.  Defaults to all.
61 | 
62 | ==== See Also
63 | 
64 | *tarcrypt*(1)
65 | 


--------------------------------------------------------------------------------
/docs/snebu-client.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-CLIENT "1" "December 2020" "snebu-client" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu-client \- Front-end client for the snebu backup system
 5 | .SH SYNOPSIS
 6 | .B snebu-client
 7 | [ \fIsubcommand \/\fR] [ \fIoptions \/\fR]
 8 | .SH DESCRIPTION
 9 | snebu\-client is the client front end for snebu.
10 | Use it to easily
11 | back up a local or remote host, to either local a local storage
12 | device, or to a remote backup server.  Use it with one of the
13 | following subcommands.
14 | .SS "Sub commands are as follows:"
15 | .TP
16 | \fBbackup\fR [ \fB\-n\fR \fIbackupname\fR ] [ \fB\-d\fR \fIdatestamp\fR ] [ \fB\-r\fR \fIschedule\fR ]
17 | Initiates a backup.
18 | .TP
19 | \fBrestore\fR [ \fB\-n\fR \fIbackupname\fR ] [ \fB\-d\fR \fIdatestamp\fR ]
20 | Initiates a restore.
21 | .TP
22 | \fBlistbackups\fR [ \fB\-n\fR \fIbackupname\fR [ \fB\-d\fR \fIdatestamp\fR ]] [ \fIfile_list\fR... ]
23 | List backed up hosts, backup sets within a host, or files within a backup set.
24 | .TP
25 | \fBvalidate\fR \fB\-n\fR \fIbackupname\fR \fB\-d\fR \fIdatestamp\fR
26 | Validates a given backup.
27 | .TP
28 | \fBhelp\fR [ \fIsubcommand\fR ]
29 | Displays help page of subcommand
30 | .RE
31 | .SH "SEE ALSO"
32 | .hy 0
33 | \fBsnebu\-client\-backup\fR(1),
34 | \fBsnebu\-client\-restore\fR(1),
35 | \fBsnebu\-client\-listbackups\fR(1),
36 | \fBsnebu\-client\-validate\fR(1),
37 | .PP
38 | .RE
39 | 


--------------------------------------------------------------------------------
/docs/snebu-client.conf.5:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-CLIENT.CONF "5" "December 2020" "snebu-client.conf" "File Formats"
 2 | .na
 3 | .SH NAME
 4 | snebu-client.conf - Configuration file for snebu-client front end
 5 | .SH DESCRIPTION
 6 | The sneub-client.conf is used to specify a number of default parameters for snebu-client, such as default include / exclude specifications.  The contents are read in and executed as shell script commands by snebu-client, so in addition to specifying parameters it is possible to include standard shell scripting logic.  This also means that parameters are specified without a space between the name and value.
 7 | 
 8 | .SS Parameters
 9 | .TP
10 | \fBINCLUDE\fR=( \fIpath\fR ... )
11 | Specifies the directories to include in the backup.  By default, all mounted storage-based file systems are included -- that is, file systems that are of type "NODEV" (which includes virtual file systems such as /proc, /sys, anything mounted as "tmpdir") are not included.
12 | 
13 | Also note that file system boundaries are not crossed automatically.  For example, if "/home" is a separate mount point from "/" then you will need to specify both "/" and "/home".  Mount points are specified explicitly to prevent virtual file systems (i.e., "/proc") from being inadvertently included.
14 | 
15 | .TP
16 | \fBEXCLUDE\fR=( \fIpath\fR ...)
17 | Excludes directories that would normally be included with the above INCLUDE parameter.
18 | .PP
19 | .TP
20 | \fBEXCLUDEMATCH\fR=( \fIfilespec\fR... )
21 | Similar to EXCLUDE, however works with files matching a given pattern (processing shell wildcard expansion).  Note that individual parameters need to be quoted to prevent wildcard expansion from matching only files in the current directory.
22 | .PP
23 | .TP
24 | \fBbackupname\fR=\fIname-of-backup\fR
25 | Give the backup the given name instead of defaulting to the hostname.
26 | .PP
27 | .SS Server-initiated backup notes
28 | If running backups from a backup server, the parameters will by default apply to all clients.  To target parameters for specific clients, you can wrap them in a shell scripting conditional clause (if-then-else, or case statement).
29 | 
30 | .SH EXAMPLES:
31 | To include specified directories:
32 | .RS
33 | .PP
34 | .nf
35 | INCLUDE=( / /var /var/log /home )
36 | .fi
37 | .RE
38 | .PP
39 | To exclude /tmp and /var/tmp
40 | .RS
41 | .PP
42 | .nf
43 | EXCLUDE=( /tmp /var/tmp )
44 | .fi
45 | .RE
46 | .PP
47 | To exclude all ".tmp" and ".dbf" files
48 | .RS
49 | .PP
50 | .nf
51 | EXCLUDEMATCH=( "*.tmp" "*.dbf" )
52 | .fi
53 | .RE
54 | .PP
55 | On a server backing up multiple clients -- to exclude all database ".dbf" files only on the database server "erp-database", include the following:
56 | .RS
57 | .PP
58 | .nf
59 | if [ "${clientname}" = "erp-database" ]
60 | then
61 |     EXCLUDEMATCH=( "*.dbf" )
62 | fi
63 | .fi
64 | .RE
65 | .PP
66 | 


--------------------------------------------------------------------------------
/docs/snebu-client.conf_5.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-client.conf(5) - Configuration file for snebu-client front end
 2 | 
 3 | 
 4 | ==== Description
 5 | 
 6 | The sneub-client.conf is used to specify a number of default parameters for snebu-client, such as default include / exclude specifications.  The contents are read in and executed as shell script commands by snebu-client, so in addition to specifying parameters it is possible to include standard shell scripting logic.  This also means that parameters are specified without a space between the name and value.
 7 | 
 8 | [discrete]
 9 | ==== Parameters
10 | 
11 | 
12 | *INCLUDE*=( _path_ ... )::
13 | Specifies the directories to include in the backup.  By default, all mounted storage-based file systems are included -- that is, file systems that are of type "NODEV" (which includes virtual file systems such as /proc, /sys, anything mounted as "tmpdir") are not included.
14 | +
15 | Also note that file system boundaries are not crossed automatically.  For example, if "/home" is a separate mount point from "/" then you will need to specify both "/" and "/home".  Mount points are specified explicitly to prevent virtual file systems (i.e., "/proc") from being inadvertently included.
16 | 
17 | 
18 | *EXCLUDE*=( _path_ ...)::
19 | Excludes directories that would normally be included with the above INCLUDE parameter.
20 | 
21 | *EXCLUDEMATCH*=( _filespec_... )::
22 | Similar to EXCLUDE, however works with files matching a given pattern (processing shell wildcard expansion).  Note that individual parameters need to be quoted to prevent wildcard expansion from matching only files in the current directory.
23 | 
24 | *backupname*=_name-of-backup_::
25 | Give the backup the given name instead of defaulting to the hostname.
26 | 
27 | [discrete]
28 | ==== Server-initiated backup notes
29 | 
30 | If running backups from a backup server, the parameters will by default apply to all clients.  To target parameters for specific clients, you can wrap them in a shell scripting conditional clause (if-then-else, or case statement).
31 | 
32 | ==== Examples:
33 | 
34 | To include specified directories:
35 | 
36 |  INCLUDE=( / /var /var/log /home )
37 | 
38 | To exclude /tmp and /var/tmp
39 | 
40 |  EXCLUDE=( /tmp /var/tmp )
41 | 
42 | To exclude all ".tmp" and ".dbf" files
43 | 
44 |  EXCLUDEMATCH=( "*.tmp" "*.dbf" )
45 | 
46 | On a server backing up multiple clients -- to exclude all database ".dbf" files only on the database server "erp-database", include the following:
47 | 
48 |  if [ "${clientname}" = "erp-database" ]
49 |  then
50 |      EXCLUDEMATCH=( "*.dbf" )
51 |  fi
52 | 


--------------------------------------------------------------------------------
/docs/snebu-client_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-client(1) - Front-end client for the snebu backup system
 2 | 
 3 | 
 4 | ----
 5 | snebu-client [ subcommand ] [ options ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | snebu-client is the client front end for snebu.
11 | Use it to easily
12 | back up a local or remote host, to either local a local storage
13 | device, or to a remote backup server.  Use it with one of the
14 | following subcommands.
15 | 
16 | [discrete]
17 | ==== Sub commands are as follows:
18 | 
19 | 
20 | *backup* [ *-n* _backupname_ ] [ *-d* _datestamp_ ] [ *-r* _schedule_ ]::
21 | Initiates a backup.
22 | 
23 | *restore* [ *-n* _backupname_ ] [ *-d* _datestamp_ ]::
24 | Initiates a restore.
25 | 
26 | *listbackups* [ *-n* _backupname_ [ *-d* _datestamp_ ]] [ _file_list_... ]::
27 | List backed up hosts, backup sets within a host, or files within a backup set.
28 | 
29 | *validate* *-n* _backupname_ *-d* _datestamp_::
30 | Validates a given backup.
31 | 
32 | *help* [ _subcommand_ ]::
33 | Displays help page of subcommand
34 | 
35 | ==== See Also
36 | 
37 | *snebu-client-backup*(1),
38 | *snebu-client-restore*(1),
39 | *snebu-client-listbackups*(1),
40 | *snebu-client-validate*(1),
41 | 


--------------------------------------------------------------------------------
/docs/snebu-concepts.adoc:
--------------------------------------------------------------------------------
 1 | == General Concepts
 2 | 
 3 | === Components
 4 | 
 5 | The Snebu backup system consists of a backend process `snebu`, which maintains a backup catalog in an SQLite database `snebu-catalog.db` in the directory specified in the `/etc/snebu.conf` file.  This database has a number of tables, containing entries for each host that is backed up, along with the backup sets, all file metadata, and backup set details which relate the contents of a given backup set snapshot to to files in the file details table.  Individual file contents are compressed and a file hash is computed.  The files are stored in file names reflecting the file hash in the vault directory (again as specified in the config file).  Storing files named by the hash of the file contents leads directly to file-level deduplication across directories and hosts.
 6 | 
 7 | When initiating a backup, a file manifest of the system to be backed up is sent to `snebu` -- this manifest consists of a list of file names and all associated metadata (ownership, permissions, size, modification times, etc).  This represents a complete snapshot of backed up file set.  This manifest gets processed to determine which files are already on the backup server.  The names of new and modified files (as determined by changes in _any_ of the metadata fields) are returned to the client, which is then passed to the `tar` command to process and create a backup.
 8 | 
 9 | The output of `tar` is then ingested by the `snebu` backend process, which extracts the file names and meta data, then compresses the contents of each file to a temporary staging file in the `vault` location.  After computing a sha1 hash of the file, the file is renamed to this hash and placed in the target location in the vault.
10 | 
11 | The `snebu-client` program acts as a front end to `snebu`.  Technically it isn't necessary, however you would need to generate the manifest manually (using `find` and a specific list of `-printf` specifiers -- consult the man page `snebu-newbackup(1)` for details), and send it into `snebu --newbackup`, capture the return manifest to use to generate a `tar` file, and finally sending that into `snebu --submitfiles`.
12 | 
13 | Note, that some subcommands share the same name between `snebu` and `snebu-client`.  In some cases, such as `listbackups`, there is a bit more front-end processing provided by `snebu-client`.  In other cases, such as `restore`, the actions are different.  `snebu restore` synthesizes a `tar` file on standard output, whereas `snebu-client restore` executes `snebu restore` and calls the local `tar` command to extract the files.
14 | 
15 | === Encryption
16 | 
17 | Since `snebu` uses `tar` as a serialization format for the backup data, the `tarcrypt` command was created to act as a filter in a `tar` pipeline in order to add encryption capabilities.  The key used by `tarcrypt` contains an RSA Public key which is used to encrypt a random session key for each file.  It also contains a secret HMAC key used to "sign" each file in the backup with a deterministic hash.  The HMAC key is computed using a combination of the RSA Public key and the passphrase used to protect the RSA Private key.  That way it can not only be reliably regenerated during a restore operation (since the user needs to input the same passphrase to decrypt the backup), but it is also directly tied to the combination of the RSA keys and passphrase.  Since the HMAC key is considered sensitive, the `.key` file should be stored with appropriate restricted ownership and permissions to prevent an attacker from forging backup file contents (although a compromised HMAC key still won't permit an attacker from decrypting a backup).
18 | 
19 | Since the backup server can't know the hash of the raw file, and since a random session key is used when encrypting, that means that the has of the received file can't be utilized for deduplication purposes.  However since the HMAC signature is deterministic, this signature is utilized for deduplication purposes which works to deduplicate across any hosts that share the same key file(s).  (When multiple keys are used during encryption, a hash of all the HMAC keys is used to name the file).
20 | 
21 | If a new key is generated, then subsequent backups will consist of files encrypted with the old key and the new one (since backups are snapshot based, only new/modified files get sent to the backup server and encrypted with the new key).  The `tarcrypt` command handles this gracefully -- the global header contains all the encrypted keys used that are related to the files in the restore set, so the operator will be prompted for the passphrase for each key.  As an ease-of-use operation, if the same passphrase is used on more than one key, it only has to be entered once -- it will automatically be tested against all keys.
22 | 
23 | You also have the option to force a full backup, which will re-send all files on the client to the backup server, if you don't want to deal with multiple keys, by specifying the `--force-full` parameter (`snebu-client backup --force-full ...`).
24 | 
25 | === Other security features
26 | 
27 | If the `snebu` binary is installed with the suid bit set, then the user that owns it (the `snebu` user in the default case) will own the backup catalog database and the data vault.  Other users on the system can be given access to specific features, restricted to the specified hosts by using the `snebu permissions` subcommand.  For example you can give a user access to back up their host, but not restore.  Or you can restrict their ability to expire backups -- either give permission for a host to only expire their own backups, or restrict expire option to a separate locked down account.  This can be valuable to prevent an attacker from deleting all the backups if a host is compromised.
28 | 


--------------------------------------------------------------------------------
/docs/snebu-expire.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-EXPIRE "1" "December 2020" "snebu-expire" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu expire \- Expire a given backup set or range of backups
 5 | .SH SYNOPSIS
 6 | .B snebu
 7 | \fBexpire\fR [ \fB-n\fR \fIhostname\fR
 8 | \fB-d\fR \fIdatestamp\fR ] or
 9 | [ \fB-a\fR \fIdays\fR
10 | \fB-r\fR \fIschedule\fR
11 | [ \fB\-n\fR \fIhostname\fR ]]
12 | .SH DESCRIPTION
13 | Removes backup sessions from the snebu backup catalog database.
14 | A specific backup session can be purged by providing the \fB\-n\fR and \fB\-d\fR
15 | options, or all backups that are part of a given retention schedule
16 | (specified with \fB\-r\fR, and optionally from a given host, with the \fB\-n\fR
17 | option) that are older than a given number of days (\fB\-a\fR) are removed.
18 | .SH OPTIONS
19 | .TP
20 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
21 | Name of the backup.  Usually set to the server
22 | name that you are backing up.
23 | .TP
24 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
25 | Date stamp for this backup set.  The format is in
26 | time_t format, sames as the output of the "date
27 | +%s" command.
28 | .TP
29 | \fB\-r\fR, \fB\-\-retention\fR \fIschedule\fR
30 | Retention schedule for this backup set.  Typical
31 | values are "daily", "weekly", "monthly", "yearly".
32 | .TP
33 | \fB\-a\fR, \fB\-\-age\fR \fI#days\fR
34 | Expire backups older than #days.
35 | .TP
36 | \fB\-m\fR, \fB\-\-min\-keep\fR \fI#backups\fR
37 | When expiring with the \fB\-a\fR flag, keep at least
38 | this many of the most recent backups for a given
39 | hostname/retention schedule.
40 | Defaults to 3 days.
41 | .SH "SEE ALSO"
42 | .hy 0
43 | \fBsnebu\fR(1),
44 | \fBsnebu\-newbackup\fR(1),
45 | \fBsnebu\-submitfiles\fR(1),
46 | \fBsnebu\-restore\fR(1),
47 | \fBsnebu\-listbackups\fR(1),
48 | \fBsnebu\-purge\fR(1),
49 | \fBsnebu\-permissions\fR(1),
50 | \fBsnebu\-client\fR(1)
51 | .PP
52 | 


--------------------------------------------------------------------------------
/docs/snebu-expire_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-expire(1) - Expire a given backup set or range of backups
 2 | 
 3 | 
 4 | ----
 5 | snebu expire [ -n hostname -d datestamp ] or [ -a days -r schedule [ -n hostname ]]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | Removes backup sessions from the snebu backup catalog database.
11 | A specific backup session can be purged by providing the *-n* and *-d*
12 | options, or all backups that are part of a given retention schedule
13 | (specified with *-r*, and optionally from a given host, with the *-n*
14 | option) that are older than a given number of days (*-a*) are removed.
15 | 
16 | ==== Options
17 | 
18 | 
19 | *-n*, *--name* _backupname_::
20 | Name of the backup.  Usually set to the server
21 | name that you are backing up.
22 | 
23 | *-d*, *--date* _datestamp_::
24 | Date stamp for this backup set.  The format is in
25 | time_t format, sames as the output of the "date
26 | +%s" command.
27 | 
28 | *-r*, *--retention* _schedule_::
29 | Retention schedule for this backup set.  Typical
30 | values are "daily", "weekly", "monthly", "yearly".
31 | 
32 | *-a*, *--age* _#days_::
33 | Expire backups older than #days.
34 | 
35 | *-m*, *--min-keep* _#backups_::
36 | When expiring with the *-a* flag, keep at least
37 | this many of the most recent backups for a given
38 | hostname/retention schedule.
39 | Defaults to 3 days.
40 | 
41 | ==== See Also
42 | 
43 | *snebu*(1),
44 | *snebu-newbackup*(1),
45 | *snebu-submitfiles*(1),
46 | *snebu-restore*(1),
47 | *snebu-listbackups*(1),
48 | *snebu-purge*(1),
49 | *snebu-permissions*(1),
50 | *snebu-client*(1)
51 | 


--------------------------------------------------------------------------------
/docs/snebu-intro.adoc:
--------------------------------------------------------------------------------
 1 | == Introduction
 2 | 
 3 | Snebu is a high-performance snapshot-style backup system for Linux supporting compression, deduplication and optional public key encryption.  It can operate in single-host mode, push mode (client pushes data to server), or pull mode (server pulls data from client) via SSH.  In pull mode, no agent is required on the client (the program _tarcrypt_ will need to be on clients when encryption is used).
 4 | 
 5 | The backups are snapshot style, so only the minimum necessary files are transferred to the backup server to complete a backup set.  This keeps storage and bandwidth utilization to a minimum.
 6 | 
 7 | Server side is accessed via SSH, supports multiple simultaneous clients, and deduplicates backup files across file systems, clients and backup sets.  Server access supports multi-user granular permissions per account (i.e., an account can be granted backup access, but forbidden delete access -- useful for protection against malware attacks).
 8 | 
 9 | 
10 | [discrete]
11 | === Primary Features
12 | * Centrally managed
13 | * Snapshot backups
14 | * Database-backed metadata catalog
15 | * File-level deduplication
16 | ** Across backup sets and clients
17 | * Compression
18 | * RSA Public Key encryption
19 | * Single-host, Client-push, or Server-pull backups
20 | * Multiple user granular access
21 | * Agentless
22 | ** Client-side uses standard Unix/Linux commands -- _find_, _tar_, _ssh_, _bash_
23 | * High efficiency C code
24 | ** Minimal library runtime dependencies -- _SQLite_, _OpenSSL_, _LZOP_
25 | 
26 | _SNEBU -- Sleep Nominally, Everything's Backed Up._
27 | 


--------------------------------------------------------------------------------
/docs/snebu-listbackups.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-LISTBACKUPS "1" "December 2020" "snebu-listbackups" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu listbackups \- Lists backed up systems, backup sets, and file names
 5 | .SH SYNOPSIS
 6 | .B snebu 
 7 | \fBlistbackups\fR
 8 | [ \fB-n\fR \fIhostname\fR ] [ \fB-d\fR \fIdatestamp\fR ]]
 9 | [ \fIfile_list\fR... ]
10 | .SH DESCRIPTION
11 | With no arguments specified, \fIlistbackups\fR will return a list of all
12 | systems that are contained in the backup catalog.  Otherwise, when
13 | specifying the \fB\-n\fR parameter, a list of backup sets for that host is
14 | returned.
15 | .SH OPTIONS
16 | .TP
17 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
18 | Name of the backup.  Usually set to the server
19 | name that you are backing up.
20 | .TP
21 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
22 | Date stamp for this backup set.  The format is in
23 | time_t format, sames as the output of the "date
24 | +%s" command.
25 | .TP
26 | [ \fIfile\-list\fR ]
27 | List of files or file pattern(s)
28 | .SH "SEE ALSO"
29 | .hy 0
30 | \fBsnebu\fR(1),
31 | \fBsnebu\-newbackup\fR(1),
32 | \fBsnebu\-submitfiles\fR(1),
33 | \fBsnebu\-restore\fR(1),
34 | \fBsnebu\-expire\fR(1),
35 | \fBsnebu\-purge\fR(1),
36 | \fBsnebu\-permissions\fR(1),
37 | \fBsnebu\-client\fR(1)
38 | .PP
39 | 


--------------------------------------------------------------------------------
/docs/snebu-listbackups_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-listbackups(1) - Lists backed up systems, backup sets, and file names
 2 | 
 3 | 
 4 | ----
 5 | snebu  listbackups [ -n hostname ] [ -d datestamp ]] [ file_list... ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | With no arguments specified, _listbackups_ will return a list of all
11 | systems that are contained in the backup catalog.  Otherwise, when
12 | specifying the *-n* parameter, a list of backup sets for that host is
13 | returned.
14 | 
15 | ==== Options
16 | 
17 | 
18 | *-n*, *--name* _backupname_::
19 | Name of the backup.  Usually set to the server
20 | name that you are backing up.
21 | 
22 | *-d*, *--date* _datestamp_::
23 | Date stamp for this backup set.  The format is in
24 | time_t format, sames as the output of the "date
25 | +%s" command.
26 | 
27 | [ _file-list_ ]::
28 | List of files or file pattern(s)
29 | 
30 | ==== See Also
31 | 
32 | *snebu*(1),
33 | *snebu-newbackup*(1),
34 | *snebu-submitfiles*(1),
35 | *snebu-restore*(1),
36 | *snebu-expire*(1),
37 | *snebu-purge*(1),
38 | *snebu-permissions*(1),
39 | *snebu-client*(1)
40 | 


--------------------------------------------------------------------------------
/docs/snebu-newbackup.1:
--------------------------------------------------------------------------------
  1 | .TH SNEBU-NEWBACKUP "1" "December 2020" "snebu-newbackup" "User Commands"
  2 | .na
  3 | .SH NAME
  4 | snebu newbackup \- Submits manifest for a new backup
  5 | .SH SYNOPSIS
  6 | .B snebu
  7 | \fBnewbackup\fR
  8 | \fB-n\fR \fIbackupname\fR
  9 | \fB-d\fR \fIdatestamp\fR
 10 | \fB-r\fR \fIschedule\fR
 11 | .SH DESCRIPTION
 12 | The "newbackup" command creates a new backup set, by consuming a
 13 | tab\-delimited list of file names (along with associated meta data) to
 14 | include in the backup.  It then compares this list to the backup
 15 | catalog database to determine which files are new, and which ones are
 16 | already contained on the backup media.  A list of new / changed files
 17 | is returned (the snapshot manifest), which can then be passed along to 
 18 | "tar" to generate the input for the "submitfiles" subcommand.
 19 | .SH OPTIONS
 20 | .TP
 21 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
 22 | Name of the backup.  Usually set to the server
 23 | name that you are backing up.
 24 | .TP
 25 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
 26 | Date stamp for this backup set.  The format is in
 27 | time_t format, sames as the output of the "date
 28 | +%s" command.
 29 | .TP
 30 | \fB\-r\fR, \fB\-\-retention\fR \fIschedule\fR
 31 | Retention schedule for this backup set.  Typical
 32 | values are "daily", "weekly", "monthly", "yearly".
 33 | .TP
 34 | \fB\-T\fR, \fB\-\-files\-from\fR \fIFILE\fR
 35 | Read list of filenames (with meta data) to backup
 36 | from the named file, instead of standard input.
 37 | .TP
 38 | \fB\-\-null\fR
 39 | Inbound backup manifest (\fB\-T\fR, or standard input)
 40 | is null terminated
 41 | .TP
 42 | \fB\-\-not\-null\fR
 43 | Inbound backup manifest (\fB\-T\fR, or standard input)
 44 | is newline terminated
 45 | .TP
 46 | \fB\-\-null\-output\fR
 47 | Generate snapshot manifest with null-terminated lines.
 48 | .TP
 49 | \fB\-\-not\-null\-output\fR
 50 | Generate snapshot with newline-terminated lines.
 51 | .TP
 52 | \fB\-f\fR, \fB\-\-force\-full\fR
 53 | Force a full backup
 54 | .TP
 55 | \fB\-\-graft\fR \fI/path/name/\fR\fB=\fR\fI/new/name/\fR
 56 | Re\-write path names beginning with "\fI/path/name/\fR"
 57 | to "\fI/new/name/\fR"
 58 | .TP
 59 | \fB\-v\fR
 60 | Turn on verbose output.
 61 | .SS Input Manifest format
 62 | The input manifest contains a list of files to include in this backup set.
 63 | The format is a delimited list of file names and file metadata, with the following fields:
 64 | .BP
 65 | .PP
 66 | .TP
 67 | .B 1 - FType
 68 | Values are one of "f", "d", "l", "c", "b"
 69 | .TP
 70 | .B 2 - Mode
 71 | File mode in octal
 72 | .TP
 73 | .B 3 - Device
 74 | Device number of file system
 75 | .TP
 76 | .B 4 - Inode
 77 | Inode number of file
 78 | .TP
 79 | .B 5 - UName
 80 | User name
 81 | .TP
 82 | .B 6 - UID
 83 | User ID number
 84 | .TP
 85 | .B 7 - GName
 86 | User's Group Name
 87 | .TP
 88 | .B 8 - GID
 89 | User's Group Number
 90 | .TP
 91 | .B 9 - Size
 92 | File size in bytes
 93 | .TP
 94 | .B 10 - Hash
 95 | File Hash (future use, set to "0")
 96 | .TP
 97 | .B 11 - CTime
 98 | File Inode's last change time
 99 | .TP
100 | .B 12 - MTime
101 | File Content's last modififed time
102 | .TP
103 | .B 13 - Path
104 | Full file path
105 | .TP
106 | .B 14 - LTarget
107 | Link target
108 | .PP
109 | Field 14 (Link Target) is only present if the file type is "l" (symbolic link).
110 | .PP
111 | The fields are tab-delimited.  If the "--null" option is specified, then each line is null terminated, with an additional null character delimiting fields 13 and 14.  Otherwise if "--not-null" is specified, fields 13 and 14 are tab delimited, and the path names must have special characters escaped.
112 | .PP
113 | The input manifest can be created with the GNU \fIfind\fR command, with the following print formatting specification (suitable for the "--null" flag):
114 | .RS
115 | .PP
116 | .EX
117 | find [ parameters ] \\( -type f -o -type d \\) \\
118 | .br
119 |     -printf "%y\t%#m\t%D\t%i\t%u\t%U\t%g\t%G\t%s\t0\t%C@\t%T@\t%p\\0" \\
120 | .br
121 |     -o -type l -printf "%y\t%#m\t%D\t%i\t%u\t%U\t%g\t%G\t%s\t0\t%C@\t%T@\t%p\\0%l\\0"
122 | .EE
123 | .RE
124 | .SS Returned Snapshot manifest output
125 | .PP
126 | The manifest returned is either a null-delimited list of files (if "--null-output" is specified),
127 | or a newline-delimited list of files with special characters escaped (if "--not-null-output is specified).
128 | This is the list of files that are required to complete the snapshot (any file that hasn't changed from previous backups will be referenced from the backup server).  This list is suitable for passing into the \fItar\fR command.
129 | .SH "SEE ALSO"
130 | .hy 0
131 | \fBsnebu\fR(1),
132 | \fBsnebu\-submitfiles\fR(1),
133 | \fBsnebu\-restore\fR(1),
134 | \fBsnebu\-listbackups\fR(1),
135 | \fBsnebu\-expire\fR(1),
136 | \fBsnebu\-purge\fR(1),
137 | \fBsnebu\-permissions\fR(1),
138 | \fBsnebu\-client\fR(1)
139 | .PP
140 | 


--------------------------------------------------------------------------------
/docs/snebu-newbackup_1.adoc:
--------------------------------------------------------------------------------
  1 | === snebu-newbackup(1) - Submits manifest for a new backup
  2 | 
  3 | 
  4 | ----
  5 | snebu newbackup -n backupname -d datestamp -r schedule
  6 | ----
  7 | 
  8 | ==== Description
  9 | 
 10 | The "newbackup" command creates a new backup set, by consuming a
 11 | tab-delimited list of file names (along with associated meta data) to
 12 | include in the backup.  It then compares this list to the backup
 13 | catalog database to determine which files are new, and which ones are
 14 | already contained on the backup media.  A list of new / changed files
 15 | is returned (the snapshot manifest), which can then be passed along to
 16 | "tar" to generate the input for the "submitfiles" subcommand.
 17 | 
 18 | ==== Options
 19 | 
 20 | 
 21 | *-n*, *--name* _backupname_::
 22 | Name of the backup.  Usually set to the server
 23 | name that you are backing up.
 24 | 
 25 | *-d*, *--date* _datestamp_::
 26 | Date stamp for this backup set.  The format is in
 27 | time_t format, sames as the output of the "date
 28 | +%s" command.
 29 | 
 30 | *-r*, *--retention* _schedule_::
 31 | Retention schedule for this backup set.  Typical
 32 | values are "daily", "weekly", "monthly", "yearly".
 33 | 
 34 | *-T*, *--files-from* _FILE_::
 35 | Read list of filenames (with meta data) to backup
 36 | from the named file, instead of standard input.
 37 | 
 38 | *--null*::
 39 | Inbound backup manifest (*-T*, or standard input)
 40 | is null terminated
 41 | 
 42 | *--not-null*::
 43 | Inbound backup manifest (*-T*, or standard input)
 44 | is newline terminated
 45 | 
 46 | *--null-output*::
 47 | Generate snapshot manifest with null-terminated lines.
 48 | 
 49 | *--not-null-output*::
 50 | Generate snapshot with newline-terminated lines.
 51 | 
 52 | *-f*, *--force-full*::
 53 | Force a full backup
 54 | 
 55 | *--graft* _/path/name/_*=*_/new/name/_::
 56 | Re-write path names beginning with "_/path/name/_"
 57 | to "_/new/name/_"
 58 | 
 59 | *-v*::
 60 | Turn on verbose output.
 61 | 
 62 | [discrete]
 63 | ==== Input Manifest format
 64 | 
 65 | The input manifest contains a list of files to include in this backup set.
 66 | The format is a delimited list of file names and file metadata, with the following fields:
 67 | .BP
 68 | 
 69 | 
 70 | *1 - FType*::
 71 | Values are one of "f", "d", "l", "c", "b"
 72 | 
 73 | *2 - Mode*::
 74 | File mode in octal
 75 | 
 76 | *3 - Device*::
 77 | Device number of file system
 78 | 
 79 | *4 - Inode*::
 80 | Inode number of file
 81 | 
 82 | *5 - UName*::
 83 | User name
 84 | 
 85 | *6 - UID*::
 86 | User ID number
 87 | 
 88 | *7 - GName*::
 89 | User's Group Name
 90 | 
 91 | *8 - GID*::
 92 | User's Group Number
 93 | 
 94 | *9 - Size*::
 95 | File size in bytes
 96 | 
 97 | *10 - Hash*::
 98 | File Hash (future use, set to "0")
 99 | 
100 | *11 - CTime*::
101 | File Inode's last change time
102 | 
103 | *12 - MTime*::
104 | File Content's last modififed time
105 | 
106 | *13 - Path*::
107 | Full file path
108 | 
109 | *14 - LTarget*::
110 | Link target
111 | 
112 | Field 14 (Link Target) is only present if the file type is "l" (symbolic link).
113 | 
114 | The fields are tab-delimited.  If the "--null" option is specified, then each line is null terminated, with an additional null character delimiting fields 13 and 14.  Otherwise if "--not-null" is specified, fields 13 and 14 are tab delimited, and the path names must have special characters escaped.
115 | 
116 | The input manifest can be created with the GNU _find_ command, with the following print formatting specification (suitable for the "--null" flag):
117 | 
118 | .EX
119 | find [ parameters ] \( -type f -o -type d \ .br
120 |     -printf "%y\t%#m\t%D\t%i\t%u\t%U\t%g\t%G\t%s\t0\t%C@\t%T@\t%p\0" .br
121 |     -o -type l -printf "%y\t%#m\t%D\t%i\t%u\t%U\t%g\t%G\t%s\t0\t%C@\t%T@\t%p\0%l\0"
122 | .EE
123 | 
124 | [discrete]
125 | ==== Returned Snapshot manifest output
126 | 
127 | The manifest returned is either a null-delimited list of files (if "--null-output" is specified),
128 | or a newline-delimited list of files with special characters escaped (if "--not-null-output is specified).
129 | This is the list of files that are required to complete the snapshot (any file that hasn't changed from previous backups will be referenced from the backup server).  This list is suitable for passing into the _tar_ command.
130 | 
131 | ==== See Also
132 | 
133 | *snebu*(1),
134 | *snebu-submitfiles*(1),
135 | *snebu-restore*(1),
136 | *snebu-listbackups*(1),
137 | *snebu-expire*(1),
138 | *snebu-purge*(1),
139 | *snebu-permissions*(1),
140 | *snebu-client*(1)
141 | 


--------------------------------------------------------------------------------
/docs/snebu-permissions.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-PERMISSIONS "1" "December 2020" "snebu-permissions" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu permissions \- Set permissions for Snebu when used in multi-user mode
 5 | .SH SYNOPSIS
 6 | .B snebu
 7 | \fBpermissions\fR
 8 | [ \fB-l\fR | \fB-a\fR | \fB-r\fR ]
 9 | \fB-c\fR \fIcommand\fR
10 | \fB-n\fR \fIhostname\fR
11 | \fB-u\fR \fIuser\fR
12 | .SH DESCRIPTION
13 | .TP
14 | The \fIpermissions\fR command lists, adds, or removes user permissions.
15 | These permissions are applied when the "snebu" command is installed setuid, and run
16 | by a OS different user.
17 | .SH OPTIONS
18 | .TP
19 | \fB\-l\fR, \fB\-\-list\fR
20 | Lists all installed permissions.  If the \fB\-c\fR, \fB\-n\fR, or
21 | \fB\-u\fR options are given, this list is restricted to
22 | those sub commands, hostnames, or users respectively.
23 | .TP
24 | \fB\-a\fR, \fB\-\-add\fR
25 | Adds permissions for the specified sub command [\-c],
26 | hostname [\-n], and user [\-u].
27 | .TP
28 | \fB\-r\fR, \fB\-\-remove\fR
29 | Removes permissions for the specified sub command
30 | [\-c], hostname [\-n], and user [\-u].
31 | .TP
32 | \fB\-c\fR, \fB\-\-command\fR \fIsub command\fR
33 | The sub command that this permission command applies to.
34 | .TP
35 | \fB\-n\fR, \fB\-\-name\fR \fIhostname\fR
36 | The host name that this permission command applies to.
37 | .TP
38 | \fB\-u\fR, \fB\-\-user\fR \fIusername\fR
39 | The user that this permission command applies to.
40 | .PP
41 | Available subcomands that work with permissions are:
42 | .RS 4
43 | .sp
44 | \fBbackup\fR (covers both newbackup and submitfiles functions)
45 | .sp
46 | \fBrestore\fR
47 | .sp
48 | \fBlistbackups\fR
49 | .sp
50 | \fBexpire\fR
51 | .sp
52 | \fBpurge\fR
53 | .sp
54 | \fBpermissions\fR
55 | .PP
56 | .RE
57 | Note that in the case of functions that aren't host specific (such as \fIpermissions\fR) or affect all hosts (\fIsnebu purge\fR, or \fIsnebu expire -a ...\fR), users will need to be granted permission to all hosts by specifying \fB-h '*'\fR in order to be granted access to those specific functions).
58 | .PP
59 | To grant permissions, this command must be run as the user that snebu is
60 | installed under, or the user must be granted access to the \fIpermissions\fR
61 | sub command
62 | .SH "SEE ALSO"
63 | .hy 0
64 | \fBsnebu\fR(1),
65 | \fBsnebu\-newbackup\fR(1),
66 | \fBsnebu\-submitfiles\fR(1),
67 | \fBsnebu\-restore\fR(1),
68 | \fBsnebu\-listbackups\fR(1),
69 | \fBsnebu\-expire\fR(1),
70 | \fBsnebu\-purge\fR(1),
71 | \fBsnebu\-client\fR(1)
72 | .PP
73 | 


--------------------------------------------------------------------------------
/docs/snebu-permissions_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-permissions(1) - Set permissions for Snebu when used in multi-user mode
 2 | 
 3 | 
 4 | ----
 5 | snebu permissions [ -l | -a | -r ] -c command -n hostname -u user
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | 
11 | The _permissions_ command lists, adds, or removes user permissions.::
12 | These permissions are applied when the "snebu" command is installed setuid, and run
13 | by a OS different user.
14 | 
15 | ==== Options
16 | 
17 | 
18 | *-l*, *--list*::
19 | Lists all installed permissions.  If the *-c*, *-n*, or
20 | *-u* options are given, this list is restricted to
21 | those sub commands, hostnames, or users respectively.
22 | 
23 | *-a*, *--add*::
24 | Adds permissions for the specified sub command [-c],
25 | hostname [-n], and user [-u].
26 | 
27 | *-r*, *--remove*::
28 | Removes permissions for the specified sub command
29 | [-c], hostname [-n], and user [-u].
30 | 
31 | *-c*, *--command* _sub command_::
32 | The sub command that this permission command applies to.
33 | 
34 | *-n*, *--name* _hostname_::
35 | The host name that this permission command applies to.
36 | 
37 | *-u*, *--user* _username_::
38 | The user that this permission command applies to.
39 | 
40 | Available subcomands that work with permissions are:
41 | 
42 | *backup* (covers both newbackup and submitfiles functions)
43 | 
44 | *restore*
45 | 
46 | *listbackups*
47 | 
48 | *expire*
49 | 
50 | *purge*
51 | 
52 | *permissions*
53 | 
54 | Note that in the case of functions that aren't host specific (such as _permissions_) or affect all hosts (_snebu purge_, or _snebu expire -a ..._), users will need to be granted permission to all hosts by specifying *-h ${asterisk}* in order to be granted access to those specific functions).
55 | 
56 | To grant permissions, this command must be run as the user that snebu is
57 | installed under, or the user must be granted access to the _permissions_
58 | sub command
59 | 
60 | ==== See Also
61 | 
62 | *snebu*(1),
63 | *snebu-newbackup*(1),
64 | *snebu-submitfiles*(1),
65 | *snebu-restore*(1),
66 | *snebu-listbackups*(1),
67 | *snebu-expire*(1),
68 | *snebu-purge*(1),
69 | *snebu-client*(1)
70 | 


--------------------------------------------------------------------------------
/docs/snebu-purge.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-PURGE "1" "December 2020" "snebu-purge" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu purge \- Remove backing files from expired backups
 5 | .SH SYNOPSIS
 6 | .B snebu
 7 | \fBpurge\/\fB [ \fB-v\fR ] [ \fB-q\fR ]
 8 | .SH DESCRIPTION
 9 | Permanently removes files from disk storage that are no longer
10 | referenced by any backups. Run this command after running "snebu expire".
11 | .SH OPTIONS
12 | .TP
13 | \fB\-v\fR, \fB\-\-verbose\fR
14 | Turns on verbose mode (default if stderr is a tty)
15 | .TP
16 | \fB\-q\fR, \fB\-\-quiet\fR
17 | Turns off verbose mode (default if stderr is not a tty)
18 | .SH "SEE ALSO"
19 | .hy 0
20 | \fBsnebu\fR(1),
21 | \fBsnebu\-newbackup\fR(1),
22 | \fBsnebu\-submitfiles\fR(1),
23 | \fBsnebu\-restore\fR(1),
24 | \fBsnebu\-listbackups\fR(1),
25 | \fBsnebu\-expire\fR(1),
26 | \fBsnebu\-permissions\fR(1),
27 | \fBsnebu\-client\fR(1)
28 | .PP
29 | 


--------------------------------------------------------------------------------
/docs/snebu-purge_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-purge(1) - Remove backing files from expired backups
 2 | 
 3 | 
 4 | ----
 5 | snebu purge [ -v ] [ -q ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | Permanently removes files from disk storage that are no longer
11 | referenced by any backups. Run this command after running "snebu expire".
12 | 
13 | ==== Options
14 | 
15 | 
16 | *-v*, *--verbose*::
17 | Turns on verbose mode (default if stderr is a tty)
18 | 
19 | *-q*, *--quiet*::
20 | Turns off verbose mode (default if stderr is not a tty)
21 | 
22 | ==== See Also
23 | 
24 | *snebu*(1),
25 | *snebu-newbackup*(1),
26 | *snebu-submitfiles*(1),
27 | *snebu-restore*(1),
28 | *snebu-listbackups*(1),
29 | *snebu-expire*(1),
30 | *snebu-permissions*(1),
31 | *snebu-client*(1)
32 | 


--------------------------------------------------------------------------------
/docs/snebu-quickstart.adoc:
--------------------------------------------------------------------------------
  1 | == Quick start
  2 | 
  3 | === Compiling / Installation
  4 | 
  5 |  tar -zxvf snebu-1.1.0.tar.gz
  6 |  make
  7 |  sudo make install
  8 | 
  9 | Then to set up privilege separation:
 10 | 
 11 |  sudo useradd -r -U -d /var/lib/snebu snebu
 12 |  sudo chown snebu:snebu 
 13 | 
 14 | This creates a user and group called "snebu", installing the snebu binary as SUID to user "snebu".  The config file /etc/sneub.conf defaults to placing the vault in `/var/lib/snebu/vault` and the backup catalog DB in `/var/lib/snebu/catalog`.  The `vault` directory is where the backed up files are stored, and the `catalog` directory holds the backup catalog database (in SQLite format).
 15 | 
 16 | You can mount an external storage device on /var/lib/snebu (making sure the `snebu` user/group owns the directory after mounting -- if not, `chown snebu:snebu /var/lib/snebu/` once the drive is mounted).  However, if the storage device has slow seek times, which is the case with many 2.5" USB-powered mechanical hard drives, then you will get better performance by mounting the mechanical drive under `/var/lib/snebu/vault`, and mounting a separate SSD drive in `/var/lib/snebu/catalog` (or the appropriate directories specified in `/etc/snebu.conf`.  Or if you keep the `catalog` directory on the local systems drive then be sure to separately copy the contents of the catalog directory to the external storage device after a backup session finishes.
 17 | 
 18 | === Sample Backup and Restore Operation
 19 | 
 20 | ==== User and permissions setup
 21 | You will need to set up user permissions for any user ID that access the `snebu` binary.  To set up permissions for the `root` user, run the following commands:
 22 | 
 23 | ----
 24 | $ sudo -u snebu snebu permissions --add --command '*' --name '*' --user root
 25 | ----
 26 | 
 27 | If a user other than root needs to run snebu, then they need to be added to the snebu group.
 28 | 
 29 | ==== Run a backup
 30 | `sudo` is needed here to allow snebu-client to read all the files on the host.  If a user is only backing up their own directory then sudo isn't needed, and they can be given more granular permissions to the `snebu` command -- see the man page snebu-permissions(1).
 31 | ----
 32 | $ sudo snebu-client backup
 33 | ----
 34 | 
 35 | This backs up all mounted disk-based file systems (automatically skips tmpfs, procfs, sysfs, and other "nodev" mount points).  The backup name defaults to the host name of the client, however this can be overridden with `--name` parameter.  You can also follow the command with a file or path list.  For example:
 36 | 
 37 | ----
 38 | $ sudo snebu-client backup -n boss-home-dir /home/bigboss
 39 | ----
 40 | 
 41 | ==== List backups, contents, and restore a file
 42 | ----
 43 | $ sudo snebu-client listbackups -v
 44 | 
 45 | bosshost1
 46 |     1608761077 / daily / Wed Dec 23 16:04:37 2020
 47 | ----
 48 | ----
 49 | $ sudo snebu-client listbackups -n bosshost1 -d 1608761077 '*BudgetProposal*'
 50 | 
 51 | /home/bigboss/BudgetProposal2021.doc
 52 | ----
 53 | ----
 54 | $ sudo snebu-client restore -n bosshost1 -d 1608761077 -C /tmp \
 55 |     --graft /home/bigboss/=bigboss-restored
 56 | 
 57 |  bigboss-restored/BudgetProposal2021.doc
 58 | ----
 59 | 
 60 | The first command gives a list of all hosts that have been backed up.  With the "-v" flag, it will also give all backup sets that are part of each backed up host.  Backup sets are identified by a serial number, which is the time/date that the backup was created, represented in Unix time_t format (i.e., the number of seconds since Jan 1, 1970).
 61 | 
 62 | The second command will list the files that are part of the host and backup set, restricting the output to the given file specification.
 63 | 
 64 | In the third command, a restore of this backup set is initiated.  The client changes to the "/tmp" directory, so everything restored is relative to this directory (or specify `-C /` to restore to the original location).  The `--graft` parameter is specified to re-write part of the file path -- in this case it replaces the directory "/home/bigboss/" with "bigboss-restored".  Putting it together the final path file that gets restored is in `/tmp/bigobss-restored/BudgetProposal2021.doc`.
 65 | 
 66 | Notice that the backup above is a "daily" backup -- this is the retention schedule that this backup set is assigned to.  By default, backups ran on Sunday through Friaday are `daily` backups, Saturday is a `weekly` backup, and the first of the month is a `monthly` backup.
 67 | 
 68 | ==== Remote backups
 69 | If snebu is installed in a remote backup server called `bkupsvr1`, and you have the snebu-client script on a local host, you can add the parameters `--backup-server bkupsvr1` and `--backup-user svc-bosshost1` to the above commands.  Make sure to create the service user account `svc-bosshost1` on the remote host (or whichever user account name specified by your organizations practices), along with adding the account to the snebu group.  Set up ssh key based authentication for unattended backups, and then create the appropriate permissions for this service user on the remote backup server:
 70 | 
 71 |     admin@bkupsvr1:~$ sudo -u snebu snebu permissions --add --command '*' \
 72 |         --name 'bosshost1' --user svc-bosshost1
 73 | 
 74 | Now you can back up to this host:
 75 | 
 76 |     root@booshost1:~$ sudo snebu-client backup --backup-server bkupsvr1 --backup-user svc-bosshost1
 77 | 
 78 | Note, you may wish to grant more granular permissions such as "backup", "listbackups" and "restore" in the above `snebu permissions` command.  This would prevent the client from deleting backups on the backup server if it were to become compromised.  See the `snebu-permissions` man page for detailed command usage.
 79 | 
 80 | If you want more protection, you can reverse the process and have the remote backup server "pull" a backup from the client:
 81 | 
 82 |     snebu@bkupsvr1:~$ snebu-client backup --remote-client bosshost1 \
 83 |         --remote-user root --sudo svs-backup
 84 | 
 85 | This will access bosshost1 as the service user `svs-backup`, then sudo to `root` to pull the data.  Make sure to set up ssh key authentication between `snebu@bkupsvr1` and `svs-backup@bosshost1`.  If you leave off the `--sudo` flag, then the user `root` will be directly accessed via ssh (requiring ssh key authorization to `root@bosshost1`)
 86 | 
 87 | 
 88 | ==== Expiring old backups
 89 | 
 90 | Run the following on the backup server to expire old backups
 91 | ----
 92 | $ sudo snebu expire -a 14 -r daily
 93 | $ sudo snebu exipre -a 42 -r weekly
 94 | $ sudo snebu expire -a 365 -r monthly
 95 | $ sudo snebu purge
 96 | ----
 97 | 
 98 | This expires all daily backups older than 2 weeks, weekly backups older than 6 weeks, and monthly backups older than a year.  Expiring a backup only removes the metadata, and takes a short amount of time.  A `purge` permanently remove data from the `vault`, and can take a bit longer (depending on the number of files that need to be removed).
 99 | 
100 | In the above example, the commands were run under the user ID `snebu`, which owns the repository and has all permissions.  Again, you can grant a specific user permission to run the expire and purge commands to limit the need to access the main user account (see _snebu-permissions(1)_ documentation).
101 | 
102 | ==== Encryption
103 | Snebu supports client-side public key encryption.  This requires the program `tarcrypt` to be installed on the client.  On the client, run the command `tarcrypt genkey -f outputfile`, and make sure it has appropriate permissions and ownership
104 | 
105 |     $ sudo tarcrypt genkey -f /etc/snebu-backup.key
106 |     $ sudo chown root:root /etc/snebu-backup.key
107 |     $ sudo chmod 600 /etc/snebu-backup.key
108 | 
109 | You will be prompted for a passphrase to protect the private key stored in the `.key` file.  Then, on any of the backup command variations, add the parameter `--encryption-key /etc/snebu-backup.key`:
110 | 
111 |     sudo snebu-client backup --backup-server bkupsvr1 --backup-user svc-bosshost1 \
112 |         --encryption-key /etc/snebu-backup.key
113 | 
114 | Note, you can repeate the `--encryption-key` parameter to encrypt with multiple keys -- in this case, the passphrase for any one of the keys can be used to decode the backup upon restoring.
115 | 
116 | When restoring an encrypted backup, specify `snebu-client restore --decrypt` along with the other parameters as appropriate.  No key file is specified, as all key data is securely stored with the backup.  You will be prompted for the private key passphrase for one of the keys when restoring.
117 | 


--------------------------------------------------------------------------------
/docs/snebu-reference.adoc:
--------------------------------------------------------------------------------
 1 | == Reference
 2 | 
 3 | include::snebu-client_1.adoc[]
 4 | 
 5 | include::snebu-client-backup_1.adoc[]
 6 | 
 7 | include::snebu-client-listbackups_1.adoc[]
 8 | 
 9 | include::snebu-client-validate_1.adoc[]
10 | 
11 | include::snebu-client-restore_1.adoc[]
12 | 
13 | include::snebu-client.conf_5.adoc[]
14 | 
15 | include::snebu-client-plugin_5.adoc[]
16 | 
17 | include::snebu_1.adoc[]
18 | 
19 | include::snebu-newbackup_1.adoc[]
20 | 
21 | include::snebu-submitfiles_1.adoc[]
22 | 
23 | include::snebu-listbackups_1.adoc[]
24 | 
25 | include::snebu-restore_1.adoc[]
26 | 
27 | include::snebu-expire_1.adoc[]
28 | 
29 | include::snebu-purge_1.adoc[]
30 | 
31 | include::snebu-permissions_1.adoc[]
32 | 
33 | include::tarcrypt_1.adoc[]
34 | 


--------------------------------------------------------------------------------
/docs/snebu-restore.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-RESTORE "1" "December 2020" "snebu-restore" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu restore \- Generates tar file from backup
 5 | .SH SYNOPSIS
 6 | .B snebu
 7 | \fBrestore\fR \fB-n\fR \fIbackupname\fR
 8 | \fB-d\fR \fIdatestamp\fR
 9 | [ \fIfile_list\fR... ]
10 | .SH DESCRIPTION
11 | Generates a tar file containing files from a given backup set.
12 | Pipe the output of this command into \fItar\fR to restore files.
13 | .SH OPTIONS
14 | .TP
15 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
16 | Name of the backup, as specified in the \fInewbackup\fR subcommand.
17 | Typically is the name of the server that was backed up.
18 | .TP
19 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
20 | Date stamp for this backup set.  The format is in
21 | time_t format, sames as the output of the "date\~+%s" command.
22 | .TP
23 | \fB\-\-graft\fR \fI/path/name/\fR\fB=\fR\fI/new/name/\fR
24 | Re\-write path names beginning with "\fI/path/name/\fR" to "\fI/new/name/\fR".
25 | This allows you to restore a file to a different location.
26 | .TP
27 | [ \fIfile\-list\fR ]
28 | List of files to restore.  Defaults to all.
29 | .SH "SEE ALSO"
30 | .hy 0
31 | \fBsnebu\fR(1),
32 | \fBsnebu\-newbackup\fR(1),
33 | \fBsnebu\-submitfiles\fR(1),
34 | \fBsnebu\-listbackups\fR(1),
35 | \fBsnebu\-expire\fR(1),
36 | \fBsnebu\-purge\fR(1),
37 | \fBsnebu\-permissions\fR(1),
38 | \fBsnebu\-client\fR(1)
39 | .PP
40 | 


--------------------------------------------------------------------------------
/docs/snebu-restore_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-restore(1) - Generates tar file from backup
 2 | 
 3 | 
 4 | ----
 5 | snebu restore -n backupname -d datestamp [ file_list... ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | Generates a tar file containing files from a given backup set.
11 | Pipe the output of this command into _tar_ to restore files.
12 | 
13 | ==== Options
14 | 
15 | 
16 | *-n*, *--name* _backupname_::
17 | Name of the backup, as specified in the _newbackup_ subcommand.
18 | Typically is the name of the server that was backed up.
19 | 
20 | *-d*, *--date* _datestamp_::
21 | Date stamp for this backup set.  The format is in
22 | time_t format, sames as the output of the "date&nbsp;+%s" command.
23 | 
24 | *--graft* _/path/name/_*=*_/new/name/_::
25 | Re-write path names beginning with "_/path/name/_" to "_/new/name/_".
26 | This allows you to restore a file to a different location.
27 | 
28 | [ _file-list_ ]::
29 | List of files to restore.  Defaults to all.
30 | 
31 | ==== See Also
32 | 
33 | *snebu*(1),
34 | *snebu-newbackup*(1),
35 | *snebu-submitfiles*(1),
36 | *snebu-listbackups*(1),
37 | *snebu-expire*(1),
38 | *snebu-purge*(1),
39 | *snebu-permissions*(1),
40 | *snebu-client*(1)
41 | 


--------------------------------------------------------------------------------
/docs/snebu-submitfiles.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU-SUBMITFILES "1" "December 2020" "snebu-submitfiles" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu submitfiles \- Recieves tar file contents to complete a backup
 5 | .SH SYNOPSIS
 6 | .B snebu
 7 | \fBsubmitfiles\fR
 8 | \fB-n\fR \fIbackupname\fR
 9 | \fB-d\fR \fIdatestamp\fR
10 | .SH DESCRIPTION
11 | The "submitfiles" sub command is called after running \fIsnebu\~newbackup\fR,
12 | and is used to submit a tar file containing the files from the snapshot manifest returned by \fInewbackup\fR.
13 | .SH OPTIONS
14 | .TP
15 | \fB\-n\fR, \fB\-\-name\fR \fIbackupname\fR
16 | Name of the backup.
17 | Typically set to the server name that you are backing up.
18 | .TP
19 | \fB\-d\fR, \fB\-\-date\fR \fIdatestamp\fR
20 | Date stamp for this backup set.
21 | The format is in time_t format, sames as the output of the "date\~+%s" command.
22 | .TP
23 | \fB\-v\fR
24 | Verbose output
25 | .SH "SEE ALSO"
26 | .hy 0
27 | \fBsnebu\fR(1),
28 | \fBsnebu\-newbackup\fR(1),
29 | \fBsnebu\-restore\fR(1),
30 | \fBsnebu\-listbackups\fR(1),
31 | \fBsnebu\-expire\fR(1),
32 | \fBsnebu\-purge\fR(1),
33 | \fBsnebu\-permissions\fR(1),
34 | \fBsnebu\-client\fR(1)
35 | .PP
36 | 


--------------------------------------------------------------------------------
/docs/snebu-submitfiles_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu-submitfiles(1) - Recieves tar file contents to complete a backup
 2 | 
 3 | 
 4 | ----
 5 | snebu submitfiles -n backupname -d datestamp
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | The "submitfiles" sub command is called after running _snebu&nbsp;newbackup_,
11 | and is used to submit a tar file containing the files from the snapshot manifest returned by _newbackup_.
12 | 
13 | ==== Options
14 | 
15 | 
16 | *-n*, *--name* _backupname_::
17 | Name of the backup.
18 | Typically set to the server name that you are backing up.
19 | 
20 | *-d*, *--date* _datestamp_::
21 | Date stamp for this backup set.
22 | The format is in time_t format, sames as the output of the "date&nbsp;+%s" command.
23 | 
24 | *-v*::
25 | Verbose output
26 | 
27 | ==== See Also
28 | 
29 | *snebu*(1),
30 | *snebu-newbackup*(1),
31 | *snebu-restore*(1),
32 | *snebu-listbackups*(1),
33 | *snebu-expire*(1),
34 | *snebu-purge*(1),
35 | *snebu-permissions*(1),
36 | *snebu-client*(1)
37 | 


--------------------------------------------------------------------------------
/docs/snebu.1:
--------------------------------------------------------------------------------
 1 | .TH SNEBU "1" "December 2020" "snebu" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | snebu \- The simple network backup system
 5 | .SH SYNOPSIS
 6 | .B snebu
 7 | [ \fB-c\fR | \fB--config\fR \fIfilepath\fR ]
 8 | \fIsubcommand \/\fR[ \fIoptions \/\fR]
 9 | .SH DESCRIPTION
10 | The \fIsnebu\fR command is a backup tool which manages storing data from
11 | backup sessions on disk-based storage, utilizing a simple database
12 | for tracking backup sets and meta data.  With the exception of administrative
13 | sub commands (expire, purge, permissions), it is typically it is called via a
14 | front end script (such as the included "snebu-client" shell script).
15 | The subcommands are listed below along with the most common options.
16 | Details on each command are given in each command's individual man page.
17 | 
18 | .SS "Sub commands are as follows:"
19 | .TP
20 | \fBnewbackup\fR \fB\-n\fR \fIbackupname\fR \fB\-d\fR \fIdatestamp\fR \fB\-r\fR \fIschedule\fR
21 | Initiates a new backup set, taking in the full backup manifest,
22 | returning a snapshot manifest.
23 | .TP
24 | \fBsubmitfiles\fR \fB\-n\fR \fIbackupname\fR \fB\-d\fR \fIdatestamp\fR
25 | Receives a backup in TAR format that fulfills the snapshot manifest returned from newbackup
26 | .TP
27 | \fBrestore\fR \fB\-n\fR \fIbackupname\fR \fB\-d\fR \fIdatestamp\fR [ \fIfile_list...\fR ]
28 | Generates a tar file containing the specified backup set.
29 | .TP
30 | \fBlistbackups\fR [ \fB\-n\fR \fIbackupname\fR [ \fB\-d\fR \fIdatestamp\fR ]] [ \fIfile_list...\fR ]
31 | List backed up hosts, backup sets within a host, or files within a backup set.
32 | .TP
33 | \fBexpire\fR [ \fB\-n\fR \fIbackupname\fR \fB\-d\fR \fIdatestamp\fR ] or [ \fB\-a\fR \fIdays\fR \fB\-r\fR \fIschedule\fR [ \fB-n\fR \fIhostname\fR ]]
34 | Expires (removes) the given backup set, or backups matching the given criteria
35 | .TP
36 | \fBpurge\fR
37 | Purges backing files from the vault that are part of expired backups
38 | .TP
39 | \fBpermissions\fR
40 | [ \fB-l\fR | \fB-a\fR | \fB-r\fR ]
41 | \fB-c\fR \fIcommand\fR
42 | \fB-n\fR \fIhostname\fR
43 | \fB-u\fR \fIuser\fR
44 | Defines permissions for a given user, when snebu is run in multi-user mode.
45 | .TP
46 | \fBhelp\fR [subcommand]
47 | Displays help page of subcommand
48 | .SH "SEE ALSO"
49 | .hy 0
50 | \fBsnebu\-newbackup\fR(1),
51 | \fBsnebu\-submitfiles\fR(1),
52 | \fBsnebu\-restore\fR(1),
53 | \fBsnebu\-listbackups\fR(1),
54 | \fBsnebu\-expire\fR(1),
55 | \fBsnebu\-purge\fR(1),
56 | \fBsnebu\-permissions\fR(1),
57 | \fBsnebu-client\fR(1)
58 | .PP
59 | 


--------------------------------------------------------------------------------
/docs/snebu.adoc:
--------------------------------------------------------------------------------
 1 | = SNEBU
 2 | :sectnums:
 3 | :sectnumlevels: 2
 4 | :toc: left
 5 | :toclevels: 2
 6 | :keywords: Snebu, Linux Backup, Snapshot, Encrypting
 7 | :nofooter:
 8 | 
 9 | :asterisk: *
10 | ++++
11 | <p style="color:rgb(150,150,150);"> Simple Network Encrypting Backup Utility</p>
12 | ++++
13 | 
14 | include::snebu-intro.adoc[]
15 | 
16 | include::snebu-quickstart.adoc[]
17 | 
18 | include::snebu-concepts.adoc[]
19 | 
20 | include::snebu-reference.adoc[]
21 | 


--------------------------------------------------------------------------------
/docs/snebu_1.adoc:
--------------------------------------------------------------------------------
 1 | === snebu(1) - The simple network backup system
 2 | 
 3 | 
 4 | ----
 5 | snebu [ -c | --config filepath ] subcommand [ options ]
 6 | ----
 7 | 
 8 | ==== Description
 9 | 
10 | The _snebu_ command is a backup tool which manages storing data from
11 | backup sessions on disk-based storage, utilizing a simple database
12 | for tracking backup sets and meta data.  With the exception of administrative
13 | sub commands (expire, purge, permissions), it is typically it is called via a
14 | front end script (such as the included "snebu-client" shell script).
15 | The subcommands are listed below along with the most common options.
16 | Details on each command are given in each command's individual man page.
17 | 
18 | [discrete]
19 | ==== Sub commands are as follows:
20 | 
21 | 
22 | *newbackup* *-n* _backupname_ *-d* _datestamp_ *-r* _schedule_::
23 | Initiates a new backup set, taking in the full backup manifest,
24 | returning a snapshot manifest.
25 | 
26 | *submitfiles* *-n* _backupname_ *-d* _datestamp_::
27 | Receives a backup in TAR format that fulfills the snapshot manifest returned from newbackup
28 | 
29 | *restore* *-n* _backupname_ *-d* _datestamp_ [ _file_list..._ ]::
30 | Generates a tar file containing the specified backup set.
31 | 
32 | *listbackups* [ *-n* _backupname_ [ *-d* _datestamp_ ]] [ _file_list..._ ]::
33 | List backed up hosts, backup sets within a host, or files within a backup set.
34 | 
35 | *expire* [ *-n* _backupname_ *-d* _datestamp_ ] or [ *-a* _days_ *-r* _schedule_ [ *-n* _hostname_ ]]::
36 | Expires (removes) the given backup set, or backups matching the given criteria
37 | 
38 | *purge*::
39 | Purges backing files from the vault that are part of expired backups
40 | 
41 | *permissions*::
42 | [ *-l* | *-a* | *-r* ]
43 | *-c* _command_
44 | *-n* _hostname_
45 | *-u* _user_
46 | Defines permissions for a given user, when snebu is run in multi-user mode.
47 | 
48 | *help* [subcommand]::
49 | Displays help page of subcommand
50 | 
51 | ==== See Also
52 | 
53 | *snebu-newbackup*(1),
54 | *snebu-submitfiles*(1),
55 | *snebu-restore*(1),
56 | *snebu-listbackups*(1),
57 | *snebu-expire*(1),
58 | *snebu-purge*(1),
59 | *snebu-permissions*(1),
60 | *snebu-client*(1)
61 | 


--------------------------------------------------------------------------------
/docs/tarcrypt.1:
--------------------------------------------------------------------------------
 1 | .TH TARCRYPT "1" "December 2020" "tarcrypt" "User Commands"
 2 | .na
 3 | .SH NAME
 4 | tarcrypt \- Compresses and encrypts file data in TAR files
 5 | .SH SYNOPSIS
 6 | .B tarcrypt
 7 | \fBencrypt\fR \fB-k\fR \fIkeyfile\fR
 8 | .sp
 9 | .B tarcrypt
10 | \fBdecrypt\fR
11 | .sp
12 | .B tarcrypt
13 | \fBgenkey\fR \fB-f\fR \fIkeyfile\fR
14 | \fB-c\fR \fIcomment\fR
15 | .SH DESCRIPTION
16 | The \fItarcrypt\fR command acts as a filter for the \fItar\fR command.
17 | In encryption mode, it will compress and encrypt the data portion of TAR files
18 | while leaving header metadata intact.  This allows the TAR file to be sent to
19 | a backup system that expects the Unix TAR format as input.
20 | .PP
21 | The key file that is generated by the \fIgenkey\fR function contains an encrypted
22 | (passphrase protected) RSA private key, public key, and HMAC key used for verification.
23 | The encrypted private key, public key, and a hash of the HMAC key are stored in
24 | the TAR file's global header.
25 | .PP
26 | Each individual file is encrypted with a random AES-256 key, which is in turn encrypted
27 | using the RSA public key.  The file contents is also signed using the HMAC key,
28 | and the signature for the file is attached to the file header.
29 | .PP
30 | During a decrypt operation, the user is prompted for the passphrase protecting the private key,
31 | which is used to decrypt the AES key stored with each file.
32 | The passphrase, along with the public key hash, are used to re-create the secret HMAC key
33 | in order to validate each file contents as it is begin decrypted.
34 | .SH OPTIONS
35 | .TP
36 | \fBencrypt\fR
37 | Reads the tar command output on standard input, outputting an encrypted tar file.
38 | .RS
39 | \fBParameters\fR:
40 | .TP
41 | \fB-k\fR, \fB\-\-keyfile\fR \fIkeyfilename\fR
42 | Specifies the key file (generated by the \fIgenkey\fR subcommand)
43 | .sp
44 | Multiple key files may be specified by repeating this parameter.
45 | .RE
46 | .TP
47 | \fBdecrypt\fR
48 | Reads an encrypted tar file on standard input, prompts for the passphrase,
49 | decrypts and verifies contents outputting a standard tar file.
50 | .TP
51 | \fBgenkey\fR
52 | Generates a key file used by the \fIencrypt\fR function.
53 | .RS
54 | \fBParameters:\fR
55 | .TP
56 | \fB-f\fR, \fB\-\-filename\fR \fIkeyfilename\fR
57 | Specifies the filename to write the keyfile out to.
58 | .TP
59 | [ \fB-c\fR, \fB\-\-comment\fR "\fIcomment text\fR" ]
60 | Specifies a comment to include in the keyfile.
61 | .PP
62 | .SH SECURITY
63 | Public Key cryptography splits up a key into two parts -- an encryption (public) key, and a decryption (private) key.
64 | The public key isn't considered sensitive -- it is designed so that one party can send encrypted data to another party,
65 | by using the other party's public key.  The private key, however, needs to be kept confidential by the receiving party.
66 | Typically the private key is stored encrypted with a symmetric algorithm (one where the same password is used to both encrypt
67 | and decrypt the data) to provide additional security.
68 | .PP
69 | In the case of tarcrypt, the sending and receiving party is the same entity,
70 | using a third party (the backup server) to store the encrypted data.
71 | If the backup is needed, chances are that the keyfile used to encrypt the backup is lost also.
72 | Therefore, both the public key (for reference), and an encrypted copy of the private key are stored
73 | in the generated encrypted tar file's global header.
74 | .PP
75 | For the purpose of file confidentiality the keyfile isn't considered sensitive,
76 | as the private key used to decrypt the data is stored in encrypted form.
77 | However, the keyfile also contains a secret HMAC key used to authenticate the contents of the encrypted
78 | tar file.  Therefore if authenticity is needed, then the keyfile must be kept confidential
79 | (i.e., stored with appropriate file system permissions to be accessed only by the backup process).
80 | .SH NOTES
81 | The tarcrypt file format is an extension of the PAX TAR format, with custom values in the PAX header.
82 | If used in conjunction with a backup tool which expects the TAR format as input,
83 | then the backup tool may need some modifications in order to handle the extensions.
84 | If the tool stores the tar file intact, and if it doesn't choke on the custom header fields,
85 | then no modifications should be necessary.  However if the backup system parses out the TAR file format
86 | (i.e., it if uses it as a serialization format), then it would need to be modified to store the encrypted
87 | header info along with the rest of the metadata, and re-generate the appropriate global and individual
88 | file headers.
89 | .PP
90 | 


--------------------------------------------------------------------------------
/docs/tarcrypt_1.adoc:
--------------------------------------------------------------------------------
 1 | === tarcrypt(1) - Compresses and encrypts file data in TAR files
 2 | 
 3 | 
 4 | ----
 5 | tarcrypt encrypt -k keyfile
 6 |  tarcrypt decrypt
 7 |  tarcrypt genkey -f keyfile -c comment
 8 | ----
 9 | 
10 | ==== Description
11 | 
12 | The _tarcrypt_ command acts as a filter for the _tar_ command.
13 | In encryption mode, it will compress and encrypt the data portion of TAR files
14 | while leaving header metadata intact.  This allows the TAR file to be sent to
15 | a backup system that expects the Unix TAR format as input.
16 | 
17 | The key file that is generated by the _genkey_ function contains an encrypted
18 | (passphrase protected) RSA private key, public key, and HMAC key used for verification.
19 | The encrypted private key, public key, and a hash of the HMAC key are stored in
20 | the TAR file's global header.
21 | 
22 | Each individual file is encrypted with a random AES-256 key, which is in turn encrypted
23 | using the RSA public key.  The file contents is also signed using the HMAC key,
24 | and the signature for the file is attached to the file header.
25 | 
26 | During a decrypt operation, the user is prompted for the passphrase protecting the private key,
27 | which is used to decrypt the AES key stored with each file.
28 | The passphrase, along with the public key hash, are used to re-create the secret HMAC key
29 | in order to validate each file contents as it is begin decrypted.
30 | 
31 | ==== Options
32 | 
33 | 
34 | *encrypt*::
35 | Reads the tar command output on standard input, outputting an encrypted tar file.
36 |     *Parameters*:
37 |  ** *-k*, *--keyfile* _keyfilename_ +
38 | Specifies the key file (generated by the _genkey_ subcommand)
39 | 
40 | Multiple key files may be specified by repeating this parameter.
41 | 
42 | 
43 | *decrypt*::
44 | Reads an encrypted tar file on standard input, prompts for the passphrase,
45 | decrypts and verifies contents outputting a standard tar file.
46 | 
47 | *genkey*::
48 | Generates a key file used by the _encrypt_ function.
49 |     *Parameters:*
50 |  ** *-f*, *--filename* _keyfilename_ +
51 | Specifies the filename to write the keyfile out to.
52 |  ** [ *-c*, *--comment* "_comment text_" ] +
53 | Specifies a comment to include in the keyfile.
54 | 
55 | ==== Security
56 | 
57 | Public Key cryptography splits up a key into two parts -- an encryption (public) key, and a decryption (private) key.
58 | The public key isn't considered sensitive -- it is designed so that one party can send encrypted data to another party,
59 | by using the other party's public key.  The private key, however, needs to be kept confidential by the receiving party.
60 | Typically the private key is stored encrypted with a symmetric algorithm (one where the same password is used to both encrypt
61 | and decrypt the data) to provide additional security.
62 | 
63 | In the case of tarcrypt, the sending and receiving party is the same entity,
64 | using a third party (the backup server) to store the encrypted data.
65 | If the backup is needed, chances are that the keyfile used to encrypt the backup is lost also.
66 | Therefore, both the public key (for reference), and an encrypted copy of the private key are stored
67 | in the generated encrypted tar file's global header.
68 | 
69 | For the purpose of file confidentiality the keyfile isn't considered sensitive,
70 | as the private key used to decrypt the data is stored in encrypted form.
71 | However, the keyfile also contains a secret HMAC key used to authenticate the contents of the encrypted
72 | tar file.  Therefore if authenticity is needed, then the keyfile must be kept confidential
73 | (i.e., stored with appropriate file system permissions to be accessed only by the backup process).
74 | 
75 | ==== Notes
76 | 
77 | The tarcrypt file format is an extension of the PAX TAR format, with custom values in the PAX header.
78 | If used in conjunction with a backup tool which expects the TAR format as input,
79 | then the backup tool may need some modifications in order to handle the extensions.
80 | If the tool stores the tar file intact, and if it doesn't choke on the custom header fields,
81 | then no modifications should be necessary.  However if the backup system parses out the TAR file format
82 | (i.e., it if uses it as a serialization format), then it would need to be modified to store the encrypted
83 | header info along with the rest of the metadata, and re-generate the appropriate global and individual
84 | file headers.
85 | 


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
1 | docs/readme.md


--------------------------------------------------------------------------------
/snebu-client-db-plugin-template:
--------------------------------------------------------------------------------
  1 | ### Snebu backup plugin template for databases
  2 | [ -z "${verbose}" ] && verbose=0
  3 | [ "${verbose}" -gt 0 ] && echo "Executing client plugin template" >&2
  4 | 
  5 | pluginpre=pluginpref
  6 | pluginpost=pluginpostf
  7 | # Initialize an internal housekeeping variable
  8 | # (Step 0)
  9 | dbstage=0
 10 | 
 11 | # Define the pre-backup script
 12 | pluginpref() {
 13 |     [ "${verbose}" -gt 0 ] && echo "Executing client plugin pre script" >&2
 14 |     # Stage 0 => haven't backed up the DB yet
 15 |     if [ "${dbstage}" = 0 ]
 16 |     then
 17 | 	# (Step 1)
 18 | 	# Save the current include/exclude list
 19 | 	OLD_INCLUDE=( "${INCLUDE[@]}" )
 20 | 	OLD_EXCLUDE=( "${EXCLUDE[@]}" )
 21 | 	OLD_EXCLUDEMATCH=( "${EXCLUDEMATCH[@]}" )
 22 | 
 23 | 	# Zero out exclude list
 24 | 	EXCLUDE=( )
 25 | 	EXCLUDEMATCH=( )
 26 | 
 27 | 	# Set the include list to include database files
 28 | 	DBF_FILES=( "$(
 29 | 	    # Function to list database filenames to standard output
 30 | 	    print_dbf_filenames
 31 | 	)" )
 32 | 	INCLUDE=( "${DBF_FILES[@]}" )
 33 | 
 34 | 	# Place DB in hot backup mode
 35 | 	begin_db_backup
 36 | 
 37 | 	# After this, snebu-client-backup takes over and backs up
 38 | 	# the above set include list.  Then control jumps to
 39 | 	# pluginpost() with dbstage still set to 0
 40 |     elif [ "${dbstage}" = 1 ]
 41 |     then
 42 | 	# (Step 3)
 43 | 	DBF_LOG_FILES=( "$(
 44 | 	    # Function to list archived transaction logs
 45 | 	    print_dbf_log_filenames
 46 | 	)" )
 47 | 	INCLUDE=( "${DBF_LOG_FILES[@]}" )
 48 | 
 49 | 	# Back to the backup with the new include list, then
 50 | 	# off to pluginpost again with dbstage set to 1
 51 |     fi
 52 | }
 53 | 
 54 | pluginpostf() {
 55 |     [ "${verbose}" -gt 0 ] && echo "client plugin post" >&2
 56 |     if [ "${dbstage}" = 0 ]
 57 |     then
 58 | 	# (Step 2)
 59 | 	# Take DB out of hot backup mode
 60 | 	end_db_backup
 61 | 	
 62 | 	# Define the next stage, and repeat the backup
 63 | 	dbstage=1
 64 | 	bkrepeat=1
 65 | 
 66 | 	# Now control jumps back to pluginpre() with dbstage=1
 67 |     elif [ "${dbstage}" = 1 ]
 68 |     then
 69 | 	# (Step 4)
 70 | 	# Restore the original include/exclude list, with the
 71 | 	# database files added to the exclude list.
 72 | 	INCLUDE=( "${OLD_INCLUDE[@]}" )
 73 | 	EXCLUDE=( "${OLD_EXCLUDE[@]}" "${DBF_FILES[@]}" "${DBF_LOG_FILES[@]}" )
 74 | 	EXCLUDEMATCH=( "${OLD_EXCLUDEMATCH[@]}" )
 75 | 
 76 | 	# Define the next stage, and repeat the backup
 77 | 	dbstage=2
 78 | 	bkrepeat=1
 79 | 
 80 | 	# Control jumps back to pluginpre(), however no more pre-
 81 | 	# processing is needed for stage 2, so the backup begins
 82 | 	# again with the original client include/exclude (plus the
 83 | 	# above database files added to the exclude).
 84 |     elif [ "${dbstage}" = 2 ]
 85 |     then
 86 | 	# (Step 5)
 87 | 	# Break the cycle, backup is completed for this host.
 88 | 	bkrepeat=0
 89 |     fi
 90 | }
 91 | 
 92 | # Also, don't forget to fill in the functions referenced above:
 93 | 
 94 | begin_db_backup() {
 95 |     [ "${verbose}" -gt 0 ] && echo "Begin DB backup" >&2
 96 |     ### Steps to place DB in hot backup mode
 97 |     ### Make sure to execute these on the target host being backed
 98 |     ### up if running from the backup server (in pull mode)
 99 | 
100 | }
101 | 
102 | end_db_backup() {
103 |     [ "${verbose}" -gt 0 ] && echo "End DB backup" >&2
104 |     ### Steps to DB out of hot backup mode
105 |     ### Make sure to execute these on the target host being backed
106 |     ### up if running from the backup server (in pull mode)
107 | }
108 | 
109 | print_dbf_filenames() {
110 |     [ "${verbose}" -gt 0 ] &&  echo "Generating DBF filenames" >&2
111 |     ### Output list of dbf file names
112 |     ### Make sure to execute these on the target host being backed
113 |     ### up if running from the backup server (in pull mode)
114 | }
115 | 
116 | print_dbf_log_filenames() {
117 |     [ "${verbose}" -gt 0 ] &&  echo "Generating DBF log filenames" >&2
118 |     ### Output list of archived transaction log file names
119 |     ### Make sure to execute these on the target host being backed
120 |     ### up if running from the backup server (in pull mode)
121 | }
122 | 


--------------------------------------------------------------------------------
/snebu-expire-purge.c:
--------------------------------------------------------------------------------
  1 | /* Copyright 2009 - 2021 Derek Pressnall
  2 |  *
  3 |  * This file is part of Snebu, the Simple Network Encrypting Backup Utility
  4 |  *
  5 |  * Snebu is free software: you can redistribute it and/or modify
  6 |  * it under the terms of the GNU General Public License Version 3
  7 |  * as published by the Free Software Foundation.
  8 |  *
  9 |  * Snebu is distributed in the hope that it will be useful,
 10 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 |  * GNU General Public License for more details.
 13 |  *
 14 |  * You should have received a copy of the GNU General Public License
 15 |  * along with Snebu.  If not, see <https://www.gnu.org/licenses/>.
 16 |  *
 17 |  */
 18 | 
 19 | #include <stdio.h>
 20 | #include <string.h>
 21 | #include <stdlib.h>
 22 | #include <sys/types.h>
 23 | #include <sys/stat.h>
 24 | #include <unistd.h>
 25 | #include <fcntl.h>
 26 | #include <getopt.h>
 27 | #include <sqlite3.h>
 28 | #include <errno.h>
 29 | 
 30 | #include "tarlib.h"
 31 | 
 32 | int expire(int argc, char **argv);
 33 | int purge(int argc, char **argv);
 34 | int help(char *topic);
 35 | void usage();
 36 | int checkperm(sqlite3 *bkcatalog, char *action, char *backupname);
 37 | 
 38 | extern sqlite3 *bkcatalog;
 39 | extern struct {
 40 |     char *vault;
 41 |     char *meta;
 42 |     int hash;
 43 | } config;
 44 | extern char *SHN;
 45 | 
 46 | int expire(int argc, char **argv)
 47 | {
 48 |     int optc;
 49 |     char retention[128];
 50 |     char bkname[128];
 51 |     char datestamp[128];
 52 |     int age = 0;
 53 |     int bkid;
 54 |     int min = 3;
 55 |     int foundopts = 0;
 56 |     sqlite3_stmt *sqlres;
 57 |     char *sqlstmt = NULL;
 58 |     char *sqlstmt_tmp = 0;
 59 |     char *sqlerr;
 60 |     time_t cutoffdate;
 61 |     bkname[0] = 0;
 62 |     struct option longopts[] = {
 63 | 	{ "name", required_argument, NULL, 'n' },
 64 | 	{ "datestamp", required_argument, NULL, 'd' },
 65 | 	{ "age", required_argument, NULL, 'a' },
 66 | 	{ "min-keep", required_argument, NULL, 'm' },
 67 | 	{ NULL, no_argument, NULL, 0 }
 68 |     };
 69 |     int longoptidx;
 70 | 
 71 |     *datestamp = *bkname = *retention = '\0';
 72 |     while ((optc = getopt_long(argc, argv, "r:n:a:k:m:d:", longopts, &longoptidx)) >= 0) {
 73 | 	switch (optc) {
 74 | 	    case 'r':
 75 | 		strncpy(retention, optarg, 127);
 76 | 		retention[127] = 0;
 77 | 		foundopts |= 1;
 78 | 		break;
 79 | 	    case 'n':
 80 | 		strncpy(bkname, optarg, 127);
 81 | 		bkname[127] = 0;
 82 | 		foundopts |= 2;
 83 | 		break;
 84 | 	    case 'a':
 85 | 		age = atoi(optarg);
 86 | 		foundopts |= 4;
 87 | 		break;
 88 | 	    case 'm':
 89 | 		min = atoi(optarg);
 90 | 		foundopts |= 8;
 91 | 		break;
 92 | 	    case 'd':
 93 | 		strncpy(datestamp, optarg, 127);
 94 | 		datestamp[127] = 0;
 95 | 		foundopts |= 16;
 96 | 		break;
 97 | 	    default:
 98 | 		usage();
 99 | 		return(1);
100 | 	}
101 |     }
102 |     if ((foundopts & 5) != 5 && (foundopts & 7) != 7 && (foundopts & 18) != 18) {
103 |         fprintf(stderr, "foundopts = %d\n", foundopts);
104 |         usage();
105 |         return(1);
106 |     }
107 | 
108 |     if (checkperm(bkcatalog, "expire", bkname)) {
109 | 	sqlite3_close(bkcatalog);
110 | 	return(1);
111 |     }
112 | //    sqlite3_busy_handler(bkcatalog, &sqlbusy, 0);
113 | 
114 |     cutoffdate = time(0) - (age * 60 * 60 * 24);
115 | 
116 |     if (*datestamp != 0) {
117 | 	int sqlite_result;
118 | 	sqlite3_prepare_v2(bkcatalog,
119 | 	    (sqlstmt = sqlite3_mprintf("select backupset_id from backupsets  "
120 | 		"where name = '%q' and serial = '%q'",
121 | 		bkname, datestamp)), -1, &sqlres, 0);
122 | 
123 | 	if ((sqlite_result = (sqlite3_step(sqlres))) == SQLITE_ROW) {
124 | 	    bkid = sqlite3_column_int(sqlres, 0);
125 | 	}
126 |         else {
127 | 	    fprintf(stderr, "Can't find specified backupset %s %s, result: %d\n", bkname, datestamp, sqlite_result);
128 | 	    exit(1);
129 | 	}
130 | 	sqlite3_finalize(sqlres);
131 | 	sqlite3_free(sqlstmt);
132 | 	sqlite3_exec(bkcatalog, "BEGIN", 0, 0, 0);
133 | 	fprintf(stderr, "Deleting %d from received_file_entities\n", bkid);
134 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
135 | 	    "delete from received_file_entities where backupset_id = %d ",
136 | 	    bkid)), 0, 0, &sqlerr);
137 | 	fprintf(stderr, "Deleting %d from needed_file_entities\n", bkid);
138 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
139 | 	    "delete from needed_file_entities where backupset_id = %d ",
140 | 	    bkid)), 0, 0, &sqlerr);
141 | 	fprintf(stderr, "Deleting %d from backupset_detail\n", bkid);
142 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
143 | 	    "delete from backupset_detail where backupset_id = %d ",
144 | 	    bkid)), 0, 0, &sqlerr);
145 | 	fprintf(stderr, "Deleting %d from backupsets\n", bkid);
146 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
147 | 	    "delete from backupsets where backupset_id = %d ",
148 | 	    bkid)), 0, 0, &sqlerr);
149 | 	fprintf(stderr, "Deleting %d from log\n", bkid);
150 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
151 | 	    "delete from log where backupset_id = %d ",
152 | 	    bkid)), 0, 0, &sqlerr);
153 | 	sqlite3_exec(bkcatalog, "END", 0, 0, 0);
154 | 	return(0);
155 |     }
156 | 
157 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
158 | 	"create temporary table if not exists expirelist ( "
159 | 	"backupset_id integer primary key )"
160 | 	)), 0, 0, &sqlerr);
161 |     if (sqlerr != 0) {
162 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
163 | 	sqlite3_free(sqlerr);
164 |     }
165 |     sqlite3_free(sqlstmt);
166 | 
167 |     if (strlen(bkname) > 0)
168 | 	sqlstmt_tmp = sqlite3_mprintf(" and e.name = %Q", bkname);
169 | 
170 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
171 | 	"insert or ignore into expirelist   "
172 | 	"select e.backupset_id from backupsets as e  "
173 | 	"left join (  "
174 | 	"  select c.backupset_id, d.ranknum  "
175 | 	"  from backupsets as c  "
176 | 	"    inner join (  "
177 | 	"      select a.backupset_id, count(*) as ranknum  "
178 | 	"      from backupsets as a  "
179 | 	"	 inner join backupsets as b on (a.name = b.name) "
180 | 	"          and (a.retention = b.retention) "
181 | 	"          and (a.serial <= b.serial) "
182 | 	"      group by a.backupset_id  "
183 | 	"      having ranknum <= %d  "
184 | 	"    ) as d on (c.backupset_id = d.backupset_id)  "
185 | 	"  order by c.name, d.ranknum  "
186 | 	") as f on e.backupset_id = f.backupset_id  "
187 | 	"where f.backupset_id is null and e.retention = '%q' and e.serial < %d%s ",
188 | 	min, retention, cutoffdate,
189 | 	strlen(bkname) > 0 ? sqlstmt_tmp : "")), 0, 0, &sqlerr);
190 |     if (sqlerr != 0) {
191 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
192 | 	sqlite3_free(sqlerr);
193 |     }
194 |     sqlite3_free(sqlstmt);
195 |     if (strlen(bkname) > 0)
196 |         sqlite3_free(sqlstmt_tmp);
197 |     
198 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
199 | 	"delete from received_file_entities where backupset_id in ( "
200 | 	"select backupset_id from expirelist)")), 0, 0, &sqlerr);
201 |     if (sqlerr != 0) {
202 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
203 | 	sqlite3_free(sqlerr);
204 |     }
205 |     sqlite3_free(sqlstmt);
206 | 
207 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
208 | 	"delete from needed_file_entities where backupset_id in ("
209 | 	"select backupset_id from expirelist)")), 0, 0, &sqlerr);
210 |     if (sqlerr != 0) {
211 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
212 | 	sqlite3_free(sqlerr);
213 |     }
214 |     sqlite3_free(sqlstmt);
215 | 
216 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
217 | 	"delete from backupset_detail where backupset_id in ("
218 | 	"select backupset_id from expirelist)")), 0, 0, &sqlerr);
219 |     if (sqlerr != 0) {
220 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
221 | 	sqlite3_free(sqlerr);
222 |     }
223 |     sqlite3_free(sqlstmt);
224 | 
225 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
226 | 	"delete from backupsets where backupset_id in ("
227 | 	"select backupset_id from expirelist)")), 0, 0, &sqlerr);
228 |     if (sqlerr != 0) {
229 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
230 | 	sqlite3_free(sqlerr);
231 |     }
232 |     sqlite3_free(sqlstmt);
233 | 
234 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
235 | 	"delete from log where backupset_id in ("
236 | 	"select backupset_id from expirelist)")), 0, 0, &sqlerr);
237 |     if (sqlerr != 0) {
238 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
239 | 	sqlite3_free(sqlerr);
240 |     }
241 |     sqlite3_free(sqlstmt);
242 |     return(0);
243 | }
244 | int purge(int argc, char **argv)
245 | {
246 |     sqlite3_stmt *sqlres;
247 |     char *sqlstmt = NULL;
248 |     char *sqlerr;
249 |     time_t purgedate;
250 |     char *destdir = config.vault;
251 |     struct stat tmpfstat;
252 |     const char *sha1;
253 |     char *destfilepath = NULL;
254 |     char *destfilepathd = NULL;
255 |     int verbose = 0;
256 | 
257 |     int optc;
258 |     int longoptidx;
259 | 
260 |     struct option longopts[] = {
261 | 	{ "verbose", no_argument, NULL, 'v' },
262 | 	{ "quiet", no_argument, NULL, 'q' },
263 | 	{ NULL, no_argument, NULL, 0 }
264 |     };
265 | 
266 |     if (isatty(2))
267 | 	verbose = 1;
268 |     while ((optc = getopt_long(argc, argv, "nv", longopts, &longoptidx)) >= 0)
269 |         switch (optc) {
270 |             case 'v':
271 |                 verbose = 1;
272 |                 break;
273 |             case 'q':
274 |                 verbose = 0;
275 |                 break;
276 |             default:
277 | 		usage();
278 |                 exit(1);
279 |         }
280 | 
281 |     if (checkperm(bkcatalog, "purge", NULL)) {
282 | 	sqlite3_close(bkcatalog);
283 | 	return(1);
284 |     }
285 | 
286 |     purgedate = time(0);
287 | 
288 |     sqlite3_exec(bkcatalog, "BEGIN", 0, 0, 0);
289 |     // If any backups are in progress, use the start time as the newest allowed purge date
290 |     sqlite3_prepare_v2(bkcatalog,
291 |         (sqlstmt = sqlite3_mprintf(
292 | 
293 | 	    "SELECT c.logdate "
294 | 	    "FROM log AS c "
295 | 	    "  INNER JOIN ( "
296 | 	    "    SELECT a.rowid, COUNT(*) AS ranknum "
297 | 	    "    FROM log AS a "
298 | 	    "      INNER JOIN log AS b ON (a.backupset_id = b.backupset_id) AND (a.logdate <= b.logdate) "
299 | 	    "       AND (a.action <= b.action) AND a.rowid <= b.rowid "
300 | 	    "    GROUP BY a.rowid "
301 | 	    "    HAVING ranknum <= 1 "
302 | 	    "  ) AS d ON (c.rowid = d.rowid) "
303 | 	    "where c.action < 6 and c.action >= 4 and c.logdate >= date('now', '-3 days') ORDER BY c.logdate limit 1")), -1, &sqlres, 0);
304 |     if ((sqlite3_step(sqlres)) == SQLITE_ROW) {
305 |         purgedate = sqlite3_column_int(sqlres, 0);
306 |     }
307 | 
308 |     if (verbose > 0)
309 | 	fprintf(stderr, "Creating temporary tables\n");
310 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
311 | 	"create temporary table if not exists purgelist1 ( \n"
312 | 	"    file_id	integer primary key, "
313 | 	"    hash	char)")), 0, 0, &sqlerr);
314 |     if (sqlerr != 0) {
315 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
316 | 	sqlite3_free(sqlerr);
317 |     }
318 | 
319 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
320 | 	"create temporary table if not exists diskfiles_purged ( \n"
321 | 	"    hash	char)")), 0, 0, &sqlerr);
322 |     if (sqlerr != 0) {
323 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
324 | 	sqlite3_free(sqlerr);
325 |     }
326 | 
327 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
328 | 	"insert into purgelist1 (file_id, hash) "
329 | 	"select f.file_id, f.%s from file_entities f "
330 | 	"left join backupset_detail d "
331 | 	"on f.file_id = d.file_id "
332 | 	"where d.file_id is null", SHN)),
333 |     0, 0, &sqlerr);
334 |     if (sqlerr != 0) {
335 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
336 | 	sqlite3_free(sqlerr);
337 |     }
338 | 
339 |     if (verbose > 0)
340 | 	fprintf(stderr, "Purging from file_entities\n");
341 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
342 | 	"delete from file_entities where file_id in ( "
343 | 	"select file_id from purgelist1) ")), 0, 0, &sqlerr);
344 |     if (sqlerr != 0) {
345 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
346 | 	sqlite3_free(sqlerr);
347 |     }
348 | 
349 |     if (verbose > 0)
350 | 	fprintf(stderr, "Creating final purge list\n");
351 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
352 | 	"insert into purgelist (datestamp, %s) "
353 | 	"select %d, d.%s from diskfiles d "
354 | 	"left join file_entities f "
355 | 	"on d.%s = f.%s "
356 | 	"where f.%s is null ", SHN, purgedate, SHN, SHN, SHN, SHN)), 0, 0, &sqlerr);
357 | 
358 |     if (sqlerr != 0) {
359 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
360 | 	sqlite3_free(sqlerr);
361 |     }
362 | 
363 |     if (verbose > 0)
364 | 	fprintf(stderr, "Removing files\n");
365 |     sqlite3_prepare_v2(bkcatalog,
366 | 	(sqlstmt = sqlite3_mprintf("select %s, datestamp from purgelist", SHN)),
367 | 	-1, &sqlres, 0);
368 |     int rows_purged = 0;
369 |     while (sqlite3_step(sqlres) == SQLITE_ROW) {
370 | 
371 | 	sha1 = (char *) sqlite3_column_text(sqlres, 0);
372 | 	strncpya0(&destfilepath, destdir, 0);
373 | 	strcata(&destfilepath, "/");
374 | 	strncata0(&destfilepath, sha1, 2);
375 | 	strcata(&destfilepath, "/");
376 | 	strcata(&destfilepath, sha1 + 2);
377 | 	if (strlen(sha1) > 40)
378 | 	    strcata(&destfilepath, ".enc");
379 | 	else
380 | 	    strcata(&destfilepath, ".lzo");
381 | 
382 | 	strncpya0(&destfilepathd, destfilepath, 0);
383 | 	strcata(&destfilepathd, ".d");
384 | //	fprintf(stderr, "Renaming %s to %s\n", destfilepath, destfilepathd);
385 | 
386 | 	if (rename(destfilepath, destfilepathd) == 0) {
387 | 	    if (stat(destfilepathd, &tmpfstat) == 0 && tmpfstat.st_mtime < sqlite3_column_int(sqlres, 1)) {
388 | //		fprintf(stderr, "Removing %s\n", destfilepath);
389 | 		remove(destfilepathd);
390 | 		sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
391 | 		    "insert into diskfiles_purged (hash) values ('%s')", sha1)), 0, 0, &sqlerr);
392 | 		if (sqlerr != 0) {
393 | 		    fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
394 | 		    sqlite3_free(sqlerr);
395 | 		}
396 | 		sqlite3_free(sqlstmt);
397 | 		rows_purged++;
398 | 	    }
399 | 	    else {
400 | 		fprintf(stderr, "    Restoring %s\n", destfilepath);
401 | 		rename(destfilepathd, destfilepath);
402 | 		sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
403 | 		    "delete from purgelist where %s = '%q'", SHN, sha1)), 0, 0, &sqlerr);
404 | 		if (sqlerr != 0) {
405 | 		    fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
406 | 		    sqlite3_free(sqlerr);
407 | 		}
408 | 		sqlite3_free(sqlstmt);
409 | 	    }
410 | 	}
411 | 	if (rows_purged % 1000 == 0) {
412 | 	    if (verbose > 0)
413 | 		fprintf(stderr, "Purged %d files          \r", rows_purged);
414 | 	    sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
415 | 		"delete from purgelist where %s in (select hash from diskfiles_purged)", SHN)), 0, 0, &sqlerr);
416 | 	    if (sqlerr != 0) {
417 | 		fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
418 | 		sqlite3_free(sqlerr);
419 | 	    }
420 | 	    sqlite3_free(sqlstmt);
421 | 	    sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
422 | 		"delete from diskfiles where %s in (select hash from diskfiles_purged)", SHN)), 0, 0, &sqlerr);
423 | 	    if (sqlerr != 0) {
424 | 		fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
425 | 		sqlite3_free(sqlerr);
426 | 	    }
427 | 	    sqlite3_free(sqlstmt);
428 | 	    sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
429 | 		"delete from diskfiles_purged")), 0, 0, &sqlerr);
430 | 	    if (sqlerr != 0) {
431 | 		fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
432 | 		sqlite3_free(sqlerr);
433 | 	    }
434 | 	    sqlite3_free(sqlstmt);
435 | 	}
436 |     }
437 |     if (verbose > 0)
438 | 	fprintf(stderr, "Purged %d files\n", rows_purged);
439 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
440 | 	"delete from purgelist where %s in (select hash from diskfiles_purged)", SHN)), 0, 0, &sqlerr);
441 |     if (sqlerr != 0) {
442 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
443 | 	sqlite3_free(sqlerr);
444 |     }
445 |     sqlite3_free(sqlstmt);
446 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
447 | 	"delete from diskfiles where %s in (select hash from diskfiles_purged)", SHN)), 0, 0, &sqlerr);
448 |     if (sqlerr != 0) {
449 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
450 | 	sqlite3_free(sqlerr);
451 |     }
452 |     sqlite3_free(sqlstmt);
453 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
454 | 	"delete from diskfiles_purged")), 0, 0, &sqlerr);
455 |     if (sqlerr != 0) {
456 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
457 | 	sqlite3_free(sqlerr);
458 |     }
459 |     sqlite3_free(sqlstmt);
460 | 
461 |     sqlite3_exec(bkcatalog, "END", 0, 0, 0);
462 |     return(0);
463 | }
464 | 


--------------------------------------------------------------------------------
/snebu-listbackups.c:
--------------------------------------------------------------------------------
  1 | /* Copyright 2009 - 2021 Derek Pressnall
  2 |  *
  3 |  * This file is part of Snebu, the Simple Network Encrypting Backup Utility
  4 |  *
  5 |  * Snebu is free software: you can redistribute it and/or modify
  6 |  * it under the terms of the GNU General Public License Version 3
  7 |  * as published by the Free Software Foundation.
  8 |  *
  9 |  * Snebu is distributed in the hope that it will be useful,
 10 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 |  * GNU General Public License for more details.
 13 |  *
 14 |  * You should have received a copy of the GNU General Public License
 15 |  * along with Snebu.  If not, see <https://www.gnu.org/licenses/>.
 16 |  *
 17 |  */
 18 | 
 19 | #include <stdio.h>
 20 | #include <stdlib.h>
 21 | #include <getopt.h>
 22 | #include <string.h>
 23 | #include <sqlite3.h>
 24 | #include <time.h>
 25 | #include <stdint.h>
 26 | 
 27 | extern struct {
 28 |     char *vault;
 29 |     char *meta;
 30 |     int hash;
 31 | } config;
 32 | 
 33 | extern sqlite3 *bkcatalog;
 34 | extern char *SHN;
 35 | 
 36 | int listbackups(int argc, char **argv);
 37 | void usage();
 38 | int checkperm(sqlite3 *bkcatalog, char *action, char *backupname);
 39 | char *stresc(char *src, char **target);
 40 | void dfree(void *b);
 41 | 
 42 | int listbackups(int argc, char **argv)
 43 | {
 44 |     int optc;
 45 |     char bkname[128];
 46 |     char datestamp[128];
 47 |     char *filespec = 0;
 48 |     int filespeclen;
 49 |     int foundopts = 0;
 50 |     sqlite3_stmt *sqlres;
 51 |     char *sqlstmt = 0;
 52 |     int i;
 53 |     time_t bktime;
 54 |     char *bktimes;
 55 |     int rowcount;
 56 |     char *dbbkname;
 57 |     char oldbkname[128];
 58 |     time_t oldbktime;
 59 |     time_t bdatestamp;
 60 |     time_t edatestamp;
 61 |     char *range;
 62 |     int err;
 63 |     struct option longopts[] = {
 64 | 	{ "name", required_argument, NULL, 'n' },
 65 | 	{ "datestamp", required_argument, NULL, 'd' },
 66 | 	{ "long", no_argument, NULL, 'l' },
 67 | 	{ "long0", no_argument, NULL, '0' },
 68 | 	{ NULL, no_argument, NULL, 0 }
 69 |     };
 70 |     int longoptidx;
 71 |     int longoutput = 0;
 72 |     int long0output = 0;
 73 |     char *escfname = 0;
 74 |     char *esclname = 0;
 75 |     char *escxheader = 0;
 76 | 
 77 | 
 78 |     *bkname = *datestamp = '\0';
 79 |     while ((optc = getopt_long(argc, argv, "n:d:l0", longopts, &longoptidx)) >= 0) {
 80 | 	switch (optc) {
 81 | 	    case 'n':
 82 | 		strncpy(bkname, optarg, 127);
 83 | 		bkname[127] = 0;
 84 | 		foundopts |= 1;
 85 | 		break;
 86 | 	    case 'd':
 87 | 		strncpy(datestamp, optarg, 127);
 88 | 		datestamp[127] = 0;
 89 | 		foundopts |= 2;
 90 | 		break;
 91 | 	    case 'l':
 92 | 		longoutput++;
 93 | 		foundopts |= 4;
 94 | 		break;
 95 | 	    case '0':
 96 | 		long0output = 1;
 97 | 		foundopts |= 8;
 98 | 		break;
 99 | 	    default:
100 | 		usage();
101 | 		return(1);
102 | 	}
103 |     }
104 |     if (foundopts != 0 && foundopts != 1 && foundopts != 3 && foundopts != 7 && foundopts != 15) {
105 | 	printf("foundopts = %d\n", foundopts);
106 |         usage();
107 |         return(1);
108 |     }
109 | 
110 |     if (argc > optind) {
111 | 	filespeclen = 4;
112 | 	for (i = optind; i < argc; i++)
113 |     	    filespeclen += strlen(argv[i]) + 20;
114 |        	filespec = malloc(filespeclen);
115 | 	filespec[0] = 0;
116 | 	for (i = optind; i < argc; i++) {
117 | 	    if (i == optind)
118 | 		strcat(filespec, " and (filename glob ");
119 | 	    else
120 | 		strcat(filespec, " or filename glob ");
121 | 	    strcat(filespec, sqlite3_mprintf("'%q'", argv[i]));
122 | 	}
123 | 	strcat(filespec, ")");
124 |     }
125 |     if (checkperm(bkcatalog, "listbackups", bkname)) {
126 | 	sqlite3_close(bkcatalog);
127 | 	return(1);
128 |     }
129 | 
130 | 
131 |     if (foundopts == 0) {
132 | 
133 | 	if (filespec == 0) {
134 | 	    err = sqlite3_prepare_v2(bkcatalog,
135 | 		(sqlstmt = sqlite3_mprintf(
136 | 		"select distinct name from backupsets order by name")), -1, &sqlres, 0);
137 | 	    rowcount = 0;
138 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
139 | 		rowcount++;
140 | 		printf("%s\n", sqlite3_column_text(sqlres, 0));
141 | 	    }
142 | 	    if (rowcount == 0) {
143 | 	        printf("No backups found %s %d\n", sqlstmt, err);
144 | 		exit(1);
145 | 	    }
146 | 	    sqlite3_finalize(sqlres);
147 | 	    sqlite3_free(sqlstmt);
148 | 	}
149 | 	else {
150 | 
151 | 	    sqlite3_prepare_v2(bkcatalog,
152 | 		(sqlstmt = sqlite3_mprintf(
153 | 		"select distinct b.name, b.serial, f.filename from backupsets b  "
154 | 		"join backupset_detail d on b.backupset_id = d.backupset_id  "
155 | 		"join file_entities f on d.file_id = f.file_id where 1"
156 | 		"%s", filespec)), -1, &sqlres, 0);
157 | 	    rowcount = 0;
158 | 	    oldbkname[0] = 0;
159 | 	    oldbktime = 0;
160 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
161 | 		rowcount++;
162 | 		dbbkname = (char *) sqlite3_column_text(sqlres, 0);
163 | 		bktime = sqlite3_column_int(sqlres, 1);
164 | 		bktimes = ctime(&bktime);
165 | 		bktimes[strlen(bktimes) - 1] = 0;
166 | 		if (strcmp(dbbkname, oldbkname) != 0)
167 | 		    printf("%s:\n", dbbkname);
168 | 		if (bktime != oldbktime)
169 | 		    printf("    %-10lu %s:\n", bktime, bktimes);
170 | 		printf("        %s\n", sqlite3_column_text(sqlres, 2));
171 | 		strncpy(oldbkname, dbbkname, 127);
172 | 		oldbkname[127] = 0;
173 | 		oldbktime = bktime;
174 | 	    }
175 | 	    if (rowcount == 0) {
176 | 		printf("No backups found for %s\n", sqlstmt);
177 | 		exit(1);
178 | 	    }
179 | 	    sqlite3_finalize(sqlres);
180 | 	    sqlite3_free(sqlstmt);
181 | 	}
182 | 
183 |     }
184 |     else if (foundopts == 1) {
185 | 	sqlite3_prepare_v2(bkcatalog,
186 |     	    (sqlstmt = sqlite3_mprintf(
187 | 	    "select distinct retention, serial from backupsets "
188 | 	    "where name = '%q' order by serial, name", bkname)),
189 | 	    -1, &sqlres, 0);
190 | 	rowcount = 0;
191 | 	printf("%s\n", bkname);
192 | 	while (sqlite3_step(sqlres) == SQLITE_ROW) {
193 | 	    rowcount++;
194 | 	    bktime = sqlite3_column_int(sqlres, 1),
195 | 	    bktimes = ctime(&bktime);
196 | 	    bktimes[strlen(bktimes) - 1] = 0;
197 | 	    printf("    %lu / %s / %s\n",
198 | 		bktime, sqlite3_column_text(sqlres, 0), bktimes);
199 | 
200 | 	}
201 | 	if (rowcount == 0) {
202 | 	    printf("No backups found\n");
203 | 	    exit(1);
204 | 	}
205 | 	sqlite3_finalize(sqlres);
206 | 	sqlite3_free(sqlstmt);
207 |     }
208 |     else if (foundopts == 3) {
209 | 	range = strchr(datestamp, '-');
210 | 	if (range != NULL) {
211 | 	    *range = '\0';
212 | 	    if (*datestamp != '\0')
213 | 		bdatestamp = atoi(datestamp);
214 | 	    else
215 | 		bdatestamp = 0;
216 | 	    if (*(range + 1) != '\0')
217 | 		edatestamp = atoi(range + 1);
218 | 	    else
219 | 		edatestamp = INT32_MAX;
220 | 	}
221 | 	else {
222 | 	    bdatestamp = atoi(datestamp);
223 | 	    edatestamp = atoi(datestamp);
224 | 	}
225 | 	sqlite3_prepare_v2(bkcatalog,
226 | 	    (sqlstmt = sqlite3_mprintf("select distinct serial, filename "
227 | 		"from file_entities_bd where name = '%q' and serial >= %d "
228 | 		"and serial <= %d%s", bkname, bdatestamp, edatestamp, filespec != 0 ? filespec : "")),
229 | 		-1, &sqlres, 0);
230 | 
231 | 	if (bdatestamp == edatestamp)
232 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
233 | 		printf("%s\n", sqlite3_column_text(sqlres, 1));
234 | 	    }
235 | 	else
236 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
237 | 		printf("%10d %s\n", sqlite3_column_int(sqlres, 0),
238 | 		sqlite3_column_text(sqlres, 1));
239 | 	    }
240 | 	sqlite3_finalize(sqlres);
241 | 	sqlite3_free(sqlstmt);
242 |     }
243 |     else if (longoutput >= 1 && long0output == 0) {
244 | 	range = strchr(datestamp, '-');
245 | 	if (range != NULL) {
246 | 	    *range = '\0';
247 | 	    if (*datestamp != '\0')
248 | 		bdatestamp = atoi(datestamp);
249 | 	    else
250 | 		bdatestamp = 0;
251 | 	    if (*(range + 1) != '\0')
252 | 		edatestamp = atoi(range + 1);
253 | 	    else
254 | 		edatestamp = INT32_MAX;
255 | 	}
256 | 	else {
257 | 	    bdatestamp = atoi(datestamp);
258 | 	    edatestamp = atoi(datestamp);
259 | 	}
260 | 	sqlite3_prepare_v2(bkcatalog,
261 | 	    (sqlstmt = sqlite3_mprintf("select distinct serial, ftype, \n"
262 | 		"permission, device_id, inode, user_name, user_id, \n"
263 | 		"group_name, group_id, size, %s, cdatestamp, datestamp, \n"
264 | 		"filename, extdata, xheader \n"
265 | 		"from file_entities_bd where name = '%q' and serial >= %d "
266 | 		"and serial <= %d%s", SHN, bkname, bdatestamp, edatestamp, filespec != 0 ? filespec : "")),
267 | 		-1, &sqlres, 0);
268 | 
269 | 	if (bdatestamp == edatestamp)
270 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
271 | 		printf("%s\t%s\t%s\t%s\t%s\t%d\t%s\t%d\t%Ld\t%s\t%d\t%d\t%s%s%s\t%s\n",
272 | 
273 | 		strcmp((char *)sqlite3_column_text(sqlres, 1), "0") == 0 ? "f" : 
274 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "2") == 0 ? "l" : 
275 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "5") == 0 ? "d" :
276 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "S") == 0 ? "f" : "u",
277 | 		sqlite3_column_text(sqlres, 2),
278 | 		sqlite3_column_text(sqlres, 3),
279 | 		sqlite3_column_text(sqlres, 4),
280 | 		sqlite3_column_text(sqlres, 5),
281 | 		sqlite3_column_int(sqlres, 6),
282 | 		sqlite3_column_text(sqlres, 7),
283 | 		sqlite3_column_int(sqlres, 8),
284 | 		sqlite3_column_int64(sqlres, 9),
285 | 		sqlite3_column_text(sqlres, 10),
286 | 		sqlite3_column_int(sqlres, 11),
287 | 		sqlite3_column_int(sqlres, 12),
288 | 		longoutput > 1 ? stresc((char *) sqlite3_column_text(sqlres, 15), &escxheader) : "",
289 | 		longoutput > 1 ? "\t" : "",
290 | 		stresc((char *) sqlite3_column_text(sqlres, 13), &escfname),
291 | 		stresc((char *) sqlite3_column_text(sqlres, 14), &esclname));
292 | 	    }
293 | 	else
294 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
295 | 		printf("%10d %s\t%s\t%s\t%s\t%s\t%d\t%s\t%d\t%Ld\t%s\t%d\t%d\t%s\t%s\n",
296 | 		sqlite3_column_int(sqlres, 0),
297 | 		strcmp((char *)sqlite3_column_text(sqlres, 1), "0") == 0 ? "f" : 
298 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "2") == 0 ? "l" : 
299 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "5") == 0 ? "d" :
300 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "S") == 0 ? "f" : "u",
301 | 		sqlite3_column_text(sqlres, 2),
302 | 		sqlite3_column_text(sqlres, 3),
303 | 		sqlite3_column_text(sqlres, 4),
304 | 		sqlite3_column_text(sqlres, 5),
305 | 		sqlite3_column_int(sqlres, 6),
306 | 		sqlite3_column_text(sqlres, 7),
307 | 		sqlite3_column_int(sqlres, 8),
308 | 		sqlite3_column_int64(sqlres, 9),
309 | 		sqlite3_column_text(sqlres, 10),
310 | 		sqlite3_column_int(sqlres, 11),
311 | 		sqlite3_column_int(sqlres, 12),
312 | 		sqlite3_column_text(sqlres, 13),
313 | 		sqlite3_column_text(sqlres, 14));
314 | 	    }
315 | 	sqlite3_finalize(sqlres);
316 | 	sqlite3_free(sqlstmt);
317 |     }
318 |     else if (long0output == 1) {
319 | 	range = strchr(datestamp, '-');
320 | 	if (range != NULL) {
321 | 	    *range = '\0';
322 | 	    if (*datestamp != '\0')
323 | 		bdatestamp = atoi(datestamp);
324 | 	    else
325 | 		bdatestamp = 0;
326 | 	    if (*(range + 1) != '\0')
327 | 		edatestamp = atoi(range + 1);
328 | 	    else
329 | 		edatestamp = INT32_MAX;
330 | 	}
331 | 	else {
332 | 	    bdatestamp = atoi(datestamp);
333 | 	    edatestamp = atoi(datestamp);
334 | 	}
335 | 	sqlite3_prepare_v2(bkcatalog,
336 | 	    (sqlstmt = sqlite3_mprintf("select distinct serial, ftype, \n"
337 | 		"permission, device_id, inode, user_name, user_id, \n"
338 | 		"group_name, group_id, size, %s, cdatestamp, datestamp, \n"
339 | 		"filename, extdata \n"
340 | 		"from file_entities_bd where name = '%q' and serial >= %d "
341 | 		"and serial <= %d%s", SHN, bkname, bdatestamp, edatestamp, filespec != 0 ? filespec : "")),
342 | 		-1, &sqlres, 0);
343 | 
344 | 	if (bdatestamp == edatestamp) {
345 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
346 | 		printf("%s\t%s\t%s\t%s\t%s\t%d\t%s\t%d\t%Ld\t%s\t%d\t%d\t%s%c",
347 | 
348 | 		strcmp((char *)sqlite3_column_text(sqlres, 1), "0") == 0 ? "f" : 
349 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "2") == 0 ? "l" : 
350 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "5") == 0 ? "d" :
351 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "S") == 0 ? "f" : "u",
352 | 		sqlite3_column_text(sqlres, 2),
353 | 		sqlite3_column_text(sqlres, 3),
354 | 		sqlite3_column_text(sqlres, 4),
355 | 		sqlite3_column_text(sqlres, 5),
356 | 		sqlite3_column_int(sqlres, 6),
357 | 		sqlite3_column_text(sqlres, 7),
358 | 		sqlite3_column_int(sqlres, 8),
359 | 		sqlite3_column_int64(sqlres, 9),
360 | 		sqlite3_column_text(sqlres, 10),
361 | 		sqlite3_column_int(sqlres, 11),
362 | 		sqlite3_column_int(sqlres, 12),
363 | 		sqlite3_column_text(sqlres, 13),
364 | 		'\0');
365 | 		if (strcmp((char *)sqlite3_column_text(sqlres, 1), "2") == 0)
366 | 		    printf("%s%c", sqlite3_column_text(sqlres, 14), '\0');
367 | 	    }
368 | 	}
369 | 	else {
370 | 	    while (sqlite3_step(sqlres) == SQLITE_ROW) {
371 | 		printf("%10d %s\t%s\t%s\t%s\t%s\t%d\t%s\t%d\t%Ld\t%s\t%d\t%d\t%s%c",
372 | 		sqlite3_column_int(sqlres, 0),
373 | 		strcmp((char *)sqlite3_column_text(sqlres, 1), "0") == 0 ? "f" : 
374 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "2") == 0 ? "l" : 
375 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "5") == 0 ? "d" :
376 | 		    strcmp((char *)sqlite3_column_text(sqlres, 1), "S") == 0 ? "f" : "u",
377 | 		sqlite3_column_text(sqlres, 2),
378 | 		sqlite3_column_text(sqlres, 3),
379 | 		sqlite3_column_text(sqlres, 4),
380 | 		sqlite3_column_text(sqlres, 5),
381 | 		sqlite3_column_int(sqlres, 6),
382 | 		sqlite3_column_text(sqlres, 7),
383 | 		sqlite3_column_int(sqlres, 8),
384 | 		sqlite3_column_int64(sqlres, 9),
385 | 		sqlite3_column_text(sqlres, 10),
386 | 		sqlite3_column_int(sqlres, 11),
387 | 		sqlite3_column_int(sqlres, 12),
388 | 		sqlite3_column_text(sqlres, 13),
389 | 		'\0');
390 | 		if (strcmp((char *)sqlite3_column_text(sqlres, 1), "2") == 0)
391 | 		    printf("%s%c", sqlite3_column_text(sqlres, 14), '\0');
392 | 	    }
393 | 	}
394 | 	sqlite3_finalize(sqlres);
395 | 	sqlite3_free(sqlstmt);
396 |     }
397 |     if (escfname != 0)
398 | 	dfree(escfname);
399 |     if (esclname != 0)
400 | 	dfree(esclname);
401 |     if (escxheader != 0)
402 | 	dfree(escxheader);
403 |     
404 |     return(0);
405 | }
406 | 


--------------------------------------------------------------------------------
/snebu-newbackup.c:
--------------------------------------------------------------------------------
  1 | /* Copyright 2009 - 2021 Derek Pressnall
  2 |  *
  3 |  * This file is part of Snebu, the Simple Network Encrypting Backup Utility
  4 |  *
  5 |  * Snebu is free software: you can redistribute it and/or modify
  6 |  * it under the terms of the GNU General Public License Version 3
  7 |  * as published by the Free Software Foundation.
  8 |  *
  9 |  * Snebu is distributed in the hope that it will be useful,
 10 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 |  * GNU General Public License for more details.
 13 |  *
 14 |  * You should have received a copy of the GNU General Public License
 15 |  * along with Snebu.  If not, see <https://www.gnu.org/licenses/>.
 16 |  *
 17 |  */
 18 | 
 19 | #include <stdio.h>
 20 | #include <stdlib.h>
 21 | #include <getopt.h>
 22 | #include <string.h>
 23 | #include <sqlite3.h>
 24 | #include <openssl/sha.h>
 25 | #include "tarlib.h"
 26 | 
 27 | extern struct {
 28 |     char *vault;
 29 |     char *meta;
 30 | } config;
 31 | 
 32 | extern sqlite3 *bkcatalog;
 33 | 
 34 | extern char *SHN;
 35 | 
 36 | int newbackup(int argc, char **argv);
 37 | int help(char *topic);
 38 | void usage();
 39 | int logaction(sqlite3 *bkcatalog, int backupset_id, int action, char *message);
 40 | char *stresc(char *src, char **target);
 41 | char *strescb(char *src, char **target, int len);
 42 | char *strunesc(char *src, char **target);
 43 | int checkperm(sqlite3 *bkcatalog, char *action, char *backupname);
 44 | int flush_inbound_files(sqlite3 *bkcatalog, int bkid, int force_full_backup, int output_terminator);
 45 | 
 46 | int newbackup(int argc, char **argv)
 47 | {
 48 |     int optc;
 49 |     char bkname[128];
 50 |     char datestamp[128];
 51 |     char retention[128];
 52 |     int foundopts = 0;
 53 |     char *filespecs = 0;
 54 |     char **filespecsl = NULL;
 55 |     size_t filespeclen = 0;
 56 |     char *linkspecs = 0;
 57 |     size_t linkspeclen = 0;
 58 |     struct {
 59 |         char ftype;
 60 |         int mode;
 61 | 	char devid[33];
 62 | 	char inode[33];
 63 |         char auid[33];
 64 |         int nuid;
 65 |         char agid[33];
 66 |         int ngid;
 67 |         unsigned long long int filesize;
 68 | 	char sha1[EVP_MAX_MD_SIZE * 2 + 1];
 69 |         int cmodtime;
 70 |         int modtime;
 71 | 	char *filename;
 72 | 	char *linktarget;
 73 |     } fs;
 74 |     int x;
 75 |     char *sqlstmt = 0;
 76 |     sqlite3_stmt *sqlres;
 77 |     int bkid = 0;
 78 |     char *sqlerr;
 79 |     char *(*graft)[2] = 0;
 80 |     int numgrafts = 0;
 81 |     int maxgrafts = 0;
 82 |     int input_terminator = 0;
 83 |     int output_terminator = 0;
 84 |     int force_full_backup = 0;
 85 |     char *unescfname = 0;
 86 |     char *unescltarget = 0;
 87 |     int verbose = 0;
 88 |     struct option longopts[] = {
 89 | 	{ "name", required_argument, NULL, 'n' },
 90 | 	{ "datestamp", required_argument, NULL, 'd' },
 91 | 	{ "retention", required_argument, NULL, 'r' },
 92 | 	{ "graft", required_argument, NULL, 0 },
 93 | 	{ "files-from", required_argument, NULL, 'T' },
 94 | 	{ "null", no_argument, NULL, 0 },
 95 | 	{ "not-null", no_argument, NULL, 0 },
 96 | 	{ "null-output", no_argument, NULL, 0 },
 97 | 	{ "not-null-output", no_argument, NULL, 0 },
 98 | 	{ "full", no_argument, NULL, 0 },
 99 | 	{ "verbose", no_argument, NULL, 'v' },
100 | 	{ NULL, no_argument, NULL, 0 }
101 |     };
102 |     int longoptidx;
103 |     int i;
104 |     int filecount = 0;
105 | 
106 | 
107 |     while ((optc = getopt_long(argc, argv, "n:d:r:v", longopts, &longoptidx)) >= 0) {
108 | 	switch (optc) {
109 | 	    case 'n':
110 | 		strncpy(bkname, optarg, 127);
111 | 		bkname[127] = 0;
112 | 		foundopts |= 1;
113 | 		break;
114 | 	    case 'd':
115 | 		strncpy(datestamp, optarg, 127);
116 | 		datestamp[127] = 0;
117 | 		foundopts |= 2;
118 | 		break;
119 | 	    case 'r':
120 | 		strncpy(retention, optarg, 127);
121 | 		retention[127] = 0;
122 | 		foundopts |= 4;
123 | 		break;
124 | 	    case 'v':
125 | 		verbose += 1;
126 | 		foundopts |= 8;
127 | 		break;
128 | 	    case 0:
129 | 		if (strcmp("graft", longopts[longoptidx].name) == 0) {
130 | 		    char *grafteqptr;
131 | 		    if (numgrafts + 1>= maxgrafts) {
132 | 			maxgrafts += 16;
133 | 			graft = realloc(graft, sizeof(*graft) * maxgrafts);
134 | 		    }
135 | 		    if ((grafteqptr = strchr(optarg, '=')) == 0) {
136 | 			help("newbackup");
137 | 			return(1);
138 | 		    }
139 | 		    graft[numgrafts][0] = optarg;
140 | 		    graft[numgrafts][1] = grafteqptr + 1;
141 | 		    *grafteqptr = 0;
142 | 		    grafteqptr--;
143 | 		    while (grafteqptr > graft[numgrafts][0] &&
144 | 			*grafteqptr == ' ')
145 | 			*(grafteqptr--) = 0;
146 | 		    grafteqptr = graft[numgrafts][1];
147 | 		    while (*grafteqptr != 0 && *grafteqptr == ' ')
148 | 			*(grafteqptr++) = 0;
149 | 		    numgrafts++;
150 | 
151 | 		}
152 | 		if (strcmp("null", longopts[longoptidx].name) == 0)
153 | 		    input_terminator = 0;
154 | 		if (strcmp("not-null", longopts[longoptidx].name) == 0)
155 | 		    input_terminator = 10;
156 | 		if (strcmp("null-output", longopts[longoptidx].name) == 0)
157 | 		    output_terminator = 0;
158 | 		if (strcmp("not-null-output", longopts[longoptidx].name) == 0)
159 | 		    output_terminator = 10;
160 | 		if (strcmp("full", longopts[longoptidx].name) == 0)
161 | 		    force_full_backup = 1;
162 | 		break;
163 | 	    default:
164 | 		usage();
165 | 		return(1);
166 | 	    }
167 | 	}
168 |     if ((foundopts & 7) != 7) {
169 | 	fprintf(stderr, "Didn't find all arguments\n");
170 |         usage();
171 |         return (1);
172 |     }
173 | 
174 |     if (checkperm(bkcatalog, "backup", bkname)) {
175 |         sqlite3_close(bkcatalog);
176 |         exit(1);
177 |     }
178 | /*
179 |     sqlite3_exec(bkcatalog,
180 |         "create temporary table if not exists temp_needed_file_entities "
181 |         "as select * from needed_file_entities where 0", 0, 0, &sqlerr);
182 |     if (sqlerr != 0) {
183 |         fprintf(stderr, "%s %s\n", sqlerr, sqlstmt);
184 |         sqlite3_free(sqlerr);
185 |     }
186 | */
187 | 
188 |     sqlite3_exec(bkcatalog, "BEGIN", 0, 0, 0);
189 |     x = sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
190 | 	"insert or ignore into backupsets (name, retention, serial)  "
191 | 	"values ('%q', '%q', '%q')", bkname, retention, datestamp)), 0, 0, &sqlerr);
192 |     if (sqlerr != 0) {
193 | 	fprintf(stderr, "%s\n%s\n\n", sqlerr, sqlstmt);
194 | 	sqlite3_free(sqlerr);
195 |     }
196 |     else {
197 | 	sqlite3_free(sqlstmt);
198 |     }
199 |     x = sqlite3_prepare_v2(bkcatalog,
200 | 	(sqlstmt = sqlite3_mprintf("select backupset_id, retention from backupsets  "
201 | 	    "where name = '%q' and serial = '%q'",
202 | 	    bkname, datestamp)), -1, &sqlres, 0);
203 |     if ((x = sqlite3_step(sqlres)) == SQLITE_ROW) {
204 |         bkid = sqlite3_column_int(sqlres, 0);
205 | 	if (strcmp((char *) sqlite3_column_text(sqlres, 1), retention) != 0) {
206 | 	    fprintf(stderr, "A backup already exists for %s/%s, but with retention schedule %s\n", bkname, datestamp, (char *) sqlite3_column_text(sqlres, 1));
207 | 	    return(1);
208 | 	}
209 |     }
210 |     else {
211 | 	fprintf(stderr, "newbackup: failed to create backup id\n");
212 |         logaction(bkcatalog, bkid, 2, "failed to create backup id");
213 | 	return(1);
214 |     }
215 |     sqlite3_finalize(sqlres);
216 |     sqlite3_free(sqlstmt);
217 | 
218 |     logaction(bkcatalog, bkid, 0, "New backup");
219 |     sqlite3_exec(bkcatalog,
220 |         "create temporary table if not exists inbound_file_entities (  \n"
221 | //      "create table if not exists inbound_file_entities (  \n"
222 |         "    backupset_id     integer,  \n"
223 |         "    ftype         char,  \n"
224 |         "    permission    char,  \n"
225 |         "    device_id     char,  \n"
226 |         "    inode         char,  \n"
227 |         "    user_name     char,  \n"
228 |         "    user_id       integer,  \n"
229 |         "    group_name    char,  \n"
230 |         "    group_id      integer,  \n"
231 |         "    size          integer,  \n"
232 |         "    hash           char,  \n"
233 |         "    cdatestamp    integer,  \n"
234 |         "    datestamp     integer,  \n"
235 |         "    filename      char,  \n"
236 |         "    extdata       char default '',  \n"
237 |         "    infilename    char,  \n"
238 |         "constraint inbound_file_entitiesc1 unique (  \n"
239 |         "    backupset_id,  \n"
240 |         "    ftype,  \n"
241 |         "    permission,  \n"
242 |         "    device_id,  \n"
243 |         "    inode,  \n"
244 |         "    user_name,  \n"
245 |         "    user_id,  \n"
246 |         "    group_name,  \n"
247 |         "    group_id,  \n"
248 |         "    size,  \n"
249 |         "    hash,  \n"
250 |         "    cdatestamp,  \n"
251 |         "    datestamp,  \n"
252 |         "    filename,  \n"
253 |         "    extdata, \n"
254 |         "    infilename))", 0, 0, &sqlerr);
255 | 
256 |     if (sqlerr != 0) {
257 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
258 | 	sqlite3_free(sqlerr);
259 |     }   
260 | 
261 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
262 | 	"create temporary table thishost_file_ids as "
263 | 	"select distinct file_id from backupsets b "
264 | 	"join backupset_detail d "
265 | 	"on b.backupset_id = d.backupset_id and name = '%q'", bkname)), 0, 0, &sqlerr);
266 |     if (sqlerr != 0) {
267 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
268 | 	sqlite3_free(sqlerr);
269 |     }
270 |     sqlite3_free(sqlstmt);
271 | 
272 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
273 | 	"create temporary table thishost_file_details as "
274 | 	"select t.file_id, ftype, permission, device_id, inode, user_name, user_id, "
275 | 	"group_name, group_id, size, %s hash, cdatestamp, datestamp, "
276 | 	"filename, extdata from thishost_file_ids t join file_entities f "
277 | 	"on t.file_id = f.file_id", SHN)), 0, 0, &sqlerr);
278 |     if (sqlerr != 0) {
279 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
280 | 	sqlite3_free(sqlerr);
281 |     }
282 |     sqlite3_free(sqlstmt);
283 | 
284 | 
285 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
286 | 	"create index if not exists thishost_file_details_i1 on thishost_file_details (hash)")), 0, 0, &sqlerr);
287 |     if (sqlerr != 0) {
288 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
289 | 	sqlite3_free(sqlerr);
290 |     }
291 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
292 | 	"create index if not exists thishost_file_details_i2 on thishost_file_details (filename)")), 0, 0, &sqlerr);
293 |     if (sqlerr != 0) {
294 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
295 | 	sqlite3_free(sqlerr);
296 |     }
297 |     sqlite3_free(sqlstmt);
298 | 
299 | 
300 |     if (verbose >= 1)
301 | 	fprintf(stderr, "Gathering full snapshot file manifest\n");
302 | 
303 |     time_t curtime = time(NULL);
304 | 
305 |     sqlite3_prepare_v2(bkcatalog,
306 | 	(sqlstmt = sqlite3_mprintf(
307 |             "insert or ignore into inbound_file_entities "
308 |             "(backupset_id, ftype, permission, device_id, inode, user_name, user_id, group_name,  "
309 |             "group_id, size, hash, cdatestamp, datestamp, filename, extdata, infilename)  "
310 | 	    "values (@bkid, @ftype, @mode, @devid, @inode, @auid, @nuid, @agid, @ngid, @filesize, @hash, @cmodtime, @modtime, @pathsub, @linktarget, @filename)")),
311 | 	    -1, &sqlres, 0);
312 | 
313 |         
314 |     char *tmppathsub = NULL;
315 |     int fib1 = 0;
316 |     int fib2 = 1;
317 |     int fib3 = 1;
318 | 
319 |     time_t starttime = time(NULL);
320 |     time_t laststattime = time(NULL);
321 |     while (getdelim(&filespecs, &filespeclen, input_terminator, stdin) > 0) {
322 | 	int pathskip = 0;
323 | 	char pathsub[4097];
324 | 	char tmpmodestr[32];
325 | 	parse(filespecs, &filespecsl, '\t');
326 | 	if (filecount < 1) {
327 | 	    sqlite3_exec(bkcatalog, "END", 0, 0, 0);
328 | 	    sqlite3_exec(bkcatalog, "BEGIN", 0, 0, 0);
329 | 	}
330 | 	filecount++;
331 | 
332 | 	fs.ftype = *(filespecsl[0]);
333 | 	fs.mode = (int) strtol(filespecsl[1], NULL, 8);
334 | 	strncpy(fs.devid, filespecsl[2], 32);
335 | 	strncpy(fs.inode, filespecsl[3], 32);
336 | 	strncpy(fs.auid, filespecsl[4], 32);
337 | 	fs.nuid = atoi(filespecsl[5]);
338 | 	strncpy(fs.agid, filespecsl[6], 32);
339 | 	fs.ngid = atoi(filespecsl[7]);
340 | 	fs.filesize = strtoull(filespecsl[8], NULL, 10);
341 | 	strncpy(fs.sha1, filespecsl[9], EVP_MAX_MD_SIZE * 2);
342 | 	fs.sha1[EVP_MAX_MD_SIZE * 2] = '\0';
343 | 	// Handle input datestamp of xxxxx.xxxxx
344 | 	if (strchr(filespecsl[10], '.') != NULL)
345 | 	    *(strchr(filespecsl[10], '.')) = '\0';
346 | 	fs.cmodtime = atoi(filespecsl[10]);
347 | 	if (strchr(filespecsl[11], '.') != NULL)
348 | 	    *(strchr(filespecsl[11], '.')) = '\0';
349 | 	fs.modtime = atoi(filespecsl[11]);
350 | 	fs.filename = filespecsl[12];
351 | 
352 | 	if (fs.filename[strlen(fs.filename) - 1] == '\n')
353 | 	    fs.filename[strlen(fs.filename) - 1] = 0;
354 | 	// Remove trailing slash from directory names
355 | 	if (strlen(fs.filename) > 1 && fs.filename[strlen(fs.filename) - 1] == '/')
356 | 	    fs.filename[strlen(fs.filename) - 1] = 0;
357 | 
358 | 	if (fs.ftype == 'l') {
359 | 	    if (input_terminator == 10) {
360 | 		fs.linktarget = strchr(fs.filename, '\t');
361 | 		if (fs.linktarget != 0) {
362 | 		    *(fs.linktarget) = 0;
363 | 		    fs.linktarget++;
364 | 		}
365 | 		else
366 | 		    fs.linktarget = "";
367 | 	    }
368 | 	    else if (getdelim(&linkspecs, &linkspeclen, 0, stdin) > 0)
369 | 		fs.linktarget = linkspecs;
370 | 	    else
371 | 		fs.linktarget = "";
372 | 	}
373 | 	else
374 | 	    fs.linktarget = "";
375 | 	if (input_terminator == 10) {
376 | 	    fs.filename = strunesc(fs.filename, &unescfname);
377 | 	    fs.linktarget = strunesc(fs.linktarget, &unescltarget);
378 | 	}
379 | 
380 | 	if (fs.ftype == 'f')
381 | 	    fs.ftype = '0';
382 | 	else if (fs.ftype == 'l') {
383 | 	    fs.ftype = '2';
384 | 	    fs.filesize = 0;
385 | 	}
386 | 	else if (fs.ftype == 'd') {
387 | 	    fs.ftype = '5';
388 | 	    fs.filesize = 0;
389 | 	}
390 | 	pathskip=0;
391 | 	*pathsub='\0';
392 | 	for (i = 0; i < numgrafts; i++) {
393 | 	    int pathskipt = strlen(graft[i][0]);
394 | 	    if (fs.ftype == '5' && *(graft[i][0] + pathskipt - 1) == '/') {
395 | 	        pathskipt--;
396 | 	    }
397 | 
398 | 	    if (strncmp(fs.filename, graft[i][0], pathskipt) == 0) {
399 | 		pathskip = pathskipt;
400 | 		strncpy(pathsub, graft[i][1], 4096);
401 | 		if (fs.ftype == '5' && *(pathsub + strlen(pathsub) - 1) == '/')
402 | 		    *(pathsub + strlen(pathsub) - 1) = '\0';
403 | 		break;
404 | 	    }
405 | 	}
406 | 	sqlite3_bind_int(sqlres, 1, bkid);
407 | 	sqlite3_bind_text(sqlres, 2, &fs.ftype, 1, SQLITE_STATIC);
408 | 	sprintf(tmpmodestr, "%4.4o", fs.mode);
409 | 	sqlite3_bind_text(sqlres, 3, tmpmodestr, -1, SQLITE_STATIC);
410 | 	sqlite3_bind_text(sqlres, 4, fs.devid, -1, SQLITE_STATIC);
411 | 	sqlite3_bind_text(sqlres, 5, fs.inode, -1, SQLITE_STATIC);
412 | 	sqlite3_bind_text(sqlres, 6, fs.auid, -1, SQLITE_STATIC);
413 | 	sqlite3_bind_int(sqlres, 7, fs.nuid);
414 | 	sqlite3_bind_text(sqlres, 8, fs.agid, -1, SQLITE_STATIC);
415 | 	sqlite3_bind_int(sqlres, 9, fs.ngid);
416 | 	sqlite3_bind_int64(sqlres, 10, fs.filesize);
417 | 	sqlite3_bind_text(sqlres, 11, fs.sha1, -1, SQLITE_STATIC);
418 | 	sqlite3_bind_int(sqlres, 12, fs.cmodtime);
419 | 	sqlite3_bind_int(sqlres, 13, fs.modtime);
420 | 	strncpya0(&tmppathsub, pathsub, 0);
421 | 	strcata(&tmppathsub, fs.filename + pathskip);
422 | 	sqlite3_bind_text(sqlres, 14, tmppathsub, -1, SQLITE_STATIC);
423 | 	sqlite3_bind_text(sqlres, 15, fs.linktarget, -1, SQLITE_STATIC);
424 | 	sqlite3_bind_text(sqlres, 16, fs.filename, -1, SQLITE_STATIC);
425 | 
426 | 	sqlite3_step(sqlres);
427 | 	sqlite3_reset(sqlres);
428 | #if 0
429 |         sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
430 |             "insert or ignore into inbound_file_entities "
431 |             "(backupset_id, ftype, permission, device_id, inode, user_name, user_id, group_name,  "
432 |             "group_id, size, hash, cdatestamp, datestamp, filename, extdata, infilename)  "
433 |             "values ('%d', '%c', '%4.4o', '%q', '%q', '%q', '%d', '%q', '%d', '%llu', '%q', '%d', '%d', '%q%q', '%q', '%q')",
434 |             bkid, fs.ftype, fs.mode, fs.devid, fs.inode, fs.auid, fs.nuid, fs.agid, fs.ngid,
435 |             fs.filesize, fs.sha1, fs.cmodtime, fs.modtime, pathsub, fs.filename + pathskip, fs.linktarget, fs.filename)), 0, 0, &sqlerr);
436 |         if (sqlerr != 0) {
437 |             fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
438 |             sqlite3_free(sqlerr);
439 |         }
440 |         sqlite3_free(sqlstmt);
441 | #endif
442 |         if (verbose > 0) {
443 | 	    if ((curtime = time(NULL)) > laststattime + 2) {
444 | 		fprintf(stderr, " Processed %d files              \r", filecount);
445 | 		laststattime = curtime;
446 | 	    }
447 | 	}
448 | 	if ((curtime = time(NULL)) > starttime + fib3) {
449 | 	    fib1 = fib2;
450 | 	    fib2 = fib3;
451 | 	    fib3 = fib1 + fib2;
452 | 
453 | 	    if (verbose > 0) {
454 | 		fprintf(stderr, "*\r");
455 | 	    }
456 | 	    flush_inbound_files(bkcatalog, bkid, force_full_backup, output_terminator);
457 | 	}
458 |     }
459 |     sqlite3_finalize(sqlres);
460 |     dfree(filespecsl);
461 |     if (filecount == 0) {
462 | 	fprintf(stderr, "Empty manifest submitted, aborting backup\n");
463 |         sqlite3_exec(bkcatalog, "ROLLBACK", 0, 0, 0);
464 |         sqlite3_close(bkcatalog);
465 | 	exit(1);
466 |     }
467 |     if (verbose > 0) {
468 | 	fprintf(stderr, "*\r");
469 | 	flush_inbound_files(bkcatalog, bkid, force_full_backup, output_terminator);
470 | 	fprintf(stderr, " Processed %d files              \n", filecount);
471 |     }
472 |     sqlite3_exec(bkcatalog, "END", 0, 0, 0);
473 |     logaction(bkcatalog, bkid, 3, "Finished generating incremental manifest");
474 | 
475 |     return(0);
476 | }
477 | int flush_inbound_files(sqlite3 *bkcatalog, int bkid, int force_full_backup, int output_terminator)
478 | {
479 |     static int first_flush = 0;
480 |     char *escfname = 0;
481 |     sqlite3_stmt *sqlres;
482 |     char *sqlstmt = 0;
483 |     char *sqlerr;
484 | 
485 |     sqlite3_exec(bkcatalog,
486 |     "create index if not exists inbound_file_entitiesi1 on inbound_file_entities (  \n"
487 |     "    filename)", 0, 0, &sqlerr);
488 |     if (sqlerr != 0) {
489 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
490 | 	sqlite3_free(sqlerr);
491 |     }
492 | 
493 |     sqlite3_exec(bkcatalog,
494 |     "create index if not exists inbound_file_entitiesi2 on inbound_file_entities (  \n"
495 |     "    infilename)", 0, 0, &sqlerr);
496 |     if (sqlerr != 0) {
497 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
498 | 	sqlite3_free(sqlerr);
499 |     }
500 | 
501 |     if (force_full_backup == 1) {
502 | 	if (first_flush == 0) {
503 | 	    sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
504 | 		"delete from needed_file_entities where backupset_id = '%d' ",
505 | 		bkid)), 0, 0, &sqlerr);
506 | 	    if (sqlerr != 0) {
507 | 		fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
508 | 		sqlite3_free(sqlerr);
509 | 	    }
510 | 	    sqlite3_free(sqlstmt);
511 | 	    first_flush = 1;
512 | 	}
513 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
514 | 	    "insert or ignore into needed_file_entities  "
515 | 	    "(backupset_id, device_id, inode, filename, infilename, size, cdatestamp)  "
516 | 	    "select %d, device_id, inode, filename, infilename, size, cdatestamp from inbound_file_entities", bkid)), 0, 0, &sqlerr);
517 | 	if (sqlerr != 0) {
518 | 	    fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
519 | 	    sqlite3_free(sqlerr);
520 | 	}
521 |     }
522 |     else {
523 | 	if (first_flush == 0) {
524 | 	    sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
525 | 		"delete from needed_file_entities where backupset_id = '%d' ",
526 | 		bkid)), 0, 0, &sqlerr);
527 | 	    if (sqlerr != 0) {
528 | 		fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
529 | 		sqlite3_free(sqlerr);
530 | 	    }
531 | 	    sqlite3_free(sqlstmt);
532 | 	    first_flush = 1;
533 | 	}
534 |         sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
535 | 	    "delete from inbound_file_entities "
536 | 	    "where exists (select * from needed_file_entities "
537 | 	    "where needed_file_entities.filename = inbound_file_entities.filename "
538 | 	    "and needed_file_entities.backupset_id = %d)" , bkid)),0, 0, &sqlerr);
539 |         if (sqlerr != 0) {
540 |             fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
541 |             sqlite3_free(sqlerr);
542 |         }   
543 |         sqlite3_free(sqlstmt);
544 | 
545 |         sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
546 |             "insert or ignore into needed_file_entities  "
547 |             "(backupset_id, device_id, inode, filename, infilename, size, cdatestamp)  "
548 |             "select distinct %d, i.device_id, i.inode, i.filename, i.infilename, "
549 |             "i.size, i.cdatestamp from inbound_file_entities i  "
550 |             "left join thishost_file_details f on  "
551 |             "i.ftype = case when f.ftype = 'S' or f.ftype = 'E' then '0' else f.ftype end  "
552 |             "and i.permission = f.permission  "
553 |             "and i.device_id = f.device_id and i.inode = f.inode  "
554 |             "and i.user_name = f.user_name and i.user_id = f.user_id  "
555 |             "and i.group_name = f.group_name and i.group_id = f.group_id  "
556 |             "and i.size = f.size and i.cdatestamp = f.cdatestamp and i.datestamp = f.datestamp  "
557 |             "and i.filename = f.filename and ((i.ftype = '0' and (f.ftype = 'S' or f.ftype = 'E'))  "
558 |             "or i.extdata = f.extdata)  "
559 |             "where f.file_id is null ",
560 |             bkid)), 0, 0, &sqlerr);
561 |         if (sqlerr != 0) {
562 |             fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
563 |             sqlite3_free(sqlerr);
564 |         }   
565 |         sqlite3_free(sqlstmt);
566 | 
567 |         sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
568 |             "insert or ignore into backupset_detail  "
569 |             "(backupset_id, file_id)  "
570 |             "select %d, f.file_id from thishost_file_details f  "
571 |             "join inbound_file_entities i  "
572 |             "on i.ftype = case when f.ftype = 'S' or f.ftype = 'E' then '0' else f.ftype end  "
573 |             "and i.permission = f.permission  "
574 |             "and i.device_id = f.device_id and i.inode = f.inode  "
575 |             "and i.user_name = f.user_name and i.user_id = f.user_id  "
576 |             "and i.group_name = f.group_name and i.group_id = f.group_id  "
577 |             "and i.size = f.size and i.cdatestamp = f.cdatestamp and i.datestamp = f.datestamp  "
578 |             "and i.filename = f.filename and ((i.ftype = '0'  and (f.ftype = 'S' or f.ftype = 'E'))  "
579 |             "or i.extdata = f.extdata)", bkid)), 0, 0, &sqlerr);
580 |         if (sqlerr != 0) {
581 |             fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
582 |             sqlite3_free(sqlerr);
583 |         }
584 |         sqlite3_free(sqlstmt);
585 |     }
586 |     sqlite3_exec(bkcatalog, "END", 0, 0, 0);
587 |     sqlite3_prepare_v2(bkcatalog, (sqlstmt = sqlite3_mprintf(
588 | 	"select n.infilename from needed_file_entities n "
589 | 	"join inbound_file_entities i "
590 | 	"on n.infilename = i.infilename "
591 | 	"where n.backupset_id = '%d'", bkid)), -1, &sqlres, 0);
592 |     while (sqlite3_step(sqlres) == SQLITE_ROW)
593 | 	if (output_terminator == 0) {
594 | 	    printf("%s", sqlite3_column_text(sqlres, 0));
595 | 	    fwrite("\000", 1, 1, stdout);
596 | 	}
597 | 	else
598 | 	    printf("%s\n", stresc((char *) sqlite3_column_text(sqlres, 0), &escfname));
599 |     fflush(stdout);
600 | 
601 |     sqlite3_finalize(sqlres);
602 |     sqlite3_free(sqlstmt);
603 | 
604 | 
605 |     sqlite3_exec(bkcatalog, "BEGIN", 0, 0, 0);
606 | 
607 |     sqlite3_exec(bkcatalog,
608 |     "drop index inbound_file_entitiesi1", 0, 0, &sqlerr);
609 |     if (sqlerr != 0) {
610 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
611 | 	sqlite3_free(sqlerr);
612 |     }
613 | 
614 |     sqlite3_exec(bkcatalog,
615 |     "drop index inbound_file_entitiesi2", 0, 0, &sqlerr);
616 |     if (sqlerr != 0) {
617 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
618 | 	sqlite3_free(sqlerr);
619 |     }
620 | 
621 |     sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
622 | 	"delete from inbound_file_entities"
623 | 	)), 0, 0, &sqlerr);
624 |     if (sqlerr != 0) {
625 | 	fprintf(stderr, "%s\n%s\n\n",sqlerr, sqlstmt);
626 | 	sqlite3_free(sqlerr);
627 |     }
628 |     sqlite3_free(sqlstmt);
629 |     return(0);
630 | }
631 | 


--------------------------------------------------------------------------------
/snebu-permissions.c:
--------------------------------------------------------------------------------
  1 | /* Copyright 2009 - 2021 Derek Pressnall
  2 |  *
  3 |  * This file is part of Snebu, the Simple Network Encrypting Backup Utility
  4 |  *
  5 |  * Snebu is free software: you can redistribute it and/or modify
  6 |  * it under the terms of the GNU General Public License Version 3
  7 |  * as published by the Free Software Foundation.
  8 |  *
  9 |  * Snebu is distributed in the hope that it will be useful,
 10 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 |  * GNU General Public License for more details.
 13 |  *
 14 |  * You should have received a copy of the GNU General Public License
 15 |  * along with Snebu.  If not, see <https://www.gnu.org/licenses/>.
 16 |  *
 17 |  */
 18 | 
 19 | #include <stdio.h>
 20 | #include <stdlib.h>
 21 | #include <string.h>
 22 | #include <sys/types.h>
 23 | #include <sys/stat.h>
 24 | #include <unistd.h>
 25 | #include <fcntl.h>
 26 | #include <utime.h>
 27 | #include <time.h>
 28 | #include <getopt.h>
 29 | #include <sqlite3.h>
 30 | #include <errno.h>
 31 | 
 32 | int restore(int argc, char **argv);
 33 | int help(char *topic);
 34 | void usage();
 35 | extern sqlite3 *bkcatalog;
 36 | int permissions(int argc, char **argv);
 37 | 
 38 | int permissions(int argc, char **argv)
 39 | {
 40 |     int optc;
 41 |     char *sqlerr;
 42 |     sqlite3_stmt *sqlres;
 43 |     char *sqlstmt = 0;
 44 |     char *sqlstmt2 = 0;
 45 |     char *sqlstmt3 = 0;
 46 |     char *sqlstmt4 = 0;
 47 |     int foundopts = 0;
 48 |     char *action = "";
 49 |     char user[128];
 50 |     char bkname[128];
 51 |     char command[128];
 52 |     struct option longopts[] = {
 53 | 	{ "list", no_argument, NULL, 'l' },
 54 | 	{ "add", no_argument, NULL, 'a' },
 55 | 	{ "remove", no_argument, NULL, 'r' },
 56 |         { "command", required_argument, NULL, 'c' },
 57 |         { "name", required_argument, NULL, 'n' },
 58 | 	{ "user", required_argument, NULL, 'u' },
 59 |         { NULL, no_argument, NULL, 0 }
 60 |     };
 61 |     int longoptidx;
 62 |     int sargs = 0;
 63 | 
 64 |     *command = *bkname = *user = '\0';
 65 |     while ((optc = getopt_long(argc, argv, "larc:n:u:", longopts, &longoptidx)) >= 0) {
 66 |         switch (optc) {
 67 | 	    case 'l':
 68 | 		action = "list";
 69 | 		foundopts |= 1;
 70 | 		break;
 71 | 	    case 'a':
 72 | 		action = "add";
 73 | 		foundopts |= 2;
 74 | 		break;
 75 | 	    case 'r':
 76 | 		action = "remove";
 77 | 		foundopts |= 4;
 78 | 		break;
 79 |            case 'c':
 80 |                 strncpy(command, optarg, 127);
 81 |                 command[127] = 0;
 82 |                 foundopts |= 8;
 83 |                 break;
 84 |            case 'n':
 85 |                 strncpy(bkname, optarg, 127);
 86 |                 bkname[127] = 0;
 87 |                 foundopts |= 16;
 88 |                 break;
 89 |            case 'u':
 90 |                 strncpy(user, optarg, 127);
 91 |                 user[127] = 0;
 92 |                 foundopts |= 32;
 93 |                 break;
 94 |             default:
 95 |                 usage();
 96 |                 exit(1);
 97 | 	}
 98 |     }
 99 | 
100 |     if (strcmp(action, "list") == 0) {
101 | 	sqlstmt2 = strlen(user) > 0 ? sargs++, sqlite3_mprintf(" where username = '%q'", user) : sqlite3_mprintf("");
102 | 	sqlstmt3 = strlen(command) > 0 ? sargs++, sqlite3_mprintf(" %s command = '%q'", (sargs < 2 ? "where" : "and"), command) : sqlite3_mprintf("");
103 | 	sqlstmt4 = strlen(bkname) > 0 ? sargs++, sqlite3_mprintf(" %s backupname = '%q'", (sargs < 2 ? "where" : "and"), bkname) : sqlite3_mprintf("");
104 | 	sqlite3_prepare_v2(bkcatalog, (sqlstmt = sqlite3_mprintf(
105 | 	    "select username, command, backupname from userpermissions%s%s%s",
106 | 	    sqlstmt2, sqlstmt3, sqlstmt4)), -1, &sqlres, 0);
107 | 	while (sqlite3_step(sqlres) == SQLITE_ROW) {
108 | 	printf("%s %s %s\n",
109 | 	    sqlite3_column_text(sqlres, 0),
110 | 	    sqlite3_column_text(sqlres, 1),
111 | 	    sqlite3_column_text(sqlres, 2));
112 | 	}
113 | 	if (sqlstmt4 != NULL)
114 | 	    sqlite3_free(sqlstmt4);
115 | 	if (sqlstmt3 != NULL)
116 | 	    sqlite3_free(sqlstmt3);
117 | 	if (sqlstmt2 != NULL)
118 | 	    sqlite3_free(sqlstmt2);
119 | 	sqlite3_free(sqlstmt);
120 |     }
121 |     if (strcmp(action, "add") == 0) {
122 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
123 | 	    "insert into userpermissions (username, command, backupname) "
124 | 	    "values ('%q', '%q', '%q')", user, command, bkname)), 0, 0, &sqlerr);
125 | 	if (sqlerr != 0) {
126 | 	    fprintf(stderr, "%s\n%s\n\n", sqlerr, sqlstmt);
127 | 	    sqlite3_free(sqlerr);
128 | 	}
129 | 	sqlite3_free(sqlstmt);
130 |     }
131 |     if (strcmp(action, "remove") == 0) {
132 | 	sqlite3_exec(bkcatalog, (sqlstmt = sqlite3_mprintf(
133 | 	    "delete from userpermissions where username = '%q' and "
134 | 	    "command = '%q' and backupname = '%q'",
135 | 	     user, command, bkname)), 0, 0, &sqlerr);
136 | 	if (sqlerr != 0) {
137 | 	    fprintf(stderr, "%s\n%s\n\n", sqlerr, sqlstmt);
138 | 	    sqlite3_free(sqlerr);
139 | 	}
140 | 	sqlite3_free(sqlstmt);
141 |     }
142 |     return(0);
143 | }
144 | 


--------------------------------------------------------------------------------
/snebu-restore.c:
--------------------------------------------------------------------------------
  1 | /* Copyright 2009 - 2021 Derek Pressnall
  2 |  *
  3 |  * This file is part of Snebu, the Simple Network Encrypting Backup Utility
  4 |  *
  5 |  * Snebu is free software: you can redistribute it and/or modify
  6 |  * it under the terms of the GNU General Public License Version 3
  7 |  * as published by the Free Software Foundation.
  8 |  *
  9 |  * Snebu is distributed in the hope that it will be useful,
 10 |  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 11 |  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 12 |  * GNU General Public License for more details.
 13 |  *
 14 |  * You should have received a copy of the GNU General Public License
 15 |  * along with Snebu.  If not, see <https://www.gnu.org/licenses/>.
 16 |  *
 17 |  */
 18 | 
 19 | #include <stdio.h>
 20 | #include <sys/types.h>
 21 | #include <sys/stat.h>
 22 | #include <unistd.h>
 23 | #include <fcntl.h>
 24 | #include <utime.h>
 25 | #include <time.h>
 26 | #include <getopt.h>
 27 | #include <sqlite3.h>
 28 | #include <errno.h>
 29 | 
 30 | #include "tarlib.h"
 31 | 
 32 | int restore(int argc, char **argv);
 33 | int help(char *topic);
 34 | void usage();
 35 | extern sqlite3 *bkcatalog;
 36 | extern struct {
 37 |     char *vault;
 38 |     char *meta;
 39 |     int hash;
 40 | } config;
 41 | extern char *SHN;
 42 | 
 43 | char *strunesc(char *src, char **target);
 44 | 
 45 | 
 46 | int restore(int argc, char **argv)
 47 | {
 48 | 
 49 |     char bkname[128];
 50 |     char datestamp[128];
 51 | 
 52 |     char graftfilename[8192];
 53 |     int optc;
 54 |     int foundopts = 0;
 55 |     int i;
 56 |     int sqlite_result;
 57 | 
 58 |     unsigned int lendian = 1;	// Little endian?
 59 | 
 60 |     char *sqlstmt = 0;
 61 |     sqlite3_stmt *sqlres;
 62 |     sqlite3_stmt *sqlres2;
 63 |     int sqlres2_result;
 64 |  
 65 | //    sqlite3 *bkcatalog;
 66 | //    char *bkcatalogp = NULL;
 67 |     char *filespec = 0;
 68 |     int filespeclen;
 69 |     char *sqlerr;
 70 |     int use_pax_header = 0;
 71 |     int verbose = 0;
 72 |     char *(*graft)[2] = 0;
 73 |     int numgrafts = 0;
 74 |     int maxgrafts = 0;
 75 |     struct option longopts[] = {
 76 | 	{ "name", required_argument, NULL, 'n' },
 77 | 	{ "datestamp", required_argument, NULL, 'd' },
 78 | 	{ "pax", no_argument, NULL, 0 },
 79 | 	{ "graft", required_argument, NULL, 0 },
 80 | 	{ "verbose", no_argument, NULL, 'v' },
 81 | 	{ "files-from", required_argument, NULL, 'T' },
 82 | 	{ "null", no_argument, NULL, 0 },
 83 | 	{ NULL, no_argument, NULL, 0 }
 84 |     };
 85 |     int longoptidx;
 86 |     time_t bdatestamp;
 87 |     time_t edatestamp;
 88 |     char *range;
 89 |     FILE *FILES_FROM = NULL;
 90 |     char *files_from_fname = malloc(4097);
 91 |     char *files_from_fnameu = malloc(4097);
 92 |     char files_from_0 = 0;
 93 |     size_t files_from_fname_len = 4096;
 94 |     char *join_files_from_sql = NULL;
 95 | 
 96 |     lendian = (unsigned int) (((unsigned char *)(&lendian))[0]); // little endian test
 97 | 
 98 |     while ((optc = getopt_long(argc, argv, "n:d:T:v", longopts, &longoptidx)) >= 0) {
 99 | 	switch (optc) {
100 | 	    case 'n':
101 | 		strncpy(bkname, optarg, 127);
102 | 		bkname[127] = 0;
103 | 		foundopts |= 1;
104 | 		break;
105 | 	    case 'd':
106 | 		strncpy(datestamp, optarg, 127);
107 | 		datestamp[127] = 0;
108 | 		foundopts |= 2;
109 | 		break;
110 | 	    case 'v':
111 | 		verbose = 1;
112 | 		break;
113 | 	    case 0:
114 | 		if (strcmp("pax", longopts[longoptidx].name) == 0)
115 |                     use_pax_header = 1;
116 | 		if (strcmp("graft", longopts[longoptidx].name) == 0) {
117 | 		    char *grafteqptr;
118 | 		    if (numgrafts + 1>= maxgrafts) {
119 | 			maxgrafts += 16;
120 | 			graft = realloc(graft, sizeof(*graft) * maxgrafts);
121 | 		    }
122 | 		    if ((grafteqptr = strchr(optarg, '=')) == 0) {
123 | 			help("restore");
124 | 			exit(1);
125 | 		    }
126 | 		    graft[numgrafts][0] = optarg;
127 | 		    graft[numgrafts][1] = grafteqptr + 1;
128 | 		    *grafteqptr = 0;
129 | 		    grafteqptr--;
130 | 		    while (grafteqptr > graft[numgrafts][0] &&
131 | 			*grafteqptr == ' ')
132 | 			*(grafteqptr--) = 0;
133 | 		    grafteqptr = graft[numgrafts][1];
134 | 		    while (*grafteqptr != 0 && *grafteqptr == ' ')
135 | 			*(grafteqptr++) = 0;
136 | 		    numgrafts++;
137 | 		}
138 | 		if (strcmp("null", longopts[longoptidx].name) == 0)
139 |                     files_from_0 = 1;
140 | 		break;
141 | 	    case 'T':
142 | 		if (strcmp(optarg, "-") == 0)
143 | 		    FILES_FROM = stdin;
144 | 		else
145 | 		    if ((FILES_FROM = fopen(optarg, "r")) == NULL) {
146 | 			fprintf(stderr, "Error opening file %s\n", optarg);
147 | 			return(1);
148 | 		    }
149 | 		break;
150 | 	    default:
151 | 		usage();
152 | 		return(1);
153 | 	}
154 |     }
155 |     if (foundopts != 3) {
156 | 	fprintf(stderr, "Didn't find all arguments\n");
157 |         usage();
158 |         return(1);
159 |     }
160 | 
161 |     if (argc > optind) {
162 | 	filespeclen = 4;
163 | 	for (i = optind; i < argc; i++)
164 |     	    filespeclen += strlen(argv[i]) + 22;
165 |        	filespec = malloc(filespeclen);
166 | 	filespec[0] = 0;
167 | 	for (i = optind; i < argc; i++) {
168 | 	    if (i == optind)
169 | 		strcat(filespec, " and (filename glob ");
170 | 	    else
171 | 		strcat(filespec, " or filename glob ");
172 | 	    strcat(filespec, (sqlstmt = sqlite3_mprintf("'%q'", argv[i])));
173 | 	    sqlite3_free(sqlstmt);
174 | 	  
175 | 	}
176 | 	strcat(filespec, ")");
177 |     }
178 | 
179 | 
180 | 
181 |     range = strchr(datestamp, '-');
182 |     if (range != NULL) {
183 | 	*range = '\0';
184 | 	if (*datestamp != '\0')
185 | 	    bdatestamp = atoi(datestamp);
186 | 	else
187 | 	    bdatestamp = 0;
188 | 	if (*(range + 1) != '\0')
189 | 	    edatestamp = atoi(range + 1);
190 | 	else
191 | 	    edatestamp = INT32_MAX;
192 |     }
193 |     else {
194 | 	bdatestamp = atoi(datestamp);
195 | 	edatestamp = atoi(datestamp);
196 |     }
197 | 
198 |     if (FILES_FROM != NULL) {
199 | 	sqlite3_exec(bkcatalog, sqlstmt =
200 | 	    "create temporary table if not exists files_from ( "
201 | 	    "filename char, "
202 | 	    "constraint files_existc1 unique ( "
203 | 	    "    filename))", 0, 0, 0);
204 | 	sqlite3_free(sqlstmt);
205 | 	while ((files_from_0 == 0 ?
206 | 	    getline(&files_from_fname, &files_from_fname_len, FILES_FROM) :
207 | 	    getdelim(&files_from_fname, &files_from_fname_len, 0, FILES_FROM)) > -1) {
208 | 	    if (files_from_fname[strlen(files_from_fname) - 1] == '\n')
209 | 		files_from_fname[strlen(files_from_fname) - 1] = '\0';
210 | 	    sqlite3_exec(bkcatalog, sqlstmt = sqlite3_mprintf(
211 | 		"insert or ignore into files_from "
212 | 		"(filename) values ('%q')", files_from_0 != 0 ? files_from_fname :
213 | 		strunesc(files_from_fname, &files_from_fnameu)), 0, 0, &sqlerr);
214 | 	    sqlite3_free(sqlstmt);
215 | 	    if (sqlerr != 0) {
216 | 		fprintf(stderr, "%s\n\n\n",sqlerr);
217 | 		sqlite3_free(sqlerr);
218 | 	    }
219 | 	}
220 | 	join_files_from_sql = "join files_from r on f.filename = r.filename";
221 | 
222 |     }
223 |     if (verbose >= 1)
224 | 	fprintf(stderr, "Gathering file metadata\n");
225 |     sqlite3_exec(bkcatalog, 
226 | 	"create temporary table if not exists restore_file_entities (  \n"
227 | //	"create table if not exists restore_file_entities (  \n"
228 | 	"file_id       integer, \n"
229 | 	"ftype         char,  \n"
230 | 	"permission    char,  \n"
231 | 	"device_id     char,  \n"
232 | 	"inode         char,  \n"
233 | 	"user_name     char,  \n"
234 | 	"user_id       integer,  \n"
235 | 	"group_name    char,  \n"
236 | 	"group_id      integer,  \n"
237 | 	"size          integer,  \n"
238 | 	"hash           char,  \n"
239 | 	"datestamp     integer,  \n"
240 | 	"filename      char,  \n"
241 | 	"extdata       char default '',  \n"
242 | 	"xheader       blob default '',  \n"
243 | 	"serial        char, \n"
244 |     "constraint restore_file_entitiesc1 unique (  \n"
245 | 	"ftype,  \n"
246 | 	"permission,  \n"
247 | 	"device_id,  \n"
248 | 	"inode,  \n"
249 | 	"user_name,  \n"
250 | 	"user_id,  \n"
251 | 	"group_name,  \n"
252 | 	"group_id,  \n"
253 | 	"size,  \n"
254 | 	"hash,  \n"
255 | 	"datestamp,  \n"
256 | 	"filename,  \n"
257 | 	"extdata,  \n"
258 | 	"xheader ))", 0, 0, &sqlerr);
259 |     if (sqlerr != 0) {
260 |         fprintf(stderr, "%s\n", sqlerr);
261 |         sqlite3_free(sqlerr);
262 |     }
263 | 	
264 |     sqlite3_exec(bkcatalog, sqlstmt = sqlite3_mprintf(
265 | 	"insert or ignore into restore_file_entities  "
266 | 	"(file_id, ftype, permission, device_id, inode, user_name, user_id,  "
267 | 	"group_name, group_id, size, hash, datestamp, filename, extdata, xheader, serial)  "
268 | 	"select file_id, ftype, permission, device_id, inode, user_name, user_id,  group_name, "
269 | 	"group_id, size, %s, datestamp, f.filename, extdata, xheader, f.serial "
270 | 	"from ( "
271 | 	"select filename, max(serial) as serial "
272 | 	"from file_entities_bd "
273 | 	"%s "
274 | 	"where %sname = '%q' "
275 | 	"and %sserial >= %d and serial <= %d"
276 | 	"%s "
277 | 	"group by filename) as f "
278 | 	"inner join file_entities_bd as m "
279 | 	"on m.filename = f.filename "
280 | 	"and m.serial = f.serial ", SHN,
281 | 	join_files_from_sql != NULL ? join_files_from_sql : "",
282 | 	filespec != NULL ? "+" : "",
283 | 	bkname, filespec != NULL ? "+" : "",
284 | 	bdatestamp, edatestamp, filespec != 0 ?  filespec : ""), 0, 0, &sqlerr);
285 |     if (sqlerr != 0) {
286 | 	fprintf(stderr, "%s %s\n",sqlerr, sqlstmt);
287 | 	sqlite3_free(sqlerr);
288 |     }
289 |     sqlite3_free(sqlstmt);
290 |     sqlite3_exec(bkcatalog,
291 |         "create index if not exists restore_file_entitiesi1 on restore_file_entities (  \n"
292 |         "    file_id)", 0, 0, &sqlerr);
293 |     if (sqlerr != 0) {
294 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
295 | 	sqlite3_free(sqlerr);
296 |     }
297 |     sqlite3_exec(bkcatalog,
298 |         "create index if not exists restore_file_entitiesi2 on restore_file_entities (  \n"
299 |         "    filename)", 0, 0, &sqlerr);
300 |     if (sqlerr != 0) {
301 | 	fprintf(stderr, "%s\n\n\n",sqlerr);
302 | 	sqlite3_free(sqlerr);
303 |     }
304 | 
305 | // Create temp db to tar key ID map
306 |     if (verbose >= 1)
307 | 	fprintf(stderr, "Checking if any files are encrypted\n");
308 |     sqlite3_exec(bkcatalog,
309 |         "create temporary table if not exists temp_keymap ( "
310 | //        "create table if not exists temp_keymap ( "
311 |         "tar_keynum     integer primary key, "
312 |         "db_keynum      integer "
313 |         ")", 0, 0, &sqlerr);
314 |     if (sqlerr != 0) {
315 |         fprintf(stderr, "%s\n", sqlerr);
316 |         sqlite3_free(sqlerr);
317 |     }
318 | 
319 |     sqlite3_exec(bkcatalog,
320 | 	"insert into temp_keymap (db_keynum) "
321 | 	"select distinct keynum from cipher_detail "
322 | 	"join restore_file_entities "
323 | 	"on cipher_detail.file_id = restore_file_entities.file_id "
324 | 	"order by 1",
325 |         0, 0, &sqlerr);
326 |     if (sqlerr != 0) {
327 |         fprintf(stderr, "%s\n", sqlerr);
328 |         sqlite3_free(sqlerr);
329 |     }
330 | 
331 | // Get list of keygroups for encrypted header
332 |     sqlite3_prepare_v2(bkcatalog, (sqlstmt = sqlite3_mprintf(
333 | 	"select group_concat(keygroup, ',') keygroups from "
334 | 	"( "
335 | 	"select distinct group_concat(tar_keynum - 1, '|') keygroup from cipher_detail c "
336 | 	"join restore_file_entities r "
337 | 	"on c.file_id = r.file_id "
338 | 	"join temp_keymap on keynum = db_keynum "
339 | 	"group by c.file_id "
340 | 	"order by 1 "
341 | 	") ")), -1, &sqlres, 0);
342 | 
343 |     sqlite3_free(sqlstmt);
344 |     char *keygroups = NULL;
345 |     sqlite_result = sqlite3_step(sqlres);
346 |     if (sqlite_result == SQLITE_ROW && sqlite3_column_text(sqlres, 0) != NULL) {
347 | 	strncpya0(&keygroups, (char *) sqlite3_column_text(sqlres, 0), 0);
348 |     }
349 |     sqlite3_finalize(sqlres);
350 | 
351 |     sqlite3_exec(bkcatalog, sqlstmt = sqlite3_mprintf(
352 | 	"create temporary view hardlink_file_entities  "
353 | 	"as select min(file_id) as file_id, ftype, permission, device_id,  "
354 | 	"inode, user_name, user_id, group_name, group_id, size, hash, datestamp,  "
355 | 	"filename, extdata, xheader from restore_file_entities where ftype = '0' or ftype = 'E' group by ftype,  "
356 | 	"permission, device_id, inode, user_name, user_id, group_name,  "
357 | 	"group_id, size, hash, datestamp, extdata, xheader having count(*) > 1;"), 0, 0, 0);
358 | 
359 |     sqlite3_free(sqlstmt);
360 | 
361 | // Build global header
362 | 
363 |     int numkeys = 0;
364 |     if (keygroups != NULL && strlen(keygroups) > 0) {
365 | 	if (verbose >= 1)
366 | 	    fprintf(stderr, "Building encrypted header\n");
367 | 	struct filespec gh;
368 | 	struct key_st *keys = NULL;
369 | 	fsinit(&gh);
370 | 	gh.ftype = 'g';
371 | 	strncpya0(&(gh.filename), "././@xheader", 12);
372 | 	setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.version", "1", 1);
373 | 	sqlite3_prepare_v2(bkcatalog, (sqlstmt = sqlite3_mprintf(
374 | 	    "select distinct tar_keynum - 1, pkfp, eprivkey, pubkey, hmackeyhash, comment "
375 | 	    "from temp_keymap join cipher_master on "
376 | 	    "db_keynum = cipherid order by tar_keynum")), -1, &sqlres, 0);
377 | 	sqlite3_free(sqlstmt);
378 | 	while (sqlite3_step(sqlres) == SQLITE_ROW) {
379 | 	    if (numkeys == 0)
380 | 		keys = malloc(sizeof(struct key_st) * (numkeys + 1));
381 | 	    else
382 | 		keys = realloc(keys, sizeof(struct key_st) * (numkeys + 1));
383 | 	    keys[numkeys].fingerprint = NULL;
384 | 	    keys[numkeys].comment = NULL;
385 | 	    keys[numkeys].eprvkey = NULL;
386 | 	    keys[numkeys].pubkey = NULL;
387 | 	    keys[numkeys].hmac_hash_b64 = NULL;
388 | 	    keys[numkeys].comment = NULL;
389 | 
390 | 	    strcata(&keys[numkeys].fingerprint, (char *) sqlite3_column_text(sqlres, 1));
391 | 	    strcata(&keys[numkeys].eprvkey, (char *) sqlite3_column_text(sqlres, 2));
392 | 	    strcata(&keys[numkeys].pubkey, (char *) sqlite3_column_text(sqlres, 3));
393 | 	    strcata(&keys[numkeys].hmac_hash_b64, (char *) sqlite3_column_text(sqlres, 4));
394 | 	    strcata(&keys[numkeys].comment, (char *) sqlite3_column_text(sqlres, 5));
395 | 	    numkeys++;
396 | 	}
397 | 	sqlite3_finalize(sqlres);
398 | 	if (numkeys > 1) {
399 | 	    char paxhdr_varstring[64];
400 | 
401 | 	    for (int keynum = 0; keynum < numkeys; keynum++) {
402 | 		char tmpnumstr[64];
403 | 		sprintf(tmpnumstr, "%d", numkeys);
404 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.numkeys", tmpnumstr, strlen(tmpnumstr));
405 | 		sprintf(paxhdr_varstring, "TC.pubkey.fingerprint.%d", keynum);
406 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), paxhdr_varstring, keys[keynum].fingerprint, strlen(keys[keynum].fingerprint));
407 | 		sprintf(paxhdr_varstring, "TC.eprivkey.%d", keynum);
408 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), paxhdr_varstring, keys[keynum].eprvkey, strlen(keys[keynum].eprvkey));
409 | 		sprintf(paxhdr_varstring, "TC.pubkey.%d", keynum);
410 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), paxhdr_varstring, keys[keynum].pubkey, strlen(keys[keynum].pubkey));
411 | 		sprintf(paxhdr_varstring, "TC.hmackeyhash.%d", keynum);
412 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), paxhdr_varstring, keys[keynum].hmac_hash_b64, strlen(keys[keynum].hmac_hash_b64));
413 | 		sprintf(paxhdr_varstring, "TC.keyfile.comment.%d", keynum);
414 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), paxhdr_varstring, keys[keynum].comment, strlen(keys[keynum].comment));
415 | 	    }
416 | 	    if (keygroups != NULL) {
417 | 		setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.keygroups", keygroups, strlen(keygroups));
418 | 		dfree(keygroups);
419 | 	    }
420 | 	}
421 | 	else {
422 | 	    int keynum = 0;
423 | 	    setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.pubkey.fingerprint", keys[keynum].fingerprint, strlen(keys[keynum].fingerprint));
424 | 	    setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.eprivkey", keys[keynum].eprvkey, strlen(keys[keynum].eprvkey));
425 | 	    setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.pubkey", keys[keynum].pubkey, strlen(keys[keynum].pubkey));
426 | 	    setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.hmackeyhash", keys[keynum].hmac_hash_b64, strlen(keys[keynum].hmac_hash_b64));
427 | 	    setpaxvar(&(gh.xheader), &(gh.xheaderlen), "TC.keyfile.comment", keys[keynum].comment, strlen(keys[keynum].comment));
428 | 	}
429 | 	tar_write_next_hdr(&gh);
430 | 	fsfree(&gh);
431 | 	if (numkeys > 0) {
432 | 	    for (int i = 0; i < numkeys; i++) {
433 | 		dfree(keys[i].comment);
434 | 		dfree(keys[i].fingerprint);
435 | 		dfree(keys[i].hmac_hash_b64);
436 | 		dfree(keys[i].eprvkey);
437 | 		dfree(keys[i].pubkey);
438 | 	    }
439 | 	    free(keys);
440 | 	}
441 | 
442 |     }
443 | 
444 |     if (verbose >= 1)
445 | 	fprintf(stderr, "Sorting files\n");
446 |     sqlite3_prepare_v2(bkcatalog, (sqlstmt = sqlite3_mprintf(
447 | 	"select a.file_id, "
448 | 	"case when b.file_id not null and a.file_id != b.file_id  "
449 | 	"then 1 else a.ftype end,  "
450 | 	"a.permission, a.device_id, a.inode, a.user_name, a.user_id,  "
451 | 	"a.group_name, a.group_id, case when b.file_id not null and a.file_id != b.file_id then 0 else a.size end, a.hash, a.datestamp, a.filename,  "
452 | 	"case when b.file_id not null and a.file_id != b.file_id  "
453 | 	"then b.filename else a.extdata end, a.xheader, c.keygroup "
454 | 	"from restore_file_entities a left join hardlink_file_entities b  "
455 | 	"on a.ftype = b.ftype and a.permission = b.permission  "
456 | 	"and a.device_id = b.device_id and a.inode = b.inode  "
457 | 	"and a.user_name = b.user_name and a.user_id = b.user_id  "
458 | 	"and a.group_name = b.group_name and a.group_id = b.group_id  "
459 | 	"and a.size = b.size and a.hash = b.hash and a.datestamp = b.datestamp  "
460 | 	"and a.extdata = b.extdata and a.xheader = b.xheader "
461 | 	"left join "
462 | 
463 | 	"(select cd.file_id, group_concat(tar_keynum - 1, '|') keygroup from cipher_detail cd "
464 | 	"join restore_file_entities f "
465 | 	"on cd.file_id = f.file_id "
466 | 	"join temp_keymap on keynum = db_keynum "
467 | 	"group by cd.file_id "
468 | 	"order by 1) c "
469 | 	"on a.file_id = c.file_id order by 1"
470 | 	)), -1, &sqlres, 0);
471 |     sqlite3_free(sqlstmt);
472 |     sqlite3_prepare_v2(bkcatalog,
473 | 	(sqlstmt = sqlite3_mprintf(
474 | 	"select f.file_id, c.hmac, m.tar_keynum - 1 "
475 | 	"from restore_file_entities f join cipher_detail c "
476 | 	"on f.file_id = c.file_id join temp_keymap m "
477 | 	"on c.keynum = m.db_keynum order by 1, 3")), -1, &sqlres2, 0);
478 | 
479 |     sqlite3_free(sqlstmt);
480 | 
481 |     sqlres2_result = sqlite3_step(sqlres2);
482 |     struct filespec fs;
483 |     fsinit(&fs);
484 |     char buf[512];
485 |     char *sha1filepath = NULL;
486 |     char *c_hdrbuf = NULL;
487 |     size_t c_hdrbuf_alloc = 0;
488 |     char *paxdata = NULL;
489 |     int paxdatalen = 0;
490 |     while (sqlite3_step(sqlres) == SQLITE_ROW) {
491 | 	char in_ftype = (sqlite3_column_text(sqlres, 1))[0];
492 | 	FILE *sha1file;
493 | 	size_t (*backing_fread)();
494 | 	void *backing_f_handle;
495 | 	size_t bytestoread;
496 | 	size_t blockpad;
497 | 	char tmpfsstring[32];
498 | 
499 | 	if (in_ftype == 'E')
500 | 	    fs.ftype = '0';
501 | 	else
502 | 	    fs.ftype = (sqlite3_column_text(sqlres, 1))[0];
503 | 	fs.mode = strtoll((char *) sqlite3_column_text(sqlres, 2), 0, 8);
504 | 
505 | 	strncpy(fs.auid, (char *) sqlite3_column_text(sqlres, 5), 32);
506 |         fs.nuid = sqlite3_column_int(sqlres, 6);
507 |         strncpy(fs.agid, (char *) sqlite3_column_text(sqlres, 7), 32);
508 |         fs.ngid = sqlite3_column_int(sqlres, 8);
509 |         fs.filesize = sqlite3_column_int64(sqlres, 9);
510 |         fs.modtime = sqlite3_column_int(sqlres, 11);
511 | 	strncpya0(&(fs.filename), (char *) sqlite3_column_text(sqlres, 12), sqlite3_column_bytes(sqlres, 12));
512 | 	strncpya0(&(fs.linktarget), (char *) sqlite3_column_text(sqlres, 13), sqlite3_column_bytes(sqlres, 13));
513 | 	memcpya((void **) &(fs.xheader), (void *) sqlite3_column_blob(sqlres, 14), sqlite3_column_bytes(sqlres, 14));
514 | 	fs.xheaderlen = sqlite3_column_bytes(sqlres, 14);
515 | 	    
516 | 	// Process graft filenames
517 | 	for (i = 0; i < numgrafts; i++) {
518 | 	    if (strncmp(fs.filename, graft[i][0], strlen(graft[i][0])) == 0) {
519 | 		snprintf(graftfilename, 8192, "%s%s", graft[i][1], fs.filename + strlen(graft[i][0]));
520 | 		strncpya0(&fs.filename, graftfilename, 0);
521 | 		break;
522 | 	    }
523 | 	}
524 | 
525 | 	if (((in_ftype == '0' || in_ftype == 'S') && fs.filesize > 0) || in_ftype == 'E' ||
526 | 	    getpaxvar(fs.xheader, fs.xheaderlen, "TC.sparse", &paxdata, &paxdatalen) == 0) {
527 | 	    if (sha1filepath != NULL)
528 | 		sha1filepath[0] = '\0';
529 | 	    strcata(&sha1filepath, config.vault);
530 | 	    strcata(&sha1filepath, "/");
531 | 	    strncata0(&sha1filepath, (char *) sqlite3_column_text(sqlres, 10), 2);
532 | 	    strcata(&sha1filepath, "/");
533 | 	    strcata(&sha1filepath, (char *) sqlite3_column_text(sqlres, 10) + 2);
534 | 	    if (in_ftype == '0' || in_ftype == 'S' || in_ftype == '1')
535 | 		strcata(&sha1filepath, ".lzo");
536 | 	    else if (in_ftype == 'E')
537 | 		strcata(&sha1filepath, ".enc");
538 | 
539 | 	    sha1file = fopen(sha1filepath, "r");
540 | 	    if (sha1file == NULL) {
541 | 		perror("restore: open backing file:");
542 | 		fprintf(stderr, "ftype: %c Can not restore %s -- missing backing file %s\n", in_ftype, fs.filename, sha1filepath);
543 | 		continue;
544 | 	    }
545 | 	    if (in_ftype == 'E') {
546 | 		char paxhdr_varstring[32];
547 | 		int sz_c_hdr;
548 | 		char *tc_compression;
549 | 		char *tc_cipher;
550 | 
551 | 		backing_f_handle = sha1file;
552 | 		backing_fread = fread;
553 | 		fseek(sha1file, 0L, SEEK_END);
554 | 		bytestoread = ftell(sha1file);
555 | 		rewind(sha1file);
556 | 		sz_c_hdr = getline(&c_hdrbuf, &c_hdrbuf_alloc, sha1file);
557 | 		tc_compression = c_hdrbuf;
558 | 		tc_cipher = strchr(c_hdrbuf, '|');
559 | 		if (tc_cipher != NULL) {
560 | 		    tc_cipher[0] = '\0';
561 | 		    tc_cipher++;
562 | 		    tc_cipher[strlen(tc_cipher) - 1] = '\0';
563 | 		}
564 | 		bytestoread -= sz_c_hdr;
565 | 		sprintf(tmpfsstring, "%llu", fs.filesize);
566 | 		setpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.compression", tc_compression, strlen(tc_compression));
567 | 		setpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.original.size", tmpfsstring, strlen(tmpfsstring));
568 | 		setpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.cipher", tc_cipher, strlen(tc_cipher));
569 | 		c_hdrbuf[0] = '\0';
570 | //		setpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.filters", "compression|cipher", 18);
571 | 		delpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.keygroup");
572 | 		delpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.segmented.header");
573 | 		if (numkeys > 1)
574 | 		    setpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.keygroup", (char *) sqlite3_column_text(sqlres, 15), sqlite3_column_bytes(sqlres, 15));
575 | 		while (sqlres2_result == SQLITE_ROW && sqlite3_column_int(sqlres2, 0) < sqlite3_column_int(sqlres, 0))
576 | 		    sqlres2_result = sqlite3_step(sqlres2);
577 | 		while (sqlres2_result == SQLITE_ROW && sqlite3_column_int(sqlres2, 0) == sqlite3_column_int(sqlres, 0)) {
578 | 		    if (numkeys > 1) {
579 | 			sprintf(paxhdr_varstring, "TC.hmac.%d", sqlite3_column_int(sqlres2, 2));
580 | 			setpaxvar(&(fs.xheader), &(fs.xheaderlen), paxhdr_varstring, (char *) sqlite3_column_text(sqlres2, 1), strlen((char *)  sqlite3_column_text(sqlres2, 1)));
581 | 
582 | 		    }
583 | 		    else
584 | 			setpaxvar(&(fs.xheader), &(fs.xheaderlen), "TC.hmac", (char *) sqlite3_column_text(sqlres2, 1), strlen((char *) sqlite3_column_text(sqlres2, 1)));
585 | 		    sqlres2_result = sqlite3_step(sqlres2);
586 | 
587 | 		}
588 | 
589 | 		fs.filesize = bytestoread;
590 | 	    }
591 | 	    else {
592 | 		backing_f_handle = lzop_init_r(fread, sha1file);
593 | 		backing_fread = lzop_read;
594 | 		bytestoread = fs.filesize;
595 | 	    }
596 | 	    if (in_ftype == 'S') {
597 | 		char *s_buf = NULL;
598 | 		int n;
599 | 		char **sparselist = NULL;
600 | 		unsigned long int sparsehdrsz;
601 | 		c_getline(&s_buf, backing_fread, backing_f_handle);
602 | 		n = parse(s_buf, &sparselist, ':');
603 | 		if (n <= 1 || n % 2 != 1) {
604 | 		    fprintf(stderr, "Sparse data corrupted header %s %d %s\n", sha1filepath, n, fs.filename);
605 | 		    continue;
606 | 		}
607 | 		fs.n_sparsedata = (n - 1) / 2;
608 | 		fs.sparse_realsize = fs.filesize;
609 | 		fs.filesize = strtoull(sparselist[0], 0, 10);
610 | 		bytestoread=fs.filesize;
611 | 		if (dmalloc_size(fs.sparsedata) < fs.n_sparsedata * sizeof(struct sparsedata))
612 | 		    fs.sparsedata = dmalloc(fs.n_sparsedata * sizeof(struct sparsedata));
613 | 		sparsehdrsz = ilog10(fs.n_sparsedata) + 2;
614 | 		for (int i = 0; i < (n - 1) / 2; i ++) {
615 | 		    ((fs.sparsedata)[i]).offset = strtoull(sparselist[i * 2 + 1], 0, 10);
616 | 		    ((fs.sparsedata)[i]).size = strtoull(sparselist[i * 2 + 2], 0, 10);
617 | 		    sparsehdrsz += ilog10(fs.sparsedata[i].offset) + 2;
618 |                     sparsehdrsz += ilog10(fs.sparsedata[i].size) + 2;
619 | 		}
620 | 
621 | 		sparsehdrsz += (512 - ((sparsehdrsz - 1) % 512 + 1));
622 | 		//fs.filesize += sparsehdrsz;
623 | 		dfree(sparselist);
624 | 		dfree(s_buf);
625 | 
626 | 	    }
627 | 	    blockpad = 512 - ((bytestoread - 1) % 512 + 1);
628 | 
629 | 	    if (use_pax_header == 1)
630 | 		fs.pax = 1;
631 | 	    tar_write_next_hdr(&fs);
632 | 	    while (bytestoread > 0) {
633 | 		size_t c;
634 | 		c = backing_fread(buf, 1, bytestoread > 512 ? 512 : bytestoread, backing_f_handle);
635 | 		if (c == 0)
636 | 		    break;
637 | 		fwrite(buf, 1, c, stdout);
638 | 		bytestoread -= c;
639 | 	    }
640 | 	    memset(buf, 0, 512);
641 | 	    fwrite(buf, 1, blockpad, stdout);
642 | 	    if (in_ftype != 'E')
643 | 	        lzop_finalize_r((struct lzop_file *) backing_f_handle);
644 | 	    fclose(sha1file);
645 | 	}
646 | 	else {
647 | 	    tar_write_next_hdr(&fs);
648 | 	}
649 | 
650 | 	fsclear(&fs);
651 |     }
652 |     sqlite3_finalize(sqlres);
653 |     sqlite3_finalize(sqlres2);
654 |     fsfree(&fs);
655 |     dfree(sha1filepath);
656 |     memset(buf, 0, 512);
657 |     fwrite(buf, 1, 512, stdout);
658 |     fwrite(buf, 1, 512, stdout);
659 |     if (c_hdrbuf != NULL)
660 | 	free(c_hdrbuf);
661 | 
662 |     if (graft != NULL)
663 | 	free(graft);
664 |     free(files_from_fname);
665 |     free(files_from_fnameu);
666 |     return(0);
667 | }
668 | 


--------------------------------------------------------------------------------
/snebu.conf:
--------------------------------------------------------------------------------
1 | vault=/var/lib/snebu/vault
2 | meta=/var/lib/snebu/catalog
3 | 


--------------------------------------------------------------------------------
/snebu_update_db.sql:
--------------------------------------------------------------------------------
  1 | alter table file_entities rename to file_entities_old;
  2 | alter table received_file_entities rename to received_file_entities_old;
  3 | alter table needed_file_entities rename to needed_file_entities_old;
  4 | 
  5 | create table if not exists file_entities ( 
  6 |     file_id       integer primary key, 
  7 |     ftype         char, 
  8 |     permission    char, 
  9 |     device_id     char, 
 10 |     inode         char, 
 11 |     user_name     char, 
 12 |     user_id       integer, 
 13 |     group_name    char, 
 14 |     group_id      integer, 
 15 |     size          integer, 
 16 |     sha1           char, 
 17 |     cdatestamp    integer, 
 18 |     datestamp     integer, 
 19 |     filename      char, 
 20 |     extdata       char default '', 
 21 |     xheader       blob default '', 
 22 | constraint file_entities_c1 unique ( 
 23 |     ftype, 
 24 |     permission, 
 25 |     device_id, 
 26 |     inode, 
 27 |     user_name, 
 28 |     user_id, 
 29 |     group_name, 
 30 |     group_id, 
 31 |     size, 
 32 |     sha1, 
 33 |     cdatestamp, 
 34 |     datestamp, 
 35 |     filename, 
 36 |     extdata, 
 37 |     xheader ));
 38 | 
 39 | create table if not exists received_file_entities ( 
 40 |     file_id       integer primary key, 
 41 |     backupset_id  integer, 
 42 |     ftype         char, 
 43 |     permission    char, 
 44 |     user_name     char, 
 45 |     user_id       integer, 
 46 |     group_name    char, 
 47 |     group_id      integer, 
 48 |     size          integer, 
 49 |     sha1          char, 
 50 |     datestamp     integer, 
 51 |     filename      char, 
 52 |     extdata       char default '', 
 53 |     xheader       blob default '', 
 54 | foreign key(backupset_id) references backupsets(backupset_id), 
 55 |     unique ( 
 56 |     backupset_id, 
 57 |     ftype, 
 58 |     permission, 
 59 |     user_name, 
 60 |     user_id, 
 61 |     group_name, 
 62 |     group_id, 
 63 |     size, 
 64 |     sha1, 
 65 |     datestamp, 
 66 |     filename, 
 67 |     extdata, 
 68 |     xheader ));
 69 | 
 70 | create table if not exists needed_file_entities ( 
 71 | backupset_id  integer, 
 72 | device_id     char, 
 73 | inode         char, 
 74 | filename      char, 
 75 | infilename    char, 
 76 | size          integer, 
 77 | cdatestamp    integer, 
 78 | foreign key(backupset_id) references backupsets(backupset_id), 
 79 | unique ( 
 80 | backupset_id, 
 81 | filename,
 82 | infilename ));
 83 | 
 84 | 
 85 | insert into file_entities 
 86 |     ( file_id, ftype, permission, device_id, inode, user_name, user_id,
 87 |     group_name, group_id, size, sha1, cdatestamp, datestamp, filename,
 88 |     extdata, xheader)
 89 |     select file_id, ftype, permission, device_id, inode, user_name, user_id,
 90 |     group_name, group_id, size, sha1, datestamp, datestamp, filename,
 91 |     extdata, '' from file_entities_old;
 92 | 
 93 | insert into received_file_entities 
 94 |     ( file_id, backupset_id, ftype, permission, user_name, user_id,
 95 |     group_name, group_id, size, sha1, datestamp, filename, extdata, xheader)
 96 |     select file_id, backupset_id, ftype, permission, user_name, user_id,
 97 |     group_name, group_id, size, sha1, datestamp, filename, extdata, ''
 98 |     from received_file_entities_old;
 99 | 
100 | insert into needed_file_entities
101 |     (backupset_id, device_id, inode, filename, infilename, size, cdatestamp)
102 |     select backupset_id, device_id, inode, filename, infilename, size, '' 
103 |     from needed_file_entities_old;
104 | 


--------------------------------------------------------------------------------
/tarcrypt.txt:
--------------------------------------------------------------------------------
 1 | Synopsis
 2 | ----
 3 | Tarcrypt is a filter which process an input tar file, and outputs an encryption enhanced tar file containing extended header information related to the encryption.
 4 | 
 5 | The data is presented in a tar compatible format with additional PAX style extended headers describing items such as the compression and encryption algorithms, encrypted private key, public key, and HMAC information.  The purpose of utilizing tar style headers, instead of just encrypting the entire file as one unit, is to maintain a format that can be used with existing Unix/Linux backup tools which already support tar file inputs, with minimum modifications to those tools.
 6 | 
 7 | To produce an encrypted tar file the following commands are used.
 8 | 
 9 | Creating a key file
10 | ----
11 | tarcrypt genkey -f [keyfile.key] [-c "comment" ]
12 | 
13 | This will generate an RSA keypair, and prompt for a passphrase to protect the private key.  The encrypted private key, public key, an HMAC key, and other information are stored in the key file.  Only the HMAC key should be considered secret, as it is used to provide message integrity.  The rest of the information is stored in the output tar file in the global header.
14 | 
15 | Encrypting a tar file
16 | ----
17 | [tar command] | tarcrypt encrypt -k [keyfile.key] >[encrypted_file.tar.enc]
18 | 
19 | Create a tar file, and pipe it as input into tarcrypt.  This has been tested on GNU tar, and supports tar files with standard GNU extensions along with files with PAX headers and extended file attributes.  The -k option may be specified multiple times with different keys, which will produce an encrypted file that can be decoded using the password from any of the keys.
20 | 
21 | Decrypting a tar file
22 | ----
23 | cat encrypted_file.tar.enc |tarcrypt decrypt >plaintext.tar
24 | 
25 | You will be prompted for the passphrase protecting the private key embedded in the encrypted tar file global header.  A standard tar file will be generated as output.
26 | 
27 | Tarcrypt file format
28 | ----
29 | The format of the data produced by tarcrypt follows the standard POSIX tar file layout.  Each file data block is proceeded with a 512-byte header, containing metadata about the file (file name, size, date, owner, etc).  In addition, this 512-byte header can be proceeded by a PAX header which contains a similar 512-byte header block followed by a data block containing key-value pairs.  Therefore, tarcrypt places its extended information into this PAX header.
30 | 
31 | PAX extend header fields used by tarcrypt
32 | ----
33 | The global header contains the following fields
34 | 
35 |     TC.eprivkey -- Encrypted RSA private key
36 |     TC.pubkey -- Public key matching the above private key
37 |     TC.pubkey.fingerprint -- Fingerprint of the public key
38 |     TC.hmackeyhash -- SHA256 hash of the HMAC authentication key
39 |     TC.keyfile.comment -- Comment line from the key file used to generate the encrypted tar
40 |     TC.version -- version number of the file format
41 | 
42 | If there is more than one encryption key file used, the above fields (with the exception of TC.version) are appended with a number indicating which key they belong to.  For example: TC.pubkey.0 is the public key for the first key file, TC.pubkey.1 is for the second key.  Additionally, a grouping field "TC.keygroups" is specified that groups certain keys together.  For example:
43 | 
44 |     TC.keygroups=0|1,2|1
45 | 
46 | This indicates that there are two key groups.  The first group, "0|1", means that files in this group are encoded with keys 0 and 1.  The second group, "2|1", relate to files that are encoded with keys 2 and 1.
47 | 
48 | 
49 | In addition, each individual file header contains the following:
50 | 
51 |     TC.filters -- which filters were used to process raw file (i.e., "compression|cipher")
52 |     TC.compression -- compression algorithm used prior to encryption
53 |     TC.cipher -- cipher algorithm string (i.e., rsa-aes256-gcm)
54 |     TC.original.size -- size of the original raw file
55 |     TC.hmac -- HMAC hash computed from the hmackey in the key file, and the raw file contents.
56 | 
57 | If more than one key file is used, then the key group that this file belongs to is specified with:
58 | 
59 |     TC.keygroup -- which key group this file belongs to from TC.keygroups in the global header (0 indexed)
60 | 
61 | 
62 | If an input file, after compression and encryption, is larger than the default internal buffer size (10 MB), the encrypted contents are broken into multiple segments.  In that case, the following header field is included
63 | 
64 |     TC.segmented.header=1 -- set to 1 for true, field not present for false.
65 | 
66 | This indicates that the file is represented as multiple segments in the tar file, in the format:
67 | 
68 |     original_filename/part.[sequence_number]
69 | 
70 | That is, the original file header is converted to a directory type object, and each segment (of 10 MB) is represented as files under that directory with increasing sequence numbers in the file name.
71 | 
72 | The final segment is preceded with a PAX header with the fields:
73 | 
74 | TC.segmented.final=1 -- indicating this is the final segment
75 | TC.hmac -- computed HMAC hash of the raw input file
76 | (Again, TC.hmac may be followed by a numeric digit [0 indexed] indicating the key it belongs to)
77 | 
78 | The purpose of segmented files is that when compressing a file prior to encryption, the final size of the file is not known unless two passes are made (which takes time, and has failure modes if the file is being updated during processing).  And the tar format requires that the 512-byte header block proceeding the file data block contain the exact size of the data block (which is now compressed and encrypted).  So by processing the file and storing the output in internal buffers, tarcrypt can write out each segment header block at the time the buffer is filled, with a known file size for that segment to put in the header.
79 | 
80 | Information for existing backup tools
81 | ----
82 | If a backup program supports consuming tar files, it would may need to be modified to recognize the above headers, and reproduce them when generating a file restore.  If the inbound tar file is not kept whole (i.e., if the file contents are broken down and the meta data extracted from the headers), then the backup software will need to be able to re-generate the appropriate header information when performing a restore operations, prior to passing the generated tar file back through the tarcrypt program.  Note, that if a segmented file is ingested, the re-generated tar file upon restore does not need to maintain the segmented format.  Instead, if the size is known, it can safely combine the segments into a single file block.
83 | 


--------------------------------------------------------------------------------
/tarlib.h:
--------------------------------------------------------------------------------
  1 | #include <stdio.h>
  2 | #include <string.h>
  3 | #include <stdlib.h>
  4 | #include <stdint.h>
  5 | #include <unistd.h>
  6 | #include <sys/types.h>
  7 | #include <pwd.h>
  8 | #include <lzo/lzoconf.h>
  9 | #include <lzo/lzo1x.h>
 10 | #include <arpa/inet.h>
 11 | #include <getopt.h>
 12 | #include <openssl/rsa.h>
 13 | #include <openssl/pem.h>
 14 | #include <openssl/err.h>
 15 | #include <openssl/evp.h>
 16 | #include <openssl/rand.h>
 17 | #include <openssl/hmac.h>
 18 | #include <openssl/ui.h>
 19 | 
 20 | // TAR header format
 21 | struct tarhead {
 22 |     char filename[100];    //   0 - 99
 23 |     char mode[8];                   // 100 - 107
 24 |     char nuid[8];                   // 108 - 115
 25 |     char ngid[8];                   // 116 - 123
 26 |     char size[12];                  // 124 - 135
 27 |     char modtime[12];               // 136 - 147
 28 |     char chksum[8];                 // 148 - 155
 29 |     char ftype[1];                  // 156
 30 |     char linktarget[100];  // 157 - 256
 31 |     char ustar[6];                  // 257 - 262
 32 |     char ustarver[2];               // 263 - 264
 33 |     char auid[32];                  // 265 - 296
 34 |     char agid[32];                  // 297 - 328
 35 |     char devmaj[8];                 // 329 - 336
 36 |     char devmin[8];                 // 337 - 344
 37 |     union {
 38 | 	char fileprefix[155];       // 345 - 499
 39 | 	struct {
 40 | 	    char reserved1[41];     // 345 - 385
 41 | 	    struct {
 42 | 		char offset[12];    // 386 - 397, 410 - 421, ...
 43 | 		char size[12];      // 398 - 409, 422 - 431, ...
 44 | 	    } sd[4];                // 386 - 481 -- GNU TAR sparse file extension
 45 | 	    char isextended;        // 482
 46 | 	    char realsize[12];      // 483 - 494
 47 | 	    char reserved2[5];      // 495 - 499
 48 | 	} sph;   // sparse header   // 345 - 499
 49 |     } u;
 50 |     char reserved[12];              // 500 - 511
 51 | };
 52 | 
 53 | // GNU TAR sparse file extension, extended sparse header
 54 | struct speh {
 55 |     struct {
 56 | 	char offset[12];
 57 | 	char size[12];
 58 |     } sd[21];                       // 0 - 503
 59 |     char isextended;                // 504
 60 |     char reserved[8];               // 505 - 512
 61 | };  // sparse extended header
 62 | 
 63 | 
 64 | // Structure holding file metadata
 65 | struct filespec {
 66 |     char ftype;
 67 |     int mode;
 68 |     char devid[33];
 69 |     char inode[33];
 70 |     char auid[33];
 71 |     int nuid;
 72 |     char agid[33];
 73 |     int ngid;
 74 |     unsigned long long int filesize;
 75 |     unsigned long long int sparse_realsize;
 76 |     time_t modtime;
 77 |     char *filename;
 78 |     char *linktarget;
 79 |     char *xheader;
 80 |     int xheaderlen;
 81 |     struct sparsedata *sparsedata;
 82 |     int n_sparsedata;
 83 |     int pax;
 84 | };
 85 | 
 86 | struct sparsedata {
 87 |     unsigned long long int offset;
 88 |     unsigned long long int size;
 89 | };
 90 | 
 91 | struct lzop_file {
 92 |     char *buf;
 93 |     char *bufp;
 94 |     char *cbuf;
 95 |     lzo_uint bufsize;
 96 |     lzo_uint cbufsize;
 97 |     size_t (*c_fwrite)();
 98 |     size_t (*c_fread)();
 99 |     void *c_handle;
100 |     unsigned char *working_memory;
101 |     char mode;
102 | };
103 | #define F_H_FILTER      0x00000800L
104 | 
105 | struct sha_file {
106 |     size_t (*c_fwrite)();
107 |     size_t (*c_fread)();
108 |     void *c_handle;
109 |     int hash;
110 |     union {
111 | 	SHA_CTX cfshactl;
112 | 	SHA256_CTX cfsha256ctl;
113 |     } u;
114 | };
115 | 
116 | struct hmac_file {
117 |     size_t (*c_fwrite)();
118 |     size_t (*c_fread)();
119 |     void *c_handle;
120 |     HMAC_CTX **hctx;
121 |     unsigned char **key;
122 |     int *keysz;
123 |     int nk;
124 | };
125 | 
126 | struct tarsplit_file {
127 |     char *buf;
128 |     char *bufp;
129 |     size_t bufsize;
130 |     char *basename_path;
131 |     size_t (*c_fread)();
132 |     size_t (*c_fwrite)();
133 |     void *c_handle;
134 |     int segn;
135 |     int finalseg;
136 |     int segremaining;
137 |     int segsize;
138 |     struct filespec *orig_fs;
139 |     struct filespec *tmp_fs;
140 |     char *xheader;
141 |     int xheaderlen;
142 |     int nk;
143 |     unsigned char **hmac;
144 |     char mode;
145 | };
146 | 
147 | struct rsa_file {
148 |     unsigned char *buf;
149 |     unsigned char *bufp;
150 |     unsigned char *outbuf;
151 |     unsigned char *inbuf;
152 |     size_t bufsize;
153 |     size_t bufused;
154 |     size_t outbufsize;
155 |     size_t inbufsize;
156 |     int eof;
157 |     char mode;
158 |     size_t (*c_fwrite)();
159 |     size_t (*c_fread)();
160 |     void *c_handle;
161 |     unsigned char **ek;
162 |     unsigned char iv[EVP_MAX_IV_LENGTH];
163 |     int *eklen;
164 |     int nk;
165 |     EVP_CIPHER_CTX *ctx;
166 |     EVP_PKEY *evp_keypair;
167 | };
168 | 
169 | struct key_st {
170 |     char *eprvkey;
171 |     char *pubkey;
172 |     char *fingerprint;
173 |     EVP_PKEY *evp_keypair;
174 |     char *hmac_key_b64;
175 |     char *hmac_hash_b64;
176 |     unsigned char hmac_key[EVP_MAX_MD_SIZE];
177 |     char *comment;
178 |     char *keydata;
179 |     int group;
180 | };
181 | 
182 | struct rsa_keys {
183 |     int numkeys;
184 |     struct key_st *keys;
185 | };
186 | 
187 | struct tar_maxread_st {
188 |     size_t max;
189 |     size_t sz;
190 |     size_t (*c_fread)();
191 |     void *c_handle;
192 | };
193 | 
194 | int tarencrypt(int argc, char **argv);
195 | int tardecrypt();
196 | int tar_get_next_hdr(struct filespec *fs);
197 | int tar_write_next_hdr(struct filespec *fs);
198 | int fsinit(struct filespec *fs);
199 | int fsclear(struct filespec *fs);
200 | int fsfree(struct filespec *fs);
201 | int fsdup(struct filespec *tsf, struct filespec *sfs);
202 | int parse(char *in, char ***out, char t);
203 | void *dmalloc(size_t size);
204 | void dfree(void *b);
205 | void *drealloc(void *b, size_t size) ;
206 | size_t dmalloc_size(void *b);
207 | char *strncpya0(char **dest, const char *src, size_t n);
208 | char *strcata(char **dest, const char *src);
209 | char *strncata0(char **dest, const char *src, size_t n);
210 | void *memcpya(void **dest, void *src, size_t n);
211 | void *memcpyao(void **dest, void *src, size_t n, size_t offset);
212 | int getpaxvar(char *paxdata, int paxlen, char *name, char **rvalue, int *rvaluelen);
213 | int cmpspaxvar(char *paxdata, int paxlen, char *name, char *invalue);
214 | int setpaxvar(char **paxdata, int *paxlen, char *inname, char *invalue, int invaluelen);
215 | int delpaxvar(char **paxdata, int *paxlen, char *inname);
216 | int cpypaxvarstr(char *paxdata, int paxlen, char *name, char **target);
217 | unsigned int ilog10(unsigned long long int n);
218 | char *ulli2g(unsigned long long int v, char *p);
219 | unsigned long long int g2ulli(char *p);
220 | size_t fwritec(const void *ptr, size_t size, size_t nmemb, size_t (*c_fwrite)(), void *c_handle, uint32_t *chksum);
221 | 
222 | struct lzop_file *lzop_init(char mode, size_t (*c_fwrite)(), void *c_handle);
223 | struct lzop_file *lzop_init_w(size_t (*c_fwrite)(), void *c_handle);
224 | struct lzop_file *lzop_init_r(size_t (*c_fread)(), void *c_handle);
225 | size_t lzop_write(void *buf, size_t sz, size_t count, struct lzop_file *cfile);
226 | size_t lzop_read(void *buf, size_t sz, size_t count, struct lzop_file *cfile);
227 | int lzop_finalize(struct lzop_file *cfile);
228 | int lzop_finalize_w(struct lzop_file *cfile);
229 | int lzop_finalize_r(struct lzop_file *cfile);
230 | 
231 | struct rsa_file *rsa_file_init(char mode, EVP_PKEY **evp_keypair, int nk, size_t (*c_ffunc)(), void *c_handle);
232 | size_t rsa_read(void *buf, size_t sz, size_t count, struct rsa_file *rcf);
233 | size_t rsa_write(void *buf, size_t sz, size_t count, struct rsa_file *rcf);
234 | int rsa_file_finalize(struct rsa_file *rcf);
235 | 
236 | struct sha_file *sha_file_init_w(size_t (*c_ffunc)(), void *c_handle, int hash);
237 | size_t sha_file_write(void *buf, size_t sz, size_t count, struct sha_file *s1f);
238 | int sha_finalize_w(struct sha_file *s1f, unsigned char *cfsha);
239 | 
240 | struct hmac_file *hmac_file_init_w(size_t (*c_ffunc)(), void *c_handle, unsigned char **key, int *keysz, int nk);
241 | size_t hmac_file_write(void *buf, size_t sz, size_t count, struct hmac_file *hmacf);
242 | int hmac_finalize_w(struct hmac_file *hmacf, unsigned char **cfhmac, unsigned int *cfhmac_len);
243 | struct hmac_file *hmac_file_init_r(size_t (*c_ffunc)(), void *c_handle, unsigned char **key, int *keysz, int nk);
244 | size_t hmac_file_read(void *buf, size_t sz, size_t count, struct hmac_file *hmacf);
245 | int hmac_finalize_r(struct hmac_file *hmacf, unsigned char **cfhmac, unsigned int *cfhmac_len);
246 | 
247 | struct tarsplit_file *tarsplit_init_w(size_t (*c_fwrite)(), void *c_handle, char *basename_path, size_t bufsize, struct filespec *fs, int nk);
248 | struct tarsplit_file *tarsplit_init_r(size_t (*c_fwrite)(), void *c_handle, int nk);
249 | size_t tarsplit_write(void *buf, size_t sz, size_t count, struct tarsplit_file *tsf);
250 | size_t tarsplit_read(void *buf, size_t sz, size_t count, struct tarsplit_file *tsf);
251 | int tarsplit_finalize(struct tarsplit_file *tsf);
252 | int tarsplit_finalize_w(struct tarsplit_file *tsf);
253 | int tarsplit_finalize_r(struct tarsplit_file *tsf);
254 | 
255 | uint32_t *htonlp(uint32_t v);
256 | uint16_t *htonsp(uint16_t v);
257 | EVP_PKEY *rsa_getkey(char mode, struct key_st *k, int n);
258 | void openssl_err();
259 | int load_keyfile(char *keyfilename, struct key_st *key_st);
260 | unsigned char *sha256_digest(char *msg);
261 | unsigned char *sha256_hex(char *msg);
262 | unsigned char *sha256_b64(char *msg);
263 | int load_pkey(struct rsa_keys **rsa_keys, int keynum, char *pubkey_fingerprint, char *eprivkey, char *keycomment, char *hmacseed);
264 | int get_pkey(struct rsa_keys *rsa_keys, char *fp);
265 | int genkey(int argc, char **argv);
266 | struct tar_maxread_st *tar_maxread_init(size_t sz, size_t (*c_ffunc)(), void *c_handle);
267 | size_t tar_maxread(void *buf, size_t sz, size_t count, struct tar_maxread_st *tmr);
268 | int tar_maxread_finalize(struct tar_maxread_st *tmr);
269 | int encode_block_16(unsigned char *r, unsigned char *s, int c);
270 | int decode_block_16(unsigned char *r, unsigned char *s, int c);
271 | int gen_sparse_data_string(struct filespec *fs, char **sparsetext);
272 | int c_fread_sparsedata(size_t (*c_ffunc)(), void *c_handle, struct filespec *fs);
273 | int get_passwd(char *buf, int size, int rwflag, void *prompt);
274 | int decode_privkey(struct rsa_keys *rsa_keys, char **required_keys_group);
275 | int c_getline(char **buf, size_t (*c_fread)(), void *c_handle);
276 | unsigned long long int * fibseq();
277 | unsigned long long int nextfib(unsigned long long int n);
278 | void passadd(char **pwds, char *pass);
279 | 
280 | #define EVP_MAX_MD_SIZE_b64 (((int)((EVP_MAX_MD_SIZE + 2) / 3)) * 4 + 1)
281 | 
282 | 


--------------------------------------------------------------------------------