From: Alain Spineux <alain@baculasystems.com>
Date: Thu, 1 Dec 2022 12:33:43 +0000 (+0100)
Subject: show a warning when trying to read encrypted volume on un-encrypted device
X-Git-Tag: Beta-15.0.0~331
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b459834881a7a9653a25f8e52a60ee0308045ee;p=thirdparty%2Fbacula.git

show a warning when trying to read encrypted volume on un-encrypted device

- this can happens only when the user try to cheat the SD
---

diff --git a/bacula/src/stored/dev.c b/bacula/src/stored/dev.c
index 8b33b2fc6..af6fa8525 100644
--- a/bacula/src/stored/dev.c
+++ b/bacula/src/stored/dev.c
@@ -1183,6 +1183,7 @@ bool DEVICE::load_encryption_key(DCR *dcr, const char *operation,
       uint32_t *enc_cipher_key_size, unsigned char *enc_cipher_key,
       uint32_t *master_keyid_size, unsigned char *master_keyid)
 {
+   JCR *jcr = dcr->jcr;
    enum { op_none, op_label, op_read };
    bool ok = true; // No error
    Dmsg4(100, "load_encryption_key %s %s enc=%ld ver=%d\n", operation, volume_name, device->volume_encryption, VolHdr.BlockVer);
@@ -1194,11 +1195,15 @@ bool DEVICE::load_encryption_key(DCR *dcr, const char *operation,
    }
    /* don't use encryption if volume encryption is not enable or we are reading
     * (aka not recycling) a BB02 volume */
+   if (device->volume_encryption == ET_NO
+        && (op != op_label && (VolHdr.blkh_options & BLKHOPT_ENCRYPT_VOL))) {
+      /* we expect an error later */
+      Jmsg1(jcr, M_WARNING, 0, _("Trying to read encrypted volume \"%s\" on an un-encrypted device\n"), volume_name);
+   }
    if (device->volume_encryption == ET_NO
         || (op != op_label && !(VolHdr.blkh_options & BLKHOPT_ENCRYPT_VOL))) {
       return ok;
    }
-   JCR *jcr = dcr->jcr;
    POOLMEM *encrypt_program = get_pool_memory(PM_FNAME);
    POOL_MEM results(PM_MESSAGE);
    POOL_MEM err_msg(PM_MESSAGE);