From: Eric Bollengier <eric@baculasystems.com>
Date: Thu, 20 Jun 2024 08:31:51 +0000 (+0200)
Subject: Fix #10985 Report the FD/SD Encryption in the Job record and the job output
X-Git-Tag: Release-15.0.3~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebf9cb946deeaed61892acb4987d3d8999bad545;p=thirdparty%2Fbacula.git

Fix #10985 Report the FD/SD Encryption in the Job record and the job output

The SQL Job record has now the Encrypted field proprely updated
at the end of a job.

The date can be encrypted by the FD and/or the SD, the value
of the SQL field is the following:

 0 : no encryption
 1 : FD encryption
 2 : SD encryption
 3 : FD and SD encryption
---

diff --git a/bacula/src/dird/backup.c b/bacula/src/dird/backup.c
index ef28b27ae..a374495be 100644
--- a/bacula/src/dird/backup.c
+++ b/bacula/src/dird/backup.c
@@ -895,7 +895,9 @@ int wait_for_job_termination(JCR *jcr, int timeout)
       jcr->CommBytes = CommBytes;
       jcr->CommCompressedBytes = CommCompressedBytes;
       jcr->Snapshot = VSS;
-      jcr->Encrypt = Encrypt;
+      if (Encrypt) {
+	 jcr->Encrypt |= JOB_ENCRYPTED_BY_FD;
+      }
 
    } else if (!jcr->is_canceled()) {
       Jmsg(jcr, M_FATAL, 0, _("[DE0031] No Job status returned from FD\n"));
@@ -1242,7 +1244,7 @@ void backup_cleanup(JCR *jcr, int TermCode)
         comm_compress,
         base_info.c_str(),
         jcr->Snapshot?_("yes"):_("no"),
-        jcr->Encrypt?_("yes"):_("no"),
+        get_encrypt_str(jcr->Encrypt),
         jcr->accurate?_("yes"):_("no"),
         jcr->VolumeName,
         jcr->VolSessionId,
diff --git a/bacula/src/dird/job.c b/bacula/src/dird/job.c
index 9a6fac07f..623769cc2 100644
--- a/bacula/src/dird/job.c
+++ b/bacula/src/dird/job.c
@@ -2115,3 +2115,25 @@ void jmsg_large_jobid_list(JCR *jcr, const char *msg, const char *jobids)
       sel.free_expanded();
    }
 }
+
+/* Decode the jcr->Encrypt field */
+const char *get_encrypt_str(int val)
+{
+   const char *ret;
+   switch (val) {
+   case 1:
+      ret = _("yes");
+      break;
+   case 2:
+      ret = _("volume");
+      break;
+   case 3:
+      ret = _("yes|volume");
+      break;
+   default:
+      ret = _("no");
+      break;
+   }
+   return ret;
+}
+
diff --git a/bacula/src/dird/mac.c b/bacula/src/dird/mac.c
index bc2eaaaf1..5524bb0b9 100644
--- a/bacula/src/dird/mac.c
+++ b/bacula/src/dird/mac.c
@@ -424,6 +424,12 @@ bool do_mac(JCR *jcr)
       return true;
    }
 
+   if (jcr->previous_jr.Encrypted & JOB_ENCRYPTED_BY_FD) {
+      /* Update both the control job and the new job for the encryption status of the data */
+      jcr->Encrypt  |= JOB_ENCRYPTED_BY_FD; // will be printed in the job report
+      wjcr->Encrypt |= JOB_ENCRYPTED_BY_FD; // will update the catalog field
+   }
+
    /* Print Job Start message */
    Jmsg(jcr, M_INFO, 0, _("Start %s JobId %s, Job=%s\n"),
         jcr->get_OperationName(), edit_uint64(jcr->JobId, ed1), jcr->Job);
@@ -1031,6 +1037,7 @@ void mac_cleanup(JCR *jcr, int TermCode, int writeTermCode)
 "  SD Files Written:       %s\n"
 "  SD Bytes Written:       %s (%sB)\n"
 "  Rate:                   %.1f KB/s\n"
+"  Encryption:             %s\n"
 "  Volume name(s):         %s\n"
 "  Volume Session Id:      %d\n"
 "  Volume Session Time:    %d\n"
@@ -1067,6 +1074,7 @@ void mac_cleanup(JCR *jcr, int TermCode, int writeTermCode)
         edit_uint64_with_commas(jcr->SDJobBytes, ec2),
         edit_uint64_with_suffix(jcr->SDJobBytes, ec3),
         jcr->jr.Rate,
+	get_encrypt_str(jcr->Encrypt),
         wjcr ? wjcr->VolumeName : "",
         jcr->VolSessionId,
         jcr->VolSessionTime,
diff --git a/bacula/src/dird/msgchan.c b/bacula/src/dird/msgchan.c
index 52f381963..f71b4fa50 100644
--- a/bacula/src/dird/msgchan.c
+++ b/bacula/src/dird/msgchan.c
@@ -326,8 +326,10 @@ bool start_storage_daemon_job(JCR *jcr, alist *rstore, alist *wstore, bool wait,
       if (ok) {
          Jmsg(jcr, M_INFO, 0, _("Using Device \"%s\" to read.\n"), device_name.c_str());
          pm_strcpy(jcr->read_dev, device_name.c_str());
-         jcr->SD_set_worm = protect;
-         jcr->jr.Encrypted = encrypt;
+         jcr->SD_set_worm = (protect == 1);
+	 if (encrypt) {
+	    jcr->Encrypt |= JOB_ENCRYPTED_BY_SD;
+	 }
       }
    }
 
@@ -368,8 +370,10 @@ bool start_storage_daemon_job(JCR *jcr, alist *rstore, alist *wstore, bool wait,
       if (ok) {
          Jmsg(jcr, M_INFO, 0, _("Using Device \"%s\" to write.\n"), device_name.c_str());
          pm_strcpy(jcr->write_dev, device_name.c_str());
-         jcr->SD_set_worm = protect;
-         jcr->jr.Encrypted = encrypt;
+         jcr->SD_set_worm = (protect == 1);
+	 if (encrypt) {
+	    jcr->Encrypt |= JOB_ENCRYPTED_BY_SD;
+	 }
       }
    }
    if (!ok) {
diff --git a/bacula/src/dird/protos.h b/bacula/src/dird/protos.h
index 885c12a07..17fca16fc 100644
--- a/bacula/src/dird/protos.h
+++ b/bacula/src/dird/protos.h
@@ -154,6 +154,7 @@ extern void sd_msg_thread_send_signal(JCR *jcr, int sig);
 void terminate_sd_msg_chan_thread(JCR *jcr);
 bool flush_file_records(JCR *jcr);
 void dir_close_batch_connection(JCR *jcr);
+const char *get_encrypt_str(int val);
 
 /* jobq.c */
 extern bool inc_read_store(JCR *jcr);
diff --git a/bacula/src/jcr.h b/bacula/src/jcr.h
index 43ebd5681..d1050a8ff 100644
--- a/bacula/src/jcr.h
+++ b/bacula/src/jcr.h
@@ -104,6 +104,12 @@ enum {
    JOB_TASK_AFTER_SCRIPT
 };
 
+/* JCR->Encrypt bit field, can be encrypted by FD and/or SD */
+enum {
+   JOB_ENCRYPTED_BY_FD = 1,
+   JOB_ENCRYPTED_BY_SD = 2
+};
+
 struct job_task {
    const uint32_t op_code;
    const char *op_message;
@@ -435,6 +441,7 @@ public:
    int64_t spool_size;                /* Spool size for this job */
    uint64_t client_version;           /* Client version as a number */
    utime_t snapshot_retention;        /* Snapshot retention (from Client/Job resource) */
+   int32_t Encrypt;                   /* Encryption used by FD */
    volatile bool sd_msg_thread_done;  /* Set when Storage message thread done */
    bool wasVirtualFull;               /* set if job was VirtualFull */
    bool IgnoreDuplicateJobChecking;   /* set in migration jobs */
@@ -447,7 +454,6 @@ public:
    bool cloned;                       /* set if cloned */
    bool unlink_bsr;                   /* Unlink bsr file created */
    bool Snapshot;                     /* Snapshot used by FD (VSS on Windows) */
-   bool Encrypt;                      /* Encryption used by FD */
    bool stats_enabled;                /* Keep all job records in a table for long term statistics */
    bool no_maxtime;                   /* Don't check Max*Time for this JCR */
    bool keep_sd_auth_key;             /* Clear or not the SD auth key after connection*/
diff --git a/bacula/src/stored/reserve.c b/bacula/src/stored/reserve.c
index 3d3b24832..c57a84616 100644
--- a/bacula/src/stored/reserve.c
+++ b/bacula/src/stored/reserve.c
@@ -863,13 +863,16 @@ static int reserve_device(RCTX &rctx)
    if (rctx.notify_dir) {
       POOL_MEM dev_name;
       BSOCK *dir = rctx.jcr->dir_bsock;
-      int protect = 0;
+      int protect = 0, encrypt = 0;
       if (rctx.device->set_vol_immutable || rctx.device->set_vol_read_only) {
          protect = 1;
       }
+      if (rctx.device->volume_encryption) {
+	 encrypt = 1;
+      }
       pm_strcpy(dev_name, rctx.device->hdr.name);
       bash_spaces(dev_name);
-      ok = dir->fsend(OK_device, dev_name.c_str(), protect, 0);  /* Return real device name */
+      ok = dir->fsend(OK_device, dev_name.c_str(), protect, encrypt);  /* Return real device name */
       Dmsg1(dbglvl, ">dird: %s", dir->msg);
       if (!ok) {
          dcr->unreserve_device(false);