Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

backup: fix handling non-ascii characters in backup passphrase

Browse Source 
Fixes QubesOS/qubes-issues#2398
This commit is contained in:
Marek Marczykowski-Górecki 2016-10-26 20:45:24 +02:00
parent fc00dd211e
commit 043d20c05d
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
qubes/backup.py
View File

@ -271,7 +271,7 @@ def launch_scrypt(action, input_name, output_name, passphrase):
if actual_prompt != prompt: if actual_prompt != prompt:
raise qubes.exc.QubesException( raise qubes.exc.QubesException(
'Unexpected prompt from scrypt: {}'.format(actual_prompt)) 'Unexpected prompt from scrypt: {}'.format(actual_prompt))
pty.write(passphrase + '\n') pty.write(passphrase.encode('utf-8') + b'\n')
pty.flush() pty.flush()
# save it here, so garbage collector would not close it (which would kill # save it here, so garbage collector would not close it (which would kill
# the child) # the child)
@ -551,8 +551,8 @@ class Backup(object):
backup_header.save(header_file_path) backup_header.save(header_file_path)
# Start encrypt, scrypt will also handle integrity # Start encrypt, scrypt will also handle integrity
# protection # protection
scrypt_passphrase = HEADER_FILENAME + '!' + self.passphrase.encode( scrypt_passphrase = u'{filename}!{passphrase}'.format(
'utf-8') filename=HEADER_FILENAME, passphrase=self.passphrase)
scrypt = launch_scrypt( scrypt = launch_scrypt(
'enc', header_file_path, header_file_path + '.hmac', 'enc', header_file_path, header_file_path + '.hmac',
scrypt_passphrase) scrypt_passphrase)
@ -610,8 +610,6 @@ class Backup(object):
backup_app.domains[qid].features['backup-size'] = vm_info.size backup_app.domains[qid].features['backup-size'] = vm_info.size
backup_app.save() backup_app.save()
passphrase = self.passphrase.encode('utf-8')
vmproc = None vmproc = None
tar_sparse = None tar_sparse = None
if self.target_vm is not None: if self.target_vm is not None:
@ -735,11 +733,11 @@ class Backup(object):
# Start encrypt, scrypt will also handle integrity # Start encrypt, scrypt will also handle integrity
# protection # protection
scrypt_passphrase = \ scrypt_passphrase = \
'{backup_id}!{filename}!{passphrase}'.format( u'{backup_id}!{filename}!{passphrase}'.format(
backup_id=self.backup_id, backup_id=self.backup_id,
filename=os.path.relpath(chunkfile[:-4], filename=os.path.relpath(chunkfile[:-4],
self.tmpdir), self.tmpdir),
passphrase=passphrase) passphrase=self.passphrase)
scrypt = launch_scrypt( scrypt = launch_scrypt(
"enc", "-", chunkfile, scrypt_passphrase) "enc", "-", chunkfile, scrypt_passphrase)
@ -1651,13 +1649,14 @@ class BackupRestore(object):
else: else:
fulloutput = os.path.join(self.tmpdir, origname) fulloutput = os.path.join(self.tmpdir, origname)
if origname == HEADER_FILENAME: if origname == HEADER_FILENAME:
passphrase = origname + '!' + self.passphrase.encode('utf-8') passphrase = u'{filename}!{passphrase}'.format(
filename=origname,
passphrase=self.passphrase)
else: else:
passphrase = \ passphrase = u'{backup_id}!{filename}!{passphrase}'.format(
'{backup_id}!{filename}!{passphrase}'.format(
backup_id=self.header_data.backup_id, backup_id=self.header_data.backup_id,
filename=origname, filename=origname,
passphrase=self.passphrase.encode('utf-8')) passphrase=self.passphrase)
p = launch_scrypt('dec', fullname, fulloutput, passphrase) p = launch_scrypt('dec', fullname, fulloutput, passphrase)
(_, stderr) = p.communicate() (_, stderr) = p.communicate()
if p.returncode != 0: if p.returncode != 0: