From 084fd91005daac7c7c295ba50b9c485b52d7c0c8 Mon Sep 17 00:00:00 2001
From: deajan <ozy@netpower.fr>
Date: Wed, 31 Aug 2016 23:32:21 +0200
Subject: [PATCH] Work in progress for encryption

---
 dev/n_obackup.sh | 116 ++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 99 insertions(+), 17 deletions(-)

diff --git a/dev/n_obackup.sh b/dev/n_obackup.sh
index ada8df6..2c2940a 100755
--- a/dev/n_obackup.sh
+++ b/dev/n_obackup.sh
@@ -5,7 +5,7 @@ PROGRAM="obackup"
 AUTHOR="(C) 2013-2016 by Orsiris de Jong"
 CONTACT="http://www.netpower.fr/obackup - ozy@netpower.fr"
 PROGRAM_VERSION=2.1-dev
-PROGRAM_BUILD=2016083003
+PROGRAM_BUILD=2016083102
 IS_STABLE=no
 
 source "./ofunctions.sh"
@@ -90,18 +90,29 @@ function CheckEnvironment {
 	fi
 
 	if [ "$FILE_BACKUP" != "no" ]; then
-		if [ "$ENCRYPTION" == "yes" ]; then
-			if ! type gpg > /dev/null 2>&1 ; then
-				Logger "gpg not present. Cannot encrypt backup files." "CRITICAL"
-				CAN_BACKUP_FILES=false
-			fi
-		else
-			if ! type rsync > /dev/null 2>&1 ; then
-				Logger "rsync not present. Cannot backup files." "CRITICAL"
-				CAN_BACKUP_FILES=false
-			fi
+		if ! type rsync > /dev/null 2>&1 ; then
+			Logger "rsync not present. Cannot backup files." "CRITICAL"
+			CAN_BACKUP_FILES=false
 		fi
 	fi
+
+	if [ "$ENCRYPTION" == "yes" ]; then
+		CheckDecrpytEnvironnment
+	fi
+}
+
+function CheckDecryptEnvironnment {
+	if ! type gpg2 > /dev/null 2>&1 ; then
+		if ! type gpg > /dev/null 2>&1; then
+			Logger "gpg2 nor gpg not present. Cannot encrypt backup files." "CRITICAL"
+			CAN_BACKUP_FILES=false
+		else
+			Logger "gpg2 not present, falling back to gpg." "NOTICE"
+			ENCRYPT_TOOL=gpg
+		fi
+	else
+		ENCRYPT_TOOL=gpg2
+	fi
 }
 
 function CheckCurrentConfig {
@@ -836,6 +847,8 @@ function BackupDatabases {
 function PrepareEncryptFiles {
 	local tmpPath="${2}"
 
+	#TODO: handle dryrun, do we need to create temp dir ?
+
 	__CheckArguments 1 $# ${FUNCNAME[0]} "$@"    #__WITH_PARANOIA_DEBUG
 
 	if [ "$BACKUP_TYPE" == "local" ] || [ "$BACKUP_TYPE" == "push" ]; then
@@ -858,6 +871,51 @@ function EncrpytFiles {
 	# Send files to remote, rotate & copy
 }
 
+function DecryptFiles {
+	local filePath="${1}"	 # Path to files to decrypt
+	local passphraseFile="${2}"  # Passphrase file to decrypt files
+	local passphrase="${3}"	# Passphrase to decrypt files
+
+	__CheckArguments 3 $# ${FUNCNAME[0]} "$@"    #__WITH_PARANOIA_DEBUG
+
+	local secret
+	local successCounter=0
+	local errorCounter=0
+	local cryptFileExtension=".obackup.gpg"
+
+	if [ ! -w "$filePath" ]; then
+		Logger "Directory [$filePath] is not writable. Cannot decrypt files." "CRITICAL"
+		exit 1
+	fi
+
+	if [ -f "$passphraseFile" ]; then
+		secret="--passphrase-file $passphraseFile"
+	elif [ "$passphrase" != "" ]; then
+		secret="--passphrase $passphrase"
+	else
+		Logger "Invalid passphrase file or passphrase." "CRITICAL"
+		exit 1
+	fi
+
+	find "$filePath" -type f -iname "*$cryptFileExtension" -print0 | while IFS= read -r -d $'\0' encryptedFile; do
+		Logger "Decrypting [$encryptedFile]." "VERBOSE"
+		$ENCRYPT_TOOL --out "${encryptedFile%%$cryptFileExtension*}" --batch $secret --decrypt "$encryptedFile" > "$RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID" 2>&1
+		if [ $? != 0 ]; then
+			Logger "Cannot decrypt [$encryptedFile]." "ERROR"
+			errorCounter=$((errorCounter+1))
+		else
+			succesCounter=$((successCounter+1))
+			rm -f "$encryptedFile"
+			if [ $? != 0 ]; then
+				Logger "Cannot delete original file [$encryptedFile] after decryption." "ERROR"
+				Logger "Command output\n$(cat $RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID)" "ERROR"
+			fi
+		fi
+	done
+	Logger "Decrypted [$successCounter] files successfully. Failed to decrypt [$errorCounter] files." "NOTICE"
+	exit 0
+}
+
 function Rsync {
 	local backup_directory="${1}"	# Which directory to backup
 	local is_recursive="${2}"	# Backup only files at toplevel of directory
@@ -892,10 +950,10 @@ function Rsync {
 		backup_directory=$(EscapeSpaces "$backup_directory")
 		rsync_cmd="$(type -p $RSYNC_EXECUTABLE) $RSYNC_ARGS $RSYNC_DRY_ARG $RSYNC_ATTR_ARGS $RSYNC_TYPE_ARGS $RSYNC_NO_RECURSE_ARGS $RSYNC_DELETE $RSYNC_PATTERNS $RSYNC_PARTIAL_EXCLUDE --rsync-path=\"$RSYNC_PATH\" -e \"$RSYNC_SSH_CMD\" \"$REMOTE_USER@$REMOTE_HOST:$backup_directory\" \"$file_storage_path\" > $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID 2>&1"
 	elif [ "$BACKUP_TYPE" == "push" ]; then
-		CheckConnectivity3rdPartyHosts
-		CheckConnectivityRemoteHost
 		file_storage_path=$(EscapeSpaces "$file_storage_path")
 		_CreateDirectoryRemote "$file_storage_path"
+		CheckConnectivity3rdPartyHosts
+		CheckConnectivityRemoteHost
 		rsync_cmd="$(type -p $RSYNC_EXECUTABLE) $RSYNC_ARGS $RSYNC_DRY_ARG $RSYNC_ATTR_ARGS $RSYNC_TYPE_ARGS $RSYNC_NO_RECURSE_ARGS $RSYNC_DELETE $RSYNC_PATTERNS $RSYNC_PARTIAL_EXCLUDE --rsync-path=\"$RSYNC_PATH\" -e \"$RSYNC_SSH_CMD\" \"$backup_directory\" \"$REMOTE_USER@$REMOTE_HOST:$file_storage_path\" > $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID 2>&1"
 	fi
 
@@ -1175,6 +1233,11 @@ function RotateBackups {
 	fi
 }
 
+function SetTraps {
+	trap TrapStop INT QUIT TERM HUP
+	trap TrapQuit EXIT
+}
+
 function Init {
 	__CheckArguments 0 $# ${FUNCNAME[0]} "$@"    #__WITH_PARANOIA_DEBUG
 
@@ -1182,9 +1245,6 @@ function Init {
 	local hosturiandpath
 	local hosturi
 
-	trap TrapStop INT QUIT TERM HUP
-	trap TrapQuit EXIT
-
 	## Test if target dir is a ssh uri, and if yes, break it down it its values
         if [ "${REMOTE_SYSTEM_URI:0:6}" == "ssh://" ] && [ "$BACKUP_TYPE" != "local" ]; then
                 REMOTE_OPERATION="yes"
@@ -1289,7 +1349,7 @@ function Usage {
 	echo "$AUTHOR"
 	echo "$CONTACT"
 	echo ""
-	echo "usage: obackup.sh /path/to/backup.conf [OPTIONS]"
+	echo "usage: $0 /path/to/backup.conf [OPTIONS]"
 	echo ""
 	echo "OPTIONS:"
 	echo "--dry             will run obackup without actually doing anything, just testing"
@@ -1300,6 +1360,10 @@ function Usage {
 	echo "--no-maxtime      disables any soft and hard execution time checks"
 	echo "--delete          Deletes files on destination that vanished on source"
 	echo "--dontgetsize     Does not try to evaluate backup size"
+	echo ""
+	echo -e "$PROGRAM may also be used to \e[93mdecrypt\e[0m a backup encrypted with $PROGRAM."
+	echo  "usage: $0 --decrypt=/path/to/encrypted_backup --passphrase-file=/path/to/passphrase"
+	echo  "usage: $0 --decrypt=/path/to/encrypted_backup --passphrase=MySecretPassPhrase (security risk)"
 	exit 128
 }
 
@@ -1309,6 +1373,9 @@ _SILENT=false
 no_maxtime=false
 stats=false
 PARTIAL=no
+_DECRYPT_MODE=false
+DECRYPT_PATH=""
+
 
 function GetCommandlineArguments {
 	if [ $# -eq 0 ]; then
@@ -1344,11 +1411,26 @@ function GetCommandlineArguments {
 			--help|-h|--version|-v)
 			Usage
 			;;
+			--decrypt=*)
+			_DECRYPT_MODE=true
+			DECRYPT_PATH="${i##*=}"
+			;;
+			--passphrase=*)
+			PASSPHRASE="${i##*=}"
+			;;
+			--passphrase-file=*)
+			PASSPHRASE_FILE="${i##*=}"
+			;;
 		esac
 	done
 }
 
+SetTraps
 GetCommandlineArguments "$@"
+if [ "$_DECRYPT_MODE" == true ]; then
+	CheckDecryptEnvironnment
+	DecryptFiles "$DECRYPT_PATH" "$PASSPHRASE_FILE" "$PASSPHRASE"
+fi
 LoadConfigFile "$1"
 if [ "$LOGFILE" == "" ]; then
 	if [ -w /var/log ]; then