- Fixes: #4257
- Fix: Handle case when the hash version is unset in the user profile
- Add tests for default password hash
- Fix failing authenticator test: When the password hashing version
is not set, then the default one is used, so verifying the password
works.
Refactor authenticator tests:
- Nit: rename test variable
- Check error when calling SetPassword
- Add comments for test cases
- Nit: user assert.Equal in verifyRepoAuthenticator
- Split repository authenticator tests to test invariants separately
This was caused by the client using key derivation algorithm
from a config file (which did not have it when it was generated
using old version of Kopia).
Fixes#4254
* feat(cli): send error notifications and snapshot reports
Notifications will be sent to all configured notification profiles
according to their severity levels.
The following events will trigger notifications:
- Snapshot is created (CLI only, severity >= report)
- Server Maintenance error occurs (CLI, server and UI, severity >= error)
- Any other CLI error occurs (CLI only, severity >= error).
A flag `--no-error-notifications` can be used to disable error notifications.
* added template tests
* improved time formatting in templates
* plumb through notifytemplate.Options
* more testing for formatting options
* fixed default date format to RFC1123
* Add rough estimation mechanism
* Extract data size estimation scan to standalone function
* Introduce estimation type flag
* Change signature of EstimatedDataSize
* Extract estimation logic and test it
* Adjust err handling in GetVolumeSizeInfo
* Make GetVolumeSizeInfo reusable
* Fix type issue for windows platform
* Use adaptive estimation with threshold
* Configure compressor for k and x prefixed content
Adds metadata compression setting to policy
Add support to configure compressor for k and x prefixed content
Set zstd-fastest as the default compressor for metadata in the policy
Adds support to set and show metadata compression to kopia policy commands
Adds metadata compression config to dir writer
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* Pass concatenate options with ConcatenateOptions struct
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* Move content compression handling to caller
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* Move handling manifests to manifest pkg
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* Correct const in server_test
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* Remove unnecessary whitespace
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* Disable metadata compression for < V2 format
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
---------
Signed-off-by: Prasad Ghangal <prasad.ganghal@veeam.com>
* refactor(general): clarify comments
* refactor(general): rename `repodiag.logWriteSyncer`
This name reflects:
- the function of the struct; and
- the interface it implements (`zapcore.WriteSyncer`)
This name reflects the function of the struct / type.
The previous name (`Writer`) conveyed that this type
implemented the `Writer` interface / `Write` function,
which it does not.
Generalize a couple of functions in the units package using generics.
This allows removing duplicate code and simplifying callers by removing unnecessary integer conversions.
Additional cleanups:
- make "/s" part of the Printf format string ;
- simplify setSizeMBParameter;
- generalize cli.maybeHumanReadable*` helpers;
- remove unneeded receiver in commandRepositorySetParameters helpers.
Cleanups:
- use non-format variants of Log/Print with no additional args;
- fold in Fprintf call with no args into the following one;
- add missing arg placeholder in format strings;
- use require.Positive instead of Greater(..., 0);
- rename function to fillWithZeros to avoid collision with builtin clear;
- define type for context key to avoid collisions.
Objectives:
- Facilitate the generation of valid password hashes that can be used with
the `server user --user-password` CLI command.
- Encapsulate implementation details of password hashing in
the `user` package.
Adds a new `server user hash-password` CLI command to generate the
hash from a supplied password.
Modifies the `server user set/add --user-password-hash` CLI command
to accept the password hash generated using the `hash-password`
command.
Adds `GetNewProfile(ctx, rep, username)` helper to move implementation
details to the `user` package.
Includes CLI and unit tests.
Cleans up and removes unused functions.
Use non-formatting logging functions for message without formatting.
For example, `log.Info("message")` instead of `log.Infof("message")`
Configure linter for printf-like functions
Followup cleanup for #3919
All the changes are in the `epoch` package
Summary:
- Removal of now unused code and tests.
- Refactoring to simplify test and remove a linter annotation.
- Fix a typo
While the current implementation should not produce non-contiguous
ranges, this invariant check may be too stringent, in particular for
repositories created and mutated by older kopia (client) processes.
For backwards compatibility the check is relaxed to allow operations to
proceed in older repositories.
Rationale: this code path is primarily executed from the server. A
potential error, say from a corrupt, unsupported or otherwise invalid
user profile should not cause the server to panic (and crash).
It is possible for `computePasswordHash` to return an error, not just an
impossibility.
Test refactoring:
- use 'require' in user profile tests;
- move test case to TestBadPasswordHashVersion;
- update comments in test.
Motivation: avoid making accidental decisions based on all-zeros content
in the future.
While the dummy hash is a non-zero-value slice, that is it is non-empty
(thus not nil), it is still the default value produced by
`make([]byte, salt + hashLength)`, and it is possible to accidentally
compare and have a positive match against a newly initialized slice.
Changing the minimum salt length of Pbkdf2 key derivation
algorithm to the NIST recommended minimum of 16 bytes.
This matches the minimum salt for scrypt-based key derivation.
Previously, empty master keys were passed to the underlying
cryptographic primitives (HKDF, AEAD, etc.).
While this worked because the authentication mechanisms returned an
error, it's best to avoid passing empty master keys to these primitives
in the first place. This refactor avoids passing empty master keys and
enforces this via an assertion in the key derivation function.
Code movement and simplification, no functional changes.
Objectives:
- Allow callers specifying the needed key (or hash) size, instead of
hard-coding it in the registered PBK derivers. Conceptually, the caller
needs to specify the key size, since that is a requirement of the
(encryption) algorithm being used in the caller. Now, the code changes
here do not result in any functional changes since the key size is
always 32 bytes.
- Remove a global definition for the default PB key deriver to use.
Instead, each of the 3 use case sets the default value.
Changes:
- `crypto.DeriveKeyFromPassword` now takes a key size.
- Adds new constants for the key sizes at the callers.
- Removes the global `crypto.MasterKeySize` const.
- Removes the global `crypto.DefaultKeyDerivationAlgorithm` const.
- Adds const for the default derivation algorithms for each use case.
- Adds a const for the salt length in the `internal/user` package, to ensure
the same salt length is used in both hash versions.
- Unexports various functions, variables and constants in the `internal/crypto`
& `internal/user` packages.
- Renames various constants for consistency.
- Removes unused functions and symbols.
- Renames files to be consistent and better reflect the structure of the code.
- Adds a couple of tests to ensure the const values are in sync and supported.
- Fixes a couple of typos
Followups to:
- #3725
- #3770
- #3779
- #3799
- #3816
The individual commits show the code transformations to simplify the
review of the changes.
Reverts to using the `PasswordHashVersion` in the user profile.
Adds a simple mechanism for translating between password hash
version and the corresponding password hashing algorithm (key
derivation algorithm).
* User profile add set cli changes
* Add additional test
* get salt length from key deriver
* Fixes for failing tests
* after shikhars review
* lint fixes
* Add multi-language support
* Adding a guidline to outline the localisation process.
* Moved doc to separate pr
---------
Co-authored-by: lupusA <lupuapps@gmail.com>
