archive_write_disk_posix.c revision 349525
1/*- 2 * Copyright (c) 2003-2010 Tim Kientzle 3 * Copyright (c) 2012 Michihiro NAKAJIMA 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer 11 * in this position and unchanged. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "archive_platform.h" 29__FBSDID("$FreeBSD$"); 30 31#if !defined(_WIN32) || defined(__CYGWIN__) 32 33#ifdef HAVE_SYS_TYPES_H 34#include <sys/types.h> 35#endif 36#ifdef HAVE_SYS_ACL_H 37#include <sys/acl.h> 38#endif 39#ifdef HAVE_SYS_EXTATTR_H 40#include <sys/extattr.h> 41#endif 42#if HAVE_SYS_XATTR_H 43#include <sys/xattr.h> 44#elif HAVE_ATTR_XATTR_H 45#include <attr/xattr.h> 46#endif 47#ifdef HAVE_SYS_EA_H 48#include <sys/ea.h> 49#endif 50#ifdef HAVE_SYS_IOCTL_H 51#include <sys/ioctl.h> 52#endif 53#ifdef HAVE_SYS_STAT_H 54#include <sys/stat.h> 55#endif 56#ifdef HAVE_SYS_TIME_H 57#include <sys/time.h> 58#endif 59#ifdef HAVE_SYS_UTIME_H 60#include <sys/utime.h> 61#endif 62#ifdef HAVE_COPYFILE_H 63#include <copyfile.h> 64#endif 65#ifdef HAVE_ERRNO_H 66#include <errno.h> 67#endif 68#ifdef HAVE_FCNTL_H 69#include <fcntl.h> 70#endif 71#ifdef HAVE_GRP_H 72#include <grp.h> 73#endif 74#ifdef HAVE_LANGINFO_H 75#include <langinfo.h> 76#endif 77#ifdef HAVE_LINUX_FS_H 78#include <linux/fs.h> /* for Linux file flags */ 79#endif 80/* 81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. 82 * As the include guards don't agree, the order of include is important. 83 */ 84#ifdef HAVE_LINUX_EXT2_FS_H 85#include <linux/ext2_fs.h> /* for Linux file flags */ 86#endif 87#if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__) 88#include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */ 89#endif 90#ifdef HAVE_LIMITS_H 91#include <limits.h> 92#endif 93#ifdef HAVE_PWD_H 94#include <pwd.h> 95#endif 96#include <stdio.h> 97#ifdef HAVE_STDLIB_H 98#include <stdlib.h> 99#endif 100#ifdef HAVE_STRING_H 101#include <string.h> 102#endif 103#ifdef HAVE_UNISTD_H 104#include <unistd.h> 105#endif 106#ifdef HAVE_UTIME_H 107#include <utime.h> 108#endif 109#ifdef F_GETTIMES /* Tru64 specific */ 110#include <sys/fcntl1.h> 111#endif 112 113/* 114 * Macro to cast st_mtime and time_t to an int64 so that 2 numbers can reliably be compared. 115 * 116 * It assumes that the input is an integer type of no more than 64 bits. 117 * If the number is less than zero, t must be a signed type, so it fits in 118 * int64_t. Otherwise, it's a nonnegative value so we can cast it to uint64_t 119 * without loss. But it could be a large unsigned value, so we have to clip it 120 * to INT64_MAX.* 121 */ 122#define to_int64_time(t) \ 123 ((t) < 0 ? (int64_t)(t) : (uint64_t)(t) > (uint64_t)INT64_MAX ? INT64_MAX : (int64_t)(t)) 124 125#if __APPLE__ 126#include <TargetConditionals.h> 127#if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H 128#include <quarantine.h> 129#define HAVE_QUARANTINE 1 130#endif 131#endif 132 133#ifdef HAVE_ZLIB_H 134#include <zlib.h> 135#endif 136 137/* TODO: Support Mac OS 'quarantine' feature. This is really just a 138 * standard tag to mark files that have been downloaded as "tainted". 139 * On Mac OS, we should mark the extracted files as tainted if the 140 * archive being read was tainted. Windows has a similar feature; we 141 * should investigate ways to support this generically. */ 142 143#include "archive.h" 144#include "archive_acl_private.h" 145#include "archive_string.h" 146#include "archive_endian.h" 147#include "archive_entry.h" 148#include "archive_private.h" 149#include "archive_write_disk_private.h" 150 151#ifndef O_BINARY 152#define O_BINARY 0 153#endif 154#ifndef O_CLOEXEC 155#define O_CLOEXEC 0 156#endif 157 158/* Ignore non-int O_NOFOLLOW constant. */ 159/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */ 160#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX) 161#undef O_NOFOLLOW 162#endif 163 164#ifndef O_NOFOLLOW 165#define O_NOFOLLOW 0 166#endif 167 168#ifndef AT_FDCWD 169#define AT_FDCWD -100 170#endif 171 172struct fixup_entry { 173 struct fixup_entry *next; 174 struct archive_acl acl; 175 mode_t mode; 176 int64_t atime; 177 int64_t birthtime; 178 int64_t mtime; 179 int64_t ctime; 180 unsigned long atime_nanos; 181 unsigned long birthtime_nanos; 182 unsigned long mtime_nanos; 183 unsigned long ctime_nanos; 184 unsigned long fflags_set; 185 size_t mac_metadata_size; 186 void *mac_metadata; 187 int fixup; /* bitmask of what needs fixing */ 188 char *name; 189}; 190 191/* 192 * We use a bitmask to track which operations remain to be done for 193 * this file. In particular, this helps us avoid unnecessary 194 * operations when it's possible to take care of one step as a 195 * side-effect of another. For example, mkdir() can specify the mode 196 * for the newly-created object but symlink() cannot. This means we 197 * can skip chmod() if mkdir() succeeded, but we must explicitly 198 * chmod() if we're trying to create a directory that already exists 199 * (mkdir() failed) or if we're restoring a symlink. Similarly, we 200 * need to verify UID/GID before trying to restore SUID/SGID bits; 201 * that verification can occur explicitly through a stat() call or 202 * implicitly because of a successful chown() call. 203 */ 204#define TODO_MODE_FORCE 0x40000000 205#define TODO_MODE_BASE 0x20000000 206#define TODO_SUID 0x10000000 207#define TODO_SUID_CHECK 0x08000000 208#define TODO_SGID 0x04000000 209#define TODO_SGID_CHECK 0x02000000 210#define TODO_APPLEDOUBLE 0x01000000 211#define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID) 212#define TODO_TIMES ARCHIVE_EXTRACT_TIME 213#define TODO_OWNER ARCHIVE_EXTRACT_OWNER 214#define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS 215#define TODO_ACLS ARCHIVE_EXTRACT_ACL 216#define TODO_XATTR ARCHIVE_EXTRACT_XATTR 217#define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA 218#define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED 219 220struct archive_write_disk { 221 struct archive archive; 222 223 mode_t user_umask; 224 struct fixup_entry *fixup_list; 225 struct fixup_entry *current_fixup; 226 int64_t user_uid; 227 int skip_file_set; 228 int64_t skip_file_dev; 229 int64_t skip_file_ino; 230 time_t start_time; 231 232 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid); 233 void (*cleanup_gid)(void *private); 234 void *lookup_gid_data; 235 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid); 236 void (*cleanup_uid)(void *private); 237 void *lookup_uid_data; 238 239 /* 240 * Full path of last file to satisfy symlink checks. 241 */ 242 struct archive_string path_safe; 243 244 /* 245 * Cached stat data from disk for the current entry. 246 * If this is valid, pst points to st. Otherwise, 247 * pst is null. 248 */ 249 struct stat st; 250 struct stat *pst; 251 252 /* Information about the object being restored right now. */ 253 struct archive_entry *entry; /* Entry being extracted. */ 254 char *name; /* Name of entry, possibly edited. */ 255 struct archive_string _name_data; /* backing store for 'name' */ 256 /* Tasks remaining for this object. */ 257 int todo; 258 /* Tasks deferred until end-of-archive. */ 259 int deferred; 260 /* Options requested by the client. */ 261 int flags; 262 /* Handle for the file we're restoring. */ 263 int fd; 264 /* Current offset for writing data to the file. */ 265 int64_t offset; 266 /* Last offset actually written to disk. */ 267 int64_t fd_offset; 268 /* Total bytes actually written to files. */ 269 int64_t total_bytes_written; 270 /* Maximum size of file, -1 if unknown. */ 271 int64_t filesize; 272 /* Dir we were in before this restore; only for deep paths. */ 273 int restore_pwd; 274 /* Mode we should use for this entry; affected by _PERM and umask. */ 275 mode_t mode; 276 /* UID/GID to use in restoring this entry. */ 277 int64_t uid; 278 int64_t gid; 279 /* 280 * HFS+ Compression. 281 */ 282 /* Xattr "com.apple.decmpfs". */ 283 uint32_t decmpfs_attr_size; 284 unsigned char *decmpfs_header_p; 285 /* ResourceFork set options used for fsetxattr. */ 286 int rsrc_xattr_options; 287 /* Xattr "com.apple.ResourceFork". */ 288 unsigned char *resource_fork; 289 size_t resource_fork_allocated_size; 290 unsigned int decmpfs_block_count; 291 uint32_t *decmpfs_block_info; 292 /* Buffer for compressed data. */ 293 unsigned char *compressed_buffer; 294 size_t compressed_buffer_size; 295 size_t compressed_buffer_remaining; 296 /* The offset of the ResourceFork where compressed data will 297 * be placed. */ 298 uint32_t compressed_rsrc_position; 299 uint32_t compressed_rsrc_position_v; 300 /* Buffer for uncompressed data. */ 301 char *uncompressed_buffer; 302 size_t block_remaining_bytes; 303 size_t file_remaining_bytes; 304#ifdef HAVE_ZLIB_H 305 z_stream stream; 306 int stream_valid; 307 int decmpfs_compression_level; 308#endif 309}; 310 311/* 312 * Default mode for dirs created automatically (will be modified by umask). 313 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified 314 * by the process' file creation mask." 315 */ 316#define DEFAULT_DIR_MODE 0777 317/* 318 * Dir modes are restored in two steps: During the extraction, the permissions 319 * in the archive are modified to match the following limits. During 320 * the post-extract fixup pass, the permissions from the archive are 321 * applied. 322 */ 323#define MINIMUM_DIR_MODE 0700 324#define MAXIMUM_DIR_MODE 0775 325 326/* 327 * Maximum uncompressed size of a decmpfs block. 328 */ 329#define MAX_DECMPFS_BLOCK_SIZE (64 * 1024) 330/* 331 * HFS+ compression type. 332 */ 333#define CMP_XATTR 3/* Compressed data in xattr. */ 334#define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */ 335/* 336 * HFS+ compression resource fork. 337 */ 338#define RSRC_H_SIZE 260 /* Base size of Resource fork header. */ 339#define RSRC_F_SIZE 50 /* Size of Resource fork footer. */ 340/* Size to write compressed data to resource fork. */ 341#define COMPRESSED_W_SIZE (64 * 1024) 342/* decmpfs definitions. */ 343#define MAX_DECMPFS_XATTR_SIZE 3802 344#ifndef DECMPFS_XATTR_NAME 345#define DECMPFS_XATTR_NAME "com.apple.decmpfs" 346#endif 347#define DECMPFS_MAGIC 0x636d7066 348#define DECMPFS_COMPRESSION_MAGIC 0 349#define DECMPFS_COMPRESSION_TYPE 4 350#define DECMPFS_UNCOMPRESSED_SIZE 8 351#define DECMPFS_HEADER_SIZE 16 352 353#define HFS_BLOCKS(s) ((s) >> 12) 354 355 356static int la_opendirat(int, const char *); 357static void fsobj_error(int *, struct archive_string *, int, const char *, 358 const char *); 359static int check_symlinks_fsobj(char *, int *, struct archive_string *, 360 int); 361static int check_symlinks(struct archive_write_disk *); 362static int create_filesystem_object(struct archive_write_disk *); 363static struct fixup_entry *current_fixup(struct archive_write_disk *, 364 const char *pathname); 365#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 366static void edit_deep_directories(struct archive_write_disk *ad); 367#endif 368static int cleanup_pathname_fsobj(char *, int *, struct archive_string *, 369 int); 370static int cleanup_pathname(struct archive_write_disk *); 371static int create_dir(struct archive_write_disk *, char *); 372static int create_parent_dir(struct archive_write_disk *, char *); 373static ssize_t hfs_write_data_block(struct archive_write_disk *, 374 const char *, size_t); 375static int fixup_appledouble(struct archive_write_disk *, const char *); 376static int older(struct stat *, struct archive_entry *); 377static int restore_entry(struct archive_write_disk *); 378static int set_mac_metadata(struct archive_write_disk *, const char *, 379 const void *, size_t); 380static int set_xattrs(struct archive_write_disk *); 381static int clear_nochange_fflags(struct archive_write_disk *); 382static int set_fflags(struct archive_write_disk *); 383static int set_fflags_platform(struct archive_write_disk *, int fd, 384 const char *name, mode_t mode, 385 unsigned long fflags_set, unsigned long fflags_clear); 386static int set_ownership(struct archive_write_disk *); 387static int set_mode(struct archive_write_disk *, int mode); 388static int set_time(int, int, const char *, time_t, long, time_t, long); 389static int set_times(struct archive_write_disk *, int, int, const char *, 390 time_t, long, time_t, long, time_t, long, time_t, long); 391static int set_times_from_entry(struct archive_write_disk *); 392static struct fixup_entry *sort_dir_list(struct fixup_entry *p); 393static ssize_t write_data_block(struct archive_write_disk *, 394 const char *, size_t); 395 396static struct archive_vtable *archive_write_disk_vtable(void); 397 398static int _archive_write_disk_close(struct archive *); 399static int _archive_write_disk_free(struct archive *); 400static int _archive_write_disk_header(struct archive *, 401 struct archive_entry *); 402static int64_t _archive_write_disk_filter_bytes(struct archive *, int); 403static int _archive_write_disk_finish_entry(struct archive *); 404static ssize_t _archive_write_disk_data(struct archive *, const void *, 405 size_t); 406static ssize_t _archive_write_disk_data_block(struct archive *, const void *, 407 size_t, int64_t); 408 409static int 410la_opendirat(int fd, const char *path) { 411 const int flags = O_CLOEXEC 412#if defined(O_BINARY) 413 | O_BINARY 414#endif 415#if defined(O_DIRECTORY) 416 | O_DIRECTORY 417#endif 418#if defined(O_PATH) 419 | O_PATH 420#elif defined(O_SEARCH) 421 | O_SEARCH 422#elif defined(O_EXEC) 423 | O_EXEC 424#else 425 | O_RDONLY 426#endif 427 ; 428 429#if !defined(HAVE_OPENAT) 430 if (fd != AT_FDCWD) { 431 errno = ENOTSUP; 432 return (-1); 433 } else 434 return (open(fd, path, flags)); 435#else 436 return (openat(fd, path, flags)); 437#endif 438} 439 440static int 441lazy_stat(struct archive_write_disk *a) 442{ 443 if (a->pst != NULL) { 444 /* Already have stat() data available. */ 445 return (ARCHIVE_OK); 446 } 447#ifdef HAVE_FSTAT 448 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) { 449 a->pst = &a->st; 450 return (ARCHIVE_OK); 451 } 452#endif 453 /* 454 * XXX At this point, symlinks should not be hit, otherwise 455 * XXX a race occurred. Do we want to check explicitly for that? 456 */ 457 if (lstat(a->name, &a->st) == 0) { 458 a->pst = &a->st; 459 return (ARCHIVE_OK); 460 } 461 archive_set_error(&a->archive, errno, "Couldn't stat file"); 462 return (ARCHIVE_WARN); 463} 464 465static struct archive_vtable * 466archive_write_disk_vtable(void) 467{ 468 static struct archive_vtable av; 469 static int inited = 0; 470 471 if (!inited) { 472 av.archive_close = _archive_write_disk_close; 473 av.archive_filter_bytes = _archive_write_disk_filter_bytes; 474 av.archive_free = _archive_write_disk_free; 475 av.archive_write_header = _archive_write_disk_header; 476 av.archive_write_finish_entry 477 = _archive_write_disk_finish_entry; 478 av.archive_write_data = _archive_write_disk_data; 479 av.archive_write_data_block = _archive_write_disk_data_block; 480 inited = 1; 481 } 482 return (&av); 483} 484 485static int64_t 486_archive_write_disk_filter_bytes(struct archive *_a, int n) 487{ 488 struct archive_write_disk *a = (struct archive_write_disk *)_a; 489 (void)n; /* UNUSED */ 490 if (n == -1 || n == 0) 491 return (a->total_bytes_written); 492 return (-1); 493} 494 495 496int 497archive_write_disk_set_options(struct archive *_a, int flags) 498{ 499 struct archive_write_disk *a = (struct archive_write_disk *)_a; 500 501 a->flags = flags; 502 return (ARCHIVE_OK); 503} 504 505 506/* 507 * Extract this entry to disk. 508 * 509 * TODO: Validate hardlinks. According to the standards, we're 510 * supposed to check each extracted hardlink and squawk if it refers 511 * to a file that we didn't restore. I'm not entirely convinced this 512 * is a good idea, but more importantly: Is there any way to validate 513 * hardlinks without keeping a complete list of filenames from the 514 * entire archive?? Ugh. 515 * 516 */ 517static int 518_archive_write_disk_header(struct archive *_a, struct archive_entry *entry) 519{ 520 struct archive_write_disk *a = (struct archive_write_disk *)_a; 521 struct fixup_entry *fe; 522 int ret, r; 523 524 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 525 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 526 "archive_write_disk_header"); 527 archive_clear_error(&a->archive); 528 if (a->archive.state & ARCHIVE_STATE_DATA) { 529 r = _archive_write_disk_finish_entry(&a->archive); 530 if (r == ARCHIVE_FATAL) 531 return (r); 532 } 533 534 /* Set up for this particular entry. */ 535 a->pst = NULL; 536 a->current_fixup = NULL; 537 a->deferred = 0; 538 if (a->entry) { 539 archive_entry_free(a->entry); 540 a->entry = NULL; 541 } 542 a->entry = archive_entry_clone(entry); 543 a->fd = -1; 544 a->fd_offset = 0; 545 a->offset = 0; 546 a->restore_pwd = -1; 547 a->uid = a->user_uid; 548 a->mode = archive_entry_mode(a->entry); 549 if (archive_entry_size_is_set(a->entry)) 550 a->filesize = archive_entry_size(a->entry); 551 else 552 a->filesize = -1; 553 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry)); 554 a->name = a->_name_data.s; 555 archive_clear_error(&a->archive); 556 557 /* 558 * Clean up the requested path. This is necessary for correct 559 * dir restores; the dir restore logic otherwise gets messed 560 * up by nonsense like "dir/.". 561 */ 562 ret = cleanup_pathname(a); 563 if (ret != ARCHIVE_OK) 564 return (ret); 565 566 /* 567 * Query the umask so we get predictable mode settings. 568 * This gets done on every call to _write_header in case the 569 * user edits their umask during the extraction for some 570 * reason. 571 */ 572 umask(a->user_umask = umask(0)); 573 574 /* Figure out what we need to do for this entry. */ 575 a->todo = TODO_MODE_BASE; 576 if (a->flags & ARCHIVE_EXTRACT_PERM) { 577 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */ 578 /* 579 * SGID requires an extra "check" step because we 580 * cannot easily predict the GID that the system will 581 * assign. (Different systems assign GIDs to files 582 * based on a variety of criteria, including process 583 * credentials and the gid of the enclosing 584 * directory.) We can only restore the SGID bit if 585 * the file has the right GID, and we only know the 586 * GID if we either set it (see set_ownership) or if 587 * we've actually called stat() on the file after it 588 * was restored. Since there are several places at 589 * which we might verify the GID, we need a TODO bit 590 * to keep track. 591 */ 592 if (a->mode & S_ISGID) 593 a->todo |= TODO_SGID | TODO_SGID_CHECK; 594 /* 595 * Verifying the SUID is simpler, but can still be 596 * done in multiple ways, hence the separate "check" bit. 597 */ 598 if (a->mode & S_ISUID) 599 a->todo |= TODO_SUID | TODO_SUID_CHECK; 600 } else { 601 /* 602 * User didn't request full permissions, so don't 603 * restore SUID, SGID bits and obey umask. 604 */ 605 a->mode &= ~S_ISUID; 606 a->mode &= ~S_ISGID; 607 a->mode &= ~S_ISVTX; 608 a->mode &= ~a->user_umask; 609 } 610 if (a->flags & ARCHIVE_EXTRACT_OWNER) 611 a->todo |= TODO_OWNER; 612 if (a->flags & ARCHIVE_EXTRACT_TIME) 613 a->todo |= TODO_TIMES; 614 if (a->flags & ARCHIVE_EXTRACT_ACL) { 615#if ARCHIVE_ACL_DARWIN 616 /* 617 * On MacOS, platform ACLs get stored in mac_metadata, too. 618 * If we intend to extract mac_metadata and it is present 619 * we skip extracting libarchive NFSv4 ACLs. 620 */ 621 size_t metadata_size; 622 623 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 624 archive_entry_mac_metadata(a->entry, 625 &metadata_size) == NULL || metadata_size == 0) 626#endif 627#if ARCHIVE_ACL_LIBRICHACL 628 /* 629 * RichACLs are stored in an extended attribute. 630 * If we intend to extract extended attributes and have this 631 * attribute we skip extracting libarchive NFSv4 ACLs. 632 */ 633 short extract_acls = 1; 634 if (a->flags & ARCHIVE_EXTRACT_XATTR && ( 635 archive_entry_acl_types(a->entry) & 636 ARCHIVE_ENTRY_ACL_TYPE_NFS4)) { 637 const char *attr_name; 638 const void *attr_value; 639 size_t attr_size; 640 int i = archive_entry_xattr_reset(a->entry); 641 while (i--) { 642 archive_entry_xattr_next(a->entry, &attr_name, 643 &attr_value, &attr_size); 644 if (attr_name != NULL && attr_value != NULL && 645 attr_size > 0 && strcmp(attr_name, 646 "trusted.richacl") == 0) { 647 extract_acls = 0; 648 break; 649 } 650 } 651 } 652 if (extract_acls) 653#endif 654#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 655 { 656#endif 657 if (archive_entry_filetype(a->entry) == AE_IFDIR) 658 a->deferred |= TODO_ACLS; 659 else 660 a->todo |= TODO_ACLS; 661#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 662 } 663#endif 664 } 665 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) { 666 if (archive_entry_filetype(a->entry) == AE_IFDIR) 667 a->deferred |= TODO_MAC_METADATA; 668 else 669 a->todo |= TODO_MAC_METADATA; 670 } 671#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 672 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) { 673 unsigned long set, clear; 674 archive_entry_fflags(a->entry, &set, &clear); 675 if ((set & ~clear) & UF_COMPRESSED) { 676 a->todo |= TODO_HFS_COMPRESSION; 677 a->decmpfs_block_count = (unsigned)-1; 678 } 679 } 680 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 && 681 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) { 682 a->todo |= TODO_HFS_COMPRESSION; 683 a->decmpfs_block_count = (unsigned)-1; 684 } 685 { 686 const char *p; 687 688 /* Check if the current file name is a type of the 689 * resource fork file. */ 690 p = strrchr(a->name, '/'); 691 if (p == NULL) 692 p = a->name; 693 else 694 p++; 695 if (p[0] == '.' && p[1] == '_') { 696 /* Do not compress "._XXX" files. */ 697 a->todo &= ~TODO_HFS_COMPRESSION; 698 if (a->filesize > 0) 699 a->todo |= TODO_APPLEDOUBLE; 700 } 701 } 702#endif 703 704 if (a->flags & ARCHIVE_EXTRACT_XATTR) { 705#if ARCHIVE_XATTR_DARWIN 706 /* 707 * On MacOS, extended attributes get stored in mac_metadata, 708 * too. If we intend to extract mac_metadata and it is present 709 * we skip extracting extended attributes. 710 */ 711 size_t metadata_size; 712 713 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 714 archive_entry_mac_metadata(a->entry, 715 &metadata_size) == NULL || metadata_size == 0) 716#endif 717 a->todo |= TODO_XATTR; 718 } 719 if (a->flags & ARCHIVE_EXTRACT_FFLAGS) 720 a->todo |= TODO_FFLAGS; 721 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) { 722 ret = check_symlinks(a); 723 if (ret != ARCHIVE_OK) 724 return (ret); 725 } 726#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 727 /* If path exceeds PATH_MAX, shorten the path. */ 728 edit_deep_directories(a); 729#endif 730 731 ret = restore_entry(a); 732 733#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 734 /* 735 * Check if the filesystem the file is restoring on supports 736 * HFS+ Compression. If not, cancel HFS+ Compression. 737 */ 738 if (a->todo | TODO_HFS_COMPRESSION) { 739 /* 740 * NOTE: UF_COMPRESSED is ignored even if the filesystem 741 * supports HFS+ Compression because the file should 742 * have at least an extended attribute "com.apple.decmpfs" 743 * before the flag is set to indicate that the file have 744 * been compressed. If the filesystem does not support 745 * HFS+ Compression the system call will fail. 746 */ 747 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0) 748 a->todo &= ~TODO_HFS_COMPRESSION; 749 } 750#endif 751 752 /* 753 * TODO: There are rumours that some extended attributes must 754 * be restored before file data is written. If this is true, 755 * then we either need to write all extended attributes both 756 * before and after restoring the data, or find some rule for 757 * determining which must go first and which last. Due to the 758 * many ways people are using xattrs, this may prove to be an 759 * intractable problem. 760 */ 761 762#ifdef HAVE_FCHDIR 763 /* If we changed directory above, restore it here. */ 764 if (a->restore_pwd >= 0) { 765 r = fchdir(a->restore_pwd); 766 if (r != 0) { 767 archive_set_error(&a->archive, errno, 768 "chdir() failure"); 769 ret = ARCHIVE_FATAL; 770 } 771 close(a->restore_pwd); 772 a->restore_pwd = -1; 773 } 774#endif 775 776 /* 777 * Fixup uses the unedited pathname from archive_entry_pathname(), 778 * because it is relative to the base dir and the edited path 779 * might be relative to some intermediate dir as a result of the 780 * deep restore logic. 781 */ 782 if (a->deferred & TODO_MODE) { 783 fe = current_fixup(a, archive_entry_pathname(entry)); 784 if (fe == NULL) 785 return (ARCHIVE_FATAL); 786 fe->fixup |= TODO_MODE_BASE; 787 fe->mode = a->mode; 788 } 789 790 if ((a->deferred & TODO_TIMES) 791 && (archive_entry_mtime_is_set(entry) 792 || archive_entry_atime_is_set(entry))) { 793 fe = current_fixup(a, archive_entry_pathname(entry)); 794 if (fe == NULL) 795 return (ARCHIVE_FATAL); 796 fe->mode = a->mode; 797 fe->fixup |= TODO_TIMES; 798 if (archive_entry_atime_is_set(entry)) { 799 fe->atime = archive_entry_atime(entry); 800 fe->atime_nanos = archive_entry_atime_nsec(entry); 801 } else { 802 /* If atime is unset, use start time. */ 803 fe->atime = a->start_time; 804 fe->atime_nanos = 0; 805 } 806 if (archive_entry_mtime_is_set(entry)) { 807 fe->mtime = archive_entry_mtime(entry); 808 fe->mtime_nanos = archive_entry_mtime_nsec(entry); 809 } else { 810 /* If mtime is unset, use start time. */ 811 fe->mtime = a->start_time; 812 fe->mtime_nanos = 0; 813 } 814 if (archive_entry_birthtime_is_set(entry)) { 815 fe->birthtime = archive_entry_birthtime(entry); 816 fe->birthtime_nanos = archive_entry_birthtime_nsec( 817 entry); 818 } else { 819 /* If birthtime is unset, use mtime. */ 820 fe->birthtime = fe->mtime; 821 fe->birthtime_nanos = fe->mtime_nanos; 822 } 823 } 824 825 if (a->deferred & TODO_ACLS) { 826 fe = current_fixup(a, archive_entry_pathname(entry)); 827 if (fe == NULL) 828 return (ARCHIVE_FATAL); 829 fe->fixup |= TODO_ACLS; 830 archive_acl_copy(&fe->acl, archive_entry_acl(entry)); 831 } 832 833 if (a->deferred & TODO_MAC_METADATA) { 834 const void *metadata; 835 size_t metadata_size; 836 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 837 if (metadata != NULL && metadata_size > 0) { 838 fe = current_fixup(a, archive_entry_pathname(entry)); 839 if (fe == NULL) 840 return (ARCHIVE_FATAL); 841 fe->mac_metadata = malloc(metadata_size); 842 if (fe->mac_metadata != NULL) { 843 memcpy(fe->mac_metadata, metadata, 844 metadata_size); 845 fe->mac_metadata_size = metadata_size; 846 fe->fixup |= TODO_MAC_METADATA; 847 } 848 } 849 } 850 851 if (a->deferred & TODO_FFLAGS) { 852 fe = current_fixup(a, archive_entry_pathname(entry)); 853 if (fe == NULL) 854 return (ARCHIVE_FATAL); 855 fe->fixup |= TODO_FFLAGS; 856 /* TODO: Complete this.. defer fflags from below. */ 857 } 858 859 /* We've created the object and are ready to pour data into it. */ 860 if (ret >= ARCHIVE_WARN) 861 a->archive.state = ARCHIVE_STATE_DATA; 862 /* 863 * If it's not open, tell our client not to try writing. 864 * In particular, dirs, links, etc, don't get written to. 865 */ 866 if (a->fd < 0) { 867 archive_entry_set_size(entry, 0); 868 a->filesize = 0; 869 } 870 871 return (ret); 872} 873 874int 875archive_write_disk_set_skip_file(struct archive *_a, la_int64_t d, la_int64_t i) 876{ 877 struct archive_write_disk *a = (struct archive_write_disk *)_a; 878 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 879 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file"); 880 a->skip_file_set = 1; 881 a->skip_file_dev = d; 882 a->skip_file_ino = i; 883 return (ARCHIVE_OK); 884} 885 886static ssize_t 887write_data_block(struct archive_write_disk *a, const char *buff, size_t size) 888{ 889 uint64_t start_size = size; 890 ssize_t bytes_written = 0; 891 ssize_t block_size = 0, bytes_to_write; 892 893 if (size == 0) 894 return (ARCHIVE_OK); 895 896 if (a->filesize == 0 || a->fd < 0) { 897 archive_set_error(&a->archive, 0, 898 "Attempt to write to an empty file"); 899 return (ARCHIVE_WARN); 900 } 901 902 if (a->flags & ARCHIVE_EXTRACT_SPARSE) { 903#if HAVE_STRUCT_STAT_ST_BLKSIZE 904 int r; 905 if ((r = lazy_stat(a)) != ARCHIVE_OK) 906 return (r); 907 block_size = a->pst->st_blksize; 908#else 909 /* XXX TODO XXX Is there a more appropriate choice here ? */ 910 /* This needn't match the filesystem allocation size. */ 911 block_size = 16*1024; 912#endif 913 } 914 915 /* If this write would run beyond the file size, truncate it. */ 916 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 917 start_size = size = (size_t)(a->filesize - a->offset); 918 919 /* Write the data. */ 920 while (size > 0) { 921 if (block_size == 0) { 922 bytes_to_write = size; 923 } else { 924 /* We're sparsifying the file. */ 925 const char *p, *end; 926 int64_t block_end; 927 928 /* Skip leading zero bytes. */ 929 for (p = buff, end = buff + size; p < end; ++p) { 930 if (*p != '\0') 931 break; 932 } 933 a->offset += p - buff; 934 size -= p - buff; 935 buff = p; 936 if (size == 0) 937 break; 938 939 /* Calculate next block boundary after offset. */ 940 block_end 941 = (a->offset / block_size + 1) * block_size; 942 943 /* If the adjusted write would cross block boundary, 944 * truncate it to the block boundary. */ 945 bytes_to_write = size; 946 if (a->offset + bytes_to_write > block_end) 947 bytes_to_write = block_end - a->offset; 948 } 949 /* Seek if necessary to the specified offset. */ 950 if (a->offset != a->fd_offset) { 951 if (lseek(a->fd, a->offset, SEEK_SET) < 0) { 952 archive_set_error(&a->archive, errno, 953 "Seek failed"); 954 return (ARCHIVE_FATAL); 955 } 956 a->fd_offset = a->offset; 957 } 958 bytes_written = write(a->fd, buff, bytes_to_write); 959 if (bytes_written < 0) { 960 archive_set_error(&a->archive, errno, "Write failed"); 961 return (ARCHIVE_WARN); 962 } 963 buff += bytes_written; 964 size -= bytes_written; 965 a->total_bytes_written += bytes_written; 966 a->offset += bytes_written; 967 a->fd_offset = a->offset; 968 } 969 return (start_size - size); 970} 971 972#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 973 && defined(HAVE_ZLIB_H) 974 975/* 976 * Set UF_COMPRESSED file flag. 977 * This have to be called after hfs_write_decmpfs() because if the 978 * file does not have "com.apple.decmpfs" xattr the flag is ignored. 979 */ 980static int 981hfs_set_compressed_fflag(struct archive_write_disk *a) 982{ 983 int r; 984 985 if ((r = lazy_stat(a)) != ARCHIVE_OK) 986 return (r); 987 988 a->st.st_flags |= UF_COMPRESSED; 989 if (fchflags(a->fd, a->st.st_flags) != 0) { 990 archive_set_error(&a->archive, errno, 991 "Failed to set UF_COMPRESSED file flag"); 992 return (ARCHIVE_WARN); 993 } 994 return (ARCHIVE_OK); 995} 996 997/* 998 * HFS+ Compression decmpfs 999 * 1000 * +------------------------------+ +0 1001 * | Magic(LE 4 bytes) | 1002 * +------------------------------+ 1003 * | Type(LE 4 bytes) | 1004 * +------------------------------+ 1005 * | Uncompressed size(LE 8 bytes)| 1006 * +------------------------------+ +16 1007 * | | 1008 * | Compressed data | 1009 * | (Placed only if Type == 3) | 1010 * | | 1011 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE 1012 * 1013 * Type is 3: decmpfs has compressed data. 1014 * Type is 4: Resource Fork has compressed data. 1015 */ 1016/* 1017 * Write "com.apple.decmpfs" 1018 */ 1019static int 1020hfs_write_decmpfs(struct archive_write_disk *a) 1021{ 1022 int r; 1023 uint32_t compression_type; 1024 1025 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p, 1026 a->decmpfs_attr_size, 0, 0); 1027 if (r < 0) { 1028 archive_set_error(&a->archive, errno, 1029 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME); 1030 compression_type = archive_le32dec( 1031 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]); 1032 if (compression_type == CMP_RESOURCE_FORK) 1033 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 1034 XATTR_SHOWCOMPRESSION); 1035 return (ARCHIVE_WARN); 1036 } 1037 return (ARCHIVE_OK); 1038} 1039 1040/* 1041 * HFS+ Compression Resource Fork 1042 * 1043 * +-----------------------------+ 1044 * | Header(260 bytes) | 1045 * +-----------------------------+ 1046 * | Block count(LE 4 bytes) | 1047 * +-----------------------------+ --+ 1048 * +-- | Offset (LE 4 bytes) | | 1049 * | | [distance from Block count] | | Block 0 1050 * | +-----------------------------+ | 1051 * | | Compressed size(LE 4 bytes) | | 1052 * | +-----------------------------+ --+ 1053 * | | | 1054 * | | .................. | 1055 * | | | 1056 * | +-----------------------------+ --+ 1057 * | | Offset (LE 4 bytes) | | 1058 * | +-----------------------------+ | Block (Block count -1) 1059 * | | Compressed size(LE 4 bytes) | | 1060 * +-> +-----------------------------+ --+ 1061 * | Compressed data(n bytes) | Block 0 1062 * +-----------------------------+ 1063 * | | 1064 * | .................. | 1065 * | | 1066 * +-----------------------------+ 1067 * | Compressed data(n bytes) | Block (Block count -1) 1068 * +-----------------------------+ 1069 * | Footer(50 bytes) | 1070 * +-----------------------------+ 1071 * 1072 */ 1073/* 1074 * Write the header of "com.apple.ResourceFork" 1075 */ 1076static int 1077hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff, 1078 size_t bytes, uint32_t position) 1079{ 1080 int ret; 1081 1082 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes, 1083 position, a->rsrc_xattr_options); 1084 if (ret < 0) { 1085 archive_set_error(&a->archive, errno, 1086 "Cannot restore xattr: %s at %u pos %u bytes", 1087 XATTR_RESOURCEFORK_NAME, 1088 (unsigned)position, 1089 (unsigned)bytes); 1090 return (ARCHIVE_WARN); 1091 } 1092 a->rsrc_xattr_options &= ~XATTR_CREATE; 1093 return (ARCHIVE_OK); 1094} 1095 1096static int 1097hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed) 1098{ 1099 int ret; 1100 1101 ret = hfs_write_resource_fork(a, a->compressed_buffer, 1102 bytes_compressed, a->compressed_rsrc_position); 1103 if (ret == ARCHIVE_OK) 1104 a->compressed_rsrc_position += bytes_compressed; 1105 return (ret); 1106} 1107 1108static int 1109hfs_write_resource_fork_header(struct archive_write_disk *a) 1110{ 1111 unsigned char *buff; 1112 uint32_t rsrc_bytes; 1113 uint32_t rsrc_header_bytes; 1114 1115 /* 1116 * Write resource fork header + block info. 1117 */ 1118 buff = a->resource_fork; 1119 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE; 1120 rsrc_header_bytes = 1121 RSRC_H_SIZE + /* Header base size. */ 1122 4 + /* Block count. */ 1123 (a->decmpfs_block_count * 8);/* Block info */ 1124 archive_be32enc(buff, 0x100); 1125 archive_be32enc(buff + 4, rsrc_bytes); 1126 archive_be32enc(buff + 8, rsrc_bytes - 256); 1127 archive_be32enc(buff + 12, 0x32); 1128 memset(buff + 16, 0, 240); 1129 archive_be32enc(buff + 256, rsrc_bytes - 260); 1130 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0); 1131} 1132 1133static size_t 1134hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size) 1135{ 1136 static const char rsrc_footer[RSRC_F_SIZE] = { 1137 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1138 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1139 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1140 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm', 1141 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 1142 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1143 0x00, 0x00 1144 }; 1145 if (buff_size < sizeof(rsrc_footer)) 1146 return (0); 1147 memcpy(buff, rsrc_footer, sizeof(rsrc_footer)); 1148 return (sizeof(rsrc_footer)); 1149} 1150 1151static int 1152hfs_reset_compressor(struct archive_write_disk *a) 1153{ 1154 int ret; 1155 1156 if (a->stream_valid) 1157 ret = deflateReset(&a->stream); 1158 else 1159 ret = deflateInit(&a->stream, a->decmpfs_compression_level); 1160 1161 if (ret != Z_OK) { 1162 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1163 "Failed to initialize compressor"); 1164 return (ARCHIVE_FATAL); 1165 } else 1166 a->stream_valid = 1; 1167 1168 return (ARCHIVE_OK); 1169} 1170 1171static int 1172hfs_decompress(struct archive_write_disk *a) 1173{ 1174 uint32_t *block_info; 1175 unsigned int block_count; 1176 uint32_t data_pos, data_size; 1177 ssize_t r; 1178 ssize_t bytes_written, bytes_to_write; 1179 unsigned char *b; 1180 1181 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1182 block_count = archive_le32dec(block_info++); 1183 while (block_count--) { 1184 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++); 1185 data_size = archive_le32dec(block_info++); 1186 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME, 1187 a->compressed_buffer, data_size, data_pos, 0); 1188 if (r != data_size) { 1189 archive_set_error(&a->archive, 1190 (r < 0)?errno:ARCHIVE_ERRNO_MISC, 1191 "Failed to read resource fork"); 1192 return (ARCHIVE_WARN); 1193 } 1194 if (a->compressed_buffer[0] == 0xff) { 1195 bytes_to_write = data_size -1; 1196 b = a->compressed_buffer + 1; 1197 } else { 1198 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE; 1199 int zr; 1200 1201 zr = uncompress((Bytef *)a->uncompressed_buffer, 1202 &dest_len, a->compressed_buffer, data_size); 1203 if (zr != Z_OK) { 1204 archive_set_error(&a->archive, 1205 ARCHIVE_ERRNO_MISC, 1206 "Failed to decompress resource fork"); 1207 return (ARCHIVE_WARN); 1208 } 1209 bytes_to_write = dest_len; 1210 b = (unsigned char *)a->uncompressed_buffer; 1211 } 1212 do { 1213 bytes_written = write(a->fd, b, bytes_to_write); 1214 if (bytes_written < 0) { 1215 archive_set_error(&a->archive, errno, 1216 "Write failed"); 1217 return (ARCHIVE_WARN); 1218 } 1219 bytes_to_write -= bytes_written; 1220 b += bytes_written; 1221 } while (bytes_to_write > 0); 1222 } 1223 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0); 1224 if (r == -1) { 1225 archive_set_error(&a->archive, errno, 1226 "Failed to remove resource fork"); 1227 return (ARCHIVE_WARN); 1228 } 1229 return (ARCHIVE_OK); 1230} 1231 1232static int 1233hfs_drive_compressor(struct archive_write_disk *a, const char *buff, 1234 size_t size) 1235{ 1236 unsigned char *buffer_compressed; 1237 size_t bytes_compressed; 1238 size_t bytes_used; 1239 int ret; 1240 1241 ret = hfs_reset_compressor(a); 1242 if (ret != ARCHIVE_OK) 1243 return (ret); 1244 1245 if (a->compressed_buffer == NULL) { 1246 size_t block_size; 1247 1248 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE + 1249 + compressBound(MAX_DECMPFS_BLOCK_SIZE); 1250 a->compressed_buffer = malloc(block_size); 1251 if (a->compressed_buffer == NULL) { 1252 archive_set_error(&a->archive, ENOMEM, 1253 "Can't allocate memory for Resource Fork"); 1254 return (ARCHIVE_FATAL); 1255 } 1256 a->compressed_buffer_size = block_size; 1257 a->compressed_buffer_remaining = block_size; 1258 } 1259 1260 buffer_compressed = a->compressed_buffer + 1261 a->compressed_buffer_size - a->compressed_buffer_remaining; 1262 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff; 1263 a->stream.avail_in = size; 1264 a->stream.next_out = buffer_compressed; 1265 a->stream.avail_out = a->compressed_buffer_remaining; 1266 do { 1267 ret = deflate(&a->stream, Z_FINISH); 1268 switch (ret) { 1269 case Z_OK: 1270 case Z_STREAM_END: 1271 break; 1272 default: 1273 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1274 "Failed to compress data"); 1275 return (ARCHIVE_FAILED); 1276 } 1277 } while (ret == Z_OK); 1278 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out; 1279 1280 /* 1281 * If the compressed size is larger than the original size, 1282 * throw away compressed data, use uncompressed data instead. 1283 */ 1284 if (bytes_compressed > size) { 1285 buffer_compressed[0] = 0xFF;/* uncompressed marker. */ 1286 memcpy(buffer_compressed + 1, buff, size); 1287 bytes_compressed = size + 1; 1288 } 1289 a->compressed_buffer_remaining -= bytes_compressed; 1290 1291 /* 1292 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE 1293 * and the block count in the file is only one, store compressed 1294 * data to decmpfs xattr instead of the resource fork. 1295 */ 1296 if (a->decmpfs_block_count == 1 && 1297 (a->decmpfs_attr_size + bytes_compressed) 1298 <= MAX_DECMPFS_XATTR_SIZE) { 1299 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1300 CMP_XATTR); 1301 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE, 1302 buffer_compressed, bytes_compressed); 1303 a->decmpfs_attr_size += bytes_compressed; 1304 a->compressed_buffer_remaining = a->compressed_buffer_size; 1305 /* 1306 * Finish HFS+ Compression. 1307 * - Write the decmpfs xattr. 1308 * - Set the UF_COMPRESSED file flag. 1309 */ 1310 ret = hfs_write_decmpfs(a); 1311 if (ret == ARCHIVE_OK) 1312 ret = hfs_set_compressed_fflag(a); 1313 return (ret); 1314 } 1315 1316 /* Update block info. */ 1317 archive_le32enc(a->decmpfs_block_info++, 1318 a->compressed_rsrc_position_v - RSRC_H_SIZE); 1319 archive_le32enc(a->decmpfs_block_info++, bytes_compressed); 1320 a->compressed_rsrc_position_v += bytes_compressed; 1321 1322 /* 1323 * Write the compressed data to the resource fork. 1324 */ 1325 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining; 1326 while (bytes_used >= COMPRESSED_W_SIZE) { 1327 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE); 1328 if (ret != ARCHIVE_OK) 1329 return (ret); 1330 bytes_used -= COMPRESSED_W_SIZE; 1331 if (bytes_used > COMPRESSED_W_SIZE) 1332 memmove(a->compressed_buffer, 1333 a->compressed_buffer + COMPRESSED_W_SIZE, 1334 bytes_used); 1335 else 1336 memcpy(a->compressed_buffer, 1337 a->compressed_buffer + COMPRESSED_W_SIZE, 1338 bytes_used); 1339 } 1340 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used; 1341 1342 /* 1343 * If the current block is the last block, write the remaining 1344 * compressed data and the resource fork footer. 1345 */ 1346 if (a->file_remaining_bytes == 0) { 1347 size_t rsrc_size; 1348 int64_t bk; 1349 1350 /* Append the resource footer. */ 1351 rsrc_size = hfs_set_resource_fork_footer( 1352 a->compressed_buffer + bytes_used, 1353 a->compressed_buffer_remaining); 1354 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size); 1355 a->compressed_buffer_remaining = a->compressed_buffer_size; 1356 1357 /* If the compressed size is not enough smaller than 1358 * the uncompressed size. cancel HFS+ compression. 1359 * TODO: study a behavior of ditto utility and improve 1360 * the condition to fall back into no HFS+ compression. */ 1361 bk = HFS_BLOCKS(a->compressed_rsrc_position); 1362 bk += bk >> 7; 1363 if (bk > HFS_BLOCKS(a->filesize)) 1364 return hfs_decompress(a); 1365 /* 1366 * Write the resourcefork header. 1367 */ 1368 if (ret == ARCHIVE_OK) 1369 ret = hfs_write_resource_fork_header(a); 1370 /* 1371 * Finish HFS+ Compression. 1372 * - Write the decmpfs xattr. 1373 * - Set the UF_COMPRESSED file flag. 1374 */ 1375 if (ret == ARCHIVE_OK) 1376 ret = hfs_write_decmpfs(a); 1377 if (ret == ARCHIVE_OK) 1378 ret = hfs_set_compressed_fflag(a); 1379 } 1380 return (ret); 1381} 1382 1383static ssize_t 1384hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff, 1385 size_t size) 1386{ 1387 const char *buffer_to_write; 1388 size_t bytes_to_write; 1389 int ret; 1390 1391 if (a->decmpfs_block_count == (unsigned)-1) { 1392 void *new_block; 1393 size_t new_size; 1394 unsigned int block_count; 1395 1396 if (a->decmpfs_header_p == NULL) { 1397 new_block = malloc(MAX_DECMPFS_XATTR_SIZE 1398 + sizeof(uint32_t)); 1399 if (new_block == NULL) { 1400 archive_set_error(&a->archive, ENOMEM, 1401 "Can't allocate memory for decmpfs"); 1402 return (ARCHIVE_FATAL); 1403 } 1404 a->decmpfs_header_p = new_block; 1405 } 1406 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE; 1407 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC], 1408 DECMPFS_MAGIC); 1409 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1410 CMP_RESOURCE_FORK); 1411 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE], 1412 a->filesize); 1413 1414 /* Calculate a block count of the file. */ 1415 block_count = 1416 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) / 1417 MAX_DECMPFS_BLOCK_SIZE; 1418 /* 1419 * Allocate buffer for resource fork. 1420 * Set up related pointers; 1421 */ 1422 new_size = 1423 RSRC_H_SIZE + /* header */ 1424 4 + /* Block count */ 1425 (block_count * sizeof(uint32_t) * 2) + 1426 RSRC_F_SIZE; /* footer */ 1427 if (new_size > a->resource_fork_allocated_size) { 1428 new_block = realloc(a->resource_fork, new_size); 1429 if (new_block == NULL) { 1430 archive_set_error(&a->archive, ENOMEM, 1431 "Can't allocate memory for ResourceFork"); 1432 return (ARCHIVE_FATAL); 1433 } 1434 a->resource_fork_allocated_size = new_size; 1435 a->resource_fork = new_block; 1436 } 1437 1438 /* Allocate uncompressed buffer */ 1439 if (a->uncompressed_buffer == NULL) { 1440 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE); 1441 if (new_block == NULL) { 1442 archive_set_error(&a->archive, ENOMEM, 1443 "Can't allocate memory for decmpfs"); 1444 return (ARCHIVE_FATAL); 1445 } 1446 a->uncompressed_buffer = new_block; 1447 } 1448 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1449 a->file_remaining_bytes = a->filesize; 1450 a->compressed_buffer_remaining = a->compressed_buffer_size; 1451 1452 /* 1453 * Set up a resource fork. 1454 */ 1455 a->rsrc_xattr_options = XATTR_CREATE; 1456 /* Get the position where we are going to set a bunch 1457 * of block info. */ 1458 a->decmpfs_block_info = 1459 (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1460 /* Set the block count to the resource fork. */ 1461 archive_le32enc(a->decmpfs_block_info++, block_count); 1462 /* Get the position where we are going to set compressed 1463 * data. */ 1464 a->compressed_rsrc_position = 1465 RSRC_H_SIZE + 4 + (block_count * 8); 1466 a->compressed_rsrc_position_v = a->compressed_rsrc_position; 1467 a->decmpfs_block_count = block_count; 1468 } 1469 1470 /* Ignore redundant bytes. */ 1471 if (a->file_remaining_bytes == 0) 1472 return ((ssize_t)size); 1473 1474 /* Do not overrun a block size. */ 1475 if (size > a->block_remaining_bytes) 1476 bytes_to_write = a->block_remaining_bytes; 1477 else 1478 bytes_to_write = size; 1479 /* Do not overrun the file size. */ 1480 if (bytes_to_write > a->file_remaining_bytes) 1481 bytes_to_write = a->file_remaining_bytes; 1482 1483 /* For efficiency, if a copy length is full of the uncompressed 1484 * buffer size, do not copy writing data to it. */ 1485 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE) 1486 buffer_to_write = buff; 1487 else { 1488 memcpy(a->uncompressed_buffer + 1489 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes, 1490 buff, bytes_to_write); 1491 buffer_to_write = a->uncompressed_buffer; 1492 } 1493 a->block_remaining_bytes -= bytes_to_write; 1494 a->file_remaining_bytes -= bytes_to_write; 1495 1496 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) { 1497 ret = hfs_drive_compressor(a, buffer_to_write, 1498 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes); 1499 if (ret < 0) 1500 return (ret); 1501 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1502 } 1503 /* Ignore redundant bytes. */ 1504 if (a->file_remaining_bytes == 0) 1505 return ((ssize_t)size); 1506 return (bytes_to_write); 1507} 1508 1509static ssize_t 1510hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1511 size_t size) 1512{ 1513 uint64_t start_size = size; 1514 ssize_t bytes_written = 0; 1515 ssize_t bytes_to_write; 1516 1517 if (size == 0) 1518 return (ARCHIVE_OK); 1519 1520 if (a->filesize == 0 || a->fd < 0) { 1521 archive_set_error(&a->archive, 0, 1522 "Attempt to write to an empty file"); 1523 return (ARCHIVE_WARN); 1524 } 1525 1526 /* If this write would run beyond the file size, truncate it. */ 1527 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 1528 start_size = size = (size_t)(a->filesize - a->offset); 1529 1530 /* Write the data. */ 1531 while (size > 0) { 1532 bytes_to_write = size; 1533 /* Seek if necessary to the specified offset. */ 1534 if (a->offset < a->fd_offset) { 1535 /* Can't support backward move. */ 1536 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1537 "Seek failed"); 1538 return (ARCHIVE_FATAL); 1539 } else if (a->offset > a->fd_offset) { 1540 int64_t skip = a->offset - a->fd_offset; 1541 char nullblock[1024]; 1542 1543 memset(nullblock, 0, sizeof(nullblock)); 1544 while (skip > 0) { 1545 if (skip > (int64_t)sizeof(nullblock)) 1546 bytes_written = hfs_write_decmpfs_block( 1547 a, nullblock, sizeof(nullblock)); 1548 else 1549 bytes_written = hfs_write_decmpfs_block( 1550 a, nullblock, skip); 1551 if (bytes_written < 0) { 1552 archive_set_error(&a->archive, errno, 1553 "Write failed"); 1554 return (ARCHIVE_WARN); 1555 } 1556 skip -= bytes_written; 1557 } 1558 1559 a->fd_offset = a->offset; 1560 } 1561 bytes_written = 1562 hfs_write_decmpfs_block(a, buff, bytes_to_write); 1563 if (bytes_written < 0) 1564 return (bytes_written); 1565 buff += bytes_written; 1566 size -= bytes_written; 1567 a->total_bytes_written += bytes_written; 1568 a->offset += bytes_written; 1569 a->fd_offset = a->offset; 1570 } 1571 return (start_size - size); 1572} 1573#else 1574static ssize_t 1575hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1576 size_t size) 1577{ 1578 return (write_data_block(a, buff, size)); 1579} 1580#endif 1581 1582static ssize_t 1583_archive_write_disk_data_block(struct archive *_a, 1584 const void *buff, size_t size, int64_t offset) 1585{ 1586 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1587 ssize_t r; 1588 1589 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1590 ARCHIVE_STATE_DATA, "archive_write_data_block"); 1591 1592 a->offset = offset; 1593 if (a->todo & TODO_HFS_COMPRESSION) 1594 r = hfs_write_data_block(a, buff, size); 1595 else 1596 r = write_data_block(a, buff, size); 1597 if (r < ARCHIVE_OK) 1598 return (r); 1599 if ((size_t)r < size) { 1600 archive_set_error(&a->archive, 0, 1601 "Too much data: Truncating file at %ju bytes", 1602 (uintmax_t)a->filesize); 1603 return (ARCHIVE_WARN); 1604 } 1605#if ARCHIVE_VERSION_NUMBER < 3999000 1606 return (ARCHIVE_OK); 1607#else 1608 return (size); 1609#endif 1610} 1611 1612static ssize_t 1613_archive_write_disk_data(struct archive *_a, const void *buff, size_t size) 1614{ 1615 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1616 1617 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1618 ARCHIVE_STATE_DATA, "archive_write_data"); 1619 1620 if (a->todo & TODO_HFS_COMPRESSION) 1621 return (hfs_write_data_block(a, buff, size)); 1622 return (write_data_block(a, buff, size)); 1623} 1624 1625static int 1626_archive_write_disk_finish_entry(struct archive *_a) 1627{ 1628 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1629 int ret = ARCHIVE_OK; 1630 1631 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1632 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 1633 "archive_write_finish_entry"); 1634 if (a->archive.state & ARCHIVE_STATE_HEADER) 1635 return (ARCHIVE_OK); 1636 archive_clear_error(&a->archive); 1637 1638 /* Pad or truncate file to the right size. */ 1639 if (a->fd < 0) { 1640 /* There's no file. */ 1641 } else if (a->filesize < 0) { 1642 /* File size is unknown, so we can't set the size. */ 1643 } else if (a->fd_offset == a->filesize) { 1644 /* Last write ended at exactly the filesize; we're done. */ 1645 /* Hopefully, this is the common case. */ 1646#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 1647 } else if (a->todo & TODO_HFS_COMPRESSION) { 1648 char null_d[1024]; 1649 ssize_t r; 1650 1651 if (a->file_remaining_bytes) 1652 memset(null_d, 0, sizeof(null_d)); 1653 while (a->file_remaining_bytes) { 1654 if (a->file_remaining_bytes > sizeof(null_d)) 1655 r = hfs_write_data_block( 1656 a, null_d, sizeof(null_d)); 1657 else 1658 r = hfs_write_data_block( 1659 a, null_d, a->file_remaining_bytes); 1660 if (r < 0) 1661 return ((int)r); 1662 } 1663#endif 1664 } else { 1665#if HAVE_FTRUNCATE 1666 if (ftruncate(a->fd, a->filesize) == -1 && 1667 a->filesize == 0) { 1668 archive_set_error(&a->archive, errno, 1669 "File size could not be restored"); 1670 return (ARCHIVE_FAILED); 1671 } 1672#endif 1673 /* 1674 * Not all platforms implement the XSI option to 1675 * extend files via ftruncate. Stat() the file again 1676 * to see what happened. 1677 */ 1678 a->pst = NULL; 1679 if ((ret = lazy_stat(a)) != ARCHIVE_OK) 1680 return (ret); 1681 /* We can use lseek()/write() to extend the file if 1682 * ftruncate didn't work or isn't available. */ 1683 if (a->st.st_size < a->filesize) { 1684 const char nul = '\0'; 1685 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) { 1686 archive_set_error(&a->archive, errno, 1687 "Seek failed"); 1688 return (ARCHIVE_FATAL); 1689 } 1690 if (write(a->fd, &nul, 1) < 0) { 1691 archive_set_error(&a->archive, errno, 1692 "Write to restore size failed"); 1693 return (ARCHIVE_FATAL); 1694 } 1695 a->pst = NULL; 1696 } 1697 } 1698 1699 /* Restore metadata. */ 1700 1701 /* 1702 * This is specific to Mac OS X. 1703 * If the current file is an AppleDouble file, it should be 1704 * linked with the data fork file and remove it. 1705 */ 1706 if (a->todo & TODO_APPLEDOUBLE) { 1707 int r2 = fixup_appledouble(a, a->name); 1708 if (r2 == ARCHIVE_EOF) { 1709 /* The current file has been successfully linked 1710 * with the data fork file and removed. So there 1711 * is nothing to do on the current file. */ 1712 goto finish_metadata; 1713 } 1714 if (r2 < ret) ret = r2; 1715 } 1716 1717 /* 1718 * Look up the "real" UID only if we're going to need it. 1719 * TODO: the TODO_SGID condition can be dropped here, can't it? 1720 */ 1721 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) { 1722 a->uid = archive_write_disk_uid(&a->archive, 1723 archive_entry_uname(a->entry), 1724 archive_entry_uid(a->entry)); 1725 } 1726 /* Look up the "real" GID only if we're going to need it. */ 1727 /* TODO: the TODO_SUID condition can be dropped here, can't it? */ 1728 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) { 1729 a->gid = archive_write_disk_gid(&a->archive, 1730 archive_entry_gname(a->entry), 1731 archive_entry_gid(a->entry)); 1732 } 1733 1734 /* 1735 * Restore ownership before set_mode tries to restore suid/sgid 1736 * bits. If we set the owner, we know what it is and can skip 1737 * a stat() call to examine the ownership of the file on disk. 1738 */ 1739 if (a->todo & TODO_OWNER) { 1740 int r2 = set_ownership(a); 1741 if (r2 < ret) ret = r2; 1742 } 1743 1744 /* 1745 * set_mode must precede ACLs on systems such as Solaris and 1746 * FreeBSD where setting the mode implicitly clears extended ACLs 1747 */ 1748 if (a->todo & TODO_MODE) { 1749 int r2 = set_mode(a, a->mode); 1750 if (r2 < ret) ret = r2; 1751 } 1752 1753 /* 1754 * Security-related extended attributes (such as 1755 * security.capability on Linux) have to be restored last, 1756 * since they're implicitly removed by other file changes. 1757 */ 1758 if (a->todo & TODO_XATTR) { 1759 int r2 = set_xattrs(a); 1760 if (r2 < ret) ret = r2; 1761 } 1762 1763 /* 1764 * Some flags prevent file modification; they must be restored after 1765 * file contents are written. 1766 */ 1767 if (a->todo & TODO_FFLAGS) { 1768 int r2 = set_fflags(a); 1769 if (r2 < ret) ret = r2; 1770 } 1771 1772 /* 1773 * Time must follow most other metadata; 1774 * otherwise atime will get changed. 1775 */ 1776 if (a->todo & TODO_TIMES) { 1777 int r2 = set_times_from_entry(a); 1778 if (r2 < ret) ret = r2; 1779 } 1780 1781 /* 1782 * Mac extended metadata includes ACLs. 1783 */ 1784 if (a->todo & TODO_MAC_METADATA) { 1785 const void *metadata; 1786 size_t metadata_size; 1787 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 1788 if (metadata != NULL && metadata_size > 0) { 1789 int r2 = set_mac_metadata(a, archive_entry_pathname( 1790 a->entry), metadata, metadata_size); 1791 if (r2 < ret) ret = r2; 1792 } 1793 } 1794 1795 /* 1796 * ACLs must be restored after timestamps because there are 1797 * ACLs that prevent attribute changes (including time). 1798 */ 1799 if (a->todo & TODO_ACLS) { 1800 int r2; 1801 r2 = archive_write_disk_set_acls(&a->archive, a->fd, 1802 archive_entry_pathname(a->entry), 1803 archive_entry_acl(a->entry), 1804 archive_entry_mode(a->entry)); 1805 if (r2 < ret) ret = r2; 1806 } 1807 1808finish_metadata: 1809 /* If there's an fd, we can close it now. */ 1810 if (a->fd >= 0) { 1811 close(a->fd); 1812 a->fd = -1; 1813 } 1814 /* If there's an entry, we can release it now. */ 1815 archive_entry_free(a->entry); 1816 a->entry = NULL; 1817 a->archive.state = ARCHIVE_STATE_HEADER; 1818 return (ret); 1819} 1820 1821int 1822archive_write_disk_set_group_lookup(struct archive *_a, 1823 void *private_data, 1824 la_int64_t (*lookup_gid)(void *private, const char *gname, la_int64_t gid), 1825 void (*cleanup_gid)(void *private)) 1826{ 1827 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1828 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1829 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup"); 1830 1831 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL) 1832 (a->cleanup_gid)(a->lookup_gid_data); 1833 1834 a->lookup_gid = lookup_gid; 1835 a->cleanup_gid = cleanup_gid; 1836 a->lookup_gid_data = private_data; 1837 return (ARCHIVE_OK); 1838} 1839 1840int 1841archive_write_disk_set_user_lookup(struct archive *_a, 1842 void *private_data, 1843 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid), 1844 void (*cleanup_uid)(void *private)) 1845{ 1846 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1847 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1848 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup"); 1849 1850 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL) 1851 (a->cleanup_uid)(a->lookup_uid_data); 1852 1853 a->lookup_uid = lookup_uid; 1854 a->cleanup_uid = cleanup_uid; 1855 a->lookup_uid_data = private_data; 1856 return (ARCHIVE_OK); 1857} 1858 1859int64_t 1860archive_write_disk_gid(struct archive *_a, const char *name, la_int64_t id) 1861{ 1862 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1863 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1864 ARCHIVE_STATE_ANY, "archive_write_disk_gid"); 1865 if (a->lookup_gid) 1866 return (a->lookup_gid)(a->lookup_gid_data, name, id); 1867 return (id); 1868} 1869 1870int64_t 1871archive_write_disk_uid(struct archive *_a, const char *name, la_int64_t id) 1872{ 1873 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1874 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1875 ARCHIVE_STATE_ANY, "archive_write_disk_uid"); 1876 if (a->lookup_uid) 1877 return (a->lookup_uid)(a->lookup_uid_data, name, id); 1878 return (id); 1879} 1880 1881/* 1882 * Create a new archive_write_disk object and initialize it with global state. 1883 */ 1884struct archive * 1885archive_write_disk_new(void) 1886{ 1887 struct archive_write_disk *a; 1888 1889 a = (struct archive_write_disk *)calloc(1, sizeof(*a)); 1890 if (a == NULL) 1891 return (NULL); 1892 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC; 1893 /* We're ready to write a header immediately. */ 1894 a->archive.state = ARCHIVE_STATE_HEADER; 1895 a->archive.vtable = archive_write_disk_vtable(); 1896 a->start_time = time(NULL); 1897 /* Query and restore the umask. */ 1898 umask(a->user_umask = umask(0)); 1899#ifdef HAVE_GETEUID 1900 a->user_uid = geteuid(); 1901#endif /* HAVE_GETEUID */ 1902 if (archive_string_ensure(&a->path_safe, 512) == NULL) { 1903 free(a); 1904 return (NULL); 1905 } 1906#ifdef HAVE_ZLIB_H 1907 a->decmpfs_compression_level = 5; 1908#endif 1909 return (&a->archive); 1910} 1911 1912 1913/* 1914 * If pathname is longer than PATH_MAX, chdir to a suitable 1915 * intermediate dir and edit the path down to a shorter suffix. Note 1916 * that this routine never returns an error; if the chdir() attempt 1917 * fails for any reason, we just go ahead with the long pathname. The 1918 * object creation is likely to fail, but any error will get handled 1919 * at that time. 1920 */ 1921#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 1922static void 1923edit_deep_directories(struct archive_write_disk *a) 1924{ 1925 int ret; 1926 char *tail = a->name; 1927 1928 /* If path is short, avoid the open() below. */ 1929 if (strlen(tail) < PATH_MAX) 1930 return; 1931 1932 /* Try to record our starting dir. */ 1933 a->restore_pwd = la_opendirat(AT_FDCWD, "."); 1934 __archive_ensure_cloexec_flag(a->restore_pwd); 1935 if (a->restore_pwd < 0) 1936 return; 1937 1938 /* As long as the path is too long... */ 1939 while (strlen(tail) >= PATH_MAX) { 1940 /* Locate a dir prefix shorter than PATH_MAX. */ 1941 tail += PATH_MAX - 8; 1942 while (tail > a->name && *tail != '/') 1943 tail--; 1944 /* Exit if we find a too-long path component. */ 1945 if (tail <= a->name) 1946 return; 1947 /* Create the intermediate dir and chdir to it. */ 1948 *tail = '\0'; /* Terminate dir portion */ 1949 ret = create_dir(a, a->name); 1950 if (ret == ARCHIVE_OK && chdir(a->name) != 0) 1951 ret = ARCHIVE_FAILED; 1952 *tail = '/'; /* Restore the / we removed. */ 1953 if (ret != ARCHIVE_OK) 1954 return; 1955 tail++; 1956 /* The chdir() succeeded; we've now shortened the path. */ 1957 a->name = tail; 1958 } 1959 return; 1960} 1961#endif 1962 1963/* 1964 * The main restore function. 1965 */ 1966static int 1967restore_entry(struct archive_write_disk *a) 1968{ 1969 int ret = ARCHIVE_OK, en; 1970 1971 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) { 1972 /* 1973 * TODO: Fix this. Apparently, there are platforms 1974 * that still allow root to hose the entire filesystem 1975 * by unlinking a dir. The S_ISDIR() test above 1976 * prevents us from using unlink() here if the new 1977 * object is a dir, but that doesn't mean the old 1978 * object isn't a dir. 1979 */ 1980 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 1981 (void)clear_nochange_fflags(a); 1982 if (unlink(a->name) == 0) { 1983 /* We removed it, reset cached stat. */ 1984 a->pst = NULL; 1985 } else if (errno == ENOENT) { 1986 /* File didn't exist, that's just as good. */ 1987 } else if (rmdir(a->name) == 0) { 1988 /* It was a dir, but now it's gone. */ 1989 a->pst = NULL; 1990 } else { 1991 /* We tried, but couldn't get rid of it. */ 1992 archive_set_error(&a->archive, errno, 1993 "Could not unlink"); 1994 return(ARCHIVE_FAILED); 1995 } 1996 } 1997 1998 /* Try creating it first; if this fails, we'll try to recover. */ 1999 en = create_filesystem_object(a); 2000 2001 if ((en == ENOTDIR || en == ENOENT) 2002 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) { 2003 /* If the parent dir doesn't exist, try creating it. */ 2004 create_parent_dir(a, a->name); 2005 /* Now try to create the object again. */ 2006 en = create_filesystem_object(a); 2007 } 2008 2009 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) { 2010 archive_set_error(&a->archive, en, 2011 "Hard-link target '%s' does not exist.", 2012 archive_entry_hardlink(a->entry)); 2013 return (ARCHIVE_FAILED); 2014 } 2015 2016 if ((en == EISDIR || en == EEXIST) 2017 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 2018 /* If we're not overwriting, we're done. */ 2019 if (S_ISDIR(a->mode)) { 2020 /* Don't overwrite any settings on existing directories. */ 2021 a->todo = 0; 2022 } 2023 archive_entry_unset_size(a->entry); 2024 return (ARCHIVE_OK); 2025 } 2026 2027 /* 2028 * Some platforms return EISDIR if you call 2029 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some 2030 * return EEXIST. POSIX is ambiguous, requiring EISDIR 2031 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT) 2032 * on an existing item. 2033 */ 2034 if (en == EISDIR) { 2035 /* A dir is in the way of a non-dir, rmdir it. */ 2036 if (rmdir(a->name) != 0) { 2037 archive_set_error(&a->archive, errno, 2038 "Can't remove already-existing dir"); 2039 return (ARCHIVE_FAILED); 2040 } 2041 a->pst = NULL; 2042 /* Try again. */ 2043 en = create_filesystem_object(a); 2044 } else if (en == EEXIST) { 2045 /* 2046 * We know something is in the way, but we don't know what; 2047 * we need to find out before we go any further. 2048 */ 2049 int r = 0; 2050 /* 2051 * The SECURE_SYMLINKS logic has already removed a 2052 * symlink to a dir if the client wants that. So 2053 * follow the symlink if we're creating a dir. 2054 */ 2055 if (S_ISDIR(a->mode)) 2056 r = la_stat(a->name, &a->st); 2057 /* 2058 * If it's not a dir (or it's a broken symlink), 2059 * then don't follow it. 2060 */ 2061 if (r != 0 || !S_ISDIR(a->mode)) 2062 r = lstat(a->name, &a->st); 2063 if (r != 0) { 2064 archive_set_error(&a->archive, errno, 2065 "Can't stat existing object"); 2066 return (ARCHIVE_FAILED); 2067 } 2068 2069 /* 2070 * NO_OVERWRITE_NEWER doesn't apply to directories. 2071 */ 2072 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER) 2073 && !S_ISDIR(a->st.st_mode)) { 2074 if (!older(&(a->st), a->entry)) { 2075 archive_entry_unset_size(a->entry); 2076 return (ARCHIVE_OK); 2077 } 2078 } 2079 2080 /* If it's our archive, we're done. */ 2081 if (a->skip_file_set && 2082 a->st.st_dev == (dev_t)a->skip_file_dev && 2083 a->st.st_ino == (ino_t)a->skip_file_ino) { 2084 archive_set_error(&a->archive, 0, 2085 "Refusing to overwrite archive"); 2086 return (ARCHIVE_FAILED); 2087 } 2088 2089 if (!S_ISDIR(a->st.st_mode)) { 2090 /* A non-dir is in the way, unlink it. */ 2091 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2092 (void)clear_nochange_fflags(a); 2093 if (unlink(a->name) != 0) { 2094 archive_set_error(&a->archive, errno, 2095 "Can't unlink already-existing object"); 2096 return (ARCHIVE_FAILED); 2097 } 2098 a->pst = NULL; 2099 /* Try again. */ 2100 en = create_filesystem_object(a); 2101 } else if (!S_ISDIR(a->mode)) { 2102 /* A dir is in the way of a non-dir, rmdir it. */ 2103 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2104 (void)clear_nochange_fflags(a); 2105 if (rmdir(a->name) != 0) { 2106 archive_set_error(&a->archive, errno, 2107 "Can't replace existing directory with non-directory"); 2108 return (ARCHIVE_FAILED); 2109 } 2110 /* Try again. */ 2111 en = create_filesystem_object(a); 2112 } else { 2113 /* 2114 * There's a dir in the way of a dir. Don't 2115 * waste time with rmdir()/mkdir(), just fix 2116 * up the permissions on the existing dir. 2117 * Note that we don't change perms on existing 2118 * dirs unless _EXTRACT_PERM is specified. 2119 */ 2120 if ((a->mode != a->st.st_mode) 2121 && (a->todo & TODO_MODE_FORCE)) 2122 a->deferred |= (a->todo & TODO_MODE); 2123 /* Ownership doesn't need deferred fixup. */ 2124 en = 0; /* Forget the EEXIST. */ 2125 } 2126 } 2127 2128 if (en) { 2129 /* Everything failed; give up here. */ 2130 if ((&a->archive)->error == NULL) 2131 archive_set_error(&a->archive, en, "Can't create '%s'", 2132 a->name); 2133 return (ARCHIVE_FAILED); 2134 } 2135 2136 a->pst = NULL; /* Cached stat data no longer valid. */ 2137 return (ret); 2138} 2139 2140/* 2141 * Returns 0 if creation succeeds, or else returns errno value from 2142 * the failed system call. Note: This function should only ever perform 2143 * a single system call. 2144 */ 2145static int 2146create_filesystem_object(struct archive_write_disk *a) 2147{ 2148 /* Create the entry. */ 2149 const char *linkname; 2150 mode_t final_mode, mode; 2151 int r; 2152 /* these for check_symlinks_fsobj */ 2153 char *linkname_copy; /* non-const copy of linkname */ 2154 struct stat st; 2155 struct archive_string error_string; 2156 int error_number; 2157 2158 /* We identify hard/symlinks according to the link names. */ 2159 /* Since link(2) and symlink(2) don't handle modes, we're done here. */ 2160 linkname = archive_entry_hardlink(a->entry); 2161 if (linkname != NULL) { 2162#if !HAVE_LINK 2163 return (EPERM); 2164#else 2165 archive_string_init(&error_string); 2166 linkname_copy = strdup(linkname); 2167 if (linkname_copy == NULL) { 2168 return (EPERM); 2169 } 2170 /* 2171 * TODO: consider using the cleaned-up path as the link 2172 * target? 2173 */ 2174 r = cleanup_pathname_fsobj(linkname_copy, &error_number, 2175 &error_string, a->flags); 2176 if (r != ARCHIVE_OK) { 2177 archive_set_error(&a->archive, error_number, "%s", 2178 error_string.s); 2179 free(linkname_copy); 2180 archive_string_free(&error_string); 2181 /* 2182 * EPERM is more appropriate than error_number for our 2183 * callers 2184 */ 2185 return (EPERM); 2186 } 2187 r = check_symlinks_fsobj(linkname_copy, &error_number, 2188 &error_string, a->flags); 2189 if (r != ARCHIVE_OK) { 2190 archive_set_error(&a->archive, error_number, "%s", 2191 error_string.s); 2192 free(linkname_copy); 2193 archive_string_free(&error_string); 2194 /* 2195 * EPERM is more appropriate than error_number for our 2196 * callers 2197 */ 2198 return (EPERM); 2199 } 2200 free(linkname_copy); 2201 archive_string_free(&error_string); 2202 r = link(linkname, a->name) ? errno : 0; 2203 /* 2204 * New cpio and pax formats allow hardlink entries 2205 * to carry data, so we may have to open the file 2206 * for hardlink entries. 2207 * 2208 * If the hardlink was successfully created and 2209 * the archive doesn't have carry data for it, 2210 * consider it to be non-authoritative for meta data. 2211 * This is consistent with GNU tar and BSD pax. 2212 * If the hardlink does carry data, let the last 2213 * archive entry decide ownership. 2214 */ 2215 if (r == 0 && a->filesize <= 0) { 2216 a->todo = 0; 2217 a->deferred = 0; 2218 } else if (r == 0 && a->filesize > 0) { 2219#ifdef HAVE_LSTAT 2220 r = lstat(a->name, &st); 2221#else 2222 r = la_stat(a->name, &st); 2223#endif 2224 if (r != 0) 2225 r = errno; 2226 else if ((st.st_mode & AE_IFMT) == AE_IFREG) { 2227 a->fd = open(a->name, O_WRONLY | O_TRUNC | 2228 O_BINARY | O_CLOEXEC | O_NOFOLLOW); 2229 __archive_ensure_cloexec_flag(a->fd); 2230 if (a->fd < 0) 2231 r = errno; 2232 } 2233 } 2234 return (r); 2235#endif 2236 } 2237 linkname = archive_entry_symlink(a->entry); 2238 if (linkname != NULL) { 2239#if HAVE_SYMLINK 2240 return symlink(linkname, a->name) ? errno : 0; 2241#else 2242 return (EPERM); 2243#endif 2244 } 2245 2246 /* 2247 * The remaining system calls all set permissions, so let's 2248 * try to take advantage of that to avoid an extra chmod() 2249 * call. (Recall that umask is set to zero right now!) 2250 */ 2251 2252 /* Mode we want for the final restored object (w/o file type bits). */ 2253 final_mode = a->mode & 07777; 2254 /* 2255 * The mode that will actually be restored in this step. Note 2256 * that SUID, SGID, etc, require additional work to ensure 2257 * security, so we never restore them at this point. 2258 */ 2259 mode = final_mode & 0777 & ~a->user_umask; 2260 2261 switch (a->mode & AE_IFMT) { 2262 default: 2263 /* POSIX requires that we fall through here. */ 2264 /* FALLTHROUGH */ 2265 case AE_IFREG: 2266 a->fd = open(a->name, 2267 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode); 2268 __archive_ensure_cloexec_flag(a->fd); 2269 r = (a->fd < 0); 2270 break; 2271 case AE_IFCHR: 2272#ifdef HAVE_MKNOD 2273 /* Note: we use AE_IFCHR for the case label, and 2274 * S_IFCHR for the mknod() call. This is correct. */ 2275 r = mknod(a->name, mode | S_IFCHR, 2276 archive_entry_rdev(a->entry)); 2277 break; 2278#else 2279 /* TODO: Find a better way to warn about our inability 2280 * to restore a char device node. */ 2281 return (EINVAL); 2282#endif /* HAVE_MKNOD */ 2283 case AE_IFBLK: 2284#ifdef HAVE_MKNOD 2285 r = mknod(a->name, mode | S_IFBLK, 2286 archive_entry_rdev(a->entry)); 2287 break; 2288#else 2289 /* TODO: Find a better way to warn about our inability 2290 * to restore a block device node. */ 2291 return (EINVAL); 2292#endif /* HAVE_MKNOD */ 2293 case AE_IFDIR: 2294 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE; 2295 r = mkdir(a->name, mode); 2296 if (r == 0) { 2297 /* Defer setting dir times. */ 2298 a->deferred |= (a->todo & TODO_TIMES); 2299 a->todo &= ~TODO_TIMES; 2300 /* Never use an immediate chmod(). */ 2301 /* We can't avoid the chmod() entirely if EXTRACT_PERM 2302 * because of SysV SGID inheritance. */ 2303 if ((mode != final_mode) 2304 || (a->flags & ARCHIVE_EXTRACT_PERM)) 2305 a->deferred |= (a->todo & TODO_MODE); 2306 a->todo &= ~TODO_MODE; 2307 } 2308 break; 2309 case AE_IFIFO: 2310#ifdef HAVE_MKFIFO 2311 r = mkfifo(a->name, mode); 2312 break; 2313#else 2314 /* TODO: Find a better way to warn about our inability 2315 * to restore a fifo. */ 2316 return (EINVAL); 2317#endif /* HAVE_MKFIFO */ 2318 } 2319 2320 /* All the system calls above set errno on failure. */ 2321 if (r) 2322 return (errno); 2323 2324 /* If we managed to set the final mode, we've avoided a chmod(). */ 2325 if (mode == final_mode) 2326 a->todo &= ~TODO_MODE; 2327 return (0); 2328} 2329 2330/* 2331 * Cleanup function for archive_extract. Mostly, this involves processing 2332 * the fixup list, which is used to address a number of problems: 2333 * * Dir permissions might prevent us from restoring a file in that 2334 * dir, so we restore the dir with minimum 0700 permissions first, 2335 * then correct the mode at the end. 2336 * * Similarly, the act of restoring a file touches the directory 2337 * and changes the timestamp on the dir, so we have to touch-up dir 2338 * timestamps at the end as well. 2339 * * Some file flags can interfere with the restore by, for example, 2340 * preventing the creation of hardlinks to those files. 2341 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs. 2342 * 2343 * Note that tar/cpio do not require that archives be in a particular 2344 * order; there is no way to know when the last file has been restored 2345 * within a directory, so there's no way to optimize the memory usage 2346 * here by fixing up the directory any earlier than the 2347 * end-of-archive. 2348 * 2349 * XXX TODO: Directory ACLs should be restored here, for the same 2350 * reason we set directory perms here. XXX 2351 */ 2352static int 2353_archive_write_disk_close(struct archive *_a) 2354{ 2355 struct archive_write_disk *a = (struct archive_write_disk *)_a; 2356 struct fixup_entry *next, *p; 2357 int fd, ret; 2358 2359 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 2360 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 2361 "archive_write_disk_close"); 2362 ret = _archive_write_disk_finish_entry(&a->archive); 2363 2364 /* Sort dir list so directories are fixed up in depth-first order. */ 2365 p = sort_dir_list(a->fixup_list); 2366 2367 while (p != NULL) { 2368 fd = -1; 2369 a->pst = NULL; /* Mark stat cache as out-of-date. */ 2370 if (p->fixup & 2371 (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) { 2372 fd = open(p->name, 2373 O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC); 2374 } 2375 if (p->fixup & TODO_TIMES) { 2376 set_times(a, fd, p->mode, p->name, 2377 p->atime, p->atime_nanos, 2378 p->birthtime, p->birthtime_nanos, 2379 p->mtime, p->mtime_nanos, 2380 p->ctime, p->ctime_nanos); 2381 } 2382 if (p->fixup & TODO_MODE_BASE) { 2383#ifdef HAVE_FCHMOD 2384 if (fd >= 0) 2385 fchmod(fd, p->mode); 2386 else 2387#endif 2388 chmod(p->name, p->mode); 2389 } 2390 if (p->fixup & TODO_ACLS) 2391 archive_write_disk_set_acls(&a->archive, fd, 2392 p->name, &p->acl, p->mode); 2393 if (p->fixup & TODO_FFLAGS) 2394 set_fflags_platform(a, fd, p->name, 2395 p->mode, p->fflags_set, 0); 2396 if (p->fixup & TODO_MAC_METADATA) 2397 set_mac_metadata(a, p->name, p->mac_metadata, 2398 p->mac_metadata_size); 2399 next = p->next; 2400 archive_acl_clear(&p->acl); 2401 free(p->mac_metadata); 2402 free(p->name); 2403 if (fd >= 0) 2404 close(fd); 2405 free(p); 2406 p = next; 2407 } 2408 a->fixup_list = NULL; 2409 return (ret); 2410} 2411 2412static int 2413_archive_write_disk_free(struct archive *_a) 2414{ 2415 struct archive_write_disk *a; 2416 int ret; 2417 if (_a == NULL) 2418 return (ARCHIVE_OK); 2419 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC, 2420 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free"); 2421 a = (struct archive_write_disk *)_a; 2422 ret = _archive_write_disk_close(&a->archive); 2423 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL); 2424 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL); 2425 archive_entry_free(a->entry); 2426 archive_string_free(&a->_name_data); 2427 archive_string_free(&a->archive.error_string); 2428 archive_string_free(&a->path_safe); 2429 a->archive.magic = 0; 2430 __archive_clean(&a->archive); 2431 free(a->decmpfs_header_p); 2432 free(a->resource_fork); 2433 free(a->compressed_buffer); 2434 free(a->uncompressed_buffer); 2435#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 2436 && defined(HAVE_ZLIB_H) 2437 if (a->stream_valid) { 2438 switch (deflateEnd(&a->stream)) { 2439 case Z_OK: 2440 break; 2441 default: 2442 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 2443 "Failed to clean up compressor"); 2444 ret = ARCHIVE_FATAL; 2445 break; 2446 } 2447 } 2448#endif 2449 free(a); 2450 return (ret); 2451} 2452 2453/* 2454 * Simple O(n log n) merge sort to order the fixup list. In 2455 * particular, we want to restore dir timestamps depth-first. 2456 */ 2457static struct fixup_entry * 2458sort_dir_list(struct fixup_entry *p) 2459{ 2460 struct fixup_entry *a, *b, *t; 2461 2462 if (p == NULL) 2463 return (NULL); 2464 /* A one-item list is already sorted. */ 2465 if (p->next == NULL) 2466 return (p); 2467 2468 /* Step 1: split the list. */ 2469 t = p; 2470 a = p->next->next; 2471 while (a != NULL) { 2472 /* Step a twice, t once. */ 2473 a = a->next; 2474 if (a != NULL) 2475 a = a->next; 2476 t = t->next; 2477 } 2478 /* Now, t is at the mid-point, so break the list here. */ 2479 b = t->next; 2480 t->next = NULL; 2481 a = p; 2482 2483 /* Step 2: Recursively sort the two sub-lists. */ 2484 a = sort_dir_list(a); 2485 b = sort_dir_list(b); 2486 2487 /* Step 3: Merge the returned lists. */ 2488 /* Pick the first element for the merged list. */ 2489 if (strcmp(a->name, b->name) > 0) { 2490 t = p = a; 2491 a = a->next; 2492 } else { 2493 t = p = b; 2494 b = b->next; 2495 } 2496 2497 /* Always put the later element on the list first. */ 2498 while (a != NULL && b != NULL) { 2499 if (strcmp(a->name, b->name) > 0) { 2500 t->next = a; 2501 a = a->next; 2502 } else { 2503 t->next = b; 2504 b = b->next; 2505 } 2506 t = t->next; 2507 } 2508 2509 /* Only one list is non-empty, so just splice it on. */ 2510 if (a != NULL) 2511 t->next = a; 2512 if (b != NULL) 2513 t->next = b; 2514 2515 return (p); 2516} 2517 2518/* 2519 * Returns a new, initialized fixup entry. 2520 * 2521 * TODO: Reduce the memory requirements for this list by using a tree 2522 * structure rather than a simple list of names. 2523 */ 2524static struct fixup_entry * 2525new_fixup(struct archive_write_disk *a, const char *pathname) 2526{ 2527 struct fixup_entry *fe; 2528 2529 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry)); 2530 if (fe == NULL) { 2531 archive_set_error(&a->archive, ENOMEM, 2532 "Can't allocate memory for a fixup"); 2533 return (NULL); 2534 } 2535 fe->next = a->fixup_list; 2536 a->fixup_list = fe; 2537 fe->fixup = 0; 2538 fe->name = strdup(pathname); 2539 return (fe); 2540} 2541 2542/* 2543 * Returns a fixup structure for the current entry. 2544 */ 2545static struct fixup_entry * 2546current_fixup(struct archive_write_disk *a, const char *pathname) 2547{ 2548 if (a->current_fixup == NULL) 2549 a->current_fixup = new_fixup(a, pathname); 2550 return (a->current_fixup); 2551} 2552 2553/* Error helper for new *_fsobj functions */ 2554static void 2555fsobj_error(int *a_eno, struct archive_string *a_estr, 2556 int err, const char *errstr, const char *path) 2557{ 2558 if (a_eno) 2559 *a_eno = err; 2560 if (a_estr) 2561 archive_string_sprintf(a_estr, "%s%s", errstr, path); 2562} 2563 2564/* 2565 * TODO: Someday, integrate this with the deep dir support; they both 2566 * scan the path and both can be optimized by comparing against other 2567 * recent paths. 2568 */ 2569/* 2570 * Checks the given path to see if any elements along it are symlinks. Returns 2571 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. 2572 */ 2573static int 2574check_symlinks_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 2575 int flags) 2576{ 2577#if !defined(HAVE_LSTAT) && \ 2578 !(defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)) 2579 /* Platform doesn't have lstat, so we can't look for symlinks. */ 2580 (void)path; /* UNUSED */ 2581 (void)error_number; /* UNUSED */ 2582 (void)error_string; /* UNUSED */ 2583 (void)flags; /* UNUSED */ 2584 return (ARCHIVE_OK); 2585#else 2586 int res = ARCHIVE_OK; 2587 char *tail; 2588 char *head; 2589 int last; 2590 char c; 2591 int r; 2592 struct stat st; 2593 int chdir_fd; 2594#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2595 int fd; 2596#endif 2597 2598 /* Nothing to do here if name is empty */ 2599 if(path[0] == '\0') 2600 return (ARCHIVE_OK); 2601 2602 /* 2603 * Guard against symlink tricks. Reject any archive entry whose 2604 * destination would be altered by a symlink. 2605 * 2606 * Walk the filename in chunks separated by '/'. For each segment: 2607 * - if it doesn't exist, continue 2608 * - if it's symlink, abort or remove it 2609 * - if it's a directory and it's not the last chunk, cd into it 2610 * As we go: 2611 * head points to the current (relative) path 2612 * tail points to the temporary \0 terminating the segment we're 2613 * currently examining 2614 * c holds what used to be in *tail 2615 * last is 1 if this is the last tail 2616 */ 2617 chdir_fd = la_opendirat(AT_FDCWD, "."); 2618 __archive_ensure_cloexec_flag(chdir_fd); 2619 if (chdir_fd < 0) { 2620 fsobj_error(a_eno, a_estr, errno, 2621 "Could not open ", path); 2622 return (ARCHIVE_FATAL); 2623 } 2624 head = path; 2625 tail = path; 2626 last = 0; 2627 /* TODO: reintroduce a safe cache here? */ 2628 /* Skip the root directory if the path is absolute. */ 2629 if(tail == path && tail[0] == '/') 2630 ++tail; 2631 /* Keep going until we've checked the entire name. 2632 * head, tail, path all alias the same string, which is 2633 * temporarily zeroed at tail, so be careful restoring the 2634 * stashed (c=tail[0]) for error messages. 2635 * Exiting the loop with break is okay; continue is not. 2636 */ 2637 while (!last) { 2638 /* 2639 * Skip the separator we just consumed, plus any adjacent ones 2640 */ 2641 while (*tail == '/') 2642 ++tail; 2643 /* Skip the next path element. */ 2644 while (*tail != '\0' && *tail != '/') 2645 ++tail; 2646 /* is this the last path component? */ 2647 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); 2648 /* temporarily truncate the string here */ 2649 c = tail[0]; 2650 tail[0] = '\0'; 2651 /* Check that we haven't hit a symlink. */ 2652#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2653 r = fstatat(chdir_fd, head, &st, AT_SYMLINK_NOFOLLOW); 2654#else 2655 r = lstat(head, &st); 2656#endif 2657 if (r != 0) { 2658 tail[0] = c; 2659 /* We've hit a dir that doesn't exist; stop now. */ 2660 if (errno == ENOENT) { 2661 break; 2662 } else { 2663 /* 2664 * Treat any other error as fatal - best to be 2665 * paranoid here. 2666 * Note: This effectively disables deep 2667 * directory support when security checks are 2668 * enabled. Otherwise, very long pathnames that 2669 * trigger an error here could evade the 2670 * sandbox. 2671 * TODO: We could do better, but it would 2672 * probably require merging the symlink checks 2673 * with the deep-directory editing. 2674 */ 2675 fsobj_error(a_eno, a_estr, errno, 2676 "Could not stat ", path); 2677 res = ARCHIVE_FAILED; 2678 break; 2679 } 2680 } else if (S_ISDIR(st.st_mode)) { 2681 if (!last) { 2682#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2683 fd = la_opendirat(chdir_fd, head); 2684 if (fd < 0) 2685 r = -1; 2686 else { 2687 r = 0; 2688 close(chdir_fd); 2689 chdir_fd = fd; 2690 } 2691#else 2692 r = chdir(head); 2693#endif 2694 if (r != 0) { 2695 tail[0] = c; 2696 fsobj_error(a_eno, a_estr, errno, 2697 "Could not chdir ", path); 2698 res = (ARCHIVE_FATAL); 2699 break; 2700 } 2701 /* Our view is now from inside this dir: */ 2702 head = tail + 1; 2703 } 2704 } else if (S_ISLNK(st.st_mode)) { 2705 if (last) { 2706 /* 2707 * Last element is symlink; remove it 2708 * so we can overwrite it with the 2709 * item being extracted. 2710 */ 2711#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2712 r = unlinkat(chdir_fd, head, 0); 2713#else 2714 r = unlink(head); 2715#endif 2716 if (r != 0) { 2717 tail[0] = c; 2718 fsobj_error(a_eno, a_estr, errno, 2719 "Could not remove symlink ", 2720 path); 2721 res = ARCHIVE_FAILED; 2722 break; 2723 } 2724 /* 2725 * Even if we did remove it, a warning 2726 * is in order. The warning is silly, 2727 * though, if we're just replacing one 2728 * symlink with another symlink. 2729 */ 2730 tail[0] = c; 2731 /* 2732 * FIXME: not sure how important this is to 2733 * restore 2734 */ 2735 /* 2736 if (!S_ISLNK(path)) { 2737 fsobj_error(a_eno, a_estr, 0, 2738 "Removing symlink ", path); 2739 } 2740 */ 2741 /* Symlink gone. No more problem! */ 2742 res = ARCHIVE_OK; 2743 break; 2744 } else if (flags & ARCHIVE_EXTRACT_UNLINK) { 2745 /* User asked us to remove problems. */ 2746#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2747 r = unlinkat(chdir_fd, head, 0); 2748#else 2749 r = unlink(head); 2750#endif 2751 if (r != 0) { 2752 tail[0] = c; 2753 fsobj_error(a_eno, a_estr, 0, 2754 "Cannot remove intervening " 2755 "symlink ", path); 2756 res = ARCHIVE_FAILED; 2757 break; 2758 } 2759 tail[0] = c; 2760 } else if ((flags & 2761 ARCHIVE_EXTRACT_SECURE_SYMLINKS) == 0) { 2762 /* 2763 * We are not the last element and we want to 2764 * follow symlinks if they are a directory. 2765 * 2766 * This is needed to extract hardlinks over 2767 * symlinks. 2768 */ 2769#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2770 r = fstatat(chdir_fd, head, &st, 0); 2771#else 2772 r = la_stat(head, &st); 2773#endif 2774 if (r != 0) { 2775 tail[0] = c; 2776 if (errno == ENOENT) { 2777 break; 2778 } else { 2779 fsobj_error(a_eno, a_estr, 2780 errno, 2781 "Could not stat ", path); 2782 res = (ARCHIVE_FAILED); 2783 break; 2784 } 2785 } else if (S_ISDIR(st.st_mode)) { 2786#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2787 fd = la_opendirat(chdir_fd, head); 2788 if (fd < 0) 2789 r = -1; 2790 else { 2791 r = 0; 2792 close(chdir_fd); 2793 chdir_fd = fd; 2794 } 2795#else 2796 r = chdir(head); 2797#endif 2798 if (r != 0) { 2799 tail[0] = c; 2800 fsobj_error(a_eno, a_estr, 2801 errno, 2802 "Could not chdir ", path); 2803 res = (ARCHIVE_FATAL); 2804 break; 2805 } 2806 /* 2807 * Our view is now from inside 2808 * this dir: 2809 */ 2810 head = tail + 1; 2811 } else { 2812 tail[0] = c; 2813 fsobj_error(a_eno, a_estr, 0, 2814 "Cannot extract through " 2815 "symlink ", path); 2816 res = ARCHIVE_FAILED; 2817 break; 2818 } 2819 } else { 2820 tail[0] = c; 2821 fsobj_error(a_eno, a_estr, 0, 2822 "Cannot extract through symlink ", path); 2823 res = ARCHIVE_FAILED; 2824 break; 2825 } 2826 } 2827 /* be sure to always maintain this */ 2828 tail[0] = c; 2829 if (tail[0] != '\0') 2830 tail++; /* Advance to the next segment. */ 2831 } 2832 /* Catches loop exits via break */ 2833 tail[0] = c; 2834#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2835 /* If we operate with openat(), fstatat() and unlinkat() there was 2836 * no chdir(), so just close the fd */ 2837 if (chdir_fd >= 0) 2838 close(chdir_fd); 2839#elif HAVE_FCHDIR 2840 /* If we changed directory above, restore it here. */ 2841 if (chdir_fd >= 0) { 2842 r = fchdir(chdir_fd); 2843 if (r != 0) { 2844 fsobj_error(a_eno, a_estr, errno, 2845 "chdir() failure", ""); 2846 } 2847 close(chdir_fd); 2848 chdir_fd = -1; 2849 if (r != 0) { 2850 res = (ARCHIVE_FATAL); 2851 } 2852 } 2853#endif 2854 /* TODO: reintroduce a safe cache here? */ 2855 return res; 2856#endif 2857} 2858 2859/* 2860 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise 2861 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} 2862 */ 2863static int 2864check_symlinks(struct archive_write_disk *a) 2865{ 2866 struct archive_string error_string; 2867 int error_number; 2868 int rc; 2869 archive_string_init(&error_string); 2870 rc = check_symlinks_fsobj(a->name, &error_number, &error_string, 2871 a->flags); 2872 if (rc != ARCHIVE_OK) { 2873 archive_set_error(&a->archive, error_number, "%s", 2874 error_string.s); 2875 } 2876 archive_string_free(&error_string); 2877 a->pst = NULL; /* to be safe */ 2878 return rc; 2879} 2880 2881 2882#if defined(__CYGWIN__) 2883/* 2884 * 1. Convert a path separator from '\' to '/' . 2885 * We shouldn't check multibyte character directly because some 2886 * character-set have been using the '\' character for a part of 2887 * its multibyte character code. 2888 * 2. Replace unusable characters in Windows with underscore('_'). 2889 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx 2890 */ 2891static void 2892cleanup_pathname_win(char *path) 2893{ 2894 wchar_t wc; 2895 char *p; 2896 size_t alen, l; 2897 int mb, complete, utf8; 2898 2899 alen = 0; 2900 mb = 0; 2901 complete = 1; 2902 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0; 2903 for (p = path; *p != '\0'; p++) { 2904 ++alen; 2905 if (*p == '\\') { 2906 /* If previous byte is smaller than 128, 2907 * this is not second byte of multibyte characters, 2908 * so we can replace '\' with '/'. */ 2909 if (utf8 || !mb) 2910 *p = '/'; 2911 else 2912 complete = 0;/* uncompleted. */ 2913 } else if (*(unsigned char *)p > 127) 2914 mb = 1; 2915 else 2916 mb = 0; 2917 /* Rewrite the path name if its next character is unusable. */ 2918 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' || 2919 *p == '<' || *p == '>' || *p == '|') 2920 *p = '_'; 2921 } 2922 if (complete) 2923 return; 2924 2925 /* 2926 * Convert path separator in wide-character. 2927 */ 2928 p = path; 2929 while (*p != '\0' && alen) { 2930 l = mbtowc(&wc, p, alen); 2931 if (l == (size_t)-1) { 2932 while (*p != '\0') { 2933 if (*p == '\\') 2934 *p = '/'; 2935 ++p; 2936 } 2937 break; 2938 } 2939 if (l == 1 && wc == L'\\') 2940 *p = '/'; 2941 p += l; 2942 alen -= l; 2943 } 2944} 2945#endif 2946 2947/* 2948 * Canonicalize the pathname. In particular, this strips duplicate 2949 * '/' characters, '.' elements, and trailing '/'. It also raises an 2950 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is 2951 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS 2952 * is set) if the path is absolute. 2953 */ 2954static int 2955cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 2956 int flags) 2957{ 2958 char *dest, *src; 2959 char separator = '\0'; 2960 2961 dest = src = path; 2962 if (*src == '\0') { 2963 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 2964 "Invalid empty ", "pathname"); 2965 return (ARCHIVE_FAILED); 2966 } 2967 2968#if defined(__CYGWIN__) 2969 cleanup_pathname_win(path); 2970#endif 2971 /* Skip leading '/'. */ 2972 if (*src == '/') { 2973 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { 2974 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 2975 "Path is ", "absolute"); 2976 return (ARCHIVE_FAILED); 2977 } 2978 2979 separator = *src++; 2980 } 2981 2982 /* Scan the pathname one element at a time. */ 2983 for (;;) { 2984 /* src points to first char after '/' */ 2985 if (src[0] == '\0') { 2986 break; 2987 } else if (src[0] == '/') { 2988 /* Found '//', ignore second one. */ 2989 src++; 2990 continue; 2991 } else if (src[0] == '.') { 2992 if (src[1] == '\0') { 2993 /* Ignore trailing '.' */ 2994 break; 2995 } else if (src[1] == '/') { 2996 /* Skip './'. */ 2997 src += 2; 2998 continue; 2999 } else if (src[1] == '.') { 3000 if (src[2] == '/' || src[2] == '\0') { 3001 /* Conditionally warn about '..' */ 3002 if (flags 3003 & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { 3004 fsobj_error(a_eno, a_estr, 3005 ARCHIVE_ERRNO_MISC, 3006 "Path contains ", "'..'"); 3007 return (ARCHIVE_FAILED); 3008 } 3009 } 3010 /* 3011 * Note: Under no circumstances do we 3012 * remove '..' elements. In 3013 * particular, restoring 3014 * '/foo/../bar/' should create the 3015 * 'foo' dir as a side-effect. 3016 */ 3017 } 3018 } 3019 3020 /* Copy current element, including leading '/'. */ 3021 if (separator) 3022 *dest++ = '/'; 3023 while (*src != '\0' && *src != '/') { 3024 *dest++ = *src++; 3025 } 3026 3027 if (*src == '\0') 3028 break; 3029 3030 /* Skip '/' separator. */ 3031 separator = *src++; 3032 } 3033 /* 3034 * We've just copied zero or more path elements, not including the 3035 * final '/'. 3036 */ 3037 if (dest == path) { 3038 /* 3039 * Nothing got copied. The path must have been something 3040 * like '.' or '/' or './' or '/././././/./'. 3041 */ 3042 if (separator) 3043 *dest++ = '/'; 3044 else 3045 *dest++ = '.'; 3046 } 3047 /* Terminate the result. */ 3048 *dest = '\0'; 3049 return (ARCHIVE_OK); 3050} 3051 3052static int 3053cleanup_pathname(struct archive_write_disk *a) 3054{ 3055 struct archive_string error_string; 3056 int error_number; 3057 int rc; 3058 archive_string_init(&error_string); 3059 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, 3060 a->flags); 3061 if (rc != ARCHIVE_OK) { 3062 archive_set_error(&a->archive, error_number, "%s", 3063 error_string.s); 3064 } 3065 archive_string_free(&error_string); 3066 return rc; 3067} 3068 3069/* 3070 * Create the parent directory of the specified path, assuming path 3071 * is already in mutable storage. 3072 */ 3073static int 3074create_parent_dir(struct archive_write_disk *a, char *path) 3075{ 3076 char *slash; 3077 int r; 3078 3079 /* Remove tail element to obtain parent name. */ 3080 slash = strrchr(path, '/'); 3081 if (slash == NULL) 3082 return (ARCHIVE_OK); 3083 *slash = '\0'; 3084 r = create_dir(a, path); 3085 *slash = '/'; 3086 return (r); 3087} 3088 3089/* 3090 * Create the specified dir, recursing to create parents as necessary. 3091 * 3092 * Returns ARCHIVE_OK if the path exists when we're done here. 3093 * Otherwise, returns ARCHIVE_FAILED. 3094 * Assumes path is in mutable storage; path is unchanged on exit. 3095 */ 3096static int 3097create_dir(struct archive_write_disk *a, char *path) 3098{ 3099 struct stat st; 3100 struct fixup_entry *le; 3101 char *slash, *base; 3102 mode_t mode_final, mode; 3103 int r; 3104 3105 /* Check for special names and just skip them. */ 3106 slash = strrchr(path, '/'); 3107 if (slash == NULL) 3108 base = path; 3109 else 3110 base = slash + 1; 3111 3112 if (base[0] == '\0' || 3113 (base[0] == '.' && base[1] == '\0') || 3114 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) { 3115 /* Don't bother trying to create null path, '.', or '..'. */ 3116 if (slash != NULL) { 3117 *slash = '\0'; 3118 r = create_dir(a, path); 3119 *slash = '/'; 3120 return (r); 3121 } 3122 return (ARCHIVE_OK); 3123 } 3124 3125 /* 3126 * Yes, this should be stat() and not lstat(). Using lstat() 3127 * here loses the ability to extract through symlinks. Also note 3128 * that this should not use the a->st cache. 3129 */ 3130 if (la_stat(path, &st) == 0) { 3131 if (S_ISDIR(st.st_mode)) 3132 return (ARCHIVE_OK); 3133 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 3134 archive_set_error(&a->archive, EEXIST, 3135 "Can't create directory '%s'", path); 3136 return (ARCHIVE_FAILED); 3137 } 3138 if (unlink(path) != 0) { 3139 archive_set_error(&a->archive, errno, 3140 "Can't create directory '%s': " 3141 "Conflicting file cannot be removed", 3142 path); 3143 return (ARCHIVE_FAILED); 3144 } 3145 } else if (errno != ENOENT && errno != ENOTDIR) { 3146 /* Stat failed? */ 3147 archive_set_error(&a->archive, errno, 3148 "Can't test directory '%s'", path); 3149 return (ARCHIVE_FAILED); 3150 } else if (slash != NULL) { 3151 *slash = '\0'; 3152 r = create_dir(a, path); 3153 *slash = '/'; 3154 if (r != ARCHIVE_OK) 3155 return (r); 3156 } 3157 3158 /* 3159 * Mode we want for the final restored directory. Per POSIX, 3160 * implicitly-created dirs must be created obeying the umask. 3161 * There's no mention whether this is different for privileged 3162 * restores (which the rest of this code handles by pretending 3163 * umask=0). I've chosen here to always obey the user's umask for 3164 * implicit dirs, even if _EXTRACT_PERM was specified. 3165 */ 3166 mode_final = DEFAULT_DIR_MODE & ~a->user_umask; 3167 /* Mode we want on disk during the restore process. */ 3168 mode = mode_final; 3169 mode |= MINIMUM_DIR_MODE; 3170 mode &= MAXIMUM_DIR_MODE; 3171 if (mkdir(path, mode) == 0) { 3172 if (mode != mode_final) { 3173 le = new_fixup(a, path); 3174 if (le == NULL) 3175 return (ARCHIVE_FATAL); 3176 le->fixup |=TODO_MODE_BASE; 3177 le->mode = mode_final; 3178 } 3179 return (ARCHIVE_OK); 3180 } 3181 3182 /* 3183 * Without the following check, a/b/../b/c/d fails at the 3184 * second visit to 'b', so 'd' can't be created. Note that we 3185 * don't add it to the fixup list here, as it's already been 3186 * added. 3187 */ 3188 if (la_stat(path, &st) == 0 && S_ISDIR(st.st_mode)) 3189 return (ARCHIVE_OK); 3190 3191 archive_set_error(&a->archive, errno, "Failed to create dir '%s'", 3192 path); 3193 return (ARCHIVE_FAILED); 3194} 3195 3196/* 3197 * Note: Although we can skip setting the user id if the desired user 3198 * id matches the current user, we cannot skip setting the group, as 3199 * many systems set the gid based on the containing directory. So 3200 * we have to perform a chown syscall if we want to set the SGID 3201 * bit. (The alternative is to stat() and then possibly chown(); it's 3202 * more efficient to skip the stat() and just always chown().) Note 3203 * that a successful chown() here clears the TODO_SGID_CHECK bit, which 3204 * allows set_mode to skip the stat() check for the GID. 3205 */ 3206static int 3207set_ownership(struct archive_write_disk *a) 3208{ 3209#if !defined(__CYGWIN__) && !defined(__linux__) 3210/* 3211 * On Linux, a process may have the CAP_CHOWN capability. 3212 * On Windows there is no 'root' user with uid 0. 3213 * Elsewhere we can skip calling chown if we are not root and the desired 3214 * user id does not match the current user. 3215 */ 3216 if (a->user_uid != 0 && a->user_uid != a->uid) { 3217 archive_set_error(&a->archive, errno, 3218 "Can't set UID=%jd", (intmax_t)a->uid); 3219 return (ARCHIVE_WARN); 3220 } 3221#endif 3222 3223#ifdef HAVE_FCHOWN 3224 /* If we have an fd, we can avoid a race. */ 3225 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) { 3226 /* We've set owner and know uid/gid are correct. */ 3227 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3228 return (ARCHIVE_OK); 3229 } 3230#endif 3231 3232 /* We prefer lchown() but will use chown() if that's all we have. */ 3233 /* Of course, if we have neither, this will always fail. */ 3234#ifdef HAVE_LCHOWN 3235 if (lchown(a->name, a->uid, a->gid) == 0) { 3236 /* We've set owner and know uid/gid are correct. */ 3237 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3238 return (ARCHIVE_OK); 3239 } 3240#elif HAVE_CHOWN 3241 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) { 3242 /* We've set owner and know uid/gid are correct. */ 3243 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3244 return (ARCHIVE_OK); 3245 } 3246#endif 3247 3248 archive_set_error(&a->archive, errno, 3249 "Can't set user=%jd/group=%jd for %s", 3250 (intmax_t)a->uid, (intmax_t)a->gid, a->name); 3251 return (ARCHIVE_WARN); 3252} 3253 3254/* 3255 * Note: Returns 0 on success, non-zero on failure. 3256 */ 3257static int 3258set_time(int fd, int mode, const char *name, 3259 time_t atime, long atime_nsec, 3260 time_t mtime, long mtime_nsec) 3261{ 3262 /* Select the best implementation for this platform. */ 3263#if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS) 3264 /* 3265 * utimensat() and futimens() are defined in 3266 * POSIX.1-2008. They support ns resolution and setting times 3267 * on fds and symlinks. 3268 */ 3269 struct timespec ts[2]; 3270 (void)mode; /* UNUSED */ 3271 ts[0].tv_sec = atime; 3272 ts[0].tv_nsec = atime_nsec; 3273 ts[1].tv_sec = mtime; 3274 ts[1].tv_nsec = mtime_nsec; 3275 if (fd >= 0) 3276 return futimens(fd, ts); 3277 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW); 3278 3279#elif HAVE_UTIMES 3280 /* 3281 * The utimes()-family functions support ��s-resolution and 3282 * setting times fds and symlinks. utimes() is documented as 3283 * LEGACY by POSIX, futimes() and lutimes() are not described 3284 * in POSIX. 3285 */ 3286 struct timeval times[2]; 3287 3288 times[0].tv_sec = atime; 3289 times[0].tv_usec = atime_nsec / 1000; 3290 times[1].tv_sec = mtime; 3291 times[1].tv_usec = mtime_nsec / 1000; 3292 3293#ifdef HAVE_FUTIMES 3294 if (fd >= 0) 3295 return (futimes(fd, times)); 3296#else 3297 (void)fd; /* UNUSED */ 3298#endif 3299#ifdef HAVE_LUTIMES 3300 (void)mode; /* UNUSED */ 3301 return (lutimes(name, times)); 3302#else 3303 if (S_ISLNK(mode)) 3304 return (0); 3305 return (utimes(name, times)); 3306#endif 3307 3308#elif defined(HAVE_UTIME) 3309 /* 3310 * utime() is POSIX-standard but only supports 1s resolution and 3311 * does not support fds or symlinks. 3312 */ 3313 struct utimbuf times; 3314 (void)fd; /* UNUSED */ 3315 (void)name; /* UNUSED */ 3316 (void)atime_nsec; /* UNUSED */ 3317 (void)mtime_nsec; /* UNUSED */ 3318 times.actime = atime; 3319 times.modtime = mtime; 3320 if (S_ISLNK(mode)) 3321 return (ARCHIVE_OK); 3322 return (utime(name, ×)); 3323 3324#else 3325 /* 3326 * We don't know how to set the time on this platform. 3327 */ 3328 (void)fd; /* UNUSED */ 3329 (void)mode; /* UNUSED */ 3330 (void)name; /* UNUSED */ 3331 (void)atime_nsec; /* UNUSED */ 3332 (void)mtime_nsec; /* UNUSED */ 3333 return (ARCHIVE_WARN); 3334#endif 3335} 3336 3337#ifdef F_SETTIMES 3338static int 3339set_time_tru64(int fd, int mode, const char *name, 3340 time_t atime, long atime_nsec, 3341 time_t mtime, long mtime_nsec, 3342 time_t ctime, long ctime_nsec) 3343{ 3344 struct attr_timbuf tstamp; 3345 tstamp.atime.tv_sec = atime; 3346 tstamp.mtime.tv_sec = mtime; 3347 tstamp.ctime.tv_sec = ctime; 3348#if defined (__hpux) && defined (__ia64) 3349 tstamp.atime.tv_nsec = atime_nsec; 3350 tstamp.mtime.tv_nsec = mtime_nsec; 3351 tstamp.ctime.tv_nsec = ctime_nsec; 3352#else 3353 tstamp.atime.tv_usec = atime_nsec / 1000; 3354 tstamp.mtime.tv_usec = mtime_nsec / 1000; 3355 tstamp.ctime.tv_usec = ctime_nsec / 1000; 3356#endif 3357 return (fcntl(fd,F_SETTIMES,&tstamp)); 3358} 3359#endif /* F_SETTIMES */ 3360 3361static int 3362set_times(struct archive_write_disk *a, 3363 int fd, int mode, const char *name, 3364 time_t atime, long atime_nanos, 3365 time_t birthtime, long birthtime_nanos, 3366 time_t mtime, long mtime_nanos, 3367 time_t cctime, long ctime_nanos) 3368{ 3369 /* Note: set_time doesn't use libarchive return conventions! 3370 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */ 3371 int r1 = 0, r2 = 0; 3372 3373#ifdef F_SETTIMES 3374 /* 3375 * on Tru64 try own fcntl first which can restore even the 3376 * ctime, fall back to default code path below if it fails 3377 * or if we are not running as root 3378 */ 3379 if (a->user_uid == 0 && 3380 set_time_tru64(fd, mode, name, 3381 atime, atime_nanos, mtime, 3382 mtime_nanos, cctime, ctime_nanos) == 0) { 3383 return (ARCHIVE_OK); 3384 } 3385#else /* Tru64 */ 3386 (void)cctime; /* UNUSED */ 3387 (void)ctime_nanos; /* UNUSED */ 3388#endif /* Tru64 */ 3389 3390#ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME 3391 /* 3392 * If you have struct stat.st_birthtime, we assume BSD 3393 * birthtime semantics, in which {f,l,}utimes() updates 3394 * birthtime to earliest mtime. So we set the time twice, 3395 * first using the birthtime, then using the mtime. If 3396 * birthtime == mtime, this isn't necessary, so we skip it. 3397 * If birthtime > mtime, then this won't work, so we skip it. 3398 */ 3399 if (birthtime < mtime 3400 || (birthtime == mtime && birthtime_nanos < mtime_nanos)) 3401 r1 = set_time(fd, mode, name, 3402 atime, atime_nanos, 3403 birthtime, birthtime_nanos); 3404#else 3405 (void)birthtime; /* UNUSED */ 3406 (void)birthtime_nanos; /* UNUSED */ 3407#endif 3408 r2 = set_time(fd, mode, name, 3409 atime, atime_nanos, 3410 mtime, mtime_nanos); 3411 if (r1 != 0 || r2 != 0) { 3412 archive_set_error(&a->archive, errno, 3413 "Can't restore time"); 3414 return (ARCHIVE_WARN); 3415 } 3416 return (ARCHIVE_OK); 3417} 3418 3419static int 3420set_times_from_entry(struct archive_write_disk *a) 3421{ 3422 time_t atime, birthtime, mtime, cctime; 3423 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec; 3424 3425 /* Suitable defaults. */ 3426 atime = birthtime = mtime = cctime = a->start_time; 3427 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0; 3428 3429 /* If no time was provided, we're done. */ 3430 if (!archive_entry_atime_is_set(a->entry) 3431#if HAVE_STRUCT_STAT_ST_BIRTHTIME 3432 && !archive_entry_birthtime_is_set(a->entry) 3433#endif 3434 && !archive_entry_mtime_is_set(a->entry)) 3435 return (ARCHIVE_OK); 3436 3437 if (archive_entry_atime_is_set(a->entry)) { 3438 atime = archive_entry_atime(a->entry); 3439 atime_nsec = archive_entry_atime_nsec(a->entry); 3440 } 3441 if (archive_entry_birthtime_is_set(a->entry)) { 3442 birthtime = archive_entry_birthtime(a->entry); 3443 birthtime_nsec = archive_entry_birthtime_nsec(a->entry); 3444 } 3445 if (archive_entry_mtime_is_set(a->entry)) { 3446 mtime = archive_entry_mtime(a->entry); 3447 mtime_nsec = archive_entry_mtime_nsec(a->entry); 3448 } 3449 if (archive_entry_ctime_is_set(a->entry)) { 3450 cctime = archive_entry_ctime(a->entry); 3451 ctime_nsec = archive_entry_ctime_nsec(a->entry); 3452 } 3453 3454 return set_times(a, a->fd, a->mode, a->name, 3455 atime, atime_nsec, 3456 birthtime, birthtime_nsec, 3457 mtime, mtime_nsec, 3458 cctime, ctime_nsec); 3459} 3460 3461static int 3462set_mode(struct archive_write_disk *a, int mode) 3463{ 3464 int r = ARCHIVE_OK; 3465 int r2; 3466 mode &= 07777; /* Strip off file type bits. */ 3467 3468 if (a->todo & TODO_SGID_CHECK) { 3469 /* 3470 * If we don't know the GID is right, we must stat() 3471 * to verify it. We can't just check the GID of this 3472 * process, since systems sometimes set GID from 3473 * the enclosing dir or based on ACLs. 3474 */ 3475 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3476 return (r); 3477 if (a->pst->st_gid != a->gid) { 3478 mode &= ~ S_ISGID; 3479 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3480 /* 3481 * This is only an error if you 3482 * requested owner restore. If you 3483 * didn't, we'll try to restore 3484 * sgid/suid, but won't consider it a 3485 * problem if we can't. 3486 */ 3487 archive_set_error(&a->archive, -1, 3488 "Can't restore SGID bit"); 3489 r = ARCHIVE_WARN; 3490 } 3491 } 3492 /* While we're here, double-check the UID. */ 3493 if (a->pst->st_uid != a->uid 3494 && (a->todo & TODO_SUID)) { 3495 mode &= ~ S_ISUID; 3496 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3497 archive_set_error(&a->archive, -1, 3498 "Can't restore SUID bit"); 3499 r = ARCHIVE_WARN; 3500 } 3501 } 3502 a->todo &= ~TODO_SGID_CHECK; 3503 a->todo &= ~TODO_SUID_CHECK; 3504 } else if (a->todo & TODO_SUID_CHECK) { 3505 /* 3506 * If we don't know the UID is right, we can just check 3507 * the user, since all systems set the file UID from 3508 * the process UID. 3509 */ 3510 if (a->user_uid != a->uid) { 3511 mode &= ~ S_ISUID; 3512 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3513 archive_set_error(&a->archive, -1, 3514 "Can't make file SUID"); 3515 r = ARCHIVE_WARN; 3516 } 3517 } 3518 a->todo &= ~TODO_SUID_CHECK; 3519 } 3520 3521 if (S_ISLNK(a->mode)) { 3522#ifdef HAVE_LCHMOD 3523 /* 3524 * If this is a symlink, use lchmod(). If the 3525 * platform doesn't support lchmod(), just skip it. A 3526 * platform that doesn't provide a way to set 3527 * permissions on symlinks probably ignores 3528 * permissions on symlinks, so a failure here has no 3529 * impact. 3530 */ 3531 if (lchmod(a->name, mode) != 0) { 3532 switch (errno) { 3533 case ENOTSUP: 3534 case ENOSYS: 3535#if ENOTSUP != EOPNOTSUPP 3536 case EOPNOTSUPP: 3537#endif 3538 /* 3539 * if lchmod is defined but the platform 3540 * doesn't support it, silently ignore 3541 * error 3542 */ 3543 break; 3544 default: 3545 archive_set_error(&a->archive, errno, 3546 "Can't set permissions to 0%o", (int)mode); 3547 r = ARCHIVE_WARN; 3548 } 3549 } 3550#endif 3551 } else if (!S_ISDIR(a->mode)) { 3552 /* 3553 * If it's not a symlink and not a dir, then use 3554 * fchmod() or chmod(), depending on whether we have 3555 * an fd. Dirs get their perms set during the 3556 * post-extract fixup, which is handled elsewhere. 3557 */ 3558#ifdef HAVE_FCHMOD 3559 if (a->fd >= 0) 3560 r2 = fchmod(a->fd, mode); 3561 else 3562#endif 3563 /* If this platform lacks fchmod(), then 3564 * we'll just use chmod(). */ 3565 r2 = chmod(a->name, mode); 3566 3567 if (r2 != 0) { 3568 archive_set_error(&a->archive, errno, 3569 "Can't set permissions to 0%o", (int)mode); 3570 r = ARCHIVE_WARN; 3571 } 3572 } 3573 return (r); 3574} 3575 3576static int 3577set_fflags(struct archive_write_disk *a) 3578{ 3579 struct fixup_entry *le; 3580 unsigned long set, clear; 3581 int r; 3582 mode_t mode = archive_entry_mode(a->entry); 3583 /* 3584 * Make 'critical_flags' hold all file flags that can't be 3585 * immediately restored. For example, on BSD systems, 3586 * SF_IMMUTABLE prevents hardlinks from being created, so 3587 * should not be set until after any hardlinks are created. To 3588 * preserve some semblance of portability, this uses #ifdef 3589 * extensively. Ugly, but it works. 3590 * 3591 * Yes, Virginia, this does create a security race. It's mitigated 3592 * somewhat by the practice of creating dirs 0700 until the extract 3593 * is done, but it would be nice if we could do more than that. 3594 * People restoring critical file systems should be wary of 3595 * other programs that might try to muck with files as they're 3596 * being restored. 3597 */ 3598 const int critical_flags = 0 3599#ifdef SF_IMMUTABLE 3600 | SF_IMMUTABLE 3601#endif 3602#ifdef UF_IMMUTABLE 3603 | UF_IMMUTABLE 3604#endif 3605#ifdef SF_APPEND 3606 | SF_APPEND 3607#endif 3608#ifdef UF_APPEND 3609 | UF_APPEND 3610#endif 3611#if defined(FS_APPEND_FL) 3612 | FS_APPEND_FL 3613#elif defined(EXT2_APPEND_FL) 3614 | EXT2_APPEND_FL 3615#endif 3616#if defined(FS_IMMUTABLE_FL) 3617 | FS_IMMUTABLE_FL 3618#elif defined(EXT2_IMMUTABLE_FL) 3619 | EXT2_IMMUTABLE_FL 3620#endif 3621#ifdef FS_JOURNAL_DATA_FL 3622 | FS_JOURNAL_DATA_FL 3623#endif 3624 ; 3625 3626 if (a->todo & TODO_FFLAGS) { 3627 archive_entry_fflags(a->entry, &set, &clear); 3628 3629 /* 3630 * The first test encourages the compiler to eliminate 3631 * all of this if it's not necessary. 3632 */ 3633 if ((critical_flags != 0) && (set & critical_flags)) { 3634 le = current_fixup(a, a->name); 3635 if (le == NULL) 3636 return (ARCHIVE_FATAL); 3637 le->fixup |= TODO_FFLAGS; 3638 le->fflags_set = set; 3639 /* Store the mode if it's not already there. */ 3640 if ((le->fixup & TODO_MODE) == 0) 3641 le->mode = mode; 3642 } else { 3643 r = set_fflags_platform(a, a->fd, 3644 a->name, mode, set, clear); 3645 if (r != ARCHIVE_OK) 3646 return (r); 3647 } 3648 } 3649 return (ARCHIVE_OK); 3650} 3651 3652static int 3653clear_nochange_fflags(struct archive_write_disk *a) 3654{ 3655 mode_t mode = archive_entry_mode(a->entry); 3656 const int nochange_flags = 0 3657#ifdef SF_IMMUTABLE 3658 | SF_IMMUTABLE 3659#endif 3660#ifdef UF_IMMUTABLE 3661 | UF_IMMUTABLE 3662#endif 3663#ifdef SF_APPEND 3664 | SF_APPEND 3665#endif 3666#ifdef UF_APPEND 3667 | UF_APPEND 3668#endif 3669#ifdef EXT2_APPEND_FL 3670 | EXT2_APPEND_FL 3671#endif 3672#ifdef EXT2_IMMUTABLE_FL 3673 | EXT2_IMMUTABLE_FL 3674#endif 3675 ; 3676 3677 return (set_fflags_platform(a, a->fd, a->name, mode, 0, 3678 nochange_flags)); 3679} 3680 3681 3682#if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS) 3683/* 3684 * BSD reads flags using stat() and sets them with one of {f,l,}chflags() 3685 */ 3686static int 3687set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3688 mode_t mode, unsigned long set, unsigned long clear) 3689{ 3690 int r; 3691 const int sf_mask = 0 3692#ifdef SF_APPEND 3693 | SF_APPEND 3694#endif 3695#ifdef SF_ARCHIVED 3696 | SF_ARCHIVED 3697#endif 3698#ifdef SF_IMMUTABLE 3699 | SF_IMMUTABLE 3700#endif 3701#ifdef SF_NOUNLINK 3702 | SF_NOUNLINK 3703#endif 3704 ; 3705 (void)mode; /* UNUSED */ 3706 3707 if (set == 0 && clear == 0) 3708 return (ARCHIVE_OK); 3709 3710 /* 3711 * XXX Is the stat here really necessary? Or can I just use 3712 * the 'set' flags directly? In particular, I'm not sure 3713 * about the correct approach if we're overwriting an existing 3714 * file that already has flags on it. XXX 3715 */ 3716 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3717 return (r); 3718 3719 a->st.st_flags &= ~clear; 3720 a->st.st_flags |= set; 3721 3722 /* Only super-user may change SF_* flags */ 3723 3724 if (a->user_uid != 0) 3725 a->st.st_flags &= ~sf_mask; 3726 3727#ifdef HAVE_FCHFLAGS 3728 /* If platform has fchflags() and we were given an fd, use it. */ 3729 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0) 3730 return (ARCHIVE_OK); 3731#endif 3732 /* 3733 * If we can't use the fd to set the flags, we'll use the 3734 * pathname to set flags. We prefer lchflags() but will use 3735 * chflags() if we must. 3736 */ 3737#ifdef HAVE_LCHFLAGS 3738 if (lchflags(name, a->st.st_flags) == 0) 3739 return (ARCHIVE_OK); 3740#elif defined(HAVE_CHFLAGS) 3741 if (S_ISLNK(a->st.st_mode)) { 3742 archive_set_error(&a->archive, errno, 3743 "Can't set file flags on symlink."); 3744 return (ARCHIVE_WARN); 3745 } 3746 if (chflags(name, a->st.st_flags) == 0) 3747 return (ARCHIVE_OK); 3748#endif 3749 archive_set_error(&a->archive, errno, 3750 "Failed to set file flags"); 3751 return (ARCHIVE_WARN); 3752} 3753 3754#elif (defined(FS_IOC_GETFLAGS) && defined(FS_IOC_SETFLAGS) && \ 3755 defined(HAVE_WORKING_FS_IOC_GETFLAGS)) || \ 3756 (defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && \ 3757 defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)) 3758/* 3759 * Linux uses ioctl() to read and write file flags. 3760 */ 3761static int 3762set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3763 mode_t mode, unsigned long set, unsigned long clear) 3764{ 3765 int ret; 3766 int myfd = fd; 3767 int newflags, oldflags; 3768 /* 3769 * Linux has no define for the flags that are only settable by 3770 * the root user. This code may seem a little complex, but 3771 * there seem to be some Linux systems that lack these 3772 * defines. (?) The code below degrades reasonably gracefully 3773 * if sf_mask is incomplete. 3774 */ 3775 const int sf_mask = 0 3776#if defined(FS_IMMUTABLE_FL) 3777 | FS_IMMUTABLE_FL 3778#elif defined(EXT2_IMMUTABLE_FL) 3779 | EXT2_IMMUTABLE_FL 3780#endif 3781#if defined(FS_APPEND_FL) 3782 | FS_APPEND_FL 3783#elif defined(EXT2_APPEND_FL) 3784 | EXT2_APPEND_FL 3785#endif 3786#if defined(FS_JOURNAL_DATA_FL) 3787 | FS_JOURNAL_DATA_FL 3788#endif 3789 ; 3790 3791 if (set == 0 && clear == 0) 3792 return (ARCHIVE_OK); 3793 /* Only regular files and dirs can have flags. */ 3794 if (!S_ISREG(mode) && !S_ISDIR(mode)) 3795 return (ARCHIVE_OK); 3796 3797 /* If we weren't given an fd, open it ourselves. */ 3798 if (myfd < 0) { 3799 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC); 3800 __archive_ensure_cloexec_flag(myfd); 3801 } 3802 if (myfd < 0) 3803 return (ARCHIVE_OK); 3804 3805 /* 3806 * XXX As above, this would be way simpler if we didn't have 3807 * to read the current flags from disk. XXX 3808 */ 3809 ret = ARCHIVE_OK; 3810 3811 /* Read the current file flags. */ 3812 if (ioctl(myfd, 3813#ifdef FS_IOC_GETFLAGS 3814 FS_IOC_GETFLAGS, 3815#else 3816 EXT2_IOC_GETFLAGS, 3817#endif 3818 &oldflags) < 0) 3819 goto fail; 3820 3821 /* Try setting the flags as given. */ 3822 newflags = (oldflags & ~clear) | set; 3823 if (ioctl(myfd, 3824#ifdef FS_IOC_SETFLAGS 3825 FS_IOC_SETFLAGS, 3826#else 3827 EXT2_IOC_SETFLAGS, 3828#endif 3829 &newflags) >= 0) 3830 goto cleanup; 3831 if (errno != EPERM) 3832 goto fail; 3833 3834 /* If we couldn't set all the flags, try again with a subset. */ 3835 newflags &= ~sf_mask; 3836 oldflags &= sf_mask; 3837 newflags |= oldflags; 3838 if (ioctl(myfd, 3839#ifdef FS_IOC_SETFLAGS 3840 FS_IOC_SETFLAGS, 3841#else 3842 EXT2_IOC_SETFLAGS, 3843#endif 3844 &newflags) >= 0) 3845 goto cleanup; 3846 3847 /* We couldn't set the flags, so report the failure. */ 3848fail: 3849 archive_set_error(&a->archive, errno, 3850 "Failed to set file flags"); 3851 ret = ARCHIVE_WARN; 3852cleanup: 3853 if (fd < 0) 3854 close(myfd); 3855 return (ret); 3856} 3857 3858#else 3859 3860/* 3861 * Of course, some systems have neither BSD chflags() nor Linux' flags 3862 * support through ioctl(). 3863 */ 3864static int 3865set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3866 mode_t mode, unsigned long set, unsigned long clear) 3867{ 3868 (void)a; /* UNUSED */ 3869 (void)fd; /* UNUSED */ 3870 (void)name; /* UNUSED */ 3871 (void)mode; /* UNUSED */ 3872 (void)set; /* UNUSED */ 3873 (void)clear; /* UNUSED */ 3874 return (ARCHIVE_OK); 3875} 3876 3877#endif /* __linux */ 3878 3879#ifndef HAVE_COPYFILE_H 3880/* Default is to simply drop Mac extended metadata. */ 3881static int 3882set_mac_metadata(struct archive_write_disk *a, const char *pathname, 3883 const void *metadata, size_t metadata_size) 3884{ 3885 (void)a; /* UNUSED */ 3886 (void)pathname; /* UNUSED */ 3887 (void)metadata; /* UNUSED */ 3888 (void)metadata_size; /* UNUSED */ 3889 return (ARCHIVE_OK); 3890} 3891 3892static int 3893fixup_appledouble(struct archive_write_disk *a, const char *pathname) 3894{ 3895 (void)a; /* UNUSED */ 3896 (void)pathname; /* UNUSED */ 3897 return (ARCHIVE_OK); 3898} 3899#else 3900 3901/* 3902 * On Mac OS, we use copyfile() to unpack the metadata and 3903 * apply it to the target file. 3904 */ 3905 3906#if defined(HAVE_SYS_XATTR_H) 3907static int 3908copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd) 3909{ 3910 ssize_t xattr_size; 3911 char *xattr_names = NULL, *xattr_val = NULL; 3912 int ret = ARCHIVE_OK, xattr_i; 3913 3914 xattr_size = flistxattr(tmpfd, NULL, 0, 0); 3915 if (xattr_size == -1) { 3916 archive_set_error(&a->archive, errno, 3917 "Failed to read metadata(xattr)"); 3918 ret = ARCHIVE_WARN; 3919 goto exit_xattr; 3920 } 3921 xattr_names = malloc(xattr_size); 3922 if (xattr_names == NULL) { 3923 archive_set_error(&a->archive, ENOMEM, 3924 "Can't allocate memory for metadata(xattr)"); 3925 ret = ARCHIVE_FATAL; 3926 goto exit_xattr; 3927 } 3928 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0); 3929 if (xattr_size == -1) { 3930 archive_set_error(&a->archive, errno, 3931 "Failed to read metadata(xattr)"); 3932 ret = ARCHIVE_WARN; 3933 goto exit_xattr; 3934 } 3935 for (xattr_i = 0; xattr_i < xattr_size; 3936 xattr_i += strlen(xattr_names + xattr_i) + 1) { 3937 char *xattr_val_saved; 3938 ssize_t s; 3939 int f; 3940 3941 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0); 3942 if (s == -1) { 3943 archive_set_error(&a->archive, errno, 3944 "Failed to get metadata(xattr)"); 3945 ret = ARCHIVE_WARN; 3946 goto exit_xattr; 3947 } 3948 xattr_val_saved = xattr_val; 3949 xattr_val = realloc(xattr_val, s); 3950 if (xattr_val == NULL) { 3951 archive_set_error(&a->archive, ENOMEM, 3952 "Failed to get metadata(xattr)"); 3953 ret = ARCHIVE_WARN; 3954 free(xattr_val_saved); 3955 goto exit_xattr; 3956 } 3957 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0); 3958 if (s == -1) { 3959 archive_set_error(&a->archive, errno, 3960 "Failed to get metadata(xattr)"); 3961 ret = ARCHIVE_WARN; 3962 goto exit_xattr; 3963 } 3964 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0); 3965 if (f == -1) { 3966 archive_set_error(&a->archive, errno, 3967 "Failed to get metadata(xattr)"); 3968 ret = ARCHIVE_WARN; 3969 goto exit_xattr; 3970 } 3971 } 3972exit_xattr: 3973 free(xattr_names); 3974 free(xattr_val); 3975 return (ret); 3976} 3977#endif 3978 3979static int 3980copy_acls(struct archive_write_disk *a, int tmpfd, int dffd) 3981{ 3982#ifndef HAVE_SYS_ACL_H 3983 return 0; 3984#else 3985 acl_t acl, dfacl = NULL; 3986 int acl_r, ret = ARCHIVE_OK; 3987 3988 acl = acl_get_fd(tmpfd); 3989 if (acl == NULL) { 3990 if (errno == ENOENT) 3991 /* There are not any ACLs. */ 3992 return (ret); 3993 archive_set_error(&a->archive, errno, 3994 "Failed to get metadata(acl)"); 3995 ret = ARCHIVE_WARN; 3996 goto exit_acl; 3997 } 3998 dfacl = acl_dup(acl); 3999 acl_r = acl_set_fd(dffd, dfacl); 4000 if (acl_r == -1) { 4001 archive_set_error(&a->archive, errno, 4002 "Failed to get metadata(acl)"); 4003 ret = ARCHIVE_WARN; 4004 goto exit_acl; 4005 } 4006exit_acl: 4007 if (acl) 4008 acl_free(acl); 4009 if (dfacl) 4010 acl_free(dfacl); 4011 return (ret); 4012#endif 4013} 4014 4015static int 4016create_tempdatafork(struct archive_write_disk *a, const char *pathname) 4017{ 4018 struct archive_string tmpdatafork; 4019 int tmpfd; 4020 4021 archive_string_init(&tmpdatafork); 4022 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX"); 4023 tmpfd = mkstemp(tmpdatafork.s); 4024 if (tmpfd < 0) { 4025 archive_set_error(&a->archive, errno, 4026 "Failed to mkstemp"); 4027 archive_string_free(&tmpdatafork); 4028 return (-1); 4029 } 4030 if (copyfile(pathname, tmpdatafork.s, 0, 4031 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4032 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4033 archive_set_error(&a->archive, errno, 4034 "Failed to restore metadata"); 4035 close(tmpfd); 4036 tmpfd = -1; 4037 } 4038 unlink(tmpdatafork.s); 4039 archive_string_free(&tmpdatafork); 4040 return (tmpfd); 4041} 4042 4043static int 4044copy_metadata(struct archive_write_disk *a, const char *metadata, 4045 const char *datafork, int datafork_compressed) 4046{ 4047 int ret = ARCHIVE_OK; 4048 4049 if (datafork_compressed) { 4050 int dffd, tmpfd; 4051 4052 tmpfd = create_tempdatafork(a, metadata); 4053 if (tmpfd == -1) 4054 return (ARCHIVE_WARN); 4055 4056 /* 4057 * Do not open the data fork compressed by HFS+ compression 4058 * with at least a writing mode(O_RDWR or O_WRONLY). it 4059 * makes the data fork uncompressed. 4060 */ 4061 dffd = open(datafork, 0); 4062 if (dffd == -1) { 4063 archive_set_error(&a->archive, errno, 4064 "Failed to open the data fork for metadata"); 4065 close(tmpfd); 4066 return (ARCHIVE_WARN); 4067 } 4068 4069#if defined(HAVE_SYS_XATTR_H) 4070 ret = copy_xattrs(a, tmpfd, dffd); 4071 if (ret == ARCHIVE_OK) 4072#endif 4073 ret = copy_acls(a, tmpfd, dffd); 4074 close(tmpfd); 4075 close(dffd); 4076 } else { 4077 if (copyfile(metadata, datafork, 0, 4078 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4079 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4080 archive_set_error(&a->archive, errno, 4081 "Failed to restore metadata"); 4082 ret = ARCHIVE_WARN; 4083 } 4084 } 4085 return (ret); 4086} 4087 4088static int 4089set_mac_metadata(struct archive_write_disk *a, const char *pathname, 4090 const void *metadata, size_t metadata_size) 4091{ 4092 struct archive_string tmp; 4093 ssize_t written; 4094 int fd; 4095 int ret = ARCHIVE_OK; 4096 4097 /* This would be simpler if copyfile() could just accept the 4098 * metadata as a block of memory; then we could sidestep this 4099 * silly dance of writing the data to disk just so that 4100 * copyfile() can read it back in again. */ 4101 archive_string_init(&tmp); 4102 archive_strcpy(&tmp, pathname); 4103 archive_strcat(&tmp, ".XXXXXX"); 4104 fd = mkstemp(tmp.s); 4105 4106 if (fd < 0) { 4107 archive_set_error(&a->archive, errno, 4108 "Failed to restore metadata"); 4109 archive_string_free(&tmp); 4110 return (ARCHIVE_WARN); 4111 } 4112 written = write(fd, metadata, metadata_size); 4113 close(fd); 4114 if ((size_t)written != metadata_size) { 4115 archive_set_error(&a->archive, errno, 4116 "Failed to restore metadata"); 4117 ret = ARCHIVE_WARN; 4118 } else { 4119 int compressed; 4120 4121#if defined(UF_COMPRESSED) 4122 if ((a->todo & TODO_HFS_COMPRESSION) != 0 && 4123 (ret = lazy_stat(a)) == ARCHIVE_OK) 4124 compressed = a->st.st_flags & UF_COMPRESSED; 4125 else 4126#endif 4127 compressed = 0; 4128 ret = copy_metadata(a, tmp.s, pathname, compressed); 4129 } 4130 unlink(tmp.s); 4131 archive_string_free(&tmp); 4132 return (ret); 4133} 4134 4135static int 4136fixup_appledouble(struct archive_write_disk *a, const char *pathname) 4137{ 4138 char buff[8]; 4139 struct stat st; 4140 const char *p; 4141 struct archive_string datafork; 4142 int fd = -1, ret = ARCHIVE_OK; 4143 4144 archive_string_init(&datafork); 4145 /* Check if the current file name is a type of the resource 4146 * fork file. */ 4147 p = strrchr(pathname, '/'); 4148 if (p == NULL) 4149 p = pathname; 4150 else 4151 p++; 4152 if (p[0] != '.' || p[1] != '_') 4153 goto skip_appledouble; 4154 4155 /* 4156 * Check if the data fork file exists. 4157 * 4158 * TODO: Check if this write disk object has handled it. 4159 */ 4160 archive_strncpy(&datafork, pathname, p - pathname); 4161 archive_strcat(&datafork, p + 2); 4162 if (lstat(datafork.s, &st) == -1 || 4163 (st.st_mode & AE_IFMT) != AE_IFREG) 4164 goto skip_appledouble; 4165 4166 /* 4167 * Check if the file is in the AppleDouble form. 4168 */ 4169 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC); 4170 __archive_ensure_cloexec_flag(fd); 4171 if (fd == -1) { 4172 archive_set_error(&a->archive, errno, 4173 "Failed to open a restoring file"); 4174 ret = ARCHIVE_WARN; 4175 goto skip_appledouble; 4176 } 4177 if (read(fd, buff, 8) == -1) { 4178 archive_set_error(&a->archive, errno, 4179 "Failed to read a restoring file"); 4180 close(fd); 4181 ret = ARCHIVE_WARN; 4182 goto skip_appledouble; 4183 } 4184 close(fd); 4185 /* Check AppleDouble Magic Code. */ 4186 if (archive_be32dec(buff) != 0x00051607) 4187 goto skip_appledouble; 4188 /* Check AppleDouble Version. */ 4189 if (archive_be32dec(buff+4) != 0x00020000) 4190 goto skip_appledouble; 4191 4192 ret = copy_metadata(a, pathname, datafork.s, 4193#if defined(UF_COMPRESSED) 4194 st.st_flags & UF_COMPRESSED); 4195#else 4196 0); 4197#endif 4198 if (ret == ARCHIVE_OK) { 4199 unlink(pathname); 4200 ret = ARCHIVE_EOF; 4201 } 4202skip_appledouble: 4203 archive_string_free(&datafork); 4204 return (ret); 4205} 4206#endif 4207 4208#if ARCHIVE_XATTR_LINUX || ARCHIVE_XATTR_DARWIN || ARCHIVE_XATTR_AIX 4209/* 4210 * Restore extended attributes - Linux, Darwin and AIX implementations: 4211 * AIX' ea interface is syntaxwise identical to the Linux xattr interface. 4212 */ 4213static int 4214set_xattrs(struct archive_write_disk *a) 4215{ 4216 struct archive_entry *entry = a->entry; 4217 static int warning_done = 0; 4218 int ret = ARCHIVE_OK; 4219 int i = archive_entry_xattr_reset(entry); 4220 4221 while (i--) { 4222 const char *name; 4223 const void *value; 4224 size_t size; 4225 archive_entry_xattr_next(entry, &name, &value, &size); 4226 if (name != NULL && 4227 strncmp(name, "xfsroot.", 8) != 0 && 4228 strncmp(name, "system.", 7) != 0) { 4229 int e; 4230 if (a->fd >= 0) { 4231#if ARCHIVE_XATTR_LINUX 4232 e = fsetxattr(a->fd, name, value, size, 0); 4233#elif ARCHIVE_XATTR_DARWIN 4234 e = fsetxattr(a->fd, name, value, size, 0, 0); 4235#elif ARCHIVE_XATTR_AIX 4236 e = fsetea(a->fd, name, value, size, 0); 4237#endif 4238 } else { 4239#if ARCHIVE_XATTR_LINUX 4240 e = lsetxattr(archive_entry_pathname(entry), 4241 name, value, size, 0); 4242#elif ARCHIVE_XATTR_DARWIN 4243 e = setxattr(archive_entry_pathname(entry), 4244 name, value, size, 0, XATTR_NOFOLLOW); 4245#elif ARCHIVE_XATTR_AIX 4246 e = lsetea(archive_entry_pathname(entry), 4247 name, value, size, 0); 4248#endif 4249 } 4250 if (e == -1) { 4251 if (errno == ENOTSUP || errno == ENOSYS) { 4252 if (!warning_done) { 4253 warning_done = 1; 4254 archive_set_error(&a->archive, 4255 errno, 4256 "Cannot restore extended " 4257 "attributes on this file " 4258 "system"); 4259 } 4260 } else 4261 archive_set_error(&a->archive, errno, 4262 "Failed to set extended attribute"); 4263 ret = ARCHIVE_WARN; 4264 } 4265 } else { 4266 archive_set_error(&a->archive, 4267 ARCHIVE_ERRNO_FILE_FORMAT, 4268 "Invalid extended attribute encountered"); 4269 ret = ARCHIVE_WARN; 4270 } 4271 } 4272 return (ret); 4273} 4274#elif ARCHIVE_XATTR_FREEBSD 4275/* 4276 * Restore extended attributes - FreeBSD implementation 4277 */ 4278static int 4279set_xattrs(struct archive_write_disk *a) 4280{ 4281 struct archive_entry *entry = a->entry; 4282 static int warning_done = 0; 4283 int ret = ARCHIVE_OK; 4284 int i = archive_entry_xattr_reset(entry); 4285 4286 while (i--) { 4287 const char *name; 4288 const void *value; 4289 size_t size; 4290 archive_entry_xattr_next(entry, &name, &value, &size); 4291 if (name != NULL) { 4292 ssize_t e; 4293 int namespace; 4294 4295 if (strncmp(name, "user.", 5) == 0) { 4296 /* "user." attributes go to user namespace */ 4297 name += 5; 4298 namespace = EXTATTR_NAMESPACE_USER; 4299 } else { 4300 /* Warn about other extended attributes. */ 4301 archive_set_error(&a->archive, 4302 ARCHIVE_ERRNO_FILE_FORMAT, 4303 "Can't restore extended attribute ``%s''", 4304 name); 4305 ret = ARCHIVE_WARN; 4306 continue; 4307 } 4308 errno = 0; 4309 4310 if (a->fd >= 0) { 4311 e = extattr_set_fd(a->fd, namespace, name, 4312 value, size); 4313 } else { 4314 e = extattr_set_link( 4315 archive_entry_pathname(entry), namespace, 4316 name, value, size); 4317 } 4318 if (e != (ssize_t)size) { 4319 if (errno == ENOTSUP || errno == ENOSYS) { 4320 if (!warning_done) { 4321 warning_done = 1; 4322 archive_set_error(&a->archive, 4323 errno, 4324 "Cannot restore extended " 4325 "attributes on this file " 4326 "system"); 4327 } 4328 } else { 4329 archive_set_error(&a->archive, errno, 4330 "Failed to set extended attribute"); 4331 } 4332 4333 ret = ARCHIVE_WARN; 4334 } 4335 } 4336 } 4337 return (ret); 4338} 4339#else 4340/* 4341 * Restore extended attributes - stub implementation for unsupported systems 4342 */ 4343static int 4344set_xattrs(struct archive_write_disk *a) 4345{ 4346 static int warning_done = 0; 4347 4348 /* If there aren't any extended attributes, then it's okay not 4349 * to extract them, otherwise, issue a single warning. */ 4350 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) { 4351 warning_done = 1; 4352 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 4353 "Cannot restore extended attributes on this system"); 4354 return (ARCHIVE_WARN); 4355 } 4356 /* Warning was already emitted; suppress further warnings. */ 4357 return (ARCHIVE_OK); 4358} 4359#endif 4360 4361/* 4362 * Test if file on disk is older than entry. 4363 */ 4364static int 4365older(struct stat *st, struct archive_entry *entry) 4366{ 4367 /* First, test the seconds and return if we have a definite answer. */ 4368 /* Definitely older. */ 4369 if (to_int64_time(st->st_mtime) < to_int64_time(archive_entry_mtime(entry))) 4370 return (1); 4371 /* Definitely younger. */ 4372 if (to_int64_time(st->st_mtime) > to_int64_time(archive_entry_mtime(entry))) 4373 return (0); 4374 /* If this platform supports fractional seconds, try those. */ 4375#if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC 4376 /* Definitely older. */ 4377 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry)) 4378 return (1); 4379#elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC 4380 /* Definitely older. */ 4381 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry)) 4382 return (1); 4383#elif HAVE_STRUCT_STAT_ST_MTIME_N 4384 /* older. */ 4385 if (st->st_mtime_n < archive_entry_mtime_nsec(entry)) 4386 return (1); 4387#elif HAVE_STRUCT_STAT_ST_UMTIME 4388 /* older. */ 4389 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry)) 4390 return (1); 4391#elif HAVE_STRUCT_STAT_ST_MTIME_USEC 4392 /* older. */ 4393 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry)) 4394 return (1); 4395#else 4396 /* This system doesn't have high-res timestamps. */ 4397#endif 4398 /* Same age or newer, so not older. */ 4399 return (0); 4400} 4401 4402#ifndef ARCHIVE_ACL_SUPPORT 4403int 4404archive_write_disk_set_acls(struct archive *a, int fd, const char *name, 4405 struct archive_acl *abstract_acl, __LA_MODE_T mode) 4406{ 4407 (void)a; /* UNUSED */ 4408 (void)fd; /* UNUSED */ 4409 (void)name; /* UNUSED */ 4410 (void)abstract_acl; /* UNUSED */ 4411 (void)mode; /* UNUSED */ 4412 return (ARCHIVE_OK); 4413} 4414#endif 4415 4416#endif /* !_WIN32 || __CYGWIN__ */ 4417 4418