archive_write_disk_posix.c revision 358090
1/*- 2 * Copyright (c) 2003-2010 Tim Kientzle 3 * Copyright (c) 2012 Michihiro NAKAJIMA 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer 11 * in this position and unchanged. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "archive_platform.h" 29__FBSDID("$FreeBSD$"); 30 31#if !defined(_WIN32) || defined(__CYGWIN__) 32 33#ifdef HAVE_SYS_TYPES_H 34#include <sys/types.h> 35#endif 36#ifdef HAVE_SYS_ACL_H 37#include <sys/acl.h> 38#endif 39#ifdef HAVE_SYS_EXTATTR_H 40#include <sys/extattr.h> 41#endif 42#if HAVE_SYS_XATTR_H 43#include <sys/xattr.h> 44#elif HAVE_ATTR_XATTR_H 45#include <attr/xattr.h> 46#endif 47#ifdef HAVE_SYS_EA_H 48#include <sys/ea.h> 49#endif 50#ifdef HAVE_SYS_IOCTL_H 51#include <sys/ioctl.h> 52#endif 53#ifdef HAVE_SYS_STAT_H 54#include <sys/stat.h> 55#endif 56#ifdef HAVE_SYS_TIME_H 57#include <sys/time.h> 58#endif 59#ifdef HAVE_SYS_UTIME_H 60#include <sys/utime.h> 61#endif 62#ifdef HAVE_COPYFILE_H 63#include <copyfile.h> 64#endif 65#ifdef HAVE_ERRNO_H 66#include <errno.h> 67#endif 68#ifdef HAVE_FCNTL_H 69#include <fcntl.h> 70#endif 71#ifdef HAVE_GRP_H 72#include <grp.h> 73#endif 74#ifdef HAVE_LANGINFO_H 75#include <langinfo.h> 76#endif 77#ifdef HAVE_LINUX_FS_H 78#include <linux/fs.h> /* for Linux file flags */ 79#endif 80/* 81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. 82 * As the include guards don't agree, the order of include is important. 83 */ 84#ifdef HAVE_LINUX_EXT2_FS_H 85#include <linux/ext2_fs.h> /* for Linux file flags */ 86#endif 87#if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__) 88#include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */ 89#endif 90#ifdef HAVE_LIMITS_H 91#include <limits.h> 92#endif 93#ifdef HAVE_PWD_H 94#include <pwd.h> 95#endif 96#include <stdio.h> 97#ifdef HAVE_STDLIB_H 98#include <stdlib.h> 99#endif 100#ifdef HAVE_STRING_H 101#include <string.h> 102#endif 103#ifdef HAVE_UNISTD_H 104#include <unistd.h> 105#endif 106#ifdef HAVE_UTIME_H 107#include <utime.h> 108#endif 109#ifdef F_GETTIMES /* Tru64 specific */ 110#include <sys/fcntl1.h> 111#endif 112 113/* 114 * Macro to cast st_mtime and time_t to an int64 so that 2 numbers can reliably be compared. 115 * 116 * It assumes that the input is an integer type of no more than 64 bits. 117 * If the number is less than zero, t must be a signed type, so it fits in 118 * int64_t. Otherwise, it's a nonnegative value so we can cast it to uint64_t 119 * without loss. But it could be a large unsigned value, so we have to clip it 120 * to INT64_MAX.* 121 */ 122#define to_int64_time(t) \ 123 ((t) < 0 ? (int64_t)(t) : (uint64_t)(t) > (uint64_t)INT64_MAX ? INT64_MAX : (int64_t)(t)) 124 125#if __APPLE__ 126#include <TargetConditionals.h> 127#if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H 128#include <quarantine.h> 129#define HAVE_QUARANTINE 1 130#endif 131#endif 132 133#ifdef HAVE_ZLIB_H 134#include <zlib.h> 135#endif 136 137/* TODO: Support Mac OS 'quarantine' feature. This is really just a 138 * standard tag to mark files that have been downloaded as "tainted". 139 * On Mac OS, we should mark the extracted files as tainted if the 140 * archive being read was tainted. Windows has a similar feature; we 141 * should investigate ways to support this generically. */ 142 143#include "archive.h" 144#include "archive_acl_private.h" 145#include "archive_string.h" 146#include "archive_endian.h" 147#include "archive_entry.h" 148#include "archive_private.h" 149#include "archive_write_disk_private.h" 150 151#ifndef O_BINARY 152#define O_BINARY 0 153#endif 154#ifndef O_CLOEXEC 155#define O_CLOEXEC 0 156#endif 157 158/* Ignore non-int O_NOFOLLOW constant. */ 159/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */ 160#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX) 161#undef O_NOFOLLOW 162#endif 163 164#ifndef O_NOFOLLOW 165#define O_NOFOLLOW 0 166#endif 167 168#ifndef AT_FDCWD 169#define AT_FDCWD -100 170#endif 171 172struct fixup_entry { 173 struct fixup_entry *next; 174 struct archive_acl acl; 175 mode_t mode; 176 int64_t atime; 177 int64_t birthtime; 178 int64_t mtime; 179 int64_t ctime; 180 unsigned long atime_nanos; 181 unsigned long birthtime_nanos; 182 unsigned long mtime_nanos; 183 unsigned long ctime_nanos; 184 unsigned long fflags_set; 185 size_t mac_metadata_size; 186 void *mac_metadata; 187 int fixup; /* bitmask of what needs fixing */ 188 char *name; 189}; 190 191/* 192 * We use a bitmask to track which operations remain to be done for 193 * this file. In particular, this helps us avoid unnecessary 194 * operations when it's possible to take care of one step as a 195 * side-effect of another. For example, mkdir() can specify the mode 196 * for the newly-created object but symlink() cannot. This means we 197 * can skip chmod() if mkdir() succeeded, but we must explicitly 198 * chmod() if we're trying to create a directory that already exists 199 * (mkdir() failed) or if we're restoring a symlink. Similarly, we 200 * need to verify UID/GID before trying to restore SUID/SGID bits; 201 * that verification can occur explicitly through a stat() call or 202 * implicitly because of a successful chown() call. 203 */ 204#define TODO_MODE_FORCE 0x40000000 205#define TODO_MODE_BASE 0x20000000 206#define TODO_SUID 0x10000000 207#define TODO_SUID_CHECK 0x08000000 208#define TODO_SGID 0x04000000 209#define TODO_SGID_CHECK 0x02000000 210#define TODO_APPLEDOUBLE 0x01000000 211#define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID) 212#define TODO_TIMES ARCHIVE_EXTRACT_TIME 213#define TODO_OWNER ARCHIVE_EXTRACT_OWNER 214#define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS 215#define TODO_ACLS ARCHIVE_EXTRACT_ACL 216#define TODO_XATTR ARCHIVE_EXTRACT_XATTR 217#define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA 218#define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED 219 220struct archive_write_disk { 221 struct archive archive; 222 223 mode_t user_umask; 224 struct fixup_entry *fixup_list; 225 struct fixup_entry *current_fixup; 226 int64_t user_uid; 227 int skip_file_set; 228 int64_t skip_file_dev; 229 int64_t skip_file_ino; 230 time_t start_time; 231 232 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid); 233 void (*cleanup_gid)(void *private); 234 void *lookup_gid_data; 235 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid); 236 void (*cleanup_uid)(void *private); 237 void *lookup_uid_data; 238 239 /* 240 * Full path of last file to satisfy symlink checks. 241 */ 242 struct archive_string path_safe; 243 244 /* 245 * Cached stat data from disk for the current entry. 246 * If this is valid, pst points to st. Otherwise, 247 * pst is null. 248 */ 249 struct stat st; 250 struct stat *pst; 251 252 /* Information about the object being restored right now. */ 253 struct archive_entry *entry; /* Entry being extracted. */ 254 char *name; /* Name of entry, possibly edited. */ 255 struct archive_string _name_data; /* backing store for 'name' */ 256 char *tmpname; /* Temporary name * */ 257 struct archive_string _tmpname_data; /* backing store for 'tmpname' */ 258 /* Tasks remaining for this object. */ 259 int todo; 260 /* Tasks deferred until end-of-archive. */ 261 int deferred; 262 /* Options requested by the client. */ 263 int flags; 264 /* Handle for the file we're restoring. */ 265 int fd; 266 /* Current offset for writing data to the file. */ 267 int64_t offset; 268 /* Last offset actually written to disk. */ 269 int64_t fd_offset; 270 /* Total bytes actually written to files. */ 271 int64_t total_bytes_written; 272 /* Maximum size of file, -1 if unknown. */ 273 int64_t filesize; 274 /* Dir we were in before this restore; only for deep paths. */ 275 int restore_pwd; 276 /* Mode we should use for this entry; affected by _PERM and umask. */ 277 mode_t mode; 278 /* UID/GID to use in restoring this entry. */ 279 int64_t uid; 280 int64_t gid; 281 /* 282 * HFS+ Compression. 283 */ 284 /* Xattr "com.apple.decmpfs". */ 285 uint32_t decmpfs_attr_size; 286 unsigned char *decmpfs_header_p; 287 /* ResourceFork set options used for fsetxattr. */ 288 int rsrc_xattr_options; 289 /* Xattr "com.apple.ResourceFork". */ 290 unsigned char *resource_fork; 291 size_t resource_fork_allocated_size; 292 unsigned int decmpfs_block_count; 293 uint32_t *decmpfs_block_info; 294 /* Buffer for compressed data. */ 295 unsigned char *compressed_buffer; 296 size_t compressed_buffer_size; 297 size_t compressed_buffer_remaining; 298 /* The offset of the ResourceFork where compressed data will 299 * be placed. */ 300 uint32_t compressed_rsrc_position; 301 uint32_t compressed_rsrc_position_v; 302 /* Buffer for uncompressed data. */ 303 char *uncompressed_buffer; 304 size_t block_remaining_bytes; 305 size_t file_remaining_bytes; 306#ifdef HAVE_ZLIB_H 307 z_stream stream; 308 int stream_valid; 309 int decmpfs_compression_level; 310#endif 311}; 312 313/* 314 * Default mode for dirs created automatically (will be modified by umask). 315 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified 316 * by the process' file creation mask." 317 */ 318#define DEFAULT_DIR_MODE 0777 319/* 320 * Dir modes are restored in two steps: During the extraction, the permissions 321 * in the archive are modified to match the following limits. During 322 * the post-extract fixup pass, the permissions from the archive are 323 * applied. 324 */ 325#define MINIMUM_DIR_MODE 0700 326#define MAXIMUM_DIR_MODE 0775 327 328/* 329 * Maximum uncompressed size of a decmpfs block. 330 */ 331#define MAX_DECMPFS_BLOCK_SIZE (64 * 1024) 332/* 333 * HFS+ compression type. 334 */ 335#define CMP_XATTR 3/* Compressed data in xattr. */ 336#define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */ 337/* 338 * HFS+ compression resource fork. 339 */ 340#define RSRC_H_SIZE 260 /* Base size of Resource fork header. */ 341#define RSRC_F_SIZE 50 /* Size of Resource fork footer. */ 342/* Size to write compressed data to resource fork. */ 343#define COMPRESSED_W_SIZE (64 * 1024) 344/* decmpfs definitions. */ 345#define MAX_DECMPFS_XATTR_SIZE 3802 346#ifndef DECMPFS_XATTR_NAME 347#define DECMPFS_XATTR_NAME "com.apple.decmpfs" 348#endif 349#define DECMPFS_MAGIC 0x636d7066 350#define DECMPFS_COMPRESSION_MAGIC 0 351#define DECMPFS_COMPRESSION_TYPE 4 352#define DECMPFS_UNCOMPRESSED_SIZE 8 353#define DECMPFS_HEADER_SIZE 16 354 355#define HFS_BLOCKS(s) ((s) >> 12) 356 357 358static int la_opendirat(int, const char *); 359static int la_mktemp(struct archive_write_disk *); 360static void fsobj_error(int *, struct archive_string *, int, const char *, 361 const char *); 362static int check_symlinks_fsobj(char *, int *, struct archive_string *, 363 int); 364static int check_symlinks(struct archive_write_disk *); 365static int create_filesystem_object(struct archive_write_disk *); 366static struct fixup_entry *current_fixup(struct archive_write_disk *, 367 const char *pathname); 368#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 369static void edit_deep_directories(struct archive_write_disk *ad); 370#endif 371static int cleanup_pathname_fsobj(char *, int *, struct archive_string *, 372 int); 373static int cleanup_pathname(struct archive_write_disk *); 374static int create_dir(struct archive_write_disk *, char *); 375static int create_parent_dir(struct archive_write_disk *, char *); 376static ssize_t hfs_write_data_block(struct archive_write_disk *, 377 const char *, size_t); 378static int fixup_appledouble(struct archive_write_disk *, const char *); 379static int older(struct stat *, struct archive_entry *); 380static int restore_entry(struct archive_write_disk *); 381static int set_mac_metadata(struct archive_write_disk *, const char *, 382 const void *, size_t); 383static int set_xattrs(struct archive_write_disk *); 384static int clear_nochange_fflags(struct archive_write_disk *); 385static int set_fflags(struct archive_write_disk *); 386static int set_fflags_platform(struct archive_write_disk *, int fd, 387 const char *name, mode_t mode, 388 unsigned long fflags_set, unsigned long fflags_clear); 389static int set_ownership(struct archive_write_disk *); 390static int set_mode(struct archive_write_disk *, int mode); 391static int set_time(int, int, const char *, time_t, long, time_t, long); 392static int set_times(struct archive_write_disk *, int, int, const char *, 393 time_t, long, time_t, long, time_t, long, time_t, long); 394static int set_times_from_entry(struct archive_write_disk *); 395static struct fixup_entry *sort_dir_list(struct fixup_entry *p); 396static ssize_t write_data_block(struct archive_write_disk *, 397 const char *, size_t); 398 399static struct archive_vtable *archive_write_disk_vtable(void); 400 401static int _archive_write_disk_close(struct archive *); 402static int _archive_write_disk_free(struct archive *); 403static int _archive_write_disk_header(struct archive *, 404 struct archive_entry *); 405static int64_t _archive_write_disk_filter_bytes(struct archive *, int); 406static int _archive_write_disk_finish_entry(struct archive *); 407static ssize_t _archive_write_disk_data(struct archive *, const void *, 408 size_t); 409static ssize_t _archive_write_disk_data_block(struct archive *, const void *, 410 size_t, int64_t); 411 412static int 413la_mktemp(struct archive_write_disk *a) 414{ 415 int oerrno, fd; 416 mode_t mode; 417 418 archive_string_empty(&a->_tmpname_data); 419 archive_string_sprintf(&a->_tmpname_data, "%s.XXXXXX", a->name); 420 a->tmpname = a->_tmpname_data.s; 421 422 fd = __archive_mkstemp(a->tmpname); 423 if (fd == -1) 424 return -1; 425 426 mode = a->mode & 0777 & ~a->user_umask; 427 if (fchmod(fd, mode) == -1) { 428 oerrno = errno; 429 close(fd); 430 errno = oerrno; 431 return -1; 432 } 433 return fd; 434} 435 436static int 437la_opendirat(int fd, const char *path) { 438 const int flags = O_CLOEXEC 439#if defined(O_BINARY) 440 | O_BINARY 441#endif 442#if defined(O_DIRECTORY) 443 | O_DIRECTORY 444#endif 445#if defined(O_PATH) 446 | O_PATH 447#elif defined(O_SEARCH) 448 | O_SEARCH 449#elif defined(__FreeBSD__) && defined(O_EXEC) 450 | O_EXEC 451#else 452 | O_RDONLY 453#endif 454 ; 455 456#if !defined(HAVE_OPENAT) 457 if (fd != AT_FDCWD) { 458 errno = ENOTSUP; 459 return (-1); 460 } else 461 return (open(path, flags)); 462#else 463 return (openat(fd, path, flags)); 464#endif 465} 466 467static int 468lazy_stat(struct archive_write_disk *a) 469{ 470 if (a->pst != NULL) { 471 /* Already have stat() data available. */ 472 return (ARCHIVE_OK); 473 } 474#ifdef HAVE_FSTAT 475 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) { 476 a->pst = &a->st; 477 return (ARCHIVE_OK); 478 } 479#endif 480 /* 481 * XXX At this point, symlinks should not be hit, otherwise 482 * XXX a race occurred. Do we want to check explicitly for that? 483 */ 484 if (lstat(a->name, &a->st) == 0) { 485 a->pst = &a->st; 486 return (ARCHIVE_OK); 487 } 488 archive_set_error(&a->archive, errno, "Couldn't stat file"); 489 return (ARCHIVE_WARN); 490} 491 492static struct archive_vtable * 493archive_write_disk_vtable(void) 494{ 495 static struct archive_vtable av; 496 static int inited = 0; 497 498 if (!inited) { 499 av.archive_close = _archive_write_disk_close; 500 av.archive_filter_bytes = _archive_write_disk_filter_bytes; 501 av.archive_free = _archive_write_disk_free; 502 av.archive_write_header = _archive_write_disk_header; 503 av.archive_write_finish_entry 504 = _archive_write_disk_finish_entry; 505 av.archive_write_data = _archive_write_disk_data; 506 av.archive_write_data_block = _archive_write_disk_data_block; 507 inited = 1; 508 } 509 return (&av); 510} 511 512static int64_t 513_archive_write_disk_filter_bytes(struct archive *_a, int n) 514{ 515 struct archive_write_disk *a = (struct archive_write_disk *)_a; 516 (void)n; /* UNUSED */ 517 if (n == -1 || n == 0) 518 return (a->total_bytes_written); 519 return (-1); 520} 521 522 523int 524archive_write_disk_set_options(struct archive *_a, int flags) 525{ 526 struct archive_write_disk *a = (struct archive_write_disk *)_a; 527 528 a->flags = flags; 529 return (ARCHIVE_OK); 530} 531 532 533/* 534 * Extract this entry to disk. 535 * 536 * TODO: Validate hardlinks. According to the standards, we're 537 * supposed to check each extracted hardlink and squawk if it refers 538 * to a file that we didn't restore. I'm not entirely convinced this 539 * is a good idea, but more importantly: Is there any way to validate 540 * hardlinks without keeping a complete list of filenames from the 541 * entire archive?? Ugh. 542 * 543 */ 544static int 545_archive_write_disk_header(struct archive *_a, struct archive_entry *entry) 546{ 547 struct archive_write_disk *a = (struct archive_write_disk *)_a; 548 struct fixup_entry *fe; 549 int ret, r; 550 551 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 552 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 553 "archive_write_disk_header"); 554 archive_clear_error(&a->archive); 555 if (a->archive.state & ARCHIVE_STATE_DATA) { 556 r = _archive_write_disk_finish_entry(&a->archive); 557 if (r == ARCHIVE_FATAL) 558 return (r); 559 } 560 561 /* Set up for this particular entry. */ 562 a->pst = NULL; 563 a->current_fixup = NULL; 564 a->deferred = 0; 565 if (a->entry) { 566 archive_entry_free(a->entry); 567 a->entry = NULL; 568 } 569 a->entry = archive_entry_clone(entry); 570 a->fd = -1; 571 a->fd_offset = 0; 572 a->offset = 0; 573 a->restore_pwd = -1; 574 a->uid = a->user_uid; 575 a->mode = archive_entry_mode(a->entry); 576 if (archive_entry_size_is_set(a->entry)) 577 a->filesize = archive_entry_size(a->entry); 578 else 579 a->filesize = -1; 580 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry)); 581 a->name = a->_name_data.s; 582 archive_clear_error(&a->archive); 583 584 /* 585 * Clean up the requested path. This is necessary for correct 586 * dir restores; the dir restore logic otherwise gets messed 587 * up by nonsense like "dir/.". 588 */ 589 ret = cleanup_pathname(a); 590 if (ret != ARCHIVE_OK) 591 return (ret); 592 593 /* 594 * Query the umask so we get predictable mode settings. 595 * This gets done on every call to _write_header in case the 596 * user edits their umask during the extraction for some 597 * reason. 598 */ 599 umask(a->user_umask = umask(0)); 600 601 /* Figure out what we need to do for this entry. */ 602 a->todo = TODO_MODE_BASE; 603 if (a->flags & ARCHIVE_EXTRACT_PERM) { 604 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */ 605 /* 606 * SGID requires an extra "check" step because we 607 * cannot easily predict the GID that the system will 608 * assign. (Different systems assign GIDs to files 609 * based on a variety of criteria, including process 610 * credentials and the gid of the enclosing 611 * directory.) We can only restore the SGID bit if 612 * the file has the right GID, and we only know the 613 * GID if we either set it (see set_ownership) or if 614 * we've actually called stat() on the file after it 615 * was restored. Since there are several places at 616 * which we might verify the GID, we need a TODO bit 617 * to keep track. 618 */ 619 if (a->mode & S_ISGID) 620 a->todo |= TODO_SGID | TODO_SGID_CHECK; 621 /* 622 * Verifying the SUID is simpler, but can still be 623 * done in multiple ways, hence the separate "check" bit. 624 */ 625 if (a->mode & S_ISUID) 626 a->todo |= TODO_SUID | TODO_SUID_CHECK; 627 } else { 628 /* 629 * User didn't request full permissions, so don't 630 * restore SUID, SGID bits and obey umask. 631 */ 632 a->mode &= ~S_ISUID; 633 a->mode &= ~S_ISGID; 634 a->mode &= ~S_ISVTX; 635 a->mode &= ~a->user_umask; 636 } 637 if (a->flags & ARCHIVE_EXTRACT_OWNER) 638 a->todo |= TODO_OWNER; 639 if (a->flags & ARCHIVE_EXTRACT_TIME) 640 a->todo |= TODO_TIMES; 641 if (a->flags & ARCHIVE_EXTRACT_ACL) { 642#if ARCHIVE_ACL_DARWIN 643 /* 644 * On MacOS, platform ACLs get stored in mac_metadata, too. 645 * If we intend to extract mac_metadata and it is present 646 * we skip extracting libarchive NFSv4 ACLs. 647 */ 648 size_t metadata_size; 649 650 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 651 archive_entry_mac_metadata(a->entry, 652 &metadata_size) == NULL || metadata_size == 0) 653#endif 654#if ARCHIVE_ACL_LIBRICHACL 655 /* 656 * RichACLs are stored in an extended attribute. 657 * If we intend to extract extended attributes and have this 658 * attribute we skip extracting libarchive NFSv4 ACLs. 659 */ 660 short extract_acls = 1; 661 if (a->flags & ARCHIVE_EXTRACT_XATTR && ( 662 archive_entry_acl_types(a->entry) & 663 ARCHIVE_ENTRY_ACL_TYPE_NFS4)) { 664 const char *attr_name; 665 const void *attr_value; 666 size_t attr_size; 667 int i = archive_entry_xattr_reset(a->entry); 668 while (i--) { 669 archive_entry_xattr_next(a->entry, &attr_name, 670 &attr_value, &attr_size); 671 if (attr_name != NULL && attr_value != NULL && 672 attr_size > 0 && strcmp(attr_name, 673 "trusted.richacl") == 0) { 674 extract_acls = 0; 675 break; 676 } 677 } 678 } 679 if (extract_acls) 680#endif 681#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 682 { 683#endif 684 if (archive_entry_filetype(a->entry) == AE_IFDIR) 685 a->deferred |= TODO_ACLS; 686 else 687 a->todo |= TODO_ACLS; 688#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 689 } 690#endif 691 } 692 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) { 693 if (archive_entry_filetype(a->entry) == AE_IFDIR) 694 a->deferred |= TODO_MAC_METADATA; 695 else 696 a->todo |= TODO_MAC_METADATA; 697 } 698#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 699 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) { 700 unsigned long set, clear; 701 archive_entry_fflags(a->entry, &set, &clear); 702 if ((set & ~clear) & UF_COMPRESSED) { 703 a->todo |= TODO_HFS_COMPRESSION; 704 a->decmpfs_block_count = (unsigned)-1; 705 } 706 } 707 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 && 708 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) { 709 a->todo |= TODO_HFS_COMPRESSION; 710 a->decmpfs_block_count = (unsigned)-1; 711 } 712 { 713 const char *p; 714 715 /* Check if the current file name is a type of the 716 * resource fork file. */ 717 p = strrchr(a->name, '/'); 718 if (p == NULL) 719 p = a->name; 720 else 721 p++; 722 if (p[0] == '.' && p[1] == '_') { 723 /* Do not compress "._XXX" files. */ 724 a->todo &= ~TODO_HFS_COMPRESSION; 725 if (a->filesize > 0) 726 a->todo |= TODO_APPLEDOUBLE; 727 } 728 } 729#endif 730 731 if (a->flags & ARCHIVE_EXTRACT_XATTR) { 732#if ARCHIVE_XATTR_DARWIN 733 /* 734 * On MacOS, extended attributes get stored in mac_metadata, 735 * too. If we intend to extract mac_metadata and it is present 736 * we skip extracting extended attributes. 737 */ 738 size_t metadata_size; 739 740 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 741 archive_entry_mac_metadata(a->entry, 742 &metadata_size) == NULL || metadata_size == 0) 743#endif 744 a->todo |= TODO_XATTR; 745 } 746 if (a->flags & ARCHIVE_EXTRACT_FFLAGS) 747 a->todo |= TODO_FFLAGS; 748 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) { 749 ret = check_symlinks(a); 750 if (ret != ARCHIVE_OK) 751 return (ret); 752 } 753#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 754 /* If path exceeds PATH_MAX, shorten the path. */ 755 edit_deep_directories(a); 756#endif 757 758 ret = restore_entry(a); 759 760#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 761 /* 762 * Check if the filesystem the file is restoring on supports 763 * HFS+ Compression. If not, cancel HFS+ Compression. 764 */ 765 if (a->todo | TODO_HFS_COMPRESSION) { 766 /* 767 * NOTE: UF_COMPRESSED is ignored even if the filesystem 768 * supports HFS+ Compression because the file should 769 * have at least an extended attribute "com.apple.decmpfs" 770 * before the flag is set to indicate that the file have 771 * been compressed. If the filesystem does not support 772 * HFS+ Compression the system call will fail. 773 */ 774 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0) 775 a->todo &= ~TODO_HFS_COMPRESSION; 776 } 777#endif 778 779 /* 780 * TODO: There are rumours that some extended attributes must 781 * be restored before file data is written. If this is true, 782 * then we either need to write all extended attributes both 783 * before and after restoring the data, or find some rule for 784 * determining which must go first and which last. Due to the 785 * many ways people are using xattrs, this may prove to be an 786 * intractable problem. 787 */ 788 789#ifdef HAVE_FCHDIR 790 /* If we changed directory above, restore it here. */ 791 if (a->restore_pwd >= 0) { 792 r = fchdir(a->restore_pwd); 793 if (r != 0) { 794 archive_set_error(&a->archive, errno, 795 "chdir() failure"); 796 ret = ARCHIVE_FATAL; 797 } 798 close(a->restore_pwd); 799 a->restore_pwd = -1; 800 } 801#endif 802 803 /* 804 * Fixup uses the unedited pathname from archive_entry_pathname(), 805 * because it is relative to the base dir and the edited path 806 * might be relative to some intermediate dir as a result of the 807 * deep restore logic. 808 */ 809 if (a->deferred & TODO_MODE) { 810 fe = current_fixup(a, archive_entry_pathname(entry)); 811 if (fe == NULL) 812 return (ARCHIVE_FATAL); 813 fe->fixup |= TODO_MODE_BASE; 814 fe->mode = a->mode; 815 } 816 817 if ((a->deferred & TODO_TIMES) 818 && (archive_entry_mtime_is_set(entry) 819 || archive_entry_atime_is_set(entry))) { 820 fe = current_fixup(a, archive_entry_pathname(entry)); 821 if (fe == NULL) 822 return (ARCHIVE_FATAL); 823 fe->mode = a->mode; 824 fe->fixup |= TODO_TIMES; 825 if (archive_entry_atime_is_set(entry)) { 826 fe->atime = archive_entry_atime(entry); 827 fe->atime_nanos = archive_entry_atime_nsec(entry); 828 } else { 829 /* If atime is unset, use start time. */ 830 fe->atime = a->start_time; 831 fe->atime_nanos = 0; 832 } 833 if (archive_entry_mtime_is_set(entry)) { 834 fe->mtime = archive_entry_mtime(entry); 835 fe->mtime_nanos = archive_entry_mtime_nsec(entry); 836 } else { 837 /* If mtime is unset, use start time. */ 838 fe->mtime = a->start_time; 839 fe->mtime_nanos = 0; 840 } 841 if (archive_entry_birthtime_is_set(entry)) { 842 fe->birthtime = archive_entry_birthtime(entry); 843 fe->birthtime_nanos = archive_entry_birthtime_nsec( 844 entry); 845 } else { 846 /* If birthtime is unset, use mtime. */ 847 fe->birthtime = fe->mtime; 848 fe->birthtime_nanos = fe->mtime_nanos; 849 } 850 } 851 852 if (a->deferred & TODO_ACLS) { 853 fe = current_fixup(a, archive_entry_pathname(entry)); 854 if (fe == NULL) 855 return (ARCHIVE_FATAL); 856 fe->fixup |= TODO_ACLS; 857 archive_acl_copy(&fe->acl, archive_entry_acl(entry)); 858 } 859 860 if (a->deferred & TODO_MAC_METADATA) { 861 const void *metadata; 862 size_t metadata_size; 863 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 864 if (metadata != NULL && metadata_size > 0) { 865 fe = current_fixup(a, archive_entry_pathname(entry)); 866 if (fe == NULL) 867 return (ARCHIVE_FATAL); 868 fe->mac_metadata = malloc(metadata_size); 869 if (fe->mac_metadata != NULL) { 870 memcpy(fe->mac_metadata, metadata, 871 metadata_size); 872 fe->mac_metadata_size = metadata_size; 873 fe->fixup |= TODO_MAC_METADATA; 874 } 875 } 876 } 877 878 if (a->deferred & TODO_FFLAGS) { 879 fe = current_fixup(a, archive_entry_pathname(entry)); 880 if (fe == NULL) 881 return (ARCHIVE_FATAL); 882 fe->fixup |= TODO_FFLAGS; 883 /* TODO: Complete this.. defer fflags from below. */ 884 } 885 886 /* We've created the object and are ready to pour data into it. */ 887 if (ret >= ARCHIVE_WARN) 888 a->archive.state = ARCHIVE_STATE_DATA; 889 /* 890 * If it's not open, tell our client not to try writing. 891 * In particular, dirs, links, etc, don't get written to. 892 */ 893 if (a->fd < 0) { 894 archive_entry_set_size(entry, 0); 895 a->filesize = 0; 896 } 897 898 return (ret); 899} 900 901int 902archive_write_disk_set_skip_file(struct archive *_a, la_int64_t d, la_int64_t i) 903{ 904 struct archive_write_disk *a = (struct archive_write_disk *)_a; 905 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 906 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file"); 907 a->skip_file_set = 1; 908 a->skip_file_dev = d; 909 a->skip_file_ino = i; 910 return (ARCHIVE_OK); 911} 912 913static ssize_t 914write_data_block(struct archive_write_disk *a, const char *buff, size_t size) 915{ 916 uint64_t start_size = size; 917 ssize_t bytes_written = 0; 918 ssize_t block_size = 0, bytes_to_write; 919 920 if (size == 0) 921 return (ARCHIVE_OK); 922 923 if (a->filesize == 0 || a->fd < 0) { 924 archive_set_error(&a->archive, 0, 925 "Attempt to write to an empty file"); 926 return (ARCHIVE_WARN); 927 } 928 929 if (a->flags & ARCHIVE_EXTRACT_SPARSE) { 930#if HAVE_STRUCT_STAT_ST_BLKSIZE 931 int r; 932 if ((r = lazy_stat(a)) != ARCHIVE_OK) 933 return (r); 934 block_size = a->pst->st_blksize; 935#else 936 /* XXX TODO XXX Is there a more appropriate choice here ? */ 937 /* This needn't match the filesystem allocation size. */ 938 block_size = 16*1024; 939#endif 940 } 941 942 /* If this write would run beyond the file size, truncate it. */ 943 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 944 start_size = size = (size_t)(a->filesize - a->offset); 945 946 /* Write the data. */ 947 while (size > 0) { 948 if (block_size == 0) { 949 bytes_to_write = size; 950 } else { 951 /* We're sparsifying the file. */ 952 const char *p, *end; 953 int64_t block_end; 954 955 /* Skip leading zero bytes. */ 956 for (p = buff, end = buff + size; p < end; ++p) { 957 if (*p != '\0') 958 break; 959 } 960 a->offset += p - buff; 961 size -= p - buff; 962 buff = p; 963 if (size == 0) 964 break; 965 966 /* Calculate next block boundary after offset. */ 967 block_end 968 = (a->offset / block_size + 1) * block_size; 969 970 /* If the adjusted write would cross block boundary, 971 * truncate it to the block boundary. */ 972 bytes_to_write = size; 973 if (a->offset + bytes_to_write > block_end) 974 bytes_to_write = block_end - a->offset; 975 } 976 /* Seek if necessary to the specified offset. */ 977 if (a->offset != a->fd_offset) { 978 if (lseek(a->fd, a->offset, SEEK_SET) < 0) { 979 archive_set_error(&a->archive, errno, 980 "Seek failed"); 981 return (ARCHIVE_FATAL); 982 } 983 a->fd_offset = a->offset; 984 } 985 bytes_written = write(a->fd, buff, bytes_to_write); 986 if (bytes_written < 0) { 987 archive_set_error(&a->archive, errno, "Write failed"); 988 return (ARCHIVE_WARN); 989 } 990 buff += bytes_written; 991 size -= bytes_written; 992 a->total_bytes_written += bytes_written; 993 a->offset += bytes_written; 994 a->fd_offset = a->offset; 995 } 996 return (start_size - size); 997} 998 999#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 1000 && defined(HAVE_ZLIB_H) 1001 1002/* 1003 * Set UF_COMPRESSED file flag. 1004 * This have to be called after hfs_write_decmpfs() because if the 1005 * file does not have "com.apple.decmpfs" xattr the flag is ignored. 1006 */ 1007static int 1008hfs_set_compressed_fflag(struct archive_write_disk *a) 1009{ 1010 int r; 1011 1012 if ((r = lazy_stat(a)) != ARCHIVE_OK) 1013 return (r); 1014 1015 a->st.st_flags |= UF_COMPRESSED; 1016 if (fchflags(a->fd, a->st.st_flags) != 0) { 1017 archive_set_error(&a->archive, errno, 1018 "Failed to set UF_COMPRESSED file flag"); 1019 return (ARCHIVE_WARN); 1020 } 1021 return (ARCHIVE_OK); 1022} 1023 1024/* 1025 * HFS+ Compression decmpfs 1026 * 1027 * +------------------------------+ +0 1028 * | Magic(LE 4 bytes) | 1029 * +------------------------------+ 1030 * | Type(LE 4 bytes) | 1031 * +------------------------------+ 1032 * | Uncompressed size(LE 8 bytes)| 1033 * +------------------------------+ +16 1034 * | | 1035 * | Compressed data | 1036 * | (Placed only if Type == 3) | 1037 * | | 1038 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE 1039 * 1040 * Type is 3: decmpfs has compressed data. 1041 * Type is 4: Resource Fork has compressed data. 1042 */ 1043/* 1044 * Write "com.apple.decmpfs" 1045 */ 1046static int 1047hfs_write_decmpfs(struct archive_write_disk *a) 1048{ 1049 int r; 1050 uint32_t compression_type; 1051 1052 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p, 1053 a->decmpfs_attr_size, 0, 0); 1054 if (r < 0) { 1055 archive_set_error(&a->archive, errno, 1056 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME); 1057 compression_type = archive_le32dec( 1058 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]); 1059 if (compression_type == CMP_RESOURCE_FORK) 1060 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 1061 XATTR_SHOWCOMPRESSION); 1062 return (ARCHIVE_WARN); 1063 } 1064 return (ARCHIVE_OK); 1065} 1066 1067/* 1068 * HFS+ Compression Resource Fork 1069 * 1070 * +-----------------------------+ 1071 * | Header(260 bytes) | 1072 * +-----------------------------+ 1073 * | Block count(LE 4 bytes) | 1074 * +-----------------------------+ --+ 1075 * +-- | Offset (LE 4 bytes) | | 1076 * | | [distance from Block count] | | Block 0 1077 * | +-----------------------------+ | 1078 * | | Compressed size(LE 4 bytes) | | 1079 * | +-----------------------------+ --+ 1080 * | | | 1081 * | | .................. | 1082 * | | | 1083 * | +-----------------------------+ --+ 1084 * | | Offset (LE 4 bytes) | | 1085 * | +-----------------------------+ | Block (Block count -1) 1086 * | | Compressed size(LE 4 bytes) | | 1087 * +-> +-----------------------------+ --+ 1088 * | Compressed data(n bytes) | Block 0 1089 * +-----------------------------+ 1090 * | | 1091 * | .................. | 1092 * | | 1093 * +-----------------------------+ 1094 * | Compressed data(n bytes) | Block (Block count -1) 1095 * +-----------------------------+ 1096 * | Footer(50 bytes) | 1097 * +-----------------------------+ 1098 * 1099 */ 1100/* 1101 * Write the header of "com.apple.ResourceFork" 1102 */ 1103static int 1104hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff, 1105 size_t bytes, uint32_t position) 1106{ 1107 int ret; 1108 1109 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes, 1110 position, a->rsrc_xattr_options); 1111 if (ret < 0) { 1112 archive_set_error(&a->archive, errno, 1113 "Cannot restore xattr: %s at %u pos %u bytes", 1114 XATTR_RESOURCEFORK_NAME, 1115 (unsigned)position, 1116 (unsigned)bytes); 1117 return (ARCHIVE_WARN); 1118 } 1119 a->rsrc_xattr_options &= ~XATTR_CREATE; 1120 return (ARCHIVE_OK); 1121} 1122 1123static int 1124hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed) 1125{ 1126 int ret; 1127 1128 ret = hfs_write_resource_fork(a, a->compressed_buffer, 1129 bytes_compressed, a->compressed_rsrc_position); 1130 if (ret == ARCHIVE_OK) 1131 a->compressed_rsrc_position += bytes_compressed; 1132 return (ret); 1133} 1134 1135static int 1136hfs_write_resource_fork_header(struct archive_write_disk *a) 1137{ 1138 unsigned char *buff; 1139 uint32_t rsrc_bytes; 1140 uint32_t rsrc_header_bytes; 1141 1142 /* 1143 * Write resource fork header + block info. 1144 */ 1145 buff = a->resource_fork; 1146 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE; 1147 rsrc_header_bytes = 1148 RSRC_H_SIZE + /* Header base size. */ 1149 4 + /* Block count. */ 1150 (a->decmpfs_block_count * 8);/* Block info */ 1151 archive_be32enc(buff, 0x100); 1152 archive_be32enc(buff + 4, rsrc_bytes); 1153 archive_be32enc(buff + 8, rsrc_bytes - 256); 1154 archive_be32enc(buff + 12, 0x32); 1155 memset(buff + 16, 0, 240); 1156 archive_be32enc(buff + 256, rsrc_bytes - 260); 1157 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0); 1158} 1159 1160static size_t 1161hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size) 1162{ 1163 static const char rsrc_footer[RSRC_F_SIZE] = { 1164 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1165 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1166 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1167 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm', 1168 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 1169 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1170 0x00, 0x00 1171 }; 1172 if (buff_size < sizeof(rsrc_footer)) 1173 return (0); 1174 memcpy(buff, rsrc_footer, sizeof(rsrc_footer)); 1175 return (sizeof(rsrc_footer)); 1176} 1177 1178static int 1179hfs_reset_compressor(struct archive_write_disk *a) 1180{ 1181 int ret; 1182 1183 if (a->stream_valid) 1184 ret = deflateReset(&a->stream); 1185 else 1186 ret = deflateInit(&a->stream, a->decmpfs_compression_level); 1187 1188 if (ret != Z_OK) { 1189 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1190 "Failed to initialize compressor"); 1191 return (ARCHIVE_FATAL); 1192 } else 1193 a->stream_valid = 1; 1194 1195 return (ARCHIVE_OK); 1196} 1197 1198static int 1199hfs_decompress(struct archive_write_disk *a) 1200{ 1201 uint32_t *block_info; 1202 unsigned int block_count; 1203 uint32_t data_pos, data_size; 1204 ssize_t r; 1205 ssize_t bytes_written, bytes_to_write; 1206 unsigned char *b; 1207 1208 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1209 block_count = archive_le32dec(block_info++); 1210 while (block_count--) { 1211 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++); 1212 data_size = archive_le32dec(block_info++); 1213 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME, 1214 a->compressed_buffer, data_size, data_pos, 0); 1215 if (r != data_size) { 1216 archive_set_error(&a->archive, 1217 (r < 0)?errno:ARCHIVE_ERRNO_MISC, 1218 "Failed to read resource fork"); 1219 return (ARCHIVE_WARN); 1220 } 1221 if (a->compressed_buffer[0] == 0xff) { 1222 bytes_to_write = data_size -1; 1223 b = a->compressed_buffer + 1; 1224 } else { 1225 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE; 1226 int zr; 1227 1228 zr = uncompress((Bytef *)a->uncompressed_buffer, 1229 &dest_len, a->compressed_buffer, data_size); 1230 if (zr != Z_OK) { 1231 archive_set_error(&a->archive, 1232 ARCHIVE_ERRNO_MISC, 1233 "Failed to decompress resource fork"); 1234 return (ARCHIVE_WARN); 1235 } 1236 bytes_to_write = dest_len; 1237 b = (unsigned char *)a->uncompressed_buffer; 1238 } 1239 do { 1240 bytes_written = write(a->fd, b, bytes_to_write); 1241 if (bytes_written < 0) { 1242 archive_set_error(&a->archive, errno, 1243 "Write failed"); 1244 return (ARCHIVE_WARN); 1245 } 1246 bytes_to_write -= bytes_written; 1247 b += bytes_written; 1248 } while (bytes_to_write > 0); 1249 } 1250 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0); 1251 if (r == -1) { 1252 archive_set_error(&a->archive, errno, 1253 "Failed to remove resource fork"); 1254 return (ARCHIVE_WARN); 1255 } 1256 return (ARCHIVE_OK); 1257} 1258 1259static int 1260hfs_drive_compressor(struct archive_write_disk *a, const char *buff, 1261 size_t size) 1262{ 1263 unsigned char *buffer_compressed; 1264 size_t bytes_compressed; 1265 size_t bytes_used; 1266 int ret; 1267 1268 ret = hfs_reset_compressor(a); 1269 if (ret != ARCHIVE_OK) 1270 return (ret); 1271 1272 if (a->compressed_buffer == NULL) { 1273 size_t block_size; 1274 1275 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE + 1276 + compressBound(MAX_DECMPFS_BLOCK_SIZE); 1277 a->compressed_buffer = malloc(block_size); 1278 if (a->compressed_buffer == NULL) { 1279 archive_set_error(&a->archive, ENOMEM, 1280 "Can't allocate memory for Resource Fork"); 1281 return (ARCHIVE_FATAL); 1282 } 1283 a->compressed_buffer_size = block_size; 1284 a->compressed_buffer_remaining = block_size; 1285 } 1286 1287 buffer_compressed = a->compressed_buffer + 1288 a->compressed_buffer_size - a->compressed_buffer_remaining; 1289 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff; 1290 a->stream.avail_in = size; 1291 a->stream.next_out = buffer_compressed; 1292 a->stream.avail_out = a->compressed_buffer_remaining; 1293 do { 1294 ret = deflate(&a->stream, Z_FINISH); 1295 switch (ret) { 1296 case Z_OK: 1297 case Z_STREAM_END: 1298 break; 1299 default: 1300 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1301 "Failed to compress data"); 1302 return (ARCHIVE_FAILED); 1303 } 1304 } while (ret == Z_OK); 1305 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out; 1306 1307 /* 1308 * If the compressed size is larger than the original size, 1309 * throw away compressed data, use uncompressed data instead. 1310 */ 1311 if (bytes_compressed > size) { 1312 buffer_compressed[0] = 0xFF;/* uncompressed marker. */ 1313 memcpy(buffer_compressed + 1, buff, size); 1314 bytes_compressed = size + 1; 1315 } 1316 a->compressed_buffer_remaining -= bytes_compressed; 1317 1318 /* 1319 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE 1320 * and the block count in the file is only one, store compressed 1321 * data to decmpfs xattr instead of the resource fork. 1322 */ 1323 if (a->decmpfs_block_count == 1 && 1324 (a->decmpfs_attr_size + bytes_compressed) 1325 <= MAX_DECMPFS_XATTR_SIZE) { 1326 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1327 CMP_XATTR); 1328 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE, 1329 buffer_compressed, bytes_compressed); 1330 a->decmpfs_attr_size += bytes_compressed; 1331 a->compressed_buffer_remaining = a->compressed_buffer_size; 1332 /* 1333 * Finish HFS+ Compression. 1334 * - Write the decmpfs xattr. 1335 * - Set the UF_COMPRESSED file flag. 1336 */ 1337 ret = hfs_write_decmpfs(a); 1338 if (ret == ARCHIVE_OK) 1339 ret = hfs_set_compressed_fflag(a); 1340 return (ret); 1341 } 1342 1343 /* Update block info. */ 1344 archive_le32enc(a->decmpfs_block_info++, 1345 a->compressed_rsrc_position_v - RSRC_H_SIZE); 1346 archive_le32enc(a->decmpfs_block_info++, bytes_compressed); 1347 a->compressed_rsrc_position_v += bytes_compressed; 1348 1349 /* 1350 * Write the compressed data to the resource fork. 1351 */ 1352 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining; 1353 while (bytes_used >= COMPRESSED_W_SIZE) { 1354 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE); 1355 if (ret != ARCHIVE_OK) 1356 return (ret); 1357 bytes_used -= COMPRESSED_W_SIZE; 1358 if (bytes_used > COMPRESSED_W_SIZE) 1359 memmove(a->compressed_buffer, 1360 a->compressed_buffer + COMPRESSED_W_SIZE, 1361 bytes_used); 1362 else 1363 memcpy(a->compressed_buffer, 1364 a->compressed_buffer + COMPRESSED_W_SIZE, 1365 bytes_used); 1366 } 1367 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used; 1368 1369 /* 1370 * If the current block is the last block, write the remaining 1371 * compressed data and the resource fork footer. 1372 */ 1373 if (a->file_remaining_bytes == 0) { 1374 size_t rsrc_size; 1375 int64_t bk; 1376 1377 /* Append the resource footer. */ 1378 rsrc_size = hfs_set_resource_fork_footer( 1379 a->compressed_buffer + bytes_used, 1380 a->compressed_buffer_remaining); 1381 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size); 1382 a->compressed_buffer_remaining = a->compressed_buffer_size; 1383 1384 /* If the compressed size is not enough smaller than 1385 * the uncompressed size. cancel HFS+ compression. 1386 * TODO: study a behavior of ditto utility and improve 1387 * the condition to fall back into no HFS+ compression. */ 1388 bk = HFS_BLOCKS(a->compressed_rsrc_position); 1389 bk += bk >> 7; 1390 if (bk > HFS_BLOCKS(a->filesize)) 1391 return hfs_decompress(a); 1392 /* 1393 * Write the resourcefork header. 1394 */ 1395 if (ret == ARCHIVE_OK) 1396 ret = hfs_write_resource_fork_header(a); 1397 /* 1398 * Finish HFS+ Compression. 1399 * - Write the decmpfs xattr. 1400 * - Set the UF_COMPRESSED file flag. 1401 */ 1402 if (ret == ARCHIVE_OK) 1403 ret = hfs_write_decmpfs(a); 1404 if (ret == ARCHIVE_OK) 1405 ret = hfs_set_compressed_fflag(a); 1406 } 1407 return (ret); 1408} 1409 1410static ssize_t 1411hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff, 1412 size_t size) 1413{ 1414 const char *buffer_to_write; 1415 size_t bytes_to_write; 1416 int ret; 1417 1418 if (a->decmpfs_block_count == (unsigned)-1) { 1419 void *new_block; 1420 size_t new_size; 1421 unsigned int block_count; 1422 1423 if (a->decmpfs_header_p == NULL) { 1424 new_block = malloc(MAX_DECMPFS_XATTR_SIZE 1425 + sizeof(uint32_t)); 1426 if (new_block == NULL) { 1427 archive_set_error(&a->archive, ENOMEM, 1428 "Can't allocate memory for decmpfs"); 1429 return (ARCHIVE_FATAL); 1430 } 1431 a->decmpfs_header_p = new_block; 1432 } 1433 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE; 1434 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC], 1435 DECMPFS_MAGIC); 1436 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1437 CMP_RESOURCE_FORK); 1438 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE], 1439 a->filesize); 1440 1441 /* Calculate a block count of the file. */ 1442 block_count = 1443 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) / 1444 MAX_DECMPFS_BLOCK_SIZE; 1445 /* 1446 * Allocate buffer for resource fork. 1447 * Set up related pointers; 1448 */ 1449 new_size = 1450 RSRC_H_SIZE + /* header */ 1451 4 + /* Block count */ 1452 (block_count * sizeof(uint32_t) * 2) + 1453 RSRC_F_SIZE; /* footer */ 1454 if (new_size > a->resource_fork_allocated_size) { 1455 new_block = realloc(a->resource_fork, new_size); 1456 if (new_block == NULL) { 1457 archive_set_error(&a->archive, ENOMEM, 1458 "Can't allocate memory for ResourceFork"); 1459 return (ARCHIVE_FATAL); 1460 } 1461 a->resource_fork_allocated_size = new_size; 1462 a->resource_fork = new_block; 1463 } 1464 1465 /* Allocate uncompressed buffer */ 1466 if (a->uncompressed_buffer == NULL) { 1467 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE); 1468 if (new_block == NULL) { 1469 archive_set_error(&a->archive, ENOMEM, 1470 "Can't allocate memory for decmpfs"); 1471 return (ARCHIVE_FATAL); 1472 } 1473 a->uncompressed_buffer = new_block; 1474 } 1475 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1476 a->file_remaining_bytes = a->filesize; 1477 a->compressed_buffer_remaining = a->compressed_buffer_size; 1478 1479 /* 1480 * Set up a resource fork. 1481 */ 1482 a->rsrc_xattr_options = XATTR_CREATE; 1483 /* Get the position where we are going to set a bunch 1484 * of block info. */ 1485 a->decmpfs_block_info = 1486 (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1487 /* Set the block count to the resource fork. */ 1488 archive_le32enc(a->decmpfs_block_info++, block_count); 1489 /* Get the position where we are going to set compressed 1490 * data. */ 1491 a->compressed_rsrc_position = 1492 RSRC_H_SIZE + 4 + (block_count * 8); 1493 a->compressed_rsrc_position_v = a->compressed_rsrc_position; 1494 a->decmpfs_block_count = block_count; 1495 } 1496 1497 /* Ignore redundant bytes. */ 1498 if (a->file_remaining_bytes == 0) 1499 return ((ssize_t)size); 1500 1501 /* Do not overrun a block size. */ 1502 if (size > a->block_remaining_bytes) 1503 bytes_to_write = a->block_remaining_bytes; 1504 else 1505 bytes_to_write = size; 1506 /* Do not overrun the file size. */ 1507 if (bytes_to_write > a->file_remaining_bytes) 1508 bytes_to_write = a->file_remaining_bytes; 1509 1510 /* For efficiency, if a copy length is full of the uncompressed 1511 * buffer size, do not copy writing data to it. */ 1512 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE) 1513 buffer_to_write = buff; 1514 else { 1515 memcpy(a->uncompressed_buffer + 1516 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes, 1517 buff, bytes_to_write); 1518 buffer_to_write = a->uncompressed_buffer; 1519 } 1520 a->block_remaining_bytes -= bytes_to_write; 1521 a->file_remaining_bytes -= bytes_to_write; 1522 1523 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) { 1524 ret = hfs_drive_compressor(a, buffer_to_write, 1525 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes); 1526 if (ret < 0) 1527 return (ret); 1528 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1529 } 1530 /* Ignore redundant bytes. */ 1531 if (a->file_remaining_bytes == 0) 1532 return ((ssize_t)size); 1533 return (bytes_to_write); 1534} 1535 1536static ssize_t 1537hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1538 size_t size) 1539{ 1540 uint64_t start_size = size; 1541 ssize_t bytes_written = 0; 1542 ssize_t bytes_to_write; 1543 1544 if (size == 0) 1545 return (ARCHIVE_OK); 1546 1547 if (a->filesize == 0 || a->fd < 0) { 1548 archive_set_error(&a->archive, 0, 1549 "Attempt to write to an empty file"); 1550 return (ARCHIVE_WARN); 1551 } 1552 1553 /* If this write would run beyond the file size, truncate it. */ 1554 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 1555 start_size = size = (size_t)(a->filesize - a->offset); 1556 1557 /* Write the data. */ 1558 while (size > 0) { 1559 bytes_to_write = size; 1560 /* Seek if necessary to the specified offset. */ 1561 if (a->offset < a->fd_offset) { 1562 /* Can't support backward move. */ 1563 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1564 "Seek failed"); 1565 return (ARCHIVE_FATAL); 1566 } else if (a->offset > a->fd_offset) { 1567 int64_t skip = a->offset - a->fd_offset; 1568 char nullblock[1024]; 1569 1570 memset(nullblock, 0, sizeof(nullblock)); 1571 while (skip > 0) { 1572 if (skip > (int64_t)sizeof(nullblock)) 1573 bytes_written = hfs_write_decmpfs_block( 1574 a, nullblock, sizeof(nullblock)); 1575 else 1576 bytes_written = hfs_write_decmpfs_block( 1577 a, nullblock, skip); 1578 if (bytes_written < 0) { 1579 archive_set_error(&a->archive, errno, 1580 "Write failed"); 1581 return (ARCHIVE_WARN); 1582 } 1583 skip -= bytes_written; 1584 } 1585 1586 a->fd_offset = a->offset; 1587 } 1588 bytes_written = 1589 hfs_write_decmpfs_block(a, buff, bytes_to_write); 1590 if (bytes_written < 0) 1591 return (bytes_written); 1592 buff += bytes_written; 1593 size -= bytes_written; 1594 a->total_bytes_written += bytes_written; 1595 a->offset += bytes_written; 1596 a->fd_offset = a->offset; 1597 } 1598 return (start_size - size); 1599} 1600#else 1601static ssize_t 1602hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1603 size_t size) 1604{ 1605 return (write_data_block(a, buff, size)); 1606} 1607#endif 1608 1609static ssize_t 1610_archive_write_disk_data_block(struct archive *_a, 1611 const void *buff, size_t size, int64_t offset) 1612{ 1613 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1614 ssize_t r; 1615 1616 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1617 ARCHIVE_STATE_DATA, "archive_write_data_block"); 1618 1619 a->offset = offset; 1620 if (a->todo & TODO_HFS_COMPRESSION) 1621 r = hfs_write_data_block(a, buff, size); 1622 else 1623 r = write_data_block(a, buff, size); 1624 if (r < ARCHIVE_OK) 1625 return (r); 1626 if ((size_t)r < size) { 1627 archive_set_error(&a->archive, 0, 1628 "Too much data: Truncating file at %ju bytes", 1629 (uintmax_t)a->filesize); 1630 return (ARCHIVE_WARN); 1631 } 1632#if ARCHIVE_VERSION_NUMBER < 3999000 1633 return (ARCHIVE_OK); 1634#else 1635 return (size); 1636#endif 1637} 1638 1639static ssize_t 1640_archive_write_disk_data(struct archive *_a, const void *buff, size_t size) 1641{ 1642 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1643 1644 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1645 ARCHIVE_STATE_DATA, "archive_write_data"); 1646 1647 if (a->todo & TODO_HFS_COMPRESSION) 1648 return (hfs_write_data_block(a, buff, size)); 1649 return (write_data_block(a, buff, size)); 1650} 1651 1652static int 1653_archive_write_disk_finish_entry(struct archive *_a) 1654{ 1655 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1656 int ret = ARCHIVE_OK; 1657 1658 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1659 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 1660 "archive_write_finish_entry"); 1661 if (a->archive.state & ARCHIVE_STATE_HEADER) 1662 return (ARCHIVE_OK); 1663 archive_clear_error(&a->archive); 1664 1665 /* Pad or truncate file to the right size. */ 1666 if (a->fd < 0) { 1667 /* There's no file. */ 1668 } else if (a->filesize < 0) { 1669 /* File size is unknown, so we can't set the size. */ 1670 } else if (a->fd_offset == a->filesize) { 1671 /* Last write ended at exactly the filesize; we're done. */ 1672 /* Hopefully, this is the common case. */ 1673#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 1674 } else if (a->todo & TODO_HFS_COMPRESSION) { 1675 char null_d[1024]; 1676 ssize_t r; 1677 1678 if (a->file_remaining_bytes) 1679 memset(null_d, 0, sizeof(null_d)); 1680 while (a->file_remaining_bytes) { 1681 if (a->file_remaining_bytes > sizeof(null_d)) 1682 r = hfs_write_data_block( 1683 a, null_d, sizeof(null_d)); 1684 else 1685 r = hfs_write_data_block( 1686 a, null_d, a->file_remaining_bytes); 1687 if (r < 0) 1688 return ((int)r); 1689 } 1690#endif 1691 } else { 1692#if HAVE_FTRUNCATE 1693 if (ftruncate(a->fd, a->filesize) == -1 && 1694 a->filesize == 0) { 1695 archive_set_error(&a->archive, errno, 1696 "File size could not be restored"); 1697 return (ARCHIVE_FAILED); 1698 } 1699#endif 1700 /* 1701 * Not all platforms implement the XSI option to 1702 * extend files via ftruncate. Stat() the file again 1703 * to see what happened. 1704 */ 1705 a->pst = NULL; 1706 if ((ret = lazy_stat(a)) != ARCHIVE_OK) 1707 return (ret); 1708 /* We can use lseek()/write() to extend the file if 1709 * ftruncate didn't work or isn't available. */ 1710 if (a->st.st_size < a->filesize) { 1711 const char nul = '\0'; 1712 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) { 1713 archive_set_error(&a->archive, errno, 1714 "Seek failed"); 1715 return (ARCHIVE_FATAL); 1716 } 1717 if (write(a->fd, &nul, 1) < 0) { 1718 archive_set_error(&a->archive, errno, 1719 "Write to restore size failed"); 1720 return (ARCHIVE_FATAL); 1721 } 1722 a->pst = NULL; 1723 } 1724 } 1725 1726 /* Restore metadata. */ 1727 1728 /* 1729 * This is specific to Mac OS X. 1730 * If the current file is an AppleDouble file, it should be 1731 * linked with the data fork file and remove it. 1732 */ 1733 if (a->todo & TODO_APPLEDOUBLE) { 1734 int r2 = fixup_appledouble(a, a->name); 1735 if (r2 == ARCHIVE_EOF) { 1736 /* The current file has been successfully linked 1737 * with the data fork file and removed. So there 1738 * is nothing to do on the current file. */ 1739 goto finish_metadata; 1740 } 1741 if (r2 < ret) ret = r2; 1742 } 1743 1744 /* 1745 * Look up the "real" UID only if we're going to need it. 1746 * TODO: the TODO_SGID condition can be dropped here, can't it? 1747 */ 1748 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) { 1749 a->uid = archive_write_disk_uid(&a->archive, 1750 archive_entry_uname(a->entry), 1751 archive_entry_uid(a->entry)); 1752 } 1753 /* Look up the "real" GID only if we're going to need it. */ 1754 /* TODO: the TODO_SUID condition can be dropped here, can't it? */ 1755 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) { 1756 a->gid = archive_write_disk_gid(&a->archive, 1757 archive_entry_gname(a->entry), 1758 archive_entry_gid(a->entry)); 1759 } 1760 1761 /* 1762 * Restore ownership before set_mode tries to restore suid/sgid 1763 * bits. If we set the owner, we know what it is and can skip 1764 * a stat() call to examine the ownership of the file on disk. 1765 */ 1766 if (a->todo & TODO_OWNER) { 1767 int r2 = set_ownership(a); 1768 if (r2 < ret) ret = r2; 1769 } 1770 1771 /* 1772 * set_mode must precede ACLs on systems such as Solaris and 1773 * FreeBSD where setting the mode implicitly clears extended ACLs 1774 */ 1775 if (a->todo & TODO_MODE) { 1776 int r2 = set_mode(a, a->mode); 1777 if (r2 < ret) ret = r2; 1778 } 1779 1780 /* 1781 * Security-related extended attributes (such as 1782 * security.capability on Linux) have to be restored last, 1783 * since they're implicitly removed by other file changes. 1784 */ 1785 if (a->todo & TODO_XATTR) { 1786 int r2 = set_xattrs(a); 1787 if (r2 < ret) ret = r2; 1788 } 1789 1790 /* 1791 * Some flags prevent file modification; they must be restored after 1792 * file contents are written. 1793 */ 1794 if (a->todo & TODO_FFLAGS) { 1795 int r2 = set_fflags(a); 1796 if (r2 < ret) ret = r2; 1797 } 1798 1799 /* 1800 * Time must follow most other metadata; 1801 * otherwise atime will get changed. 1802 */ 1803 if (a->todo & TODO_TIMES) { 1804 int r2 = set_times_from_entry(a); 1805 if (r2 < ret) ret = r2; 1806 } 1807 1808 /* 1809 * Mac extended metadata includes ACLs. 1810 */ 1811 if (a->todo & TODO_MAC_METADATA) { 1812 const void *metadata; 1813 size_t metadata_size; 1814 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 1815 if (metadata != NULL && metadata_size > 0) { 1816 int r2 = set_mac_metadata(a, archive_entry_pathname( 1817 a->entry), metadata, metadata_size); 1818 if (r2 < ret) ret = r2; 1819 } 1820 } 1821 1822 /* 1823 * ACLs must be restored after timestamps because there are 1824 * ACLs that prevent attribute changes (including time). 1825 */ 1826 if (a->todo & TODO_ACLS) { 1827 int r2; 1828 r2 = archive_write_disk_set_acls(&a->archive, a->fd, 1829 archive_entry_pathname(a->entry), 1830 archive_entry_acl(a->entry), 1831 archive_entry_mode(a->entry)); 1832 if (r2 < ret) ret = r2; 1833 } 1834 1835finish_metadata: 1836 /* If there's an fd, we can close it now. */ 1837 if (a->fd >= 0) { 1838 close(a->fd); 1839 a->fd = -1; 1840 if (a->tmpname) { 1841 if (rename(a->tmpname, a->name) == -1) { 1842 archive_set_error(&a->archive, errno, 1843 "rename failed"); 1844 ret = ARCHIVE_FATAL; 1845 } 1846 a->tmpname = NULL; 1847 } 1848 } 1849 /* If there's an entry, we can release it now. */ 1850 archive_entry_free(a->entry); 1851 a->entry = NULL; 1852 a->archive.state = ARCHIVE_STATE_HEADER; 1853 return (ret); 1854} 1855 1856int 1857archive_write_disk_set_group_lookup(struct archive *_a, 1858 void *private_data, 1859 la_int64_t (*lookup_gid)(void *private, const char *gname, la_int64_t gid), 1860 void (*cleanup_gid)(void *private)) 1861{ 1862 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1863 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1864 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup"); 1865 1866 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL) 1867 (a->cleanup_gid)(a->lookup_gid_data); 1868 1869 a->lookup_gid = lookup_gid; 1870 a->cleanup_gid = cleanup_gid; 1871 a->lookup_gid_data = private_data; 1872 return (ARCHIVE_OK); 1873} 1874 1875int 1876archive_write_disk_set_user_lookup(struct archive *_a, 1877 void *private_data, 1878 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid), 1879 void (*cleanup_uid)(void *private)) 1880{ 1881 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1882 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1883 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup"); 1884 1885 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL) 1886 (a->cleanup_uid)(a->lookup_uid_data); 1887 1888 a->lookup_uid = lookup_uid; 1889 a->cleanup_uid = cleanup_uid; 1890 a->lookup_uid_data = private_data; 1891 return (ARCHIVE_OK); 1892} 1893 1894int64_t 1895archive_write_disk_gid(struct archive *_a, const char *name, la_int64_t id) 1896{ 1897 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1898 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1899 ARCHIVE_STATE_ANY, "archive_write_disk_gid"); 1900 if (a->lookup_gid) 1901 return (a->lookup_gid)(a->lookup_gid_data, name, id); 1902 return (id); 1903} 1904 1905int64_t 1906archive_write_disk_uid(struct archive *_a, const char *name, la_int64_t id) 1907{ 1908 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1909 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1910 ARCHIVE_STATE_ANY, "archive_write_disk_uid"); 1911 if (a->lookup_uid) 1912 return (a->lookup_uid)(a->lookup_uid_data, name, id); 1913 return (id); 1914} 1915 1916/* 1917 * Create a new archive_write_disk object and initialize it with global state. 1918 */ 1919struct archive * 1920archive_write_disk_new(void) 1921{ 1922 struct archive_write_disk *a; 1923 1924 a = (struct archive_write_disk *)calloc(1, sizeof(*a)); 1925 if (a == NULL) 1926 return (NULL); 1927 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC; 1928 /* We're ready to write a header immediately. */ 1929 a->archive.state = ARCHIVE_STATE_HEADER; 1930 a->archive.vtable = archive_write_disk_vtable(); 1931 a->start_time = time(NULL); 1932 /* Query and restore the umask. */ 1933 umask(a->user_umask = umask(0)); 1934#ifdef HAVE_GETEUID 1935 a->user_uid = geteuid(); 1936#endif /* HAVE_GETEUID */ 1937 if (archive_string_ensure(&a->path_safe, 512) == NULL) { 1938 free(a); 1939 return (NULL); 1940 } 1941#ifdef HAVE_ZLIB_H 1942 a->decmpfs_compression_level = 5; 1943#endif 1944 return (&a->archive); 1945} 1946 1947 1948/* 1949 * If pathname is longer than PATH_MAX, chdir to a suitable 1950 * intermediate dir and edit the path down to a shorter suffix. Note 1951 * that this routine never returns an error; if the chdir() attempt 1952 * fails for any reason, we just go ahead with the long pathname. The 1953 * object creation is likely to fail, but any error will get handled 1954 * at that time. 1955 */ 1956#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 1957static void 1958edit_deep_directories(struct archive_write_disk *a) 1959{ 1960 int ret; 1961 char *tail = a->name; 1962 1963 /* If path is short, avoid the open() below. */ 1964 if (strlen(tail) < PATH_MAX) 1965 return; 1966 1967 /* Try to record our starting dir. */ 1968 a->restore_pwd = la_opendirat(AT_FDCWD, "."); 1969 __archive_ensure_cloexec_flag(a->restore_pwd); 1970 if (a->restore_pwd < 0) 1971 return; 1972 1973 /* As long as the path is too long... */ 1974 while (strlen(tail) >= PATH_MAX) { 1975 /* Locate a dir prefix shorter than PATH_MAX. */ 1976 tail += PATH_MAX - 8; 1977 while (tail > a->name && *tail != '/') 1978 tail--; 1979 /* Exit if we find a too-long path component. */ 1980 if (tail <= a->name) 1981 return; 1982 /* Create the intermediate dir and chdir to it. */ 1983 *tail = '\0'; /* Terminate dir portion */ 1984 ret = create_dir(a, a->name); 1985 if (ret == ARCHIVE_OK && chdir(a->name) != 0) 1986 ret = ARCHIVE_FAILED; 1987 *tail = '/'; /* Restore the / we removed. */ 1988 if (ret != ARCHIVE_OK) 1989 return; 1990 tail++; 1991 /* The chdir() succeeded; we've now shortened the path. */ 1992 a->name = tail; 1993 } 1994 return; 1995} 1996#endif 1997 1998/* 1999 * The main restore function. 2000 */ 2001static int 2002restore_entry(struct archive_write_disk *a) 2003{ 2004 int ret = ARCHIVE_OK, en; 2005 2006 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) { 2007 /* 2008 * TODO: Fix this. Apparently, there are platforms 2009 * that still allow root to hose the entire filesystem 2010 * by unlinking a dir. The S_ISDIR() test above 2011 * prevents us from using unlink() here if the new 2012 * object is a dir, but that doesn't mean the old 2013 * object isn't a dir. 2014 */ 2015 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2016 (void)clear_nochange_fflags(a); 2017 if (unlink(a->name) == 0) { 2018 /* We removed it, reset cached stat. */ 2019 a->pst = NULL; 2020 } else if (errno == ENOENT) { 2021 /* File didn't exist, that's just as good. */ 2022 } else if (rmdir(a->name) == 0) { 2023 /* It was a dir, but now it's gone. */ 2024 a->pst = NULL; 2025 } else { 2026 /* We tried, but couldn't get rid of it. */ 2027 archive_set_error(&a->archive, errno, 2028 "Could not unlink"); 2029 return(ARCHIVE_FAILED); 2030 } 2031 } 2032 2033 /* Try creating it first; if this fails, we'll try to recover. */ 2034 en = create_filesystem_object(a); 2035 2036 if ((en == ENOTDIR || en == ENOENT) 2037 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) { 2038 /* If the parent dir doesn't exist, try creating it. */ 2039 create_parent_dir(a, a->name); 2040 /* Now try to create the object again. */ 2041 en = create_filesystem_object(a); 2042 } 2043 2044 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) { 2045 archive_set_error(&a->archive, en, 2046 "Hard-link target '%s' does not exist.", 2047 archive_entry_hardlink(a->entry)); 2048 return (ARCHIVE_FAILED); 2049 } 2050 2051 if ((en == EISDIR || en == EEXIST) 2052 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 2053 /* If we're not overwriting, we're done. */ 2054 if (S_ISDIR(a->mode)) { 2055 /* Don't overwrite any settings on existing directories. */ 2056 a->todo = 0; 2057 } 2058 archive_entry_unset_size(a->entry); 2059 return (ARCHIVE_OK); 2060 } 2061 2062 /* 2063 * Some platforms return EISDIR if you call 2064 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some 2065 * return EEXIST. POSIX is ambiguous, requiring EISDIR 2066 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT) 2067 * on an existing item. 2068 */ 2069 if (en == EISDIR) { 2070 /* A dir is in the way of a non-dir, rmdir it. */ 2071 if (rmdir(a->name) != 0) { 2072 archive_set_error(&a->archive, errno, 2073 "Can't remove already-existing dir"); 2074 return (ARCHIVE_FAILED); 2075 } 2076 a->pst = NULL; 2077 /* Try again. */ 2078 en = create_filesystem_object(a); 2079 } else if (en == EEXIST) { 2080 /* 2081 * We know something is in the way, but we don't know what; 2082 * we need to find out before we go any further. 2083 */ 2084 int r = 0; 2085 /* 2086 * The SECURE_SYMLINKS logic has already removed a 2087 * symlink to a dir if the client wants that. So 2088 * follow the symlink if we're creating a dir. 2089 */ 2090 if (S_ISDIR(a->mode)) 2091 r = la_stat(a->name, &a->st); 2092 /* 2093 * If it's not a dir (or it's a broken symlink), 2094 * then don't follow it. 2095 */ 2096 if (r != 0 || !S_ISDIR(a->mode)) 2097 r = lstat(a->name, &a->st); 2098 if (r != 0) { 2099 archive_set_error(&a->archive, errno, 2100 "Can't stat existing object"); 2101 return (ARCHIVE_FAILED); 2102 } 2103 2104 /* 2105 * NO_OVERWRITE_NEWER doesn't apply to directories. 2106 */ 2107 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER) 2108 && !S_ISDIR(a->st.st_mode)) { 2109 if (!older(&(a->st), a->entry)) { 2110 archive_entry_unset_size(a->entry); 2111 return (ARCHIVE_OK); 2112 } 2113 } 2114 2115 /* If it's our archive, we're done. */ 2116 if (a->skip_file_set && 2117 a->st.st_dev == (dev_t)a->skip_file_dev && 2118 a->st.st_ino == (ino_t)a->skip_file_ino) { 2119 archive_set_error(&a->archive, 0, 2120 "Refusing to overwrite archive"); 2121 return (ARCHIVE_FAILED); 2122 } 2123 2124 if (!S_ISDIR(a->st.st_mode)) { 2125 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2126 (void)clear_nochange_fflags(a); 2127 2128 if ((a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) && 2129 S_ISREG(a->st.st_mode)) { 2130 /* Use a temporary file to extract */ 2131 if ((a->fd = la_mktemp(a)) == -1) 2132 return ARCHIVE_FAILED; 2133 a->pst = NULL; 2134 en = 0; 2135 } else { 2136 /* A non-dir is in the way, unlink it. */ 2137 if (unlink(a->name) != 0) { 2138 archive_set_error(&a->archive, errno, 2139 "Can't unlink already-existing " 2140 "object"); 2141 return (ARCHIVE_FAILED); 2142 } 2143 a->pst = NULL; 2144 /* Try again. */ 2145 en = create_filesystem_object(a); 2146 } 2147 } else if (!S_ISDIR(a->mode)) { 2148 /* A dir is in the way of a non-dir, rmdir it. */ 2149 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2150 (void)clear_nochange_fflags(a); 2151 if (rmdir(a->name) != 0) { 2152 archive_set_error(&a->archive, errno, 2153 "Can't replace existing directory with non-directory"); 2154 return (ARCHIVE_FAILED); 2155 } 2156 /* Try again. */ 2157 en = create_filesystem_object(a); 2158 } else { 2159 /* 2160 * There's a dir in the way of a dir. Don't 2161 * waste time with rmdir()/mkdir(), just fix 2162 * up the permissions on the existing dir. 2163 * Note that we don't change perms on existing 2164 * dirs unless _EXTRACT_PERM is specified. 2165 */ 2166 if ((a->mode != a->st.st_mode) 2167 && (a->todo & TODO_MODE_FORCE)) 2168 a->deferred |= (a->todo & TODO_MODE); 2169 /* Ownership doesn't need deferred fixup. */ 2170 en = 0; /* Forget the EEXIST. */ 2171 } 2172 } 2173 2174 if (en) { 2175 /* Everything failed; give up here. */ 2176 if ((&a->archive)->error == NULL) 2177 archive_set_error(&a->archive, en, "Can't create '%s'", 2178 a->name); 2179 return (ARCHIVE_FAILED); 2180 } 2181 2182 a->pst = NULL; /* Cached stat data no longer valid. */ 2183 return (ret); 2184} 2185 2186/* 2187 * Returns 0 if creation succeeds, or else returns errno value from 2188 * the failed system call. Note: This function should only ever perform 2189 * a single system call. 2190 */ 2191static int 2192create_filesystem_object(struct archive_write_disk *a) 2193{ 2194 /* Create the entry. */ 2195 const char *linkname; 2196 mode_t final_mode, mode; 2197 int r; 2198 /* these for check_symlinks_fsobj */ 2199 char *linkname_copy; /* non-const copy of linkname */ 2200 struct stat st; 2201 struct archive_string error_string; 2202 int error_number; 2203 2204 /* We identify hard/symlinks according to the link names. */ 2205 /* Since link(2) and symlink(2) don't handle modes, we're done here. */ 2206 linkname = archive_entry_hardlink(a->entry); 2207 if (linkname != NULL) { 2208#if !HAVE_LINK 2209 return (EPERM); 2210#else 2211 archive_string_init(&error_string); 2212 linkname_copy = strdup(linkname); 2213 if (linkname_copy == NULL) { 2214 return (EPERM); 2215 } 2216 /* 2217 * TODO: consider using the cleaned-up path as the link 2218 * target? 2219 */ 2220 r = cleanup_pathname_fsobj(linkname_copy, &error_number, 2221 &error_string, a->flags); 2222 if (r != ARCHIVE_OK) { 2223 archive_set_error(&a->archive, error_number, "%s", 2224 error_string.s); 2225 free(linkname_copy); 2226 archive_string_free(&error_string); 2227 /* 2228 * EPERM is more appropriate than error_number for our 2229 * callers 2230 */ 2231 return (EPERM); 2232 } 2233 r = check_symlinks_fsobj(linkname_copy, &error_number, 2234 &error_string, a->flags); 2235 if (r != ARCHIVE_OK) { 2236 archive_set_error(&a->archive, error_number, "%s", 2237 error_string.s); 2238 free(linkname_copy); 2239 archive_string_free(&error_string); 2240 /* 2241 * EPERM is more appropriate than error_number for our 2242 * callers 2243 */ 2244 return (EPERM); 2245 } 2246 free(linkname_copy); 2247 archive_string_free(&error_string); 2248 /* 2249 * Unlinking and linking here is really not atomic, 2250 * but doing it right, would require us to construct 2251 * an mktemplink() function, and then use rename(2). 2252 */ 2253 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) 2254 unlink(a->name); 2255 r = link(linkname, a->name) ? errno : 0; 2256 /* 2257 * New cpio and pax formats allow hardlink entries 2258 * to carry data, so we may have to open the file 2259 * for hardlink entries. 2260 * 2261 * If the hardlink was successfully created and 2262 * the archive doesn't have carry data for it, 2263 * consider it to be non-authoritative for meta data. 2264 * This is consistent with GNU tar and BSD pax. 2265 * If the hardlink does carry data, let the last 2266 * archive entry decide ownership. 2267 */ 2268 if (r == 0 && a->filesize <= 0) { 2269 a->todo = 0; 2270 a->deferred = 0; 2271 } else if (r == 0 && a->filesize > 0) { 2272#ifdef HAVE_LSTAT 2273 r = lstat(a->name, &st); 2274#else 2275 r = la_stat(a->name, &st); 2276#endif 2277 if (r != 0) 2278 r = errno; 2279 else if ((st.st_mode & AE_IFMT) == AE_IFREG) { 2280 a->fd = open(a->name, O_WRONLY | O_TRUNC | 2281 O_BINARY | O_CLOEXEC | O_NOFOLLOW); 2282 __archive_ensure_cloexec_flag(a->fd); 2283 if (a->fd < 0) 2284 r = errno; 2285 } 2286 } 2287 return (r); 2288#endif 2289 } 2290 linkname = archive_entry_symlink(a->entry); 2291 if (linkname != NULL) { 2292#if HAVE_SYMLINK 2293 /* 2294 * Unlinking and linking here is really not atomic, 2295 * but doing it right, would require us to construct 2296 * an mktempsymlink() function, and then use rename(2). 2297 */ 2298 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) 2299 unlink(a->name); 2300 return symlink(linkname, a->name) ? errno : 0; 2301#else 2302 return (EPERM); 2303#endif 2304 } 2305 2306 /* 2307 * The remaining system calls all set permissions, so let's 2308 * try to take advantage of that to avoid an extra chmod() 2309 * call. (Recall that umask is set to zero right now!) 2310 */ 2311 2312 /* Mode we want for the final restored object (w/o file type bits). */ 2313 final_mode = a->mode & 07777; 2314 /* 2315 * The mode that will actually be restored in this step. Note 2316 * that SUID, SGID, etc, require additional work to ensure 2317 * security, so we never restore them at this point. 2318 */ 2319 mode = final_mode & 0777 & ~a->user_umask; 2320 2321 switch (a->mode & AE_IFMT) { 2322 default: 2323 /* POSIX requires that we fall through here. */ 2324 /* FALLTHROUGH */ 2325 case AE_IFREG: 2326 a->tmpname = NULL; 2327 a->fd = open(a->name, 2328 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode); 2329 __archive_ensure_cloexec_flag(a->fd); 2330 r = (a->fd < 0); 2331 break; 2332 case AE_IFCHR: 2333#ifdef HAVE_MKNOD 2334 /* Note: we use AE_IFCHR for the case label, and 2335 * S_IFCHR for the mknod() call. This is correct. */ 2336 r = mknod(a->name, mode | S_IFCHR, 2337 archive_entry_rdev(a->entry)); 2338 break; 2339#else 2340 /* TODO: Find a better way to warn about our inability 2341 * to restore a char device node. */ 2342 return (EINVAL); 2343#endif /* HAVE_MKNOD */ 2344 case AE_IFBLK: 2345#ifdef HAVE_MKNOD 2346 r = mknod(a->name, mode | S_IFBLK, 2347 archive_entry_rdev(a->entry)); 2348 break; 2349#else 2350 /* TODO: Find a better way to warn about our inability 2351 * to restore a block device node. */ 2352 return (EINVAL); 2353#endif /* HAVE_MKNOD */ 2354 case AE_IFDIR: 2355 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE; 2356 r = mkdir(a->name, mode); 2357 if (r == 0) { 2358 /* Defer setting dir times. */ 2359 a->deferred |= (a->todo & TODO_TIMES); 2360 a->todo &= ~TODO_TIMES; 2361 /* Never use an immediate chmod(). */ 2362 /* We can't avoid the chmod() entirely if EXTRACT_PERM 2363 * because of SysV SGID inheritance. */ 2364 if ((mode != final_mode) 2365 || (a->flags & ARCHIVE_EXTRACT_PERM)) 2366 a->deferred |= (a->todo & TODO_MODE); 2367 a->todo &= ~TODO_MODE; 2368 } 2369 break; 2370 case AE_IFIFO: 2371#ifdef HAVE_MKFIFO 2372 r = mkfifo(a->name, mode); 2373 break; 2374#else 2375 /* TODO: Find a better way to warn about our inability 2376 * to restore a fifo. */ 2377 return (EINVAL); 2378#endif /* HAVE_MKFIFO */ 2379 } 2380 2381 /* All the system calls above set errno on failure. */ 2382 if (r) 2383 return (errno); 2384 2385 /* If we managed to set the final mode, we've avoided a chmod(). */ 2386 if (mode == final_mode) 2387 a->todo &= ~TODO_MODE; 2388 return (0); 2389} 2390 2391/* 2392 * Cleanup function for archive_extract. Mostly, this involves processing 2393 * the fixup list, which is used to address a number of problems: 2394 * * Dir permissions might prevent us from restoring a file in that 2395 * dir, so we restore the dir with minimum 0700 permissions first, 2396 * then correct the mode at the end. 2397 * * Similarly, the act of restoring a file touches the directory 2398 * and changes the timestamp on the dir, so we have to touch-up dir 2399 * timestamps at the end as well. 2400 * * Some file flags can interfere with the restore by, for example, 2401 * preventing the creation of hardlinks to those files. 2402 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs. 2403 * 2404 * Note that tar/cpio do not require that archives be in a particular 2405 * order; there is no way to know when the last file has been restored 2406 * within a directory, so there's no way to optimize the memory usage 2407 * here by fixing up the directory any earlier than the 2408 * end-of-archive. 2409 * 2410 * XXX TODO: Directory ACLs should be restored here, for the same 2411 * reason we set directory perms here. XXX 2412 */ 2413static int 2414_archive_write_disk_close(struct archive *_a) 2415{ 2416 struct archive_write_disk *a = (struct archive_write_disk *)_a; 2417 struct fixup_entry *next, *p; 2418 int fd, ret; 2419 2420 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 2421 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 2422 "archive_write_disk_close"); 2423 ret = _archive_write_disk_finish_entry(&a->archive); 2424 2425 /* Sort dir list so directories are fixed up in depth-first order. */ 2426 p = sort_dir_list(a->fixup_list); 2427 2428 while (p != NULL) { 2429 fd = -1; 2430 a->pst = NULL; /* Mark stat cache as out-of-date. */ 2431 if (p->fixup & 2432 (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) { 2433 fd = open(p->name, 2434 O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC); 2435 } 2436 if (p->fixup & TODO_TIMES) { 2437 set_times(a, fd, p->mode, p->name, 2438 p->atime, p->atime_nanos, 2439 p->birthtime, p->birthtime_nanos, 2440 p->mtime, p->mtime_nanos, 2441 p->ctime, p->ctime_nanos); 2442 } 2443 if (p->fixup & TODO_MODE_BASE) { 2444#ifdef HAVE_FCHMOD 2445 if (fd >= 0) 2446 fchmod(fd, p->mode); 2447 else 2448#endif 2449 chmod(p->name, p->mode); 2450 } 2451 if (p->fixup & TODO_ACLS) 2452 archive_write_disk_set_acls(&a->archive, fd, 2453 p->name, &p->acl, p->mode); 2454 if (p->fixup & TODO_FFLAGS) 2455 set_fflags_platform(a, fd, p->name, 2456 p->mode, p->fflags_set, 0); 2457 if (p->fixup & TODO_MAC_METADATA) 2458 set_mac_metadata(a, p->name, p->mac_metadata, 2459 p->mac_metadata_size); 2460 next = p->next; 2461 archive_acl_clear(&p->acl); 2462 free(p->mac_metadata); 2463 free(p->name); 2464 if (fd >= 0) 2465 close(fd); 2466 free(p); 2467 p = next; 2468 } 2469 a->fixup_list = NULL; 2470 return (ret); 2471} 2472 2473static int 2474_archive_write_disk_free(struct archive *_a) 2475{ 2476 struct archive_write_disk *a; 2477 int ret; 2478 if (_a == NULL) 2479 return (ARCHIVE_OK); 2480 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC, 2481 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free"); 2482 a = (struct archive_write_disk *)_a; 2483 ret = _archive_write_disk_close(&a->archive); 2484 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL); 2485 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL); 2486 archive_entry_free(a->entry); 2487 archive_string_free(&a->_name_data); 2488 archive_string_free(&a->_tmpname_data); 2489 archive_string_free(&a->archive.error_string); 2490 archive_string_free(&a->path_safe); 2491 a->archive.magic = 0; 2492 __archive_clean(&a->archive); 2493 free(a->decmpfs_header_p); 2494 free(a->resource_fork); 2495 free(a->compressed_buffer); 2496 free(a->uncompressed_buffer); 2497#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 2498 && defined(HAVE_ZLIB_H) 2499 if (a->stream_valid) { 2500 switch (deflateEnd(&a->stream)) { 2501 case Z_OK: 2502 break; 2503 default: 2504 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 2505 "Failed to clean up compressor"); 2506 ret = ARCHIVE_FATAL; 2507 break; 2508 } 2509 } 2510#endif 2511 free(a); 2512 return (ret); 2513} 2514 2515/* 2516 * Simple O(n log n) merge sort to order the fixup list. In 2517 * particular, we want to restore dir timestamps depth-first. 2518 */ 2519static struct fixup_entry * 2520sort_dir_list(struct fixup_entry *p) 2521{ 2522 struct fixup_entry *a, *b, *t; 2523 2524 if (p == NULL) 2525 return (NULL); 2526 /* A one-item list is already sorted. */ 2527 if (p->next == NULL) 2528 return (p); 2529 2530 /* Step 1: split the list. */ 2531 t = p; 2532 a = p->next->next; 2533 while (a != NULL) { 2534 /* Step a twice, t once. */ 2535 a = a->next; 2536 if (a != NULL) 2537 a = a->next; 2538 t = t->next; 2539 } 2540 /* Now, t is at the mid-point, so break the list here. */ 2541 b = t->next; 2542 t->next = NULL; 2543 a = p; 2544 2545 /* Step 2: Recursively sort the two sub-lists. */ 2546 a = sort_dir_list(a); 2547 b = sort_dir_list(b); 2548 2549 /* Step 3: Merge the returned lists. */ 2550 /* Pick the first element for the merged list. */ 2551 if (strcmp(a->name, b->name) > 0) { 2552 t = p = a; 2553 a = a->next; 2554 } else { 2555 t = p = b; 2556 b = b->next; 2557 } 2558 2559 /* Always put the later element on the list first. */ 2560 while (a != NULL && b != NULL) { 2561 if (strcmp(a->name, b->name) > 0) { 2562 t->next = a; 2563 a = a->next; 2564 } else { 2565 t->next = b; 2566 b = b->next; 2567 } 2568 t = t->next; 2569 } 2570 2571 /* Only one list is non-empty, so just splice it on. */ 2572 if (a != NULL) 2573 t->next = a; 2574 if (b != NULL) 2575 t->next = b; 2576 2577 return (p); 2578} 2579 2580/* 2581 * Returns a new, initialized fixup entry. 2582 * 2583 * TODO: Reduce the memory requirements for this list by using a tree 2584 * structure rather than a simple list of names. 2585 */ 2586static struct fixup_entry * 2587new_fixup(struct archive_write_disk *a, const char *pathname) 2588{ 2589 struct fixup_entry *fe; 2590 2591 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry)); 2592 if (fe == NULL) { 2593 archive_set_error(&a->archive, ENOMEM, 2594 "Can't allocate memory for a fixup"); 2595 return (NULL); 2596 } 2597 fe->next = a->fixup_list; 2598 a->fixup_list = fe; 2599 fe->fixup = 0; 2600 fe->name = strdup(pathname); 2601 return (fe); 2602} 2603 2604/* 2605 * Returns a fixup structure for the current entry. 2606 */ 2607static struct fixup_entry * 2608current_fixup(struct archive_write_disk *a, const char *pathname) 2609{ 2610 if (a->current_fixup == NULL) 2611 a->current_fixup = new_fixup(a, pathname); 2612 return (a->current_fixup); 2613} 2614 2615/* Error helper for new *_fsobj functions */ 2616static void 2617fsobj_error(int *a_eno, struct archive_string *a_estr, 2618 int err, const char *errstr, const char *path) 2619{ 2620 if (a_eno) 2621 *a_eno = err; 2622 if (a_estr) 2623 archive_string_sprintf(a_estr, "%s%s", errstr, path); 2624} 2625 2626/* 2627 * TODO: Someday, integrate this with the deep dir support; they both 2628 * scan the path and both can be optimized by comparing against other 2629 * recent paths. 2630 */ 2631/* 2632 * Checks the given path to see if any elements along it are symlinks. Returns 2633 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. 2634 */ 2635static int 2636check_symlinks_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 2637 int flags) 2638{ 2639#if !defined(HAVE_LSTAT) && \ 2640 !(defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)) 2641 /* Platform doesn't have lstat, so we can't look for symlinks. */ 2642 (void)path; /* UNUSED */ 2643 (void)error_number; /* UNUSED */ 2644 (void)error_string; /* UNUSED */ 2645 (void)flags; /* UNUSED */ 2646 return (ARCHIVE_OK); 2647#else 2648 int res = ARCHIVE_OK; 2649 char *tail; 2650 char *head; 2651 int last; 2652 char c; 2653 int r; 2654 struct stat st; 2655 int chdir_fd; 2656#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2657 int fd; 2658#endif 2659 2660 /* Nothing to do here if name is empty */ 2661 if(path[0] == '\0') 2662 return (ARCHIVE_OK); 2663 2664 /* 2665 * Guard against symlink tricks. Reject any archive entry whose 2666 * destination would be altered by a symlink. 2667 * 2668 * Walk the filename in chunks separated by '/'. For each segment: 2669 * - if it doesn't exist, continue 2670 * - if it's symlink, abort or remove it 2671 * - if it's a directory and it's not the last chunk, cd into it 2672 * As we go: 2673 * head points to the current (relative) path 2674 * tail points to the temporary \0 terminating the segment we're 2675 * currently examining 2676 * c holds what used to be in *tail 2677 * last is 1 if this is the last tail 2678 */ 2679 chdir_fd = la_opendirat(AT_FDCWD, "."); 2680 __archive_ensure_cloexec_flag(chdir_fd); 2681 if (chdir_fd < 0) { 2682 fsobj_error(a_eno, a_estr, errno, 2683 "Could not open ", path); 2684 return (ARCHIVE_FATAL); 2685 } 2686 head = path; 2687 tail = path; 2688 last = 0; 2689 /* TODO: reintroduce a safe cache here? */ 2690 /* Skip the root directory if the path is absolute. */ 2691 if(tail == path && tail[0] == '/') 2692 ++tail; 2693 /* Keep going until we've checked the entire name. 2694 * head, tail, path all alias the same string, which is 2695 * temporarily zeroed at tail, so be careful restoring the 2696 * stashed (c=tail[0]) for error messages. 2697 * Exiting the loop with break is okay; continue is not. 2698 */ 2699 while (!last) { 2700 /* 2701 * Skip the separator we just consumed, plus any adjacent ones 2702 */ 2703 while (*tail == '/') 2704 ++tail; 2705 /* Skip the next path element. */ 2706 while (*tail != '\0' && *tail != '/') 2707 ++tail; 2708 /* is this the last path component? */ 2709 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); 2710 /* temporarily truncate the string here */ 2711 c = tail[0]; 2712 tail[0] = '\0'; 2713 /* Check that we haven't hit a symlink. */ 2714#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2715 r = fstatat(chdir_fd, head, &st, AT_SYMLINK_NOFOLLOW); 2716#else 2717 r = lstat(head, &st); 2718#endif 2719 if (r != 0) { 2720 tail[0] = c; 2721 /* We've hit a dir that doesn't exist; stop now. */ 2722 if (errno == ENOENT) { 2723 break; 2724 } else { 2725 /* 2726 * Treat any other error as fatal - best to be 2727 * paranoid here. 2728 * Note: This effectively disables deep 2729 * directory support when security checks are 2730 * enabled. Otherwise, very long pathnames that 2731 * trigger an error here could evade the 2732 * sandbox. 2733 * TODO: We could do better, but it would 2734 * probably require merging the symlink checks 2735 * with the deep-directory editing. 2736 */ 2737 fsobj_error(a_eno, a_estr, errno, 2738 "Could not stat ", path); 2739 res = ARCHIVE_FAILED; 2740 break; 2741 } 2742 } else if (S_ISDIR(st.st_mode)) { 2743 if (!last) { 2744#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2745 fd = la_opendirat(chdir_fd, head); 2746 if (fd < 0) 2747 r = -1; 2748 else { 2749 r = 0; 2750 close(chdir_fd); 2751 chdir_fd = fd; 2752 } 2753#else 2754 r = chdir(head); 2755#endif 2756 if (r != 0) { 2757 tail[0] = c; 2758 fsobj_error(a_eno, a_estr, errno, 2759 "Could not chdir ", path); 2760 res = (ARCHIVE_FATAL); 2761 break; 2762 } 2763 /* Our view is now from inside this dir: */ 2764 head = tail + 1; 2765 } 2766 } else if (S_ISLNK(st.st_mode)) { 2767 if (last) { 2768 /* 2769 * Last element is symlink; remove it 2770 * so we can overwrite it with the 2771 * item being extracted. 2772 */ 2773#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2774 r = unlinkat(chdir_fd, head, 0); 2775#else 2776 r = unlink(head); 2777#endif 2778 if (r != 0) { 2779 tail[0] = c; 2780 fsobj_error(a_eno, a_estr, errno, 2781 "Could not remove symlink ", 2782 path); 2783 res = ARCHIVE_FAILED; 2784 break; 2785 } 2786 /* 2787 * Even if we did remove it, a warning 2788 * is in order. The warning is silly, 2789 * though, if we're just replacing one 2790 * symlink with another symlink. 2791 */ 2792 tail[0] = c; 2793 /* 2794 * FIXME: not sure how important this is to 2795 * restore 2796 */ 2797 /* 2798 if (!S_ISLNK(path)) { 2799 fsobj_error(a_eno, a_estr, 0, 2800 "Removing symlink ", path); 2801 } 2802 */ 2803 /* Symlink gone. No more problem! */ 2804 res = ARCHIVE_OK; 2805 break; 2806 } else if (flags & ARCHIVE_EXTRACT_UNLINK) { 2807 /* User asked us to remove problems. */ 2808#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2809 r = unlinkat(chdir_fd, head, 0); 2810#else 2811 r = unlink(head); 2812#endif 2813 if (r != 0) { 2814 tail[0] = c; 2815 fsobj_error(a_eno, a_estr, 0, 2816 "Cannot remove intervening " 2817 "symlink ", path); 2818 res = ARCHIVE_FAILED; 2819 break; 2820 } 2821 tail[0] = c; 2822 } else if ((flags & 2823 ARCHIVE_EXTRACT_SECURE_SYMLINKS) == 0) { 2824 /* 2825 * We are not the last element and we want to 2826 * follow symlinks if they are a directory. 2827 * 2828 * This is needed to extract hardlinks over 2829 * symlinks. 2830 */ 2831#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2832 r = fstatat(chdir_fd, head, &st, 0); 2833#else 2834 r = la_stat(head, &st); 2835#endif 2836 if (r != 0) { 2837 tail[0] = c; 2838 if (errno == ENOENT) { 2839 break; 2840 } else { 2841 fsobj_error(a_eno, a_estr, 2842 errno, 2843 "Could not stat ", path); 2844 res = (ARCHIVE_FAILED); 2845 break; 2846 } 2847 } else if (S_ISDIR(st.st_mode)) { 2848#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2849 fd = la_opendirat(chdir_fd, head); 2850 if (fd < 0) 2851 r = -1; 2852 else { 2853 r = 0; 2854 close(chdir_fd); 2855 chdir_fd = fd; 2856 } 2857#else 2858 r = chdir(head); 2859#endif 2860 if (r != 0) { 2861 tail[0] = c; 2862 fsobj_error(a_eno, a_estr, 2863 errno, 2864 "Could not chdir ", path); 2865 res = (ARCHIVE_FATAL); 2866 break; 2867 } 2868 /* 2869 * Our view is now from inside 2870 * this dir: 2871 */ 2872 head = tail + 1; 2873 } else { 2874 tail[0] = c; 2875 fsobj_error(a_eno, a_estr, 0, 2876 "Cannot extract through " 2877 "symlink ", path); 2878 res = ARCHIVE_FAILED; 2879 break; 2880 } 2881 } else { 2882 tail[0] = c; 2883 fsobj_error(a_eno, a_estr, 0, 2884 "Cannot extract through symlink ", path); 2885 res = ARCHIVE_FAILED; 2886 break; 2887 } 2888 } 2889 /* be sure to always maintain this */ 2890 tail[0] = c; 2891 if (tail[0] != '\0') 2892 tail++; /* Advance to the next segment. */ 2893 } 2894 /* Catches loop exits via break */ 2895 tail[0] = c; 2896#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2897 /* If we operate with openat(), fstatat() and unlinkat() there was 2898 * no chdir(), so just close the fd */ 2899 if (chdir_fd >= 0) 2900 close(chdir_fd); 2901#elif HAVE_FCHDIR 2902 /* If we changed directory above, restore it here. */ 2903 if (chdir_fd >= 0) { 2904 r = fchdir(chdir_fd); 2905 if (r != 0) { 2906 fsobj_error(a_eno, a_estr, errno, 2907 "chdir() failure", ""); 2908 } 2909 close(chdir_fd); 2910 chdir_fd = -1; 2911 if (r != 0) { 2912 res = (ARCHIVE_FATAL); 2913 } 2914 } 2915#endif 2916 /* TODO: reintroduce a safe cache here? */ 2917 return res; 2918#endif 2919} 2920 2921/* 2922 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise 2923 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} 2924 */ 2925static int 2926check_symlinks(struct archive_write_disk *a) 2927{ 2928 struct archive_string error_string; 2929 int error_number; 2930 int rc; 2931 archive_string_init(&error_string); 2932 rc = check_symlinks_fsobj(a->name, &error_number, &error_string, 2933 a->flags); 2934 if (rc != ARCHIVE_OK) { 2935 archive_set_error(&a->archive, error_number, "%s", 2936 error_string.s); 2937 } 2938 archive_string_free(&error_string); 2939 a->pst = NULL; /* to be safe */ 2940 return rc; 2941} 2942 2943 2944#if defined(__CYGWIN__) 2945/* 2946 * 1. Convert a path separator from '\' to '/' . 2947 * We shouldn't check multibyte character directly because some 2948 * character-set have been using the '\' character for a part of 2949 * its multibyte character code. 2950 * 2. Replace unusable characters in Windows with underscore('_'). 2951 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx 2952 */ 2953static void 2954cleanup_pathname_win(char *path) 2955{ 2956 wchar_t wc; 2957 char *p; 2958 size_t alen, l; 2959 int mb, complete, utf8; 2960 2961 alen = 0; 2962 mb = 0; 2963 complete = 1; 2964 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0; 2965 for (p = path; *p != '\0'; p++) { 2966 ++alen; 2967 if (*p == '\\') { 2968 /* If previous byte is smaller than 128, 2969 * this is not second byte of multibyte characters, 2970 * so we can replace '\' with '/'. */ 2971 if (utf8 || !mb) 2972 *p = '/'; 2973 else 2974 complete = 0;/* uncompleted. */ 2975 } else if (*(unsigned char *)p > 127) 2976 mb = 1; 2977 else 2978 mb = 0; 2979 /* Rewrite the path name if its next character is unusable. */ 2980 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' || 2981 *p == '<' || *p == '>' || *p == '|') 2982 *p = '_'; 2983 } 2984 if (complete) 2985 return; 2986 2987 /* 2988 * Convert path separator in wide-character. 2989 */ 2990 p = path; 2991 while (*p != '\0' && alen) { 2992 l = mbtowc(&wc, p, alen); 2993 if (l == (size_t)-1) { 2994 while (*p != '\0') { 2995 if (*p == '\\') 2996 *p = '/'; 2997 ++p; 2998 } 2999 break; 3000 } 3001 if (l == 1 && wc == L'\\') 3002 *p = '/'; 3003 p += l; 3004 alen -= l; 3005 } 3006} 3007#endif 3008 3009/* 3010 * Canonicalize the pathname. In particular, this strips duplicate 3011 * '/' characters, '.' elements, and trailing '/'. It also raises an 3012 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is 3013 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS 3014 * is set) if the path is absolute. 3015 */ 3016static int 3017cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 3018 int flags) 3019{ 3020 char *dest, *src; 3021 char separator = '\0'; 3022 3023 dest = src = path; 3024 if (*src == '\0') { 3025 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 3026 "Invalid empty ", "pathname"); 3027 return (ARCHIVE_FAILED); 3028 } 3029 3030#if defined(__CYGWIN__) 3031 cleanup_pathname_win(path); 3032#endif 3033 /* Skip leading '/'. */ 3034 if (*src == '/') { 3035 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { 3036 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 3037 "Path is ", "absolute"); 3038 return (ARCHIVE_FAILED); 3039 } 3040 3041 separator = *src++; 3042 } 3043 3044 /* Scan the pathname one element at a time. */ 3045 for (;;) { 3046 /* src points to first char after '/' */ 3047 if (src[0] == '\0') { 3048 break; 3049 } else if (src[0] == '/') { 3050 /* Found '//', ignore second one. */ 3051 src++; 3052 continue; 3053 } else if (src[0] == '.') { 3054 if (src[1] == '\0') { 3055 /* Ignore trailing '.' */ 3056 break; 3057 } else if (src[1] == '/') { 3058 /* Skip './'. */ 3059 src += 2; 3060 continue; 3061 } else if (src[1] == '.') { 3062 if (src[2] == '/' || src[2] == '\0') { 3063 /* Conditionally warn about '..' */ 3064 if (flags 3065 & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { 3066 fsobj_error(a_eno, a_estr, 3067 ARCHIVE_ERRNO_MISC, 3068 "Path contains ", "'..'"); 3069 return (ARCHIVE_FAILED); 3070 } 3071 } 3072 /* 3073 * Note: Under no circumstances do we 3074 * remove '..' elements. In 3075 * particular, restoring 3076 * '/foo/../bar/' should create the 3077 * 'foo' dir as a side-effect. 3078 */ 3079 } 3080 } 3081 3082 /* Copy current element, including leading '/'. */ 3083 if (separator) 3084 *dest++ = '/'; 3085 while (*src != '\0' && *src != '/') { 3086 *dest++ = *src++; 3087 } 3088 3089 if (*src == '\0') 3090 break; 3091 3092 /* Skip '/' separator. */ 3093 separator = *src++; 3094 } 3095 /* 3096 * We've just copied zero or more path elements, not including the 3097 * final '/'. 3098 */ 3099 if (dest == path) { 3100 /* 3101 * Nothing got copied. The path must have been something 3102 * like '.' or '/' or './' or '/././././/./'. 3103 */ 3104 if (separator) 3105 *dest++ = '/'; 3106 else 3107 *dest++ = '.'; 3108 } 3109 /* Terminate the result. */ 3110 *dest = '\0'; 3111 return (ARCHIVE_OK); 3112} 3113 3114static int 3115cleanup_pathname(struct archive_write_disk *a) 3116{ 3117 struct archive_string error_string; 3118 int error_number; 3119 int rc; 3120 archive_string_init(&error_string); 3121 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, 3122 a->flags); 3123 if (rc != ARCHIVE_OK) { 3124 archive_set_error(&a->archive, error_number, "%s", 3125 error_string.s); 3126 } 3127 archive_string_free(&error_string); 3128 return rc; 3129} 3130 3131/* 3132 * Create the parent directory of the specified path, assuming path 3133 * is already in mutable storage. 3134 */ 3135static int 3136create_parent_dir(struct archive_write_disk *a, char *path) 3137{ 3138 char *slash; 3139 int r; 3140 3141 /* Remove tail element to obtain parent name. */ 3142 slash = strrchr(path, '/'); 3143 if (slash == NULL) 3144 return (ARCHIVE_OK); 3145 *slash = '\0'; 3146 r = create_dir(a, path); 3147 *slash = '/'; 3148 return (r); 3149} 3150 3151/* 3152 * Create the specified dir, recursing to create parents as necessary. 3153 * 3154 * Returns ARCHIVE_OK if the path exists when we're done here. 3155 * Otherwise, returns ARCHIVE_FAILED. 3156 * Assumes path is in mutable storage; path is unchanged on exit. 3157 */ 3158static int 3159create_dir(struct archive_write_disk *a, char *path) 3160{ 3161 struct stat st; 3162 struct fixup_entry *le; 3163 char *slash, *base; 3164 mode_t mode_final, mode; 3165 int r; 3166 3167 /* Check for special names and just skip them. */ 3168 slash = strrchr(path, '/'); 3169 if (slash == NULL) 3170 base = path; 3171 else 3172 base = slash + 1; 3173 3174 if (base[0] == '\0' || 3175 (base[0] == '.' && base[1] == '\0') || 3176 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) { 3177 /* Don't bother trying to create null path, '.', or '..'. */ 3178 if (slash != NULL) { 3179 *slash = '\0'; 3180 r = create_dir(a, path); 3181 *slash = '/'; 3182 return (r); 3183 } 3184 return (ARCHIVE_OK); 3185 } 3186 3187 /* 3188 * Yes, this should be stat() and not lstat(). Using lstat() 3189 * here loses the ability to extract through symlinks. Also note 3190 * that this should not use the a->st cache. 3191 */ 3192 if (la_stat(path, &st) == 0) { 3193 if (S_ISDIR(st.st_mode)) 3194 return (ARCHIVE_OK); 3195 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 3196 archive_set_error(&a->archive, EEXIST, 3197 "Can't create directory '%s'", path); 3198 return (ARCHIVE_FAILED); 3199 } 3200 if (unlink(path) != 0) { 3201 archive_set_error(&a->archive, errno, 3202 "Can't create directory '%s': " 3203 "Conflicting file cannot be removed", 3204 path); 3205 return (ARCHIVE_FAILED); 3206 } 3207 } else if (errno != ENOENT && errno != ENOTDIR) { 3208 /* Stat failed? */ 3209 archive_set_error(&a->archive, errno, 3210 "Can't test directory '%s'", path); 3211 return (ARCHIVE_FAILED); 3212 } else if (slash != NULL) { 3213 *slash = '\0'; 3214 r = create_dir(a, path); 3215 *slash = '/'; 3216 if (r != ARCHIVE_OK) 3217 return (r); 3218 } 3219 3220 /* 3221 * Mode we want for the final restored directory. Per POSIX, 3222 * implicitly-created dirs must be created obeying the umask. 3223 * There's no mention whether this is different for privileged 3224 * restores (which the rest of this code handles by pretending 3225 * umask=0). I've chosen here to always obey the user's umask for 3226 * implicit dirs, even if _EXTRACT_PERM was specified. 3227 */ 3228 mode_final = DEFAULT_DIR_MODE & ~a->user_umask; 3229 /* Mode we want on disk during the restore process. */ 3230 mode = mode_final; 3231 mode |= MINIMUM_DIR_MODE; 3232 mode &= MAXIMUM_DIR_MODE; 3233 if (mkdir(path, mode) == 0) { 3234 if (mode != mode_final) { 3235 le = new_fixup(a, path); 3236 if (le == NULL) 3237 return (ARCHIVE_FATAL); 3238 le->fixup |=TODO_MODE_BASE; 3239 le->mode = mode_final; 3240 } 3241 return (ARCHIVE_OK); 3242 } 3243 3244 /* 3245 * Without the following check, a/b/../b/c/d fails at the 3246 * second visit to 'b', so 'd' can't be created. Note that we 3247 * don't add it to the fixup list here, as it's already been 3248 * added. 3249 */ 3250 if (la_stat(path, &st) == 0 && S_ISDIR(st.st_mode)) 3251 return (ARCHIVE_OK); 3252 3253 archive_set_error(&a->archive, errno, "Failed to create dir '%s'", 3254 path); 3255 return (ARCHIVE_FAILED); 3256} 3257 3258/* 3259 * Note: Although we can skip setting the user id if the desired user 3260 * id matches the current user, we cannot skip setting the group, as 3261 * many systems set the gid based on the containing directory. So 3262 * we have to perform a chown syscall if we want to set the SGID 3263 * bit. (The alternative is to stat() and then possibly chown(); it's 3264 * more efficient to skip the stat() and just always chown().) Note 3265 * that a successful chown() here clears the TODO_SGID_CHECK bit, which 3266 * allows set_mode to skip the stat() check for the GID. 3267 */ 3268static int 3269set_ownership(struct archive_write_disk *a) 3270{ 3271#if !defined(__CYGWIN__) && !defined(__linux__) 3272/* 3273 * On Linux, a process may have the CAP_CHOWN capability. 3274 * On Windows there is no 'root' user with uid 0. 3275 * Elsewhere we can skip calling chown if we are not root and the desired 3276 * user id does not match the current user. 3277 */ 3278 if (a->user_uid != 0 && a->user_uid != a->uid) { 3279 archive_set_error(&a->archive, errno, 3280 "Can't set UID=%jd", (intmax_t)a->uid); 3281 return (ARCHIVE_WARN); 3282 } 3283#endif 3284 3285#ifdef HAVE_FCHOWN 3286 /* If we have an fd, we can avoid a race. */ 3287 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) { 3288 /* We've set owner and know uid/gid are correct. */ 3289 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3290 return (ARCHIVE_OK); 3291 } 3292#endif 3293 3294 /* We prefer lchown() but will use chown() if that's all we have. */ 3295 /* Of course, if we have neither, this will always fail. */ 3296#ifdef HAVE_LCHOWN 3297 if (lchown(a->name, a->uid, a->gid) == 0) { 3298 /* We've set owner and know uid/gid are correct. */ 3299 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3300 return (ARCHIVE_OK); 3301 } 3302#elif HAVE_CHOWN 3303 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) { 3304 /* We've set owner and know uid/gid are correct. */ 3305 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3306 return (ARCHIVE_OK); 3307 } 3308#endif 3309 3310 archive_set_error(&a->archive, errno, 3311 "Can't set user=%jd/group=%jd for %s", 3312 (intmax_t)a->uid, (intmax_t)a->gid, a->name); 3313 return (ARCHIVE_WARN); 3314} 3315 3316/* 3317 * Note: Returns 0 on success, non-zero on failure. 3318 */ 3319static int 3320set_time(int fd, int mode, const char *name, 3321 time_t atime, long atime_nsec, 3322 time_t mtime, long mtime_nsec) 3323{ 3324 /* Select the best implementation for this platform. */ 3325#if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS) 3326 /* 3327 * utimensat() and futimens() are defined in 3328 * POSIX.1-2008. They support ns resolution and setting times 3329 * on fds and symlinks. 3330 */ 3331 struct timespec ts[2]; 3332 (void)mode; /* UNUSED */ 3333 ts[0].tv_sec = atime; 3334 ts[0].tv_nsec = atime_nsec; 3335 ts[1].tv_sec = mtime; 3336 ts[1].tv_nsec = mtime_nsec; 3337 if (fd >= 0) 3338 return futimens(fd, ts); 3339 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW); 3340 3341#elif HAVE_UTIMES 3342 /* 3343 * The utimes()-family functions support ��s-resolution and 3344 * setting times fds and symlinks. utimes() is documented as 3345 * LEGACY by POSIX, futimes() and lutimes() are not described 3346 * in POSIX. 3347 */ 3348 struct timeval times[2]; 3349 3350 times[0].tv_sec = atime; 3351 times[0].tv_usec = atime_nsec / 1000; 3352 times[1].tv_sec = mtime; 3353 times[1].tv_usec = mtime_nsec / 1000; 3354 3355#ifdef HAVE_FUTIMES 3356 if (fd >= 0) 3357 return (futimes(fd, times)); 3358#else 3359 (void)fd; /* UNUSED */ 3360#endif 3361#ifdef HAVE_LUTIMES 3362 (void)mode; /* UNUSED */ 3363 return (lutimes(name, times)); 3364#else 3365 if (S_ISLNK(mode)) 3366 return (0); 3367 return (utimes(name, times)); 3368#endif 3369 3370#elif defined(HAVE_UTIME) 3371 /* 3372 * utime() is POSIX-standard but only supports 1s resolution and 3373 * does not support fds or symlinks. 3374 */ 3375 struct utimbuf times; 3376 (void)fd; /* UNUSED */ 3377 (void)name; /* UNUSED */ 3378 (void)atime_nsec; /* UNUSED */ 3379 (void)mtime_nsec; /* UNUSED */ 3380 times.actime = atime; 3381 times.modtime = mtime; 3382 if (S_ISLNK(mode)) 3383 return (ARCHIVE_OK); 3384 return (utime(name, ×)); 3385 3386#else 3387 /* 3388 * We don't know how to set the time on this platform. 3389 */ 3390 (void)fd; /* UNUSED */ 3391 (void)mode; /* UNUSED */ 3392 (void)name; /* UNUSED */ 3393 (void)atime_nsec; /* UNUSED */ 3394 (void)mtime_nsec; /* UNUSED */ 3395 return (ARCHIVE_WARN); 3396#endif 3397} 3398 3399#ifdef F_SETTIMES 3400static int 3401set_time_tru64(int fd, int mode, const char *name, 3402 time_t atime, long atime_nsec, 3403 time_t mtime, long mtime_nsec, 3404 time_t ctime, long ctime_nsec) 3405{ 3406 struct attr_timbuf tstamp; 3407 tstamp.atime.tv_sec = atime; 3408 tstamp.mtime.tv_sec = mtime; 3409 tstamp.ctime.tv_sec = ctime; 3410#if defined (__hpux) && defined (__ia64) 3411 tstamp.atime.tv_nsec = atime_nsec; 3412 tstamp.mtime.tv_nsec = mtime_nsec; 3413 tstamp.ctime.tv_nsec = ctime_nsec; 3414#else 3415 tstamp.atime.tv_usec = atime_nsec / 1000; 3416 tstamp.mtime.tv_usec = mtime_nsec / 1000; 3417 tstamp.ctime.tv_usec = ctime_nsec / 1000; 3418#endif 3419 return (fcntl(fd,F_SETTIMES,&tstamp)); 3420} 3421#endif /* F_SETTIMES */ 3422 3423static int 3424set_times(struct archive_write_disk *a, 3425 int fd, int mode, const char *name, 3426 time_t atime, long atime_nanos, 3427 time_t birthtime, long birthtime_nanos, 3428 time_t mtime, long mtime_nanos, 3429 time_t cctime, long ctime_nanos) 3430{ 3431 /* Note: set_time doesn't use libarchive return conventions! 3432 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */ 3433 int r1 = 0, r2 = 0; 3434 3435#ifdef F_SETTIMES 3436 /* 3437 * on Tru64 try own fcntl first which can restore even the 3438 * ctime, fall back to default code path below if it fails 3439 * or if we are not running as root 3440 */ 3441 if (a->user_uid == 0 && 3442 set_time_tru64(fd, mode, name, 3443 atime, atime_nanos, mtime, 3444 mtime_nanos, cctime, ctime_nanos) == 0) { 3445 return (ARCHIVE_OK); 3446 } 3447#else /* Tru64 */ 3448 (void)cctime; /* UNUSED */ 3449 (void)ctime_nanos; /* UNUSED */ 3450#endif /* Tru64 */ 3451 3452#ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME 3453 /* 3454 * If you have struct stat.st_birthtime, we assume BSD 3455 * birthtime semantics, in which {f,l,}utimes() updates 3456 * birthtime to earliest mtime. So we set the time twice, 3457 * first using the birthtime, then using the mtime. If 3458 * birthtime == mtime, this isn't necessary, so we skip it. 3459 * If birthtime > mtime, then this won't work, so we skip it. 3460 */ 3461 if (birthtime < mtime 3462 || (birthtime == mtime && birthtime_nanos < mtime_nanos)) 3463 r1 = set_time(fd, mode, name, 3464 atime, atime_nanos, 3465 birthtime, birthtime_nanos); 3466#else 3467 (void)birthtime; /* UNUSED */ 3468 (void)birthtime_nanos; /* UNUSED */ 3469#endif 3470 r2 = set_time(fd, mode, name, 3471 atime, atime_nanos, 3472 mtime, mtime_nanos); 3473 if (r1 != 0 || r2 != 0) { 3474 archive_set_error(&a->archive, errno, 3475 "Can't restore time"); 3476 return (ARCHIVE_WARN); 3477 } 3478 return (ARCHIVE_OK); 3479} 3480 3481static int 3482set_times_from_entry(struct archive_write_disk *a) 3483{ 3484 time_t atime, birthtime, mtime, cctime; 3485 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec; 3486 3487 /* Suitable defaults. */ 3488 atime = birthtime = mtime = cctime = a->start_time; 3489 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0; 3490 3491 /* If no time was provided, we're done. */ 3492 if (!archive_entry_atime_is_set(a->entry) 3493#if HAVE_STRUCT_STAT_ST_BIRTHTIME 3494 && !archive_entry_birthtime_is_set(a->entry) 3495#endif 3496 && !archive_entry_mtime_is_set(a->entry)) 3497 return (ARCHIVE_OK); 3498 3499 if (archive_entry_atime_is_set(a->entry)) { 3500 atime = archive_entry_atime(a->entry); 3501 atime_nsec = archive_entry_atime_nsec(a->entry); 3502 } 3503 if (archive_entry_birthtime_is_set(a->entry)) { 3504 birthtime = archive_entry_birthtime(a->entry); 3505 birthtime_nsec = archive_entry_birthtime_nsec(a->entry); 3506 } 3507 if (archive_entry_mtime_is_set(a->entry)) { 3508 mtime = archive_entry_mtime(a->entry); 3509 mtime_nsec = archive_entry_mtime_nsec(a->entry); 3510 } 3511 if (archive_entry_ctime_is_set(a->entry)) { 3512 cctime = archive_entry_ctime(a->entry); 3513 ctime_nsec = archive_entry_ctime_nsec(a->entry); 3514 } 3515 3516 return set_times(a, a->fd, a->mode, a->name, 3517 atime, atime_nsec, 3518 birthtime, birthtime_nsec, 3519 mtime, mtime_nsec, 3520 cctime, ctime_nsec); 3521} 3522 3523static int 3524set_mode(struct archive_write_disk *a, int mode) 3525{ 3526 int r = ARCHIVE_OK; 3527 int r2; 3528 mode &= 07777; /* Strip off file type bits. */ 3529 3530 if (a->todo & TODO_SGID_CHECK) { 3531 /* 3532 * If we don't know the GID is right, we must stat() 3533 * to verify it. We can't just check the GID of this 3534 * process, since systems sometimes set GID from 3535 * the enclosing dir or based on ACLs. 3536 */ 3537 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3538 return (r); 3539 if (a->pst->st_gid != a->gid) { 3540 mode &= ~ S_ISGID; 3541 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3542 /* 3543 * This is only an error if you 3544 * requested owner restore. If you 3545 * didn't, we'll try to restore 3546 * sgid/suid, but won't consider it a 3547 * problem if we can't. 3548 */ 3549 archive_set_error(&a->archive, -1, 3550 "Can't restore SGID bit"); 3551 r = ARCHIVE_WARN; 3552 } 3553 } 3554 /* While we're here, double-check the UID. */ 3555 if (a->pst->st_uid != a->uid 3556 && (a->todo & TODO_SUID)) { 3557 mode &= ~ S_ISUID; 3558 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3559 archive_set_error(&a->archive, -1, 3560 "Can't restore SUID bit"); 3561 r = ARCHIVE_WARN; 3562 } 3563 } 3564 a->todo &= ~TODO_SGID_CHECK; 3565 a->todo &= ~TODO_SUID_CHECK; 3566 } else if (a->todo & TODO_SUID_CHECK) { 3567 /* 3568 * If we don't know the UID is right, we can just check 3569 * the user, since all systems set the file UID from 3570 * the process UID. 3571 */ 3572 if (a->user_uid != a->uid) { 3573 mode &= ~ S_ISUID; 3574 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3575 archive_set_error(&a->archive, -1, 3576 "Can't make file SUID"); 3577 r = ARCHIVE_WARN; 3578 } 3579 } 3580 a->todo &= ~TODO_SUID_CHECK; 3581 } 3582 3583 if (S_ISLNK(a->mode)) { 3584#ifdef HAVE_LCHMOD 3585 /* 3586 * If this is a symlink, use lchmod(). If the 3587 * platform doesn't support lchmod(), just skip it. A 3588 * platform that doesn't provide a way to set 3589 * permissions on symlinks probably ignores 3590 * permissions on symlinks, so a failure here has no 3591 * impact. 3592 */ 3593 if (lchmod(a->name, mode) != 0) { 3594 switch (errno) { 3595 case ENOTSUP: 3596 case ENOSYS: 3597#if ENOTSUP != EOPNOTSUPP 3598 case EOPNOTSUPP: 3599#endif 3600 /* 3601 * if lchmod is defined but the platform 3602 * doesn't support it, silently ignore 3603 * error 3604 */ 3605 break; 3606 default: 3607 archive_set_error(&a->archive, errno, 3608 "Can't set permissions to 0%o", (int)mode); 3609 r = ARCHIVE_WARN; 3610 } 3611 } 3612#endif 3613 } else if (!S_ISDIR(a->mode)) { 3614 /* 3615 * If it's not a symlink and not a dir, then use 3616 * fchmod() or chmod(), depending on whether we have 3617 * an fd. Dirs get their perms set during the 3618 * post-extract fixup, which is handled elsewhere. 3619 */ 3620#ifdef HAVE_FCHMOD 3621 if (a->fd >= 0) 3622 r2 = fchmod(a->fd, mode); 3623 else 3624#endif 3625 /* If this platform lacks fchmod(), then 3626 * we'll just use chmod(). */ 3627 r2 = chmod(a->name, mode); 3628 3629 if (r2 != 0) { 3630 archive_set_error(&a->archive, errno, 3631 "Can't set permissions to 0%o", (int)mode); 3632 r = ARCHIVE_WARN; 3633 } 3634 } 3635 return (r); 3636} 3637 3638static int 3639set_fflags(struct archive_write_disk *a) 3640{ 3641 struct fixup_entry *le; 3642 unsigned long set, clear; 3643 int r; 3644 mode_t mode = archive_entry_mode(a->entry); 3645 /* 3646 * Make 'critical_flags' hold all file flags that can't be 3647 * immediately restored. For example, on BSD systems, 3648 * SF_IMMUTABLE prevents hardlinks from being created, so 3649 * should not be set until after any hardlinks are created. To 3650 * preserve some semblance of portability, this uses #ifdef 3651 * extensively. Ugly, but it works. 3652 * 3653 * Yes, Virginia, this does create a security race. It's mitigated 3654 * somewhat by the practice of creating dirs 0700 until the extract 3655 * is done, but it would be nice if we could do more than that. 3656 * People restoring critical file systems should be wary of 3657 * other programs that might try to muck with files as they're 3658 * being restored. 3659 */ 3660 const int critical_flags = 0 3661#ifdef SF_IMMUTABLE 3662 | SF_IMMUTABLE 3663#endif 3664#ifdef UF_IMMUTABLE 3665 | UF_IMMUTABLE 3666#endif 3667#ifdef SF_APPEND 3668 | SF_APPEND 3669#endif 3670#ifdef UF_APPEND 3671 | UF_APPEND 3672#endif 3673#if defined(FS_APPEND_FL) 3674 | FS_APPEND_FL 3675#elif defined(EXT2_APPEND_FL) 3676 | EXT2_APPEND_FL 3677#endif 3678#if defined(FS_IMMUTABLE_FL) 3679 | FS_IMMUTABLE_FL 3680#elif defined(EXT2_IMMUTABLE_FL) 3681 | EXT2_IMMUTABLE_FL 3682#endif 3683#ifdef FS_JOURNAL_DATA_FL 3684 | FS_JOURNAL_DATA_FL 3685#endif 3686 ; 3687 3688 if (a->todo & TODO_FFLAGS) { 3689 archive_entry_fflags(a->entry, &set, &clear); 3690 3691 /* 3692 * The first test encourages the compiler to eliminate 3693 * all of this if it's not necessary. 3694 */ 3695 if ((critical_flags != 0) && (set & critical_flags)) { 3696 le = current_fixup(a, a->name); 3697 if (le == NULL) 3698 return (ARCHIVE_FATAL); 3699 le->fixup |= TODO_FFLAGS; 3700 le->fflags_set = set; 3701 /* Store the mode if it's not already there. */ 3702 if ((le->fixup & TODO_MODE) == 0) 3703 le->mode = mode; 3704 } else { 3705 r = set_fflags_platform(a, a->fd, 3706 a->name, mode, set, clear); 3707 if (r != ARCHIVE_OK) 3708 return (r); 3709 } 3710 } 3711 return (ARCHIVE_OK); 3712} 3713 3714static int 3715clear_nochange_fflags(struct archive_write_disk *a) 3716{ 3717 mode_t mode = archive_entry_mode(a->entry); 3718 const int nochange_flags = 0 3719#ifdef SF_IMMUTABLE 3720 | SF_IMMUTABLE 3721#endif 3722#ifdef UF_IMMUTABLE 3723 | UF_IMMUTABLE 3724#endif 3725#ifdef SF_APPEND 3726 | SF_APPEND 3727#endif 3728#ifdef UF_APPEND 3729 | UF_APPEND 3730#endif 3731#ifdef EXT2_APPEND_FL 3732 | EXT2_APPEND_FL 3733#endif 3734#ifdef EXT2_IMMUTABLE_FL 3735 | EXT2_IMMUTABLE_FL 3736#endif 3737 ; 3738 3739 return (set_fflags_platform(a, a->fd, a->name, mode, 0, 3740 nochange_flags)); 3741} 3742 3743 3744#if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS) 3745/* 3746 * BSD reads flags using stat() and sets them with one of {f,l,}chflags() 3747 */ 3748static int 3749set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3750 mode_t mode, unsigned long set, unsigned long clear) 3751{ 3752 int r; 3753 const int sf_mask = 0 3754#ifdef SF_APPEND 3755 | SF_APPEND 3756#endif 3757#ifdef SF_ARCHIVED 3758 | SF_ARCHIVED 3759#endif 3760#ifdef SF_IMMUTABLE 3761 | SF_IMMUTABLE 3762#endif 3763#ifdef SF_NOUNLINK 3764 | SF_NOUNLINK 3765#endif 3766 ; 3767 (void)mode; /* UNUSED */ 3768 3769 if (set == 0 && clear == 0) 3770 return (ARCHIVE_OK); 3771 3772 /* 3773 * XXX Is the stat here really necessary? Or can I just use 3774 * the 'set' flags directly? In particular, I'm not sure 3775 * about the correct approach if we're overwriting an existing 3776 * file that already has flags on it. XXX 3777 */ 3778 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3779 return (r); 3780 3781 a->st.st_flags &= ~clear; 3782 a->st.st_flags |= set; 3783 3784 /* Only super-user may change SF_* flags */ 3785 3786 if (a->user_uid != 0) 3787 a->st.st_flags &= ~sf_mask; 3788 3789#ifdef HAVE_FCHFLAGS 3790 /* If platform has fchflags() and we were given an fd, use it. */ 3791 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0) 3792 return (ARCHIVE_OK); 3793#endif 3794 /* 3795 * If we can't use the fd to set the flags, we'll use the 3796 * pathname to set flags. We prefer lchflags() but will use 3797 * chflags() if we must. 3798 */ 3799#ifdef HAVE_LCHFLAGS 3800 if (lchflags(name, a->st.st_flags) == 0) 3801 return (ARCHIVE_OK); 3802#elif defined(HAVE_CHFLAGS) 3803 if (S_ISLNK(a->st.st_mode)) { 3804 archive_set_error(&a->archive, errno, 3805 "Can't set file flags on symlink."); 3806 return (ARCHIVE_WARN); 3807 } 3808 if (chflags(name, a->st.st_flags) == 0) 3809 return (ARCHIVE_OK); 3810#endif 3811 archive_set_error(&a->archive, errno, 3812 "Failed to set file flags"); 3813 return (ARCHIVE_WARN); 3814} 3815 3816#elif (defined(FS_IOC_GETFLAGS) && defined(FS_IOC_SETFLAGS) && \ 3817 defined(HAVE_WORKING_FS_IOC_GETFLAGS)) || \ 3818 (defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && \ 3819 defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)) 3820/* 3821 * Linux uses ioctl() to read and write file flags. 3822 */ 3823static int 3824set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3825 mode_t mode, unsigned long set, unsigned long clear) 3826{ 3827 int ret; 3828 int myfd = fd; 3829 int newflags, oldflags; 3830 /* 3831 * Linux has no define for the flags that are only settable by 3832 * the root user. This code may seem a little complex, but 3833 * there seem to be some Linux systems that lack these 3834 * defines. (?) The code below degrades reasonably gracefully 3835 * if sf_mask is incomplete. 3836 */ 3837 const int sf_mask = 0 3838#if defined(FS_IMMUTABLE_FL) 3839 | FS_IMMUTABLE_FL 3840#elif defined(EXT2_IMMUTABLE_FL) 3841 | EXT2_IMMUTABLE_FL 3842#endif 3843#if defined(FS_APPEND_FL) 3844 | FS_APPEND_FL 3845#elif defined(EXT2_APPEND_FL) 3846 | EXT2_APPEND_FL 3847#endif 3848#if defined(FS_JOURNAL_DATA_FL) 3849 | FS_JOURNAL_DATA_FL 3850#endif 3851 ; 3852 3853 if (set == 0 && clear == 0) 3854 return (ARCHIVE_OK); 3855 /* Only regular files and dirs can have flags. */ 3856 if (!S_ISREG(mode) && !S_ISDIR(mode)) 3857 return (ARCHIVE_OK); 3858 3859 /* If we weren't given an fd, open it ourselves. */ 3860 if (myfd < 0) { 3861 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC); 3862 __archive_ensure_cloexec_flag(myfd); 3863 } 3864 if (myfd < 0) 3865 return (ARCHIVE_OK); 3866 3867 /* 3868 * XXX As above, this would be way simpler if we didn't have 3869 * to read the current flags from disk. XXX 3870 */ 3871 ret = ARCHIVE_OK; 3872 3873 /* Read the current file flags. */ 3874 if (ioctl(myfd, 3875#ifdef FS_IOC_GETFLAGS 3876 FS_IOC_GETFLAGS, 3877#else 3878 EXT2_IOC_GETFLAGS, 3879#endif 3880 &oldflags) < 0) 3881 goto fail; 3882 3883 /* Try setting the flags as given. */ 3884 newflags = (oldflags & ~clear) | set; 3885 if (ioctl(myfd, 3886#ifdef FS_IOC_SETFLAGS 3887 FS_IOC_SETFLAGS, 3888#else 3889 EXT2_IOC_SETFLAGS, 3890#endif 3891 &newflags) >= 0) 3892 goto cleanup; 3893 if (errno != EPERM) 3894 goto fail; 3895 3896 /* If we couldn't set all the flags, try again with a subset. */ 3897 newflags &= ~sf_mask; 3898 oldflags &= sf_mask; 3899 newflags |= oldflags; 3900 if (ioctl(myfd, 3901#ifdef FS_IOC_SETFLAGS 3902 FS_IOC_SETFLAGS, 3903#else 3904 EXT2_IOC_SETFLAGS, 3905#endif 3906 &newflags) >= 0) 3907 goto cleanup; 3908 3909 /* We couldn't set the flags, so report the failure. */ 3910fail: 3911 archive_set_error(&a->archive, errno, 3912 "Failed to set file flags"); 3913 ret = ARCHIVE_WARN; 3914cleanup: 3915 if (fd < 0) 3916 close(myfd); 3917 return (ret); 3918} 3919 3920#else 3921 3922/* 3923 * Of course, some systems have neither BSD chflags() nor Linux' flags 3924 * support through ioctl(). 3925 */ 3926static int 3927set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3928 mode_t mode, unsigned long set, unsigned long clear) 3929{ 3930 (void)a; /* UNUSED */ 3931 (void)fd; /* UNUSED */ 3932 (void)name; /* UNUSED */ 3933 (void)mode; /* UNUSED */ 3934 (void)set; /* UNUSED */ 3935 (void)clear; /* UNUSED */ 3936 return (ARCHIVE_OK); 3937} 3938 3939#endif /* __linux */ 3940 3941#ifndef HAVE_COPYFILE_H 3942/* Default is to simply drop Mac extended metadata. */ 3943static int 3944set_mac_metadata(struct archive_write_disk *a, const char *pathname, 3945 const void *metadata, size_t metadata_size) 3946{ 3947 (void)a; /* UNUSED */ 3948 (void)pathname; /* UNUSED */ 3949 (void)metadata; /* UNUSED */ 3950 (void)metadata_size; /* UNUSED */ 3951 return (ARCHIVE_OK); 3952} 3953 3954static int 3955fixup_appledouble(struct archive_write_disk *a, const char *pathname) 3956{ 3957 (void)a; /* UNUSED */ 3958 (void)pathname; /* UNUSED */ 3959 return (ARCHIVE_OK); 3960} 3961#else 3962 3963/* 3964 * On Mac OS, we use copyfile() to unpack the metadata and 3965 * apply it to the target file. 3966 */ 3967 3968#if defined(HAVE_SYS_XATTR_H) 3969static int 3970copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd) 3971{ 3972 ssize_t xattr_size; 3973 char *xattr_names = NULL, *xattr_val = NULL; 3974 int ret = ARCHIVE_OK, xattr_i; 3975 3976 xattr_size = flistxattr(tmpfd, NULL, 0, 0); 3977 if (xattr_size == -1) { 3978 archive_set_error(&a->archive, errno, 3979 "Failed to read metadata(xattr)"); 3980 ret = ARCHIVE_WARN; 3981 goto exit_xattr; 3982 } 3983 xattr_names = malloc(xattr_size); 3984 if (xattr_names == NULL) { 3985 archive_set_error(&a->archive, ENOMEM, 3986 "Can't allocate memory for metadata(xattr)"); 3987 ret = ARCHIVE_FATAL; 3988 goto exit_xattr; 3989 } 3990 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0); 3991 if (xattr_size == -1) { 3992 archive_set_error(&a->archive, errno, 3993 "Failed to read metadata(xattr)"); 3994 ret = ARCHIVE_WARN; 3995 goto exit_xattr; 3996 } 3997 for (xattr_i = 0; xattr_i < xattr_size; 3998 xattr_i += strlen(xattr_names + xattr_i) + 1) { 3999 char *xattr_val_saved; 4000 ssize_t s; 4001 int f; 4002 4003 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0); 4004 if (s == -1) { 4005 archive_set_error(&a->archive, errno, 4006 "Failed to get metadata(xattr)"); 4007 ret = ARCHIVE_WARN; 4008 goto exit_xattr; 4009 } 4010 xattr_val_saved = xattr_val; 4011 xattr_val = realloc(xattr_val, s); 4012 if (xattr_val == NULL) { 4013 archive_set_error(&a->archive, ENOMEM, 4014 "Failed to get metadata(xattr)"); 4015 ret = ARCHIVE_WARN; 4016 free(xattr_val_saved); 4017 goto exit_xattr; 4018 } 4019 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0); 4020 if (s == -1) { 4021 archive_set_error(&a->archive, errno, 4022 "Failed to get metadata(xattr)"); 4023 ret = ARCHIVE_WARN; 4024 goto exit_xattr; 4025 } 4026 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0); 4027 if (f == -1) { 4028 archive_set_error(&a->archive, errno, 4029 "Failed to get metadata(xattr)"); 4030 ret = ARCHIVE_WARN; 4031 goto exit_xattr; 4032 } 4033 } 4034exit_xattr: 4035 free(xattr_names); 4036 free(xattr_val); 4037 return (ret); 4038} 4039#endif 4040 4041static int 4042copy_acls(struct archive_write_disk *a, int tmpfd, int dffd) 4043{ 4044#ifndef HAVE_SYS_ACL_H 4045 return 0; 4046#else 4047 acl_t acl, dfacl = NULL; 4048 int acl_r, ret = ARCHIVE_OK; 4049 4050 acl = acl_get_fd(tmpfd); 4051 if (acl == NULL) { 4052 if (errno == ENOENT) 4053 /* There are not any ACLs. */ 4054 return (ret); 4055 archive_set_error(&a->archive, errno, 4056 "Failed to get metadata(acl)"); 4057 ret = ARCHIVE_WARN; 4058 goto exit_acl; 4059 } 4060 dfacl = acl_dup(acl); 4061 acl_r = acl_set_fd(dffd, dfacl); 4062 if (acl_r == -1) { 4063 archive_set_error(&a->archive, errno, 4064 "Failed to get metadata(acl)"); 4065 ret = ARCHIVE_WARN; 4066 goto exit_acl; 4067 } 4068exit_acl: 4069 if (acl) 4070 acl_free(acl); 4071 if (dfacl) 4072 acl_free(dfacl); 4073 return (ret); 4074#endif 4075} 4076 4077static int 4078create_tempdatafork(struct archive_write_disk *a, const char *pathname) 4079{ 4080 struct archive_string tmpdatafork; 4081 int tmpfd; 4082 4083 archive_string_init(&tmpdatafork); 4084 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX"); 4085 tmpfd = mkstemp(tmpdatafork.s); 4086 if (tmpfd < 0) { 4087 archive_set_error(&a->archive, errno, 4088 "Failed to mkstemp"); 4089 archive_string_free(&tmpdatafork); 4090 return (-1); 4091 } 4092 if (copyfile(pathname, tmpdatafork.s, 0, 4093 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4094 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4095 archive_set_error(&a->archive, errno, 4096 "Failed to restore metadata"); 4097 close(tmpfd); 4098 tmpfd = -1; 4099 } 4100 unlink(tmpdatafork.s); 4101 archive_string_free(&tmpdatafork); 4102 return (tmpfd); 4103} 4104 4105static int 4106copy_metadata(struct archive_write_disk *a, const char *metadata, 4107 const char *datafork, int datafork_compressed) 4108{ 4109 int ret = ARCHIVE_OK; 4110 4111 if (datafork_compressed) { 4112 int dffd, tmpfd; 4113 4114 tmpfd = create_tempdatafork(a, metadata); 4115 if (tmpfd == -1) 4116 return (ARCHIVE_WARN); 4117 4118 /* 4119 * Do not open the data fork compressed by HFS+ compression 4120 * with at least a writing mode(O_RDWR or O_WRONLY). it 4121 * makes the data fork uncompressed. 4122 */ 4123 dffd = open(datafork, 0); 4124 if (dffd == -1) { 4125 archive_set_error(&a->archive, errno, 4126 "Failed to open the data fork for metadata"); 4127 close(tmpfd); 4128 return (ARCHIVE_WARN); 4129 } 4130 4131#if defined(HAVE_SYS_XATTR_H) 4132 ret = copy_xattrs(a, tmpfd, dffd); 4133 if (ret == ARCHIVE_OK) 4134#endif 4135 ret = copy_acls(a, tmpfd, dffd); 4136 close(tmpfd); 4137 close(dffd); 4138 } else { 4139 if (copyfile(metadata, datafork, 0, 4140 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4141 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4142 archive_set_error(&a->archive, errno, 4143 "Failed to restore metadata"); 4144 ret = ARCHIVE_WARN; 4145 } 4146 } 4147 return (ret); 4148} 4149 4150static int 4151set_mac_metadata(struct archive_write_disk *a, const char *pathname, 4152 const void *metadata, size_t metadata_size) 4153{ 4154 struct archive_string tmp; 4155 ssize_t written; 4156 int fd; 4157 int ret = ARCHIVE_OK; 4158 4159 /* This would be simpler if copyfile() could just accept the 4160 * metadata as a block of memory; then we could sidestep this 4161 * silly dance of writing the data to disk just so that 4162 * copyfile() can read it back in again. */ 4163 archive_string_init(&tmp); 4164 archive_strcpy(&tmp, pathname); 4165 archive_strcat(&tmp, ".XXXXXX"); 4166 fd = mkstemp(tmp.s); 4167 4168 if (fd < 0) { 4169 archive_set_error(&a->archive, errno, 4170 "Failed to restore metadata"); 4171 archive_string_free(&tmp); 4172 return (ARCHIVE_WARN); 4173 } 4174 written = write(fd, metadata, metadata_size); 4175 close(fd); 4176 if ((size_t)written != metadata_size) { 4177 archive_set_error(&a->archive, errno, 4178 "Failed to restore metadata"); 4179 ret = ARCHIVE_WARN; 4180 } else { 4181 int compressed; 4182 4183#if defined(UF_COMPRESSED) 4184 if ((a->todo & TODO_HFS_COMPRESSION) != 0 && 4185 (ret = lazy_stat(a)) == ARCHIVE_OK) 4186 compressed = a->st.st_flags & UF_COMPRESSED; 4187 else 4188#endif 4189 compressed = 0; 4190 ret = copy_metadata(a, tmp.s, pathname, compressed); 4191 } 4192 unlink(tmp.s); 4193 archive_string_free(&tmp); 4194 return (ret); 4195} 4196 4197static int 4198fixup_appledouble(struct archive_write_disk *a, const char *pathname) 4199{ 4200 char buff[8]; 4201 struct stat st; 4202 const char *p; 4203 struct archive_string datafork; 4204 int fd = -1, ret = ARCHIVE_OK; 4205 4206 archive_string_init(&datafork); 4207 /* Check if the current file name is a type of the resource 4208 * fork file. */ 4209 p = strrchr(pathname, '/'); 4210 if (p == NULL) 4211 p = pathname; 4212 else 4213 p++; 4214 if (p[0] != '.' || p[1] != '_') 4215 goto skip_appledouble; 4216 4217 /* 4218 * Check if the data fork file exists. 4219 * 4220 * TODO: Check if this write disk object has handled it. 4221 */ 4222 archive_strncpy(&datafork, pathname, p - pathname); 4223 archive_strcat(&datafork, p + 2); 4224 if (lstat(datafork.s, &st) == -1 || 4225 (st.st_mode & AE_IFMT) != AE_IFREG) 4226 goto skip_appledouble; 4227 4228 /* 4229 * Check if the file is in the AppleDouble form. 4230 */ 4231 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC); 4232 __archive_ensure_cloexec_flag(fd); 4233 if (fd == -1) { 4234 archive_set_error(&a->archive, errno, 4235 "Failed to open a restoring file"); 4236 ret = ARCHIVE_WARN; 4237 goto skip_appledouble; 4238 } 4239 if (read(fd, buff, 8) == -1) { 4240 archive_set_error(&a->archive, errno, 4241 "Failed to read a restoring file"); 4242 close(fd); 4243 ret = ARCHIVE_WARN; 4244 goto skip_appledouble; 4245 } 4246 close(fd); 4247 /* Check AppleDouble Magic Code. */ 4248 if (archive_be32dec(buff) != 0x00051607) 4249 goto skip_appledouble; 4250 /* Check AppleDouble Version. */ 4251 if (archive_be32dec(buff+4) != 0x00020000) 4252 goto skip_appledouble; 4253 4254 ret = copy_metadata(a, pathname, datafork.s, 4255#if defined(UF_COMPRESSED) 4256 st.st_flags & UF_COMPRESSED); 4257#else 4258 0); 4259#endif 4260 if (ret == ARCHIVE_OK) { 4261 unlink(pathname); 4262 ret = ARCHIVE_EOF; 4263 } 4264skip_appledouble: 4265 archive_string_free(&datafork); 4266 return (ret); 4267} 4268#endif 4269 4270#if ARCHIVE_XATTR_LINUX || ARCHIVE_XATTR_DARWIN || ARCHIVE_XATTR_AIX 4271/* 4272 * Restore extended attributes - Linux, Darwin and AIX implementations: 4273 * AIX' ea interface is syntaxwise identical to the Linux xattr interface. 4274 */ 4275static int 4276set_xattrs(struct archive_write_disk *a) 4277{ 4278 struct archive_entry *entry = a->entry; 4279 struct archive_string errlist; 4280 int ret = ARCHIVE_OK; 4281 int i = archive_entry_xattr_reset(entry); 4282 short fail = 0; 4283 4284 archive_string_init(&errlist); 4285 4286 while (i--) { 4287 const char *name; 4288 const void *value; 4289 size_t size; 4290 int e; 4291 4292 archive_entry_xattr_next(entry, &name, &value, &size); 4293 4294 if (name == NULL) 4295 continue; 4296#if ARCHIVE_XATTR_LINUX 4297 /* Linux: quietly skip POSIX.1e ACL extended attributes */ 4298 if (strncmp(name, "system.", 7) == 0 && 4299 (strcmp(name + 7, "posix_acl_access") == 0 || 4300 strcmp(name + 7, "posix_acl_default") == 0)) 4301 continue; 4302 if (strncmp(name, "trusted.SGI_", 12) == 0 && 4303 (strcmp(name + 12, "ACL_DEFAULT") == 0 || 4304 strcmp(name + 12, "ACL_FILE") == 0)) 4305 continue; 4306 4307 /* Linux: xfsroot namespace is obsolete and unsupported */ 4308 if (strncmp(name, "xfsroot.", 8) == 0) { 4309 fail = 1; 4310 archive_strcat(&errlist, name); 4311 archive_strappend_char(&errlist, ' '); 4312 continue; 4313 } 4314#endif 4315 4316 if (a->fd >= 0) { 4317#if ARCHIVE_XATTR_LINUX 4318 e = fsetxattr(a->fd, name, value, size, 0); 4319#elif ARCHIVE_XATTR_DARWIN 4320 e = fsetxattr(a->fd, name, value, size, 0, 0); 4321#elif ARCHIVE_XATTR_AIX 4322 e = fsetea(a->fd, name, value, size, 0); 4323#endif 4324 } else { 4325#if ARCHIVE_XATTR_LINUX 4326 e = lsetxattr(archive_entry_pathname(entry), 4327 name, value, size, 0); 4328#elif ARCHIVE_XATTR_DARWIN 4329 e = setxattr(archive_entry_pathname(entry), 4330 name, value, size, 0, XATTR_NOFOLLOW); 4331#elif ARCHIVE_XATTR_AIX 4332 e = lsetea(archive_entry_pathname(entry), 4333 name, value, size, 0); 4334#endif 4335 } 4336 if (e == -1) { 4337 ret = ARCHIVE_WARN; 4338 archive_strcat(&errlist, name); 4339 archive_strappend_char(&errlist, ' '); 4340 if (errno != ENOTSUP && errno != ENOSYS) 4341 fail = 1; 4342 } 4343 } 4344 4345 if (ret == ARCHIVE_WARN) { 4346 if (fail && errlist.length > 0) { 4347 errlist.length--; 4348 errlist.s[errlist.length] = '\0'; 4349 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4350 "Cannot restore extended attributes: %s", 4351 errlist.s); 4352 } else 4353 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4354 "Cannot restore extended " 4355 "attributes on this file system."); 4356 } 4357 4358 archive_string_free(&errlist); 4359 return (ret); 4360} 4361#elif ARCHIVE_XATTR_FREEBSD 4362/* 4363 * Restore extended attributes - FreeBSD implementation 4364 */ 4365static int 4366set_xattrs(struct archive_write_disk *a) 4367{ 4368 struct archive_entry *entry = a->entry; 4369 struct archive_string errlist; 4370 int ret = ARCHIVE_OK; 4371 int i = archive_entry_xattr_reset(entry); 4372 short fail = 0; 4373 4374 archive_string_init(&errlist); 4375 4376 while (i--) { 4377 const char *name; 4378 const void *value; 4379 size_t size; 4380 archive_entry_xattr_next(entry, &name, &value, &size); 4381 if (name != NULL) { 4382 ssize_t e; 4383 int namespace; 4384 4385 if (strncmp(name, "user.", 5) == 0) { 4386 /* "user." attributes go to user namespace */ 4387 name += 5; 4388 namespace = EXTATTR_NAMESPACE_USER; 4389 } else { 4390 /* Other namespaces are unsupported */ 4391 archive_strcat(&errlist, name); 4392 archive_strappend_char(&errlist, ' '); 4393 fail = 1; 4394 ret = ARCHIVE_WARN; 4395 continue; 4396 } 4397 4398 if (a->fd >= 0) { 4399 e = extattr_set_fd(a->fd, namespace, name, 4400 value, size); 4401 } else { 4402 e = extattr_set_link( 4403 archive_entry_pathname(entry), namespace, 4404 name, value, size); 4405 } 4406 if (e != (ssize_t)size) { 4407 archive_strcat(&errlist, name); 4408 archive_strappend_char(&errlist, ' '); 4409 ret = ARCHIVE_WARN; 4410 if (errno != ENOTSUP && errno != ENOSYS) 4411 fail = 1; 4412 } 4413 } 4414 } 4415 4416 if (ret == ARCHIVE_WARN) { 4417 if (fail && errlist.length > 0) { 4418 errlist.length--; 4419 errlist.s[errlist.length] = '\0'; 4420 4421 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4422 "Cannot restore extended attributes: %s", 4423 errlist.s); 4424 } else 4425 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4426 "Cannot restore extended " 4427 "attributes on this file system."); 4428 } 4429 4430 archive_string_free(&errlist); 4431 return (ret); 4432} 4433#else 4434/* 4435 * Restore extended attributes - stub implementation for unsupported systems 4436 */ 4437static int 4438set_xattrs(struct archive_write_disk *a) 4439{ 4440 static int warning_done = 0; 4441 4442 /* If there aren't any extended attributes, then it's okay not 4443 * to extract them, otherwise, issue a single warning. */ 4444 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) { 4445 warning_done = 1; 4446 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 4447 "Cannot restore extended attributes on this system"); 4448 return (ARCHIVE_WARN); 4449 } 4450 /* Warning was already emitted; suppress further warnings. */ 4451 return (ARCHIVE_OK); 4452} 4453#endif 4454 4455/* 4456 * Test if file on disk is older than entry. 4457 */ 4458static int 4459older(struct stat *st, struct archive_entry *entry) 4460{ 4461 /* First, test the seconds and return if we have a definite answer. */ 4462 /* Definitely older. */ 4463 if (to_int64_time(st->st_mtime) < to_int64_time(archive_entry_mtime(entry))) 4464 return (1); 4465 /* Definitely younger. */ 4466 if (to_int64_time(st->st_mtime) > to_int64_time(archive_entry_mtime(entry))) 4467 return (0); 4468 /* If this platform supports fractional seconds, try those. */ 4469#if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC 4470 /* Definitely older. */ 4471 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry)) 4472 return (1); 4473#elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC 4474 /* Definitely older. */ 4475 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry)) 4476 return (1); 4477#elif HAVE_STRUCT_STAT_ST_MTIME_N 4478 /* older. */ 4479 if (st->st_mtime_n < archive_entry_mtime_nsec(entry)) 4480 return (1); 4481#elif HAVE_STRUCT_STAT_ST_UMTIME 4482 /* older. */ 4483 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry)) 4484 return (1); 4485#elif HAVE_STRUCT_STAT_ST_MTIME_USEC 4486 /* older. */ 4487 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry)) 4488 return (1); 4489#else 4490 /* This system doesn't have high-res timestamps. */ 4491#endif 4492 /* Same age or newer, so not older. */ 4493 return (0); 4494} 4495 4496#ifndef ARCHIVE_ACL_SUPPORT 4497int 4498archive_write_disk_set_acls(struct archive *a, int fd, const char *name, 4499 struct archive_acl *abstract_acl, __LA_MODE_T mode) 4500{ 4501 (void)a; /* UNUSED */ 4502 (void)fd; /* UNUSED */ 4503 (void)name; /* UNUSED */ 4504 (void)abstract_acl; /* UNUSED */ 4505 (void)mode; /* UNUSED */ 4506 return (ARCHIVE_OK); 4507} 4508#endif 4509 4510#endif /* !_WIN32 || __CYGWIN__ */ 4511 4512