archive_write_disk_posix.c revision 370535
1/*- 2 * Copyright (c) 2003-2010 Tim Kientzle 3 * Copyright (c) 2012 Michihiro NAKAJIMA 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer 11 * in this position and unchanged. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28#include "archive_platform.h" 29__FBSDID("$FreeBSD$"); 30 31#if !defined(_WIN32) || defined(__CYGWIN__) 32 33#ifdef HAVE_SYS_TYPES_H 34#include <sys/types.h> 35#endif 36#ifdef HAVE_SYS_ACL_H 37#include <sys/acl.h> 38#endif 39#ifdef HAVE_SYS_EXTATTR_H 40#include <sys/extattr.h> 41#endif 42#if HAVE_SYS_XATTR_H 43#include <sys/xattr.h> 44#elif HAVE_ATTR_XATTR_H 45#include <attr/xattr.h> 46#endif 47#ifdef HAVE_SYS_EA_H 48#include <sys/ea.h> 49#endif 50#ifdef HAVE_SYS_IOCTL_H 51#include <sys/ioctl.h> 52#endif 53#ifdef HAVE_SYS_STAT_H 54#include <sys/stat.h> 55#endif 56#ifdef HAVE_SYS_TIME_H 57#include <sys/time.h> 58#endif 59#ifdef HAVE_SYS_UTIME_H 60#include <sys/utime.h> 61#endif 62#ifdef HAVE_COPYFILE_H 63#include <copyfile.h> 64#endif 65#ifdef HAVE_ERRNO_H 66#include <errno.h> 67#endif 68#ifdef HAVE_FCNTL_H 69#include <fcntl.h> 70#endif 71#ifdef HAVE_GRP_H 72#include <grp.h> 73#endif 74#ifdef HAVE_LANGINFO_H 75#include <langinfo.h> 76#endif 77#ifdef HAVE_LINUX_FS_H 78#include <linux/fs.h> /* for Linux file flags */ 79#endif 80/* 81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. 82 * As the include guards don't agree, the order of include is important. 83 */ 84#ifdef HAVE_LINUX_EXT2_FS_H 85#include <linux/ext2_fs.h> /* for Linux file flags */ 86#endif 87#if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__) 88#include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */ 89#endif 90#ifdef HAVE_LIMITS_H 91#include <limits.h> 92#endif 93#ifdef HAVE_PWD_H 94#include <pwd.h> 95#endif 96#include <stdio.h> 97#ifdef HAVE_STDLIB_H 98#include <stdlib.h> 99#endif 100#ifdef HAVE_STRING_H 101#include <string.h> 102#endif 103#ifdef HAVE_UNISTD_H 104#include <unistd.h> 105#endif 106#ifdef HAVE_UTIME_H 107#include <utime.h> 108#endif 109#ifdef F_GETTIMES /* Tru64 specific */ 110#include <sys/fcntl1.h> 111#endif 112 113/* 114 * Macro to cast st_mtime and time_t to an int64 so that 2 numbers can reliably be compared. 115 * 116 * It assumes that the input is an integer type of no more than 64 bits. 117 * If the number is less than zero, t must be a signed type, so it fits in 118 * int64_t. Otherwise, it's a nonnegative value so we can cast it to uint64_t 119 * without loss. But it could be a large unsigned value, so we have to clip it 120 * to INT64_MAX.* 121 */ 122#define to_int64_time(t) \ 123 ((t) < 0 ? (int64_t)(t) : (uint64_t)(t) > (uint64_t)INT64_MAX ? INT64_MAX : (int64_t)(t)) 124 125#if __APPLE__ 126#include <TargetConditionals.h> 127#if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H 128#include <quarantine.h> 129#define HAVE_QUARANTINE 1 130#endif 131#endif 132 133#ifdef HAVE_ZLIB_H 134#include <zlib.h> 135#endif 136 137/* TODO: Support Mac OS 'quarantine' feature. This is really just a 138 * standard tag to mark files that have been downloaded as "tainted". 139 * On Mac OS, we should mark the extracted files as tainted if the 140 * archive being read was tainted. Windows has a similar feature; we 141 * should investigate ways to support this generically. */ 142 143#include "archive.h" 144#include "archive_acl_private.h" 145#include "archive_string.h" 146#include "archive_endian.h" 147#include "archive_entry.h" 148#include "archive_private.h" 149#include "archive_write_disk_private.h" 150 151#ifndef O_BINARY 152#define O_BINARY 0 153#endif 154#ifndef O_CLOEXEC 155#define O_CLOEXEC 0 156#endif 157 158/* Ignore non-int O_NOFOLLOW constant. */ 159/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */ 160#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX) 161#undef O_NOFOLLOW 162#endif 163 164#ifndef O_NOFOLLOW 165#define O_NOFOLLOW 0 166#endif 167 168#ifndef AT_FDCWD 169#define AT_FDCWD -100 170#endif 171 172struct fixup_entry { 173 struct fixup_entry *next; 174 struct archive_acl acl; 175 mode_t mode; 176 int64_t atime; 177 int64_t birthtime; 178 int64_t mtime; 179 int64_t ctime; 180 unsigned long atime_nanos; 181 unsigned long birthtime_nanos; 182 unsigned long mtime_nanos; 183 unsigned long ctime_nanos; 184 unsigned long fflags_set; 185 size_t mac_metadata_size; 186 void *mac_metadata; 187 int fixup; /* bitmask of what needs fixing */ 188 char *name; 189}; 190 191/* 192 * We use a bitmask to track which operations remain to be done for 193 * this file. In particular, this helps us avoid unnecessary 194 * operations when it's possible to take care of one step as a 195 * side-effect of another. For example, mkdir() can specify the mode 196 * for the newly-created object but symlink() cannot. This means we 197 * can skip chmod() if mkdir() succeeded, but we must explicitly 198 * chmod() if we're trying to create a directory that already exists 199 * (mkdir() failed) or if we're restoring a symlink. Similarly, we 200 * need to verify UID/GID before trying to restore SUID/SGID bits; 201 * that verification can occur explicitly through a stat() call or 202 * implicitly because of a successful chown() call. 203 */ 204#define TODO_MODE_FORCE 0x40000000 205#define TODO_MODE_BASE 0x20000000 206#define TODO_SUID 0x10000000 207#define TODO_SUID_CHECK 0x08000000 208#define TODO_SGID 0x04000000 209#define TODO_SGID_CHECK 0x02000000 210#define TODO_APPLEDOUBLE 0x01000000 211#define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID) 212#define TODO_TIMES ARCHIVE_EXTRACT_TIME 213#define TODO_OWNER ARCHIVE_EXTRACT_OWNER 214#define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS 215#define TODO_ACLS ARCHIVE_EXTRACT_ACL 216#define TODO_XATTR ARCHIVE_EXTRACT_XATTR 217#define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA 218#define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED 219 220struct archive_write_disk { 221 struct archive archive; 222 223 mode_t user_umask; 224 struct fixup_entry *fixup_list; 225 struct fixup_entry *current_fixup; 226 int64_t user_uid; 227 int skip_file_set; 228 int64_t skip_file_dev; 229 int64_t skip_file_ino; 230 time_t start_time; 231 232 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid); 233 void (*cleanup_gid)(void *private); 234 void *lookup_gid_data; 235 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid); 236 void (*cleanup_uid)(void *private); 237 void *lookup_uid_data; 238 239 /* 240 * Full path of last file to satisfy symlink checks. 241 */ 242 struct archive_string path_safe; 243 244 /* 245 * Cached stat data from disk for the current entry. 246 * If this is valid, pst points to st. Otherwise, 247 * pst is null. 248 */ 249 struct stat st; 250 struct stat *pst; 251 252 /* Information about the object being restored right now. */ 253 struct archive_entry *entry; /* Entry being extracted. */ 254 char *name; /* Name of entry, possibly edited. */ 255 struct archive_string _name_data; /* backing store for 'name' */ 256 char *tmpname; /* Temporary name * */ 257 struct archive_string _tmpname_data; /* backing store for 'tmpname' */ 258 /* Tasks remaining for this object. */ 259 int todo; 260 /* Tasks deferred until end-of-archive. */ 261 int deferred; 262 /* Options requested by the client. */ 263 int flags; 264 /* Handle for the file we're restoring. */ 265 int fd; 266 /* Current offset for writing data to the file. */ 267 int64_t offset; 268 /* Last offset actually written to disk. */ 269 int64_t fd_offset; 270 /* Total bytes actually written to files. */ 271 int64_t total_bytes_written; 272 /* Maximum size of file, -1 if unknown. */ 273 int64_t filesize; 274 /* Dir we were in before this restore; only for deep paths. */ 275 int restore_pwd; 276 /* Mode we should use for this entry; affected by _PERM and umask. */ 277 mode_t mode; 278 /* UID/GID to use in restoring this entry. */ 279 int64_t uid; 280 int64_t gid; 281 /* 282 * HFS+ Compression. 283 */ 284 /* Xattr "com.apple.decmpfs". */ 285 uint32_t decmpfs_attr_size; 286 unsigned char *decmpfs_header_p; 287 /* ResourceFork set options used for fsetxattr. */ 288 int rsrc_xattr_options; 289 /* Xattr "com.apple.ResourceFork". */ 290 unsigned char *resource_fork; 291 size_t resource_fork_allocated_size; 292 unsigned int decmpfs_block_count; 293 uint32_t *decmpfs_block_info; 294 /* Buffer for compressed data. */ 295 unsigned char *compressed_buffer; 296 size_t compressed_buffer_size; 297 size_t compressed_buffer_remaining; 298 /* The offset of the ResourceFork where compressed data will 299 * be placed. */ 300 uint32_t compressed_rsrc_position; 301 uint32_t compressed_rsrc_position_v; 302 /* Buffer for uncompressed data. */ 303 char *uncompressed_buffer; 304 size_t block_remaining_bytes; 305 size_t file_remaining_bytes; 306#ifdef HAVE_ZLIB_H 307 z_stream stream; 308 int stream_valid; 309 int decmpfs_compression_level; 310#endif 311}; 312 313/* 314 * Default mode for dirs created automatically (will be modified by umask). 315 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified 316 * by the process' file creation mask." 317 */ 318#define DEFAULT_DIR_MODE 0777 319/* 320 * Dir modes are restored in two steps: During the extraction, the permissions 321 * in the archive are modified to match the following limits. During 322 * the post-extract fixup pass, the permissions from the archive are 323 * applied. 324 */ 325#define MINIMUM_DIR_MODE 0700 326#define MAXIMUM_DIR_MODE 0775 327 328/* 329 * Maximum uncompressed size of a decmpfs block. 330 */ 331#define MAX_DECMPFS_BLOCK_SIZE (64 * 1024) 332/* 333 * HFS+ compression type. 334 */ 335#define CMP_XATTR 3/* Compressed data in xattr. */ 336#define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */ 337/* 338 * HFS+ compression resource fork. 339 */ 340#define RSRC_H_SIZE 260 /* Base size of Resource fork header. */ 341#define RSRC_F_SIZE 50 /* Size of Resource fork footer. */ 342/* Size to write compressed data to resource fork. */ 343#define COMPRESSED_W_SIZE (64 * 1024) 344/* decmpfs definitions. */ 345#define MAX_DECMPFS_XATTR_SIZE 3802 346#ifndef DECMPFS_XATTR_NAME 347#define DECMPFS_XATTR_NAME "com.apple.decmpfs" 348#endif 349#define DECMPFS_MAGIC 0x636d7066 350#define DECMPFS_COMPRESSION_MAGIC 0 351#define DECMPFS_COMPRESSION_TYPE 4 352#define DECMPFS_UNCOMPRESSED_SIZE 8 353#define DECMPFS_HEADER_SIZE 16 354 355#define HFS_BLOCKS(s) ((s) >> 12) 356 357 358static int la_opendirat(int, const char *); 359static int la_mktemp(struct archive_write_disk *); 360static void fsobj_error(int *, struct archive_string *, int, const char *, 361 const char *); 362static int check_symlinks_fsobj(char *, int *, struct archive_string *, 363 int, int); 364static int check_symlinks(struct archive_write_disk *); 365static int create_filesystem_object(struct archive_write_disk *); 366static struct fixup_entry *current_fixup(struct archive_write_disk *, 367 const char *pathname); 368#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 369static void edit_deep_directories(struct archive_write_disk *ad); 370#endif 371static int cleanup_pathname_fsobj(char *, int *, struct archive_string *, 372 int); 373static int cleanup_pathname(struct archive_write_disk *); 374static int create_dir(struct archive_write_disk *, char *); 375static int create_parent_dir(struct archive_write_disk *, char *); 376static ssize_t hfs_write_data_block(struct archive_write_disk *, 377 const char *, size_t); 378static int fixup_appledouble(struct archive_write_disk *, const char *); 379static int older(struct stat *, struct archive_entry *); 380static int restore_entry(struct archive_write_disk *); 381static int set_mac_metadata(struct archive_write_disk *, const char *, 382 const void *, size_t); 383static int set_xattrs(struct archive_write_disk *); 384static int clear_nochange_fflags(struct archive_write_disk *); 385static int set_fflags(struct archive_write_disk *); 386static int set_fflags_platform(struct archive_write_disk *, int fd, 387 const char *name, mode_t mode, 388 unsigned long fflags_set, unsigned long fflags_clear); 389static int set_ownership(struct archive_write_disk *); 390static int set_mode(struct archive_write_disk *, int mode); 391static int set_time(int, int, const char *, time_t, long, time_t, long); 392static int set_times(struct archive_write_disk *, int, int, const char *, 393 time_t, long, time_t, long, time_t, long, time_t, long); 394static int set_times_from_entry(struct archive_write_disk *); 395static struct fixup_entry *sort_dir_list(struct fixup_entry *p); 396static ssize_t write_data_block(struct archive_write_disk *, 397 const char *, size_t); 398 399static struct archive_vtable *archive_write_disk_vtable(void); 400 401static int _archive_write_disk_close(struct archive *); 402static int _archive_write_disk_free(struct archive *); 403static int _archive_write_disk_header(struct archive *, 404 struct archive_entry *); 405static int64_t _archive_write_disk_filter_bytes(struct archive *, int); 406static int _archive_write_disk_finish_entry(struct archive *); 407static ssize_t _archive_write_disk_data(struct archive *, const void *, 408 size_t); 409static ssize_t _archive_write_disk_data_block(struct archive *, const void *, 410 size_t, int64_t); 411 412static int 413la_mktemp(struct archive_write_disk *a) 414{ 415 int oerrno, fd; 416 mode_t mode; 417 418 archive_string_empty(&a->_tmpname_data); 419 archive_string_sprintf(&a->_tmpname_data, "%s.XXXXXX", a->name); 420 a->tmpname = a->_tmpname_data.s; 421 422 fd = __archive_mkstemp(a->tmpname); 423 if (fd == -1) 424 return -1; 425 426 mode = a->mode & 0777 & ~a->user_umask; 427 if (fchmod(fd, mode) == -1) { 428 oerrno = errno; 429 close(fd); 430 errno = oerrno; 431 return -1; 432 } 433 return fd; 434} 435 436static int 437la_opendirat(int fd, const char *path) { 438 const int flags = O_CLOEXEC 439#if defined(O_BINARY) 440 | O_BINARY 441#endif 442#if defined(O_DIRECTORY) 443 | O_DIRECTORY 444#endif 445#if defined(O_PATH) 446 | O_PATH 447#elif defined(O_SEARCH) 448 | O_SEARCH 449#elif defined(__FreeBSD__) && defined(O_EXEC) 450 | O_EXEC 451#else 452 | O_RDONLY 453#endif 454 ; 455 456#if !defined(HAVE_OPENAT) 457 if (fd != AT_FDCWD) { 458 errno = ENOTSUP; 459 return (-1); 460 } else 461 return (open(path, flags)); 462#else 463 return (openat(fd, path, flags)); 464#endif 465} 466 467static int 468lazy_stat(struct archive_write_disk *a) 469{ 470 if (a->pst != NULL) { 471 /* Already have stat() data available. */ 472 return (ARCHIVE_OK); 473 } 474#ifdef HAVE_FSTAT 475 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) { 476 a->pst = &a->st; 477 return (ARCHIVE_OK); 478 } 479#endif 480 /* 481 * XXX At this point, symlinks should not be hit, otherwise 482 * XXX a race occurred. Do we want to check explicitly for that? 483 */ 484 if (lstat(a->name, &a->st) == 0) { 485 a->pst = &a->st; 486 return (ARCHIVE_OK); 487 } 488 archive_set_error(&a->archive, errno, "Couldn't stat file"); 489 return (ARCHIVE_WARN); 490} 491 492static struct archive_vtable * 493archive_write_disk_vtable(void) 494{ 495 static struct archive_vtable av; 496 static int inited = 0; 497 498 if (!inited) { 499 av.archive_close = _archive_write_disk_close; 500 av.archive_filter_bytes = _archive_write_disk_filter_bytes; 501 av.archive_free = _archive_write_disk_free; 502 av.archive_write_header = _archive_write_disk_header; 503 av.archive_write_finish_entry 504 = _archive_write_disk_finish_entry; 505 av.archive_write_data = _archive_write_disk_data; 506 av.archive_write_data_block = _archive_write_disk_data_block; 507 inited = 1; 508 } 509 return (&av); 510} 511 512static int64_t 513_archive_write_disk_filter_bytes(struct archive *_a, int n) 514{ 515 struct archive_write_disk *a = (struct archive_write_disk *)_a; 516 (void)n; /* UNUSED */ 517 if (n == -1 || n == 0) 518 return (a->total_bytes_written); 519 return (-1); 520} 521 522 523int 524archive_write_disk_set_options(struct archive *_a, int flags) 525{ 526 struct archive_write_disk *a = (struct archive_write_disk *)_a; 527 528 a->flags = flags; 529 return (ARCHIVE_OK); 530} 531 532 533/* 534 * Extract this entry to disk. 535 * 536 * TODO: Validate hardlinks. According to the standards, we're 537 * supposed to check each extracted hardlink and squawk if it refers 538 * to a file that we didn't restore. I'm not entirely convinced this 539 * is a good idea, but more importantly: Is there any way to validate 540 * hardlinks without keeping a complete list of filenames from the 541 * entire archive?? Ugh. 542 * 543 */ 544static int 545_archive_write_disk_header(struct archive *_a, struct archive_entry *entry) 546{ 547 struct archive_write_disk *a = (struct archive_write_disk *)_a; 548 struct fixup_entry *fe; 549 const char *linkname; 550 int ret, r; 551 552 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 553 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 554 "archive_write_disk_header"); 555 archive_clear_error(&a->archive); 556 if (a->archive.state & ARCHIVE_STATE_DATA) { 557 r = _archive_write_disk_finish_entry(&a->archive); 558 if (r == ARCHIVE_FATAL) 559 return (r); 560 } 561 562 /* Set up for this particular entry. */ 563 a->pst = NULL; 564 a->current_fixup = NULL; 565 a->deferred = 0; 566 if (a->entry) { 567 archive_entry_free(a->entry); 568 a->entry = NULL; 569 } 570 a->entry = archive_entry_clone(entry); 571 a->fd = -1; 572 a->fd_offset = 0; 573 a->offset = 0; 574 a->restore_pwd = -1; 575 a->uid = a->user_uid; 576 a->mode = archive_entry_mode(a->entry); 577 if (archive_entry_size_is_set(a->entry)) 578 a->filesize = archive_entry_size(a->entry); 579 else 580 a->filesize = -1; 581 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry)); 582 a->name = a->_name_data.s; 583 archive_clear_error(&a->archive); 584 585 /* 586 * Clean up the requested path. This is necessary for correct 587 * dir restores; the dir restore logic otherwise gets messed 588 * up by nonsense like "dir/.". 589 */ 590 ret = cleanup_pathname(a); 591 if (ret != ARCHIVE_OK) 592 return (ret); 593 594 /* 595 * Check if we have a hardlink that points to itself. 596 */ 597 linkname = archive_entry_hardlink(a->entry); 598 if (linkname != NULL && strcmp(a->name, linkname) == 0) { 599 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 600 "Skipping hardlink pointing to itself: %s", 601 a->name); 602 return (ARCHIVE_WARN); 603 } 604 605 /* 606 * Query the umask so we get predictable mode settings. 607 * This gets done on every call to _write_header in case the 608 * user edits their umask during the extraction for some 609 * reason. 610 */ 611 umask(a->user_umask = umask(0)); 612 613 /* Figure out what we need to do for this entry. */ 614 a->todo = TODO_MODE_BASE; 615 if (a->flags & ARCHIVE_EXTRACT_PERM) { 616 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */ 617 /* 618 * SGID requires an extra "check" step because we 619 * cannot easily predict the GID that the system will 620 * assign. (Different systems assign GIDs to files 621 * based on a variety of criteria, including process 622 * credentials and the gid of the enclosing 623 * directory.) We can only restore the SGID bit if 624 * the file has the right GID, and we only know the 625 * GID if we either set it (see set_ownership) or if 626 * we've actually called stat() on the file after it 627 * was restored. Since there are several places at 628 * which we might verify the GID, we need a TODO bit 629 * to keep track. 630 */ 631 if (a->mode & S_ISGID) 632 a->todo |= TODO_SGID | TODO_SGID_CHECK; 633 /* 634 * Verifying the SUID is simpler, but can still be 635 * done in multiple ways, hence the separate "check" bit. 636 */ 637 if (a->mode & S_ISUID) 638 a->todo |= TODO_SUID | TODO_SUID_CHECK; 639 } else { 640 /* 641 * User didn't request full permissions, so don't 642 * restore SUID, SGID bits and obey umask. 643 */ 644 a->mode &= ~S_ISUID; 645 a->mode &= ~S_ISGID; 646 a->mode &= ~S_ISVTX; 647 a->mode &= ~a->user_umask; 648 } 649 if (a->flags & ARCHIVE_EXTRACT_OWNER) 650 a->todo |= TODO_OWNER; 651 if (a->flags & ARCHIVE_EXTRACT_TIME) 652 a->todo |= TODO_TIMES; 653 if (a->flags & ARCHIVE_EXTRACT_ACL) { 654#if ARCHIVE_ACL_DARWIN 655 /* 656 * On MacOS, platform ACLs get stored in mac_metadata, too. 657 * If we intend to extract mac_metadata and it is present 658 * we skip extracting libarchive NFSv4 ACLs. 659 */ 660 size_t metadata_size; 661 662 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 663 archive_entry_mac_metadata(a->entry, 664 &metadata_size) == NULL || metadata_size == 0) 665#endif 666#if ARCHIVE_ACL_LIBRICHACL 667 /* 668 * RichACLs are stored in an extended attribute. 669 * If we intend to extract extended attributes and have this 670 * attribute we skip extracting libarchive NFSv4 ACLs. 671 */ 672 short extract_acls = 1; 673 if (a->flags & ARCHIVE_EXTRACT_XATTR && ( 674 archive_entry_acl_types(a->entry) & 675 ARCHIVE_ENTRY_ACL_TYPE_NFS4)) { 676 const char *attr_name; 677 const void *attr_value; 678 size_t attr_size; 679 int i = archive_entry_xattr_reset(a->entry); 680 while (i--) { 681 archive_entry_xattr_next(a->entry, &attr_name, 682 &attr_value, &attr_size); 683 if (attr_name != NULL && attr_value != NULL && 684 attr_size > 0 && strcmp(attr_name, 685 "trusted.richacl") == 0) { 686 extract_acls = 0; 687 break; 688 } 689 } 690 } 691 if (extract_acls) 692#endif 693#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 694 { 695#endif 696 if (archive_entry_filetype(a->entry) == AE_IFDIR) 697 a->deferred |= TODO_ACLS; 698 else 699 a->todo |= TODO_ACLS; 700#if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 701 } 702#endif 703 } 704 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) { 705 if (archive_entry_filetype(a->entry) == AE_IFDIR) 706 a->deferred |= TODO_MAC_METADATA; 707 else 708 a->todo |= TODO_MAC_METADATA; 709 } 710#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 711 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) { 712 unsigned long set, clear; 713 archive_entry_fflags(a->entry, &set, &clear); 714 if ((set & ~clear) & UF_COMPRESSED) { 715 a->todo |= TODO_HFS_COMPRESSION; 716 a->decmpfs_block_count = (unsigned)-1; 717 } 718 } 719 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 && 720 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) { 721 a->todo |= TODO_HFS_COMPRESSION; 722 a->decmpfs_block_count = (unsigned)-1; 723 } 724 { 725 const char *p; 726 727 /* Check if the current file name is a type of the 728 * resource fork file. */ 729 p = strrchr(a->name, '/'); 730 if (p == NULL) 731 p = a->name; 732 else 733 p++; 734 if (p[0] == '.' && p[1] == '_') { 735 /* Do not compress "._XXX" files. */ 736 a->todo &= ~TODO_HFS_COMPRESSION; 737 if (a->filesize > 0) 738 a->todo |= TODO_APPLEDOUBLE; 739 } 740 } 741#endif 742 743 if (a->flags & ARCHIVE_EXTRACT_XATTR) { 744#if ARCHIVE_XATTR_DARWIN 745 /* 746 * On MacOS, extended attributes get stored in mac_metadata, 747 * too. If we intend to extract mac_metadata and it is present 748 * we skip extracting extended attributes. 749 */ 750 size_t metadata_size; 751 752 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 753 archive_entry_mac_metadata(a->entry, 754 &metadata_size) == NULL || metadata_size == 0) 755#endif 756 a->todo |= TODO_XATTR; 757 } 758 if (a->flags & ARCHIVE_EXTRACT_FFLAGS) 759 a->todo |= TODO_FFLAGS; 760 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) { 761 ret = check_symlinks(a); 762 if (ret != ARCHIVE_OK) 763 return (ret); 764 } 765#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 766 /* If path exceeds PATH_MAX, shorten the path. */ 767 edit_deep_directories(a); 768#endif 769 770 ret = restore_entry(a); 771 772#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 773 /* 774 * Check if the filesystem the file is restoring on supports 775 * HFS+ Compression. If not, cancel HFS+ Compression. 776 */ 777 if (a->todo | TODO_HFS_COMPRESSION) { 778 /* 779 * NOTE: UF_COMPRESSED is ignored even if the filesystem 780 * supports HFS+ Compression because the file should 781 * have at least an extended attribute "com.apple.decmpfs" 782 * before the flag is set to indicate that the file have 783 * been compressed. If the filesystem does not support 784 * HFS+ Compression the system call will fail. 785 */ 786 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0) 787 a->todo &= ~TODO_HFS_COMPRESSION; 788 } 789#endif 790 791 /* 792 * TODO: There are rumours that some extended attributes must 793 * be restored before file data is written. If this is true, 794 * then we either need to write all extended attributes both 795 * before and after restoring the data, or find some rule for 796 * determining which must go first and which last. Due to the 797 * many ways people are using xattrs, this may prove to be an 798 * intractable problem. 799 */ 800 801#ifdef HAVE_FCHDIR 802 /* If we changed directory above, restore it here. */ 803 if (a->restore_pwd >= 0) { 804 r = fchdir(a->restore_pwd); 805 if (r != 0) { 806 archive_set_error(&a->archive, errno, 807 "chdir() failure"); 808 ret = ARCHIVE_FATAL; 809 } 810 close(a->restore_pwd); 811 a->restore_pwd = -1; 812 } 813#endif 814 815 /* 816 * Fixup uses the unedited pathname from archive_entry_pathname(), 817 * because it is relative to the base dir and the edited path 818 * might be relative to some intermediate dir as a result of the 819 * deep restore logic. 820 */ 821 if (a->deferred & TODO_MODE) { 822 fe = current_fixup(a, archive_entry_pathname(entry)); 823 if (fe == NULL) 824 return (ARCHIVE_FATAL); 825 fe->fixup |= TODO_MODE_BASE; 826 fe->mode = a->mode; 827 } 828 829 if ((a->deferred & TODO_TIMES) 830 && (archive_entry_mtime_is_set(entry) 831 || archive_entry_atime_is_set(entry))) { 832 fe = current_fixup(a, archive_entry_pathname(entry)); 833 if (fe == NULL) 834 return (ARCHIVE_FATAL); 835 fe->mode = a->mode; 836 fe->fixup |= TODO_TIMES; 837 if (archive_entry_atime_is_set(entry)) { 838 fe->atime = archive_entry_atime(entry); 839 fe->atime_nanos = archive_entry_atime_nsec(entry); 840 } else { 841 /* If atime is unset, use start time. */ 842 fe->atime = a->start_time; 843 fe->atime_nanos = 0; 844 } 845 if (archive_entry_mtime_is_set(entry)) { 846 fe->mtime = archive_entry_mtime(entry); 847 fe->mtime_nanos = archive_entry_mtime_nsec(entry); 848 } else { 849 /* If mtime is unset, use start time. */ 850 fe->mtime = a->start_time; 851 fe->mtime_nanos = 0; 852 } 853 if (archive_entry_birthtime_is_set(entry)) { 854 fe->birthtime = archive_entry_birthtime(entry); 855 fe->birthtime_nanos = archive_entry_birthtime_nsec( 856 entry); 857 } else { 858 /* If birthtime is unset, use mtime. */ 859 fe->birthtime = fe->mtime; 860 fe->birthtime_nanos = fe->mtime_nanos; 861 } 862 } 863 864 if (a->deferred & TODO_ACLS) { 865 fe = current_fixup(a, archive_entry_pathname(entry)); 866 if (fe == NULL) 867 return (ARCHIVE_FATAL); 868 fe->fixup |= TODO_ACLS; 869 archive_acl_copy(&fe->acl, archive_entry_acl(entry)); 870 } 871 872 if (a->deferred & TODO_MAC_METADATA) { 873 const void *metadata; 874 size_t metadata_size; 875 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 876 if (metadata != NULL && metadata_size > 0) { 877 fe = current_fixup(a, archive_entry_pathname(entry)); 878 if (fe == NULL) 879 return (ARCHIVE_FATAL); 880 fe->mac_metadata = malloc(metadata_size); 881 if (fe->mac_metadata != NULL) { 882 memcpy(fe->mac_metadata, metadata, 883 metadata_size); 884 fe->mac_metadata_size = metadata_size; 885 fe->fixup |= TODO_MAC_METADATA; 886 } 887 } 888 } 889 890 if (a->deferred & TODO_FFLAGS) { 891 fe = current_fixup(a, archive_entry_pathname(entry)); 892 if (fe == NULL) 893 return (ARCHIVE_FATAL); 894 fe->fixup |= TODO_FFLAGS; 895 /* TODO: Complete this.. defer fflags from below. */ 896 } 897 898 /* We've created the object and are ready to pour data into it. */ 899 if (ret >= ARCHIVE_WARN) 900 a->archive.state = ARCHIVE_STATE_DATA; 901 /* 902 * If it's not open, tell our client not to try writing. 903 * In particular, dirs, links, etc, don't get written to. 904 */ 905 if (a->fd < 0) { 906 archive_entry_set_size(entry, 0); 907 a->filesize = 0; 908 } 909 910 return (ret); 911} 912 913int 914archive_write_disk_set_skip_file(struct archive *_a, la_int64_t d, la_int64_t i) 915{ 916 struct archive_write_disk *a = (struct archive_write_disk *)_a; 917 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 918 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file"); 919 a->skip_file_set = 1; 920 a->skip_file_dev = d; 921 a->skip_file_ino = i; 922 return (ARCHIVE_OK); 923} 924 925static ssize_t 926write_data_block(struct archive_write_disk *a, const char *buff, size_t size) 927{ 928 uint64_t start_size = size; 929 ssize_t bytes_written = 0; 930 ssize_t block_size = 0, bytes_to_write; 931 932 if (size == 0) 933 return (ARCHIVE_OK); 934 935 if (a->filesize == 0 || a->fd < 0) { 936 archive_set_error(&a->archive, 0, 937 "Attempt to write to an empty file"); 938 return (ARCHIVE_WARN); 939 } 940 941 if (a->flags & ARCHIVE_EXTRACT_SPARSE) { 942#if HAVE_STRUCT_STAT_ST_BLKSIZE 943 int r; 944 if ((r = lazy_stat(a)) != ARCHIVE_OK) 945 return (r); 946 block_size = a->pst->st_blksize; 947#else 948 /* XXX TODO XXX Is there a more appropriate choice here ? */ 949 /* This needn't match the filesystem allocation size. */ 950 block_size = 16*1024; 951#endif 952 } 953 954 /* If this write would run beyond the file size, truncate it. */ 955 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 956 start_size = size = (size_t)(a->filesize - a->offset); 957 958 /* Write the data. */ 959 while (size > 0) { 960 if (block_size == 0) { 961 bytes_to_write = size; 962 } else { 963 /* We're sparsifying the file. */ 964 const char *p, *end; 965 int64_t block_end; 966 967 /* Skip leading zero bytes. */ 968 for (p = buff, end = buff + size; p < end; ++p) { 969 if (*p != '\0') 970 break; 971 } 972 a->offset += p - buff; 973 size -= p - buff; 974 buff = p; 975 if (size == 0) 976 break; 977 978 /* Calculate next block boundary after offset. */ 979 block_end 980 = (a->offset / block_size + 1) * block_size; 981 982 /* If the adjusted write would cross block boundary, 983 * truncate it to the block boundary. */ 984 bytes_to_write = size; 985 if (a->offset + bytes_to_write > block_end) 986 bytes_to_write = block_end - a->offset; 987 } 988 /* Seek if necessary to the specified offset. */ 989 if (a->offset != a->fd_offset) { 990 if (lseek(a->fd, a->offset, SEEK_SET) < 0) { 991 archive_set_error(&a->archive, errno, 992 "Seek failed"); 993 return (ARCHIVE_FATAL); 994 } 995 a->fd_offset = a->offset; 996 } 997 bytes_written = write(a->fd, buff, bytes_to_write); 998 if (bytes_written < 0) { 999 archive_set_error(&a->archive, errno, "Write failed"); 1000 return (ARCHIVE_WARN); 1001 } 1002 buff += bytes_written; 1003 size -= bytes_written; 1004 a->total_bytes_written += bytes_written; 1005 a->offset += bytes_written; 1006 a->fd_offset = a->offset; 1007 } 1008 return (start_size - size); 1009} 1010 1011#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 1012 && defined(HAVE_ZLIB_H) 1013 1014/* 1015 * Set UF_COMPRESSED file flag. 1016 * This have to be called after hfs_write_decmpfs() because if the 1017 * file does not have "com.apple.decmpfs" xattr the flag is ignored. 1018 */ 1019static int 1020hfs_set_compressed_fflag(struct archive_write_disk *a) 1021{ 1022 int r; 1023 1024 if ((r = lazy_stat(a)) != ARCHIVE_OK) 1025 return (r); 1026 1027 a->st.st_flags |= UF_COMPRESSED; 1028 if (fchflags(a->fd, a->st.st_flags) != 0) { 1029 archive_set_error(&a->archive, errno, 1030 "Failed to set UF_COMPRESSED file flag"); 1031 return (ARCHIVE_WARN); 1032 } 1033 return (ARCHIVE_OK); 1034} 1035 1036/* 1037 * HFS+ Compression decmpfs 1038 * 1039 * +------------------------------+ +0 1040 * | Magic(LE 4 bytes) | 1041 * +------------------------------+ 1042 * | Type(LE 4 bytes) | 1043 * +------------------------------+ 1044 * | Uncompressed size(LE 8 bytes)| 1045 * +------------------------------+ +16 1046 * | | 1047 * | Compressed data | 1048 * | (Placed only if Type == 3) | 1049 * | | 1050 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE 1051 * 1052 * Type is 3: decmpfs has compressed data. 1053 * Type is 4: Resource Fork has compressed data. 1054 */ 1055/* 1056 * Write "com.apple.decmpfs" 1057 */ 1058static int 1059hfs_write_decmpfs(struct archive_write_disk *a) 1060{ 1061 int r; 1062 uint32_t compression_type; 1063 1064 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p, 1065 a->decmpfs_attr_size, 0, 0); 1066 if (r < 0) { 1067 archive_set_error(&a->archive, errno, 1068 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME); 1069 compression_type = archive_le32dec( 1070 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]); 1071 if (compression_type == CMP_RESOURCE_FORK) 1072 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 1073 XATTR_SHOWCOMPRESSION); 1074 return (ARCHIVE_WARN); 1075 } 1076 return (ARCHIVE_OK); 1077} 1078 1079/* 1080 * HFS+ Compression Resource Fork 1081 * 1082 * +-----------------------------+ 1083 * | Header(260 bytes) | 1084 * +-----------------------------+ 1085 * | Block count(LE 4 bytes) | 1086 * +-----------------------------+ --+ 1087 * +-- | Offset (LE 4 bytes) | | 1088 * | | [distance from Block count] | | Block 0 1089 * | +-----------------------------+ | 1090 * | | Compressed size(LE 4 bytes) | | 1091 * | +-----------------------------+ --+ 1092 * | | | 1093 * | | .................. | 1094 * | | | 1095 * | +-----------------------------+ --+ 1096 * | | Offset (LE 4 bytes) | | 1097 * | +-----------------------------+ | Block (Block count -1) 1098 * | | Compressed size(LE 4 bytes) | | 1099 * +-> +-----------------------------+ --+ 1100 * | Compressed data(n bytes) | Block 0 1101 * +-----------------------------+ 1102 * | | 1103 * | .................. | 1104 * | | 1105 * +-----------------------------+ 1106 * | Compressed data(n bytes) | Block (Block count -1) 1107 * +-----------------------------+ 1108 * | Footer(50 bytes) | 1109 * +-----------------------------+ 1110 * 1111 */ 1112/* 1113 * Write the header of "com.apple.ResourceFork" 1114 */ 1115static int 1116hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff, 1117 size_t bytes, uint32_t position) 1118{ 1119 int ret; 1120 1121 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes, 1122 position, a->rsrc_xattr_options); 1123 if (ret < 0) { 1124 archive_set_error(&a->archive, errno, 1125 "Cannot restore xattr: %s at %u pos %u bytes", 1126 XATTR_RESOURCEFORK_NAME, 1127 (unsigned)position, 1128 (unsigned)bytes); 1129 return (ARCHIVE_WARN); 1130 } 1131 a->rsrc_xattr_options &= ~XATTR_CREATE; 1132 return (ARCHIVE_OK); 1133} 1134 1135static int 1136hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed) 1137{ 1138 int ret; 1139 1140 ret = hfs_write_resource_fork(a, a->compressed_buffer, 1141 bytes_compressed, a->compressed_rsrc_position); 1142 if (ret == ARCHIVE_OK) 1143 a->compressed_rsrc_position += bytes_compressed; 1144 return (ret); 1145} 1146 1147static int 1148hfs_write_resource_fork_header(struct archive_write_disk *a) 1149{ 1150 unsigned char *buff; 1151 uint32_t rsrc_bytes; 1152 uint32_t rsrc_header_bytes; 1153 1154 /* 1155 * Write resource fork header + block info. 1156 */ 1157 buff = a->resource_fork; 1158 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE; 1159 rsrc_header_bytes = 1160 RSRC_H_SIZE + /* Header base size. */ 1161 4 + /* Block count. */ 1162 (a->decmpfs_block_count * 8);/* Block info */ 1163 archive_be32enc(buff, 0x100); 1164 archive_be32enc(buff + 4, rsrc_bytes); 1165 archive_be32enc(buff + 8, rsrc_bytes - 256); 1166 archive_be32enc(buff + 12, 0x32); 1167 memset(buff + 16, 0, 240); 1168 archive_be32enc(buff + 256, rsrc_bytes - 260); 1169 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0); 1170} 1171 1172static size_t 1173hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size) 1174{ 1175 static const char rsrc_footer[RSRC_F_SIZE] = { 1176 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1177 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1178 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1179 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm', 1180 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 1181 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1182 0x00, 0x00 1183 }; 1184 if (buff_size < sizeof(rsrc_footer)) 1185 return (0); 1186 memcpy(buff, rsrc_footer, sizeof(rsrc_footer)); 1187 return (sizeof(rsrc_footer)); 1188} 1189 1190static int 1191hfs_reset_compressor(struct archive_write_disk *a) 1192{ 1193 int ret; 1194 1195 if (a->stream_valid) 1196 ret = deflateReset(&a->stream); 1197 else 1198 ret = deflateInit(&a->stream, a->decmpfs_compression_level); 1199 1200 if (ret != Z_OK) { 1201 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1202 "Failed to initialize compressor"); 1203 return (ARCHIVE_FATAL); 1204 } else 1205 a->stream_valid = 1; 1206 1207 return (ARCHIVE_OK); 1208} 1209 1210static int 1211hfs_decompress(struct archive_write_disk *a) 1212{ 1213 uint32_t *block_info; 1214 unsigned int block_count; 1215 uint32_t data_pos, data_size; 1216 ssize_t r; 1217 ssize_t bytes_written, bytes_to_write; 1218 unsigned char *b; 1219 1220 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1221 block_count = archive_le32dec(block_info++); 1222 while (block_count--) { 1223 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++); 1224 data_size = archive_le32dec(block_info++); 1225 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME, 1226 a->compressed_buffer, data_size, data_pos, 0); 1227 if (r != data_size) { 1228 archive_set_error(&a->archive, 1229 (r < 0)?errno:ARCHIVE_ERRNO_MISC, 1230 "Failed to read resource fork"); 1231 return (ARCHIVE_WARN); 1232 } 1233 if (a->compressed_buffer[0] == 0xff) { 1234 bytes_to_write = data_size -1; 1235 b = a->compressed_buffer + 1; 1236 } else { 1237 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE; 1238 int zr; 1239 1240 zr = uncompress((Bytef *)a->uncompressed_buffer, 1241 &dest_len, a->compressed_buffer, data_size); 1242 if (zr != Z_OK) { 1243 archive_set_error(&a->archive, 1244 ARCHIVE_ERRNO_MISC, 1245 "Failed to decompress resource fork"); 1246 return (ARCHIVE_WARN); 1247 } 1248 bytes_to_write = dest_len; 1249 b = (unsigned char *)a->uncompressed_buffer; 1250 } 1251 do { 1252 bytes_written = write(a->fd, b, bytes_to_write); 1253 if (bytes_written < 0) { 1254 archive_set_error(&a->archive, errno, 1255 "Write failed"); 1256 return (ARCHIVE_WARN); 1257 } 1258 bytes_to_write -= bytes_written; 1259 b += bytes_written; 1260 } while (bytes_to_write > 0); 1261 } 1262 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0); 1263 if (r == -1) { 1264 archive_set_error(&a->archive, errno, 1265 "Failed to remove resource fork"); 1266 return (ARCHIVE_WARN); 1267 } 1268 return (ARCHIVE_OK); 1269} 1270 1271static int 1272hfs_drive_compressor(struct archive_write_disk *a, const char *buff, 1273 size_t size) 1274{ 1275 unsigned char *buffer_compressed; 1276 size_t bytes_compressed; 1277 size_t bytes_used; 1278 int ret; 1279 1280 ret = hfs_reset_compressor(a); 1281 if (ret != ARCHIVE_OK) 1282 return (ret); 1283 1284 if (a->compressed_buffer == NULL) { 1285 size_t block_size; 1286 1287 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE + 1288 + compressBound(MAX_DECMPFS_BLOCK_SIZE); 1289 a->compressed_buffer = malloc(block_size); 1290 if (a->compressed_buffer == NULL) { 1291 archive_set_error(&a->archive, ENOMEM, 1292 "Can't allocate memory for Resource Fork"); 1293 return (ARCHIVE_FATAL); 1294 } 1295 a->compressed_buffer_size = block_size; 1296 a->compressed_buffer_remaining = block_size; 1297 } 1298 1299 buffer_compressed = a->compressed_buffer + 1300 a->compressed_buffer_size - a->compressed_buffer_remaining; 1301 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff; 1302 a->stream.avail_in = size; 1303 a->stream.next_out = buffer_compressed; 1304 a->stream.avail_out = a->compressed_buffer_remaining; 1305 do { 1306 ret = deflate(&a->stream, Z_FINISH); 1307 switch (ret) { 1308 case Z_OK: 1309 case Z_STREAM_END: 1310 break; 1311 default: 1312 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1313 "Failed to compress data"); 1314 return (ARCHIVE_FAILED); 1315 } 1316 } while (ret == Z_OK); 1317 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out; 1318 1319 /* 1320 * If the compressed size is larger than the original size, 1321 * throw away compressed data, use uncompressed data instead. 1322 */ 1323 if (bytes_compressed > size) { 1324 buffer_compressed[0] = 0xFF;/* uncompressed marker. */ 1325 memcpy(buffer_compressed + 1, buff, size); 1326 bytes_compressed = size + 1; 1327 } 1328 a->compressed_buffer_remaining -= bytes_compressed; 1329 1330 /* 1331 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE 1332 * and the block count in the file is only one, store compressed 1333 * data to decmpfs xattr instead of the resource fork. 1334 */ 1335 if (a->decmpfs_block_count == 1 && 1336 (a->decmpfs_attr_size + bytes_compressed) 1337 <= MAX_DECMPFS_XATTR_SIZE) { 1338 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1339 CMP_XATTR); 1340 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE, 1341 buffer_compressed, bytes_compressed); 1342 a->decmpfs_attr_size += bytes_compressed; 1343 a->compressed_buffer_remaining = a->compressed_buffer_size; 1344 /* 1345 * Finish HFS+ Compression. 1346 * - Write the decmpfs xattr. 1347 * - Set the UF_COMPRESSED file flag. 1348 */ 1349 ret = hfs_write_decmpfs(a); 1350 if (ret == ARCHIVE_OK) 1351 ret = hfs_set_compressed_fflag(a); 1352 return (ret); 1353 } 1354 1355 /* Update block info. */ 1356 archive_le32enc(a->decmpfs_block_info++, 1357 a->compressed_rsrc_position_v - RSRC_H_SIZE); 1358 archive_le32enc(a->decmpfs_block_info++, bytes_compressed); 1359 a->compressed_rsrc_position_v += bytes_compressed; 1360 1361 /* 1362 * Write the compressed data to the resource fork. 1363 */ 1364 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining; 1365 while (bytes_used >= COMPRESSED_W_SIZE) { 1366 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE); 1367 if (ret != ARCHIVE_OK) 1368 return (ret); 1369 bytes_used -= COMPRESSED_W_SIZE; 1370 if (bytes_used > COMPRESSED_W_SIZE) 1371 memmove(a->compressed_buffer, 1372 a->compressed_buffer + COMPRESSED_W_SIZE, 1373 bytes_used); 1374 else 1375 memcpy(a->compressed_buffer, 1376 a->compressed_buffer + COMPRESSED_W_SIZE, 1377 bytes_used); 1378 } 1379 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used; 1380 1381 /* 1382 * If the current block is the last block, write the remaining 1383 * compressed data and the resource fork footer. 1384 */ 1385 if (a->file_remaining_bytes == 0) { 1386 size_t rsrc_size; 1387 int64_t bk; 1388 1389 /* Append the resource footer. */ 1390 rsrc_size = hfs_set_resource_fork_footer( 1391 a->compressed_buffer + bytes_used, 1392 a->compressed_buffer_remaining); 1393 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size); 1394 a->compressed_buffer_remaining = a->compressed_buffer_size; 1395 1396 /* If the compressed size is not enough smaller than 1397 * the uncompressed size. cancel HFS+ compression. 1398 * TODO: study a behavior of ditto utility and improve 1399 * the condition to fall back into no HFS+ compression. */ 1400 bk = HFS_BLOCKS(a->compressed_rsrc_position); 1401 bk += bk >> 7; 1402 if (bk > HFS_BLOCKS(a->filesize)) 1403 return hfs_decompress(a); 1404 /* 1405 * Write the resourcefork header. 1406 */ 1407 if (ret == ARCHIVE_OK) 1408 ret = hfs_write_resource_fork_header(a); 1409 /* 1410 * Finish HFS+ Compression. 1411 * - Write the decmpfs xattr. 1412 * - Set the UF_COMPRESSED file flag. 1413 */ 1414 if (ret == ARCHIVE_OK) 1415 ret = hfs_write_decmpfs(a); 1416 if (ret == ARCHIVE_OK) 1417 ret = hfs_set_compressed_fflag(a); 1418 } 1419 return (ret); 1420} 1421 1422static ssize_t 1423hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff, 1424 size_t size) 1425{ 1426 const char *buffer_to_write; 1427 size_t bytes_to_write; 1428 int ret; 1429 1430 if (a->decmpfs_block_count == (unsigned)-1) { 1431 void *new_block; 1432 size_t new_size; 1433 unsigned int block_count; 1434 1435 if (a->decmpfs_header_p == NULL) { 1436 new_block = malloc(MAX_DECMPFS_XATTR_SIZE 1437 + sizeof(uint32_t)); 1438 if (new_block == NULL) { 1439 archive_set_error(&a->archive, ENOMEM, 1440 "Can't allocate memory for decmpfs"); 1441 return (ARCHIVE_FATAL); 1442 } 1443 a->decmpfs_header_p = new_block; 1444 } 1445 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE; 1446 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC], 1447 DECMPFS_MAGIC); 1448 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1449 CMP_RESOURCE_FORK); 1450 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE], 1451 a->filesize); 1452 1453 /* Calculate a block count of the file. */ 1454 block_count = 1455 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) / 1456 MAX_DECMPFS_BLOCK_SIZE; 1457 /* 1458 * Allocate buffer for resource fork. 1459 * Set up related pointers; 1460 */ 1461 new_size = 1462 RSRC_H_SIZE + /* header */ 1463 4 + /* Block count */ 1464 (block_count * sizeof(uint32_t) * 2) + 1465 RSRC_F_SIZE; /* footer */ 1466 if (new_size > a->resource_fork_allocated_size) { 1467 new_block = realloc(a->resource_fork, new_size); 1468 if (new_block == NULL) { 1469 archive_set_error(&a->archive, ENOMEM, 1470 "Can't allocate memory for ResourceFork"); 1471 return (ARCHIVE_FATAL); 1472 } 1473 a->resource_fork_allocated_size = new_size; 1474 a->resource_fork = new_block; 1475 } 1476 1477 /* Allocate uncompressed buffer */ 1478 if (a->uncompressed_buffer == NULL) { 1479 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE); 1480 if (new_block == NULL) { 1481 archive_set_error(&a->archive, ENOMEM, 1482 "Can't allocate memory for decmpfs"); 1483 return (ARCHIVE_FATAL); 1484 } 1485 a->uncompressed_buffer = new_block; 1486 } 1487 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1488 a->file_remaining_bytes = a->filesize; 1489 a->compressed_buffer_remaining = a->compressed_buffer_size; 1490 1491 /* 1492 * Set up a resource fork. 1493 */ 1494 a->rsrc_xattr_options = XATTR_CREATE; 1495 /* Get the position where we are going to set a bunch 1496 * of block info. */ 1497 a->decmpfs_block_info = 1498 (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1499 /* Set the block count to the resource fork. */ 1500 archive_le32enc(a->decmpfs_block_info++, block_count); 1501 /* Get the position where we are going to set compressed 1502 * data. */ 1503 a->compressed_rsrc_position = 1504 RSRC_H_SIZE + 4 + (block_count * 8); 1505 a->compressed_rsrc_position_v = a->compressed_rsrc_position; 1506 a->decmpfs_block_count = block_count; 1507 } 1508 1509 /* Ignore redundant bytes. */ 1510 if (a->file_remaining_bytes == 0) 1511 return ((ssize_t)size); 1512 1513 /* Do not overrun a block size. */ 1514 if (size > a->block_remaining_bytes) 1515 bytes_to_write = a->block_remaining_bytes; 1516 else 1517 bytes_to_write = size; 1518 /* Do not overrun the file size. */ 1519 if (bytes_to_write > a->file_remaining_bytes) 1520 bytes_to_write = a->file_remaining_bytes; 1521 1522 /* For efficiency, if a copy length is full of the uncompressed 1523 * buffer size, do not copy writing data to it. */ 1524 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE) 1525 buffer_to_write = buff; 1526 else { 1527 memcpy(a->uncompressed_buffer + 1528 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes, 1529 buff, bytes_to_write); 1530 buffer_to_write = a->uncompressed_buffer; 1531 } 1532 a->block_remaining_bytes -= bytes_to_write; 1533 a->file_remaining_bytes -= bytes_to_write; 1534 1535 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) { 1536 ret = hfs_drive_compressor(a, buffer_to_write, 1537 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes); 1538 if (ret < 0) 1539 return (ret); 1540 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1541 } 1542 /* Ignore redundant bytes. */ 1543 if (a->file_remaining_bytes == 0) 1544 return ((ssize_t)size); 1545 return (bytes_to_write); 1546} 1547 1548static ssize_t 1549hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1550 size_t size) 1551{ 1552 uint64_t start_size = size; 1553 ssize_t bytes_written = 0; 1554 ssize_t bytes_to_write; 1555 1556 if (size == 0) 1557 return (ARCHIVE_OK); 1558 1559 if (a->filesize == 0 || a->fd < 0) { 1560 archive_set_error(&a->archive, 0, 1561 "Attempt to write to an empty file"); 1562 return (ARCHIVE_WARN); 1563 } 1564 1565 /* If this write would run beyond the file size, truncate it. */ 1566 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 1567 start_size = size = (size_t)(a->filesize - a->offset); 1568 1569 /* Write the data. */ 1570 while (size > 0) { 1571 bytes_to_write = size; 1572 /* Seek if necessary to the specified offset. */ 1573 if (a->offset < a->fd_offset) { 1574 /* Can't support backward move. */ 1575 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1576 "Seek failed"); 1577 return (ARCHIVE_FATAL); 1578 } else if (a->offset > a->fd_offset) { 1579 int64_t skip = a->offset - a->fd_offset; 1580 char nullblock[1024]; 1581 1582 memset(nullblock, 0, sizeof(nullblock)); 1583 while (skip > 0) { 1584 if (skip > (int64_t)sizeof(nullblock)) 1585 bytes_written = hfs_write_decmpfs_block( 1586 a, nullblock, sizeof(nullblock)); 1587 else 1588 bytes_written = hfs_write_decmpfs_block( 1589 a, nullblock, skip); 1590 if (bytes_written < 0) { 1591 archive_set_error(&a->archive, errno, 1592 "Write failed"); 1593 return (ARCHIVE_WARN); 1594 } 1595 skip -= bytes_written; 1596 } 1597 1598 a->fd_offset = a->offset; 1599 } 1600 bytes_written = 1601 hfs_write_decmpfs_block(a, buff, bytes_to_write); 1602 if (bytes_written < 0) 1603 return (bytes_written); 1604 buff += bytes_written; 1605 size -= bytes_written; 1606 a->total_bytes_written += bytes_written; 1607 a->offset += bytes_written; 1608 a->fd_offset = a->offset; 1609 } 1610 return (start_size - size); 1611} 1612#else 1613static ssize_t 1614hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1615 size_t size) 1616{ 1617 return (write_data_block(a, buff, size)); 1618} 1619#endif 1620 1621static ssize_t 1622_archive_write_disk_data_block(struct archive *_a, 1623 const void *buff, size_t size, int64_t offset) 1624{ 1625 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1626 ssize_t r; 1627 1628 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1629 ARCHIVE_STATE_DATA, "archive_write_data_block"); 1630 1631 a->offset = offset; 1632 if (a->todo & TODO_HFS_COMPRESSION) 1633 r = hfs_write_data_block(a, buff, size); 1634 else 1635 r = write_data_block(a, buff, size); 1636 if (r < ARCHIVE_OK) 1637 return (r); 1638 if ((size_t)r < size) { 1639 archive_set_error(&a->archive, 0, 1640 "Too much data: Truncating file at %ju bytes", 1641 (uintmax_t)a->filesize); 1642 return (ARCHIVE_WARN); 1643 } 1644#if ARCHIVE_VERSION_NUMBER < 3999000 1645 return (ARCHIVE_OK); 1646#else 1647 return (size); 1648#endif 1649} 1650 1651static ssize_t 1652_archive_write_disk_data(struct archive *_a, const void *buff, size_t size) 1653{ 1654 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1655 1656 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1657 ARCHIVE_STATE_DATA, "archive_write_data"); 1658 1659 if (a->todo & TODO_HFS_COMPRESSION) 1660 return (hfs_write_data_block(a, buff, size)); 1661 return (write_data_block(a, buff, size)); 1662} 1663 1664static int 1665_archive_write_disk_finish_entry(struct archive *_a) 1666{ 1667 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1668 int ret = ARCHIVE_OK; 1669 1670 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1671 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 1672 "archive_write_finish_entry"); 1673 if (a->archive.state & ARCHIVE_STATE_HEADER) 1674 return (ARCHIVE_OK); 1675 archive_clear_error(&a->archive); 1676 1677 /* Pad or truncate file to the right size. */ 1678 if (a->fd < 0) { 1679 /* There's no file. */ 1680 } else if (a->filesize < 0) { 1681 /* File size is unknown, so we can't set the size. */ 1682 } else if (a->fd_offset == a->filesize) { 1683 /* Last write ended at exactly the filesize; we're done. */ 1684 /* Hopefully, this is the common case. */ 1685#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 1686 } else if (a->todo & TODO_HFS_COMPRESSION) { 1687 char null_d[1024]; 1688 ssize_t r; 1689 1690 if (a->file_remaining_bytes) 1691 memset(null_d, 0, sizeof(null_d)); 1692 while (a->file_remaining_bytes) { 1693 if (a->file_remaining_bytes > sizeof(null_d)) 1694 r = hfs_write_data_block( 1695 a, null_d, sizeof(null_d)); 1696 else 1697 r = hfs_write_data_block( 1698 a, null_d, a->file_remaining_bytes); 1699 if (r < 0) 1700 return ((int)r); 1701 } 1702#endif 1703 } else { 1704#if HAVE_FTRUNCATE 1705 if (ftruncate(a->fd, a->filesize) == -1 && 1706 a->filesize == 0) { 1707 archive_set_error(&a->archive, errno, 1708 "File size could not be restored"); 1709 return (ARCHIVE_FAILED); 1710 } 1711#endif 1712 /* 1713 * Not all platforms implement the XSI option to 1714 * extend files via ftruncate. Stat() the file again 1715 * to see what happened. 1716 */ 1717 a->pst = NULL; 1718 if ((ret = lazy_stat(a)) != ARCHIVE_OK) 1719 return (ret); 1720 /* We can use lseek()/write() to extend the file if 1721 * ftruncate didn't work or isn't available. */ 1722 if (a->st.st_size < a->filesize) { 1723 const char nul = '\0'; 1724 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) { 1725 archive_set_error(&a->archive, errno, 1726 "Seek failed"); 1727 return (ARCHIVE_FATAL); 1728 } 1729 if (write(a->fd, &nul, 1) < 0) { 1730 archive_set_error(&a->archive, errno, 1731 "Write to restore size failed"); 1732 return (ARCHIVE_FATAL); 1733 } 1734 a->pst = NULL; 1735 } 1736 } 1737 1738 /* Restore metadata. */ 1739 1740 /* 1741 * This is specific to Mac OS X. 1742 * If the current file is an AppleDouble file, it should be 1743 * linked with the data fork file and remove it. 1744 */ 1745 if (a->todo & TODO_APPLEDOUBLE) { 1746 int r2 = fixup_appledouble(a, a->name); 1747 if (r2 == ARCHIVE_EOF) { 1748 /* The current file has been successfully linked 1749 * with the data fork file and removed. So there 1750 * is nothing to do on the current file. */ 1751 goto finish_metadata; 1752 } 1753 if (r2 < ret) ret = r2; 1754 } 1755 1756 /* 1757 * Look up the "real" UID only if we're going to need it. 1758 * TODO: the TODO_SGID condition can be dropped here, can't it? 1759 */ 1760 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) { 1761 a->uid = archive_write_disk_uid(&a->archive, 1762 archive_entry_uname(a->entry), 1763 archive_entry_uid(a->entry)); 1764 } 1765 /* Look up the "real" GID only if we're going to need it. */ 1766 /* TODO: the TODO_SUID condition can be dropped here, can't it? */ 1767 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) { 1768 a->gid = archive_write_disk_gid(&a->archive, 1769 archive_entry_gname(a->entry), 1770 archive_entry_gid(a->entry)); 1771 } 1772 1773 /* 1774 * Restore ownership before set_mode tries to restore suid/sgid 1775 * bits. If we set the owner, we know what it is and can skip 1776 * a stat() call to examine the ownership of the file on disk. 1777 */ 1778 if (a->todo & TODO_OWNER) { 1779 int r2 = set_ownership(a); 1780 if (r2 < ret) ret = r2; 1781 } 1782 1783 /* 1784 * HYPOTHESIS: 1785 * If we're not root, we won't be setting any security 1786 * attributes that may be wiped by the set_mode() routine 1787 * below. We also can't set xattr on non-owner-writable files, 1788 * which may be the state after set_mode(). Perform 1789 * set_xattrs() first based on these constraints. 1790 */ 1791 if (a->user_uid != 0 && 1792 (a->todo & TODO_XATTR)) { 1793 int r2 = set_xattrs(a); 1794 if (r2 < ret) ret = r2; 1795 } 1796 1797 /* 1798 * set_mode must precede ACLs on systems such as Solaris and 1799 * FreeBSD where setting the mode implicitly clears extended ACLs 1800 */ 1801 if (a->todo & TODO_MODE) { 1802 int r2 = set_mode(a, a->mode); 1803 if (r2 < ret) ret = r2; 1804 } 1805 1806 /* 1807 * Security-related extended attributes (such as 1808 * security.capability on Linux) have to be restored last, 1809 * since they're implicitly removed by other file changes. 1810 * We do this last only when root. 1811 */ 1812 if (a->user_uid == 0 && 1813 (a->todo & TODO_XATTR)) { 1814 int r2 = set_xattrs(a); 1815 if (r2 < ret) ret = r2; 1816 } 1817 1818 /* 1819 * Some flags prevent file modification; they must be restored after 1820 * file contents are written. 1821 */ 1822 if (a->todo & TODO_FFLAGS) { 1823 int r2 = set_fflags(a); 1824 if (r2 < ret) ret = r2; 1825 } 1826 1827 /* 1828 * Time must follow most other metadata; 1829 * otherwise atime will get changed. 1830 */ 1831 if (a->todo & TODO_TIMES) { 1832 int r2 = set_times_from_entry(a); 1833 if (r2 < ret) ret = r2; 1834 } 1835 1836 /* 1837 * Mac extended metadata includes ACLs. 1838 */ 1839 if (a->todo & TODO_MAC_METADATA) { 1840 const void *metadata; 1841 size_t metadata_size; 1842 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 1843 if (metadata != NULL && metadata_size > 0) { 1844 int r2 = set_mac_metadata(a, archive_entry_pathname( 1845 a->entry), metadata, metadata_size); 1846 if (r2 < ret) ret = r2; 1847 } 1848 } 1849 1850 /* 1851 * ACLs must be restored after timestamps because there are 1852 * ACLs that prevent attribute changes (including time). 1853 */ 1854 if (a->todo & TODO_ACLS) { 1855 int r2; 1856 r2 = archive_write_disk_set_acls(&a->archive, a->fd, 1857 archive_entry_pathname(a->entry), 1858 archive_entry_acl(a->entry), 1859 archive_entry_mode(a->entry)); 1860 if (r2 < ret) ret = r2; 1861 } 1862 1863finish_metadata: 1864 /* If there's an fd, we can close it now. */ 1865 if (a->fd >= 0) { 1866 close(a->fd); 1867 a->fd = -1; 1868 if (a->tmpname) { 1869 if (rename(a->tmpname, a->name) == -1) { 1870 archive_set_error(&a->archive, errno, 1871 "Failed to rename temporary file"); 1872 ret = ARCHIVE_FAILED; 1873 unlink(a->tmpname); 1874 } 1875 a->tmpname = NULL; 1876 } 1877 } 1878 /* If there's an entry, we can release it now. */ 1879 archive_entry_free(a->entry); 1880 a->entry = NULL; 1881 a->archive.state = ARCHIVE_STATE_HEADER; 1882 return (ret); 1883} 1884 1885int 1886archive_write_disk_set_group_lookup(struct archive *_a, 1887 void *private_data, 1888 la_int64_t (*lookup_gid)(void *private, const char *gname, la_int64_t gid), 1889 void (*cleanup_gid)(void *private)) 1890{ 1891 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1892 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1893 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup"); 1894 1895 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL) 1896 (a->cleanup_gid)(a->lookup_gid_data); 1897 1898 a->lookup_gid = lookup_gid; 1899 a->cleanup_gid = cleanup_gid; 1900 a->lookup_gid_data = private_data; 1901 return (ARCHIVE_OK); 1902} 1903 1904int 1905archive_write_disk_set_user_lookup(struct archive *_a, 1906 void *private_data, 1907 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid), 1908 void (*cleanup_uid)(void *private)) 1909{ 1910 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1911 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1912 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup"); 1913 1914 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL) 1915 (a->cleanup_uid)(a->lookup_uid_data); 1916 1917 a->lookup_uid = lookup_uid; 1918 a->cleanup_uid = cleanup_uid; 1919 a->lookup_uid_data = private_data; 1920 return (ARCHIVE_OK); 1921} 1922 1923int64_t 1924archive_write_disk_gid(struct archive *_a, const char *name, la_int64_t id) 1925{ 1926 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1927 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1928 ARCHIVE_STATE_ANY, "archive_write_disk_gid"); 1929 if (a->lookup_gid) 1930 return (a->lookup_gid)(a->lookup_gid_data, name, id); 1931 return (id); 1932} 1933 1934int64_t 1935archive_write_disk_uid(struct archive *_a, const char *name, la_int64_t id) 1936{ 1937 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1938 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1939 ARCHIVE_STATE_ANY, "archive_write_disk_uid"); 1940 if (a->lookup_uid) 1941 return (a->lookup_uid)(a->lookup_uid_data, name, id); 1942 return (id); 1943} 1944 1945/* 1946 * Create a new archive_write_disk object and initialize it with global state. 1947 */ 1948struct archive * 1949archive_write_disk_new(void) 1950{ 1951 struct archive_write_disk *a; 1952 1953 a = (struct archive_write_disk *)calloc(1, sizeof(*a)); 1954 if (a == NULL) 1955 return (NULL); 1956 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC; 1957 /* We're ready to write a header immediately. */ 1958 a->archive.state = ARCHIVE_STATE_HEADER; 1959 a->archive.vtable = archive_write_disk_vtable(); 1960 a->start_time = time(NULL); 1961 /* Query and restore the umask. */ 1962 umask(a->user_umask = umask(0)); 1963#ifdef HAVE_GETEUID 1964 a->user_uid = geteuid(); 1965#endif /* HAVE_GETEUID */ 1966 if (archive_string_ensure(&a->path_safe, 512) == NULL) { 1967 free(a); 1968 return (NULL); 1969 } 1970#ifdef HAVE_ZLIB_H 1971 a->decmpfs_compression_level = 5; 1972#endif 1973 return (&a->archive); 1974} 1975 1976 1977/* 1978 * If pathname is longer than PATH_MAX, chdir to a suitable 1979 * intermediate dir and edit the path down to a shorter suffix. Note 1980 * that this routine never returns an error; if the chdir() attempt 1981 * fails for any reason, we just go ahead with the long pathname. The 1982 * object creation is likely to fail, but any error will get handled 1983 * at that time. 1984 */ 1985#if defined(HAVE_FCHDIR) && defined(PATH_MAX) 1986static void 1987edit_deep_directories(struct archive_write_disk *a) 1988{ 1989 int ret; 1990 char *tail = a->name; 1991 1992 /* If path is short, avoid the open() below. */ 1993 if (strlen(tail) < PATH_MAX) 1994 return; 1995 1996 /* Try to record our starting dir. */ 1997 a->restore_pwd = la_opendirat(AT_FDCWD, "."); 1998 __archive_ensure_cloexec_flag(a->restore_pwd); 1999 if (a->restore_pwd < 0) 2000 return; 2001 2002 /* As long as the path is too long... */ 2003 while (strlen(tail) >= PATH_MAX) { 2004 /* Locate a dir prefix shorter than PATH_MAX. */ 2005 tail += PATH_MAX - 8; 2006 while (tail > a->name && *tail != '/') 2007 tail--; 2008 /* Exit if we find a too-long path component. */ 2009 if (tail <= a->name) 2010 return; 2011 /* Create the intermediate dir and chdir to it. */ 2012 *tail = '\0'; /* Terminate dir portion */ 2013 ret = create_dir(a, a->name); 2014 if (ret == ARCHIVE_OK && chdir(a->name) != 0) 2015 ret = ARCHIVE_FAILED; 2016 *tail = '/'; /* Restore the / we removed. */ 2017 if (ret != ARCHIVE_OK) 2018 return; 2019 tail++; 2020 /* The chdir() succeeded; we've now shortened the path. */ 2021 a->name = tail; 2022 } 2023 return; 2024} 2025#endif 2026 2027/* 2028 * The main restore function. 2029 */ 2030static int 2031restore_entry(struct archive_write_disk *a) 2032{ 2033 int ret = ARCHIVE_OK, en; 2034 2035 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) { 2036 /* 2037 * TODO: Fix this. Apparently, there are platforms 2038 * that still allow root to hose the entire filesystem 2039 * by unlinking a dir. The S_ISDIR() test above 2040 * prevents us from using unlink() here if the new 2041 * object is a dir, but that doesn't mean the old 2042 * object isn't a dir. 2043 */ 2044 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2045 (void)clear_nochange_fflags(a); 2046 if (unlink(a->name) == 0) { 2047 /* We removed it, reset cached stat. */ 2048 a->pst = NULL; 2049 } else if (errno == ENOENT) { 2050 /* File didn't exist, that's just as good. */ 2051 } else if (rmdir(a->name) == 0) { 2052 /* It was a dir, but now it's gone. */ 2053 a->pst = NULL; 2054 } else { 2055 /* We tried, but couldn't get rid of it. */ 2056 archive_set_error(&a->archive, errno, 2057 "Could not unlink"); 2058 return(ARCHIVE_FAILED); 2059 } 2060 } 2061 2062 /* Try creating it first; if this fails, we'll try to recover. */ 2063 en = create_filesystem_object(a); 2064 2065 if ((en == ENOTDIR || en == ENOENT) 2066 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) { 2067 /* If the parent dir doesn't exist, try creating it. */ 2068 create_parent_dir(a, a->name); 2069 /* Now try to create the object again. */ 2070 en = create_filesystem_object(a); 2071 } 2072 2073 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) { 2074 archive_set_error(&a->archive, en, 2075 "Hard-link target '%s' does not exist.", 2076 archive_entry_hardlink(a->entry)); 2077 return (ARCHIVE_FAILED); 2078 } 2079 2080 if ((en == EISDIR || en == EEXIST) 2081 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 2082 /* If we're not overwriting, we're done. */ 2083 if (S_ISDIR(a->mode)) { 2084 /* Don't overwrite any settings on existing directories. */ 2085 a->todo = 0; 2086 } 2087 archive_entry_unset_size(a->entry); 2088 return (ARCHIVE_OK); 2089 } 2090 2091 /* 2092 * Some platforms return EISDIR if you call 2093 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some 2094 * return EEXIST. POSIX is ambiguous, requiring EISDIR 2095 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT) 2096 * on an existing item. 2097 */ 2098 if (en == EISDIR) { 2099 /* A dir is in the way of a non-dir, rmdir it. */ 2100 if (rmdir(a->name) != 0) { 2101 archive_set_error(&a->archive, errno, 2102 "Can't remove already-existing dir"); 2103 return (ARCHIVE_FAILED); 2104 } 2105 a->pst = NULL; 2106 /* Try again. */ 2107 en = create_filesystem_object(a); 2108 } else if (en == EEXIST) { 2109 /* 2110 * We know something is in the way, but we don't know what; 2111 * we need to find out before we go any further. 2112 */ 2113 int r = 0; 2114 /* 2115 * The SECURE_SYMLINKS logic has already removed a 2116 * symlink to a dir if the client wants that. So 2117 * follow the symlink if we're creating a dir. 2118 */ 2119 if (S_ISDIR(a->mode)) 2120 r = la_stat(a->name, &a->st); 2121 /* 2122 * If it's not a dir (or it's a broken symlink), 2123 * then don't follow it. 2124 */ 2125 if (r != 0 || !S_ISDIR(a->mode)) 2126 r = lstat(a->name, &a->st); 2127 if (r != 0) { 2128 archive_set_error(&a->archive, errno, 2129 "Can't stat existing object"); 2130 return (ARCHIVE_FAILED); 2131 } 2132 2133 /* 2134 * NO_OVERWRITE_NEWER doesn't apply to directories. 2135 */ 2136 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER) 2137 && !S_ISDIR(a->st.st_mode)) { 2138 if (!older(&(a->st), a->entry)) { 2139 archive_entry_unset_size(a->entry); 2140 return (ARCHIVE_OK); 2141 } 2142 } 2143 2144 /* If it's our archive, we're done. */ 2145 if (a->skip_file_set && 2146 a->st.st_dev == (dev_t)a->skip_file_dev && 2147 a->st.st_ino == (ino_t)a->skip_file_ino) { 2148 archive_set_error(&a->archive, 0, 2149 "Refusing to overwrite archive"); 2150 return (ARCHIVE_FAILED); 2151 } 2152 2153 if (!S_ISDIR(a->st.st_mode)) { 2154 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2155 (void)clear_nochange_fflags(a); 2156 2157 if ((a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) && 2158 S_ISREG(a->st.st_mode)) { 2159 /* Use a temporary file to extract */ 2160 if ((a->fd = la_mktemp(a)) == -1) { 2161 archive_set_error(&a->archive, errno, 2162 "Can't create temporary file"); 2163 return ARCHIVE_FAILED; 2164 } 2165 a->pst = NULL; 2166 en = 0; 2167 } else { 2168 /* A non-dir is in the way, unlink it. */ 2169 if (unlink(a->name) != 0) { 2170 archive_set_error(&a->archive, errno, 2171 "Can't unlink already-existing " 2172 "object"); 2173 return (ARCHIVE_FAILED); 2174 } 2175 a->pst = NULL; 2176 /* Try again. */ 2177 en = create_filesystem_object(a); 2178 } 2179 } else if (!S_ISDIR(a->mode)) { 2180 /* A dir is in the way of a non-dir, rmdir it. */ 2181 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2182 (void)clear_nochange_fflags(a); 2183 if (rmdir(a->name) != 0) { 2184 archive_set_error(&a->archive, errno, 2185 "Can't replace existing directory with non-directory"); 2186 return (ARCHIVE_FAILED); 2187 } 2188 /* Try again. */ 2189 en = create_filesystem_object(a); 2190 } else { 2191 /* 2192 * There's a dir in the way of a dir. Don't 2193 * waste time with rmdir()/mkdir(), just fix 2194 * up the permissions on the existing dir. 2195 * Note that we don't change perms on existing 2196 * dirs unless _EXTRACT_PERM is specified. 2197 */ 2198 if ((a->mode != a->st.st_mode) 2199 && (a->todo & TODO_MODE_FORCE)) 2200 a->deferred |= (a->todo & TODO_MODE); 2201 /* Ownership doesn't need deferred fixup. */ 2202 en = 0; /* Forget the EEXIST. */ 2203 } 2204 } 2205 2206 if (en) { 2207 /* Everything failed; give up here. */ 2208 if ((&a->archive)->error == NULL) 2209 archive_set_error(&a->archive, en, "Can't create '%s'", 2210 a->name); 2211 return (ARCHIVE_FAILED); 2212 } 2213 2214 a->pst = NULL; /* Cached stat data no longer valid. */ 2215 return (ret); 2216} 2217 2218/* 2219 * Returns 0 if creation succeeds, or else returns errno value from 2220 * the failed system call. Note: This function should only ever perform 2221 * a single system call. 2222 */ 2223static int 2224create_filesystem_object(struct archive_write_disk *a) 2225{ 2226 /* Create the entry. */ 2227 const char *linkname; 2228 mode_t final_mode, mode; 2229 int r; 2230 /* these for check_symlinks_fsobj */ 2231 char *linkname_copy; /* non-const copy of linkname */ 2232 struct stat st; 2233 struct archive_string error_string; 2234 int error_number; 2235 2236 /* We identify hard/symlinks according to the link names. */ 2237 /* Since link(2) and symlink(2) don't handle modes, we're done here. */ 2238 linkname = archive_entry_hardlink(a->entry); 2239 if (linkname != NULL) { 2240#if !HAVE_LINK 2241 return (EPERM); 2242#else 2243 archive_string_init(&error_string); 2244 linkname_copy = strdup(linkname); 2245 if (linkname_copy == NULL) { 2246 return (EPERM); 2247 } 2248 /* 2249 * TODO: consider using the cleaned-up path as the link 2250 * target? 2251 */ 2252 r = cleanup_pathname_fsobj(linkname_copy, &error_number, 2253 &error_string, a->flags); 2254 if (r != ARCHIVE_OK) { 2255 archive_set_error(&a->archive, error_number, "%s", 2256 error_string.s); 2257 free(linkname_copy); 2258 archive_string_free(&error_string); 2259 /* 2260 * EPERM is more appropriate than error_number for our 2261 * callers 2262 */ 2263 return (EPERM); 2264 } 2265 r = check_symlinks_fsobj(linkname_copy, &error_number, 2266 &error_string, a->flags, 1); 2267 if (r != ARCHIVE_OK) { 2268 archive_set_error(&a->archive, error_number, "%s", 2269 error_string.s); 2270 free(linkname_copy); 2271 archive_string_free(&error_string); 2272 /* 2273 * EPERM is more appropriate than error_number for our 2274 * callers 2275 */ 2276 return (EPERM); 2277 } 2278 free(linkname_copy); 2279 archive_string_free(&error_string); 2280 /* 2281 * Unlinking and linking here is really not atomic, 2282 * but doing it right, would require us to construct 2283 * an mktemplink() function, and then use rename(2). 2284 */ 2285 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) 2286 unlink(a->name); 2287#ifdef HAVE_LINKAT 2288 r = linkat(AT_FDCWD, linkname, AT_FDCWD, a->name, 2289 0) ? errno : 0; 2290#else 2291 r = link(linkname, a->name) ? errno : 0; 2292#endif 2293 /* 2294 * New cpio and pax formats allow hardlink entries 2295 * to carry data, so we may have to open the file 2296 * for hardlink entries. 2297 * 2298 * If the hardlink was successfully created and 2299 * the archive doesn't have carry data for it, 2300 * consider it to be non-authoritative for meta data. 2301 * This is consistent with GNU tar and BSD pax. 2302 * If the hardlink does carry data, let the last 2303 * archive entry decide ownership. 2304 */ 2305 if (r == 0 && a->filesize <= 0) { 2306 a->todo = 0; 2307 a->deferred = 0; 2308 } else if (r == 0 && a->filesize > 0) { 2309#ifdef HAVE_LSTAT 2310 r = lstat(a->name, &st); 2311#else 2312 r = la_stat(a->name, &st); 2313#endif 2314 if (r != 0) 2315 r = errno; 2316 else if ((st.st_mode & AE_IFMT) == AE_IFREG) { 2317 a->fd = open(a->name, O_WRONLY | O_TRUNC | 2318 O_BINARY | O_CLOEXEC | O_NOFOLLOW); 2319 __archive_ensure_cloexec_flag(a->fd); 2320 if (a->fd < 0) 2321 r = errno; 2322 } 2323 } 2324 return (r); 2325#endif 2326 } 2327 linkname = archive_entry_symlink(a->entry); 2328 if (linkname != NULL) { 2329#if HAVE_SYMLINK 2330 /* 2331 * Unlinking and linking here is really not atomic, 2332 * but doing it right, would require us to construct 2333 * an mktempsymlink() function, and then use rename(2). 2334 */ 2335 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) 2336 unlink(a->name); 2337 return symlink(linkname, a->name) ? errno : 0; 2338#else 2339 return (EPERM); 2340#endif 2341 } 2342 2343 /* 2344 * The remaining system calls all set permissions, so let's 2345 * try to take advantage of that to avoid an extra chmod() 2346 * call. (Recall that umask is set to zero right now!) 2347 */ 2348 2349 /* Mode we want for the final restored object (w/o file type bits). */ 2350 final_mode = a->mode & 07777; 2351 /* 2352 * The mode that will actually be restored in this step. Note 2353 * that SUID, SGID, etc, require additional work to ensure 2354 * security, so we never restore them at this point. 2355 */ 2356 mode = final_mode & 0777 & ~a->user_umask; 2357 2358 /* 2359 * Always create writable such that [f]setxattr() works if we're not 2360 * root. 2361 */ 2362 if (a->user_uid != 0 && 2363 a->todo & (TODO_HFS_COMPRESSION | TODO_XATTR)) { 2364 mode |= 0200; 2365 } 2366 2367 switch (a->mode & AE_IFMT) { 2368 default: 2369 /* POSIX requires that we fall through here. */ 2370 /* FALLTHROUGH */ 2371 case AE_IFREG: 2372 a->tmpname = NULL; 2373 a->fd = open(a->name, 2374 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode); 2375 __archive_ensure_cloexec_flag(a->fd); 2376 r = (a->fd < 0); 2377 break; 2378 case AE_IFCHR: 2379#ifdef HAVE_MKNOD 2380 /* Note: we use AE_IFCHR for the case label, and 2381 * S_IFCHR for the mknod() call. This is correct. */ 2382 r = mknod(a->name, mode | S_IFCHR, 2383 archive_entry_rdev(a->entry)); 2384 break; 2385#else 2386 /* TODO: Find a better way to warn about our inability 2387 * to restore a char device node. */ 2388 return (EINVAL); 2389#endif /* HAVE_MKNOD */ 2390 case AE_IFBLK: 2391#ifdef HAVE_MKNOD 2392 r = mknod(a->name, mode | S_IFBLK, 2393 archive_entry_rdev(a->entry)); 2394 break; 2395#else 2396 /* TODO: Find a better way to warn about our inability 2397 * to restore a block device node. */ 2398 return (EINVAL); 2399#endif /* HAVE_MKNOD */ 2400 case AE_IFDIR: 2401 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE; 2402 r = mkdir(a->name, mode); 2403 if (r == 0) { 2404 /* Defer setting dir times. */ 2405 a->deferred |= (a->todo & TODO_TIMES); 2406 a->todo &= ~TODO_TIMES; 2407 /* Never use an immediate chmod(). */ 2408 /* We can't avoid the chmod() entirely if EXTRACT_PERM 2409 * because of SysV SGID inheritance. */ 2410 if ((mode != final_mode) 2411 || (a->flags & ARCHIVE_EXTRACT_PERM)) 2412 a->deferred |= (a->todo & TODO_MODE); 2413 a->todo &= ~TODO_MODE; 2414 } 2415 break; 2416 case AE_IFIFO: 2417#ifdef HAVE_MKFIFO 2418 r = mkfifo(a->name, mode); 2419 break; 2420#else 2421 /* TODO: Find a better way to warn about our inability 2422 * to restore a fifo. */ 2423 return (EINVAL); 2424#endif /* HAVE_MKFIFO */ 2425 } 2426 2427 /* All the system calls above set errno on failure. */ 2428 if (r) 2429 return (errno); 2430 2431 /* If we managed to set the final mode, we've avoided a chmod(). */ 2432 if (mode == final_mode) 2433 a->todo &= ~TODO_MODE; 2434 return (0); 2435} 2436 2437/* 2438 * Cleanup function for archive_extract. Mostly, this involves processing 2439 * the fixup list, which is used to address a number of problems: 2440 * * Dir permissions might prevent us from restoring a file in that 2441 * dir, so we restore the dir with minimum 0700 permissions first, 2442 * then correct the mode at the end. 2443 * * Similarly, the act of restoring a file touches the directory 2444 * and changes the timestamp on the dir, so we have to touch-up dir 2445 * timestamps at the end as well. 2446 * * Some file flags can interfere with the restore by, for example, 2447 * preventing the creation of hardlinks to those files. 2448 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs. 2449 * 2450 * Note that tar/cpio do not require that archives be in a particular 2451 * order; there is no way to know when the last file has been restored 2452 * within a directory, so there's no way to optimize the memory usage 2453 * here by fixing up the directory any earlier than the 2454 * end-of-archive. 2455 * 2456 * XXX TODO: Directory ACLs should be restored here, for the same 2457 * reason we set directory perms here. XXX 2458 */ 2459static int 2460_archive_write_disk_close(struct archive *_a) 2461{ 2462 struct archive_write_disk *a = (struct archive_write_disk *)_a; 2463 struct fixup_entry *next, *p; 2464 struct stat st; 2465 int fd, ret; 2466 2467 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 2468 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 2469 "archive_write_disk_close"); 2470 ret = _archive_write_disk_finish_entry(&a->archive); 2471 2472 /* Sort dir list so directories are fixed up in depth-first order. */ 2473 p = sort_dir_list(a->fixup_list); 2474 2475 while (p != NULL) { 2476 fd = -1; 2477 a->pst = NULL; /* Mark stat cache as out-of-date. */ 2478 if (p->fixup & 2479 (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) { 2480 fd = open(p->name, 2481 O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC); 2482 if (fd == -1) { 2483 /* If we cannot lstat, skip entry */ 2484 if (lstat(p->name, &st) != 0) 2485 goto skip_fixup_entry; 2486 /* 2487 * If we deal with a symbolic link, mark 2488 * it in the fixup mode to ensure no 2489 * modifications are made to its target. 2490 */ 2491 if (S_ISLNK(st.st_mode)) { 2492 p->mode &= ~S_IFMT; 2493 p->mode |= S_IFLNK; 2494 } 2495 } 2496 } 2497 if (p->fixup & TODO_TIMES) { 2498 set_times(a, fd, p->mode, p->name, 2499 p->atime, p->atime_nanos, 2500 p->birthtime, p->birthtime_nanos, 2501 p->mtime, p->mtime_nanos, 2502 p->ctime, p->ctime_nanos); 2503 } 2504 if (p->fixup & TODO_MODE_BASE) { 2505#ifdef HAVE_FCHMOD 2506 if (fd >= 0) 2507 fchmod(fd, p->mode); 2508 else 2509#endif 2510#ifdef HAVE_LCHMOD 2511 lchmod(p->name, p->mode); 2512#else 2513 if (!S_ISLNK(p->mode)) 2514 chmod(p->name, p->mode); 2515#endif 2516 } 2517 if (p->fixup & TODO_ACLS) 2518 archive_write_disk_set_acls(&a->archive, fd, 2519 p->name, &p->acl, p->mode); 2520 if (p->fixup & TODO_FFLAGS) 2521 set_fflags_platform(a, fd, p->name, 2522 p->mode, p->fflags_set, 0); 2523 if (p->fixup & TODO_MAC_METADATA) 2524 set_mac_metadata(a, p->name, p->mac_metadata, 2525 p->mac_metadata_size); 2526skip_fixup_entry: 2527 next = p->next; 2528 archive_acl_clear(&p->acl); 2529 free(p->mac_metadata); 2530 free(p->name); 2531 if (fd >= 0) 2532 close(fd); 2533 free(p); 2534 p = next; 2535 } 2536 a->fixup_list = NULL; 2537 return (ret); 2538} 2539 2540static int 2541_archive_write_disk_free(struct archive *_a) 2542{ 2543 struct archive_write_disk *a; 2544 int ret; 2545 if (_a == NULL) 2546 return (ARCHIVE_OK); 2547 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC, 2548 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free"); 2549 a = (struct archive_write_disk *)_a; 2550 ret = _archive_write_disk_close(&a->archive); 2551 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL); 2552 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL); 2553 archive_entry_free(a->entry); 2554 archive_string_free(&a->_name_data); 2555 archive_string_free(&a->_tmpname_data); 2556 archive_string_free(&a->archive.error_string); 2557 archive_string_free(&a->path_safe); 2558 a->archive.magic = 0; 2559 __archive_clean(&a->archive); 2560 free(a->decmpfs_header_p); 2561 free(a->resource_fork); 2562 free(a->compressed_buffer); 2563 free(a->uncompressed_buffer); 2564#if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 2565 && defined(HAVE_ZLIB_H) 2566 if (a->stream_valid) { 2567 switch (deflateEnd(&a->stream)) { 2568 case Z_OK: 2569 break; 2570 default: 2571 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 2572 "Failed to clean up compressor"); 2573 ret = ARCHIVE_FATAL; 2574 break; 2575 } 2576 } 2577#endif 2578 free(a); 2579 return (ret); 2580} 2581 2582/* 2583 * Simple O(n log n) merge sort to order the fixup list. In 2584 * particular, we want to restore dir timestamps depth-first. 2585 */ 2586static struct fixup_entry * 2587sort_dir_list(struct fixup_entry *p) 2588{ 2589 struct fixup_entry *a, *b, *t; 2590 2591 if (p == NULL) 2592 return (NULL); 2593 /* A one-item list is already sorted. */ 2594 if (p->next == NULL) 2595 return (p); 2596 2597 /* Step 1: split the list. */ 2598 t = p; 2599 a = p->next->next; 2600 while (a != NULL) { 2601 /* Step a twice, t once. */ 2602 a = a->next; 2603 if (a != NULL) 2604 a = a->next; 2605 t = t->next; 2606 } 2607 /* Now, t is at the mid-point, so break the list here. */ 2608 b = t->next; 2609 t->next = NULL; 2610 a = p; 2611 2612 /* Step 2: Recursively sort the two sub-lists. */ 2613 a = sort_dir_list(a); 2614 b = sort_dir_list(b); 2615 2616 /* Step 3: Merge the returned lists. */ 2617 /* Pick the first element for the merged list. */ 2618 if (strcmp(a->name, b->name) > 0) { 2619 t = p = a; 2620 a = a->next; 2621 } else { 2622 t = p = b; 2623 b = b->next; 2624 } 2625 2626 /* Always put the later element on the list first. */ 2627 while (a != NULL && b != NULL) { 2628 if (strcmp(a->name, b->name) > 0) { 2629 t->next = a; 2630 a = a->next; 2631 } else { 2632 t->next = b; 2633 b = b->next; 2634 } 2635 t = t->next; 2636 } 2637 2638 /* Only one list is non-empty, so just splice it on. */ 2639 if (a != NULL) 2640 t->next = a; 2641 if (b != NULL) 2642 t->next = b; 2643 2644 return (p); 2645} 2646 2647/* 2648 * Returns a new, initialized fixup entry. 2649 * 2650 * TODO: Reduce the memory requirements for this list by using a tree 2651 * structure rather than a simple list of names. 2652 */ 2653static struct fixup_entry * 2654new_fixup(struct archive_write_disk *a, const char *pathname) 2655{ 2656 struct fixup_entry *fe; 2657 2658 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry)); 2659 if (fe == NULL) { 2660 archive_set_error(&a->archive, ENOMEM, 2661 "Can't allocate memory for a fixup"); 2662 return (NULL); 2663 } 2664 fe->next = a->fixup_list; 2665 a->fixup_list = fe; 2666 fe->fixup = 0; 2667 fe->mode = 0; 2668 fe->name = strdup(pathname); 2669 return (fe); 2670} 2671 2672/* 2673 * Returns a fixup structure for the current entry. 2674 */ 2675static struct fixup_entry * 2676current_fixup(struct archive_write_disk *a, const char *pathname) 2677{ 2678 if (a->current_fixup == NULL) 2679 a->current_fixup = new_fixup(a, pathname); 2680 return (a->current_fixup); 2681} 2682 2683/* Error helper for new *_fsobj functions */ 2684static void 2685fsobj_error(int *a_eno, struct archive_string *a_estr, 2686 int err, const char *errstr, const char *path) 2687{ 2688 if (a_eno) 2689 *a_eno = err; 2690 if (a_estr) 2691 archive_string_sprintf(a_estr, "%s%s", errstr, path); 2692} 2693 2694/* 2695 * TODO: Someday, integrate this with the deep dir support; they both 2696 * scan the path and both can be optimized by comparing against other 2697 * recent paths. 2698 */ 2699/* 2700 * Checks the given path to see if any elements along it are symlinks. Returns 2701 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. 2702 */ 2703static int 2704check_symlinks_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 2705 int flags, int checking_linkname) 2706{ 2707#if !defined(HAVE_LSTAT) && \ 2708 !(defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)) 2709 /* Platform doesn't have lstat, so we can't look for symlinks. */ 2710 (void)path; /* UNUSED */ 2711 (void)error_number; /* UNUSED */ 2712 (void)error_string; /* UNUSED */ 2713 (void)flags; /* UNUSED */ 2714 (void)checking_linkname; /* UNUSED */ 2715 return (ARCHIVE_OK); 2716#else 2717 int res = ARCHIVE_OK; 2718 char *tail; 2719 char *head; 2720 int last; 2721 char c; 2722 int r; 2723 struct stat st; 2724 int chdir_fd; 2725#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2726 int fd; 2727#endif 2728 2729 /* Nothing to do here if name is empty */ 2730 if(path[0] == '\0') 2731 return (ARCHIVE_OK); 2732 2733 /* 2734 * Guard against symlink tricks. Reject any archive entry whose 2735 * destination would be altered by a symlink. 2736 * 2737 * Walk the filename in chunks separated by '/'. For each segment: 2738 * - if it doesn't exist, continue 2739 * - if it's symlink, abort or remove it 2740 * - if it's a directory and it's not the last chunk, cd into it 2741 * As we go: 2742 * head points to the current (relative) path 2743 * tail points to the temporary \0 terminating the segment we're 2744 * currently examining 2745 * c holds what used to be in *tail 2746 * last is 1 if this is the last tail 2747 */ 2748 chdir_fd = la_opendirat(AT_FDCWD, "."); 2749 __archive_ensure_cloexec_flag(chdir_fd); 2750 if (chdir_fd < 0) { 2751 fsobj_error(a_eno, a_estr, errno, 2752 "Could not open ", path); 2753 return (ARCHIVE_FATAL); 2754 } 2755 head = path; 2756 tail = path; 2757 last = 0; 2758 /* TODO: reintroduce a safe cache here? */ 2759 /* Skip the root directory if the path is absolute. */ 2760 if(tail == path && tail[0] == '/') 2761 ++tail; 2762 /* Keep going until we've checked the entire name. 2763 * head, tail, path all alias the same string, which is 2764 * temporarily zeroed at tail, so be careful restoring the 2765 * stashed (c=tail[0]) for error messages. 2766 * Exiting the loop with break is okay; continue is not. 2767 */ 2768 while (!last) { 2769 /* 2770 * Skip the separator we just consumed, plus any adjacent ones 2771 */ 2772 while (*tail == '/') 2773 ++tail; 2774 /* Skip the next path element. */ 2775 while (*tail != '\0' && *tail != '/') 2776 ++tail; 2777 /* is this the last path component? */ 2778 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); 2779 /* temporarily truncate the string here */ 2780 c = tail[0]; 2781 tail[0] = '\0'; 2782 /* Check that we haven't hit a symlink. */ 2783#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2784 r = fstatat(chdir_fd, head, &st, AT_SYMLINK_NOFOLLOW); 2785#else 2786 r = lstat(head, &st); 2787#endif 2788 if (r != 0) { 2789 tail[0] = c; 2790 /* We've hit a dir that doesn't exist; stop now. */ 2791 if (errno == ENOENT) { 2792 break; 2793 } else { 2794 /* 2795 * Treat any other error as fatal - best to be 2796 * paranoid here. 2797 * Note: This effectively disables deep 2798 * directory support when security checks are 2799 * enabled. Otherwise, very long pathnames that 2800 * trigger an error here could evade the 2801 * sandbox. 2802 * TODO: We could do better, but it would 2803 * probably require merging the symlink checks 2804 * with the deep-directory editing. 2805 */ 2806 fsobj_error(a_eno, a_estr, errno, 2807 "Could not stat ", path); 2808 res = ARCHIVE_FAILED; 2809 break; 2810 } 2811 } else if (S_ISDIR(st.st_mode)) { 2812 if (!last) { 2813#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2814 fd = la_opendirat(chdir_fd, head); 2815 if (fd < 0) 2816 r = -1; 2817 else { 2818 r = 0; 2819 close(chdir_fd); 2820 chdir_fd = fd; 2821 } 2822#else 2823 r = chdir(head); 2824#endif 2825 if (r != 0) { 2826 tail[0] = c; 2827 fsobj_error(a_eno, a_estr, errno, 2828 "Could not chdir ", path); 2829 res = (ARCHIVE_FATAL); 2830 break; 2831 } 2832 /* Our view is now from inside this dir: */ 2833 head = tail + 1; 2834 } 2835 } else if (S_ISLNK(st.st_mode)) { 2836 if (last && checking_linkname) { 2837#ifdef HAVE_LINKAT 2838 /* 2839 * Hardlinks to symlinks are safe to write 2840 * if linkat() is supported as it does not 2841 * follow symlinks. 2842 */ 2843 res = ARCHIVE_OK; 2844#else 2845 /* 2846 * We return ARCHIVE_FAILED here as we are 2847 * not able to safely write hardlinks 2848 * to symlinks. 2849 */ 2850 tail[0] = c; 2851 fsobj_error(a_eno, a_estr, errno, 2852 "Cannot write hardlink to symlink ", 2853 path); 2854 res = ARCHIVE_FAILED; 2855#endif 2856 break; 2857 } else 2858 if (last) { 2859 /* 2860 * Last element is symlink; remove it 2861 * so we can overwrite it with the 2862 * item being extracted. 2863 */ 2864#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2865 r = unlinkat(chdir_fd, head, 0); 2866#else 2867 r = unlink(head); 2868#endif 2869 if (r != 0) { 2870 tail[0] = c; 2871 fsobj_error(a_eno, a_estr, errno, 2872 "Could not remove symlink ", 2873 path); 2874 res = ARCHIVE_FAILED; 2875 break; 2876 } 2877 /* 2878 * Even if we did remove it, a warning 2879 * is in order. The warning is silly, 2880 * though, if we're just replacing one 2881 * symlink with another symlink. 2882 */ 2883 tail[0] = c; 2884 /* 2885 * FIXME: not sure how important this is to 2886 * restore 2887 */ 2888 /* 2889 if (!S_ISLNK(path)) { 2890 fsobj_error(a_eno, a_estr, 0, 2891 "Removing symlink ", path); 2892 } 2893 */ 2894 /* Symlink gone. No more problem! */ 2895 res = ARCHIVE_OK; 2896 break; 2897 } else if (flags & ARCHIVE_EXTRACT_UNLINK) { 2898 /* User asked us to remove problems. */ 2899#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2900 r = unlinkat(chdir_fd, head, 0); 2901#else 2902 r = unlink(head); 2903#endif 2904 if (r != 0) { 2905 tail[0] = c; 2906 fsobj_error(a_eno, a_estr, 0, 2907 "Cannot remove intervening " 2908 "symlink ", path); 2909 res = ARCHIVE_FAILED; 2910 break; 2911 } 2912 tail[0] = c; 2913 } else if ((flags & 2914 ARCHIVE_EXTRACT_SECURE_SYMLINKS) == 0) { 2915 /* 2916 * We are not the last element and we want to 2917 * follow symlinks if they are a directory. 2918 * 2919 * This is needed to extract hardlinks over 2920 * symlinks. 2921 */ 2922#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2923 r = fstatat(chdir_fd, head, &st, 0); 2924#else 2925 r = la_stat(head, &st); 2926#endif 2927 if (r != 0) { 2928 tail[0] = c; 2929 if (errno == ENOENT) { 2930 break; 2931 } else { 2932 fsobj_error(a_eno, a_estr, 2933 errno, 2934 "Could not stat ", path); 2935 res = (ARCHIVE_FAILED); 2936 break; 2937 } 2938 } else if (S_ISDIR(st.st_mode)) { 2939#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2940 fd = la_opendirat(chdir_fd, head); 2941 if (fd < 0) 2942 r = -1; 2943 else { 2944 r = 0; 2945 close(chdir_fd); 2946 chdir_fd = fd; 2947 } 2948#else 2949 r = chdir(head); 2950#endif 2951 if (r != 0) { 2952 tail[0] = c; 2953 fsobj_error(a_eno, a_estr, 2954 errno, 2955 "Could not chdir ", path); 2956 res = (ARCHIVE_FATAL); 2957 break; 2958 } 2959 /* 2960 * Our view is now from inside 2961 * this dir: 2962 */ 2963 head = tail + 1; 2964 } else { 2965 tail[0] = c; 2966 fsobj_error(a_eno, a_estr, 0, 2967 "Cannot extract through " 2968 "symlink ", path); 2969 res = ARCHIVE_FAILED; 2970 break; 2971 } 2972 } else { 2973 tail[0] = c; 2974 fsobj_error(a_eno, a_estr, 0, 2975 "Cannot extract through symlink ", path); 2976 res = ARCHIVE_FAILED; 2977 break; 2978 } 2979 } 2980 /* be sure to always maintain this */ 2981 tail[0] = c; 2982 if (tail[0] != '\0') 2983 tail++; /* Advance to the next segment. */ 2984 } 2985 /* Catches loop exits via break */ 2986 tail[0] = c; 2987#if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2988 /* If we operate with openat(), fstatat() and unlinkat() there was 2989 * no chdir(), so just close the fd */ 2990 if (chdir_fd >= 0) 2991 close(chdir_fd); 2992#elif HAVE_FCHDIR 2993 /* If we changed directory above, restore it here. */ 2994 if (chdir_fd >= 0) { 2995 r = fchdir(chdir_fd); 2996 if (r != 0) { 2997 fsobj_error(a_eno, a_estr, errno, 2998 "chdir() failure", ""); 2999 } 3000 close(chdir_fd); 3001 chdir_fd = -1; 3002 if (r != 0) { 3003 res = (ARCHIVE_FATAL); 3004 } 3005 } 3006#endif 3007 /* TODO: reintroduce a safe cache here? */ 3008 return res; 3009#endif 3010} 3011 3012/* 3013 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise 3014 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} 3015 */ 3016static int 3017check_symlinks(struct archive_write_disk *a) 3018{ 3019 struct archive_string error_string; 3020 int error_number; 3021 int rc; 3022 archive_string_init(&error_string); 3023 rc = check_symlinks_fsobj(a->name, &error_number, &error_string, 3024 a->flags, 0); 3025 if (rc != ARCHIVE_OK) { 3026 archive_set_error(&a->archive, error_number, "%s", 3027 error_string.s); 3028 } 3029 archive_string_free(&error_string); 3030 a->pst = NULL; /* to be safe */ 3031 return rc; 3032} 3033 3034 3035#if defined(__CYGWIN__) 3036/* 3037 * 1. Convert a path separator from '\' to '/' . 3038 * We shouldn't check multibyte character directly because some 3039 * character-set have been using the '\' character for a part of 3040 * its multibyte character code. 3041 * 2. Replace unusable characters in Windows with underscore('_'). 3042 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx 3043 */ 3044static void 3045cleanup_pathname_win(char *path) 3046{ 3047 wchar_t wc; 3048 char *p; 3049 size_t alen, l; 3050 int mb, complete, utf8; 3051 3052 alen = 0; 3053 mb = 0; 3054 complete = 1; 3055 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0; 3056 for (p = path; *p != '\0'; p++) { 3057 ++alen; 3058 if (*p == '\\') { 3059 /* If previous byte is smaller than 128, 3060 * this is not second byte of multibyte characters, 3061 * so we can replace '\' with '/'. */ 3062 if (utf8 || !mb) 3063 *p = '/'; 3064 else 3065 complete = 0;/* uncompleted. */ 3066 } else if (*(unsigned char *)p > 127) 3067 mb = 1; 3068 else 3069 mb = 0; 3070 /* Rewrite the path name if its next character is unusable. */ 3071 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' || 3072 *p == '<' || *p == '>' || *p == '|') 3073 *p = '_'; 3074 } 3075 if (complete) 3076 return; 3077 3078 /* 3079 * Convert path separator in wide-character. 3080 */ 3081 p = path; 3082 while (*p != '\0' && alen) { 3083 l = mbtowc(&wc, p, alen); 3084 if (l == (size_t)-1) { 3085 while (*p != '\0') { 3086 if (*p == '\\') 3087 *p = '/'; 3088 ++p; 3089 } 3090 break; 3091 } 3092 if (l == 1 && wc == L'\\') 3093 *p = '/'; 3094 p += l; 3095 alen -= l; 3096 } 3097} 3098#endif 3099 3100/* 3101 * Canonicalize the pathname. In particular, this strips duplicate 3102 * '/' characters, '.' elements, and trailing '/'. It also raises an 3103 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is 3104 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS 3105 * is set) if the path is absolute. 3106 */ 3107static int 3108cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 3109 int flags) 3110{ 3111 char *dest, *src; 3112 char separator = '\0'; 3113 3114 dest = src = path; 3115 if (*src == '\0') { 3116 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 3117 "Invalid empty ", "pathname"); 3118 return (ARCHIVE_FAILED); 3119 } 3120 3121#if defined(__CYGWIN__) 3122 cleanup_pathname_win(path); 3123#endif 3124 /* Skip leading '/'. */ 3125 if (*src == '/') { 3126 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { 3127 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 3128 "Path is ", "absolute"); 3129 return (ARCHIVE_FAILED); 3130 } 3131 3132 separator = *src++; 3133 } 3134 3135 /* Scan the pathname one element at a time. */ 3136 for (;;) { 3137 /* src points to first char after '/' */ 3138 if (src[0] == '\0') { 3139 break; 3140 } else if (src[0] == '/') { 3141 /* Found '//', ignore second one. */ 3142 src++; 3143 continue; 3144 } else if (src[0] == '.') { 3145 if (src[1] == '\0') { 3146 /* Ignore trailing '.' */ 3147 break; 3148 } else if (src[1] == '/') { 3149 /* Skip './'. */ 3150 src += 2; 3151 continue; 3152 } else if (src[1] == '.') { 3153 if (src[2] == '/' || src[2] == '\0') { 3154 /* Conditionally warn about '..' */ 3155 if (flags 3156 & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { 3157 fsobj_error(a_eno, a_estr, 3158 ARCHIVE_ERRNO_MISC, 3159 "Path contains ", "'..'"); 3160 return (ARCHIVE_FAILED); 3161 } 3162 } 3163 /* 3164 * Note: Under no circumstances do we 3165 * remove '..' elements. In 3166 * particular, restoring 3167 * '/foo/../bar/' should create the 3168 * 'foo' dir as a side-effect. 3169 */ 3170 } 3171 } 3172 3173 /* Copy current element, including leading '/'. */ 3174 if (separator) 3175 *dest++ = '/'; 3176 while (*src != '\0' && *src != '/') { 3177 *dest++ = *src++; 3178 } 3179 3180 if (*src == '\0') 3181 break; 3182 3183 /* Skip '/' separator. */ 3184 separator = *src++; 3185 } 3186 /* 3187 * We've just copied zero or more path elements, not including the 3188 * final '/'. 3189 */ 3190 if (dest == path) { 3191 /* 3192 * Nothing got copied. The path must have been something 3193 * like '.' or '/' or './' or '/././././/./'. 3194 */ 3195 if (separator) 3196 *dest++ = '/'; 3197 else 3198 *dest++ = '.'; 3199 } 3200 /* Terminate the result. */ 3201 *dest = '\0'; 3202 return (ARCHIVE_OK); 3203} 3204 3205static int 3206cleanup_pathname(struct archive_write_disk *a) 3207{ 3208 struct archive_string error_string; 3209 int error_number; 3210 int rc; 3211 archive_string_init(&error_string); 3212 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, 3213 a->flags); 3214 if (rc != ARCHIVE_OK) { 3215 archive_set_error(&a->archive, error_number, "%s", 3216 error_string.s); 3217 } 3218 archive_string_free(&error_string); 3219 return rc; 3220} 3221 3222/* 3223 * Create the parent directory of the specified path, assuming path 3224 * is already in mutable storage. 3225 */ 3226static int 3227create_parent_dir(struct archive_write_disk *a, char *path) 3228{ 3229 char *slash; 3230 int r; 3231 3232 /* Remove tail element to obtain parent name. */ 3233 slash = strrchr(path, '/'); 3234 if (slash == NULL) 3235 return (ARCHIVE_OK); 3236 *slash = '\0'; 3237 r = create_dir(a, path); 3238 *slash = '/'; 3239 return (r); 3240} 3241 3242/* 3243 * Create the specified dir, recursing to create parents as necessary. 3244 * 3245 * Returns ARCHIVE_OK if the path exists when we're done here. 3246 * Otherwise, returns ARCHIVE_FAILED. 3247 * Assumes path is in mutable storage; path is unchanged on exit. 3248 */ 3249static int 3250create_dir(struct archive_write_disk *a, char *path) 3251{ 3252 struct stat st; 3253 struct fixup_entry *le; 3254 char *slash, *base; 3255 mode_t mode_final, mode; 3256 int r; 3257 3258 /* Check for special names and just skip them. */ 3259 slash = strrchr(path, '/'); 3260 if (slash == NULL) 3261 base = path; 3262 else 3263 base = slash + 1; 3264 3265 if (base[0] == '\0' || 3266 (base[0] == '.' && base[1] == '\0') || 3267 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) { 3268 /* Don't bother trying to create null path, '.', or '..'. */ 3269 if (slash != NULL) { 3270 *slash = '\0'; 3271 r = create_dir(a, path); 3272 *slash = '/'; 3273 return (r); 3274 } 3275 return (ARCHIVE_OK); 3276 } 3277 3278 /* 3279 * Yes, this should be stat() and not lstat(). Using lstat() 3280 * here loses the ability to extract through symlinks. Also note 3281 * that this should not use the a->st cache. 3282 */ 3283 if (la_stat(path, &st) == 0) { 3284 if (S_ISDIR(st.st_mode)) 3285 return (ARCHIVE_OK); 3286 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 3287 archive_set_error(&a->archive, EEXIST, 3288 "Can't create directory '%s'", path); 3289 return (ARCHIVE_FAILED); 3290 } 3291 if (unlink(path) != 0) { 3292 archive_set_error(&a->archive, errno, 3293 "Can't create directory '%s': " 3294 "Conflicting file cannot be removed", 3295 path); 3296 return (ARCHIVE_FAILED); 3297 } 3298 } else if (errno != ENOENT && errno != ENOTDIR) { 3299 /* Stat failed? */ 3300 archive_set_error(&a->archive, errno, 3301 "Can't test directory '%s'", path); 3302 return (ARCHIVE_FAILED); 3303 } else if (slash != NULL) { 3304 *slash = '\0'; 3305 r = create_dir(a, path); 3306 *slash = '/'; 3307 if (r != ARCHIVE_OK) 3308 return (r); 3309 } 3310 3311 /* 3312 * Mode we want for the final restored directory. Per POSIX, 3313 * implicitly-created dirs must be created obeying the umask. 3314 * There's no mention whether this is different for privileged 3315 * restores (which the rest of this code handles by pretending 3316 * umask=0). I've chosen here to always obey the user's umask for 3317 * implicit dirs, even if _EXTRACT_PERM was specified. 3318 */ 3319 mode_final = DEFAULT_DIR_MODE & ~a->user_umask; 3320 /* Mode we want on disk during the restore process. */ 3321 mode = mode_final; 3322 mode |= MINIMUM_DIR_MODE; 3323 mode &= MAXIMUM_DIR_MODE; 3324 if (mkdir(path, mode) == 0) { 3325 if (mode != mode_final) { 3326 le = new_fixup(a, path); 3327 if (le == NULL) 3328 return (ARCHIVE_FATAL); 3329 le->fixup |=TODO_MODE_BASE; 3330 le->mode = mode_final; 3331 } 3332 return (ARCHIVE_OK); 3333 } 3334 3335 /* 3336 * Without the following check, a/b/../b/c/d fails at the 3337 * second visit to 'b', so 'd' can't be created. Note that we 3338 * don't add it to the fixup list here, as it's already been 3339 * added. 3340 */ 3341 if (la_stat(path, &st) == 0 && S_ISDIR(st.st_mode)) 3342 return (ARCHIVE_OK); 3343 3344 archive_set_error(&a->archive, errno, "Failed to create dir '%s'", 3345 path); 3346 return (ARCHIVE_FAILED); 3347} 3348 3349/* 3350 * Note: Although we can skip setting the user id if the desired user 3351 * id matches the current user, we cannot skip setting the group, as 3352 * many systems set the gid based on the containing directory. So 3353 * we have to perform a chown syscall if we want to set the SGID 3354 * bit. (The alternative is to stat() and then possibly chown(); it's 3355 * more efficient to skip the stat() and just always chown().) Note 3356 * that a successful chown() here clears the TODO_SGID_CHECK bit, which 3357 * allows set_mode to skip the stat() check for the GID. 3358 */ 3359static int 3360set_ownership(struct archive_write_disk *a) 3361{ 3362#if !defined(__CYGWIN__) && !defined(__linux__) 3363/* 3364 * On Linux, a process may have the CAP_CHOWN capability. 3365 * On Windows there is no 'root' user with uid 0. 3366 * Elsewhere we can skip calling chown if we are not root and the desired 3367 * user id does not match the current user. 3368 */ 3369 if (a->user_uid != 0 && a->user_uid != a->uid) { 3370 archive_set_error(&a->archive, errno, 3371 "Can't set UID=%jd", (intmax_t)a->uid); 3372 return (ARCHIVE_WARN); 3373 } 3374#endif 3375 3376#ifdef HAVE_FCHOWN 3377 /* If we have an fd, we can avoid a race. */ 3378 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) { 3379 /* We've set owner and know uid/gid are correct. */ 3380 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3381 return (ARCHIVE_OK); 3382 } 3383#endif 3384 3385 /* We prefer lchown() but will use chown() if that's all we have. */ 3386 /* Of course, if we have neither, this will always fail. */ 3387#ifdef HAVE_LCHOWN 3388 if (lchown(a->name, a->uid, a->gid) == 0) { 3389 /* We've set owner and know uid/gid are correct. */ 3390 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3391 return (ARCHIVE_OK); 3392 } 3393#elif HAVE_CHOWN 3394 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) { 3395 /* We've set owner and know uid/gid are correct. */ 3396 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3397 return (ARCHIVE_OK); 3398 } 3399#endif 3400 3401 archive_set_error(&a->archive, errno, 3402 "Can't set user=%jd/group=%jd for %s", 3403 (intmax_t)a->uid, (intmax_t)a->gid, a->name); 3404 return (ARCHIVE_WARN); 3405} 3406 3407/* 3408 * Note: Returns 0 on success, non-zero on failure. 3409 */ 3410static int 3411set_time(int fd, int mode, const char *name, 3412 time_t atime, long atime_nsec, 3413 time_t mtime, long mtime_nsec) 3414{ 3415 /* Select the best implementation for this platform. */ 3416#if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS) 3417 /* 3418 * utimensat() and futimens() are defined in 3419 * POSIX.1-2008. They support ns resolution and setting times 3420 * on fds and symlinks. 3421 */ 3422 struct timespec ts[2]; 3423 (void)mode; /* UNUSED */ 3424 ts[0].tv_sec = atime; 3425 ts[0].tv_nsec = atime_nsec; 3426 ts[1].tv_sec = mtime; 3427 ts[1].tv_nsec = mtime_nsec; 3428 if (fd >= 0) 3429 return futimens(fd, ts); 3430 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW); 3431 3432#elif HAVE_UTIMES 3433 /* 3434 * The utimes()-family functions support ��s-resolution and 3435 * setting times fds and symlinks. utimes() is documented as 3436 * LEGACY by POSIX, futimes() and lutimes() are not described 3437 * in POSIX. 3438 */ 3439 struct timeval times[2]; 3440 3441 times[0].tv_sec = atime; 3442 times[0].tv_usec = atime_nsec / 1000; 3443 times[1].tv_sec = mtime; 3444 times[1].tv_usec = mtime_nsec / 1000; 3445 3446#ifdef HAVE_FUTIMES 3447 if (fd >= 0) 3448 return (futimes(fd, times)); 3449#else 3450 (void)fd; /* UNUSED */ 3451#endif 3452#ifdef HAVE_LUTIMES 3453 (void)mode; /* UNUSED */ 3454 return (lutimes(name, times)); 3455#else 3456 if (S_ISLNK(mode)) 3457 return (0); 3458 return (utimes(name, times)); 3459#endif 3460 3461#elif defined(HAVE_UTIME) 3462 /* 3463 * utime() is POSIX-standard but only supports 1s resolution and 3464 * does not support fds or symlinks. 3465 */ 3466 struct utimbuf times; 3467 (void)fd; /* UNUSED */ 3468 (void)name; /* UNUSED */ 3469 (void)atime_nsec; /* UNUSED */ 3470 (void)mtime_nsec; /* UNUSED */ 3471 times.actime = atime; 3472 times.modtime = mtime; 3473 if (S_ISLNK(mode)) 3474 return (ARCHIVE_OK); 3475 return (utime(name, ×)); 3476 3477#else 3478 /* 3479 * We don't know how to set the time on this platform. 3480 */ 3481 (void)fd; /* UNUSED */ 3482 (void)mode; /* UNUSED */ 3483 (void)name; /* UNUSED */ 3484 (void)atime_nsec; /* UNUSED */ 3485 (void)mtime_nsec; /* UNUSED */ 3486 return (ARCHIVE_WARN); 3487#endif 3488} 3489 3490#ifdef F_SETTIMES 3491static int 3492set_time_tru64(int fd, int mode, const char *name, 3493 time_t atime, long atime_nsec, 3494 time_t mtime, long mtime_nsec, 3495 time_t ctime, long ctime_nsec) 3496{ 3497 struct attr_timbuf tstamp; 3498 tstamp.atime.tv_sec = atime; 3499 tstamp.mtime.tv_sec = mtime; 3500 tstamp.ctime.tv_sec = ctime; 3501#if defined (__hpux) && defined (__ia64) 3502 tstamp.atime.tv_nsec = atime_nsec; 3503 tstamp.mtime.tv_nsec = mtime_nsec; 3504 tstamp.ctime.tv_nsec = ctime_nsec; 3505#else 3506 tstamp.atime.tv_usec = atime_nsec / 1000; 3507 tstamp.mtime.tv_usec = mtime_nsec / 1000; 3508 tstamp.ctime.tv_usec = ctime_nsec / 1000; 3509#endif 3510 return (fcntl(fd,F_SETTIMES,&tstamp)); 3511} 3512#endif /* F_SETTIMES */ 3513 3514static int 3515set_times(struct archive_write_disk *a, 3516 int fd, int mode, const char *name, 3517 time_t atime, long atime_nanos, 3518 time_t birthtime, long birthtime_nanos, 3519 time_t mtime, long mtime_nanos, 3520 time_t cctime, long ctime_nanos) 3521{ 3522 /* Note: set_time doesn't use libarchive return conventions! 3523 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */ 3524 int r1 = 0, r2 = 0; 3525 3526#ifdef F_SETTIMES 3527 /* 3528 * on Tru64 try own fcntl first which can restore even the 3529 * ctime, fall back to default code path below if it fails 3530 * or if we are not running as root 3531 */ 3532 if (a->user_uid == 0 && 3533 set_time_tru64(fd, mode, name, 3534 atime, atime_nanos, mtime, 3535 mtime_nanos, cctime, ctime_nanos) == 0) { 3536 return (ARCHIVE_OK); 3537 } 3538#else /* Tru64 */ 3539 (void)cctime; /* UNUSED */ 3540 (void)ctime_nanos; /* UNUSED */ 3541#endif /* Tru64 */ 3542 3543#ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME 3544 /* 3545 * If you have struct stat.st_birthtime, we assume BSD 3546 * birthtime semantics, in which {f,l,}utimes() updates 3547 * birthtime to earliest mtime. So we set the time twice, 3548 * first using the birthtime, then using the mtime. If 3549 * birthtime == mtime, this isn't necessary, so we skip it. 3550 * If birthtime > mtime, then this won't work, so we skip it. 3551 */ 3552 if (birthtime < mtime 3553 || (birthtime == mtime && birthtime_nanos < mtime_nanos)) 3554 r1 = set_time(fd, mode, name, 3555 atime, atime_nanos, 3556 birthtime, birthtime_nanos); 3557#else 3558 (void)birthtime; /* UNUSED */ 3559 (void)birthtime_nanos; /* UNUSED */ 3560#endif 3561 r2 = set_time(fd, mode, name, 3562 atime, atime_nanos, 3563 mtime, mtime_nanos); 3564 if (r1 != 0 || r2 != 0) { 3565 archive_set_error(&a->archive, errno, 3566 "Can't restore time"); 3567 return (ARCHIVE_WARN); 3568 } 3569 return (ARCHIVE_OK); 3570} 3571 3572static int 3573set_times_from_entry(struct archive_write_disk *a) 3574{ 3575 time_t atime, birthtime, mtime, cctime; 3576 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec; 3577 3578 /* Suitable defaults. */ 3579 atime = birthtime = mtime = cctime = a->start_time; 3580 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0; 3581 3582 /* If no time was provided, we're done. */ 3583 if (!archive_entry_atime_is_set(a->entry) 3584#if HAVE_STRUCT_STAT_ST_BIRTHTIME 3585 && !archive_entry_birthtime_is_set(a->entry) 3586#endif 3587 && !archive_entry_mtime_is_set(a->entry)) 3588 return (ARCHIVE_OK); 3589 3590 if (archive_entry_atime_is_set(a->entry)) { 3591 atime = archive_entry_atime(a->entry); 3592 atime_nsec = archive_entry_atime_nsec(a->entry); 3593 } 3594 if (archive_entry_birthtime_is_set(a->entry)) { 3595 birthtime = archive_entry_birthtime(a->entry); 3596 birthtime_nsec = archive_entry_birthtime_nsec(a->entry); 3597 } 3598 if (archive_entry_mtime_is_set(a->entry)) { 3599 mtime = archive_entry_mtime(a->entry); 3600 mtime_nsec = archive_entry_mtime_nsec(a->entry); 3601 } 3602 if (archive_entry_ctime_is_set(a->entry)) { 3603 cctime = archive_entry_ctime(a->entry); 3604 ctime_nsec = archive_entry_ctime_nsec(a->entry); 3605 } 3606 3607 return set_times(a, a->fd, a->mode, a->name, 3608 atime, atime_nsec, 3609 birthtime, birthtime_nsec, 3610 mtime, mtime_nsec, 3611 cctime, ctime_nsec); 3612} 3613 3614static int 3615set_mode(struct archive_write_disk *a, int mode) 3616{ 3617 int r = ARCHIVE_OK; 3618 int r2; 3619 mode &= 07777; /* Strip off file type bits. */ 3620 3621 if (a->todo & TODO_SGID_CHECK) { 3622 /* 3623 * If we don't know the GID is right, we must stat() 3624 * to verify it. We can't just check the GID of this 3625 * process, since systems sometimes set GID from 3626 * the enclosing dir or based on ACLs. 3627 */ 3628 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3629 return (r); 3630 if (a->pst->st_gid != a->gid) { 3631 mode &= ~ S_ISGID; 3632 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3633 /* 3634 * This is only an error if you 3635 * requested owner restore. If you 3636 * didn't, we'll try to restore 3637 * sgid/suid, but won't consider it a 3638 * problem if we can't. 3639 */ 3640 archive_set_error(&a->archive, -1, 3641 "Can't restore SGID bit"); 3642 r = ARCHIVE_WARN; 3643 } 3644 } 3645 /* While we're here, double-check the UID. */ 3646 if (a->pst->st_uid != a->uid 3647 && (a->todo & TODO_SUID)) { 3648 mode &= ~ S_ISUID; 3649 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3650 archive_set_error(&a->archive, -1, 3651 "Can't restore SUID bit"); 3652 r = ARCHIVE_WARN; 3653 } 3654 } 3655 a->todo &= ~TODO_SGID_CHECK; 3656 a->todo &= ~TODO_SUID_CHECK; 3657 } else if (a->todo & TODO_SUID_CHECK) { 3658 /* 3659 * If we don't know the UID is right, we can just check 3660 * the user, since all systems set the file UID from 3661 * the process UID. 3662 */ 3663 if (a->user_uid != a->uid) { 3664 mode &= ~ S_ISUID; 3665 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3666 archive_set_error(&a->archive, -1, 3667 "Can't make file SUID"); 3668 r = ARCHIVE_WARN; 3669 } 3670 } 3671 a->todo &= ~TODO_SUID_CHECK; 3672 } 3673 3674 if (S_ISLNK(a->mode)) { 3675#ifdef HAVE_LCHMOD 3676 /* 3677 * If this is a symlink, use lchmod(). If the 3678 * platform doesn't support lchmod(), just skip it. A 3679 * platform that doesn't provide a way to set 3680 * permissions on symlinks probably ignores 3681 * permissions on symlinks, so a failure here has no 3682 * impact. 3683 */ 3684 if (lchmod(a->name, mode) != 0) { 3685 switch (errno) { 3686 case ENOTSUP: 3687 case ENOSYS: 3688#if ENOTSUP != EOPNOTSUPP 3689 case EOPNOTSUPP: 3690#endif 3691 /* 3692 * if lchmod is defined but the platform 3693 * doesn't support it, silently ignore 3694 * error 3695 */ 3696 break; 3697 default: 3698 archive_set_error(&a->archive, errno, 3699 "Can't set permissions to 0%o", (int)mode); 3700 r = ARCHIVE_WARN; 3701 } 3702 } 3703#endif 3704 } else if (!S_ISDIR(a->mode)) { 3705 /* 3706 * If it's not a symlink and not a dir, then use 3707 * fchmod() or chmod(), depending on whether we have 3708 * an fd. Dirs get their perms set during the 3709 * post-extract fixup, which is handled elsewhere. 3710 */ 3711#ifdef HAVE_FCHMOD 3712 if (a->fd >= 0) 3713 r2 = fchmod(a->fd, mode); 3714 else 3715#endif 3716 /* If this platform lacks fchmod(), then 3717 * we'll just use chmod(). */ 3718 r2 = chmod(a->name, mode); 3719 3720 if (r2 != 0) { 3721 archive_set_error(&a->archive, errno, 3722 "Can't set permissions to 0%o", (int)mode); 3723 r = ARCHIVE_WARN; 3724 } 3725 } 3726 return (r); 3727} 3728 3729static int 3730set_fflags(struct archive_write_disk *a) 3731{ 3732 struct fixup_entry *le; 3733 unsigned long set, clear; 3734 int r; 3735 mode_t mode = archive_entry_mode(a->entry); 3736 /* 3737 * Make 'critical_flags' hold all file flags that can't be 3738 * immediately restored. For example, on BSD systems, 3739 * SF_IMMUTABLE prevents hardlinks from being created, so 3740 * should not be set until after any hardlinks are created. To 3741 * preserve some semblance of portability, this uses #ifdef 3742 * extensively. Ugly, but it works. 3743 * 3744 * Yes, Virginia, this does create a security race. It's mitigated 3745 * somewhat by the practice of creating dirs 0700 until the extract 3746 * is done, but it would be nice if we could do more than that. 3747 * People restoring critical file systems should be wary of 3748 * other programs that might try to muck with files as they're 3749 * being restored. 3750 */ 3751 const int critical_flags = 0 3752#ifdef SF_IMMUTABLE 3753 | SF_IMMUTABLE 3754#endif 3755#ifdef UF_IMMUTABLE 3756 | UF_IMMUTABLE 3757#endif 3758#ifdef SF_APPEND 3759 | SF_APPEND 3760#endif 3761#ifdef UF_APPEND 3762 | UF_APPEND 3763#endif 3764#if defined(FS_APPEND_FL) 3765 | FS_APPEND_FL 3766#elif defined(EXT2_APPEND_FL) 3767 | EXT2_APPEND_FL 3768#endif 3769#if defined(FS_IMMUTABLE_FL) 3770 | FS_IMMUTABLE_FL 3771#elif defined(EXT2_IMMUTABLE_FL) 3772 | EXT2_IMMUTABLE_FL 3773#endif 3774#ifdef FS_JOURNAL_DATA_FL 3775 | FS_JOURNAL_DATA_FL 3776#endif 3777 ; 3778 3779 if (a->todo & TODO_FFLAGS) { 3780 archive_entry_fflags(a->entry, &set, &clear); 3781 3782 /* 3783 * The first test encourages the compiler to eliminate 3784 * all of this if it's not necessary. 3785 */ 3786 if ((critical_flags != 0) && (set & critical_flags)) { 3787 le = current_fixup(a, a->name); 3788 if (le == NULL) 3789 return (ARCHIVE_FATAL); 3790 le->fixup |= TODO_FFLAGS; 3791 le->fflags_set = set; 3792 /* Store the mode if it's not already there. */ 3793 if ((le->fixup & TODO_MODE) == 0) 3794 le->mode = mode; 3795 } else { 3796 r = set_fflags_platform(a, a->fd, 3797 a->name, mode, set, clear); 3798 if (r != ARCHIVE_OK) 3799 return (r); 3800 } 3801 } 3802 return (ARCHIVE_OK); 3803} 3804 3805static int 3806clear_nochange_fflags(struct archive_write_disk *a) 3807{ 3808 mode_t mode = archive_entry_mode(a->entry); 3809 const int nochange_flags = 0 3810#ifdef SF_IMMUTABLE 3811 | SF_IMMUTABLE 3812#endif 3813#ifdef UF_IMMUTABLE 3814 | UF_IMMUTABLE 3815#endif 3816#ifdef SF_APPEND 3817 | SF_APPEND 3818#endif 3819#ifdef UF_APPEND 3820 | UF_APPEND 3821#endif 3822#ifdef EXT2_APPEND_FL 3823 | EXT2_APPEND_FL 3824#endif 3825#ifdef EXT2_IMMUTABLE_FL 3826 | EXT2_IMMUTABLE_FL 3827#endif 3828 ; 3829 3830 return (set_fflags_platform(a, a->fd, a->name, mode, 0, 3831 nochange_flags)); 3832} 3833 3834 3835#if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS) 3836/* 3837 * BSD reads flags using stat() and sets them with one of {f,l,}chflags() 3838 */ 3839static int 3840set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3841 mode_t mode, unsigned long set, unsigned long clear) 3842{ 3843 int r; 3844 const int sf_mask = 0 3845#ifdef SF_APPEND 3846 | SF_APPEND 3847#endif 3848#ifdef SF_ARCHIVED 3849 | SF_ARCHIVED 3850#endif 3851#ifdef SF_IMMUTABLE 3852 | SF_IMMUTABLE 3853#endif 3854#ifdef SF_NOUNLINK 3855 | SF_NOUNLINK 3856#endif 3857 ; 3858 (void)mode; /* UNUSED */ 3859 3860 if (set == 0 && clear == 0) 3861 return (ARCHIVE_OK); 3862 3863 /* 3864 * XXX Is the stat here really necessary? Or can I just use 3865 * the 'set' flags directly? In particular, I'm not sure 3866 * about the correct approach if we're overwriting an existing 3867 * file that already has flags on it. XXX 3868 */ 3869 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3870 return (r); 3871 3872 a->st.st_flags &= ~clear; 3873 a->st.st_flags |= set; 3874 3875 /* Only super-user may change SF_* flags */ 3876 3877 if (a->user_uid != 0) 3878 a->st.st_flags &= ~sf_mask; 3879 3880#ifdef HAVE_FCHFLAGS 3881 /* If platform has fchflags() and we were given an fd, use it. */ 3882 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0) 3883 return (ARCHIVE_OK); 3884#endif 3885 /* 3886 * If we can't use the fd to set the flags, we'll use the 3887 * pathname to set flags. We prefer lchflags() but will use 3888 * chflags() if we must. 3889 */ 3890#ifdef HAVE_LCHFLAGS 3891 if (lchflags(name, a->st.st_flags) == 0) 3892 return (ARCHIVE_OK); 3893#elif defined(HAVE_CHFLAGS) 3894 if (S_ISLNK(a->st.st_mode)) { 3895 archive_set_error(&a->archive, errno, 3896 "Can't set file flags on symlink."); 3897 return (ARCHIVE_WARN); 3898 } 3899 if (chflags(name, a->st.st_flags) == 0) 3900 return (ARCHIVE_OK); 3901#endif 3902 archive_set_error(&a->archive, errno, 3903 "Failed to set file flags"); 3904 return (ARCHIVE_WARN); 3905} 3906 3907#elif (defined(FS_IOC_GETFLAGS) && defined(FS_IOC_SETFLAGS) && \ 3908 defined(HAVE_WORKING_FS_IOC_GETFLAGS)) || \ 3909 (defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && \ 3910 defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)) 3911/* 3912 * Linux uses ioctl() to read and write file flags. 3913 */ 3914static int 3915set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3916 mode_t mode, unsigned long set, unsigned long clear) 3917{ 3918 int ret; 3919 int myfd = fd; 3920 int newflags, oldflags; 3921 /* 3922 * Linux has no define for the flags that are only settable by 3923 * the root user. This code may seem a little complex, but 3924 * there seem to be some Linux systems that lack these 3925 * defines. (?) The code below degrades reasonably gracefully 3926 * if sf_mask is incomplete. 3927 */ 3928 const int sf_mask = 0 3929#if defined(FS_IMMUTABLE_FL) 3930 | FS_IMMUTABLE_FL 3931#elif defined(EXT2_IMMUTABLE_FL) 3932 | EXT2_IMMUTABLE_FL 3933#endif 3934#if defined(FS_APPEND_FL) 3935 | FS_APPEND_FL 3936#elif defined(EXT2_APPEND_FL) 3937 | EXT2_APPEND_FL 3938#endif 3939#if defined(FS_JOURNAL_DATA_FL) 3940 | FS_JOURNAL_DATA_FL 3941#endif 3942 ; 3943 3944 if (set == 0 && clear == 0) 3945 return (ARCHIVE_OK); 3946 /* Only regular files and dirs can have flags. */ 3947 if (!S_ISREG(mode) && !S_ISDIR(mode)) 3948 return (ARCHIVE_OK); 3949 3950 /* If we weren't given an fd, open it ourselves. */ 3951 if (myfd < 0) { 3952 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | 3953 O_CLOEXEC | O_NOFOLLOW); 3954 __archive_ensure_cloexec_flag(myfd); 3955 } 3956 if (myfd < 0) 3957 return (ARCHIVE_OK); 3958 3959 /* 3960 * XXX As above, this would be way simpler if we didn't have 3961 * to read the current flags from disk. XXX 3962 */ 3963 ret = ARCHIVE_OK; 3964 3965 /* Read the current file flags. */ 3966 if (ioctl(myfd, 3967#ifdef FS_IOC_GETFLAGS 3968 FS_IOC_GETFLAGS, 3969#else 3970 EXT2_IOC_GETFLAGS, 3971#endif 3972 &oldflags) < 0) 3973 goto fail; 3974 3975 /* Try setting the flags as given. */ 3976 newflags = (oldflags & ~clear) | set; 3977 if (ioctl(myfd, 3978#ifdef FS_IOC_SETFLAGS 3979 FS_IOC_SETFLAGS, 3980#else 3981 EXT2_IOC_SETFLAGS, 3982#endif 3983 &newflags) >= 0) 3984 goto cleanup; 3985 if (errno != EPERM) 3986 goto fail; 3987 3988 /* If we couldn't set all the flags, try again with a subset. */ 3989 newflags &= ~sf_mask; 3990 oldflags &= sf_mask; 3991 newflags |= oldflags; 3992 if (ioctl(myfd, 3993#ifdef FS_IOC_SETFLAGS 3994 FS_IOC_SETFLAGS, 3995#else 3996 EXT2_IOC_SETFLAGS, 3997#endif 3998 &newflags) >= 0) 3999 goto cleanup; 4000 4001 /* We couldn't set the flags, so report the failure. */ 4002fail: 4003 archive_set_error(&a->archive, errno, 4004 "Failed to set file flags"); 4005 ret = ARCHIVE_WARN; 4006cleanup: 4007 if (fd < 0) 4008 close(myfd); 4009 return (ret); 4010} 4011 4012#else 4013 4014/* 4015 * Of course, some systems have neither BSD chflags() nor Linux' flags 4016 * support through ioctl(). 4017 */ 4018static int 4019set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 4020 mode_t mode, unsigned long set, unsigned long clear) 4021{ 4022 (void)a; /* UNUSED */ 4023 (void)fd; /* UNUSED */ 4024 (void)name; /* UNUSED */ 4025 (void)mode; /* UNUSED */ 4026 (void)set; /* UNUSED */ 4027 (void)clear; /* UNUSED */ 4028 return (ARCHIVE_OK); 4029} 4030 4031#endif /* __linux */ 4032 4033#ifndef HAVE_COPYFILE_H 4034/* Default is to simply drop Mac extended metadata. */ 4035static int 4036set_mac_metadata(struct archive_write_disk *a, const char *pathname, 4037 const void *metadata, size_t metadata_size) 4038{ 4039 (void)a; /* UNUSED */ 4040 (void)pathname; /* UNUSED */ 4041 (void)metadata; /* UNUSED */ 4042 (void)metadata_size; /* UNUSED */ 4043 return (ARCHIVE_OK); 4044} 4045 4046static int 4047fixup_appledouble(struct archive_write_disk *a, const char *pathname) 4048{ 4049 (void)a; /* UNUSED */ 4050 (void)pathname; /* UNUSED */ 4051 return (ARCHIVE_OK); 4052} 4053#else 4054 4055/* 4056 * On Mac OS, we use copyfile() to unpack the metadata and 4057 * apply it to the target file. 4058 */ 4059 4060#if defined(HAVE_SYS_XATTR_H) 4061static int 4062copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd) 4063{ 4064 ssize_t xattr_size; 4065 char *xattr_names = NULL, *xattr_val = NULL; 4066 int ret = ARCHIVE_OK, xattr_i; 4067 4068 xattr_size = flistxattr(tmpfd, NULL, 0, 0); 4069 if (xattr_size == -1) { 4070 archive_set_error(&a->archive, errno, 4071 "Failed to read metadata(xattr)"); 4072 ret = ARCHIVE_WARN; 4073 goto exit_xattr; 4074 } 4075 xattr_names = malloc(xattr_size); 4076 if (xattr_names == NULL) { 4077 archive_set_error(&a->archive, ENOMEM, 4078 "Can't allocate memory for metadata(xattr)"); 4079 ret = ARCHIVE_FATAL; 4080 goto exit_xattr; 4081 } 4082 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0); 4083 if (xattr_size == -1) { 4084 archive_set_error(&a->archive, errno, 4085 "Failed to read metadata(xattr)"); 4086 ret = ARCHIVE_WARN; 4087 goto exit_xattr; 4088 } 4089 for (xattr_i = 0; xattr_i < xattr_size; 4090 xattr_i += strlen(xattr_names + xattr_i) + 1) { 4091 char *xattr_val_saved; 4092 ssize_t s; 4093 int f; 4094 4095 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0); 4096 if (s == -1) { 4097 archive_set_error(&a->archive, errno, 4098 "Failed to get metadata(xattr)"); 4099 ret = ARCHIVE_WARN; 4100 goto exit_xattr; 4101 } 4102 xattr_val_saved = xattr_val; 4103 xattr_val = realloc(xattr_val, s); 4104 if (xattr_val == NULL) { 4105 archive_set_error(&a->archive, ENOMEM, 4106 "Failed to get metadata(xattr)"); 4107 ret = ARCHIVE_WARN; 4108 free(xattr_val_saved); 4109 goto exit_xattr; 4110 } 4111 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0); 4112 if (s == -1) { 4113 archive_set_error(&a->archive, errno, 4114 "Failed to get metadata(xattr)"); 4115 ret = ARCHIVE_WARN; 4116 goto exit_xattr; 4117 } 4118 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0); 4119 if (f == -1) { 4120 archive_set_error(&a->archive, errno, 4121 "Failed to get metadata(xattr)"); 4122 ret = ARCHIVE_WARN; 4123 goto exit_xattr; 4124 } 4125 } 4126exit_xattr: 4127 free(xattr_names); 4128 free(xattr_val); 4129 return (ret); 4130} 4131#endif 4132 4133static int 4134copy_acls(struct archive_write_disk *a, int tmpfd, int dffd) 4135{ 4136#ifndef HAVE_SYS_ACL_H 4137 return 0; 4138#else 4139 acl_t acl, dfacl = NULL; 4140 int acl_r, ret = ARCHIVE_OK; 4141 4142 acl = acl_get_fd(tmpfd); 4143 if (acl == NULL) { 4144 if (errno == ENOENT) 4145 /* There are not any ACLs. */ 4146 return (ret); 4147 archive_set_error(&a->archive, errno, 4148 "Failed to get metadata(acl)"); 4149 ret = ARCHIVE_WARN; 4150 goto exit_acl; 4151 } 4152 dfacl = acl_dup(acl); 4153 acl_r = acl_set_fd(dffd, dfacl); 4154 if (acl_r == -1) { 4155 archive_set_error(&a->archive, errno, 4156 "Failed to get metadata(acl)"); 4157 ret = ARCHIVE_WARN; 4158 goto exit_acl; 4159 } 4160exit_acl: 4161 if (acl) 4162 acl_free(acl); 4163 if (dfacl) 4164 acl_free(dfacl); 4165 return (ret); 4166#endif 4167} 4168 4169static int 4170create_tempdatafork(struct archive_write_disk *a, const char *pathname) 4171{ 4172 struct archive_string tmpdatafork; 4173 int tmpfd; 4174 4175 archive_string_init(&tmpdatafork); 4176 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX"); 4177 tmpfd = mkstemp(tmpdatafork.s); 4178 if (tmpfd < 0) { 4179 archive_set_error(&a->archive, errno, 4180 "Failed to mkstemp"); 4181 archive_string_free(&tmpdatafork); 4182 return (-1); 4183 } 4184 if (copyfile(pathname, tmpdatafork.s, 0, 4185 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4186 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4187 archive_set_error(&a->archive, errno, 4188 "Failed to restore metadata"); 4189 close(tmpfd); 4190 tmpfd = -1; 4191 } 4192 unlink(tmpdatafork.s); 4193 archive_string_free(&tmpdatafork); 4194 return (tmpfd); 4195} 4196 4197static int 4198copy_metadata(struct archive_write_disk *a, const char *metadata, 4199 const char *datafork, int datafork_compressed) 4200{ 4201 int ret = ARCHIVE_OK; 4202 4203 if (datafork_compressed) { 4204 int dffd, tmpfd; 4205 4206 tmpfd = create_tempdatafork(a, metadata); 4207 if (tmpfd == -1) 4208 return (ARCHIVE_WARN); 4209 4210 /* 4211 * Do not open the data fork compressed by HFS+ compression 4212 * with at least a writing mode(O_RDWR or O_WRONLY). it 4213 * makes the data fork uncompressed. 4214 */ 4215 dffd = open(datafork, 0); 4216 if (dffd == -1) { 4217 archive_set_error(&a->archive, errno, 4218 "Failed to open the data fork for metadata"); 4219 close(tmpfd); 4220 return (ARCHIVE_WARN); 4221 } 4222 4223#if defined(HAVE_SYS_XATTR_H) 4224 ret = copy_xattrs(a, tmpfd, dffd); 4225 if (ret == ARCHIVE_OK) 4226#endif 4227 ret = copy_acls(a, tmpfd, dffd); 4228 close(tmpfd); 4229 close(dffd); 4230 } else { 4231 if (copyfile(metadata, datafork, 0, 4232 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4233 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4234 archive_set_error(&a->archive, errno, 4235 "Failed to restore metadata"); 4236 ret = ARCHIVE_WARN; 4237 } 4238 } 4239 return (ret); 4240} 4241 4242static int 4243set_mac_metadata(struct archive_write_disk *a, const char *pathname, 4244 const void *metadata, size_t metadata_size) 4245{ 4246 struct archive_string tmp; 4247 ssize_t written; 4248 int fd; 4249 int ret = ARCHIVE_OK; 4250 4251 /* This would be simpler if copyfile() could just accept the 4252 * metadata as a block of memory; then we could sidestep this 4253 * silly dance of writing the data to disk just so that 4254 * copyfile() can read it back in again. */ 4255 archive_string_init(&tmp); 4256 archive_strcpy(&tmp, pathname); 4257 archive_strcat(&tmp, ".XXXXXX"); 4258 fd = mkstemp(tmp.s); 4259 4260 if (fd < 0) { 4261 archive_set_error(&a->archive, errno, 4262 "Failed to restore metadata"); 4263 archive_string_free(&tmp); 4264 return (ARCHIVE_WARN); 4265 } 4266 written = write(fd, metadata, metadata_size); 4267 close(fd); 4268 if ((size_t)written != metadata_size) { 4269 archive_set_error(&a->archive, errno, 4270 "Failed to restore metadata"); 4271 ret = ARCHIVE_WARN; 4272 } else { 4273 int compressed; 4274 4275#if defined(UF_COMPRESSED) 4276 if ((a->todo & TODO_HFS_COMPRESSION) != 0 && 4277 (ret = lazy_stat(a)) == ARCHIVE_OK) 4278 compressed = a->st.st_flags & UF_COMPRESSED; 4279 else 4280#endif 4281 compressed = 0; 4282 ret = copy_metadata(a, tmp.s, pathname, compressed); 4283 } 4284 unlink(tmp.s); 4285 archive_string_free(&tmp); 4286 return (ret); 4287} 4288 4289static int 4290fixup_appledouble(struct archive_write_disk *a, const char *pathname) 4291{ 4292 char buff[8]; 4293 struct stat st; 4294 const char *p; 4295 struct archive_string datafork; 4296 int fd = -1, ret = ARCHIVE_OK; 4297 4298 archive_string_init(&datafork); 4299 /* Check if the current file name is a type of the resource 4300 * fork file. */ 4301 p = strrchr(pathname, '/'); 4302 if (p == NULL) 4303 p = pathname; 4304 else 4305 p++; 4306 if (p[0] != '.' || p[1] != '_') 4307 goto skip_appledouble; 4308 4309 /* 4310 * Check if the data fork file exists. 4311 * 4312 * TODO: Check if this write disk object has handled it. 4313 */ 4314 archive_strncpy(&datafork, pathname, p - pathname); 4315 archive_strcat(&datafork, p + 2); 4316 if (lstat(datafork.s, &st) == -1 || 4317 (st.st_mode & AE_IFMT) != AE_IFREG) 4318 goto skip_appledouble; 4319 4320 /* 4321 * Check if the file is in the AppleDouble form. 4322 */ 4323 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC); 4324 __archive_ensure_cloexec_flag(fd); 4325 if (fd == -1) { 4326 archive_set_error(&a->archive, errno, 4327 "Failed to open a restoring file"); 4328 ret = ARCHIVE_WARN; 4329 goto skip_appledouble; 4330 } 4331 if (read(fd, buff, 8) == -1) { 4332 archive_set_error(&a->archive, errno, 4333 "Failed to read a restoring file"); 4334 close(fd); 4335 ret = ARCHIVE_WARN; 4336 goto skip_appledouble; 4337 } 4338 close(fd); 4339 /* Check AppleDouble Magic Code. */ 4340 if (archive_be32dec(buff) != 0x00051607) 4341 goto skip_appledouble; 4342 /* Check AppleDouble Version. */ 4343 if (archive_be32dec(buff+4) != 0x00020000) 4344 goto skip_appledouble; 4345 4346 ret = copy_metadata(a, pathname, datafork.s, 4347#if defined(UF_COMPRESSED) 4348 st.st_flags & UF_COMPRESSED); 4349#else 4350 0); 4351#endif 4352 if (ret == ARCHIVE_OK) { 4353 unlink(pathname); 4354 ret = ARCHIVE_EOF; 4355 } 4356skip_appledouble: 4357 archive_string_free(&datafork); 4358 return (ret); 4359} 4360#endif 4361 4362#if ARCHIVE_XATTR_LINUX || ARCHIVE_XATTR_DARWIN || ARCHIVE_XATTR_AIX 4363/* 4364 * Restore extended attributes - Linux, Darwin and AIX implementations: 4365 * AIX' ea interface is syntaxwise identical to the Linux xattr interface. 4366 */ 4367static int 4368set_xattrs(struct archive_write_disk *a) 4369{ 4370 struct archive_entry *entry = a->entry; 4371 struct archive_string errlist; 4372 int ret = ARCHIVE_OK; 4373 int i = archive_entry_xattr_reset(entry); 4374 short fail = 0; 4375 4376 archive_string_init(&errlist); 4377 4378 while (i--) { 4379 const char *name; 4380 const void *value; 4381 size_t size; 4382 int e; 4383 4384 archive_entry_xattr_next(entry, &name, &value, &size); 4385 4386 if (name == NULL) 4387 continue; 4388#if ARCHIVE_XATTR_LINUX 4389 /* Linux: quietly skip POSIX.1e ACL extended attributes */ 4390 if (strncmp(name, "system.", 7) == 0 && 4391 (strcmp(name + 7, "posix_acl_access") == 0 || 4392 strcmp(name + 7, "posix_acl_default") == 0)) 4393 continue; 4394 if (strncmp(name, "trusted.SGI_", 12) == 0 && 4395 (strcmp(name + 12, "ACL_DEFAULT") == 0 || 4396 strcmp(name + 12, "ACL_FILE") == 0)) 4397 continue; 4398 4399 /* Linux: xfsroot namespace is obsolete and unsupported */ 4400 if (strncmp(name, "xfsroot.", 8) == 0) { 4401 fail = 1; 4402 archive_strcat(&errlist, name); 4403 archive_strappend_char(&errlist, ' '); 4404 continue; 4405 } 4406#endif 4407 4408 if (a->fd >= 0) { 4409#if ARCHIVE_XATTR_LINUX 4410 e = fsetxattr(a->fd, name, value, size, 0); 4411#elif ARCHIVE_XATTR_DARWIN 4412 e = fsetxattr(a->fd, name, value, size, 0, 0); 4413#elif ARCHIVE_XATTR_AIX 4414 e = fsetea(a->fd, name, value, size, 0); 4415#endif 4416 } else { 4417#if ARCHIVE_XATTR_LINUX 4418 e = lsetxattr(archive_entry_pathname(entry), 4419 name, value, size, 0); 4420#elif ARCHIVE_XATTR_DARWIN 4421 e = setxattr(archive_entry_pathname(entry), 4422 name, value, size, 0, XATTR_NOFOLLOW); 4423#elif ARCHIVE_XATTR_AIX 4424 e = lsetea(archive_entry_pathname(entry), 4425 name, value, size, 0); 4426#endif 4427 } 4428 if (e == -1) { 4429 ret = ARCHIVE_WARN; 4430 archive_strcat(&errlist, name); 4431 archive_strappend_char(&errlist, ' '); 4432 if (errno != ENOTSUP && errno != ENOSYS) 4433 fail = 1; 4434 } 4435 } 4436 4437 if (ret == ARCHIVE_WARN) { 4438 if (fail && errlist.length > 0) { 4439 errlist.length--; 4440 errlist.s[errlist.length] = '\0'; 4441 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4442 "Cannot restore extended attributes: %s", 4443 errlist.s); 4444 } else 4445 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4446 "Cannot restore extended " 4447 "attributes on this file system."); 4448 } 4449 4450 archive_string_free(&errlist); 4451 return (ret); 4452} 4453#elif ARCHIVE_XATTR_FREEBSD 4454/* 4455 * Restore extended attributes - FreeBSD implementation 4456 */ 4457static int 4458set_xattrs(struct archive_write_disk *a) 4459{ 4460 struct archive_entry *entry = a->entry; 4461 struct archive_string errlist; 4462 int ret = ARCHIVE_OK; 4463 int i = archive_entry_xattr_reset(entry); 4464 short fail = 0; 4465 4466 archive_string_init(&errlist); 4467 4468 while (i--) { 4469 const char *name; 4470 const void *value; 4471 size_t size; 4472 archive_entry_xattr_next(entry, &name, &value, &size); 4473 if (name != NULL) { 4474 ssize_t e; 4475 int namespace; 4476 4477 namespace = EXTATTR_NAMESPACE_USER; 4478 4479 if (strncmp(name, "user.", 5) == 0) { 4480 /* "user." attributes go to user namespace */ 4481 name += 5; 4482 namespace = EXTATTR_NAMESPACE_USER; 4483 } else if (strncmp(name, "system.", 7) == 0) { 4484 name += 7; 4485 namespace = EXTATTR_NAMESPACE_SYSTEM; 4486 if (!strcmp(name, "nfs4.acl") || 4487 !strcmp(name, "posix1e.acl_access") || 4488 !strcmp(name, "posix1e.acl_default")) 4489 continue; 4490 } else { 4491 /* Other namespaces are unsupported */ 4492 archive_strcat(&errlist, name); 4493 archive_strappend_char(&errlist, ' '); 4494 fail = 1; 4495 ret = ARCHIVE_WARN; 4496 continue; 4497 } 4498 4499 if (a->fd >= 0) { 4500 /* 4501 * On FreeBSD, extattr_set_fd does not 4502 * return the same as 4503 * extattr_set_file. It returns zero 4504 * on success, non-zero on failure. 4505 * 4506 * We can detect the failure by 4507 * manually setting errno prior to the 4508 * call and checking after. 4509 * 4510 * If errno remains zero, fake the 4511 * return value by setting e to size. 4512 * 4513 * This is a hack for now until I 4514 * (Shawn Webb) get FreeBSD to fix the 4515 * issue, if that's even possible. 4516 */ 4517 errno = 0; 4518 e = extattr_set_fd(a->fd, namespace, name, 4519 value, size); 4520 if (e == 0 && errno == 0) { 4521 e = size; 4522 } 4523 } else { 4524 e = extattr_set_link( 4525 archive_entry_pathname(entry), namespace, 4526 name, value, size); 4527 } 4528 if (e != (ssize_t)size) { 4529 archive_strcat(&errlist, name); 4530 archive_strappend_char(&errlist, ' '); 4531 ret = ARCHIVE_WARN; 4532 if (errno != ENOTSUP && errno != ENOSYS) 4533 fail = 1; 4534 } 4535 } 4536 } 4537 4538 if (ret == ARCHIVE_WARN) { 4539 if (fail && errlist.length > 0) { 4540 errlist.length--; 4541 errlist.s[errlist.length] = '\0'; 4542 4543 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4544 "Cannot restore extended attributes: %s", 4545 errlist.s); 4546 } else 4547 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4548 "Cannot restore extended " 4549 "attributes on this file system."); 4550 } 4551 4552 archive_string_free(&errlist); 4553 return (ret); 4554} 4555#else 4556/* 4557 * Restore extended attributes - stub implementation for unsupported systems 4558 */ 4559static int 4560set_xattrs(struct archive_write_disk *a) 4561{ 4562 static int warning_done = 0; 4563 4564 /* If there aren't any extended attributes, then it's okay not 4565 * to extract them, otherwise, issue a single warning. */ 4566 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) { 4567 warning_done = 1; 4568 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 4569 "Cannot restore extended attributes on this system"); 4570 return (ARCHIVE_WARN); 4571 } 4572 /* Warning was already emitted; suppress further warnings. */ 4573 return (ARCHIVE_OK); 4574} 4575#endif 4576 4577/* 4578 * Test if file on disk is older than entry. 4579 */ 4580static int 4581older(struct stat *st, struct archive_entry *entry) 4582{ 4583 /* First, test the seconds and return if we have a definite answer. */ 4584 /* Definitely older. */ 4585 if (to_int64_time(st->st_mtime) < to_int64_time(archive_entry_mtime(entry))) 4586 return (1); 4587 /* Definitely younger. */ 4588 if (to_int64_time(st->st_mtime) > to_int64_time(archive_entry_mtime(entry))) 4589 return (0); 4590 /* If this platform supports fractional seconds, try those. */ 4591#if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC 4592 /* Definitely older. */ 4593 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry)) 4594 return (1); 4595#elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC 4596 /* Definitely older. */ 4597 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry)) 4598 return (1); 4599#elif HAVE_STRUCT_STAT_ST_MTIME_N 4600 /* older. */ 4601 if (st->st_mtime_n < archive_entry_mtime_nsec(entry)) 4602 return (1); 4603#elif HAVE_STRUCT_STAT_ST_UMTIME 4604 /* older. */ 4605 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry)) 4606 return (1); 4607#elif HAVE_STRUCT_STAT_ST_MTIME_USEC 4608 /* older. */ 4609 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry)) 4610 return (1); 4611#else 4612 /* This system doesn't have high-res timestamps. */ 4613#endif 4614 /* Same age or newer, so not older. */ 4615 return (0); 4616} 4617 4618#ifndef ARCHIVE_ACL_SUPPORT 4619int 4620archive_write_disk_set_acls(struct archive *a, int fd, const char *name, 4621 struct archive_acl *abstract_acl, __LA_MODE_T mode) 4622{ 4623 (void)a; /* UNUSED */ 4624 (void)fd; /* UNUSED */ 4625 (void)name; /* UNUSED */ 4626 (void)abstract_acl; /* UNUSED */ 4627 (void)mode; /* UNUSED */ 4628 return (ARCHIVE_OK); 4629} 4630#endif 4631 4632#endif /* !_WIN32 || __CYGWIN__ */ 4633 4634