1 /*-
2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
30
31 #if !defined(_WIN32) || defined(__CYGWIN__)
32
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
35 #endif
36 #ifdef HAVE_SYS_ACL_H
37 #include <sys/acl.h>
38 #endif
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
41 #endif
42 #if HAVE_SYS_XATTR_H
43 #include <sys/xattr.h>
44 #elif HAVE_ATTR_XATTR_H
45 #include <attr/xattr.h>
46 #endif
47 #ifdef HAVE_SYS_EA_H
48 #include <sys/ea.h>
49 #endif
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
52 #endif
53 #ifdef HAVE_SYS_STAT_H
54 #include <sys/stat.h>
55 #endif
56 #ifdef HAVE_SYS_TIME_H
57 #include <sys/time.h>
58 #endif
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
61 #endif
62 #ifdef HAVE_COPYFILE_H
63 #include <copyfile.h>
64 #endif
65 #ifdef HAVE_ERRNO_H
66 #include <errno.h>
67 #endif
68 #ifdef HAVE_FCNTL_H
69 #include <fcntl.h>
70 #endif
71 #ifdef HAVE_GRP_H
72 #include <grp.h>
73 #endif
74 #ifdef HAVE_LANGINFO_H
75 #include <langinfo.h>
76 #endif
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
79 #endif
80 /*
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
83 */
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
86 #endif
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
89 #endif
90 #ifdef HAVE_LIMITS_H
91 #include <limits.h>
92 #endif
93 #ifdef HAVE_PWD_H
94 #include <pwd.h>
95 #endif
96 #include <stdio.h>
97 #ifdef HAVE_STDLIB_H
98 #include <stdlib.h>
99 #endif
100 #ifdef HAVE_STRING_H
101 #include <string.h>
102 #endif
103 #ifdef HAVE_UNISTD_H
104 #include <unistd.h>
105 #endif
106 #ifdef HAVE_UTIME_H
107 #include <utime.h>
108 #endif
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
111 #endif
112
113 /*
114 * Macro to cast st_mtime and time_t to an int64 so that 2 numbers can reliably be compared.
115 *
116 * It assumes that the input is an integer type of no more than 64 bits.
117 * If the number is less than zero, t must be a signed type, so it fits in
118 * int64_t. Otherwise, it's a nonnegative value so we can cast it to uint64_t
119 * without loss. But it could be a large unsigned value, so we have to clip it
120 * to INT64_MAX.*
121 */
122 #define to_int64_time(t) \
123 ((t) < 0 ? (int64_t)(t) : (uint64_t)(t) > (uint64_t)INT64_MAX ? INT64_MAX : (int64_t)(t))
124
125 #if __APPLE__
126 #include <TargetConditionals.h>
127 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
128 #include <quarantine.h>
129 #define HAVE_QUARANTINE 1
130 #endif
131 #endif
132
133 #ifdef HAVE_ZLIB_H
134 #include <zlib.h>
135 #endif
136
137 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
138 * standard tag to mark files that have been downloaded as "tainted".
139 * On Mac OS, we should mark the extracted files as tainted if the
140 * archive being read was tainted. Windows has a similar feature; we
141 * should investigate ways to support this generically. */
142
143 #include "archive.h"
144 #include "archive_acl_private.h"
145 #include "archive_string.h"
146 #include "archive_endian.h"
147 #include "archive_entry.h"
148 #include "archive_private.h"
149 #include "archive_write_disk_private.h"
150
151 #ifndef O_BINARY
152 #define O_BINARY 0
153 #endif
154 #ifndef O_CLOEXEC
155 #define O_CLOEXEC 0
156 #endif
157
158 /* Ignore non-int O_NOFOLLOW constant. */
159 /* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
160 #if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
161 #undef O_NOFOLLOW
162 #endif
163
164 #ifndef O_NOFOLLOW
165 #define O_NOFOLLOW 0
166 #endif
167
168 #ifndef AT_FDCWD
169 #define AT_FDCWD -100
170 #endif
171
172 struct fixup_entry {
173 struct fixup_entry *next;
174 struct archive_acl acl;
175 mode_t mode;
176 __LA_MODE_T filetype;
177 int64_t atime;
178 int64_t birthtime;
179 int64_t mtime;
180 int64_t ctime;
181 unsigned long atime_nanos;
182 unsigned long birthtime_nanos;
183 unsigned long mtime_nanos;
184 unsigned long ctime_nanos;
185 unsigned long fflags_set;
186 size_t mac_metadata_size;
187 void *mac_metadata;
188 int fixup; /* bitmask of what needs fixing */
189 char *name;
190 };
191
192 /*
193 * We use a bitmask to track which operations remain to be done for
194 * this file. In particular, this helps us avoid unnecessary
195 * operations when it's possible to take care of one step as a
196 * side-effect of another. For example, mkdir() can specify the mode
197 * for the newly-created object but symlink() cannot. This means we
198 * can skip chmod() if mkdir() succeeded, but we must explicitly
199 * chmod() if we're trying to create a directory that already exists
200 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
201 * need to verify UID/GID before trying to restore SUID/SGID bits;
202 * that verification can occur explicitly through a stat() call or
203 * implicitly because of a successful chown() call.
204 */
205 #define TODO_MODE_FORCE 0x40000000
206 #define TODO_MODE_BASE 0x20000000
207 #define TODO_SUID 0x10000000
208 #define TODO_SUID_CHECK 0x08000000
209 #define TODO_SGID 0x04000000
210 #define TODO_SGID_CHECK 0x02000000
211 #define TODO_APPLEDOUBLE 0x01000000
212 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
213 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
214 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
215 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
216 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
217 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
218 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
219 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
220
221 struct archive_write_disk {
222 struct archive archive;
223
224 mode_t user_umask;
225 struct fixup_entry *fixup_list;
226 struct fixup_entry *current_fixup;
227 int64_t user_uid;
228 int skip_file_set;
229 int64_t skip_file_dev;
230 int64_t skip_file_ino;
231 time_t start_time;
232
233 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
234 void (*cleanup_gid)(void *private);
235 void *lookup_gid_data;
236 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
237 void (*cleanup_uid)(void *private);
238 void *lookup_uid_data;
239
240 /*
241 * Full path of last file to satisfy symlink checks.
242 */
243 struct archive_string path_safe;
244
245 /*
246 * Cached stat data from disk for the current entry.
247 * If this is valid, pst points to st. Otherwise,
248 * pst is null.
249 */
250 struct stat st;
251 struct stat *pst;
252
253 /* Information about the object being restored right now. */
254 struct archive_entry *entry; /* Entry being extracted. */
255 char *name; /* Name of entry, possibly edited. */
256 struct archive_string _name_data; /* backing store for 'name' */
257 char *tmpname; /* Temporary name * */
258 struct archive_string _tmpname_data; /* backing store for 'tmpname' */
259 /* Tasks remaining for this object. */
260 int todo;
261 /* Tasks deferred until end-of-archive. */
262 int deferred;
263 /* Options requested by the client. */
264 int flags;
265 /* Handle for the file we're restoring. */
266 int fd;
267 /* Current offset for writing data to the file. */
268 int64_t offset;
269 /* Last offset actually written to disk. */
270 int64_t fd_offset;
271 /* Total bytes actually written to files. */
272 int64_t total_bytes_written;
273 /* Maximum size of file, -1 if unknown. */
274 int64_t filesize;
275 /* Dir we were in before this restore; only for deep paths. */
276 int restore_pwd;
277 /* Mode we should use for this entry; affected by _PERM and umask. */
278 mode_t mode;
279 /* UID/GID to use in restoring this entry. */
280 int64_t uid;
281 int64_t gid;
282 /*
283 * HFS+ Compression.
284 */
285 /* Xattr "com.apple.decmpfs". */
286 uint32_t decmpfs_attr_size;
287 unsigned char *decmpfs_header_p;
288 /* ResourceFork set options used for fsetxattr. */
289 int rsrc_xattr_options;
290 /* Xattr "com.apple.ResourceFork". */
291 unsigned char *resource_fork;
292 size_t resource_fork_allocated_size;
293 unsigned int decmpfs_block_count;
294 uint32_t *decmpfs_block_info;
295 /* Buffer for compressed data. */
296 unsigned char *compressed_buffer;
297 size_t compressed_buffer_size;
298 size_t compressed_buffer_remaining;
299 /* The offset of the ResourceFork where compressed data will
300 * be placed. */
301 uint32_t compressed_rsrc_position;
302 uint32_t compressed_rsrc_position_v;
303 /* Buffer for uncompressed data. */
304 char *uncompressed_buffer;
305 size_t block_remaining_bytes;
306 size_t file_remaining_bytes;
307 #ifdef HAVE_ZLIB_H
308 z_stream stream;
309 int stream_valid;
310 int decmpfs_compression_level;
311 #endif
312 };
313
314 /*
315 * Default mode for dirs created automatically (will be modified by umask).
316 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
317 * by the process' file creation mask."
318 */
319 #define DEFAULT_DIR_MODE 0777
320 /*
321 * Dir modes are restored in two steps: During the extraction, the permissions
322 * in the archive are modified to match the following limits. During
323 * the post-extract fixup pass, the permissions from the archive are
324 * applied.
325 */
326 #define MINIMUM_DIR_MODE 0700
327 #define MAXIMUM_DIR_MODE 0775
328
329 /*
330 * Maximum uncompressed size of a decmpfs block.
331 */
332 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
333 /*
334 * HFS+ compression type.
335 */
336 #define CMP_XATTR 3/* Compressed data in xattr. */
337 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
338 /*
339 * HFS+ compression resource fork.
340 */
341 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
342 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
343 /* Size to write compressed data to resource fork. */
344 #define COMPRESSED_W_SIZE (64 * 1024)
345 /* decmpfs definitions. */
346 #define MAX_DECMPFS_XATTR_SIZE 3802
347 #ifndef DECMPFS_XATTR_NAME
348 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
349 #endif
350 #define DECMPFS_MAGIC 0x636d7066
351 #define DECMPFS_COMPRESSION_MAGIC 0
352 #define DECMPFS_COMPRESSION_TYPE 4
353 #define DECMPFS_UNCOMPRESSED_SIZE 8
354 #define DECMPFS_HEADER_SIZE 16
355
356 #define HFS_BLOCKS(s) ((s) >> 12)
357
358
359 static int la_opendirat(int, const char *);
360 static int la_mktemp(struct archive_write_disk *);
361 static int la_verify_filetype(mode_t, __LA_MODE_T);
362 static void fsobj_error(int *, struct archive_string *, int, const char *,
363 const char *);
364 static int check_symlinks_fsobj(char *, int *, struct archive_string *,
365 int, int);
366 static int check_symlinks(struct archive_write_disk *);
367 static int create_filesystem_object(struct archive_write_disk *);
368 static struct fixup_entry *current_fixup(struct archive_write_disk *,
369 const char *pathname);
370 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
371 static void edit_deep_directories(struct archive_write_disk *ad);
372 #endif
373 static int cleanup_pathname_fsobj(char *, int *, struct archive_string *,
374 int);
375 static int cleanup_pathname(struct archive_write_disk *);
376 static int create_dir(struct archive_write_disk *, char *);
377 static int create_parent_dir(struct archive_write_disk *, char *);
378 static ssize_t hfs_write_data_block(struct archive_write_disk *,
379 const char *, size_t);
380 static int fixup_appledouble(struct archive_write_disk *, const char *);
381 static int older(struct stat *, struct archive_entry *);
382 static int restore_entry(struct archive_write_disk *);
383 static int set_mac_metadata(struct archive_write_disk *, const char *,
384 const void *, size_t);
385 static int set_xattrs(struct archive_write_disk *);
386 static int clear_nochange_fflags(struct archive_write_disk *);
387 static int set_fflags(struct archive_write_disk *);
388 static int set_fflags_platform(struct archive_write_disk *, int fd,
389 const char *name, mode_t mode,
390 unsigned long fflags_set, unsigned long fflags_clear);
391 static int set_ownership(struct archive_write_disk *);
392 static int set_mode(struct archive_write_disk *, int mode);
393 static int set_time(int, int, const char *, time_t, long, time_t, long);
394 static int set_times(struct archive_write_disk *, int, int, const char *,
395 time_t, long, time_t, long, time_t, long, time_t, long);
396 static int set_times_from_entry(struct archive_write_disk *);
397 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
398 static ssize_t write_data_block(struct archive_write_disk *,
399 const char *, size_t);
400
401 static int _archive_write_disk_close(struct archive *);
402 static int _archive_write_disk_free(struct archive *);
403 static int _archive_write_disk_header(struct archive *,
404 struct archive_entry *);
405 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
406 static int _archive_write_disk_finish_entry(struct archive *);
407 static ssize_t _archive_write_disk_data(struct archive *, const void *,
408 size_t);
409 static ssize_t _archive_write_disk_data_block(struct archive *, const void *,
410 size_t, int64_t);
411
412 static int
la_mktemp(struct archive_write_disk * a)413 la_mktemp(struct archive_write_disk *a)
414 {
415 int oerrno, fd;
416 mode_t mode;
417
418 archive_string_empty(&a->_tmpname_data);
419 archive_string_sprintf(&a->_tmpname_data, "%s.XXXXXX", a->name);
420 a->tmpname = a->_tmpname_data.s;
421
422 fd = __archive_mkstemp(a->tmpname);
423 if (fd == -1)
424 return -1;
425
426 mode = a->mode & 0777 & ~a->user_umask;
427 if (fchmod(fd, mode) == -1) {
428 oerrno = errno;
429 close(fd);
430 errno = oerrno;
431 return -1;
432 }
433 return fd;
434 }
435
436 static int
la_opendirat(int fd,const char * path)437 la_opendirat(int fd, const char *path) {
438 const int flags = O_CLOEXEC
439 #if defined(O_BINARY)
440 | O_BINARY
441 #endif
442 #if defined(O_DIRECTORY)
443 | O_DIRECTORY
444 #endif
445 #if defined(O_PATH)
446 | O_PATH
447 #elif defined(O_SEARCH)
448 | O_SEARCH
449 #elif defined(__FreeBSD__) && defined(O_EXEC)
450 | O_EXEC
451 #else
452 | O_RDONLY
453 #endif
454 ;
455
456 #if !defined(HAVE_OPENAT)
457 if (fd != AT_FDCWD) {
458 errno = ENOTSUP;
459 return (-1);
460 } else
461 return (open(path, flags));
462 #else
463 return (openat(fd, path, flags));
464 #endif
465 }
466
467 static int
la_verify_filetype(mode_t mode,__LA_MODE_T filetype)468 la_verify_filetype(mode_t mode, __LA_MODE_T filetype) {
469 int ret = 0;
470
471 switch (filetype) {
472 case AE_IFREG:
473 ret = (S_ISREG(mode));
474 break;
475 case AE_IFDIR:
476 ret = (S_ISDIR(mode));
477 break;
478 case AE_IFLNK:
479 ret = (S_ISLNK(mode));
480 break;
481 case AE_IFSOCK:
482 ret = (S_ISSOCK(mode));
483 break;
484 case AE_IFCHR:
485 ret = (S_ISCHR(mode));
486 break;
487 case AE_IFBLK:
488 ret = (S_ISBLK(mode));
489 break;
490 case AE_IFIFO:
491 ret = (S_ISFIFO(mode));
492 break;
493 default:
494 break;
495 }
496
497 return (ret);
498 }
499
500 static int
lazy_stat(struct archive_write_disk * a)501 lazy_stat(struct archive_write_disk *a)
502 {
503 if (a->pst != NULL) {
504 /* Already have stat() data available. */
505 return (ARCHIVE_OK);
506 }
507 #ifdef HAVE_FSTAT
508 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
509 a->pst = &a->st;
510 return (ARCHIVE_OK);
511 }
512 #endif
513 /*
514 * XXX At this point, symlinks should not be hit, otherwise
515 * XXX a race occurred. Do we want to check explicitly for that?
516 */
517 if (lstat(a->name, &a->st) == 0) {
518 a->pst = &a->st;
519 return (ARCHIVE_OK);
520 }
521 archive_set_error(&a->archive, errno, "Couldn't stat file");
522 return (ARCHIVE_WARN);
523 }
524
525 static const struct archive_vtable
526 archive_write_disk_vtable = {
527 .archive_close = _archive_write_disk_close,
528 .archive_filter_bytes = _archive_write_disk_filter_bytes,
529 .archive_free = _archive_write_disk_free,
530 .archive_write_header = _archive_write_disk_header,
531 .archive_write_finish_entry = _archive_write_disk_finish_entry,
532 .archive_write_data = _archive_write_disk_data,
533 .archive_write_data_block = _archive_write_disk_data_block,
534 };
535
536 static int64_t
_archive_write_disk_filter_bytes(struct archive * _a,int n)537 _archive_write_disk_filter_bytes(struct archive *_a, int n)
538 {
539 struct archive_write_disk *a = (struct archive_write_disk *)_a;
540 (void)n; /* UNUSED */
541 if (n == -1 || n == 0)
542 return (a->total_bytes_written);
543 return (-1);
544 }
545
546
547 int
archive_write_disk_set_options(struct archive * _a,int flags)548 archive_write_disk_set_options(struct archive *_a, int flags)
549 {
550 struct archive_write_disk *a = (struct archive_write_disk *)_a;
551
552 a->flags = flags;
553 return (ARCHIVE_OK);
554 }
555
556
557 /*
558 * Extract this entry to disk.
559 *
560 * TODO: Validate hardlinks. According to the standards, we're
561 * supposed to check each extracted hardlink and squawk if it refers
562 * to a file that we didn't restore. I'm not entirely convinced this
563 * is a good idea, but more importantly: Is there any way to validate
564 * hardlinks without keeping a complete list of filenames from the
565 * entire archive?? Ugh.
566 *
567 */
568 static int
_archive_write_disk_header(struct archive * _a,struct archive_entry * entry)569 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
570 {
571 struct archive_write_disk *a = (struct archive_write_disk *)_a;
572 struct fixup_entry *fe;
573 const char *linkname;
574 int ret, r;
575
576 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
577 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
578 "archive_write_disk_header");
579 archive_clear_error(&a->archive);
580 if (a->archive.state & ARCHIVE_STATE_DATA) {
581 r = _archive_write_disk_finish_entry(&a->archive);
582 if (r == ARCHIVE_FATAL)
583 return (r);
584 }
585
586 /* Set up for this particular entry. */
587 a->pst = NULL;
588 a->current_fixup = NULL;
589 a->deferred = 0;
590 if (a->entry) {
591 archive_entry_free(a->entry);
592 a->entry = NULL;
593 }
594 a->entry = archive_entry_clone(entry);
595 a->fd = -1;
596 a->fd_offset = 0;
597 a->offset = 0;
598 a->restore_pwd = -1;
599 a->uid = a->user_uid;
600 a->mode = archive_entry_mode(a->entry);
601 if (archive_entry_size_is_set(a->entry))
602 a->filesize = archive_entry_size(a->entry);
603 else
604 a->filesize = -1;
605 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
606 a->name = a->_name_data.s;
607 archive_clear_error(&a->archive);
608
609 /*
610 * Clean up the requested path. This is necessary for correct
611 * dir restores; the dir restore logic otherwise gets messed
612 * up by nonsense like "dir/.".
613 */
614 ret = cleanup_pathname(a);
615 if (ret != ARCHIVE_OK)
616 return (ret);
617
618 /*
619 * Check if we have a hardlink that points to itself.
620 */
621 linkname = archive_entry_hardlink(a->entry);
622 if (linkname != NULL && strcmp(a->name, linkname) == 0) {
623 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
624 "Skipping hardlink pointing to itself: %s",
625 a->name);
626 return (ARCHIVE_WARN);
627 }
628
629 /*
630 * Query the umask so we get predictable mode settings.
631 * This gets done on every call to _write_header in case the
632 * user edits their umask during the extraction for some
633 * reason.
634 */
635 umask(a->user_umask = umask(0));
636
637 /* Figure out what we need to do for this entry. */
638 a->todo = TODO_MODE_BASE;
639 if (a->flags & ARCHIVE_EXTRACT_PERM) {
640 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
641 /*
642 * SGID requires an extra "check" step because we
643 * cannot easily predict the GID that the system will
644 * assign. (Different systems assign GIDs to files
645 * based on a variety of criteria, including process
646 * credentials and the gid of the enclosing
647 * directory.) We can only restore the SGID bit if
648 * the file has the right GID, and we only know the
649 * GID if we either set it (see set_ownership) or if
650 * we've actually called stat() on the file after it
651 * was restored. Since there are several places at
652 * which we might verify the GID, we need a TODO bit
653 * to keep track.
654 */
655 if (a->mode & S_ISGID)
656 a->todo |= TODO_SGID | TODO_SGID_CHECK;
657 /*
658 * Verifying the SUID is simpler, but can still be
659 * done in multiple ways, hence the separate "check" bit.
660 */
661 if (a->mode & S_ISUID)
662 a->todo |= TODO_SUID | TODO_SUID_CHECK;
663 } else {
664 /*
665 * User didn't request full permissions, so don't
666 * restore SUID, SGID bits and obey umask.
667 */
668 a->mode &= ~S_ISUID;
669 a->mode &= ~S_ISGID;
670 a->mode &= ~S_ISVTX;
671 a->mode &= ~a->user_umask;
672 }
673 if (a->flags & ARCHIVE_EXTRACT_OWNER)
674 a->todo |= TODO_OWNER;
675 if (a->flags & ARCHIVE_EXTRACT_TIME)
676 a->todo |= TODO_TIMES;
677 if (a->flags & ARCHIVE_EXTRACT_ACL) {
678 #if ARCHIVE_ACL_DARWIN
679 /*
680 * On MacOS, platform ACLs get stored in mac_metadata, too.
681 * If we intend to extract mac_metadata and it is present
682 * we skip extracting libarchive NFSv4 ACLs.
683 */
684 size_t metadata_size;
685
686 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 ||
687 archive_entry_mac_metadata(a->entry,
688 &metadata_size) == NULL || metadata_size == 0)
689 #endif
690 #if ARCHIVE_ACL_LIBRICHACL
691 /*
692 * RichACLs are stored in an extended attribute.
693 * If we intend to extract extended attributes and have this
694 * attribute we skip extracting libarchive NFSv4 ACLs.
695 */
696 short extract_acls = 1;
697 if (a->flags & ARCHIVE_EXTRACT_XATTR && (
698 archive_entry_acl_types(a->entry) &
699 ARCHIVE_ENTRY_ACL_TYPE_NFS4)) {
700 const char *attr_name;
701 const void *attr_value;
702 size_t attr_size;
703 int i = archive_entry_xattr_reset(a->entry);
704 while (i--) {
705 archive_entry_xattr_next(a->entry, &attr_name,
706 &attr_value, &attr_size);
707 if (attr_name != NULL && attr_value != NULL &&
708 attr_size > 0 && strcmp(attr_name,
709 "trusted.richacl") == 0) {
710 extract_acls = 0;
711 break;
712 }
713 }
714 }
715 if (extract_acls)
716 #endif
717 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL
718 {
719 #endif
720 if (archive_entry_filetype(a->entry) == AE_IFDIR)
721 a->deferred |= TODO_ACLS;
722 else
723 a->todo |= TODO_ACLS;
724 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL
725 }
726 #endif
727 }
728 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
729 if (archive_entry_filetype(a->entry) == AE_IFDIR)
730 a->deferred |= TODO_MAC_METADATA;
731 else
732 a->todo |= TODO_MAC_METADATA;
733 }
734 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
735 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
736 unsigned long set, clear;
737 archive_entry_fflags(a->entry, &set, &clear);
738 if ((set & ~clear) & UF_COMPRESSED) {
739 a->todo |= TODO_HFS_COMPRESSION;
740 a->decmpfs_block_count = (unsigned)-1;
741 }
742 }
743 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
744 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
745 a->todo |= TODO_HFS_COMPRESSION;
746 a->decmpfs_block_count = (unsigned)-1;
747 }
748 {
749 const char *p;
750
751 /* Check if the current file name is a type of the
752 * resource fork file. */
753 p = strrchr(a->name, '/');
754 if (p == NULL)
755 p = a->name;
756 else
757 p++;
758 if (p[0] == '.' && p[1] == '_') {
759 /* Do not compress "._XXX" files. */
760 a->todo &= ~TODO_HFS_COMPRESSION;
761 if (a->filesize > 0)
762 a->todo |= TODO_APPLEDOUBLE;
763 }
764 }
765 #endif
766
767 if (a->flags & ARCHIVE_EXTRACT_XATTR) {
768 #if ARCHIVE_XATTR_DARWIN
769 /*
770 * On MacOS, extended attributes get stored in mac_metadata,
771 * too. If we intend to extract mac_metadata and it is present
772 * we skip extracting extended attributes.
773 */
774 size_t metadata_size;
775
776 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 ||
777 archive_entry_mac_metadata(a->entry,
778 &metadata_size) == NULL || metadata_size == 0)
779 #endif
780 a->todo |= TODO_XATTR;
781 }
782 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
783 a->todo |= TODO_FFLAGS;
784 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
785 ret = check_symlinks(a);
786 if (ret != ARCHIVE_OK)
787 return (ret);
788 }
789 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
790 /* If path exceeds PATH_MAX, shorten the path. */
791 edit_deep_directories(a);
792 #endif
793
794 ret = restore_entry(a);
795
796 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
797 /*
798 * Check if the filesystem the file is restoring on supports
799 * HFS+ Compression. If not, cancel HFS+ Compression.
800 */
801 if (a->todo | TODO_HFS_COMPRESSION) {
802 /*
803 * NOTE: UF_COMPRESSED is ignored even if the filesystem
804 * supports HFS+ Compression because the file should
805 * have at least an extended attribute "com.apple.decmpfs"
806 * before the flag is set to indicate that the file have
807 * been compressed. If the filesystem does not support
808 * HFS+ Compression the system call will fail.
809 */
810 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
811 a->todo &= ~TODO_HFS_COMPRESSION;
812 }
813 #endif
814
815 /*
816 * TODO: There are rumours that some extended attributes must
817 * be restored before file data is written. If this is true,
818 * then we either need to write all extended attributes both
819 * before and after restoring the data, or find some rule for
820 * determining which must go first and which last. Due to the
821 * many ways people are using xattrs, this may prove to be an
822 * intractable problem.
823 */
824
825 #ifdef HAVE_FCHDIR
826 /* If we changed directory above, restore it here. */
827 if (a->restore_pwd >= 0) {
828 r = fchdir(a->restore_pwd);
829 if (r != 0) {
830 archive_set_error(&a->archive, errno,
831 "chdir() failure");
832 ret = ARCHIVE_FATAL;
833 }
834 close(a->restore_pwd);
835 a->restore_pwd = -1;
836 }
837 #endif
838
839 /*
840 * Fixup uses the unedited pathname from archive_entry_pathname(),
841 * because it is relative to the base dir and the edited path
842 * might be relative to some intermediate dir as a result of the
843 * deep restore logic.
844 */
845 if (a->deferred & TODO_MODE) {
846 fe = current_fixup(a, archive_entry_pathname(entry));
847 if (fe == NULL)
848 return (ARCHIVE_FATAL);
849 fe->filetype = archive_entry_filetype(entry);
850 fe->fixup |= TODO_MODE_BASE;
851 fe->mode = a->mode;
852 }
853
854 if ((a->deferred & TODO_TIMES)
855 && (archive_entry_mtime_is_set(entry)
856 || archive_entry_atime_is_set(entry))) {
857 fe = current_fixup(a, archive_entry_pathname(entry));
858 if (fe == NULL)
859 return (ARCHIVE_FATAL);
860 fe->filetype = archive_entry_filetype(entry);
861 fe->mode = a->mode;
862 fe->fixup |= TODO_TIMES;
863 if (archive_entry_atime_is_set(entry)) {
864 fe->atime = archive_entry_atime(entry);
865 fe->atime_nanos = archive_entry_atime_nsec(entry);
866 } else {
867 /* If atime is unset, use start time. */
868 fe->atime = a->start_time;
869 fe->atime_nanos = 0;
870 }
871 if (archive_entry_mtime_is_set(entry)) {
872 fe->mtime = archive_entry_mtime(entry);
873 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
874 } else {
875 /* If mtime is unset, use start time. */
876 fe->mtime = a->start_time;
877 fe->mtime_nanos = 0;
878 }
879 if (archive_entry_birthtime_is_set(entry)) {
880 fe->birthtime = archive_entry_birthtime(entry);
881 fe->birthtime_nanos = archive_entry_birthtime_nsec(
882 entry);
883 } else {
884 /* If birthtime is unset, use mtime. */
885 fe->birthtime = fe->mtime;
886 fe->birthtime_nanos = fe->mtime_nanos;
887 }
888 }
889
890 if (a->deferred & TODO_ACLS) {
891 fe = current_fixup(a, archive_entry_pathname(entry));
892 if (fe == NULL)
893 return (ARCHIVE_FATAL);
894 fe->filetype = archive_entry_filetype(entry);
895 fe->fixup |= TODO_ACLS;
896 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
897 }
898
899 if (a->deferred & TODO_MAC_METADATA) {
900 const void *metadata;
901 size_t metadata_size;
902 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
903 if (metadata != NULL && metadata_size > 0) {
904 fe = current_fixup(a, archive_entry_pathname(entry));
905 if (fe == NULL)
906 return (ARCHIVE_FATAL);
907 fe->filetype = archive_entry_filetype(entry);
908 fe->mac_metadata = malloc(metadata_size);
909 if (fe->mac_metadata != NULL) {
910 memcpy(fe->mac_metadata, metadata,
911 metadata_size);
912 fe->mac_metadata_size = metadata_size;
913 fe->fixup |= TODO_MAC_METADATA;
914 }
915 }
916 }
917
918 if (a->deferred & TODO_FFLAGS) {
919 fe = current_fixup(a, archive_entry_pathname(entry));
920 if (fe == NULL)
921 return (ARCHIVE_FATAL);
922 fe->filetype = archive_entry_filetype(entry);
923 fe->fixup |= TODO_FFLAGS;
924 /* TODO: Complete this.. defer fflags from below. */
925 }
926
927 /* We've created the object and are ready to pour data into it. */
928 if (ret >= ARCHIVE_WARN)
929 a->archive.state = ARCHIVE_STATE_DATA;
930 /*
931 * If it's not open, tell our client not to try writing.
932 * In particular, dirs, links, etc, don't get written to.
933 */
934 if (a->fd < 0) {
935 archive_entry_set_size(entry, 0);
936 a->filesize = 0;
937 }
938
939 return (ret);
940 }
941
942 int
archive_write_disk_set_skip_file(struct archive * _a,la_int64_t d,la_int64_t i)943 archive_write_disk_set_skip_file(struct archive *_a, la_int64_t d, la_int64_t i)
944 {
945 struct archive_write_disk *a = (struct archive_write_disk *)_a;
946 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
947 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
948 a->skip_file_set = 1;
949 a->skip_file_dev = d;
950 a->skip_file_ino = i;
951 return (ARCHIVE_OK);
952 }
953
954 static ssize_t
write_data_block(struct archive_write_disk * a,const char * buff,size_t size)955 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
956 {
957 uint64_t start_size = size;
958 ssize_t bytes_written = 0;
959 ssize_t block_size = 0, bytes_to_write;
960
961 if (size == 0)
962 return (ARCHIVE_OK);
963
964 if (a->filesize == 0 || a->fd < 0) {
965 archive_set_error(&a->archive, 0,
966 "Attempt to write to an empty file");
967 return (ARCHIVE_WARN);
968 }
969
970 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
971 #if HAVE_STRUCT_STAT_ST_BLKSIZE
972 int r;
973 if ((r = lazy_stat(a)) != ARCHIVE_OK)
974 return (r);
975 block_size = a->pst->st_blksize;
976 #else
977 /* XXX TODO XXX Is there a more appropriate choice here ? */
978 /* This needn't match the filesystem allocation size. */
979 block_size = 16*1024;
980 #endif
981 }
982
983 /* If this write would run beyond the file size, truncate it. */
984 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
985 start_size = size = (size_t)(a->filesize - a->offset);
986
987 /* Write the data. */
988 while (size > 0) {
989 if (block_size == 0) {
990 bytes_to_write = size;
991 } else {
992 /* We're sparsifying the file. */
993 const char *p, *end;
994 int64_t block_end;
995
996 /* Skip leading zero bytes. */
997 for (p = buff, end = buff + size; p < end; ++p) {
998 if (*p != '\0')
999 break;
1000 }
1001 a->offset += p - buff;
1002 size -= p - buff;
1003 buff = p;
1004 if (size == 0)
1005 break;
1006
1007 /* Calculate next block boundary after offset. */
1008 block_end
1009 = (a->offset / block_size + 1) * block_size;
1010
1011 /* If the adjusted write would cross block boundary,
1012 * truncate it to the block boundary. */
1013 bytes_to_write = size;
1014 if (a->offset + bytes_to_write > block_end)
1015 bytes_to_write = block_end - a->offset;
1016 }
1017 /* Seek if necessary to the specified offset. */
1018 if (a->offset != a->fd_offset) {
1019 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
1020 archive_set_error(&a->archive, errno,
1021 "Seek failed");
1022 return (ARCHIVE_FATAL);
1023 }
1024 a->fd_offset = a->offset;
1025 }
1026 bytes_written = write(a->fd, buff, bytes_to_write);
1027 if (bytes_written < 0) {
1028 archive_set_error(&a->archive, errno, "Write failed");
1029 return (ARCHIVE_WARN);
1030 }
1031 buff += bytes_written;
1032 size -= bytes_written;
1033 a->total_bytes_written += bytes_written;
1034 a->offset += bytes_written;
1035 a->fd_offset = a->offset;
1036 }
1037 return (start_size - size);
1038 }
1039
1040 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
1041 && defined(HAVE_ZLIB_H)
1042
1043 /*
1044 * Set UF_COMPRESSED file flag.
1045 * This have to be called after hfs_write_decmpfs() because if the
1046 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
1047 */
1048 static int
hfs_set_compressed_fflag(struct archive_write_disk * a)1049 hfs_set_compressed_fflag(struct archive_write_disk *a)
1050 {
1051 int r;
1052
1053 if ((r = lazy_stat(a)) != ARCHIVE_OK)
1054 return (r);
1055
1056 a->st.st_flags |= UF_COMPRESSED;
1057 if (fchflags(a->fd, a->st.st_flags) != 0) {
1058 archive_set_error(&a->archive, errno,
1059 "Failed to set UF_COMPRESSED file flag");
1060 return (ARCHIVE_WARN);
1061 }
1062 return (ARCHIVE_OK);
1063 }
1064
1065 /*
1066 * HFS+ Compression decmpfs
1067 *
1068 * +------------------------------+ +0
1069 * | Magic(LE 4 bytes) |
1070 * +------------------------------+
1071 * | Type(LE 4 bytes) |
1072 * +------------------------------+
1073 * | Uncompressed size(LE 8 bytes)|
1074 * +------------------------------+ +16
1075 * | |
1076 * | Compressed data |
1077 * | (Placed only if Type == 3) |
1078 * | |
1079 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
1080 *
1081 * Type is 3: decmpfs has compressed data.
1082 * Type is 4: Resource Fork has compressed data.
1083 */
1084 /*
1085 * Write "com.apple.decmpfs"
1086 */
1087 static int
hfs_write_decmpfs(struct archive_write_disk * a)1088 hfs_write_decmpfs(struct archive_write_disk *a)
1089 {
1090 int r;
1091 uint32_t compression_type;
1092
1093 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
1094 a->decmpfs_attr_size, 0, 0);
1095 if (r < 0) {
1096 archive_set_error(&a->archive, errno,
1097 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
1098 compression_type = archive_le32dec(
1099 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
1100 if (compression_type == CMP_RESOURCE_FORK)
1101 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
1102 XATTR_SHOWCOMPRESSION);
1103 return (ARCHIVE_WARN);
1104 }
1105 return (ARCHIVE_OK);
1106 }
1107
1108 /*
1109 * HFS+ Compression Resource Fork
1110 *
1111 * +-----------------------------+
1112 * | Header(260 bytes) |
1113 * +-----------------------------+
1114 * | Block count(LE 4 bytes) |
1115 * +-----------------------------+ --+
1116 * +-- | Offset (LE 4 bytes) | |
1117 * | | [distance from Block count] | | Block 0
1118 * | +-----------------------------+ |
1119 * | | Compressed size(LE 4 bytes) | |
1120 * | +-----------------------------+ --+
1121 * | | |
1122 * | | .................. |
1123 * | | |
1124 * | +-----------------------------+ --+
1125 * | | Offset (LE 4 bytes) | |
1126 * | +-----------------------------+ | Block (Block count -1)
1127 * | | Compressed size(LE 4 bytes) | |
1128 * +-> +-----------------------------+ --+
1129 * | Compressed data(n bytes) | Block 0
1130 * +-----------------------------+
1131 * | |
1132 * | .................. |
1133 * | |
1134 * +-----------------------------+
1135 * | Compressed data(n bytes) | Block (Block count -1)
1136 * +-----------------------------+
1137 * | Footer(50 bytes) |
1138 * +-----------------------------+
1139 *
1140 */
1141 /*
1142 * Write the header of "com.apple.ResourceFork"
1143 */
1144 static int
hfs_write_resource_fork(struct archive_write_disk * a,unsigned char * buff,size_t bytes,uint32_t position)1145 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
1146 size_t bytes, uint32_t position)
1147 {
1148 int ret;
1149
1150 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
1151 position, a->rsrc_xattr_options);
1152 if (ret < 0) {
1153 archive_set_error(&a->archive, errno,
1154 "Cannot restore xattr: %s at %u pos %u bytes",
1155 XATTR_RESOURCEFORK_NAME,
1156 (unsigned)position,
1157 (unsigned)bytes);
1158 return (ARCHIVE_WARN);
1159 }
1160 a->rsrc_xattr_options &= ~XATTR_CREATE;
1161 return (ARCHIVE_OK);
1162 }
1163
1164 static int
hfs_write_compressed_data(struct archive_write_disk * a,size_t bytes_compressed)1165 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
1166 {
1167 int ret;
1168
1169 ret = hfs_write_resource_fork(a, a->compressed_buffer,
1170 bytes_compressed, a->compressed_rsrc_position);
1171 if (ret == ARCHIVE_OK)
1172 a->compressed_rsrc_position += bytes_compressed;
1173 return (ret);
1174 }
1175
1176 static int
hfs_write_resource_fork_header(struct archive_write_disk * a)1177 hfs_write_resource_fork_header(struct archive_write_disk *a)
1178 {
1179 unsigned char *buff;
1180 uint32_t rsrc_bytes;
1181 uint32_t rsrc_header_bytes;
1182
1183 /*
1184 * Write resource fork header + block info.
1185 */
1186 buff = a->resource_fork;
1187 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
1188 rsrc_header_bytes =
1189 RSRC_H_SIZE + /* Header base size. */
1190 4 + /* Block count. */
1191 (a->decmpfs_block_count * 8);/* Block info */
1192 archive_be32enc(buff, 0x100);
1193 archive_be32enc(buff + 4, rsrc_bytes);
1194 archive_be32enc(buff + 8, rsrc_bytes - 256);
1195 archive_be32enc(buff + 12, 0x32);
1196 memset(buff + 16, 0, 240);
1197 archive_be32enc(buff + 256, rsrc_bytes - 260);
1198 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1199 }
1200
1201 static size_t
hfs_set_resource_fork_footer(unsigned char * buff,size_t buff_size)1202 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1203 {
1204 static const char rsrc_footer[RSRC_F_SIZE] = {
1205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1206 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1207 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1208 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1209 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1210 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1211 0x00, 0x00
1212 };
1213 if (buff_size < sizeof(rsrc_footer))
1214 return (0);
1215 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1216 return (sizeof(rsrc_footer));
1217 }
1218
1219 static int
hfs_reset_compressor(struct archive_write_disk * a)1220 hfs_reset_compressor(struct archive_write_disk *a)
1221 {
1222 int ret;
1223
1224 if (a->stream_valid)
1225 ret = deflateReset(&a->stream);
1226 else
1227 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1228
1229 if (ret != Z_OK) {
1230 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1231 "Failed to initialize compressor");
1232 return (ARCHIVE_FATAL);
1233 } else
1234 a->stream_valid = 1;
1235
1236 return (ARCHIVE_OK);
1237 }
1238
1239 static int
hfs_decompress(struct archive_write_disk * a)1240 hfs_decompress(struct archive_write_disk *a)
1241 {
1242 uint32_t *block_info;
1243 unsigned int block_count;
1244 uint32_t data_pos, data_size;
1245 ssize_t r;
1246 ssize_t bytes_written, bytes_to_write;
1247 unsigned char *b;
1248
1249 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1250 block_count = archive_le32dec(block_info++);
1251 while (block_count--) {
1252 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1253 data_size = archive_le32dec(block_info++);
1254 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1255 a->compressed_buffer, data_size, data_pos, 0);
1256 if (r != data_size) {
1257 archive_set_error(&a->archive,
1258 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1259 "Failed to read resource fork");
1260 return (ARCHIVE_WARN);
1261 }
1262 if (a->compressed_buffer[0] == 0xff) {
1263 bytes_to_write = data_size -1;
1264 b = a->compressed_buffer + 1;
1265 } else {
1266 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1267 int zr;
1268
1269 zr = uncompress((Bytef *)a->uncompressed_buffer,
1270 &dest_len, a->compressed_buffer, data_size);
1271 if (zr != Z_OK) {
1272 archive_set_error(&a->archive,
1273 ARCHIVE_ERRNO_MISC,
1274 "Failed to decompress resource fork");
1275 return (ARCHIVE_WARN);
1276 }
1277 bytes_to_write = dest_len;
1278 b = (unsigned char *)a->uncompressed_buffer;
1279 }
1280 do {
1281 bytes_written = write(a->fd, b, bytes_to_write);
1282 if (bytes_written < 0) {
1283 archive_set_error(&a->archive, errno,
1284 "Write failed");
1285 return (ARCHIVE_WARN);
1286 }
1287 bytes_to_write -= bytes_written;
1288 b += bytes_written;
1289 } while (bytes_to_write > 0);
1290 }
1291 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1292 if (r == -1) {
1293 archive_set_error(&a->archive, errno,
1294 "Failed to remove resource fork");
1295 return (ARCHIVE_WARN);
1296 }
1297 return (ARCHIVE_OK);
1298 }
1299
1300 static int
hfs_drive_compressor(struct archive_write_disk * a,const char * buff,size_t size)1301 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1302 size_t size)
1303 {
1304 unsigned char *buffer_compressed;
1305 size_t bytes_compressed;
1306 size_t bytes_used;
1307 int ret;
1308
1309 ret = hfs_reset_compressor(a);
1310 if (ret != ARCHIVE_OK)
1311 return (ret);
1312
1313 if (a->compressed_buffer == NULL) {
1314 size_t block_size;
1315
1316 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1317 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1318 a->compressed_buffer = malloc(block_size);
1319 if (a->compressed_buffer == NULL) {
1320 archive_set_error(&a->archive, ENOMEM,
1321 "Can't allocate memory for Resource Fork");
1322 return (ARCHIVE_FATAL);
1323 }
1324 a->compressed_buffer_size = block_size;
1325 a->compressed_buffer_remaining = block_size;
1326 }
1327
1328 buffer_compressed = a->compressed_buffer +
1329 a->compressed_buffer_size - a->compressed_buffer_remaining;
1330 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1331 a->stream.avail_in = size;
1332 a->stream.next_out = buffer_compressed;
1333 a->stream.avail_out = a->compressed_buffer_remaining;
1334 do {
1335 ret = deflate(&a->stream, Z_FINISH);
1336 switch (ret) {
1337 case Z_OK:
1338 case Z_STREAM_END:
1339 break;
1340 default:
1341 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1342 "Failed to compress data");
1343 return (ARCHIVE_FAILED);
1344 }
1345 } while (ret == Z_OK);
1346 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1347
1348 /*
1349 * If the compressed size is larger than the original size,
1350 * throw away compressed data, use uncompressed data instead.
1351 */
1352 if (bytes_compressed > size) {
1353 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1354 memcpy(buffer_compressed + 1, buff, size);
1355 bytes_compressed = size + 1;
1356 }
1357 a->compressed_buffer_remaining -= bytes_compressed;
1358
1359 /*
1360 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1361 * and the block count in the file is only one, store compressed
1362 * data to decmpfs xattr instead of the resource fork.
1363 */
1364 if (a->decmpfs_block_count == 1 &&
1365 (a->decmpfs_attr_size + bytes_compressed)
1366 <= MAX_DECMPFS_XATTR_SIZE) {
1367 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1368 CMP_XATTR);
1369 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1370 buffer_compressed, bytes_compressed);
1371 a->decmpfs_attr_size += bytes_compressed;
1372 a->compressed_buffer_remaining = a->compressed_buffer_size;
1373 /*
1374 * Finish HFS+ Compression.
1375 * - Write the decmpfs xattr.
1376 * - Set the UF_COMPRESSED file flag.
1377 */
1378 ret = hfs_write_decmpfs(a);
1379 if (ret == ARCHIVE_OK)
1380 ret = hfs_set_compressed_fflag(a);
1381 return (ret);
1382 }
1383
1384 /* Update block info. */
1385 archive_le32enc(a->decmpfs_block_info++,
1386 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1387 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1388 a->compressed_rsrc_position_v += bytes_compressed;
1389
1390 /*
1391 * Write the compressed data to the resource fork.
1392 */
1393 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1394 while (bytes_used >= COMPRESSED_W_SIZE) {
1395 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1396 if (ret != ARCHIVE_OK)
1397 return (ret);
1398 bytes_used -= COMPRESSED_W_SIZE;
1399 if (bytes_used > COMPRESSED_W_SIZE)
1400 memmove(a->compressed_buffer,
1401 a->compressed_buffer + COMPRESSED_W_SIZE,
1402 bytes_used);
1403 else
1404 memcpy(a->compressed_buffer,
1405 a->compressed_buffer + COMPRESSED_W_SIZE,
1406 bytes_used);
1407 }
1408 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1409
1410 /*
1411 * If the current block is the last block, write the remaining
1412 * compressed data and the resource fork footer.
1413 */
1414 if (a->file_remaining_bytes == 0) {
1415 size_t rsrc_size;
1416 int64_t bk;
1417
1418 /* Append the resource footer. */
1419 rsrc_size = hfs_set_resource_fork_footer(
1420 a->compressed_buffer + bytes_used,
1421 a->compressed_buffer_remaining);
1422 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1423 a->compressed_buffer_remaining = a->compressed_buffer_size;
1424
1425 /* If the compressed size is not enough smaller than
1426 * the uncompressed size. cancel HFS+ compression.
1427 * TODO: study a behavior of ditto utility and improve
1428 * the condition to fall back into no HFS+ compression. */
1429 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1430 bk += bk >> 7;
1431 if (bk > HFS_BLOCKS(a->filesize))
1432 return hfs_decompress(a);
1433 /*
1434 * Write the resourcefork header.
1435 */
1436 if (ret == ARCHIVE_OK)
1437 ret = hfs_write_resource_fork_header(a);
1438 /*
1439 * Finish HFS+ Compression.
1440 * - Write the decmpfs xattr.
1441 * - Set the UF_COMPRESSED file flag.
1442 */
1443 if (ret == ARCHIVE_OK)
1444 ret = hfs_write_decmpfs(a);
1445 if (ret == ARCHIVE_OK)
1446 ret = hfs_set_compressed_fflag(a);
1447 }
1448 return (ret);
1449 }
1450
1451 static ssize_t
hfs_write_decmpfs_block(struct archive_write_disk * a,const char * buff,size_t size)1452 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1453 size_t size)
1454 {
1455 const char *buffer_to_write;
1456 size_t bytes_to_write;
1457 int ret;
1458
1459 if (a->decmpfs_block_count == (unsigned)-1) {
1460 void *new_block;
1461 size_t new_size;
1462 unsigned int block_count;
1463
1464 if (a->decmpfs_header_p == NULL) {
1465 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1466 + sizeof(uint32_t));
1467 if (new_block == NULL) {
1468 archive_set_error(&a->archive, ENOMEM,
1469 "Can't allocate memory for decmpfs");
1470 return (ARCHIVE_FATAL);
1471 }
1472 a->decmpfs_header_p = new_block;
1473 }
1474 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1475 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1476 DECMPFS_MAGIC);
1477 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1478 CMP_RESOURCE_FORK);
1479 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1480 a->filesize);
1481
1482 /* Calculate a block count of the file. */
1483 block_count =
1484 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1485 MAX_DECMPFS_BLOCK_SIZE;
1486 /*
1487 * Allocate buffer for resource fork.
1488 * Set up related pointers;
1489 */
1490 new_size =
1491 RSRC_H_SIZE + /* header */
1492 4 + /* Block count */
1493 (block_count * sizeof(uint32_t) * 2) +
1494 RSRC_F_SIZE; /* footer */
1495 if (new_size > a->resource_fork_allocated_size) {
1496 new_block = realloc(a->resource_fork, new_size);
1497 if (new_block == NULL) {
1498 archive_set_error(&a->archive, ENOMEM,
1499 "Can't allocate memory for ResourceFork");
1500 return (ARCHIVE_FATAL);
1501 }
1502 a->resource_fork_allocated_size = new_size;
1503 a->resource_fork = new_block;
1504 }
1505
1506 /* Allocate uncompressed buffer */
1507 if (a->uncompressed_buffer == NULL) {
1508 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1509 if (new_block == NULL) {
1510 archive_set_error(&a->archive, ENOMEM,
1511 "Can't allocate memory for decmpfs");
1512 return (ARCHIVE_FATAL);
1513 }
1514 a->uncompressed_buffer = new_block;
1515 }
1516 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1517 a->file_remaining_bytes = a->filesize;
1518 a->compressed_buffer_remaining = a->compressed_buffer_size;
1519
1520 /*
1521 * Set up a resource fork.
1522 */
1523 a->rsrc_xattr_options = XATTR_CREATE;
1524 /* Get the position where we are going to set a bunch
1525 * of block info. */
1526 a->decmpfs_block_info =
1527 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1528 /* Set the block count to the resource fork. */
1529 archive_le32enc(a->decmpfs_block_info++, block_count);
1530 /* Get the position where we are going to set compressed
1531 * data. */
1532 a->compressed_rsrc_position =
1533 RSRC_H_SIZE + 4 + (block_count * 8);
1534 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1535 a->decmpfs_block_count = block_count;
1536 }
1537
1538 /* Ignore redundant bytes. */
1539 if (a->file_remaining_bytes == 0)
1540 return ((ssize_t)size);
1541
1542 /* Do not overrun a block size. */
1543 if (size > a->block_remaining_bytes)
1544 bytes_to_write = a->block_remaining_bytes;
1545 else
1546 bytes_to_write = size;
1547 /* Do not overrun the file size. */
1548 if (bytes_to_write > a->file_remaining_bytes)
1549 bytes_to_write = a->file_remaining_bytes;
1550
1551 /* For efficiency, if a copy length is full of the uncompressed
1552 * buffer size, do not copy writing data to it. */
1553 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1554 buffer_to_write = buff;
1555 else {
1556 memcpy(a->uncompressed_buffer +
1557 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1558 buff, bytes_to_write);
1559 buffer_to_write = a->uncompressed_buffer;
1560 }
1561 a->block_remaining_bytes -= bytes_to_write;
1562 a->file_remaining_bytes -= bytes_to_write;
1563
1564 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1565 ret = hfs_drive_compressor(a, buffer_to_write,
1566 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1567 if (ret < 0)
1568 return (ret);
1569 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1570 }
1571 /* Ignore redundant bytes. */
1572 if (a->file_remaining_bytes == 0)
1573 return ((ssize_t)size);
1574 return (bytes_to_write);
1575 }
1576
1577 static ssize_t
hfs_write_data_block(struct archive_write_disk * a,const char * buff,size_t size)1578 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1579 size_t size)
1580 {
1581 uint64_t start_size = size;
1582 ssize_t bytes_written = 0;
1583 ssize_t bytes_to_write;
1584
1585 if (size == 0)
1586 return (ARCHIVE_OK);
1587
1588 if (a->filesize == 0 || a->fd < 0) {
1589 archive_set_error(&a->archive, 0,
1590 "Attempt to write to an empty file");
1591 return (ARCHIVE_WARN);
1592 }
1593
1594 /* If this write would run beyond the file size, truncate it. */
1595 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1596 start_size = size = (size_t)(a->filesize - a->offset);
1597
1598 /* Write the data. */
1599 while (size > 0) {
1600 bytes_to_write = size;
1601 /* Seek if necessary to the specified offset. */
1602 if (a->offset < a->fd_offset) {
1603 /* Can't support backward move. */
1604 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1605 "Seek failed");
1606 return (ARCHIVE_FATAL);
1607 } else if (a->offset > a->fd_offset) {
1608 int64_t skip = a->offset - a->fd_offset;
1609 char nullblock[1024];
1610
1611 memset(nullblock, 0, sizeof(nullblock));
1612 while (skip > 0) {
1613 if (skip > (int64_t)sizeof(nullblock))
1614 bytes_written = hfs_write_decmpfs_block(
1615 a, nullblock, sizeof(nullblock));
1616 else
1617 bytes_written = hfs_write_decmpfs_block(
1618 a, nullblock, skip);
1619 if (bytes_written < 0) {
1620 archive_set_error(&a->archive, errno,
1621 "Write failed");
1622 return (ARCHIVE_WARN);
1623 }
1624 skip -= bytes_written;
1625 }
1626
1627 a->fd_offset = a->offset;
1628 }
1629 bytes_written =
1630 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1631 if (bytes_written < 0)
1632 return (bytes_written);
1633 buff += bytes_written;
1634 size -= bytes_written;
1635 a->total_bytes_written += bytes_written;
1636 a->offset += bytes_written;
1637 a->fd_offset = a->offset;
1638 }
1639 return (start_size - size);
1640 }
1641 #else
1642 static ssize_t
hfs_write_data_block(struct archive_write_disk * a,const char * buff,size_t size)1643 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1644 size_t size)
1645 {
1646 return (write_data_block(a, buff, size));
1647 }
1648 #endif
1649
1650 static ssize_t
_archive_write_disk_data_block(struct archive * _a,const void * buff,size_t size,int64_t offset)1651 _archive_write_disk_data_block(struct archive *_a,
1652 const void *buff, size_t size, int64_t offset)
1653 {
1654 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1655 ssize_t r;
1656
1657 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1658 ARCHIVE_STATE_DATA, "archive_write_data_block");
1659
1660 a->offset = offset;
1661 if (a->todo & TODO_HFS_COMPRESSION)
1662 r = hfs_write_data_block(a, buff, size);
1663 else
1664 r = write_data_block(a, buff, size);
1665 if (r < ARCHIVE_OK)
1666 return (r);
1667 if ((size_t)r < size) {
1668 archive_set_error(&a->archive, 0,
1669 "Too much data: Truncating file at %ju bytes",
1670 (uintmax_t)a->filesize);
1671 return (ARCHIVE_WARN);
1672 }
1673 #if ARCHIVE_VERSION_NUMBER < 3999000
1674 return (ARCHIVE_OK);
1675 #else
1676 return (size);
1677 #endif
1678 }
1679
1680 static ssize_t
_archive_write_disk_data(struct archive * _a,const void * buff,size_t size)1681 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1682 {
1683 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1684
1685 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1686 ARCHIVE_STATE_DATA, "archive_write_data");
1687
1688 if (a->todo & TODO_HFS_COMPRESSION)
1689 return (hfs_write_data_block(a, buff, size));
1690 return (write_data_block(a, buff, size));
1691 }
1692
1693 static int
_archive_write_disk_finish_entry(struct archive * _a)1694 _archive_write_disk_finish_entry(struct archive *_a)
1695 {
1696 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1697 int ret = ARCHIVE_OK;
1698
1699 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1700 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1701 "archive_write_finish_entry");
1702 if (a->archive.state & ARCHIVE_STATE_HEADER)
1703 return (ARCHIVE_OK);
1704 archive_clear_error(&a->archive);
1705
1706 /* Pad or truncate file to the right size. */
1707 if (a->fd < 0) {
1708 /* There's no file. */
1709 } else if (a->filesize < 0) {
1710 /* File size is unknown, so we can't set the size. */
1711 } else if (a->fd_offset == a->filesize) {
1712 /* Last write ended at exactly the filesize; we're done. */
1713 /* Hopefully, this is the common case. */
1714 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1715 } else if (a->todo & TODO_HFS_COMPRESSION) {
1716 char null_d[1024];
1717 ssize_t r;
1718
1719 if (a->file_remaining_bytes)
1720 memset(null_d, 0, sizeof(null_d));
1721 while (a->file_remaining_bytes) {
1722 if (a->file_remaining_bytes > sizeof(null_d))
1723 r = hfs_write_data_block(
1724 a, null_d, sizeof(null_d));
1725 else
1726 r = hfs_write_data_block(
1727 a, null_d, a->file_remaining_bytes);
1728 if (r < 0)
1729 return ((int)r);
1730 }
1731 #endif
1732 } else {
1733 #if HAVE_FTRUNCATE
1734 if (ftruncate(a->fd, a->filesize) == -1 &&
1735 a->filesize == 0) {
1736 archive_set_error(&a->archive, errno,
1737 "File size could not be restored");
1738 return (ARCHIVE_FAILED);
1739 }
1740 #endif
1741 /*
1742 * Not all platforms implement the XSI option to
1743 * extend files via ftruncate. Stat() the file again
1744 * to see what happened.
1745 */
1746 a->pst = NULL;
1747 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1748 return (ret);
1749 /* We can use lseek()/write() to extend the file if
1750 * ftruncate didn't work or isn't available. */
1751 if (a->st.st_size < a->filesize) {
1752 const char nul = '\0';
1753 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1754 archive_set_error(&a->archive, errno,
1755 "Seek failed");
1756 return (ARCHIVE_FATAL);
1757 }
1758 if (write(a->fd, &nul, 1) < 0) {
1759 archive_set_error(&a->archive, errno,
1760 "Write to restore size failed");
1761 return (ARCHIVE_FATAL);
1762 }
1763 a->pst = NULL;
1764 }
1765 }
1766
1767 /* Restore metadata. */
1768
1769 /*
1770 * This is specific to Mac OS X.
1771 * If the current file is an AppleDouble file, it should be
1772 * linked with the data fork file and remove it.
1773 */
1774 if (a->todo & TODO_APPLEDOUBLE) {
1775 int r2 = fixup_appledouble(a, a->name);
1776 if (r2 == ARCHIVE_EOF) {
1777 /* The current file has been successfully linked
1778 * with the data fork file and removed. So there
1779 * is nothing to do on the current file. */
1780 goto finish_metadata;
1781 }
1782 if (r2 < ret) ret = r2;
1783 }
1784
1785 /*
1786 * Look up the "real" UID only if we're going to need it.
1787 * TODO: the TODO_SGID condition can be dropped here, can't it?
1788 */
1789 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1790 a->uid = archive_write_disk_uid(&a->archive,
1791 archive_entry_uname(a->entry),
1792 archive_entry_uid(a->entry));
1793 }
1794 /* Look up the "real" GID only if we're going to need it. */
1795 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1796 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1797 a->gid = archive_write_disk_gid(&a->archive,
1798 archive_entry_gname(a->entry),
1799 archive_entry_gid(a->entry));
1800 }
1801
1802 /*
1803 * Restore ownership before set_mode tries to restore suid/sgid
1804 * bits. If we set the owner, we know what it is and can skip
1805 * a stat() call to examine the ownership of the file on disk.
1806 */
1807 if (a->todo & TODO_OWNER) {
1808 int r2 = set_ownership(a);
1809 if (r2 < ret) ret = r2;
1810 }
1811
1812 /*
1813 * HYPOTHESIS:
1814 * If we're not root, we won't be setting any security
1815 * attributes that may be wiped by the set_mode() routine
1816 * below. We also can't set xattr on non-owner-writable files,
1817 * which may be the state after set_mode(). Perform
1818 * set_xattrs() first based on these constraints.
1819 */
1820 if (a->user_uid != 0 &&
1821 (a->todo & TODO_XATTR)) {
1822 int r2 = set_xattrs(a);
1823 if (r2 < ret) ret = r2;
1824 }
1825
1826 /*
1827 * set_mode must precede ACLs on systems such as Solaris and
1828 * FreeBSD where setting the mode implicitly clears extended ACLs
1829 */
1830 if (a->todo & TODO_MODE) {
1831 int r2 = set_mode(a, a->mode);
1832 if (r2 < ret) ret = r2;
1833 }
1834
1835 /*
1836 * Security-related extended attributes (such as
1837 * security.capability on Linux) have to be restored last,
1838 * since they're implicitly removed by other file changes.
1839 * We do this last only when root.
1840 */
1841 if (a->user_uid == 0 &&
1842 (a->todo & TODO_XATTR)) {
1843 int r2 = set_xattrs(a);
1844 if (r2 < ret) ret = r2;
1845 }
1846
1847 /*
1848 * Some flags prevent file modification; they must be restored after
1849 * file contents are written.
1850 */
1851 if (a->todo & TODO_FFLAGS) {
1852 int r2 = set_fflags(a);
1853 if (r2 < ret) ret = r2;
1854 }
1855
1856 /*
1857 * Time must follow most other metadata;
1858 * otherwise atime will get changed.
1859 */
1860 if (a->todo & TODO_TIMES) {
1861 int r2 = set_times_from_entry(a);
1862 if (r2 < ret) ret = r2;
1863 }
1864
1865 /*
1866 * Mac extended metadata includes ACLs.
1867 */
1868 if (a->todo & TODO_MAC_METADATA) {
1869 const void *metadata;
1870 size_t metadata_size;
1871 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1872 if (metadata != NULL && metadata_size > 0) {
1873 int r2 = set_mac_metadata(a, archive_entry_pathname(
1874 a->entry), metadata, metadata_size);
1875 if (r2 < ret) ret = r2;
1876 }
1877 }
1878
1879 /*
1880 * ACLs must be restored after timestamps because there are
1881 * ACLs that prevent attribute changes (including time).
1882 */
1883 if (a->todo & TODO_ACLS) {
1884 int r2;
1885 r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1886 archive_entry_pathname(a->entry),
1887 archive_entry_acl(a->entry),
1888 archive_entry_mode(a->entry));
1889 if (r2 < ret) ret = r2;
1890 }
1891
1892 finish_metadata:
1893 /* If there's an fd, we can close it now. */
1894 if (a->fd >= 0) {
1895 close(a->fd);
1896 a->fd = -1;
1897 if (a->tmpname) {
1898 if (rename(a->tmpname, a->name) == -1) {
1899 archive_set_error(&a->archive, errno,
1900 "Failed to rename temporary file");
1901 ret = ARCHIVE_FAILED;
1902 unlink(a->tmpname);
1903 }
1904 a->tmpname = NULL;
1905 }
1906 }
1907 /* If there's an entry, we can release it now. */
1908 archive_entry_free(a->entry);
1909 a->entry = NULL;
1910 a->archive.state = ARCHIVE_STATE_HEADER;
1911 return (ret);
1912 }
1913
1914 int
archive_write_disk_set_group_lookup(struct archive * _a,void * private_data,la_int64_t (* lookup_gid)(void * private,const char * gname,la_int64_t gid),void (* cleanup_gid)(void * private))1915 archive_write_disk_set_group_lookup(struct archive *_a,
1916 void *private_data,
1917 la_int64_t (*lookup_gid)(void *private, const char *gname, la_int64_t gid),
1918 void (*cleanup_gid)(void *private))
1919 {
1920 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1921 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1922 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1923
1924 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1925 (a->cleanup_gid)(a->lookup_gid_data);
1926
1927 a->lookup_gid = lookup_gid;
1928 a->cleanup_gid = cleanup_gid;
1929 a->lookup_gid_data = private_data;
1930 return (ARCHIVE_OK);
1931 }
1932
1933 int
archive_write_disk_set_user_lookup(struct archive * _a,void * private_data,int64_t (* lookup_uid)(void * private,const char * uname,int64_t uid),void (* cleanup_uid)(void * private))1934 archive_write_disk_set_user_lookup(struct archive *_a,
1935 void *private_data,
1936 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1937 void (*cleanup_uid)(void *private))
1938 {
1939 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1940 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1941 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1942
1943 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1944 (a->cleanup_uid)(a->lookup_uid_data);
1945
1946 a->lookup_uid = lookup_uid;
1947 a->cleanup_uid = cleanup_uid;
1948 a->lookup_uid_data = private_data;
1949 return (ARCHIVE_OK);
1950 }
1951
1952 int64_t
archive_write_disk_gid(struct archive * _a,const char * name,la_int64_t id)1953 archive_write_disk_gid(struct archive *_a, const char *name, la_int64_t id)
1954 {
1955 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1956 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1957 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1958 if (a->lookup_gid)
1959 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1960 return (id);
1961 }
1962
1963 int64_t
archive_write_disk_uid(struct archive * _a,const char * name,la_int64_t id)1964 archive_write_disk_uid(struct archive *_a, const char *name, la_int64_t id)
1965 {
1966 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1967 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1968 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1969 if (a->lookup_uid)
1970 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1971 return (id);
1972 }
1973
1974 /*
1975 * Create a new archive_write_disk object and initialize it with global state.
1976 */
1977 struct archive *
archive_write_disk_new(void)1978 archive_write_disk_new(void)
1979 {
1980 struct archive_write_disk *a;
1981
1982 a = (struct archive_write_disk *)calloc(1, sizeof(*a));
1983 if (a == NULL)
1984 return (NULL);
1985 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1986 /* We're ready to write a header immediately. */
1987 a->archive.state = ARCHIVE_STATE_HEADER;
1988 a->archive.vtable = &archive_write_disk_vtable;
1989 a->start_time = time(NULL);
1990 /* Query and restore the umask. */
1991 umask(a->user_umask = umask(0));
1992 #ifdef HAVE_GETEUID
1993 a->user_uid = geteuid();
1994 #endif /* HAVE_GETEUID */
1995 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1996 free(a);
1997 return (NULL);
1998 }
1999 #ifdef HAVE_ZLIB_H
2000 a->decmpfs_compression_level = 5;
2001 #endif
2002 return (&a->archive);
2003 }
2004
2005
2006 /*
2007 * If pathname is longer than PATH_MAX, chdir to a suitable
2008 * intermediate dir and edit the path down to a shorter suffix. Note
2009 * that this routine never returns an error; if the chdir() attempt
2010 * fails for any reason, we just go ahead with the long pathname. The
2011 * object creation is likely to fail, but any error will get handled
2012 * at that time.
2013 */
2014 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
2015 static void
edit_deep_directories(struct archive_write_disk * a)2016 edit_deep_directories(struct archive_write_disk *a)
2017 {
2018 int ret;
2019 char *tail = a->name;
2020
2021 /* If path is short, avoid the open() below. */
2022 if (strlen(tail) < PATH_MAX)
2023 return;
2024
2025 /* Try to record our starting dir. */
2026 a->restore_pwd = la_opendirat(AT_FDCWD, ".");
2027 __archive_ensure_cloexec_flag(a->restore_pwd);
2028 if (a->restore_pwd < 0)
2029 return;
2030
2031 /* As long as the path is too long... */
2032 while (strlen(tail) >= PATH_MAX) {
2033 /* Locate a dir prefix shorter than PATH_MAX. */
2034 tail += PATH_MAX - 8;
2035 while (tail > a->name && *tail != '/')
2036 tail--;
2037 /* Exit if we find a too-long path component. */
2038 if (tail <= a->name)
2039 return;
2040 /* Create the intermediate dir and chdir to it. */
2041 *tail = '\0'; /* Terminate dir portion */
2042 ret = create_dir(a, a->name);
2043 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
2044 ret = ARCHIVE_FAILED;
2045 *tail = '/'; /* Restore the / we removed. */
2046 if (ret != ARCHIVE_OK)
2047 return;
2048 tail++;
2049 /* The chdir() succeeded; we've now shortened the path. */
2050 a->name = tail;
2051 }
2052 return;
2053 }
2054 #endif
2055
2056 /*
2057 * The main restore function.
2058 */
2059 static int
restore_entry(struct archive_write_disk * a)2060 restore_entry(struct archive_write_disk *a)
2061 {
2062 int ret = ARCHIVE_OK, en;
2063
2064 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
2065 /*
2066 * TODO: Fix this. Apparently, there are platforms
2067 * that still allow root to hose the entire filesystem
2068 * by unlinking a dir. The S_ISDIR() test above
2069 * prevents us from using unlink() here if the new
2070 * object is a dir, but that doesn't mean the old
2071 * object isn't a dir.
2072 */
2073 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
2074 (void)clear_nochange_fflags(a);
2075 if (unlink(a->name) == 0) {
2076 /* We removed it, reset cached stat. */
2077 a->pst = NULL;
2078 } else if (errno == ENOENT) {
2079 /* File didn't exist, that's just as good. */
2080 } else if (rmdir(a->name) == 0) {
2081 /* It was a dir, but now it's gone. */
2082 a->pst = NULL;
2083 } else {
2084 /* We tried, but couldn't get rid of it. */
2085 archive_set_error(&a->archive, errno,
2086 "Could not unlink");
2087 return(ARCHIVE_FAILED);
2088 }
2089 }
2090
2091 /* Try creating it first; if this fails, we'll try to recover. */
2092 en = create_filesystem_object(a);
2093
2094 if ((en == ENOTDIR || en == ENOENT)
2095 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
2096 /* If the parent dir doesn't exist, try creating it. */
2097 create_parent_dir(a, a->name);
2098 /* Now try to create the object again. */
2099 en = create_filesystem_object(a);
2100 }
2101
2102 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) {
2103 archive_set_error(&a->archive, en,
2104 "Hard-link target '%s' does not exist.",
2105 archive_entry_hardlink(a->entry));
2106 return (ARCHIVE_FAILED);
2107 }
2108
2109 if ((en == EISDIR || en == EEXIST)
2110 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2111 /* If we're not overwriting, we're done. */
2112 if (S_ISDIR(a->mode)) {
2113 /* Don't overwrite any settings on existing directories. */
2114 a->todo = 0;
2115 }
2116 archive_entry_unset_size(a->entry);
2117 return (ARCHIVE_OK);
2118 }
2119
2120 /*
2121 * Some platforms return EISDIR if you call
2122 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
2123 * return EEXIST. POSIX is ambiguous, requiring EISDIR
2124 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
2125 * on an existing item.
2126 */
2127 if (en == EISDIR) {
2128 /* A dir is in the way of a non-dir, rmdir it. */
2129 if (rmdir(a->name) != 0) {
2130 archive_set_error(&a->archive, errno,
2131 "Can't remove already-existing dir");
2132 return (ARCHIVE_FAILED);
2133 }
2134 a->pst = NULL;
2135 /* Try again. */
2136 en = create_filesystem_object(a);
2137 } else if (en == EEXIST) {
2138 /*
2139 * We know something is in the way, but we don't know what;
2140 * we need to find out before we go any further.
2141 */
2142 int r = 0;
2143 /*
2144 * The SECURE_SYMLINKS logic has already removed a
2145 * symlink to a dir if the client wants that. So
2146 * follow the symlink if we're creating a dir.
2147 */
2148 if (S_ISDIR(a->mode))
2149 r = la_stat(a->name, &a->st);
2150 /*
2151 * If it's not a dir (or it's a broken symlink),
2152 * then don't follow it.
2153 */
2154 if (r != 0 || !S_ISDIR(a->mode))
2155 r = lstat(a->name, &a->st);
2156 if (r != 0) {
2157 archive_set_error(&a->archive, errno,
2158 "Can't stat existing object");
2159 return (ARCHIVE_FAILED);
2160 }
2161
2162 /*
2163 * NO_OVERWRITE_NEWER doesn't apply to directories.
2164 */
2165 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
2166 && !S_ISDIR(a->st.st_mode)) {
2167 if (!older(&(a->st), a->entry)) {
2168 archive_entry_unset_size(a->entry);
2169 return (ARCHIVE_OK);
2170 }
2171 }
2172
2173 /* If it's our archive, we're done. */
2174 if (a->skip_file_set &&
2175 a->st.st_dev == (dev_t)a->skip_file_dev &&
2176 a->st.st_ino == (ino_t)a->skip_file_ino) {
2177 archive_set_error(&a->archive, 0,
2178 "Refusing to overwrite archive");
2179 return (ARCHIVE_FAILED);
2180 }
2181
2182 if (!S_ISDIR(a->st.st_mode)) {
2183 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
2184 (void)clear_nochange_fflags(a);
2185
2186 if ((a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) &&
2187 S_ISREG(a->st.st_mode)) {
2188 /* Use a temporary file to extract */
2189 if ((a->fd = la_mktemp(a)) == -1) {
2190 archive_set_error(&a->archive, errno,
2191 "Can't create temporary file");
2192 return ARCHIVE_FAILED;
2193 }
2194 a->pst = NULL;
2195 en = 0;
2196 } else {
2197 /* A non-dir is in the way, unlink it. */
2198 if (unlink(a->name) != 0) {
2199 archive_set_error(&a->archive, errno,
2200 "Can't unlink already-existing "
2201 "object");
2202 return (ARCHIVE_FAILED);
2203 }
2204 a->pst = NULL;
2205 /* Try again. */
2206 en = create_filesystem_object(a);
2207 }
2208 } else if (!S_ISDIR(a->mode)) {
2209 /* A dir is in the way of a non-dir, rmdir it. */
2210 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
2211 (void)clear_nochange_fflags(a);
2212 if (rmdir(a->name) != 0) {
2213 archive_set_error(&a->archive, errno,
2214 "Can't replace existing directory with non-directory");
2215 return (ARCHIVE_FAILED);
2216 }
2217 /* Try again. */
2218 en = create_filesystem_object(a);
2219 } else {
2220 /*
2221 * There's a dir in the way of a dir. Don't
2222 * waste time with rmdir()/mkdir(), just fix
2223 * up the permissions on the existing dir.
2224 * Note that we don't change perms on existing
2225 * dirs unless _EXTRACT_PERM is specified.
2226 */
2227 if ((a->mode != a->st.st_mode)
2228 && (a->todo & TODO_MODE_FORCE))
2229 a->deferred |= (a->todo & TODO_MODE);
2230 /* Ownership doesn't need deferred fixup. */
2231 en = 0; /* Forget the EEXIST. */
2232 }
2233 }
2234
2235 if (en) {
2236 /* Everything failed; give up here. */
2237 if ((&a->archive)->error == NULL)
2238 archive_set_error(&a->archive, en, "Can't create '%s'",
2239 a->name);
2240 return (ARCHIVE_FAILED);
2241 }
2242
2243 a->pst = NULL; /* Cached stat data no longer valid. */
2244 return (ret);
2245 }
2246
2247 /*
2248 * Returns 0 if creation succeeds, or else returns errno value from
2249 * the failed system call. Note: This function should only ever perform
2250 * a single system call.
2251 */
2252 static int
create_filesystem_object(struct archive_write_disk * a)2253 create_filesystem_object(struct archive_write_disk *a)
2254 {
2255 /* Create the entry. */
2256 const char *linkname;
2257 mode_t final_mode, mode;
2258 int r;
2259 /* these for check_symlinks_fsobj */
2260 char *linkname_copy; /* non-const copy of linkname */
2261 struct stat st;
2262 struct archive_string error_string;
2263 int error_number;
2264
2265 /* We identify hard/symlinks according to the link names. */
2266 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2267 linkname = archive_entry_hardlink(a->entry);
2268 if (linkname != NULL) {
2269 #if !HAVE_LINK
2270 return (EPERM);
2271 #else
2272 archive_string_init(&error_string);
2273 linkname_copy = strdup(linkname);
2274 if (linkname_copy == NULL) {
2275 return (EPERM);
2276 }
2277 /*
2278 * TODO: consider using the cleaned-up path as the link
2279 * target?
2280 */
2281 r = cleanup_pathname_fsobj(linkname_copy, &error_number,
2282 &error_string, a->flags);
2283 if (r != ARCHIVE_OK) {
2284 archive_set_error(&a->archive, error_number, "%s",
2285 error_string.s);
2286 free(linkname_copy);
2287 archive_string_free(&error_string);
2288 /*
2289 * EPERM is more appropriate than error_number for our
2290 * callers
2291 */
2292 return (EPERM);
2293 }
2294 r = check_symlinks_fsobj(linkname_copy, &error_number,
2295 &error_string, a->flags, 1);
2296 if (r != ARCHIVE_OK) {
2297 archive_set_error(&a->archive, error_number, "%s",
2298 error_string.s);
2299 free(linkname_copy);
2300 archive_string_free(&error_string);
2301 /*
2302 * EPERM is more appropriate than error_number for our
2303 * callers
2304 */
2305 return (EPERM);
2306 }
2307 free(linkname_copy);
2308 archive_string_free(&error_string);
2309 /*
2310 * Unlinking and linking here is really not atomic,
2311 * but doing it right, would require us to construct
2312 * an mktemplink() function, and then use rename(2).
2313 */
2314 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES)
2315 unlink(a->name);
2316 #ifdef HAVE_LINKAT
2317 r = linkat(AT_FDCWD, linkname, AT_FDCWD, a->name,
2318 0) ? errno : 0;
2319 #else
2320 r = link(linkname, a->name) ? errno : 0;
2321 #endif
2322 /*
2323 * New cpio and pax formats allow hardlink entries
2324 * to carry data, so we may have to open the file
2325 * for hardlink entries.
2326 *
2327 * If the hardlink was successfully created and
2328 * the archive doesn't have carry data for it,
2329 * consider it to be non-authoritative for meta data.
2330 * This is consistent with GNU tar and BSD pax.
2331 * If the hardlink does carry data, let the last
2332 * archive entry decide ownership.
2333 */
2334 if (r == 0 && a->filesize <= 0) {
2335 a->todo = 0;
2336 a->deferred = 0;
2337 } else if (r == 0 && a->filesize > 0) {
2338 #ifdef HAVE_LSTAT
2339 r = lstat(a->name, &st);
2340 #else
2341 r = la_stat(a->name, &st);
2342 #endif
2343 if (r != 0)
2344 r = errno;
2345 else if ((st.st_mode & AE_IFMT) == AE_IFREG) {
2346 a->fd = open(a->name, O_WRONLY | O_TRUNC |
2347 O_BINARY | O_CLOEXEC | O_NOFOLLOW);
2348 __archive_ensure_cloexec_flag(a->fd);
2349 if (a->fd < 0)
2350 r = errno;
2351 }
2352 }
2353 return (r);
2354 #endif
2355 }
2356 linkname = archive_entry_symlink(a->entry);
2357 if (linkname != NULL) {
2358 #if HAVE_SYMLINK
2359 /*
2360 * Unlinking and linking here is really not atomic,
2361 * but doing it right, would require us to construct
2362 * an mktempsymlink() function, and then use rename(2).
2363 */
2364 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES)
2365 unlink(a->name);
2366 return symlink(linkname, a->name) ? errno : 0;
2367 #else
2368 return (EPERM);
2369 #endif
2370 }
2371
2372 /*
2373 * The remaining system calls all set permissions, so let's
2374 * try to take advantage of that to avoid an extra chmod()
2375 * call. (Recall that umask is set to zero right now!)
2376 */
2377
2378 /* Mode we want for the final restored object (w/o file type bits). */
2379 final_mode = a->mode & 07777;
2380 /*
2381 * The mode that will actually be restored in this step. Note
2382 * that SUID, SGID, etc, require additional work to ensure
2383 * security, so we never restore them at this point.
2384 */
2385 mode = final_mode & 0777 & ~a->user_umask;
2386
2387 /*
2388 * Always create writable such that [f]setxattr() works if we're not
2389 * root.
2390 */
2391 if (a->user_uid != 0 &&
2392 a->todo & (TODO_HFS_COMPRESSION | TODO_XATTR)) {
2393 mode |= 0200;
2394 }
2395
2396 switch (a->mode & AE_IFMT) {
2397 default:
2398 /* POSIX requires that we fall through here. */
2399 /* FALLTHROUGH */
2400 case AE_IFREG:
2401 a->tmpname = NULL;
2402 a->fd = open(a->name,
2403 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2404 __archive_ensure_cloexec_flag(a->fd);
2405 r = (a->fd < 0);
2406 break;
2407 case AE_IFCHR:
2408 #ifdef HAVE_MKNOD
2409 /* Note: we use AE_IFCHR for the case label, and
2410 * S_IFCHR for the mknod() call. This is correct. */
2411 r = mknod(a->name, mode | S_IFCHR,
2412 archive_entry_rdev(a->entry));
2413 break;
2414 #else
2415 /* TODO: Find a better way to warn about our inability
2416 * to restore a char device node. */
2417 return (EINVAL);
2418 #endif /* HAVE_MKNOD */
2419 case AE_IFBLK:
2420 #ifdef HAVE_MKNOD
2421 r = mknod(a->name, mode | S_IFBLK,
2422 archive_entry_rdev(a->entry));
2423 break;
2424 #else
2425 /* TODO: Find a better way to warn about our inability
2426 * to restore a block device node. */
2427 return (EINVAL);
2428 #endif /* HAVE_MKNOD */
2429 case AE_IFDIR:
2430 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2431 r = mkdir(a->name, mode);
2432 if (r == 0) {
2433 /* Defer setting dir times. */
2434 a->deferred |= (a->todo & TODO_TIMES);
2435 a->todo &= ~TODO_TIMES;
2436 /* Never use an immediate chmod(). */
2437 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2438 * because of SysV SGID inheritance. */
2439 if ((mode != final_mode)
2440 || (a->flags & ARCHIVE_EXTRACT_PERM))
2441 a->deferred |= (a->todo & TODO_MODE);
2442 a->todo &= ~TODO_MODE;
2443 }
2444 break;
2445 case AE_IFIFO:
2446 #ifdef HAVE_MKFIFO
2447 r = mkfifo(a->name, mode);
2448 break;
2449 #else
2450 /* TODO: Find a better way to warn about our inability
2451 * to restore a fifo. */
2452 return (EINVAL);
2453 #endif /* HAVE_MKFIFO */
2454 }
2455
2456 /* All the system calls above set errno on failure. */
2457 if (r)
2458 return (errno);
2459
2460 /* If we managed to set the final mode, we've avoided a chmod(). */
2461 if (mode == final_mode)
2462 a->todo &= ~TODO_MODE;
2463 return (0);
2464 }
2465
2466 /*
2467 * Cleanup function for archive_extract. Mostly, this involves processing
2468 * the fixup list, which is used to address a number of problems:
2469 * * Dir permissions might prevent us from restoring a file in that
2470 * dir, so we restore the dir with minimum 0700 permissions first,
2471 * then correct the mode at the end.
2472 * * Similarly, the act of restoring a file touches the directory
2473 * and changes the timestamp on the dir, so we have to touch-up dir
2474 * timestamps at the end as well.
2475 * * Some file flags can interfere with the restore by, for example,
2476 * preventing the creation of hardlinks to those files.
2477 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2478 *
2479 * Note that tar/cpio do not require that archives be in a particular
2480 * order; there is no way to know when the last file has been restored
2481 * within a directory, so there's no way to optimize the memory usage
2482 * here by fixing up the directory any earlier than the
2483 * end-of-archive.
2484 *
2485 * XXX TODO: Directory ACLs should be restored here, for the same
2486 * reason we set directory perms here. XXX
2487 */
2488 static int
_archive_write_disk_close(struct archive * _a)2489 _archive_write_disk_close(struct archive *_a)
2490 {
2491 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2492 struct fixup_entry *next, *p;
2493 struct stat st;
2494 char *c;
2495 int fd, ret, openflags;
2496
2497 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2498 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2499 "archive_write_disk_close");
2500 ret = _archive_write_disk_finish_entry(&a->archive);
2501
2502 /* Sort dir list so directories are fixed up in depth-first order. */
2503 p = sort_dir_list(a->fixup_list);
2504
2505 while (p != NULL) {
2506 fd = -1;
2507 a->pst = NULL; /* Mark stat cache as out-of-date. */
2508
2509 /* We must strip trailing slashes from the path to avoid
2510 dereferencing symbolic links to directories */
2511 c = p->name;
2512 while (*c != '\0')
2513 c++;
2514 while (c != p->name && *(c - 1) == '/') {
2515 c--;
2516 *c = '\0';
2517 }
2518
2519 if (p->fixup == 0)
2520 goto skip_fixup_entry;
2521 else {
2522 /*
2523 * We need to verify if the type of the file
2524 * we are going to open matches the file type
2525 * of the fixup entry.
2526 */
2527 openflags = O_BINARY | O_NOFOLLOW | O_RDONLY
2528 | O_CLOEXEC;
2529 #if defined(O_DIRECTORY)
2530 if (p->filetype == AE_IFDIR)
2531 openflags |= O_DIRECTORY;
2532 #endif
2533 fd = open(p->name, openflags);
2534
2535 #if defined(O_DIRECTORY)
2536 /*
2537 * If we support O_DIRECTORY and open was
2538 * successful we can skip the file type check
2539 * for directories. For other file types
2540 * we need to verify via fstat() or lstat()
2541 */
2542 if (fd == -1 || p->filetype != AE_IFDIR) {
2543 #if HAVE_FSTAT
2544 if (fd > 0 && (
2545 fstat(fd, &st) != 0 ||
2546 la_verify_filetype(st.st_mode,
2547 p->filetype) == 0)) {
2548 goto skip_fixup_entry;
2549 } else
2550 #endif
2551 if (lstat(p->name, &st) != 0 ||
2552 la_verify_filetype(st.st_mode,
2553 p->filetype) == 0) {
2554 goto skip_fixup_entry;
2555 }
2556 }
2557 #else
2558 #if HAVE_FSTAT
2559 if (fd > 0 && (
2560 fstat(fd, &st) != 0 ||
2561 la_verify_filetype(st.st_mode,
2562 p->filetype) == 0)) {
2563 goto skip_fixup_entry;
2564 } else
2565 #endif
2566 if (lstat(p->name, &st) != 0 ||
2567 la_verify_filetype(st.st_mode,
2568 p->filetype) == 0) {
2569 goto skip_fixup_entry;
2570 }
2571 #endif
2572 }
2573 if (p->fixup & TODO_TIMES) {
2574 set_times(a, fd, p->mode, p->name,
2575 p->atime, p->atime_nanos,
2576 p->birthtime, p->birthtime_nanos,
2577 p->mtime, p->mtime_nanos,
2578 p->ctime, p->ctime_nanos);
2579 }
2580 if (p->fixup & TODO_MODE_BASE) {
2581 #ifdef HAVE_FCHMOD
2582 if (fd >= 0)
2583 fchmod(fd, p->mode & 07777);
2584 else
2585 #endif
2586 #ifdef HAVE_LCHMOD
2587 lchmod(p->name, p->mode & 07777);
2588 #else
2589 chmod(p->name, p->mode & 07777);
2590 #endif
2591 }
2592 if (p->fixup & TODO_ACLS)
2593 archive_write_disk_set_acls(&a->archive, fd,
2594 p->name, &p->acl, p->mode);
2595 if (p->fixup & TODO_FFLAGS)
2596 set_fflags_platform(a, fd, p->name,
2597 p->mode, p->fflags_set, 0);
2598 if (p->fixup & TODO_MAC_METADATA)
2599 set_mac_metadata(a, p->name, p->mac_metadata,
2600 p->mac_metadata_size);
2601 skip_fixup_entry:
2602 next = p->next;
2603 archive_acl_clear(&p->acl);
2604 free(p->mac_metadata);
2605 free(p->name);
2606 if (fd >= 0)
2607 close(fd);
2608 free(p);
2609 p = next;
2610 }
2611 a->fixup_list = NULL;
2612 return (ret);
2613 }
2614
2615 static int
_archive_write_disk_free(struct archive * _a)2616 _archive_write_disk_free(struct archive *_a)
2617 {
2618 struct archive_write_disk *a;
2619 int ret;
2620 if (_a == NULL)
2621 return (ARCHIVE_OK);
2622 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2623 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2624 a = (struct archive_write_disk *)_a;
2625 ret = _archive_write_disk_close(&a->archive);
2626 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2627 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2628 archive_entry_free(a->entry);
2629 archive_string_free(&a->_name_data);
2630 archive_string_free(&a->_tmpname_data);
2631 archive_string_free(&a->archive.error_string);
2632 archive_string_free(&a->path_safe);
2633 a->archive.magic = 0;
2634 __archive_clean(&a->archive);
2635 free(a->decmpfs_header_p);
2636 free(a->resource_fork);
2637 free(a->compressed_buffer);
2638 free(a->uncompressed_buffer);
2639 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
2640 && defined(HAVE_ZLIB_H)
2641 if (a->stream_valid) {
2642 switch (deflateEnd(&a->stream)) {
2643 case Z_OK:
2644 break;
2645 default:
2646 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2647 "Failed to clean up compressor");
2648 ret = ARCHIVE_FATAL;
2649 break;
2650 }
2651 }
2652 #endif
2653 free(a);
2654 return (ret);
2655 }
2656
2657 /*
2658 * Simple O(n log n) merge sort to order the fixup list. In
2659 * particular, we want to restore dir timestamps depth-first.
2660 */
2661 static struct fixup_entry *
sort_dir_list(struct fixup_entry * p)2662 sort_dir_list(struct fixup_entry *p)
2663 {
2664 struct fixup_entry *a, *b, *t;
2665
2666 if (p == NULL)
2667 return (NULL);
2668 /* A one-item list is already sorted. */
2669 if (p->next == NULL)
2670 return (p);
2671
2672 /* Step 1: split the list. */
2673 t = p;
2674 a = p->next->next;
2675 while (a != NULL) {
2676 /* Step a twice, t once. */
2677 a = a->next;
2678 if (a != NULL)
2679 a = a->next;
2680 t = t->next;
2681 }
2682 /* Now, t is at the mid-point, so break the list here. */
2683 b = t->next;
2684 t->next = NULL;
2685 a = p;
2686
2687 /* Step 2: Recursively sort the two sub-lists. */
2688 a = sort_dir_list(a);
2689 b = sort_dir_list(b);
2690
2691 /* Step 3: Merge the returned lists. */
2692 /* Pick the first element for the merged list. */
2693 if (strcmp(a->name, b->name) > 0) {
2694 t = p = a;
2695 a = a->next;
2696 } else {
2697 t = p = b;
2698 b = b->next;
2699 }
2700
2701 /* Always put the later element on the list first. */
2702 while (a != NULL && b != NULL) {
2703 if (strcmp(a->name, b->name) > 0) {
2704 t->next = a;
2705 a = a->next;
2706 } else {
2707 t->next = b;
2708 b = b->next;
2709 }
2710 t = t->next;
2711 }
2712
2713 /* Only one list is non-empty, so just splice it on. */
2714 if (a != NULL)
2715 t->next = a;
2716 if (b != NULL)
2717 t->next = b;
2718
2719 return (p);
2720 }
2721
2722 /*
2723 * Returns a new, initialized fixup entry.
2724 *
2725 * TODO: Reduce the memory requirements for this list by using a tree
2726 * structure rather than a simple list of names.
2727 */
2728 static struct fixup_entry *
new_fixup(struct archive_write_disk * a,const char * pathname)2729 new_fixup(struct archive_write_disk *a, const char *pathname)
2730 {
2731 struct fixup_entry *fe;
2732
2733 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2734 if (fe == NULL) {
2735 archive_set_error(&a->archive, ENOMEM,
2736 "Can't allocate memory for a fixup");
2737 return (NULL);
2738 }
2739 fe->next = a->fixup_list;
2740 a->fixup_list = fe;
2741 fe->fixup = 0;
2742 fe->filetype = 0;
2743 fe->name = strdup(pathname);
2744 return (fe);
2745 }
2746
2747 /*
2748 * Returns a fixup structure for the current entry.
2749 */
2750 static struct fixup_entry *
current_fixup(struct archive_write_disk * a,const char * pathname)2751 current_fixup(struct archive_write_disk *a, const char *pathname)
2752 {
2753 if (a->current_fixup == NULL)
2754 a->current_fixup = new_fixup(a, pathname);
2755 return (a->current_fixup);
2756 }
2757
2758 /* Error helper for new *_fsobj functions */
2759 static void
fsobj_error(int * a_eno,struct archive_string * a_estr,int err,const char * errstr,const char * path)2760 fsobj_error(int *a_eno, struct archive_string *a_estr,
2761 int err, const char *errstr, const char *path)
2762 {
2763 if (a_eno)
2764 *a_eno = err;
2765 if (a_estr)
2766 archive_string_sprintf(a_estr, "%s%s", errstr, path);
2767 }
2768
2769 /*
2770 * TODO: Someday, integrate this with the deep dir support; they both
2771 * scan the path and both can be optimized by comparing against other
2772 * recent paths.
2773 */
2774 /*
2775 * Checks the given path to see if any elements along it are symlinks. Returns
2776 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
2777 */
2778 static int
check_symlinks_fsobj(char * path,int * a_eno,struct archive_string * a_estr,int flags,int checking_linkname)2779 check_symlinks_fsobj(char *path, int *a_eno, struct archive_string *a_estr,
2780 int flags, int checking_linkname)
2781 {
2782 #if !defined(HAVE_LSTAT) && \
2783 !(defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT))
2784 /* Platform doesn't have lstat, so we can't look for symlinks. */
2785 (void)path; /* UNUSED */
2786 (void)error_number; /* UNUSED */
2787 (void)error_string; /* UNUSED */
2788 (void)flags; /* UNUSED */
2789 (void)checking_linkname; /* UNUSED */
2790 return (ARCHIVE_OK);
2791 #else
2792 int res = ARCHIVE_OK;
2793 char *tail;
2794 char *head;
2795 int last;
2796 char c;
2797 int r;
2798 struct stat st;
2799 int chdir_fd;
2800 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2801 int fd;
2802 #endif
2803
2804 /* Nothing to do here if name is empty */
2805 if(path[0] == '\0')
2806 return (ARCHIVE_OK);
2807
2808 /*
2809 * Guard against symlink tricks. Reject any archive entry whose
2810 * destination would be altered by a symlink.
2811 *
2812 * Walk the filename in chunks separated by '/'. For each segment:
2813 * - if it doesn't exist, continue
2814 * - if it's symlink, abort or remove it
2815 * - if it's a directory and it's not the last chunk, cd into it
2816 * As we go:
2817 * head points to the current (relative) path
2818 * tail points to the temporary \0 terminating the segment we're
2819 * currently examining
2820 * c holds what used to be in *tail
2821 * last is 1 if this is the last tail
2822 */
2823 chdir_fd = la_opendirat(AT_FDCWD, ".");
2824 __archive_ensure_cloexec_flag(chdir_fd);
2825 if (chdir_fd < 0) {
2826 fsobj_error(a_eno, a_estr, errno,
2827 "Could not open ", path);
2828 return (ARCHIVE_FATAL);
2829 }
2830 head = path;
2831 tail = path;
2832 last = 0;
2833 /* TODO: reintroduce a safe cache here? */
2834 /* Skip the root directory if the path is absolute. */
2835 if(tail == path && tail[0] == '/')
2836 ++tail;
2837 /* Keep going until we've checked the entire name.
2838 * head, tail, path all alias the same string, which is
2839 * temporarily zeroed at tail, so be careful restoring the
2840 * stashed (c=tail[0]) for error messages.
2841 * Exiting the loop with break is okay; continue is not.
2842 */
2843 while (!last) {
2844 /*
2845 * Skip the separator we just consumed, plus any adjacent ones
2846 */
2847 while (*tail == '/')
2848 ++tail;
2849 /* Skip the next path element. */
2850 while (*tail != '\0' && *tail != '/')
2851 ++tail;
2852 /* is this the last path component? */
2853 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
2854 /* temporarily truncate the string here */
2855 c = tail[0];
2856 tail[0] = '\0';
2857 /* Check that we haven't hit a symlink. */
2858 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2859 r = fstatat(chdir_fd, head, &st, AT_SYMLINK_NOFOLLOW);
2860 #else
2861 r = lstat(head, &st);
2862 #endif
2863 if (r != 0) {
2864 tail[0] = c;
2865 /* We've hit a dir that doesn't exist; stop now. */
2866 if (errno == ENOENT) {
2867 break;
2868 } else {
2869 /*
2870 * Treat any other error as fatal - best to be
2871 * paranoid here.
2872 * Note: This effectively disables deep
2873 * directory support when security checks are
2874 * enabled. Otherwise, very long pathnames that
2875 * trigger an error here could evade the
2876 * sandbox.
2877 * TODO: We could do better, but it would
2878 * probably require merging the symlink checks
2879 * with the deep-directory editing.
2880 */
2881 fsobj_error(a_eno, a_estr, errno,
2882 "Could not stat ", path);
2883 res = ARCHIVE_FAILED;
2884 break;
2885 }
2886 } else if (S_ISDIR(st.st_mode)) {
2887 if (!last) {
2888 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2889 fd = la_opendirat(chdir_fd, head);
2890 if (fd < 0)
2891 r = -1;
2892 else {
2893 r = 0;
2894 close(chdir_fd);
2895 chdir_fd = fd;
2896 }
2897 #else
2898 r = chdir(head);
2899 #endif
2900 if (r != 0) {
2901 tail[0] = c;
2902 fsobj_error(a_eno, a_estr, errno,
2903 "Could not chdir ", path);
2904 res = (ARCHIVE_FATAL);
2905 break;
2906 }
2907 /* Our view is now from inside this dir: */
2908 head = tail + 1;
2909 }
2910 } else if (S_ISLNK(st.st_mode)) {
2911 if (last && checking_linkname) {
2912 #ifdef HAVE_LINKAT
2913 /*
2914 * Hardlinks to symlinks are safe to write
2915 * if linkat() is supported as it does not
2916 * follow symlinks.
2917 */
2918 res = ARCHIVE_OK;
2919 #else
2920 /*
2921 * We return ARCHIVE_FAILED here as we are
2922 * not able to safely write hardlinks
2923 * to symlinks.
2924 */
2925 tail[0] = c;
2926 fsobj_error(a_eno, a_estr, errno,
2927 "Cannot write hardlink to symlink ",
2928 path);
2929 res = ARCHIVE_FAILED;
2930 #endif
2931 break;
2932 } else
2933 if (last) {
2934 /*
2935 * Last element is symlink; remove it
2936 * so we can overwrite it with the
2937 * item being extracted.
2938 */
2939 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2940 r = unlinkat(chdir_fd, head, 0);
2941 #else
2942 r = unlink(head);
2943 #endif
2944 if (r != 0) {
2945 tail[0] = c;
2946 fsobj_error(a_eno, a_estr, errno,
2947 "Could not remove symlink ",
2948 path);
2949 res = ARCHIVE_FAILED;
2950 break;
2951 }
2952 /*
2953 * Even if we did remove it, a warning
2954 * is in order. The warning is silly,
2955 * though, if we're just replacing one
2956 * symlink with another symlink.
2957 */
2958 tail[0] = c;
2959 /*
2960 * FIXME: not sure how important this is to
2961 * restore
2962 */
2963 /*
2964 if (!S_ISLNK(path)) {
2965 fsobj_error(a_eno, a_estr, 0,
2966 "Removing symlink ", path);
2967 }
2968 */
2969 /* Symlink gone. No more problem! */
2970 res = ARCHIVE_OK;
2971 break;
2972 } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
2973 /* User asked us to remove problems. */
2974 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2975 r = unlinkat(chdir_fd, head, 0);
2976 #else
2977 r = unlink(head);
2978 #endif
2979 if (r != 0) {
2980 tail[0] = c;
2981 fsobj_error(a_eno, a_estr, 0,
2982 "Cannot remove intervening "
2983 "symlink ", path);
2984 res = ARCHIVE_FAILED;
2985 break;
2986 }
2987 tail[0] = c;
2988 } else if ((flags &
2989 ARCHIVE_EXTRACT_SECURE_SYMLINKS) == 0) {
2990 /*
2991 * We are not the last element and we want to
2992 * follow symlinks if they are a directory.
2993 *
2994 * This is needed to extract hardlinks over
2995 * symlinks.
2996 */
2997 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2998 r = fstatat(chdir_fd, head, &st, 0);
2999 #else
3000 r = la_stat(head, &st);
3001 #endif
3002 if (r != 0) {
3003 tail[0] = c;
3004 if (errno == ENOENT) {
3005 break;
3006 } else {
3007 fsobj_error(a_eno, a_estr,
3008 errno,
3009 "Could not stat ", path);
3010 res = (ARCHIVE_FAILED);
3011 break;
3012 }
3013 } else if (S_ISDIR(st.st_mode)) {
3014 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
3015 fd = la_opendirat(chdir_fd, head);
3016 if (fd < 0)
3017 r = -1;
3018 else {
3019 r = 0;
3020 close(chdir_fd);
3021 chdir_fd = fd;
3022 }
3023 #else
3024 r = chdir(head);
3025 #endif
3026 if (r != 0) {
3027 tail[0] = c;
3028 fsobj_error(a_eno, a_estr,
3029 errno,
3030 "Could not chdir ", path);
3031 res = (ARCHIVE_FATAL);
3032 break;
3033 }
3034 /*
3035 * Our view is now from inside
3036 * this dir:
3037 */
3038 head = tail + 1;
3039 } else {
3040 tail[0] = c;
3041 fsobj_error(a_eno, a_estr, 0,
3042 "Cannot extract through "
3043 "symlink ", path);
3044 res = ARCHIVE_FAILED;
3045 break;
3046 }
3047 } else {
3048 tail[0] = c;
3049 fsobj_error(a_eno, a_estr, 0,
3050 "Cannot extract through symlink ", path);
3051 res = ARCHIVE_FAILED;
3052 break;
3053 }
3054 }
3055 /* be sure to always maintain this */
3056 tail[0] = c;
3057 if (tail[0] != '\0')
3058 tail++; /* Advance to the next segment. */
3059 }
3060 /* Catches loop exits via break */
3061 tail[0] = c;
3062 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
3063 /* If we operate with openat(), fstatat() and unlinkat() there was
3064 * no chdir(), so just close the fd */
3065 if (chdir_fd >= 0)
3066 close(chdir_fd);
3067 #elif HAVE_FCHDIR
3068 /* If we changed directory above, restore it here. */
3069 if (chdir_fd >= 0) {
3070 r = fchdir(chdir_fd);
3071 if (r != 0) {
3072 fsobj_error(a_eno, a_estr, errno,
3073 "chdir() failure", "");
3074 }
3075 close(chdir_fd);
3076 chdir_fd = -1;
3077 if (r != 0) {
3078 res = (ARCHIVE_FATAL);
3079 }
3080 }
3081 #endif
3082 /* TODO: reintroduce a safe cache here? */
3083 return res;
3084 #endif
3085 }
3086
3087 /*
3088 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
3089 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
3090 */
3091 static int
check_symlinks(struct archive_write_disk * a)3092 check_symlinks(struct archive_write_disk *a)
3093 {
3094 struct archive_string error_string;
3095 int error_number;
3096 int rc;
3097 archive_string_init(&error_string);
3098 rc = check_symlinks_fsobj(a->name, &error_number, &error_string,
3099 a->flags, 0);
3100 if (rc != ARCHIVE_OK) {
3101 archive_set_error(&a->archive, error_number, "%s",
3102 error_string.s);
3103 }
3104 archive_string_free(&error_string);
3105 a->pst = NULL; /* to be safe */
3106 return rc;
3107 }
3108
3109
3110 #if defined(__CYGWIN__)
3111 /*
3112 * 1. Convert a path separator from '\' to '/' .
3113 * We shouldn't check multibyte character directly because some
3114 * character-set have been using the '\' character for a part of
3115 * its multibyte character code.
3116 * 2. Replace unusable characters in Windows with underscore('_').
3117 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
3118 */
3119 static void
cleanup_pathname_win(char * path)3120 cleanup_pathname_win(char *path)
3121 {
3122 wchar_t wc;
3123 char *p;
3124 size_t alen, l;
3125 int mb, complete, utf8;
3126
3127 alen = 0;
3128 mb = 0;
3129 complete = 1;
3130 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
3131 for (p = path; *p != '\0'; p++) {
3132 ++alen;
3133 if (*p == '\\') {
3134 /* If previous byte is smaller than 128,
3135 * this is not second byte of multibyte characters,
3136 * so we can replace '\' with '/'. */
3137 if (utf8 || !mb)
3138 *p = '/';
3139 else
3140 complete = 0;/* uncompleted. */
3141 } else if (*(unsigned char *)p > 127)
3142 mb = 1;
3143 else
3144 mb = 0;
3145 /* Rewrite the path name if its next character is unusable. */
3146 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
3147 *p == '<' || *p == '>' || *p == '|')
3148 *p = '_';
3149 }
3150 if (complete)
3151 return;
3152
3153 /*
3154 * Convert path separator in wide-character.
3155 */
3156 p = path;
3157 while (*p != '\0' && alen) {
3158 l = mbtowc(&wc, p, alen);
3159 if (l == (size_t)-1) {
3160 while (*p != '\0') {
3161 if (*p == '\\')
3162 *p = '/';
3163 ++p;
3164 }
3165 break;
3166 }
3167 if (l == 1 && wc == L'\\')
3168 *p = '/';
3169 p += l;
3170 alen -= l;
3171 }
3172 }
3173 #endif
3174
3175 /*
3176 * Canonicalize the pathname. In particular, this strips duplicate
3177 * '/' characters, '.' elements, and trailing '/'. It also raises an
3178 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
3179 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
3180 * is set) if the path is absolute.
3181 */
3182 static int
cleanup_pathname_fsobj(char * path,int * a_eno,struct archive_string * a_estr,int flags)3183 cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr,
3184 int flags)
3185 {
3186 char *dest, *src;
3187 char separator = '\0';
3188
3189 dest = src = path;
3190 if (*src == '\0') {
3191 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC,
3192 "Invalid empty ", "pathname");
3193 return (ARCHIVE_FAILED);
3194 }
3195
3196 #if defined(__CYGWIN__)
3197 cleanup_pathname_win(path);
3198 #endif
3199 /* Skip leading '/'. */
3200 if (*src == '/') {
3201 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
3202 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC,
3203 "Path is ", "absolute");
3204 return (ARCHIVE_FAILED);
3205 }
3206
3207 separator = *src++;
3208 }
3209
3210 /* Scan the pathname one element at a time. */
3211 for (;;) {
3212 /* src points to first char after '/' */
3213 if (src[0] == '\0') {
3214 break;
3215 } else if (src[0] == '/') {
3216 /* Found '//', ignore second one. */
3217 src++;
3218 continue;
3219 } else if (src[0] == '.') {
3220 if (src[1] == '\0') {
3221 /* Ignore trailing '.' */
3222 break;
3223 } else if (src[1] == '/') {
3224 /* Skip './'. */
3225 src += 2;
3226 continue;
3227 } else if (src[1] == '.') {
3228 if (src[2] == '/' || src[2] == '\0') {
3229 /* Conditionally warn about '..' */
3230 if (flags
3231 & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
3232 fsobj_error(a_eno, a_estr,
3233 ARCHIVE_ERRNO_MISC,
3234 "Path contains ", "'..'");
3235 return (ARCHIVE_FAILED);
3236 }
3237 }
3238 /*
3239 * Note: Under no circumstances do we
3240 * remove '..' elements. In
3241 * particular, restoring
3242 * '/foo/../bar/' should create the
3243 * 'foo' dir as a side-effect.
3244 */
3245 }
3246 }
3247
3248 /* Copy current element, including leading '/'. */
3249 if (separator)
3250 *dest++ = '/';
3251 while (*src != '\0' && *src != '/') {
3252 *dest++ = *src++;
3253 }
3254
3255 if (*src == '\0')
3256 break;
3257
3258 /* Skip '/' separator. */
3259 separator = *src++;
3260 }
3261 /*
3262 * We've just copied zero or more path elements, not including the
3263 * final '/'.
3264 */
3265 if (dest == path) {
3266 /*
3267 * Nothing got copied. The path must have been something
3268 * like '.' or '/' or './' or '/././././/./'.
3269 */
3270 if (separator)
3271 *dest++ = '/';
3272 else
3273 *dest++ = '.';
3274 }
3275 /* Terminate the result. */
3276 *dest = '\0';
3277 return (ARCHIVE_OK);
3278 }
3279
3280 static int
cleanup_pathname(struct archive_write_disk * a)3281 cleanup_pathname(struct archive_write_disk *a)
3282 {
3283 struct archive_string error_string;
3284 int error_number;
3285 int rc;
3286 archive_string_init(&error_string);
3287 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string,
3288 a->flags);
3289 if (rc != ARCHIVE_OK) {
3290 archive_set_error(&a->archive, error_number, "%s",
3291 error_string.s);
3292 }
3293 archive_string_free(&error_string);
3294 return rc;
3295 }
3296
3297 /*
3298 * Create the parent directory of the specified path, assuming path
3299 * is already in mutable storage.
3300 */
3301 static int
create_parent_dir(struct archive_write_disk * a,char * path)3302 create_parent_dir(struct archive_write_disk *a, char *path)
3303 {
3304 char *slash;
3305 int r;
3306
3307 /* Remove tail element to obtain parent name. */
3308 slash = strrchr(path, '/');
3309 if (slash == NULL)
3310 return (ARCHIVE_OK);
3311 *slash = '\0';
3312 r = create_dir(a, path);
3313 *slash = '/';
3314 return (r);
3315 }
3316
3317 /*
3318 * Create the specified dir, recursing to create parents as necessary.
3319 *
3320 * Returns ARCHIVE_OK if the path exists when we're done here.
3321 * Otherwise, returns ARCHIVE_FAILED.
3322 * Assumes path is in mutable storage; path is unchanged on exit.
3323 */
3324 static int
create_dir(struct archive_write_disk * a,char * path)3325 create_dir(struct archive_write_disk *a, char *path)
3326 {
3327 struct stat st;
3328 struct fixup_entry *le;
3329 char *slash, *base;
3330 mode_t mode_final, mode;
3331 int r;
3332
3333 /* Check for special names and just skip them. */
3334 slash = strrchr(path, '/');
3335 if (slash == NULL)
3336 base = path;
3337 else
3338 base = slash + 1;
3339
3340 if (base[0] == '\0' ||
3341 (base[0] == '.' && base[1] == '\0') ||
3342 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
3343 /* Don't bother trying to create null path, '.', or '..'. */
3344 if (slash != NULL) {
3345 *slash = '\0';
3346 r = create_dir(a, path);
3347 *slash = '/';
3348 return (r);
3349 }
3350 return (ARCHIVE_OK);
3351 }
3352
3353 /*
3354 * Yes, this should be stat() and not lstat(). Using lstat()
3355 * here loses the ability to extract through symlinks. Also note
3356 * that this should not use the a->st cache.
3357 */
3358 if (la_stat(path, &st) == 0) {
3359 if (S_ISDIR(st.st_mode))
3360 return (ARCHIVE_OK);
3361 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
3362 archive_set_error(&a->archive, EEXIST,
3363 "Can't create directory '%s'", path);
3364 return (ARCHIVE_FAILED);
3365 }
3366 if (unlink(path) != 0) {
3367 archive_set_error(&a->archive, errno,
3368 "Can't create directory '%s': "
3369 "Conflicting file cannot be removed",
3370 path);
3371 return (ARCHIVE_FAILED);
3372 }
3373 } else if (errno != ENOENT && errno != ENOTDIR) {
3374 /* Stat failed? */
3375 archive_set_error(&a->archive, errno,
3376 "Can't test directory '%s'", path);
3377 return (ARCHIVE_FAILED);
3378 } else if (slash != NULL) {
3379 *slash = '\0';
3380 r = create_dir(a, path);
3381 *slash = '/';
3382 if (r != ARCHIVE_OK)
3383 return (r);
3384 }
3385
3386 /*
3387 * Mode we want for the final restored directory. Per POSIX,
3388 * implicitly-created dirs must be created obeying the umask.
3389 * There's no mention whether this is different for privileged
3390 * restores (which the rest of this code handles by pretending
3391 * umask=0). I've chosen here to always obey the user's umask for
3392 * implicit dirs, even if _EXTRACT_PERM was specified.
3393 */
3394 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
3395 /* Mode we want on disk during the restore process. */
3396 mode = mode_final;
3397 mode |= MINIMUM_DIR_MODE;
3398 mode &= MAXIMUM_DIR_MODE;
3399 if (mkdir(path, mode) == 0) {
3400 if (mode != mode_final) {
3401 le = new_fixup(a, path);
3402 if (le == NULL)
3403 return (ARCHIVE_FATAL);
3404 le->fixup |=TODO_MODE_BASE;
3405 le->mode = mode_final;
3406 }
3407 return (ARCHIVE_OK);
3408 }
3409
3410 /*
3411 * Without the following check, a/b/../b/c/d fails at the
3412 * second visit to 'b', so 'd' can't be created. Note that we
3413 * don't add it to the fixup list here, as it's already been
3414 * added.
3415 */
3416 if (la_stat(path, &st) == 0 && S_ISDIR(st.st_mode))
3417 return (ARCHIVE_OK);
3418
3419 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
3420 path);
3421 return (ARCHIVE_FAILED);
3422 }
3423
3424 /*
3425 * Note: Although we can skip setting the user id if the desired user
3426 * id matches the current user, we cannot skip setting the group, as
3427 * many systems set the gid based on the containing directory. So
3428 * we have to perform a chown syscall if we want to set the SGID
3429 * bit. (The alternative is to stat() and then possibly chown(); it's
3430 * more efficient to skip the stat() and just always chown().) Note
3431 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
3432 * allows set_mode to skip the stat() check for the GID.
3433 */
3434 static int
set_ownership(struct archive_write_disk * a)3435 set_ownership(struct archive_write_disk *a)
3436 {
3437 #if !defined(__CYGWIN__) && !defined(__linux__)
3438 /*
3439 * On Linux, a process may have the CAP_CHOWN capability.
3440 * On Windows there is no 'root' user with uid 0.
3441 * Elsewhere we can skip calling chown if we are not root and the desired
3442 * user id does not match the current user.
3443 */
3444 if (a->user_uid != 0 && a->user_uid != a->uid) {
3445 archive_set_error(&a->archive, errno,
3446 "Can't set UID=%jd", (intmax_t)a->uid);
3447 return (ARCHIVE_WARN);
3448 }
3449 #endif
3450
3451 #ifdef HAVE_FCHOWN
3452 /* If we have an fd, we can avoid a race. */
3453 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
3454 /* We've set owner and know uid/gid are correct. */
3455 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
3456 return (ARCHIVE_OK);
3457 }
3458 #endif
3459
3460 /* We prefer lchown() but will use chown() if that's all we have. */
3461 /* Of course, if we have neither, this will always fail. */
3462 #ifdef HAVE_LCHOWN
3463 if (lchown(a->name, a->uid, a->gid) == 0) {
3464 /* We've set owner and know uid/gid are correct. */
3465 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
3466 return (ARCHIVE_OK);
3467 }
3468 #elif HAVE_CHOWN
3469 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
3470 /* We've set owner and know uid/gid are correct. */
3471 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
3472 return (ARCHIVE_OK);
3473 }
3474 #endif
3475
3476 archive_set_error(&a->archive, errno,
3477 "Can't set user=%jd/group=%jd for %s",
3478 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
3479 return (ARCHIVE_WARN);
3480 }
3481
3482 /*
3483 * Note: Returns 0 on success, non-zero on failure.
3484 */
3485 static int
set_time(int fd,int mode,const char * name,time_t atime,long atime_nsec,time_t mtime,long mtime_nsec)3486 set_time(int fd, int mode, const char *name,
3487 time_t atime, long atime_nsec,
3488 time_t mtime, long mtime_nsec)
3489 {
3490 /* Select the best implementation for this platform. */
3491 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
3492 /*
3493 * utimensat() and futimens() are defined in
3494 * POSIX.1-2008. They support ns resolution and setting times
3495 * on fds and symlinks.
3496 */
3497 struct timespec ts[2];
3498 (void)mode; /* UNUSED */
3499 if (atime == (time_t)-1) {
3500 ts[0].tv_sec = 0;
3501 ts[0].tv_nsec = UTIME_OMIT;
3502 } else {
3503 ts[0].tv_sec = atime;
3504 ts[0].tv_nsec = atime_nsec;
3505 }
3506 if (mtime == (time_t)-1) {
3507 ts[1].tv_sec = 0;
3508 ts[1].tv_nsec = UTIME_OMIT;
3509 } else {
3510 ts[1].tv_sec = mtime;
3511 ts[1].tv_nsec = mtime_nsec;
3512 }
3513 if (fd >= 0)
3514 return futimens(fd, ts);
3515 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
3516
3517 #elif HAVE_UTIMES
3518 /*
3519 * The utimes()-family functions support µs-resolution and
3520 * setting times fds and symlinks. utimes() is documented as
3521 * LEGACY by POSIX, futimes() and lutimes() are not described
3522 * in POSIX.
3523 */
3524 struct timeval times[2];
3525
3526 times[0].tv_sec = atime;
3527 times[0].tv_usec = atime_nsec / 1000;
3528 times[1].tv_sec = mtime;
3529 times[1].tv_usec = mtime_nsec / 1000;
3530
3531 #ifdef HAVE_FUTIMES
3532 if (fd >= 0)
3533 return (futimes(fd, times));
3534 #else
3535 (void)fd; /* UNUSED */
3536 #endif
3537 #ifdef HAVE_LUTIMES
3538 (void)mode; /* UNUSED */
3539 return (lutimes(name, times));
3540 #else
3541 if (S_ISLNK(mode))
3542 return (0);
3543 return (utimes(name, times));
3544 #endif
3545
3546 #elif defined(HAVE_UTIME)
3547 /*
3548 * utime() is POSIX-standard but only supports 1s resolution and
3549 * does not support fds or symlinks.
3550 */
3551 struct utimbuf times;
3552 (void)fd; /* UNUSED */
3553 (void)name; /* UNUSED */
3554 (void)atime_nsec; /* UNUSED */
3555 (void)mtime_nsec; /* UNUSED */
3556 times.actime = atime;
3557 times.modtime = mtime;
3558 if (S_ISLNK(mode))
3559 return (ARCHIVE_OK);
3560 return (utime(name, ×));
3561
3562 #else
3563 /*
3564 * We don't know how to set the time on this platform.
3565 */
3566 (void)fd; /* UNUSED */
3567 (void)mode; /* UNUSED */
3568 (void)name; /* UNUSED */
3569 (void)atime_nsec; /* UNUSED */
3570 (void)mtime_nsec; /* UNUSED */
3571 return (ARCHIVE_WARN);
3572 #endif
3573 }
3574
3575 #ifdef F_SETTIMES
3576 static int
set_time_tru64(int fd,int mode,const char * name,time_t atime,long atime_nsec,time_t mtime,long mtime_nsec,time_t ctime,long ctime_nsec)3577 set_time_tru64(int fd, int mode, const char *name,
3578 time_t atime, long atime_nsec,
3579 time_t mtime, long mtime_nsec,
3580 time_t ctime, long ctime_nsec)
3581 {
3582 struct attr_timbuf tstamp;
3583 tstamp.atime.tv_sec = atime;
3584 tstamp.mtime.tv_sec = mtime;
3585 tstamp.ctime.tv_sec = ctime;
3586 #if defined (__hpux) && defined (__ia64)
3587 tstamp.atime.tv_nsec = atime_nsec;
3588 tstamp.mtime.tv_nsec = mtime_nsec;
3589 tstamp.ctime.tv_nsec = ctime_nsec;
3590 #else
3591 tstamp.atime.tv_usec = atime_nsec / 1000;
3592 tstamp.mtime.tv_usec = mtime_nsec / 1000;
3593 tstamp.ctime.tv_usec = ctime_nsec / 1000;
3594 #endif
3595 return (fcntl(fd,F_SETTIMES,&tstamp));
3596 }
3597 #endif /* F_SETTIMES */
3598
3599 static int
set_times(struct archive_write_disk * a,int fd,int mode,const char * name,time_t atime,long atime_nanos,time_t birthtime,long birthtime_nanos,time_t mtime,long mtime_nanos,time_t cctime,long ctime_nanos)3600 set_times(struct archive_write_disk *a,
3601 int fd, int mode, const char *name,
3602 time_t atime, long atime_nanos,
3603 time_t birthtime, long birthtime_nanos,
3604 time_t mtime, long mtime_nanos,
3605 time_t cctime, long ctime_nanos)
3606 {
3607 /* Note: set_time doesn't use libarchive return conventions!
3608 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
3609 int r1 = 0, r2 = 0;
3610
3611 #ifdef F_SETTIMES
3612 /*
3613 * on Tru64 try own fcntl first which can restore even the
3614 * ctime, fall back to default code path below if it fails
3615 * or if we are not running as root
3616 */
3617 if (a->user_uid == 0 &&
3618 set_time_tru64(fd, mode, name,
3619 atime, atime_nanos, mtime,
3620 mtime_nanos, cctime, ctime_nanos) == 0) {
3621 return (ARCHIVE_OK);
3622 }
3623 #else /* Tru64 */
3624 (void)cctime; /* UNUSED */
3625 (void)ctime_nanos; /* UNUSED */
3626 #endif /* Tru64 */
3627
3628 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
3629 /*
3630 * If you have struct stat.st_birthtime, we assume BSD
3631 * birthtime semantics, in which {f,l,}utimes() updates
3632 * birthtime to earliest mtime. So we set the time twice,
3633 * first using the birthtime, then using the mtime. If
3634 * birthtime == mtime, this isn't necessary, so we skip it.
3635 * If birthtime > mtime, then this won't work, so we skip it.
3636 */
3637 if (birthtime < mtime
3638 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
3639 r1 = set_time(fd, mode, name,
3640 atime, atime_nanos,
3641 birthtime, birthtime_nanos);
3642 #else
3643 (void)birthtime; /* UNUSED */
3644 (void)birthtime_nanos; /* UNUSED */
3645 #endif
3646 r2 = set_time(fd, mode, name,
3647 atime, atime_nanos,
3648 mtime, mtime_nanos);
3649 if (r1 != 0 || r2 != 0) {
3650 archive_set_error(&a->archive, errno,
3651 "Can't restore time");
3652 return (ARCHIVE_WARN);
3653 }
3654 return (ARCHIVE_OK);
3655 }
3656
3657 static int
set_times_from_entry(struct archive_write_disk * a)3658 set_times_from_entry(struct archive_write_disk *a)
3659 {
3660 time_t atime, birthtime, mtime, cctime;
3661 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
3662
3663 /* Suitable defaults. */
3664 atime = birthtime = mtime = cctime = a->start_time;
3665 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
3666
3667 /* If no time was provided, we're done. */
3668 if (!archive_entry_atime_is_set(a->entry)
3669 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
3670 && !archive_entry_birthtime_is_set(a->entry)
3671 #endif
3672 && !archive_entry_mtime_is_set(a->entry))
3673 return (ARCHIVE_OK);
3674
3675 if (archive_entry_atime_is_set(a->entry)) {
3676 atime = archive_entry_atime(a->entry);
3677 atime_nsec = archive_entry_atime_nsec(a->entry);
3678 }
3679 if (archive_entry_birthtime_is_set(a->entry)) {
3680 birthtime = archive_entry_birthtime(a->entry);
3681 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
3682 }
3683 if (archive_entry_mtime_is_set(a->entry)) {
3684 mtime = archive_entry_mtime(a->entry);
3685 mtime_nsec = archive_entry_mtime_nsec(a->entry);
3686 }
3687 if (archive_entry_ctime_is_set(a->entry)) {
3688 cctime = archive_entry_ctime(a->entry);
3689 ctime_nsec = archive_entry_ctime_nsec(a->entry);
3690 }
3691
3692 return set_times(a, a->fd, a->mode, a->name,
3693 atime, atime_nsec,
3694 birthtime, birthtime_nsec,
3695 mtime, mtime_nsec,
3696 cctime, ctime_nsec);
3697 }
3698
3699 static int
set_mode(struct archive_write_disk * a,int mode)3700 set_mode(struct archive_write_disk *a, int mode)
3701 {
3702 int r = ARCHIVE_OK;
3703 int r2;
3704 mode &= 07777; /* Strip off file type bits. */
3705
3706 if (a->todo & TODO_SGID_CHECK) {
3707 /*
3708 * If we don't know the GID is right, we must stat()
3709 * to verify it. We can't just check the GID of this
3710 * process, since systems sometimes set GID from
3711 * the enclosing dir or based on ACLs.
3712 */
3713 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3714 return (r);
3715 if (a->pst->st_gid != a->gid) {
3716 mode &= ~ S_ISGID;
3717 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3718 /*
3719 * This is only an error if you
3720 * requested owner restore. If you
3721 * didn't, we'll try to restore
3722 * sgid/suid, but won't consider it a
3723 * problem if we can't.
3724 */
3725 archive_set_error(&a->archive, -1,
3726 "Can't restore SGID bit");
3727 r = ARCHIVE_WARN;
3728 }
3729 }
3730 /* While we're here, double-check the UID. */
3731 if (a->pst->st_uid != a->uid
3732 && (a->todo & TODO_SUID)) {
3733 mode &= ~ S_ISUID;
3734 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3735 archive_set_error(&a->archive, -1,
3736 "Can't restore SUID bit");
3737 r = ARCHIVE_WARN;
3738 }
3739 }
3740 a->todo &= ~TODO_SGID_CHECK;
3741 a->todo &= ~TODO_SUID_CHECK;
3742 } else if (a->todo & TODO_SUID_CHECK) {
3743 /*
3744 * If we don't know the UID is right, we can just check
3745 * the user, since all systems set the file UID from
3746 * the process UID.
3747 */
3748 if (a->user_uid != a->uid) {
3749 mode &= ~ S_ISUID;
3750 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3751 archive_set_error(&a->archive, -1,
3752 "Can't make file SUID");
3753 r = ARCHIVE_WARN;
3754 }
3755 }
3756 a->todo &= ~TODO_SUID_CHECK;
3757 }
3758
3759 if (S_ISLNK(a->mode)) {
3760 #ifdef HAVE_LCHMOD
3761 /*
3762 * If this is a symlink, use lchmod(). If the
3763 * platform doesn't support lchmod(), just skip it. A
3764 * platform that doesn't provide a way to set
3765 * permissions on symlinks probably ignores
3766 * permissions on symlinks, so a failure here has no
3767 * impact.
3768 */
3769 if (lchmod(a->name, mode) != 0) {
3770 switch (errno) {
3771 case ENOTSUP:
3772 case ENOSYS:
3773 #if ENOTSUP != EOPNOTSUPP
3774 case EOPNOTSUPP:
3775 #endif
3776 /*
3777 * if lchmod is defined but the platform
3778 * doesn't support it, silently ignore
3779 * error
3780 */
3781 break;
3782 default:
3783 archive_set_error(&a->archive, errno,
3784 "Can't set permissions to 0%o", (int)mode);
3785 r = ARCHIVE_WARN;
3786 }
3787 }
3788 #endif
3789 } else if (!S_ISDIR(a->mode)) {
3790 /*
3791 * If it's not a symlink and not a dir, then use
3792 * fchmod() or chmod(), depending on whether we have
3793 * an fd. Dirs get their perms set during the
3794 * post-extract fixup, which is handled elsewhere.
3795 */
3796 #ifdef HAVE_FCHMOD
3797 if (a->fd >= 0)
3798 r2 = fchmod(a->fd, mode);
3799 else
3800 #endif
3801 /* If this platform lacks fchmod(), then
3802 * we'll just use chmod(). */
3803 r2 = chmod(a->name, mode);
3804
3805 if (r2 != 0) {
3806 archive_set_error(&a->archive, errno,
3807 "Can't set permissions to 0%o", (int)mode);
3808 r = ARCHIVE_WARN;
3809 }
3810 }
3811 return (r);
3812 }
3813
3814 static int
set_fflags(struct archive_write_disk * a)3815 set_fflags(struct archive_write_disk *a)
3816 {
3817 struct fixup_entry *le;
3818 unsigned long set, clear;
3819 int r;
3820 mode_t mode = archive_entry_mode(a->entry);
3821 /*
3822 * Make 'critical_flags' hold all file flags that can't be
3823 * immediately restored. For example, on BSD systems,
3824 * SF_IMMUTABLE prevents hardlinks from being created, so
3825 * should not be set until after any hardlinks are created. To
3826 * preserve some semblance of portability, this uses #ifdef
3827 * extensively. Ugly, but it works.
3828 *
3829 * Yes, Virginia, this does create a security race. It's mitigated
3830 * somewhat by the practice of creating dirs 0700 until the extract
3831 * is done, but it would be nice if we could do more than that.
3832 * People restoring critical file systems should be wary of
3833 * other programs that might try to muck with files as they're
3834 * being restored.
3835 */
3836 const int critical_flags = 0
3837 #ifdef SF_IMMUTABLE
3838 | SF_IMMUTABLE
3839 #endif
3840 #ifdef UF_IMMUTABLE
3841 | UF_IMMUTABLE
3842 #endif
3843 #ifdef SF_APPEND
3844 | SF_APPEND
3845 #endif
3846 #ifdef UF_APPEND
3847 | UF_APPEND
3848 #endif
3849 #if defined(FS_APPEND_FL)
3850 | FS_APPEND_FL
3851 #elif defined(EXT2_APPEND_FL)
3852 | EXT2_APPEND_FL
3853 #endif
3854 #if defined(FS_IMMUTABLE_FL)
3855 | FS_IMMUTABLE_FL
3856 #elif defined(EXT2_IMMUTABLE_FL)
3857 | EXT2_IMMUTABLE_FL
3858 #endif
3859 #ifdef FS_JOURNAL_DATA_FL
3860 | FS_JOURNAL_DATA_FL
3861 #endif
3862 ;
3863
3864 if (a->todo & TODO_FFLAGS) {
3865 archive_entry_fflags(a->entry, &set, &clear);
3866
3867 /*
3868 * The first test encourages the compiler to eliminate
3869 * all of this if it's not necessary.
3870 */
3871 if ((critical_flags != 0) && (set & critical_flags)) {
3872 le = current_fixup(a, a->name);
3873 if (le == NULL)
3874 return (ARCHIVE_FATAL);
3875 le->filetype = archive_entry_filetype(a->entry);
3876 le->fixup |= TODO_FFLAGS;
3877 le->fflags_set = set;
3878 /* Store the mode if it's not already there. */
3879 if ((le->fixup & TODO_MODE) == 0)
3880 le->mode = mode;
3881 } else {
3882 r = set_fflags_platform(a, a->fd,
3883 a->name, mode, set, clear);
3884 if (r != ARCHIVE_OK)
3885 return (r);
3886 }
3887 }
3888 return (ARCHIVE_OK);
3889 }
3890
3891 static int
clear_nochange_fflags(struct archive_write_disk * a)3892 clear_nochange_fflags(struct archive_write_disk *a)
3893 {
3894 mode_t mode = archive_entry_mode(a->entry);
3895 const int nochange_flags = 0
3896 #ifdef SF_IMMUTABLE
3897 | SF_IMMUTABLE
3898 #endif
3899 #ifdef UF_IMMUTABLE
3900 | UF_IMMUTABLE
3901 #endif
3902 #ifdef SF_APPEND
3903 | SF_APPEND
3904 #endif
3905 #ifdef UF_APPEND
3906 | UF_APPEND
3907 #endif
3908 #ifdef EXT2_APPEND_FL
3909 | EXT2_APPEND_FL
3910 #endif
3911 #ifdef EXT2_IMMUTABLE_FL
3912 | EXT2_IMMUTABLE_FL
3913 #endif
3914 ;
3915
3916 return (set_fflags_platform(a, a->fd, a->name, mode, 0,
3917 nochange_flags));
3918 }
3919
3920
3921 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3922 /*
3923 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3924 */
3925 static int
set_fflags_platform(struct archive_write_disk * a,int fd,const char * name,mode_t mode,unsigned long set,unsigned long clear)3926 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3927 mode_t mode, unsigned long set, unsigned long clear)
3928 {
3929 int r;
3930 const int sf_mask = 0
3931 #ifdef SF_APPEND
3932 | SF_APPEND
3933 #endif
3934 #ifdef SF_ARCHIVED
3935 | SF_ARCHIVED
3936 #endif
3937 #ifdef SF_IMMUTABLE
3938 | SF_IMMUTABLE
3939 #endif
3940 #ifdef SF_NOUNLINK
3941 | SF_NOUNLINK
3942 #endif
3943 ;
3944 (void)mode; /* UNUSED */
3945
3946 if (set == 0 && clear == 0)
3947 return (ARCHIVE_OK);
3948
3949 /*
3950 * XXX Is the stat here really necessary? Or can I just use
3951 * the 'set' flags directly? In particular, I'm not sure
3952 * about the correct approach if we're overwriting an existing
3953 * file that already has flags on it. XXX
3954 */
3955 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3956 return (r);
3957
3958 a->st.st_flags &= ~clear;
3959 a->st.st_flags |= set;
3960
3961 /* Only super-user may change SF_* flags */
3962
3963 if (a->user_uid != 0)
3964 a->st.st_flags &= ~sf_mask;
3965
3966 #ifdef HAVE_FCHFLAGS
3967 /* If platform has fchflags() and we were given an fd, use it. */
3968 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3969 return (ARCHIVE_OK);
3970 #endif
3971 /*
3972 * If we can't use the fd to set the flags, we'll use the
3973 * pathname to set flags. We prefer lchflags() but will use
3974 * chflags() if we must.
3975 */
3976 #ifdef HAVE_LCHFLAGS
3977 if (lchflags(name, a->st.st_flags) == 0)
3978 return (ARCHIVE_OK);
3979 #elif defined(HAVE_CHFLAGS)
3980 if (S_ISLNK(a->st.st_mode)) {
3981 archive_set_error(&a->archive, errno,
3982 "Can't set file flags on symlink.");
3983 return (ARCHIVE_WARN);
3984 }
3985 if (chflags(name, a->st.st_flags) == 0)
3986 return (ARCHIVE_OK);
3987 #endif
3988 archive_set_error(&a->archive, errno,
3989 "Failed to set file flags");
3990 return (ARCHIVE_WARN);
3991 }
3992
3993 #elif (defined(FS_IOC_GETFLAGS) && defined(FS_IOC_SETFLAGS) && \
3994 defined(HAVE_WORKING_FS_IOC_GETFLAGS)) || \
3995 (defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && \
3996 defined(HAVE_WORKING_EXT2_IOC_GETFLAGS))
3997 /*
3998 * Linux uses ioctl() to read and write file flags.
3999 */
4000 static int
set_fflags_platform(struct archive_write_disk * a,int fd,const char * name,mode_t mode,unsigned long set,unsigned long clear)4001 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
4002 mode_t mode, unsigned long set, unsigned long clear)
4003 {
4004 int ret;
4005 int myfd = fd;
4006 int newflags, oldflags;
4007 /*
4008 * Linux has no define for the flags that are only settable by
4009 * the root user. This code may seem a little complex, but
4010 * there seem to be some Linux systems that lack these
4011 * defines. (?) The code below degrades reasonably gracefully
4012 * if sf_mask is incomplete.
4013 */
4014 const int sf_mask = 0
4015 #if defined(FS_IMMUTABLE_FL)
4016 | FS_IMMUTABLE_FL
4017 #elif defined(EXT2_IMMUTABLE_FL)
4018 | EXT2_IMMUTABLE_FL
4019 #endif
4020 #if defined(FS_APPEND_FL)
4021 | FS_APPEND_FL
4022 #elif defined(EXT2_APPEND_FL)
4023 | EXT2_APPEND_FL
4024 #endif
4025 #if defined(FS_JOURNAL_DATA_FL)
4026 | FS_JOURNAL_DATA_FL
4027 #endif
4028 ;
4029
4030 if (set == 0 && clear == 0)
4031 return (ARCHIVE_OK);
4032 /* Only regular files and dirs can have flags. */
4033 if (!S_ISREG(mode) && !S_ISDIR(mode))
4034 return (ARCHIVE_OK);
4035
4036 /* If we weren't given an fd, open it ourselves. */
4037 if (myfd < 0) {
4038 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY |
4039 O_CLOEXEC | O_NOFOLLOW);
4040 __archive_ensure_cloexec_flag(myfd);
4041 }
4042 if (myfd < 0)
4043 return (ARCHIVE_OK);
4044
4045 /*
4046 * XXX As above, this would be way simpler if we didn't have
4047 * to read the current flags from disk. XXX
4048 */
4049 ret = ARCHIVE_OK;
4050
4051 /* Read the current file flags. */
4052 if (ioctl(myfd,
4053 #ifdef FS_IOC_GETFLAGS
4054 FS_IOC_GETFLAGS,
4055 #else
4056 EXT2_IOC_GETFLAGS,
4057 #endif
4058 &oldflags) < 0)
4059 goto fail;
4060
4061 /* Try setting the flags as given. */
4062 newflags = (oldflags & ~clear) | set;
4063 if (ioctl(myfd,
4064 #ifdef FS_IOC_SETFLAGS
4065 FS_IOC_SETFLAGS,
4066 #else
4067 EXT2_IOC_SETFLAGS,
4068 #endif
4069 &newflags) >= 0)
4070 goto cleanup;
4071 if (errno != EPERM)
4072 goto fail;
4073
4074 /* If we couldn't set all the flags, try again with a subset. */
4075 newflags &= ~sf_mask;
4076 oldflags &= sf_mask;
4077 newflags |= oldflags;
4078 if (ioctl(myfd,
4079 #ifdef FS_IOC_SETFLAGS
4080 FS_IOC_SETFLAGS,
4081 #else
4082 EXT2_IOC_SETFLAGS,
4083 #endif
4084 &newflags) >= 0)
4085 goto cleanup;
4086
4087 /* We couldn't set the flags, so report the failure. */
4088 fail:
4089 archive_set_error(&a->archive, errno,
4090 "Failed to set file flags");
4091 ret = ARCHIVE_WARN;
4092 cleanup:
4093 if (fd < 0)
4094 close(myfd);
4095 return (ret);
4096 }
4097
4098 #else
4099
4100 /*
4101 * Of course, some systems have neither BSD chflags() nor Linux' flags
4102 * support through ioctl().
4103 */
4104 static int
set_fflags_platform(struct archive_write_disk * a,int fd,const char * name,mode_t mode,unsigned long set,unsigned long clear)4105 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
4106 mode_t mode, unsigned long set, unsigned long clear)
4107 {
4108 (void)a; /* UNUSED */
4109 (void)fd; /* UNUSED */
4110 (void)name; /* UNUSED */
4111 (void)mode; /* UNUSED */
4112 (void)set; /* UNUSED */
4113 (void)clear; /* UNUSED */
4114 return (ARCHIVE_OK);
4115 }
4116
4117 #endif /* __linux */
4118
4119 #ifndef HAVE_COPYFILE_H
4120 /* Default is to simply drop Mac extended metadata. */
4121 static int
set_mac_metadata(struct archive_write_disk * a,const char * pathname,const void * metadata,size_t metadata_size)4122 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
4123 const void *metadata, size_t metadata_size)
4124 {
4125 (void)a; /* UNUSED */
4126 (void)pathname; /* UNUSED */
4127 (void)metadata; /* UNUSED */
4128 (void)metadata_size; /* UNUSED */
4129 return (ARCHIVE_OK);
4130 }
4131
4132 static int
fixup_appledouble(struct archive_write_disk * a,const char * pathname)4133 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
4134 {
4135 (void)a; /* UNUSED */
4136 (void)pathname; /* UNUSED */
4137 return (ARCHIVE_OK);
4138 }
4139 #else
4140
4141 /*
4142 * On Mac OS, we use copyfile() to unpack the metadata and
4143 * apply it to the target file.
4144 */
4145
4146 #if defined(HAVE_SYS_XATTR_H)
4147 static int
copy_xattrs(struct archive_write_disk * a,int tmpfd,int dffd)4148 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
4149 {
4150 ssize_t xattr_size;
4151 char *xattr_names = NULL, *xattr_val = NULL;
4152 int ret = ARCHIVE_OK, xattr_i;
4153
4154 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
4155 if (xattr_size == -1) {
4156 archive_set_error(&a->archive, errno,
4157 "Failed to read metadata(xattr)");
4158 ret = ARCHIVE_WARN;
4159 goto exit_xattr;
4160 }
4161 xattr_names = malloc(xattr_size);
4162 if (xattr_names == NULL) {
4163 archive_set_error(&a->archive, ENOMEM,
4164 "Can't allocate memory for metadata(xattr)");
4165 ret = ARCHIVE_FATAL;
4166 goto exit_xattr;
4167 }
4168 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
4169 if (xattr_size == -1) {
4170 archive_set_error(&a->archive, errno,
4171 "Failed to read metadata(xattr)");
4172 ret = ARCHIVE_WARN;
4173 goto exit_xattr;
4174 }
4175 for (xattr_i = 0; xattr_i < xattr_size;
4176 xattr_i += strlen(xattr_names + xattr_i) + 1) {
4177 char *xattr_val_saved;
4178 ssize_t s;
4179 int f;
4180
4181 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
4182 if (s == -1) {
4183 archive_set_error(&a->archive, errno,
4184 "Failed to get metadata(xattr)");
4185 ret = ARCHIVE_WARN;
4186 goto exit_xattr;
4187 }
4188 xattr_val_saved = xattr_val;
4189 xattr_val = realloc(xattr_val, s);
4190 if (xattr_val == NULL) {
4191 archive_set_error(&a->archive, ENOMEM,
4192 "Failed to get metadata(xattr)");
4193 ret = ARCHIVE_WARN;
4194 free(xattr_val_saved);
4195 goto exit_xattr;
4196 }
4197 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
4198 if (s == -1) {
4199 archive_set_error(&a->archive, errno,
4200 "Failed to get metadata(xattr)");
4201 ret = ARCHIVE_WARN;
4202 goto exit_xattr;
4203 }
4204 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
4205 if (f == -1) {
4206 archive_set_error(&a->archive, errno,
4207 "Failed to get metadata(xattr)");
4208 ret = ARCHIVE_WARN;
4209 goto exit_xattr;
4210 }
4211 }
4212 exit_xattr:
4213 free(xattr_names);
4214 free(xattr_val);
4215 return (ret);
4216 }
4217 #endif
4218
4219 static int
copy_acls(struct archive_write_disk * a,int tmpfd,int dffd)4220 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
4221 {
4222 #ifndef HAVE_SYS_ACL_H
4223 return 0;
4224 #else
4225 acl_t acl, dfacl = NULL;
4226 int acl_r, ret = ARCHIVE_OK;
4227
4228 acl = acl_get_fd(tmpfd);
4229 if (acl == NULL) {
4230 if (errno == ENOENT)
4231 /* There are not any ACLs. */
4232 return (ret);
4233 archive_set_error(&a->archive, errno,
4234 "Failed to get metadata(acl)");
4235 ret = ARCHIVE_WARN;
4236 goto exit_acl;
4237 }
4238 dfacl = acl_dup(acl);
4239 acl_r = acl_set_fd(dffd, dfacl);
4240 if (acl_r == -1) {
4241 archive_set_error(&a->archive, errno,
4242 "Failed to get metadata(acl)");
4243 ret = ARCHIVE_WARN;
4244 goto exit_acl;
4245 }
4246 exit_acl:
4247 if (acl)
4248 acl_free(acl);
4249 if (dfacl)
4250 acl_free(dfacl);
4251 return (ret);
4252 #endif
4253 }
4254
4255 static int
create_tempdatafork(struct archive_write_disk * a,const char * pathname)4256 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
4257 {
4258 struct archive_string tmpdatafork;
4259 int tmpfd;
4260
4261 archive_string_init(&tmpdatafork);
4262 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
4263 tmpfd = mkstemp(tmpdatafork.s);
4264 if (tmpfd < 0) {
4265 archive_set_error(&a->archive, errno,
4266 "Failed to mkstemp");
4267 archive_string_free(&tmpdatafork);
4268 return (-1);
4269 }
4270 if (copyfile(pathname, tmpdatafork.s, 0,
4271 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
4272 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
4273 archive_set_error(&a->archive, errno,
4274 "Failed to restore metadata");
4275 close(tmpfd);
4276 tmpfd = -1;
4277 }
4278 unlink(tmpdatafork.s);
4279 archive_string_free(&tmpdatafork);
4280 return (tmpfd);
4281 }
4282
4283 static int
copy_metadata(struct archive_write_disk * a,const char * metadata,const char * datafork,int datafork_compressed)4284 copy_metadata(struct archive_write_disk *a, const char *metadata,
4285 const char *datafork, int datafork_compressed)
4286 {
4287 int ret = ARCHIVE_OK;
4288
4289 if (datafork_compressed) {
4290 int dffd, tmpfd;
4291
4292 tmpfd = create_tempdatafork(a, metadata);
4293 if (tmpfd == -1)
4294 return (ARCHIVE_WARN);
4295
4296 /*
4297 * Do not open the data fork compressed by HFS+ compression
4298 * with at least a writing mode(O_RDWR or O_WRONLY). it
4299 * makes the data fork uncompressed.
4300 */
4301 dffd = open(datafork, 0);
4302 if (dffd == -1) {
4303 archive_set_error(&a->archive, errno,
4304 "Failed to open the data fork for metadata");
4305 close(tmpfd);
4306 return (ARCHIVE_WARN);
4307 }
4308
4309 #if defined(HAVE_SYS_XATTR_H)
4310 ret = copy_xattrs(a, tmpfd, dffd);
4311 if (ret == ARCHIVE_OK)
4312 #endif
4313 ret = copy_acls(a, tmpfd, dffd);
4314 close(tmpfd);
4315 close(dffd);
4316 } else {
4317 if (copyfile(metadata, datafork, 0,
4318 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
4319 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
4320 archive_set_error(&a->archive, errno,
4321 "Failed to restore metadata");
4322 ret = ARCHIVE_WARN;
4323 }
4324 }
4325 return (ret);
4326 }
4327
4328 static int
set_mac_metadata(struct archive_write_disk * a,const char * pathname,const void * metadata,size_t metadata_size)4329 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
4330 const void *metadata, size_t metadata_size)
4331 {
4332 struct archive_string tmp;
4333 ssize_t written;
4334 int fd;
4335 int ret = ARCHIVE_OK;
4336
4337 /* This would be simpler if copyfile() could just accept the
4338 * metadata as a block of memory; then we could sidestep this
4339 * silly dance of writing the data to disk just so that
4340 * copyfile() can read it back in again. */
4341 archive_string_init(&tmp);
4342 archive_strcpy(&tmp, pathname);
4343 archive_strcat(&tmp, ".XXXXXX");
4344 fd = mkstemp(tmp.s);
4345
4346 if (fd < 0) {
4347 archive_set_error(&a->archive, errno,
4348 "Failed to restore metadata");
4349 archive_string_free(&tmp);
4350 return (ARCHIVE_WARN);
4351 }
4352 written = write(fd, metadata, metadata_size);
4353 close(fd);
4354 if ((size_t)written != metadata_size) {
4355 archive_set_error(&a->archive, errno,
4356 "Failed to restore metadata");
4357 ret = ARCHIVE_WARN;
4358 } else {
4359 int compressed;
4360
4361 #if defined(UF_COMPRESSED)
4362 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
4363 (ret = lazy_stat(a)) == ARCHIVE_OK)
4364 compressed = a->st.st_flags & UF_COMPRESSED;
4365 else
4366 #endif
4367 compressed = 0;
4368 ret = copy_metadata(a, tmp.s, pathname, compressed);
4369 }
4370 unlink(tmp.s);
4371 archive_string_free(&tmp);
4372 return (ret);
4373 }
4374
4375 static int
fixup_appledouble(struct archive_write_disk * a,const char * pathname)4376 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
4377 {
4378 char buff[8];
4379 struct stat st;
4380 const char *p;
4381 struct archive_string datafork;
4382 int fd = -1, ret = ARCHIVE_OK;
4383
4384 archive_string_init(&datafork);
4385 /* Check if the current file name is a type of the resource
4386 * fork file. */
4387 p = strrchr(pathname, '/');
4388 if (p == NULL)
4389 p = pathname;
4390 else
4391 p++;
4392 if (p[0] != '.' || p[1] != '_')
4393 goto skip_appledouble;
4394
4395 /*
4396 * Check if the data fork file exists.
4397 *
4398 * TODO: Check if this write disk object has handled it.
4399 */
4400 archive_strncpy(&datafork, pathname, p - pathname);
4401 archive_strcat(&datafork, p + 2);
4402 if (lstat(datafork.s, &st) == -1 ||
4403 (st.st_mode & AE_IFMT) != AE_IFREG)
4404 goto skip_appledouble;
4405
4406 /*
4407 * Check if the file is in the AppleDouble form.
4408 */
4409 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
4410 __archive_ensure_cloexec_flag(fd);
4411 if (fd == -1) {
4412 archive_set_error(&a->archive, errno,
4413 "Failed to open a restoring file");
4414 ret = ARCHIVE_WARN;
4415 goto skip_appledouble;
4416 }
4417 if (read(fd, buff, 8) == -1) {
4418 archive_set_error(&a->archive, errno,
4419 "Failed to read a restoring file");
4420 close(fd);
4421 ret = ARCHIVE_WARN;
4422 goto skip_appledouble;
4423 }
4424 close(fd);
4425 /* Check AppleDouble Magic Code. */
4426 if (archive_be32dec(buff) != 0x00051607)
4427 goto skip_appledouble;
4428 /* Check AppleDouble Version. */
4429 if (archive_be32dec(buff+4) != 0x00020000)
4430 goto skip_appledouble;
4431
4432 ret = copy_metadata(a, pathname, datafork.s,
4433 #if defined(UF_COMPRESSED)
4434 st.st_flags & UF_COMPRESSED);
4435 #else
4436 0);
4437 #endif
4438 if (ret == ARCHIVE_OK) {
4439 unlink(pathname);
4440 ret = ARCHIVE_EOF;
4441 }
4442 skip_appledouble:
4443 archive_string_free(&datafork);
4444 return (ret);
4445 }
4446 #endif
4447
4448 #if ARCHIVE_XATTR_LINUX || ARCHIVE_XATTR_DARWIN || ARCHIVE_XATTR_AIX
4449 /*
4450 * Restore extended attributes - Linux, Darwin and AIX implementations:
4451 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
4452 */
4453 static int
set_xattrs(struct archive_write_disk * a)4454 set_xattrs(struct archive_write_disk *a)
4455 {
4456 struct archive_entry *entry = a->entry;
4457 struct archive_string errlist;
4458 int ret = ARCHIVE_OK;
4459 int i = archive_entry_xattr_reset(entry);
4460 short fail = 0;
4461
4462 archive_string_init(&errlist);
4463
4464 while (i--) {
4465 const char *name;
4466 const void *value;
4467 size_t size;
4468 int e;
4469
4470 archive_entry_xattr_next(entry, &name, &value, &size);
4471
4472 if (name == NULL)
4473 continue;
4474 #if ARCHIVE_XATTR_LINUX
4475 /* Linux: quietly skip POSIX.1e ACL extended attributes */
4476 if (strncmp(name, "system.", 7) == 0 &&
4477 (strcmp(name + 7, "posix_acl_access") == 0 ||
4478 strcmp(name + 7, "posix_acl_default") == 0))
4479 continue;
4480 if (strncmp(name, "trusted.SGI_", 12) == 0 &&
4481 (strcmp(name + 12, "ACL_DEFAULT") == 0 ||
4482 strcmp(name + 12, "ACL_FILE") == 0))
4483 continue;
4484
4485 /* Linux: xfsroot namespace is obsolete and unsupported */
4486 if (strncmp(name, "xfsroot.", 8) == 0) {
4487 fail = 1;
4488 archive_strcat(&errlist, name);
4489 archive_strappend_char(&errlist, ' ');
4490 continue;
4491 }
4492 #endif
4493
4494 if (a->fd >= 0) {
4495 #if ARCHIVE_XATTR_LINUX
4496 e = fsetxattr(a->fd, name, value, size, 0);
4497 #elif ARCHIVE_XATTR_DARWIN
4498 e = fsetxattr(a->fd, name, value, size, 0, 0);
4499 #elif ARCHIVE_XATTR_AIX
4500 e = fsetea(a->fd, name, value, size, 0);
4501 #endif
4502 } else {
4503 #if ARCHIVE_XATTR_LINUX
4504 e = lsetxattr(archive_entry_pathname(entry),
4505 name, value, size, 0);
4506 #elif ARCHIVE_XATTR_DARWIN
4507 e = setxattr(archive_entry_pathname(entry),
4508 name, value, size, 0, XATTR_NOFOLLOW);
4509 #elif ARCHIVE_XATTR_AIX
4510 e = lsetea(archive_entry_pathname(entry),
4511 name, value, size, 0);
4512 #endif
4513 }
4514 if (e == -1) {
4515 ret = ARCHIVE_WARN;
4516 archive_strcat(&errlist, name);
4517 archive_strappend_char(&errlist, ' ');
4518 if (errno != ENOTSUP && errno != ENOSYS)
4519 fail = 1;
4520 }
4521 }
4522
4523 if (ret == ARCHIVE_WARN) {
4524 if (fail && errlist.length > 0) {
4525 errlist.length--;
4526 errlist.s[errlist.length] = '\0';
4527 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4528 "Cannot restore extended attributes: %s",
4529 errlist.s);
4530 } else
4531 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4532 "Cannot restore extended "
4533 "attributes on this file system.");
4534 }
4535
4536 archive_string_free(&errlist);
4537 return (ret);
4538 }
4539 #elif ARCHIVE_XATTR_FREEBSD
4540 /*
4541 * Restore extended attributes - FreeBSD implementation
4542 */
4543 static int
set_xattrs(struct archive_write_disk * a)4544 set_xattrs(struct archive_write_disk *a)
4545 {
4546 struct archive_entry *entry = a->entry;
4547 struct archive_string errlist;
4548 int ret = ARCHIVE_OK;
4549 int i = archive_entry_xattr_reset(entry);
4550 short fail = 0;
4551
4552 archive_string_init(&errlist);
4553
4554 while (i--) {
4555 const char *name;
4556 const void *value;
4557 size_t size;
4558 archive_entry_xattr_next(entry, &name, &value, &size);
4559 if (name != NULL) {
4560 int e;
4561 int namespace;
4562
4563 namespace = EXTATTR_NAMESPACE_USER;
4564
4565 if (strncmp(name, "user.", 5) == 0) {
4566 /* "user." attributes go to user namespace */
4567 name += 5;
4568 namespace = EXTATTR_NAMESPACE_USER;
4569 } else if (strncmp(name, "system.", 7) == 0) {
4570 name += 7;
4571 namespace = EXTATTR_NAMESPACE_SYSTEM;
4572 if (!strcmp(name, "nfs4.acl") ||
4573 !strcmp(name, "posix1e.acl_access") ||
4574 !strcmp(name, "posix1e.acl_default"))
4575 continue;
4576 } else {
4577 /* Other namespaces are unsupported */
4578 archive_strcat(&errlist, name);
4579 archive_strappend_char(&errlist, ' ');
4580 fail = 1;
4581 ret = ARCHIVE_WARN;
4582 continue;
4583 }
4584
4585 if (a->fd >= 0) {
4586 /*
4587 * On FreeBSD, extattr_set_fd does not
4588 * return the same as
4589 * extattr_set_file. It returns zero
4590 * on success, non-zero on failure.
4591 *
4592 * We can detect the failure by
4593 * manually setting errno prior to the
4594 * call and checking after.
4595 *
4596 * If errno remains zero, fake the
4597 * return value by setting e to size.
4598 *
4599 * This is a hack for now until I
4600 * (Shawn Webb) get FreeBSD to fix the
4601 * issue, if that's even possible.
4602 */
4603 errno = 0;
4604 e = extattr_set_fd(a->fd, namespace, name,
4605 value, size);
4606 if (e == 0 && errno == 0) {
4607 e = size;
4608 }
4609 } else {
4610 e = extattr_set_link(
4611 archive_entry_pathname(entry), namespace,
4612 name, value, size);
4613 }
4614 if (e != (int)size) {
4615 archive_strcat(&errlist, name);
4616 archive_strappend_char(&errlist, ' ');
4617 ret = ARCHIVE_WARN;
4618 if (errno != ENOTSUP && errno != ENOSYS)
4619 fail = 1;
4620 }
4621 }
4622 }
4623
4624 if (ret == ARCHIVE_WARN) {
4625 if (fail && errlist.length > 0) {
4626 errlist.length--;
4627 errlist.s[errlist.length] = '\0';
4628
4629 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4630 "Cannot restore extended attributes: %s",
4631 errlist.s);
4632 } else
4633 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4634 "Cannot restore extended "
4635 "attributes on this file system.");
4636 }
4637
4638 archive_string_free(&errlist);
4639 return (ret);
4640 }
4641 #else
4642 /*
4643 * Restore extended attributes - stub implementation for unsupported systems
4644 */
4645 static int
set_xattrs(struct archive_write_disk * a)4646 set_xattrs(struct archive_write_disk *a)
4647 {
4648 static int warning_done = 0;
4649
4650 /* If there aren't any extended attributes, then it's okay not
4651 * to extract them, otherwise, issue a single warning. */
4652 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
4653 warning_done = 1;
4654 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
4655 "Cannot restore extended attributes on this system");
4656 return (ARCHIVE_WARN);
4657 }
4658 /* Warning was already emitted; suppress further warnings. */
4659 return (ARCHIVE_OK);
4660 }
4661 #endif
4662
4663 /*
4664 * Test if file on disk is older than entry.
4665 */
4666 static int
older(struct stat * st,struct archive_entry * entry)4667 older(struct stat *st, struct archive_entry *entry)
4668 {
4669 /* First, test the seconds and return if we have a definite answer. */
4670 /* Definitely older. */
4671 if (to_int64_time(st->st_mtime) < to_int64_time(archive_entry_mtime(entry)))
4672 return (1);
4673 /* Definitely younger. */
4674 if (to_int64_time(st->st_mtime) > to_int64_time(archive_entry_mtime(entry)))
4675 return (0);
4676 /* If this platform supports fractional seconds, try those. */
4677 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
4678 /* Definitely older. */
4679 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
4680 return (1);
4681 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
4682 /* Definitely older. */
4683 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
4684 return (1);
4685 #elif HAVE_STRUCT_STAT_ST_MTIME_N
4686 /* older. */
4687 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
4688 return (1);
4689 #elif HAVE_STRUCT_STAT_ST_UMTIME
4690 /* older. */
4691 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
4692 return (1);
4693 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
4694 /* older. */
4695 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
4696 return (1);
4697 #else
4698 /* This system doesn't have high-res timestamps. */
4699 #endif
4700 /* Same age or newer, so not older. */
4701 return (0);
4702 }
4703
4704 #ifndef ARCHIVE_ACL_SUPPORT
4705 int
archive_write_disk_set_acls(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode)4706 archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
4707 struct archive_acl *abstract_acl, __LA_MODE_T mode)
4708 {
4709 (void)a; /* UNUSED */
4710 (void)fd; /* UNUSED */
4711 (void)name; /* UNUSED */
4712 (void)abstract_acl; /* UNUSED */
4713 (void)mode; /* UNUSED */
4714 return (ARCHIVE_OK);
4715 }
4716 #endif
4717
4718 #endif /* !_WIN32 || __CYGWIN__ */
4719
4720