1 /*- 2 * Copyright (c) 2003-2010 Tim Kientzle 3 * Copyright (c) 2012 Michihiro NAKAJIMA 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer 11 * in this position and unchanged. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include "archive_platform.h" 29 __FBSDID("$FreeBSD$"); 30 31 #if !defined(_WIN32) || defined(__CYGWIN__) 32 33 #ifdef HAVE_SYS_TYPES_H 34 #include <sys/types.h> 35 #endif 36 #ifdef HAVE_SYS_ACL_H 37 #include <sys/acl.h> 38 #endif 39 #ifdef HAVE_SYS_EXTATTR_H 40 #include <sys/extattr.h> 41 #endif 42 #if HAVE_SYS_XATTR_H 43 #include <sys/xattr.h> 44 #elif HAVE_ATTR_XATTR_H 45 #include <attr/xattr.h> 46 #endif 47 #ifdef HAVE_SYS_EA_H 48 #include <sys/ea.h> 49 #endif 50 #ifdef HAVE_SYS_IOCTL_H 51 #include <sys/ioctl.h> 52 #endif 53 #ifdef HAVE_SYS_STAT_H 54 #include <sys/stat.h> 55 #endif 56 #ifdef HAVE_SYS_TIME_H 57 #include <sys/time.h> 58 #endif 59 #ifdef HAVE_SYS_UTIME_H 60 #include <sys/utime.h> 61 #endif 62 #ifdef HAVE_COPYFILE_H 63 #include <copyfile.h> 64 #endif 65 #ifdef HAVE_ERRNO_H 66 #include <errno.h> 67 #endif 68 #ifdef HAVE_FCNTL_H 69 #include <fcntl.h> 70 #endif 71 #ifdef HAVE_GRP_H 72 #include <grp.h> 73 #endif 74 #ifdef HAVE_LANGINFO_H 75 #include <langinfo.h> 76 #endif 77 #ifdef HAVE_LINUX_FS_H 78 #include <linux/fs.h> /* for Linux file flags */ 79 #endif 80 /* 81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h. 82 * As the include guards don't agree, the order of include is important. 83 */ 84 #ifdef HAVE_LINUX_EXT2_FS_H 85 #include <linux/ext2_fs.h> /* for Linux file flags */ 86 #endif 87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__) 88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */ 89 #endif 90 #ifdef HAVE_LIMITS_H 91 #include <limits.h> 92 #endif 93 #ifdef HAVE_PWD_H 94 #include <pwd.h> 95 #endif 96 #include <stdio.h> 97 #ifdef HAVE_STDLIB_H 98 #include <stdlib.h> 99 #endif 100 #ifdef HAVE_STRING_H 101 #include <string.h> 102 #endif 103 #ifdef HAVE_UNISTD_H 104 #include <unistd.h> 105 #endif 106 #ifdef HAVE_UTIME_H 107 #include <utime.h> 108 #endif 109 #ifdef F_GETTIMES /* Tru64 specific */ 110 #include <sys/fcntl1.h> 111 #endif 112 113 /* 114 * Macro to cast st_mtime and time_t to an int64 so that 2 numbers can reliably be compared. 115 * 116 * It assumes that the input is an integer type of no more than 64 bits. 117 * If the number is less than zero, t must be a signed type, so it fits in 118 * int64_t. Otherwise, it's a nonnegative value so we can cast it to uint64_t 119 * without loss. But it could be a large unsigned value, so we have to clip it 120 * to INT64_MAX.* 121 */ 122 #define to_int64_time(t) \ 123 ((t) < 0 ? (int64_t)(t) : (uint64_t)(t) > (uint64_t)INT64_MAX ? INT64_MAX : (int64_t)(t)) 124 125 #if __APPLE__ 126 #include <TargetConditionals.h> 127 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H 128 #include <quarantine.h> 129 #define HAVE_QUARANTINE 1 130 #endif 131 #endif 132 133 #ifdef HAVE_ZLIB_H 134 #include <zlib.h> 135 #endif 136 137 /* TODO: Support Mac OS 'quarantine' feature. This is really just a 138 * standard tag to mark files that have been downloaded as "tainted". 139 * On Mac OS, we should mark the extracted files as tainted if the 140 * archive being read was tainted. Windows has a similar feature; we 141 * should investigate ways to support this generically. */ 142 143 #include "archive.h" 144 #include "archive_acl_private.h" 145 #include "archive_string.h" 146 #include "archive_endian.h" 147 #include "archive_entry.h" 148 #include "archive_private.h" 149 #include "archive_write_disk_private.h" 150 151 #ifndef O_BINARY 152 #define O_BINARY 0 153 #endif 154 #ifndef O_CLOEXEC 155 #define O_CLOEXEC 0 156 #endif 157 158 /* Ignore non-int O_NOFOLLOW constant. */ 159 /* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */ 160 #if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX) 161 #undef O_NOFOLLOW 162 #endif 163 164 #ifndef O_NOFOLLOW 165 #define O_NOFOLLOW 0 166 #endif 167 168 #ifndef AT_FDCWD 169 #define AT_FDCWD -100 170 #endif 171 172 struct fixup_entry { 173 struct fixup_entry *next; 174 struct archive_acl acl; 175 mode_t mode; 176 __LA_MODE_T filetype; 177 int64_t atime; 178 int64_t birthtime; 179 int64_t mtime; 180 int64_t ctime; 181 unsigned long atime_nanos; 182 unsigned long birthtime_nanos; 183 unsigned long mtime_nanos; 184 unsigned long ctime_nanos; 185 unsigned long fflags_set; 186 size_t mac_metadata_size; 187 void *mac_metadata; 188 int fixup; /* bitmask of what needs fixing */ 189 char *name; 190 }; 191 192 /* 193 * We use a bitmask to track which operations remain to be done for 194 * this file. In particular, this helps us avoid unnecessary 195 * operations when it's possible to take care of one step as a 196 * side-effect of another. For example, mkdir() can specify the mode 197 * for the newly-created object but symlink() cannot. This means we 198 * can skip chmod() if mkdir() succeeded, but we must explicitly 199 * chmod() if we're trying to create a directory that already exists 200 * (mkdir() failed) or if we're restoring a symlink. Similarly, we 201 * need to verify UID/GID before trying to restore SUID/SGID bits; 202 * that verification can occur explicitly through a stat() call or 203 * implicitly because of a successful chown() call. 204 */ 205 #define TODO_MODE_FORCE 0x40000000 206 #define TODO_MODE_BASE 0x20000000 207 #define TODO_SUID 0x10000000 208 #define TODO_SUID_CHECK 0x08000000 209 #define TODO_SGID 0x04000000 210 #define TODO_SGID_CHECK 0x02000000 211 #define TODO_APPLEDOUBLE 0x01000000 212 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID) 213 #define TODO_TIMES ARCHIVE_EXTRACT_TIME 214 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER 215 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS 216 #define TODO_ACLS ARCHIVE_EXTRACT_ACL 217 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR 218 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA 219 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED 220 221 struct archive_write_disk { 222 struct archive archive; 223 224 mode_t user_umask; 225 struct fixup_entry *fixup_list; 226 struct fixup_entry *current_fixup; 227 int64_t user_uid; 228 int skip_file_set; 229 int64_t skip_file_dev; 230 int64_t skip_file_ino; 231 time_t start_time; 232 233 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid); 234 void (*cleanup_gid)(void *private); 235 void *lookup_gid_data; 236 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid); 237 void (*cleanup_uid)(void *private); 238 void *lookup_uid_data; 239 240 /* 241 * Full path of last file to satisfy symlink checks. 242 */ 243 struct archive_string path_safe; 244 245 /* 246 * Cached stat data from disk for the current entry. 247 * If this is valid, pst points to st. Otherwise, 248 * pst is null. 249 */ 250 struct stat st; 251 struct stat *pst; 252 253 /* Information about the object being restored right now. */ 254 struct archive_entry *entry; /* Entry being extracted. */ 255 char *name; /* Name of entry, possibly edited. */ 256 struct archive_string _name_data; /* backing store for 'name' */ 257 char *tmpname; /* Temporary name * */ 258 struct archive_string _tmpname_data; /* backing store for 'tmpname' */ 259 /* Tasks remaining for this object. */ 260 int todo; 261 /* Tasks deferred until end-of-archive. */ 262 int deferred; 263 /* Options requested by the client. */ 264 int flags; 265 /* Handle for the file we're restoring. */ 266 int fd; 267 /* Current offset for writing data to the file. */ 268 int64_t offset; 269 /* Last offset actually written to disk. */ 270 int64_t fd_offset; 271 /* Total bytes actually written to files. */ 272 int64_t total_bytes_written; 273 /* Maximum size of file, -1 if unknown. */ 274 int64_t filesize; 275 /* Dir we were in before this restore; only for deep paths. */ 276 int restore_pwd; 277 /* Mode we should use for this entry; affected by _PERM and umask. */ 278 mode_t mode; 279 /* UID/GID to use in restoring this entry. */ 280 int64_t uid; 281 int64_t gid; 282 /* 283 * HFS+ Compression. 284 */ 285 /* Xattr "com.apple.decmpfs". */ 286 uint32_t decmpfs_attr_size; 287 unsigned char *decmpfs_header_p; 288 /* ResourceFork set options used for fsetxattr. */ 289 int rsrc_xattr_options; 290 /* Xattr "com.apple.ResourceFork". */ 291 unsigned char *resource_fork; 292 size_t resource_fork_allocated_size; 293 unsigned int decmpfs_block_count; 294 uint32_t *decmpfs_block_info; 295 /* Buffer for compressed data. */ 296 unsigned char *compressed_buffer; 297 size_t compressed_buffer_size; 298 size_t compressed_buffer_remaining; 299 /* The offset of the ResourceFork where compressed data will 300 * be placed. */ 301 uint32_t compressed_rsrc_position; 302 uint32_t compressed_rsrc_position_v; 303 /* Buffer for uncompressed data. */ 304 char *uncompressed_buffer; 305 size_t block_remaining_bytes; 306 size_t file_remaining_bytes; 307 #ifdef HAVE_ZLIB_H 308 z_stream stream; 309 int stream_valid; 310 int decmpfs_compression_level; 311 #endif 312 }; 313 314 /* 315 * Default mode for dirs created automatically (will be modified by umask). 316 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified 317 * by the process' file creation mask." 318 */ 319 #define DEFAULT_DIR_MODE 0777 320 /* 321 * Dir modes are restored in two steps: During the extraction, the permissions 322 * in the archive are modified to match the following limits. During 323 * the post-extract fixup pass, the permissions from the archive are 324 * applied. 325 */ 326 #define MINIMUM_DIR_MODE 0700 327 #define MAXIMUM_DIR_MODE 0775 328 329 /* 330 * Maximum uncompressed size of a decmpfs block. 331 */ 332 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024) 333 /* 334 * HFS+ compression type. 335 */ 336 #define CMP_XATTR 3/* Compressed data in xattr. */ 337 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */ 338 /* 339 * HFS+ compression resource fork. 340 */ 341 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */ 342 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */ 343 /* Size to write compressed data to resource fork. */ 344 #define COMPRESSED_W_SIZE (64 * 1024) 345 /* decmpfs definitions. */ 346 #define MAX_DECMPFS_XATTR_SIZE 3802 347 #ifndef DECMPFS_XATTR_NAME 348 #define DECMPFS_XATTR_NAME "com.apple.decmpfs" 349 #endif 350 #define DECMPFS_MAGIC 0x636d7066 351 #define DECMPFS_COMPRESSION_MAGIC 0 352 #define DECMPFS_COMPRESSION_TYPE 4 353 #define DECMPFS_UNCOMPRESSED_SIZE 8 354 #define DECMPFS_HEADER_SIZE 16 355 356 #define HFS_BLOCKS(s) ((s) >> 12) 357 358 359 static int la_opendirat(int, const char *); 360 static int la_mktemp(struct archive_write_disk *); 361 static int la_verify_filetype(mode_t, __LA_MODE_T); 362 static void fsobj_error(int *, struct archive_string *, int, const char *, 363 const char *); 364 static int check_symlinks_fsobj(char *, int *, struct archive_string *, 365 int, int); 366 static int check_symlinks(struct archive_write_disk *); 367 static int create_filesystem_object(struct archive_write_disk *); 368 static struct fixup_entry *current_fixup(struct archive_write_disk *, 369 const char *pathname); 370 #if defined(HAVE_FCHDIR) && defined(PATH_MAX) 371 static void edit_deep_directories(struct archive_write_disk *ad); 372 #endif 373 static int cleanup_pathname_fsobj(char *, int *, struct archive_string *, 374 int); 375 static int cleanup_pathname(struct archive_write_disk *); 376 static int create_dir(struct archive_write_disk *, char *); 377 static int create_parent_dir(struct archive_write_disk *, char *); 378 static ssize_t hfs_write_data_block(struct archive_write_disk *, 379 const char *, size_t); 380 static int fixup_appledouble(struct archive_write_disk *, const char *); 381 static int older(struct stat *, struct archive_entry *); 382 static int restore_entry(struct archive_write_disk *); 383 static int set_mac_metadata(struct archive_write_disk *, const char *, 384 const void *, size_t); 385 static int set_xattrs(struct archive_write_disk *); 386 static int clear_nochange_fflags(struct archive_write_disk *); 387 static int set_fflags(struct archive_write_disk *); 388 static int set_fflags_platform(struct archive_write_disk *, int fd, 389 const char *name, mode_t mode, 390 unsigned long fflags_set, unsigned long fflags_clear); 391 static int set_ownership(struct archive_write_disk *); 392 static int set_mode(struct archive_write_disk *, int mode); 393 static int set_time(int, int, const char *, time_t, long, time_t, long); 394 static int set_times(struct archive_write_disk *, int, int, const char *, 395 time_t, long, time_t, long, time_t, long, time_t, long); 396 static int set_times_from_entry(struct archive_write_disk *); 397 static struct fixup_entry *sort_dir_list(struct fixup_entry *p); 398 static ssize_t write_data_block(struct archive_write_disk *, 399 const char *, size_t); 400 401 static int _archive_write_disk_close(struct archive *); 402 static int _archive_write_disk_free(struct archive *); 403 static int _archive_write_disk_header(struct archive *, 404 struct archive_entry *); 405 static int64_t _archive_write_disk_filter_bytes(struct archive *, int); 406 static int _archive_write_disk_finish_entry(struct archive *); 407 static ssize_t _archive_write_disk_data(struct archive *, const void *, 408 size_t); 409 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, 410 size_t, int64_t); 411 412 static int 413 la_mktemp(struct archive_write_disk *a) 414 { 415 int oerrno, fd; 416 mode_t mode; 417 418 archive_string_empty(&a->_tmpname_data); 419 archive_string_sprintf(&a->_tmpname_data, "%s.XXXXXX", a->name); 420 a->tmpname = a->_tmpname_data.s; 421 422 fd = __archive_mkstemp(a->tmpname); 423 if (fd == -1) 424 return -1; 425 426 mode = a->mode & 0777 & ~a->user_umask; 427 if (fchmod(fd, mode) == -1) { 428 oerrno = errno; 429 close(fd); 430 errno = oerrno; 431 return -1; 432 } 433 return fd; 434 } 435 436 static int 437 la_opendirat(int fd, const char *path) { 438 const int flags = O_CLOEXEC 439 #if defined(O_BINARY) 440 | O_BINARY 441 #endif 442 #if defined(O_DIRECTORY) 443 | O_DIRECTORY 444 #endif 445 #if defined(O_PATH) 446 | O_PATH 447 #elif defined(O_SEARCH) 448 | O_SEARCH 449 #elif defined(__FreeBSD__) && defined(O_EXEC) 450 | O_EXEC 451 #else 452 | O_RDONLY 453 #endif 454 ; 455 456 #if !defined(HAVE_OPENAT) 457 if (fd != AT_FDCWD) { 458 errno = ENOTSUP; 459 return (-1); 460 } else 461 return (open(path, flags)); 462 #else 463 return (openat(fd, path, flags)); 464 #endif 465 } 466 467 static int 468 la_verify_filetype(mode_t mode, __LA_MODE_T filetype) { 469 int ret = 0; 470 471 switch (filetype) { 472 case AE_IFREG: 473 ret = (S_ISREG(mode)); 474 break; 475 case AE_IFDIR: 476 ret = (S_ISDIR(mode)); 477 break; 478 case AE_IFLNK: 479 ret = (S_ISLNK(mode)); 480 break; 481 case AE_IFSOCK: 482 ret = (S_ISSOCK(mode)); 483 break; 484 case AE_IFCHR: 485 ret = (S_ISCHR(mode)); 486 break; 487 case AE_IFBLK: 488 ret = (S_ISBLK(mode)); 489 break; 490 case AE_IFIFO: 491 ret = (S_ISFIFO(mode)); 492 break; 493 default: 494 break; 495 } 496 497 return (ret); 498 } 499 500 static int 501 lazy_stat(struct archive_write_disk *a) 502 { 503 if (a->pst != NULL) { 504 /* Already have stat() data available. */ 505 return (ARCHIVE_OK); 506 } 507 #ifdef HAVE_FSTAT 508 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) { 509 a->pst = &a->st; 510 return (ARCHIVE_OK); 511 } 512 #endif 513 /* 514 * XXX At this point, symlinks should not be hit, otherwise 515 * XXX a race occurred. Do we want to check explicitly for that? 516 */ 517 if (lstat(a->name, &a->st) == 0) { 518 a->pst = &a->st; 519 return (ARCHIVE_OK); 520 } 521 archive_set_error(&a->archive, errno, "Couldn't stat file"); 522 return (ARCHIVE_WARN); 523 } 524 525 static const struct archive_vtable 526 archive_write_disk_vtable = { 527 .archive_close = _archive_write_disk_close, 528 .archive_filter_bytes = _archive_write_disk_filter_bytes, 529 .archive_free = _archive_write_disk_free, 530 .archive_write_header = _archive_write_disk_header, 531 .archive_write_finish_entry = _archive_write_disk_finish_entry, 532 .archive_write_data = _archive_write_disk_data, 533 .archive_write_data_block = _archive_write_disk_data_block, 534 }; 535 536 static int64_t 537 _archive_write_disk_filter_bytes(struct archive *_a, int n) 538 { 539 struct archive_write_disk *a = (struct archive_write_disk *)_a; 540 (void)n; /* UNUSED */ 541 if (n == -1 || n == 0) 542 return (a->total_bytes_written); 543 return (-1); 544 } 545 546 547 int 548 archive_write_disk_set_options(struct archive *_a, int flags) 549 { 550 struct archive_write_disk *a = (struct archive_write_disk *)_a; 551 552 a->flags = flags; 553 return (ARCHIVE_OK); 554 } 555 556 557 /* 558 * Extract this entry to disk. 559 * 560 * TODO: Validate hardlinks. According to the standards, we're 561 * supposed to check each extracted hardlink and squawk if it refers 562 * to a file that we didn't restore. I'm not entirely convinced this 563 * is a good idea, but more importantly: Is there any way to validate 564 * hardlinks without keeping a complete list of filenames from the 565 * entire archive?? Ugh. 566 * 567 */ 568 static int 569 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry) 570 { 571 struct archive_write_disk *a = (struct archive_write_disk *)_a; 572 struct fixup_entry *fe; 573 const char *linkname; 574 int ret, r; 575 576 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 577 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 578 "archive_write_disk_header"); 579 archive_clear_error(&a->archive); 580 if (a->archive.state & ARCHIVE_STATE_DATA) { 581 r = _archive_write_disk_finish_entry(&a->archive); 582 if (r == ARCHIVE_FATAL) 583 return (r); 584 } 585 586 /* Set up for this particular entry. */ 587 a->pst = NULL; 588 a->current_fixup = NULL; 589 a->deferred = 0; 590 if (a->entry) { 591 archive_entry_free(a->entry); 592 a->entry = NULL; 593 } 594 a->entry = archive_entry_clone(entry); 595 a->fd = -1; 596 a->fd_offset = 0; 597 a->offset = 0; 598 a->restore_pwd = -1; 599 a->uid = a->user_uid; 600 a->mode = archive_entry_mode(a->entry); 601 if (archive_entry_size_is_set(a->entry)) 602 a->filesize = archive_entry_size(a->entry); 603 else 604 a->filesize = -1; 605 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry)); 606 a->name = a->_name_data.s; 607 archive_clear_error(&a->archive); 608 609 /* 610 * Clean up the requested path. This is necessary for correct 611 * dir restores; the dir restore logic otherwise gets messed 612 * up by nonsense like "dir/.". 613 */ 614 ret = cleanup_pathname(a); 615 if (ret != ARCHIVE_OK) 616 return (ret); 617 618 /* 619 * Check if we have a hardlink that points to itself. 620 */ 621 linkname = archive_entry_hardlink(a->entry); 622 if (linkname != NULL && strcmp(a->name, linkname) == 0) { 623 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 624 "Skipping hardlink pointing to itself: %s", 625 a->name); 626 return (ARCHIVE_WARN); 627 } 628 629 /* 630 * Query the umask so we get predictable mode settings. 631 * This gets done on every call to _write_header in case the 632 * user edits their umask during the extraction for some 633 * reason. 634 */ 635 umask(a->user_umask = umask(0)); 636 637 /* Figure out what we need to do for this entry. */ 638 a->todo = TODO_MODE_BASE; 639 if (a->flags & ARCHIVE_EXTRACT_PERM) { 640 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */ 641 /* 642 * SGID requires an extra "check" step because we 643 * cannot easily predict the GID that the system will 644 * assign. (Different systems assign GIDs to files 645 * based on a variety of criteria, including process 646 * credentials and the gid of the enclosing 647 * directory.) We can only restore the SGID bit if 648 * the file has the right GID, and we only know the 649 * GID if we either set it (see set_ownership) or if 650 * we've actually called stat() on the file after it 651 * was restored. Since there are several places at 652 * which we might verify the GID, we need a TODO bit 653 * to keep track. 654 */ 655 if (a->mode & S_ISGID) 656 a->todo |= TODO_SGID | TODO_SGID_CHECK; 657 /* 658 * Verifying the SUID is simpler, but can still be 659 * done in multiple ways, hence the separate "check" bit. 660 */ 661 if (a->mode & S_ISUID) 662 a->todo |= TODO_SUID | TODO_SUID_CHECK; 663 } else { 664 /* 665 * User didn't request full permissions, so don't 666 * restore SUID, SGID bits and obey umask. 667 */ 668 a->mode &= ~S_ISUID; 669 a->mode &= ~S_ISGID; 670 a->mode &= ~S_ISVTX; 671 a->mode &= ~a->user_umask; 672 } 673 if (a->flags & ARCHIVE_EXTRACT_OWNER) 674 a->todo |= TODO_OWNER; 675 if (a->flags & ARCHIVE_EXTRACT_TIME) 676 a->todo |= TODO_TIMES; 677 if (a->flags & ARCHIVE_EXTRACT_ACL) { 678 #if ARCHIVE_ACL_DARWIN 679 /* 680 * On MacOS, platform ACLs get stored in mac_metadata, too. 681 * If we intend to extract mac_metadata and it is present 682 * we skip extracting libarchive NFSv4 ACLs. 683 */ 684 size_t metadata_size; 685 686 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 687 archive_entry_mac_metadata(a->entry, 688 &metadata_size) == NULL || metadata_size == 0) 689 #endif 690 #if ARCHIVE_ACL_LIBRICHACL 691 /* 692 * RichACLs are stored in an extended attribute. 693 * If we intend to extract extended attributes and have this 694 * attribute we skip extracting libarchive NFSv4 ACLs. 695 */ 696 short extract_acls = 1; 697 if (a->flags & ARCHIVE_EXTRACT_XATTR && ( 698 archive_entry_acl_types(a->entry) & 699 ARCHIVE_ENTRY_ACL_TYPE_NFS4)) { 700 const char *attr_name; 701 const void *attr_value; 702 size_t attr_size; 703 int i = archive_entry_xattr_reset(a->entry); 704 while (i--) { 705 archive_entry_xattr_next(a->entry, &attr_name, 706 &attr_value, &attr_size); 707 if (attr_name != NULL && attr_value != NULL && 708 attr_size > 0 && strcmp(attr_name, 709 "trusted.richacl") == 0) { 710 extract_acls = 0; 711 break; 712 } 713 } 714 } 715 if (extract_acls) 716 #endif 717 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 718 { 719 #endif 720 if (archive_entry_filetype(a->entry) == AE_IFDIR) 721 a->deferred |= TODO_ACLS; 722 else 723 a->todo |= TODO_ACLS; 724 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL 725 } 726 #endif 727 } 728 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) { 729 if (archive_entry_filetype(a->entry) == AE_IFDIR) 730 a->deferred |= TODO_MAC_METADATA; 731 else 732 a->todo |= TODO_MAC_METADATA; 733 } 734 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 735 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) { 736 unsigned long set, clear; 737 archive_entry_fflags(a->entry, &set, &clear); 738 if ((set & ~clear) & UF_COMPRESSED) { 739 a->todo |= TODO_HFS_COMPRESSION; 740 a->decmpfs_block_count = (unsigned)-1; 741 } 742 } 743 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 && 744 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) { 745 a->todo |= TODO_HFS_COMPRESSION; 746 a->decmpfs_block_count = (unsigned)-1; 747 } 748 { 749 const char *p; 750 751 /* Check if the current file name is a type of the 752 * resource fork file. */ 753 p = strrchr(a->name, '/'); 754 if (p == NULL) 755 p = a->name; 756 else 757 p++; 758 if (p[0] == '.' && p[1] == '_') { 759 /* Do not compress "._XXX" files. */ 760 a->todo &= ~TODO_HFS_COMPRESSION; 761 if (a->filesize > 0) 762 a->todo |= TODO_APPLEDOUBLE; 763 } 764 } 765 #endif 766 767 if (a->flags & ARCHIVE_EXTRACT_XATTR) { 768 #if ARCHIVE_XATTR_DARWIN 769 /* 770 * On MacOS, extended attributes get stored in mac_metadata, 771 * too. If we intend to extract mac_metadata and it is present 772 * we skip extracting extended attributes. 773 */ 774 size_t metadata_size; 775 776 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 || 777 archive_entry_mac_metadata(a->entry, 778 &metadata_size) == NULL || metadata_size == 0) 779 #endif 780 a->todo |= TODO_XATTR; 781 } 782 if (a->flags & ARCHIVE_EXTRACT_FFLAGS) 783 a->todo |= TODO_FFLAGS; 784 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) { 785 ret = check_symlinks(a); 786 if (ret != ARCHIVE_OK) 787 return (ret); 788 } 789 #if defined(HAVE_FCHDIR) && defined(PATH_MAX) 790 /* If path exceeds PATH_MAX, shorten the path. */ 791 edit_deep_directories(a); 792 #endif 793 794 ret = restore_entry(a); 795 796 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 797 /* 798 * Check if the filesystem the file is restoring on supports 799 * HFS+ Compression. If not, cancel HFS+ Compression. 800 */ 801 if (a->todo | TODO_HFS_COMPRESSION) { 802 /* 803 * NOTE: UF_COMPRESSED is ignored even if the filesystem 804 * supports HFS+ Compression because the file should 805 * have at least an extended attribute "com.apple.decmpfs" 806 * before the flag is set to indicate that the file have 807 * been compressed. If the filesystem does not support 808 * HFS+ Compression the system call will fail. 809 */ 810 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0) 811 a->todo &= ~TODO_HFS_COMPRESSION; 812 } 813 #endif 814 815 /* 816 * TODO: There are rumours that some extended attributes must 817 * be restored before file data is written. If this is true, 818 * then we either need to write all extended attributes both 819 * before and after restoring the data, or find some rule for 820 * determining which must go first and which last. Due to the 821 * many ways people are using xattrs, this may prove to be an 822 * intractable problem. 823 */ 824 825 #ifdef HAVE_FCHDIR 826 /* If we changed directory above, restore it here. */ 827 if (a->restore_pwd >= 0) { 828 r = fchdir(a->restore_pwd); 829 if (r != 0) { 830 archive_set_error(&a->archive, errno, 831 "chdir() failure"); 832 ret = ARCHIVE_FATAL; 833 } 834 close(a->restore_pwd); 835 a->restore_pwd = -1; 836 } 837 #endif 838 839 /* 840 * Fixup uses the unedited pathname from archive_entry_pathname(), 841 * because it is relative to the base dir and the edited path 842 * might be relative to some intermediate dir as a result of the 843 * deep restore logic. 844 */ 845 if (a->deferred & TODO_MODE) { 846 fe = current_fixup(a, archive_entry_pathname(entry)); 847 if (fe == NULL) 848 return (ARCHIVE_FATAL); 849 fe->filetype = archive_entry_filetype(entry); 850 fe->fixup |= TODO_MODE_BASE; 851 fe->mode = a->mode; 852 } 853 854 if ((a->deferred & TODO_TIMES) 855 && (archive_entry_mtime_is_set(entry) 856 || archive_entry_atime_is_set(entry))) { 857 fe = current_fixup(a, archive_entry_pathname(entry)); 858 if (fe == NULL) 859 return (ARCHIVE_FATAL); 860 fe->filetype = archive_entry_filetype(entry); 861 fe->mode = a->mode; 862 fe->fixup |= TODO_TIMES; 863 if (archive_entry_atime_is_set(entry)) { 864 fe->atime = archive_entry_atime(entry); 865 fe->atime_nanos = archive_entry_atime_nsec(entry); 866 } else { 867 /* If atime is unset, use start time. */ 868 fe->atime = a->start_time; 869 fe->atime_nanos = 0; 870 } 871 if (archive_entry_mtime_is_set(entry)) { 872 fe->mtime = archive_entry_mtime(entry); 873 fe->mtime_nanos = archive_entry_mtime_nsec(entry); 874 } else { 875 /* If mtime is unset, use start time. */ 876 fe->mtime = a->start_time; 877 fe->mtime_nanos = 0; 878 } 879 if (archive_entry_birthtime_is_set(entry)) { 880 fe->birthtime = archive_entry_birthtime(entry); 881 fe->birthtime_nanos = archive_entry_birthtime_nsec( 882 entry); 883 } else { 884 /* If birthtime is unset, use mtime. */ 885 fe->birthtime = fe->mtime; 886 fe->birthtime_nanos = fe->mtime_nanos; 887 } 888 } 889 890 if (a->deferred & TODO_ACLS) { 891 fe = current_fixup(a, archive_entry_pathname(entry)); 892 if (fe == NULL) 893 return (ARCHIVE_FATAL); 894 fe->filetype = archive_entry_filetype(entry); 895 fe->fixup |= TODO_ACLS; 896 archive_acl_copy(&fe->acl, archive_entry_acl(entry)); 897 } 898 899 if (a->deferred & TODO_MAC_METADATA) { 900 const void *metadata; 901 size_t metadata_size; 902 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 903 if (metadata != NULL && metadata_size > 0) { 904 fe = current_fixup(a, archive_entry_pathname(entry)); 905 if (fe == NULL) 906 return (ARCHIVE_FATAL); 907 fe->filetype = archive_entry_filetype(entry); 908 fe->mac_metadata = malloc(metadata_size); 909 if (fe->mac_metadata != NULL) { 910 memcpy(fe->mac_metadata, metadata, 911 metadata_size); 912 fe->mac_metadata_size = metadata_size; 913 fe->fixup |= TODO_MAC_METADATA; 914 } 915 } 916 } 917 918 if (a->deferred & TODO_FFLAGS) { 919 fe = current_fixup(a, archive_entry_pathname(entry)); 920 if (fe == NULL) 921 return (ARCHIVE_FATAL); 922 fe->filetype = archive_entry_filetype(entry); 923 fe->fixup |= TODO_FFLAGS; 924 /* TODO: Complete this.. defer fflags from below. */ 925 } 926 927 /* We've created the object and are ready to pour data into it. */ 928 if (ret >= ARCHIVE_WARN) 929 a->archive.state = ARCHIVE_STATE_DATA; 930 /* 931 * If it's not open, tell our client not to try writing. 932 * In particular, dirs, links, etc, don't get written to. 933 */ 934 if (a->fd < 0) { 935 archive_entry_set_size(entry, 0); 936 a->filesize = 0; 937 } 938 939 return (ret); 940 } 941 942 int 943 archive_write_disk_set_skip_file(struct archive *_a, la_int64_t d, la_int64_t i) 944 { 945 struct archive_write_disk *a = (struct archive_write_disk *)_a; 946 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 947 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file"); 948 a->skip_file_set = 1; 949 a->skip_file_dev = d; 950 a->skip_file_ino = i; 951 return (ARCHIVE_OK); 952 } 953 954 static ssize_t 955 write_data_block(struct archive_write_disk *a, const char *buff, size_t size) 956 { 957 uint64_t start_size = size; 958 ssize_t bytes_written = 0; 959 ssize_t block_size = 0, bytes_to_write; 960 961 if (size == 0) 962 return (ARCHIVE_OK); 963 964 if (a->filesize == 0 || a->fd < 0) { 965 archive_set_error(&a->archive, 0, 966 "Attempt to write to an empty file"); 967 return (ARCHIVE_WARN); 968 } 969 970 if (a->flags & ARCHIVE_EXTRACT_SPARSE) { 971 #if HAVE_STRUCT_STAT_ST_BLKSIZE 972 int r; 973 if ((r = lazy_stat(a)) != ARCHIVE_OK) 974 return (r); 975 block_size = a->pst->st_blksize; 976 #else 977 /* XXX TODO XXX Is there a more appropriate choice here ? */ 978 /* This needn't match the filesystem allocation size. */ 979 block_size = 16*1024; 980 #endif 981 } 982 983 /* If this write would run beyond the file size, truncate it. */ 984 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 985 start_size = size = (size_t)(a->filesize - a->offset); 986 987 /* Write the data. */ 988 while (size > 0) { 989 if (block_size == 0) { 990 bytes_to_write = size; 991 } else { 992 /* We're sparsifying the file. */ 993 const char *p, *end; 994 int64_t block_end; 995 996 /* Skip leading zero bytes. */ 997 for (p = buff, end = buff + size; p < end; ++p) { 998 if (*p != '\0') 999 break; 1000 } 1001 a->offset += p - buff; 1002 size -= p - buff; 1003 buff = p; 1004 if (size == 0) 1005 break; 1006 1007 /* Calculate next block boundary after offset. */ 1008 block_end 1009 = (a->offset / block_size + 1) * block_size; 1010 1011 /* If the adjusted write would cross block boundary, 1012 * truncate it to the block boundary. */ 1013 bytes_to_write = size; 1014 if (a->offset + bytes_to_write > block_end) 1015 bytes_to_write = block_end - a->offset; 1016 } 1017 /* Seek if necessary to the specified offset. */ 1018 if (a->offset != a->fd_offset) { 1019 if (lseek(a->fd, a->offset, SEEK_SET) < 0) { 1020 archive_set_error(&a->archive, errno, 1021 "Seek failed"); 1022 return (ARCHIVE_FATAL); 1023 } 1024 a->fd_offset = a->offset; 1025 } 1026 bytes_written = write(a->fd, buff, bytes_to_write); 1027 if (bytes_written < 0) { 1028 archive_set_error(&a->archive, errno, "Write failed"); 1029 return (ARCHIVE_WARN); 1030 } 1031 buff += bytes_written; 1032 size -= bytes_written; 1033 a->total_bytes_written += bytes_written; 1034 a->offset += bytes_written; 1035 a->fd_offset = a->offset; 1036 } 1037 return (start_size - size); 1038 } 1039 1040 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 1041 && defined(HAVE_ZLIB_H) 1042 1043 /* 1044 * Set UF_COMPRESSED file flag. 1045 * This have to be called after hfs_write_decmpfs() because if the 1046 * file does not have "com.apple.decmpfs" xattr the flag is ignored. 1047 */ 1048 static int 1049 hfs_set_compressed_fflag(struct archive_write_disk *a) 1050 { 1051 int r; 1052 1053 if ((r = lazy_stat(a)) != ARCHIVE_OK) 1054 return (r); 1055 1056 a->st.st_flags |= UF_COMPRESSED; 1057 if (fchflags(a->fd, a->st.st_flags) != 0) { 1058 archive_set_error(&a->archive, errno, 1059 "Failed to set UF_COMPRESSED file flag"); 1060 return (ARCHIVE_WARN); 1061 } 1062 return (ARCHIVE_OK); 1063 } 1064 1065 /* 1066 * HFS+ Compression decmpfs 1067 * 1068 * +------------------------------+ +0 1069 * | Magic(LE 4 bytes) | 1070 * +------------------------------+ 1071 * | Type(LE 4 bytes) | 1072 * +------------------------------+ 1073 * | Uncompressed size(LE 8 bytes)| 1074 * +------------------------------+ +16 1075 * | | 1076 * | Compressed data | 1077 * | (Placed only if Type == 3) | 1078 * | | 1079 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE 1080 * 1081 * Type is 3: decmpfs has compressed data. 1082 * Type is 4: Resource Fork has compressed data. 1083 */ 1084 /* 1085 * Write "com.apple.decmpfs" 1086 */ 1087 static int 1088 hfs_write_decmpfs(struct archive_write_disk *a) 1089 { 1090 int r; 1091 uint32_t compression_type; 1092 1093 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p, 1094 a->decmpfs_attr_size, 0, 0); 1095 if (r < 0) { 1096 archive_set_error(&a->archive, errno, 1097 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME); 1098 compression_type = archive_le32dec( 1099 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]); 1100 if (compression_type == CMP_RESOURCE_FORK) 1101 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 1102 XATTR_SHOWCOMPRESSION); 1103 return (ARCHIVE_WARN); 1104 } 1105 return (ARCHIVE_OK); 1106 } 1107 1108 /* 1109 * HFS+ Compression Resource Fork 1110 * 1111 * +-----------------------------+ 1112 * | Header(260 bytes) | 1113 * +-----------------------------+ 1114 * | Block count(LE 4 bytes) | 1115 * +-----------------------------+ --+ 1116 * +-- | Offset (LE 4 bytes) | | 1117 * | | [distance from Block count] | | Block 0 1118 * | +-----------------------------+ | 1119 * | | Compressed size(LE 4 bytes) | | 1120 * | +-----------------------------+ --+ 1121 * | | | 1122 * | | .................. | 1123 * | | | 1124 * | +-----------------------------+ --+ 1125 * | | Offset (LE 4 bytes) | | 1126 * | +-----------------------------+ | Block (Block count -1) 1127 * | | Compressed size(LE 4 bytes) | | 1128 * +-> +-----------------------------+ --+ 1129 * | Compressed data(n bytes) | Block 0 1130 * +-----------------------------+ 1131 * | | 1132 * | .................. | 1133 * | | 1134 * +-----------------------------+ 1135 * | Compressed data(n bytes) | Block (Block count -1) 1136 * +-----------------------------+ 1137 * | Footer(50 bytes) | 1138 * +-----------------------------+ 1139 * 1140 */ 1141 /* 1142 * Write the header of "com.apple.ResourceFork" 1143 */ 1144 static int 1145 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff, 1146 size_t bytes, uint32_t position) 1147 { 1148 int ret; 1149 1150 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes, 1151 position, a->rsrc_xattr_options); 1152 if (ret < 0) { 1153 archive_set_error(&a->archive, errno, 1154 "Cannot restore xattr: %s at %u pos %u bytes", 1155 XATTR_RESOURCEFORK_NAME, 1156 (unsigned)position, 1157 (unsigned)bytes); 1158 return (ARCHIVE_WARN); 1159 } 1160 a->rsrc_xattr_options &= ~XATTR_CREATE; 1161 return (ARCHIVE_OK); 1162 } 1163 1164 static int 1165 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed) 1166 { 1167 int ret; 1168 1169 ret = hfs_write_resource_fork(a, a->compressed_buffer, 1170 bytes_compressed, a->compressed_rsrc_position); 1171 if (ret == ARCHIVE_OK) 1172 a->compressed_rsrc_position += bytes_compressed; 1173 return (ret); 1174 } 1175 1176 static int 1177 hfs_write_resource_fork_header(struct archive_write_disk *a) 1178 { 1179 unsigned char *buff; 1180 uint32_t rsrc_bytes; 1181 uint32_t rsrc_header_bytes; 1182 1183 /* 1184 * Write resource fork header + block info. 1185 */ 1186 buff = a->resource_fork; 1187 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE; 1188 rsrc_header_bytes = 1189 RSRC_H_SIZE + /* Header base size. */ 1190 4 + /* Block count. */ 1191 (a->decmpfs_block_count * 8);/* Block info */ 1192 archive_be32enc(buff, 0x100); 1193 archive_be32enc(buff + 4, rsrc_bytes); 1194 archive_be32enc(buff + 8, rsrc_bytes - 256); 1195 archive_be32enc(buff + 12, 0x32); 1196 memset(buff + 16, 0, 240); 1197 archive_be32enc(buff + 256, rsrc_bytes - 260); 1198 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0); 1199 } 1200 1201 static size_t 1202 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size) 1203 { 1204 static const char rsrc_footer[RSRC_F_SIZE] = { 1205 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1206 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1207 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1208 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm', 1209 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01, 1210 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 1211 0x00, 0x00 1212 }; 1213 if (buff_size < sizeof(rsrc_footer)) 1214 return (0); 1215 memcpy(buff, rsrc_footer, sizeof(rsrc_footer)); 1216 return (sizeof(rsrc_footer)); 1217 } 1218 1219 static int 1220 hfs_reset_compressor(struct archive_write_disk *a) 1221 { 1222 int ret; 1223 1224 if (a->stream_valid) 1225 ret = deflateReset(&a->stream); 1226 else 1227 ret = deflateInit(&a->stream, a->decmpfs_compression_level); 1228 1229 if (ret != Z_OK) { 1230 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1231 "Failed to initialize compressor"); 1232 return (ARCHIVE_FATAL); 1233 } else 1234 a->stream_valid = 1; 1235 1236 return (ARCHIVE_OK); 1237 } 1238 1239 static int 1240 hfs_decompress(struct archive_write_disk *a) 1241 { 1242 uint32_t *block_info; 1243 unsigned int block_count; 1244 uint32_t data_pos, data_size; 1245 ssize_t r; 1246 ssize_t bytes_written, bytes_to_write; 1247 unsigned char *b; 1248 1249 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1250 block_count = archive_le32dec(block_info++); 1251 while (block_count--) { 1252 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++); 1253 data_size = archive_le32dec(block_info++); 1254 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME, 1255 a->compressed_buffer, data_size, data_pos, 0); 1256 if (r != data_size) { 1257 archive_set_error(&a->archive, 1258 (r < 0)?errno:ARCHIVE_ERRNO_MISC, 1259 "Failed to read resource fork"); 1260 return (ARCHIVE_WARN); 1261 } 1262 if (a->compressed_buffer[0] == 0xff) { 1263 bytes_to_write = data_size -1; 1264 b = a->compressed_buffer + 1; 1265 } else { 1266 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE; 1267 int zr; 1268 1269 zr = uncompress((Bytef *)a->uncompressed_buffer, 1270 &dest_len, a->compressed_buffer, data_size); 1271 if (zr != Z_OK) { 1272 archive_set_error(&a->archive, 1273 ARCHIVE_ERRNO_MISC, 1274 "Failed to decompress resource fork"); 1275 return (ARCHIVE_WARN); 1276 } 1277 bytes_to_write = dest_len; 1278 b = (unsigned char *)a->uncompressed_buffer; 1279 } 1280 do { 1281 bytes_written = write(a->fd, b, bytes_to_write); 1282 if (bytes_written < 0) { 1283 archive_set_error(&a->archive, errno, 1284 "Write failed"); 1285 return (ARCHIVE_WARN); 1286 } 1287 bytes_to_write -= bytes_written; 1288 b += bytes_written; 1289 } while (bytes_to_write > 0); 1290 } 1291 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0); 1292 if (r == -1) { 1293 archive_set_error(&a->archive, errno, 1294 "Failed to remove resource fork"); 1295 return (ARCHIVE_WARN); 1296 } 1297 return (ARCHIVE_OK); 1298 } 1299 1300 static int 1301 hfs_drive_compressor(struct archive_write_disk *a, const char *buff, 1302 size_t size) 1303 { 1304 unsigned char *buffer_compressed; 1305 size_t bytes_compressed; 1306 size_t bytes_used; 1307 int ret; 1308 1309 ret = hfs_reset_compressor(a); 1310 if (ret != ARCHIVE_OK) 1311 return (ret); 1312 1313 if (a->compressed_buffer == NULL) { 1314 size_t block_size; 1315 1316 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE + 1317 + compressBound(MAX_DECMPFS_BLOCK_SIZE); 1318 a->compressed_buffer = malloc(block_size); 1319 if (a->compressed_buffer == NULL) { 1320 archive_set_error(&a->archive, ENOMEM, 1321 "Can't allocate memory for Resource Fork"); 1322 return (ARCHIVE_FATAL); 1323 } 1324 a->compressed_buffer_size = block_size; 1325 a->compressed_buffer_remaining = block_size; 1326 } 1327 1328 buffer_compressed = a->compressed_buffer + 1329 a->compressed_buffer_size - a->compressed_buffer_remaining; 1330 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff; 1331 a->stream.avail_in = size; 1332 a->stream.next_out = buffer_compressed; 1333 a->stream.avail_out = a->compressed_buffer_remaining; 1334 do { 1335 ret = deflate(&a->stream, Z_FINISH); 1336 switch (ret) { 1337 case Z_OK: 1338 case Z_STREAM_END: 1339 break; 1340 default: 1341 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1342 "Failed to compress data"); 1343 return (ARCHIVE_FAILED); 1344 } 1345 } while (ret == Z_OK); 1346 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out; 1347 1348 /* 1349 * If the compressed size is larger than the original size, 1350 * throw away compressed data, use uncompressed data instead. 1351 */ 1352 if (bytes_compressed > size) { 1353 buffer_compressed[0] = 0xFF;/* uncompressed marker. */ 1354 memcpy(buffer_compressed + 1, buff, size); 1355 bytes_compressed = size + 1; 1356 } 1357 a->compressed_buffer_remaining -= bytes_compressed; 1358 1359 /* 1360 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE 1361 * and the block count in the file is only one, store compressed 1362 * data to decmpfs xattr instead of the resource fork. 1363 */ 1364 if (a->decmpfs_block_count == 1 && 1365 (a->decmpfs_attr_size + bytes_compressed) 1366 <= MAX_DECMPFS_XATTR_SIZE) { 1367 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1368 CMP_XATTR); 1369 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE, 1370 buffer_compressed, bytes_compressed); 1371 a->decmpfs_attr_size += bytes_compressed; 1372 a->compressed_buffer_remaining = a->compressed_buffer_size; 1373 /* 1374 * Finish HFS+ Compression. 1375 * - Write the decmpfs xattr. 1376 * - Set the UF_COMPRESSED file flag. 1377 */ 1378 ret = hfs_write_decmpfs(a); 1379 if (ret == ARCHIVE_OK) 1380 ret = hfs_set_compressed_fflag(a); 1381 return (ret); 1382 } 1383 1384 /* Update block info. */ 1385 archive_le32enc(a->decmpfs_block_info++, 1386 a->compressed_rsrc_position_v - RSRC_H_SIZE); 1387 archive_le32enc(a->decmpfs_block_info++, bytes_compressed); 1388 a->compressed_rsrc_position_v += bytes_compressed; 1389 1390 /* 1391 * Write the compressed data to the resource fork. 1392 */ 1393 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining; 1394 while (bytes_used >= COMPRESSED_W_SIZE) { 1395 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE); 1396 if (ret != ARCHIVE_OK) 1397 return (ret); 1398 bytes_used -= COMPRESSED_W_SIZE; 1399 if (bytes_used > COMPRESSED_W_SIZE) 1400 memmove(a->compressed_buffer, 1401 a->compressed_buffer + COMPRESSED_W_SIZE, 1402 bytes_used); 1403 else 1404 memcpy(a->compressed_buffer, 1405 a->compressed_buffer + COMPRESSED_W_SIZE, 1406 bytes_used); 1407 } 1408 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used; 1409 1410 /* 1411 * If the current block is the last block, write the remaining 1412 * compressed data and the resource fork footer. 1413 */ 1414 if (a->file_remaining_bytes == 0) { 1415 size_t rsrc_size; 1416 int64_t bk; 1417 1418 /* Append the resource footer. */ 1419 rsrc_size = hfs_set_resource_fork_footer( 1420 a->compressed_buffer + bytes_used, 1421 a->compressed_buffer_remaining); 1422 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size); 1423 a->compressed_buffer_remaining = a->compressed_buffer_size; 1424 1425 /* If the compressed size is not enough smaller than 1426 * the uncompressed size. cancel HFS+ compression. 1427 * TODO: study a behavior of ditto utility and improve 1428 * the condition to fall back into no HFS+ compression. */ 1429 bk = HFS_BLOCKS(a->compressed_rsrc_position); 1430 bk += bk >> 7; 1431 if (bk > HFS_BLOCKS(a->filesize)) 1432 return hfs_decompress(a); 1433 /* 1434 * Write the resourcefork header. 1435 */ 1436 if (ret == ARCHIVE_OK) 1437 ret = hfs_write_resource_fork_header(a); 1438 /* 1439 * Finish HFS+ Compression. 1440 * - Write the decmpfs xattr. 1441 * - Set the UF_COMPRESSED file flag. 1442 */ 1443 if (ret == ARCHIVE_OK) 1444 ret = hfs_write_decmpfs(a); 1445 if (ret == ARCHIVE_OK) 1446 ret = hfs_set_compressed_fflag(a); 1447 } 1448 return (ret); 1449 } 1450 1451 static ssize_t 1452 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff, 1453 size_t size) 1454 { 1455 const char *buffer_to_write; 1456 size_t bytes_to_write; 1457 int ret; 1458 1459 if (a->decmpfs_block_count == (unsigned)-1) { 1460 void *new_block; 1461 size_t new_size; 1462 unsigned int block_count; 1463 1464 if (a->decmpfs_header_p == NULL) { 1465 new_block = malloc(MAX_DECMPFS_XATTR_SIZE 1466 + sizeof(uint32_t)); 1467 if (new_block == NULL) { 1468 archive_set_error(&a->archive, ENOMEM, 1469 "Can't allocate memory for decmpfs"); 1470 return (ARCHIVE_FATAL); 1471 } 1472 a->decmpfs_header_p = new_block; 1473 } 1474 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE; 1475 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC], 1476 DECMPFS_MAGIC); 1477 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE], 1478 CMP_RESOURCE_FORK); 1479 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE], 1480 a->filesize); 1481 1482 /* Calculate a block count of the file. */ 1483 block_count = 1484 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) / 1485 MAX_DECMPFS_BLOCK_SIZE; 1486 /* 1487 * Allocate buffer for resource fork. 1488 * Set up related pointers; 1489 */ 1490 new_size = 1491 RSRC_H_SIZE + /* header */ 1492 4 + /* Block count */ 1493 (block_count * sizeof(uint32_t) * 2) + 1494 RSRC_F_SIZE; /* footer */ 1495 if (new_size > a->resource_fork_allocated_size) { 1496 new_block = realloc(a->resource_fork, new_size); 1497 if (new_block == NULL) { 1498 archive_set_error(&a->archive, ENOMEM, 1499 "Can't allocate memory for ResourceFork"); 1500 return (ARCHIVE_FATAL); 1501 } 1502 a->resource_fork_allocated_size = new_size; 1503 a->resource_fork = new_block; 1504 } 1505 1506 /* Allocate uncompressed buffer */ 1507 if (a->uncompressed_buffer == NULL) { 1508 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE); 1509 if (new_block == NULL) { 1510 archive_set_error(&a->archive, ENOMEM, 1511 "Can't allocate memory for decmpfs"); 1512 return (ARCHIVE_FATAL); 1513 } 1514 a->uncompressed_buffer = new_block; 1515 } 1516 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1517 a->file_remaining_bytes = a->filesize; 1518 a->compressed_buffer_remaining = a->compressed_buffer_size; 1519 1520 /* 1521 * Set up a resource fork. 1522 */ 1523 a->rsrc_xattr_options = XATTR_CREATE; 1524 /* Get the position where we are going to set a bunch 1525 * of block info. */ 1526 a->decmpfs_block_info = 1527 (uint32_t *)(a->resource_fork + RSRC_H_SIZE); 1528 /* Set the block count to the resource fork. */ 1529 archive_le32enc(a->decmpfs_block_info++, block_count); 1530 /* Get the position where we are going to set compressed 1531 * data. */ 1532 a->compressed_rsrc_position = 1533 RSRC_H_SIZE + 4 + (block_count * 8); 1534 a->compressed_rsrc_position_v = a->compressed_rsrc_position; 1535 a->decmpfs_block_count = block_count; 1536 } 1537 1538 /* Ignore redundant bytes. */ 1539 if (a->file_remaining_bytes == 0) 1540 return ((ssize_t)size); 1541 1542 /* Do not overrun a block size. */ 1543 if (size > a->block_remaining_bytes) 1544 bytes_to_write = a->block_remaining_bytes; 1545 else 1546 bytes_to_write = size; 1547 /* Do not overrun the file size. */ 1548 if (bytes_to_write > a->file_remaining_bytes) 1549 bytes_to_write = a->file_remaining_bytes; 1550 1551 /* For efficiency, if a copy length is full of the uncompressed 1552 * buffer size, do not copy writing data to it. */ 1553 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE) 1554 buffer_to_write = buff; 1555 else { 1556 memcpy(a->uncompressed_buffer + 1557 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes, 1558 buff, bytes_to_write); 1559 buffer_to_write = a->uncompressed_buffer; 1560 } 1561 a->block_remaining_bytes -= bytes_to_write; 1562 a->file_remaining_bytes -= bytes_to_write; 1563 1564 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) { 1565 ret = hfs_drive_compressor(a, buffer_to_write, 1566 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes); 1567 if (ret < 0) 1568 return (ret); 1569 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE; 1570 } 1571 /* Ignore redundant bytes. */ 1572 if (a->file_remaining_bytes == 0) 1573 return ((ssize_t)size); 1574 return (bytes_to_write); 1575 } 1576 1577 static ssize_t 1578 hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1579 size_t size) 1580 { 1581 uint64_t start_size = size; 1582 ssize_t bytes_written = 0; 1583 ssize_t bytes_to_write; 1584 1585 if (size == 0) 1586 return (ARCHIVE_OK); 1587 1588 if (a->filesize == 0 || a->fd < 0) { 1589 archive_set_error(&a->archive, 0, 1590 "Attempt to write to an empty file"); 1591 return (ARCHIVE_WARN); 1592 } 1593 1594 /* If this write would run beyond the file size, truncate it. */ 1595 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize) 1596 start_size = size = (size_t)(a->filesize - a->offset); 1597 1598 /* Write the data. */ 1599 while (size > 0) { 1600 bytes_to_write = size; 1601 /* Seek if necessary to the specified offset. */ 1602 if (a->offset < a->fd_offset) { 1603 /* Can't support backward move. */ 1604 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 1605 "Seek failed"); 1606 return (ARCHIVE_FATAL); 1607 } else if (a->offset > a->fd_offset) { 1608 int64_t skip = a->offset - a->fd_offset; 1609 char nullblock[1024]; 1610 1611 memset(nullblock, 0, sizeof(nullblock)); 1612 while (skip > 0) { 1613 if (skip > (int64_t)sizeof(nullblock)) 1614 bytes_written = hfs_write_decmpfs_block( 1615 a, nullblock, sizeof(nullblock)); 1616 else 1617 bytes_written = hfs_write_decmpfs_block( 1618 a, nullblock, skip); 1619 if (bytes_written < 0) { 1620 archive_set_error(&a->archive, errno, 1621 "Write failed"); 1622 return (ARCHIVE_WARN); 1623 } 1624 skip -= bytes_written; 1625 } 1626 1627 a->fd_offset = a->offset; 1628 } 1629 bytes_written = 1630 hfs_write_decmpfs_block(a, buff, bytes_to_write); 1631 if (bytes_written < 0) 1632 return (bytes_written); 1633 buff += bytes_written; 1634 size -= bytes_written; 1635 a->total_bytes_written += bytes_written; 1636 a->offset += bytes_written; 1637 a->fd_offset = a->offset; 1638 } 1639 return (start_size - size); 1640 } 1641 #else 1642 static ssize_t 1643 hfs_write_data_block(struct archive_write_disk *a, const char *buff, 1644 size_t size) 1645 { 1646 return (write_data_block(a, buff, size)); 1647 } 1648 #endif 1649 1650 static ssize_t 1651 _archive_write_disk_data_block(struct archive *_a, 1652 const void *buff, size_t size, int64_t offset) 1653 { 1654 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1655 ssize_t r; 1656 1657 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1658 ARCHIVE_STATE_DATA, "archive_write_data_block"); 1659 1660 a->offset = offset; 1661 if (a->todo & TODO_HFS_COMPRESSION) 1662 r = hfs_write_data_block(a, buff, size); 1663 else 1664 r = write_data_block(a, buff, size); 1665 if (r < ARCHIVE_OK) 1666 return (r); 1667 if ((size_t)r < size) { 1668 archive_set_error(&a->archive, 0, 1669 "Too much data: Truncating file at %ju bytes", 1670 (uintmax_t)a->filesize); 1671 return (ARCHIVE_WARN); 1672 } 1673 #if ARCHIVE_VERSION_NUMBER < 3999000 1674 return (ARCHIVE_OK); 1675 #else 1676 return (size); 1677 #endif 1678 } 1679 1680 static ssize_t 1681 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size) 1682 { 1683 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1684 1685 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1686 ARCHIVE_STATE_DATA, "archive_write_data"); 1687 1688 if (a->todo & TODO_HFS_COMPRESSION) 1689 return (hfs_write_data_block(a, buff, size)); 1690 return (write_data_block(a, buff, size)); 1691 } 1692 1693 static int 1694 _archive_write_disk_finish_entry(struct archive *_a) 1695 { 1696 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1697 int ret = ARCHIVE_OK; 1698 1699 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1700 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 1701 "archive_write_finish_entry"); 1702 if (a->archive.state & ARCHIVE_STATE_HEADER) 1703 return (ARCHIVE_OK); 1704 archive_clear_error(&a->archive); 1705 1706 /* Pad or truncate file to the right size. */ 1707 if (a->fd < 0) { 1708 /* There's no file. */ 1709 } else if (a->filesize < 0) { 1710 /* File size is unknown, so we can't set the size. */ 1711 } else if (a->fd_offset == a->filesize) { 1712 /* Last write ended at exactly the filesize; we're done. */ 1713 /* Hopefully, this is the common case. */ 1714 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H) 1715 } else if (a->todo & TODO_HFS_COMPRESSION) { 1716 char null_d[1024]; 1717 ssize_t r; 1718 1719 if (a->file_remaining_bytes) 1720 memset(null_d, 0, sizeof(null_d)); 1721 while (a->file_remaining_bytes) { 1722 if (a->file_remaining_bytes > sizeof(null_d)) 1723 r = hfs_write_data_block( 1724 a, null_d, sizeof(null_d)); 1725 else 1726 r = hfs_write_data_block( 1727 a, null_d, a->file_remaining_bytes); 1728 if (r < 0) 1729 return ((int)r); 1730 } 1731 #endif 1732 } else { 1733 #if HAVE_FTRUNCATE 1734 if (ftruncate(a->fd, a->filesize) == -1 && 1735 a->filesize == 0) { 1736 archive_set_error(&a->archive, errno, 1737 "File size could not be restored"); 1738 return (ARCHIVE_FAILED); 1739 } 1740 #endif 1741 /* 1742 * Not all platforms implement the XSI option to 1743 * extend files via ftruncate. Stat() the file again 1744 * to see what happened. 1745 */ 1746 a->pst = NULL; 1747 if ((ret = lazy_stat(a)) != ARCHIVE_OK) 1748 return (ret); 1749 /* We can use lseek()/write() to extend the file if 1750 * ftruncate didn't work or isn't available. */ 1751 if (a->st.st_size < a->filesize) { 1752 const char nul = '\0'; 1753 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) { 1754 archive_set_error(&a->archive, errno, 1755 "Seek failed"); 1756 return (ARCHIVE_FATAL); 1757 } 1758 if (write(a->fd, &nul, 1) < 0) { 1759 archive_set_error(&a->archive, errno, 1760 "Write to restore size failed"); 1761 return (ARCHIVE_FATAL); 1762 } 1763 a->pst = NULL; 1764 } 1765 } 1766 1767 /* Restore metadata. */ 1768 1769 /* 1770 * This is specific to Mac OS X. 1771 * If the current file is an AppleDouble file, it should be 1772 * linked with the data fork file and remove it. 1773 */ 1774 if (a->todo & TODO_APPLEDOUBLE) { 1775 int r2 = fixup_appledouble(a, a->name); 1776 if (r2 == ARCHIVE_EOF) { 1777 /* The current file has been successfully linked 1778 * with the data fork file and removed. So there 1779 * is nothing to do on the current file. */ 1780 goto finish_metadata; 1781 } 1782 if (r2 < ret) ret = r2; 1783 } 1784 1785 /* 1786 * Look up the "real" UID only if we're going to need it. 1787 * TODO: the TODO_SGID condition can be dropped here, can't it? 1788 */ 1789 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) { 1790 a->uid = archive_write_disk_uid(&a->archive, 1791 archive_entry_uname(a->entry), 1792 archive_entry_uid(a->entry)); 1793 } 1794 /* Look up the "real" GID only if we're going to need it. */ 1795 /* TODO: the TODO_SUID condition can be dropped here, can't it? */ 1796 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) { 1797 a->gid = archive_write_disk_gid(&a->archive, 1798 archive_entry_gname(a->entry), 1799 archive_entry_gid(a->entry)); 1800 } 1801 1802 /* 1803 * Restore ownership before set_mode tries to restore suid/sgid 1804 * bits. If we set the owner, we know what it is and can skip 1805 * a stat() call to examine the ownership of the file on disk. 1806 */ 1807 if (a->todo & TODO_OWNER) { 1808 int r2 = set_ownership(a); 1809 if (r2 < ret) ret = r2; 1810 } 1811 1812 /* 1813 * HYPOTHESIS: 1814 * If we're not root, we won't be setting any security 1815 * attributes that may be wiped by the set_mode() routine 1816 * below. We also can't set xattr on non-owner-writable files, 1817 * which may be the state after set_mode(). Perform 1818 * set_xattrs() first based on these constraints. 1819 */ 1820 if (a->user_uid != 0 && 1821 (a->todo & TODO_XATTR)) { 1822 int r2 = set_xattrs(a); 1823 if (r2 < ret) ret = r2; 1824 } 1825 1826 /* 1827 * set_mode must precede ACLs on systems such as Solaris and 1828 * FreeBSD where setting the mode implicitly clears extended ACLs 1829 */ 1830 if (a->todo & TODO_MODE) { 1831 int r2 = set_mode(a, a->mode); 1832 if (r2 < ret) ret = r2; 1833 } 1834 1835 /* 1836 * Security-related extended attributes (such as 1837 * security.capability on Linux) have to be restored last, 1838 * since they're implicitly removed by other file changes. 1839 * We do this last only when root. 1840 */ 1841 if (a->user_uid == 0 && 1842 (a->todo & TODO_XATTR)) { 1843 int r2 = set_xattrs(a); 1844 if (r2 < ret) ret = r2; 1845 } 1846 1847 /* 1848 * Some flags prevent file modification; they must be restored after 1849 * file contents are written. 1850 */ 1851 if (a->todo & TODO_FFLAGS) { 1852 int r2 = set_fflags(a); 1853 if (r2 < ret) ret = r2; 1854 } 1855 1856 /* 1857 * Time must follow most other metadata; 1858 * otherwise atime will get changed. 1859 */ 1860 if (a->todo & TODO_TIMES) { 1861 int r2 = set_times_from_entry(a); 1862 if (r2 < ret) ret = r2; 1863 } 1864 1865 /* 1866 * Mac extended metadata includes ACLs. 1867 */ 1868 if (a->todo & TODO_MAC_METADATA) { 1869 const void *metadata; 1870 size_t metadata_size; 1871 metadata = archive_entry_mac_metadata(a->entry, &metadata_size); 1872 if (metadata != NULL && metadata_size > 0) { 1873 int r2 = set_mac_metadata(a, archive_entry_pathname( 1874 a->entry), metadata, metadata_size); 1875 if (r2 < ret) ret = r2; 1876 } 1877 } 1878 1879 /* 1880 * ACLs must be restored after timestamps because there are 1881 * ACLs that prevent attribute changes (including time). 1882 */ 1883 if (a->todo & TODO_ACLS) { 1884 int r2; 1885 r2 = archive_write_disk_set_acls(&a->archive, a->fd, 1886 archive_entry_pathname(a->entry), 1887 archive_entry_acl(a->entry), 1888 archive_entry_mode(a->entry)); 1889 if (r2 < ret) ret = r2; 1890 } 1891 1892 finish_metadata: 1893 /* If there's an fd, we can close it now. */ 1894 if (a->fd >= 0) { 1895 close(a->fd); 1896 a->fd = -1; 1897 if (a->tmpname) { 1898 if (rename(a->tmpname, a->name) == -1) { 1899 archive_set_error(&a->archive, errno, 1900 "Failed to rename temporary file"); 1901 ret = ARCHIVE_FAILED; 1902 unlink(a->tmpname); 1903 } 1904 a->tmpname = NULL; 1905 } 1906 } 1907 /* If there's an entry, we can release it now. */ 1908 archive_entry_free(a->entry); 1909 a->entry = NULL; 1910 a->archive.state = ARCHIVE_STATE_HEADER; 1911 return (ret); 1912 } 1913 1914 int 1915 archive_write_disk_set_group_lookup(struct archive *_a, 1916 void *private_data, 1917 la_int64_t (*lookup_gid)(void *private, const char *gname, la_int64_t gid), 1918 void (*cleanup_gid)(void *private)) 1919 { 1920 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1921 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1922 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup"); 1923 1924 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL) 1925 (a->cleanup_gid)(a->lookup_gid_data); 1926 1927 a->lookup_gid = lookup_gid; 1928 a->cleanup_gid = cleanup_gid; 1929 a->lookup_gid_data = private_data; 1930 return (ARCHIVE_OK); 1931 } 1932 1933 int 1934 archive_write_disk_set_user_lookup(struct archive *_a, 1935 void *private_data, 1936 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid), 1937 void (*cleanup_uid)(void *private)) 1938 { 1939 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1940 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1941 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup"); 1942 1943 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL) 1944 (a->cleanup_uid)(a->lookup_uid_data); 1945 1946 a->lookup_uid = lookup_uid; 1947 a->cleanup_uid = cleanup_uid; 1948 a->lookup_uid_data = private_data; 1949 return (ARCHIVE_OK); 1950 } 1951 1952 int64_t 1953 archive_write_disk_gid(struct archive *_a, const char *name, la_int64_t id) 1954 { 1955 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1956 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1957 ARCHIVE_STATE_ANY, "archive_write_disk_gid"); 1958 if (a->lookup_gid) 1959 return (a->lookup_gid)(a->lookup_gid_data, name, id); 1960 return (id); 1961 } 1962 1963 int64_t 1964 archive_write_disk_uid(struct archive *_a, const char *name, la_int64_t id) 1965 { 1966 struct archive_write_disk *a = (struct archive_write_disk *)_a; 1967 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 1968 ARCHIVE_STATE_ANY, "archive_write_disk_uid"); 1969 if (a->lookup_uid) 1970 return (a->lookup_uid)(a->lookup_uid_data, name, id); 1971 return (id); 1972 } 1973 1974 /* 1975 * Create a new archive_write_disk object and initialize it with global state. 1976 */ 1977 struct archive * 1978 archive_write_disk_new(void) 1979 { 1980 struct archive_write_disk *a; 1981 1982 a = (struct archive_write_disk *)calloc(1, sizeof(*a)); 1983 if (a == NULL) 1984 return (NULL); 1985 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC; 1986 /* We're ready to write a header immediately. */ 1987 a->archive.state = ARCHIVE_STATE_HEADER; 1988 a->archive.vtable = &archive_write_disk_vtable; 1989 a->start_time = time(NULL); 1990 /* Query and restore the umask. */ 1991 umask(a->user_umask = umask(0)); 1992 #ifdef HAVE_GETEUID 1993 a->user_uid = geteuid(); 1994 #endif /* HAVE_GETEUID */ 1995 if (archive_string_ensure(&a->path_safe, 512) == NULL) { 1996 free(a); 1997 return (NULL); 1998 } 1999 #ifdef HAVE_ZLIB_H 2000 a->decmpfs_compression_level = 5; 2001 #endif 2002 return (&a->archive); 2003 } 2004 2005 2006 /* 2007 * If pathname is longer than PATH_MAX, chdir to a suitable 2008 * intermediate dir and edit the path down to a shorter suffix. Note 2009 * that this routine never returns an error; if the chdir() attempt 2010 * fails for any reason, we just go ahead with the long pathname. The 2011 * object creation is likely to fail, but any error will get handled 2012 * at that time. 2013 */ 2014 #if defined(HAVE_FCHDIR) && defined(PATH_MAX) 2015 static void 2016 edit_deep_directories(struct archive_write_disk *a) 2017 { 2018 int ret; 2019 char *tail = a->name; 2020 2021 /* If path is short, avoid the open() below. */ 2022 if (strlen(tail) < PATH_MAX) 2023 return; 2024 2025 /* Try to record our starting dir. */ 2026 a->restore_pwd = la_opendirat(AT_FDCWD, "."); 2027 __archive_ensure_cloexec_flag(a->restore_pwd); 2028 if (a->restore_pwd < 0) 2029 return; 2030 2031 /* As long as the path is too long... */ 2032 while (strlen(tail) >= PATH_MAX) { 2033 /* Locate a dir prefix shorter than PATH_MAX. */ 2034 tail += PATH_MAX - 8; 2035 while (tail > a->name && *tail != '/') 2036 tail--; 2037 /* Exit if we find a too-long path component. */ 2038 if (tail <= a->name) 2039 return; 2040 /* Create the intermediate dir and chdir to it. */ 2041 *tail = '\0'; /* Terminate dir portion */ 2042 ret = create_dir(a, a->name); 2043 if (ret == ARCHIVE_OK && chdir(a->name) != 0) 2044 ret = ARCHIVE_FAILED; 2045 *tail = '/'; /* Restore the / we removed. */ 2046 if (ret != ARCHIVE_OK) 2047 return; 2048 tail++; 2049 /* The chdir() succeeded; we've now shortened the path. */ 2050 a->name = tail; 2051 } 2052 return; 2053 } 2054 #endif 2055 2056 /* 2057 * The main restore function. 2058 */ 2059 static int 2060 restore_entry(struct archive_write_disk *a) 2061 { 2062 int ret = ARCHIVE_OK, en; 2063 2064 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) { 2065 /* 2066 * TODO: Fix this. Apparently, there are platforms 2067 * that still allow root to hose the entire filesystem 2068 * by unlinking a dir. The S_ISDIR() test above 2069 * prevents us from using unlink() here if the new 2070 * object is a dir, but that doesn't mean the old 2071 * object isn't a dir. 2072 */ 2073 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2074 (void)clear_nochange_fflags(a); 2075 if (unlink(a->name) == 0) { 2076 /* We removed it, reset cached stat. */ 2077 a->pst = NULL; 2078 } else if (errno == ENOENT) { 2079 /* File didn't exist, that's just as good. */ 2080 } else if (rmdir(a->name) == 0) { 2081 /* It was a dir, but now it's gone. */ 2082 a->pst = NULL; 2083 } else { 2084 /* We tried, but couldn't get rid of it. */ 2085 archive_set_error(&a->archive, errno, 2086 "Could not unlink"); 2087 return(ARCHIVE_FAILED); 2088 } 2089 } 2090 2091 /* Try creating it first; if this fails, we'll try to recover. */ 2092 en = create_filesystem_object(a); 2093 2094 if ((en == ENOTDIR || en == ENOENT) 2095 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) { 2096 /* If the parent dir doesn't exist, try creating it. */ 2097 create_parent_dir(a, a->name); 2098 /* Now try to create the object again. */ 2099 en = create_filesystem_object(a); 2100 } 2101 2102 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) { 2103 archive_set_error(&a->archive, en, 2104 "Hard-link target '%s' does not exist.", 2105 archive_entry_hardlink(a->entry)); 2106 return (ARCHIVE_FAILED); 2107 } 2108 2109 if ((en == EISDIR || en == EEXIST) 2110 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 2111 /* If we're not overwriting, we're done. */ 2112 if (S_ISDIR(a->mode)) { 2113 /* Don't overwrite any settings on existing directories. */ 2114 a->todo = 0; 2115 } 2116 archive_entry_unset_size(a->entry); 2117 return (ARCHIVE_OK); 2118 } 2119 2120 /* 2121 * Some platforms return EISDIR if you call 2122 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some 2123 * return EEXIST. POSIX is ambiguous, requiring EISDIR 2124 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT) 2125 * on an existing item. 2126 */ 2127 if (en == EISDIR) { 2128 /* A dir is in the way of a non-dir, rmdir it. */ 2129 if (rmdir(a->name) != 0) { 2130 archive_set_error(&a->archive, errno, 2131 "Can't remove already-existing dir"); 2132 return (ARCHIVE_FAILED); 2133 } 2134 a->pst = NULL; 2135 /* Try again. */ 2136 en = create_filesystem_object(a); 2137 } else if (en == EEXIST) { 2138 /* 2139 * We know something is in the way, but we don't know what; 2140 * we need to find out before we go any further. 2141 */ 2142 int r = 0; 2143 /* 2144 * The SECURE_SYMLINKS logic has already removed a 2145 * symlink to a dir if the client wants that. So 2146 * follow the symlink if we're creating a dir. 2147 */ 2148 if (S_ISDIR(a->mode)) 2149 r = la_stat(a->name, &a->st); 2150 /* 2151 * If it's not a dir (or it's a broken symlink), 2152 * then don't follow it. 2153 */ 2154 if (r != 0 || !S_ISDIR(a->mode)) 2155 r = lstat(a->name, &a->st); 2156 if (r != 0) { 2157 archive_set_error(&a->archive, errno, 2158 "Can't stat existing object"); 2159 return (ARCHIVE_FAILED); 2160 } 2161 2162 /* 2163 * NO_OVERWRITE_NEWER doesn't apply to directories. 2164 */ 2165 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER) 2166 && !S_ISDIR(a->st.st_mode)) { 2167 if (!older(&(a->st), a->entry)) { 2168 archive_entry_unset_size(a->entry); 2169 return (ARCHIVE_OK); 2170 } 2171 } 2172 2173 /* If it's our archive, we're done. */ 2174 if (a->skip_file_set && 2175 a->st.st_dev == (dev_t)a->skip_file_dev && 2176 a->st.st_ino == (ino_t)a->skip_file_ino) { 2177 archive_set_error(&a->archive, 0, 2178 "Refusing to overwrite archive"); 2179 return (ARCHIVE_FAILED); 2180 } 2181 2182 if (!S_ISDIR(a->st.st_mode)) { 2183 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2184 (void)clear_nochange_fflags(a); 2185 2186 if ((a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) && 2187 S_ISREG(a->st.st_mode)) { 2188 /* Use a temporary file to extract */ 2189 if ((a->fd = la_mktemp(a)) == -1) { 2190 archive_set_error(&a->archive, errno, 2191 "Can't create temporary file"); 2192 return ARCHIVE_FAILED; 2193 } 2194 a->pst = NULL; 2195 en = 0; 2196 } else { 2197 /* A non-dir is in the way, unlink it. */ 2198 if (unlink(a->name) != 0) { 2199 archive_set_error(&a->archive, errno, 2200 "Can't unlink already-existing " 2201 "object"); 2202 return (ARCHIVE_FAILED); 2203 } 2204 a->pst = NULL; 2205 /* Try again. */ 2206 en = create_filesystem_object(a); 2207 } 2208 } else if (!S_ISDIR(a->mode)) { 2209 /* A dir is in the way of a non-dir, rmdir it. */ 2210 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS) 2211 (void)clear_nochange_fflags(a); 2212 if (rmdir(a->name) != 0) { 2213 archive_set_error(&a->archive, errno, 2214 "Can't replace existing directory with non-directory"); 2215 return (ARCHIVE_FAILED); 2216 } 2217 /* Try again. */ 2218 en = create_filesystem_object(a); 2219 } else { 2220 /* 2221 * There's a dir in the way of a dir. Don't 2222 * waste time with rmdir()/mkdir(), just fix 2223 * up the permissions on the existing dir. 2224 * Note that we don't change perms on existing 2225 * dirs unless _EXTRACT_PERM is specified. 2226 */ 2227 if ((a->mode != a->st.st_mode) 2228 && (a->todo & TODO_MODE_FORCE)) 2229 a->deferred |= (a->todo & TODO_MODE); 2230 /* Ownership doesn't need deferred fixup. */ 2231 en = 0; /* Forget the EEXIST. */ 2232 } 2233 } 2234 2235 if (en) { 2236 /* Everything failed; give up here. */ 2237 if ((&a->archive)->error == NULL) 2238 archive_set_error(&a->archive, en, "Can't create '%s'", 2239 a->name); 2240 return (ARCHIVE_FAILED); 2241 } 2242 2243 a->pst = NULL; /* Cached stat data no longer valid. */ 2244 return (ret); 2245 } 2246 2247 /* 2248 * Returns 0 if creation succeeds, or else returns errno value from 2249 * the failed system call. Note: This function should only ever perform 2250 * a single system call. 2251 */ 2252 static int 2253 create_filesystem_object(struct archive_write_disk *a) 2254 { 2255 /* Create the entry. */ 2256 const char *linkname; 2257 mode_t final_mode, mode; 2258 int r; 2259 /* these for check_symlinks_fsobj */ 2260 char *linkname_copy; /* non-const copy of linkname */ 2261 struct stat st; 2262 struct archive_string error_string; 2263 int error_number; 2264 2265 /* We identify hard/symlinks according to the link names. */ 2266 /* Since link(2) and symlink(2) don't handle modes, we're done here. */ 2267 linkname = archive_entry_hardlink(a->entry); 2268 if (linkname != NULL) { 2269 #if !HAVE_LINK 2270 return (EPERM); 2271 #else 2272 archive_string_init(&error_string); 2273 linkname_copy = strdup(linkname); 2274 if (linkname_copy == NULL) { 2275 return (EPERM); 2276 } 2277 /* 2278 * TODO: consider using the cleaned-up path as the link 2279 * target? 2280 */ 2281 r = cleanup_pathname_fsobj(linkname_copy, &error_number, 2282 &error_string, a->flags); 2283 if (r != ARCHIVE_OK) { 2284 archive_set_error(&a->archive, error_number, "%s", 2285 error_string.s); 2286 free(linkname_copy); 2287 archive_string_free(&error_string); 2288 /* 2289 * EPERM is more appropriate than error_number for our 2290 * callers 2291 */ 2292 return (EPERM); 2293 } 2294 r = check_symlinks_fsobj(linkname_copy, &error_number, 2295 &error_string, a->flags, 1); 2296 if (r != ARCHIVE_OK) { 2297 archive_set_error(&a->archive, error_number, "%s", 2298 error_string.s); 2299 free(linkname_copy); 2300 archive_string_free(&error_string); 2301 /* 2302 * EPERM is more appropriate than error_number for our 2303 * callers 2304 */ 2305 return (EPERM); 2306 } 2307 free(linkname_copy); 2308 archive_string_free(&error_string); 2309 /* 2310 * Unlinking and linking here is really not atomic, 2311 * but doing it right, would require us to construct 2312 * an mktemplink() function, and then use rename(2). 2313 */ 2314 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) 2315 unlink(a->name); 2316 #ifdef HAVE_LINKAT 2317 r = linkat(AT_FDCWD, linkname, AT_FDCWD, a->name, 2318 0) ? errno : 0; 2319 #else 2320 r = link(linkname, a->name) ? errno : 0; 2321 #endif 2322 /* 2323 * New cpio and pax formats allow hardlink entries 2324 * to carry data, so we may have to open the file 2325 * for hardlink entries. 2326 * 2327 * If the hardlink was successfully created and 2328 * the archive doesn't have carry data for it, 2329 * consider it to be non-authoritative for meta data. 2330 * This is consistent with GNU tar and BSD pax. 2331 * If the hardlink does carry data, let the last 2332 * archive entry decide ownership. 2333 */ 2334 if (r == 0 && a->filesize <= 0) { 2335 a->todo = 0; 2336 a->deferred = 0; 2337 } else if (r == 0 && a->filesize > 0) { 2338 #ifdef HAVE_LSTAT 2339 r = lstat(a->name, &st); 2340 #else 2341 r = la_stat(a->name, &st); 2342 #endif 2343 if (r != 0) 2344 r = errno; 2345 else if ((st.st_mode & AE_IFMT) == AE_IFREG) { 2346 a->fd = open(a->name, O_WRONLY | O_TRUNC | 2347 O_BINARY | O_CLOEXEC | O_NOFOLLOW); 2348 __archive_ensure_cloexec_flag(a->fd); 2349 if (a->fd < 0) 2350 r = errno; 2351 } 2352 } 2353 return (r); 2354 #endif 2355 } 2356 linkname = archive_entry_symlink(a->entry); 2357 if (linkname != NULL) { 2358 #if HAVE_SYMLINK 2359 /* 2360 * Unlinking and linking here is really not atomic, 2361 * but doing it right, would require us to construct 2362 * an mktempsymlink() function, and then use rename(2). 2363 */ 2364 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) 2365 unlink(a->name); 2366 return symlink(linkname, a->name) ? errno : 0; 2367 #else 2368 return (EPERM); 2369 #endif 2370 } 2371 2372 /* 2373 * The remaining system calls all set permissions, so let's 2374 * try to take advantage of that to avoid an extra chmod() 2375 * call. (Recall that umask is set to zero right now!) 2376 */ 2377 2378 /* Mode we want for the final restored object (w/o file type bits). */ 2379 final_mode = a->mode & 07777; 2380 /* 2381 * The mode that will actually be restored in this step. Note 2382 * that SUID, SGID, etc, require additional work to ensure 2383 * security, so we never restore them at this point. 2384 */ 2385 mode = final_mode & 0777 & ~a->user_umask; 2386 2387 /* 2388 * Always create writable such that [f]setxattr() works if we're not 2389 * root. 2390 */ 2391 if (a->user_uid != 0 && 2392 a->todo & (TODO_HFS_COMPRESSION | TODO_XATTR)) { 2393 mode |= 0200; 2394 } 2395 2396 switch (a->mode & AE_IFMT) { 2397 default: 2398 /* POSIX requires that we fall through here. */ 2399 /* FALLTHROUGH */ 2400 case AE_IFREG: 2401 a->tmpname = NULL; 2402 a->fd = open(a->name, 2403 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode); 2404 __archive_ensure_cloexec_flag(a->fd); 2405 r = (a->fd < 0); 2406 break; 2407 case AE_IFCHR: 2408 #ifdef HAVE_MKNOD 2409 /* Note: we use AE_IFCHR for the case label, and 2410 * S_IFCHR for the mknod() call. This is correct. */ 2411 r = mknod(a->name, mode | S_IFCHR, 2412 archive_entry_rdev(a->entry)); 2413 break; 2414 #else 2415 /* TODO: Find a better way to warn about our inability 2416 * to restore a char device node. */ 2417 return (EINVAL); 2418 #endif /* HAVE_MKNOD */ 2419 case AE_IFBLK: 2420 #ifdef HAVE_MKNOD 2421 r = mknod(a->name, mode | S_IFBLK, 2422 archive_entry_rdev(a->entry)); 2423 break; 2424 #else 2425 /* TODO: Find a better way to warn about our inability 2426 * to restore a block device node. */ 2427 return (EINVAL); 2428 #endif /* HAVE_MKNOD */ 2429 case AE_IFDIR: 2430 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE; 2431 r = mkdir(a->name, mode); 2432 if (r == 0) { 2433 /* Defer setting dir times. */ 2434 a->deferred |= (a->todo & TODO_TIMES); 2435 a->todo &= ~TODO_TIMES; 2436 /* Never use an immediate chmod(). */ 2437 /* We can't avoid the chmod() entirely if EXTRACT_PERM 2438 * because of SysV SGID inheritance. */ 2439 if ((mode != final_mode) 2440 || (a->flags & ARCHIVE_EXTRACT_PERM)) 2441 a->deferred |= (a->todo & TODO_MODE); 2442 a->todo &= ~TODO_MODE; 2443 } 2444 break; 2445 case AE_IFIFO: 2446 #ifdef HAVE_MKFIFO 2447 r = mkfifo(a->name, mode); 2448 break; 2449 #else 2450 /* TODO: Find a better way to warn about our inability 2451 * to restore a fifo. */ 2452 return (EINVAL); 2453 #endif /* HAVE_MKFIFO */ 2454 } 2455 2456 /* All the system calls above set errno on failure. */ 2457 if (r) 2458 return (errno); 2459 2460 /* If we managed to set the final mode, we've avoided a chmod(). */ 2461 if (mode == final_mode) 2462 a->todo &= ~TODO_MODE; 2463 return (0); 2464 } 2465 2466 /* 2467 * Cleanup function for archive_extract. Mostly, this involves processing 2468 * the fixup list, which is used to address a number of problems: 2469 * * Dir permissions might prevent us from restoring a file in that 2470 * dir, so we restore the dir with minimum 0700 permissions first, 2471 * then correct the mode at the end. 2472 * * Similarly, the act of restoring a file touches the directory 2473 * and changes the timestamp on the dir, so we have to touch-up dir 2474 * timestamps at the end as well. 2475 * * Some file flags can interfere with the restore by, for example, 2476 * preventing the creation of hardlinks to those files. 2477 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs. 2478 * 2479 * Note that tar/cpio do not require that archives be in a particular 2480 * order; there is no way to know when the last file has been restored 2481 * within a directory, so there's no way to optimize the memory usage 2482 * here by fixing up the directory any earlier than the 2483 * end-of-archive. 2484 * 2485 * XXX TODO: Directory ACLs should be restored here, for the same 2486 * reason we set directory perms here. XXX 2487 */ 2488 static int 2489 _archive_write_disk_close(struct archive *_a) 2490 { 2491 struct archive_write_disk *a = (struct archive_write_disk *)_a; 2492 struct fixup_entry *next, *p; 2493 struct stat st; 2494 char *c; 2495 int fd, ret, openflags; 2496 2497 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC, 2498 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA, 2499 "archive_write_disk_close"); 2500 ret = _archive_write_disk_finish_entry(&a->archive); 2501 2502 /* Sort dir list so directories are fixed up in depth-first order. */ 2503 p = sort_dir_list(a->fixup_list); 2504 2505 while (p != NULL) { 2506 fd = -1; 2507 a->pst = NULL; /* Mark stat cache as out-of-date. */ 2508 2509 /* We must strip trailing slashes from the path to avoid 2510 dereferencing symbolic links to directories */ 2511 c = p->name; 2512 while (*c != '\0') 2513 c++; 2514 while (c != p->name && *(c - 1) == '/') { 2515 c--; 2516 *c = '\0'; 2517 } 2518 2519 if (p->fixup == 0) 2520 goto skip_fixup_entry; 2521 else { 2522 /* 2523 * We need to verify if the type of the file 2524 * we are going to open matches the file type 2525 * of the fixup entry. 2526 */ 2527 openflags = O_BINARY | O_NOFOLLOW | O_RDONLY 2528 | O_CLOEXEC; 2529 #if defined(O_DIRECTORY) 2530 if (p->filetype == AE_IFDIR) 2531 openflags |= O_DIRECTORY; 2532 #endif 2533 fd = open(p->name, openflags); 2534 2535 #if defined(O_DIRECTORY) 2536 /* 2537 * If we support O_DIRECTORY and open was 2538 * successful we can skip the file type check 2539 * for directories. For other file types 2540 * we need to verify via fstat() or lstat() 2541 */ 2542 if (fd == -1 || p->filetype != AE_IFDIR) { 2543 #if HAVE_FSTAT 2544 if (fd > 0 && ( 2545 fstat(fd, &st) != 0 || 2546 la_verify_filetype(st.st_mode, 2547 p->filetype) == 0)) { 2548 goto skip_fixup_entry; 2549 } else 2550 #endif 2551 if (lstat(p->name, &st) != 0 || 2552 la_verify_filetype(st.st_mode, 2553 p->filetype) == 0) { 2554 goto skip_fixup_entry; 2555 } 2556 } 2557 #else 2558 #if HAVE_FSTAT 2559 if (fd > 0 && ( 2560 fstat(fd, &st) != 0 || 2561 la_verify_filetype(st.st_mode, 2562 p->filetype) == 0)) { 2563 goto skip_fixup_entry; 2564 } else 2565 #endif 2566 if (lstat(p->name, &st) != 0 || 2567 la_verify_filetype(st.st_mode, 2568 p->filetype) == 0) { 2569 goto skip_fixup_entry; 2570 } 2571 #endif 2572 } 2573 if (p->fixup & TODO_TIMES) { 2574 set_times(a, fd, p->mode, p->name, 2575 p->atime, p->atime_nanos, 2576 p->birthtime, p->birthtime_nanos, 2577 p->mtime, p->mtime_nanos, 2578 p->ctime, p->ctime_nanos); 2579 } 2580 if (p->fixup & TODO_MODE_BASE) { 2581 #ifdef HAVE_FCHMOD 2582 if (fd >= 0) 2583 fchmod(fd, p->mode & 07777); 2584 else 2585 #endif 2586 #ifdef HAVE_LCHMOD 2587 lchmod(p->name, p->mode & 07777); 2588 #else 2589 chmod(p->name, p->mode & 07777); 2590 #endif 2591 } 2592 if (p->fixup & TODO_ACLS) 2593 archive_write_disk_set_acls(&a->archive, fd, 2594 p->name, &p->acl, p->mode); 2595 if (p->fixup & TODO_FFLAGS) 2596 set_fflags_platform(a, fd, p->name, 2597 p->mode, p->fflags_set, 0); 2598 if (p->fixup & TODO_MAC_METADATA) 2599 set_mac_metadata(a, p->name, p->mac_metadata, 2600 p->mac_metadata_size); 2601 skip_fixup_entry: 2602 next = p->next; 2603 archive_acl_clear(&p->acl); 2604 free(p->mac_metadata); 2605 free(p->name); 2606 if (fd >= 0) 2607 close(fd); 2608 free(p); 2609 p = next; 2610 } 2611 a->fixup_list = NULL; 2612 return (ret); 2613 } 2614 2615 static int 2616 _archive_write_disk_free(struct archive *_a) 2617 { 2618 struct archive_write_disk *a; 2619 int ret; 2620 if (_a == NULL) 2621 return (ARCHIVE_OK); 2622 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC, 2623 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free"); 2624 a = (struct archive_write_disk *)_a; 2625 ret = _archive_write_disk_close(&a->archive); 2626 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL); 2627 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL); 2628 archive_entry_free(a->entry); 2629 archive_string_free(&a->_name_data); 2630 archive_string_free(&a->_tmpname_data); 2631 archive_string_free(&a->archive.error_string); 2632 archive_string_free(&a->path_safe); 2633 a->archive.magic = 0; 2634 __archive_clean(&a->archive); 2635 free(a->decmpfs_header_p); 2636 free(a->resource_fork); 2637 free(a->compressed_buffer); 2638 free(a->uncompressed_buffer); 2639 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\ 2640 && defined(HAVE_ZLIB_H) 2641 if (a->stream_valid) { 2642 switch (deflateEnd(&a->stream)) { 2643 case Z_OK: 2644 break; 2645 default: 2646 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 2647 "Failed to clean up compressor"); 2648 ret = ARCHIVE_FATAL; 2649 break; 2650 } 2651 } 2652 #endif 2653 free(a); 2654 return (ret); 2655 } 2656 2657 /* 2658 * Simple O(n log n) merge sort to order the fixup list. In 2659 * particular, we want to restore dir timestamps depth-first. 2660 */ 2661 static struct fixup_entry * 2662 sort_dir_list(struct fixup_entry *p) 2663 { 2664 struct fixup_entry *a, *b, *t; 2665 2666 if (p == NULL) 2667 return (NULL); 2668 /* A one-item list is already sorted. */ 2669 if (p->next == NULL) 2670 return (p); 2671 2672 /* Step 1: split the list. */ 2673 t = p; 2674 a = p->next->next; 2675 while (a != NULL) { 2676 /* Step a twice, t once. */ 2677 a = a->next; 2678 if (a != NULL) 2679 a = a->next; 2680 t = t->next; 2681 } 2682 /* Now, t is at the mid-point, so break the list here. */ 2683 b = t->next; 2684 t->next = NULL; 2685 a = p; 2686 2687 /* Step 2: Recursively sort the two sub-lists. */ 2688 a = sort_dir_list(a); 2689 b = sort_dir_list(b); 2690 2691 /* Step 3: Merge the returned lists. */ 2692 /* Pick the first element for the merged list. */ 2693 if (strcmp(a->name, b->name) > 0) { 2694 t = p = a; 2695 a = a->next; 2696 } else { 2697 t = p = b; 2698 b = b->next; 2699 } 2700 2701 /* Always put the later element on the list first. */ 2702 while (a != NULL && b != NULL) { 2703 if (strcmp(a->name, b->name) > 0) { 2704 t->next = a; 2705 a = a->next; 2706 } else { 2707 t->next = b; 2708 b = b->next; 2709 } 2710 t = t->next; 2711 } 2712 2713 /* Only one list is non-empty, so just splice it on. */ 2714 if (a != NULL) 2715 t->next = a; 2716 if (b != NULL) 2717 t->next = b; 2718 2719 return (p); 2720 } 2721 2722 /* 2723 * Returns a new, initialized fixup entry. 2724 * 2725 * TODO: Reduce the memory requirements for this list by using a tree 2726 * structure rather than a simple list of names. 2727 */ 2728 static struct fixup_entry * 2729 new_fixup(struct archive_write_disk *a, const char *pathname) 2730 { 2731 struct fixup_entry *fe; 2732 2733 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry)); 2734 if (fe == NULL) { 2735 archive_set_error(&a->archive, ENOMEM, 2736 "Can't allocate memory for a fixup"); 2737 return (NULL); 2738 } 2739 fe->next = a->fixup_list; 2740 a->fixup_list = fe; 2741 fe->fixup = 0; 2742 fe->filetype = 0; 2743 fe->name = strdup(pathname); 2744 return (fe); 2745 } 2746 2747 /* 2748 * Returns a fixup structure for the current entry. 2749 */ 2750 static struct fixup_entry * 2751 current_fixup(struct archive_write_disk *a, const char *pathname) 2752 { 2753 if (a->current_fixup == NULL) 2754 a->current_fixup = new_fixup(a, pathname); 2755 return (a->current_fixup); 2756 } 2757 2758 /* Error helper for new *_fsobj functions */ 2759 static void 2760 fsobj_error(int *a_eno, struct archive_string *a_estr, 2761 int err, const char *errstr, const char *path) 2762 { 2763 if (a_eno) 2764 *a_eno = err; 2765 if (a_estr) 2766 archive_string_sprintf(a_estr, "%s%s", errstr, path); 2767 } 2768 2769 /* 2770 * TODO: Someday, integrate this with the deep dir support; they both 2771 * scan the path and both can be optimized by comparing against other 2772 * recent paths. 2773 */ 2774 /* 2775 * Checks the given path to see if any elements along it are symlinks. Returns 2776 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. 2777 */ 2778 static int 2779 check_symlinks_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 2780 int flags, int checking_linkname) 2781 { 2782 #if !defined(HAVE_LSTAT) && \ 2783 !(defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)) 2784 /* Platform doesn't have lstat, so we can't look for symlinks. */ 2785 (void)path; /* UNUSED */ 2786 (void)error_number; /* UNUSED */ 2787 (void)error_string; /* UNUSED */ 2788 (void)flags; /* UNUSED */ 2789 (void)checking_linkname; /* UNUSED */ 2790 return (ARCHIVE_OK); 2791 #else 2792 int res = ARCHIVE_OK; 2793 char *tail; 2794 char *head; 2795 int last; 2796 char c; 2797 int r; 2798 struct stat st; 2799 int chdir_fd; 2800 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2801 int fd; 2802 #endif 2803 2804 /* Nothing to do here if name is empty */ 2805 if(path[0] == '\0') 2806 return (ARCHIVE_OK); 2807 2808 /* 2809 * Guard against symlink tricks. Reject any archive entry whose 2810 * destination would be altered by a symlink. 2811 * 2812 * Walk the filename in chunks separated by '/'. For each segment: 2813 * - if it doesn't exist, continue 2814 * - if it's symlink, abort or remove it 2815 * - if it's a directory and it's not the last chunk, cd into it 2816 * As we go: 2817 * head points to the current (relative) path 2818 * tail points to the temporary \0 terminating the segment we're 2819 * currently examining 2820 * c holds what used to be in *tail 2821 * last is 1 if this is the last tail 2822 */ 2823 chdir_fd = la_opendirat(AT_FDCWD, "."); 2824 __archive_ensure_cloexec_flag(chdir_fd); 2825 if (chdir_fd < 0) { 2826 fsobj_error(a_eno, a_estr, errno, 2827 "Could not open ", path); 2828 return (ARCHIVE_FATAL); 2829 } 2830 head = path; 2831 tail = path; 2832 last = 0; 2833 /* TODO: reintroduce a safe cache here? */ 2834 /* Skip the root directory if the path is absolute. */ 2835 if(tail == path && tail[0] == '/') 2836 ++tail; 2837 /* Keep going until we've checked the entire name. 2838 * head, tail, path all alias the same string, which is 2839 * temporarily zeroed at tail, so be careful restoring the 2840 * stashed (c=tail[0]) for error messages. 2841 * Exiting the loop with break is okay; continue is not. 2842 */ 2843 while (!last) { 2844 /* 2845 * Skip the separator we just consumed, plus any adjacent ones 2846 */ 2847 while (*tail == '/') 2848 ++tail; 2849 /* Skip the next path element. */ 2850 while (*tail != '\0' && *tail != '/') 2851 ++tail; 2852 /* is this the last path component? */ 2853 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); 2854 /* temporarily truncate the string here */ 2855 c = tail[0]; 2856 tail[0] = '\0'; 2857 /* Check that we haven't hit a symlink. */ 2858 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2859 r = fstatat(chdir_fd, head, &st, AT_SYMLINK_NOFOLLOW); 2860 #else 2861 r = lstat(head, &st); 2862 #endif 2863 if (r != 0) { 2864 tail[0] = c; 2865 /* We've hit a dir that doesn't exist; stop now. */ 2866 if (errno == ENOENT) { 2867 break; 2868 } else { 2869 /* 2870 * Treat any other error as fatal - best to be 2871 * paranoid here. 2872 * Note: This effectively disables deep 2873 * directory support when security checks are 2874 * enabled. Otherwise, very long pathnames that 2875 * trigger an error here could evade the 2876 * sandbox. 2877 * TODO: We could do better, but it would 2878 * probably require merging the symlink checks 2879 * with the deep-directory editing. 2880 */ 2881 fsobj_error(a_eno, a_estr, errno, 2882 "Could not stat ", path); 2883 res = ARCHIVE_FAILED; 2884 break; 2885 } 2886 } else if (S_ISDIR(st.st_mode)) { 2887 if (!last) { 2888 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2889 fd = la_opendirat(chdir_fd, head); 2890 if (fd < 0) 2891 r = -1; 2892 else { 2893 r = 0; 2894 close(chdir_fd); 2895 chdir_fd = fd; 2896 } 2897 #else 2898 r = chdir(head); 2899 #endif 2900 if (r != 0) { 2901 tail[0] = c; 2902 fsobj_error(a_eno, a_estr, errno, 2903 "Could not chdir ", path); 2904 res = (ARCHIVE_FATAL); 2905 break; 2906 } 2907 /* Our view is now from inside this dir: */ 2908 head = tail + 1; 2909 } 2910 } else if (S_ISLNK(st.st_mode)) { 2911 if (last && checking_linkname) { 2912 #ifdef HAVE_LINKAT 2913 /* 2914 * Hardlinks to symlinks are safe to write 2915 * if linkat() is supported as it does not 2916 * follow symlinks. 2917 */ 2918 res = ARCHIVE_OK; 2919 #else 2920 /* 2921 * We return ARCHIVE_FAILED here as we are 2922 * not able to safely write hardlinks 2923 * to symlinks. 2924 */ 2925 tail[0] = c; 2926 fsobj_error(a_eno, a_estr, errno, 2927 "Cannot write hardlink to symlink ", 2928 path); 2929 res = ARCHIVE_FAILED; 2930 #endif 2931 break; 2932 } else 2933 if (last) { 2934 /* 2935 * Last element is symlink; remove it 2936 * so we can overwrite it with the 2937 * item being extracted. 2938 */ 2939 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2940 r = unlinkat(chdir_fd, head, 0); 2941 #else 2942 r = unlink(head); 2943 #endif 2944 if (r != 0) { 2945 tail[0] = c; 2946 fsobj_error(a_eno, a_estr, errno, 2947 "Could not remove symlink ", 2948 path); 2949 res = ARCHIVE_FAILED; 2950 break; 2951 } 2952 /* 2953 * Even if we did remove it, a warning 2954 * is in order. The warning is silly, 2955 * though, if we're just replacing one 2956 * symlink with another symlink. 2957 */ 2958 tail[0] = c; 2959 /* 2960 * FIXME: not sure how important this is to 2961 * restore 2962 */ 2963 /* 2964 if (!S_ISLNK(path)) { 2965 fsobj_error(a_eno, a_estr, 0, 2966 "Removing symlink ", path); 2967 } 2968 */ 2969 /* Symlink gone. No more problem! */ 2970 res = ARCHIVE_OK; 2971 break; 2972 } else if (flags & ARCHIVE_EXTRACT_UNLINK) { 2973 /* User asked us to remove problems. */ 2974 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2975 r = unlinkat(chdir_fd, head, 0); 2976 #else 2977 r = unlink(head); 2978 #endif 2979 if (r != 0) { 2980 tail[0] = c; 2981 fsobj_error(a_eno, a_estr, 0, 2982 "Cannot remove intervening " 2983 "symlink ", path); 2984 res = ARCHIVE_FAILED; 2985 break; 2986 } 2987 tail[0] = c; 2988 } else if ((flags & 2989 ARCHIVE_EXTRACT_SECURE_SYMLINKS) == 0) { 2990 /* 2991 * We are not the last element and we want to 2992 * follow symlinks if they are a directory. 2993 * 2994 * This is needed to extract hardlinks over 2995 * symlinks. 2996 */ 2997 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 2998 r = fstatat(chdir_fd, head, &st, 0); 2999 #else 3000 r = la_stat(head, &st); 3001 #endif 3002 if (r != 0) { 3003 tail[0] = c; 3004 if (errno == ENOENT) { 3005 break; 3006 } else { 3007 fsobj_error(a_eno, a_estr, 3008 errno, 3009 "Could not stat ", path); 3010 res = (ARCHIVE_FAILED); 3011 break; 3012 } 3013 } else if (S_ISDIR(st.st_mode)) { 3014 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 3015 fd = la_opendirat(chdir_fd, head); 3016 if (fd < 0) 3017 r = -1; 3018 else { 3019 r = 0; 3020 close(chdir_fd); 3021 chdir_fd = fd; 3022 } 3023 #else 3024 r = chdir(head); 3025 #endif 3026 if (r != 0) { 3027 tail[0] = c; 3028 fsobj_error(a_eno, a_estr, 3029 errno, 3030 "Could not chdir ", path); 3031 res = (ARCHIVE_FATAL); 3032 break; 3033 } 3034 /* 3035 * Our view is now from inside 3036 * this dir: 3037 */ 3038 head = tail + 1; 3039 } else { 3040 tail[0] = c; 3041 fsobj_error(a_eno, a_estr, 0, 3042 "Cannot extract through " 3043 "symlink ", path); 3044 res = ARCHIVE_FAILED; 3045 break; 3046 } 3047 } else { 3048 tail[0] = c; 3049 fsobj_error(a_eno, a_estr, 0, 3050 "Cannot extract through symlink ", path); 3051 res = ARCHIVE_FAILED; 3052 break; 3053 } 3054 } 3055 /* be sure to always maintain this */ 3056 tail[0] = c; 3057 if (tail[0] != '\0') 3058 tail++; /* Advance to the next segment. */ 3059 } 3060 /* Catches loop exits via break */ 3061 tail[0] = c; 3062 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT) 3063 /* If we operate with openat(), fstatat() and unlinkat() there was 3064 * no chdir(), so just close the fd */ 3065 if (chdir_fd >= 0) 3066 close(chdir_fd); 3067 #elif HAVE_FCHDIR 3068 /* If we changed directory above, restore it here. */ 3069 if (chdir_fd >= 0) { 3070 r = fchdir(chdir_fd); 3071 if (r != 0) { 3072 fsobj_error(a_eno, a_estr, errno, 3073 "chdir() failure", ""); 3074 } 3075 close(chdir_fd); 3076 chdir_fd = -1; 3077 if (r != 0) { 3078 res = (ARCHIVE_FATAL); 3079 } 3080 } 3081 #endif 3082 /* TODO: reintroduce a safe cache here? */ 3083 return res; 3084 #endif 3085 } 3086 3087 /* 3088 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise 3089 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} 3090 */ 3091 static int 3092 check_symlinks(struct archive_write_disk *a) 3093 { 3094 struct archive_string error_string; 3095 int error_number; 3096 int rc; 3097 archive_string_init(&error_string); 3098 rc = check_symlinks_fsobj(a->name, &error_number, &error_string, 3099 a->flags, 0); 3100 if (rc != ARCHIVE_OK) { 3101 archive_set_error(&a->archive, error_number, "%s", 3102 error_string.s); 3103 } 3104 archive_string_free(&error_string); 3105 a->pst = NULL; /* to be safe */ 3106 return rc; 3107 } 3108 3109 3110 #if defined(__CYGWIN__) 3111 /* 3112 * 1. Convert a path separator from '\' to '/' . 3113 * We shouldn't check multibyte character directly because some 3114 * character-set have been using the '\' character for a part of 3115 * its multibyte character code. 3116 * 2. Replace unusable characters in Windows with underscore('_'). 3117 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx 3118 */ 3119 static void 3120 cleanup_pathname_win(char *path) 3121 { 3122 wchar_t wc; 3123 char *p; 3124 size_t alen, l; 3125 int mb, complete, utf8; 3126 3127 alen = 0; 3128 mb = 0; 3129 complete = 1; 3130 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0; 3131 for (p = path; *p != '\0'; p++) { 3132 ++alen; 3133 if (*p == '\\') { 3134 /* If previous byte is smaller than 128, 3135 * this is not second byte of multibyte characters, 3136 * so we can replace '\' with '/'. */ 3137 if (utf8 || !mb) 3138 *p = '/'; 3139 else 3140 complete = 0;/* uncompleted. */ 3141 } else if (*(unsigned char *)p > 127) 3142 mb = 1; 3143 else 3144 mb = 0; 3145 /* Rewrite the path name if its next character is unusable. */ 3146 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' || 3147 *p == '<' || *p == '>' || *p == '|') 3148 *p = '_'; 3149 } 3150 if (complete) 3151 return; 3152 3153 /* 3154 * Convert path separator in wide-character. 3155 */ 3156 p = path; 3157 while (*p != '\0' && alen) { 3158 l = mbtowc(&wc, p, alen); 3159 if (l == (size_t)-1) { 3160 while (*p != '\0') { 3161 if (*p == '\\') 3162 *p = '/'; 3163 ++p; 3164 } 3165 break; 3166 } 3167 if (l == 1 && wc == L'\\') 3168 *p = '/'; 3169 p += l; 3170 alen -= l; 3171 } 3172 } 3173 #endif 3174 3175 /* 3176 * Canonicalize the pathname. In particular, this strips duplicate 3177 * '/' characters, '.' elements, and trailing '/'. It also raises an 3178 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is 3179 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS 3180 * is set) if the path is absolute. 3181 */ 3182 static int 3183 cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr, 3184 int flags) 3185 { 3186 char *dest, *src; 3187 char separator = '\0'; 3188 3189 dest = src = path; 3190 if (*src == '\0') { 3191 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 3192 "Invalid empty ", "pathname"); 3193 return (ARCHIVE_FAILED); 3194 } 3195 3196 #if defined(__CYGWIN__) 3197 cleanup_pathname_win(path); 3198 #endif 3199 /* Skip leading '/'. */ 3200 if (*src == '/') { 3201 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { 3202 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC, 3203 "Path is ", "absolute"); 3204 return (ARCHIVE_FAILED); 3205 } 3206 3207 separator = *src++; 3208 } 3209 3210 /* Scan the pathname one element at a time. */ 3211 for (;;) { 3212 /* src points to first char after '/' */ 3213 if (src[0] == '\0') { 3214 break; 3215 } else if (src[0] == '/') { 3216 /* Found '//', ignore second one. */ 3217 src++; 3218 continue; 3219 } else if (src[0] == '.') { 3220 if (src[1] == '\0') { 3221 /* Ignore trailing '.' */ 3222 break; 3223 } else if (src[1] == '/') { 3224 /* Skip './'. */ 3225 src += 2; 3226 continue; 3227 } else if (src[1] == '.') { 3228 if (src[2] == '/' || src[2] == '\0') { 3229 /* Conditionally warn about '..' */ 3230 if (flags 3231 & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { 3232 fsobj_error(a_eno, a_estr, 3233 ARCHIVE_ERRNO_MISC, 3234 "Path contains ", "'..'"); 3235 return (ARCHIVE_FAILED); 3236 } 3237 } 3238 /* 3239 * Note: Under no circumstances do we 3240 * remove '..' elements. In 3241 * particular, restoring 3242 * '/foo/../bar/' should create the 3243 * 'foo' dir as a side-effect. 3244 */ 3245 } 3246 } 3247 3248 /* Copy current element, including leading '/'. */ 3249 if (separator) 3250 *dest++ = '/'; 3251 while (*src != '\0' && *src != '/') { 3252 *dest++ = *src++; 3253 } 3254 3255 if (*src == '\0') 3256 break; 3257 3258 /* Skip '/' separator. */ 3259 separator = *src++; 3260 } 3261 /* 3262 * We've just copied zero or more path elements, not including the 3263 * final '/'. 3264 */ 3265 if (dest == path) { 3266 /* 3267 * Nothing got copied. The path must have been something 3268 * like '.' or '/' or './' or '/././././/./'. 3269 */ 3270 if (separator) 3271 *dest++ = '/'; 3272 else 3273 *dest++ = '.'; 3274 } 3275 /* Terminate the result. */ 3276 *dest = '\0'; 3277 return (ARCHIVE_OK); 3278 } 3279 3280 static int 3281 cleanup_pathname(struct archive_write_disk *a) 3282 { 3283 struct archive_string error_string; 3284 int error_number; 3285 int rc; 3286 archive_string_init(&error_string); 3287 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, 3288 a->flags); 3289 if (rc != ARCHIVE_OK) { 3290 archive_set_error(&a->archive, error_number, "%s", 3291 error_string.s); 3292 } 3293 archive_string_free(&error_string); 3294 return rc; 3295 } 3296 3297 /* 3298 * Create the parent directory of the specified path, assuming path 3299 * is already in mutable storage. 3300 */ 3301 static int 3302 create_parent_dir(struct archive_write_disk *a, char *path) 3303 { 3304 char *slash; 3305 int r; 3306 3307 /* Remove tail element to obtain parent name. */ 3308 slash = strrchr(path, '/'); 3309 if (slash == NULL) 3310 return (ARCHIVE_OK); 3311 *slash = '\0'; 3312 r = create_dir(a, path); 3313 *slash = '/'; 3314 return (r); 3315 } 3316 3317 /* 3318 * Create the specified dir, recursing to create parents as necessary. 3319 * 3320 * Returns ARCHIVE_OK if the path exists when we're done here. 3321 * Otherwise, returns ARCHIVE_FAILED. 3322 * Assumes path is in mutable storage; path is unchanged on exit. 3323 */ 3324 static int 3325 create_dir(struct archive_write_disk *a, char *path) 3326 { 3327 struct stat st; 3328 struct fixup_entry *le; 3329 char *slash, *base; 3330 mode_t mode_final, mode; 3331 int r; 3332 3333 /* Check for special names and just skip them. */ 3334 slash = strrchr(path, '/'); 3335 if (slash == NULL) 3336 base = path; 3337 else 3338 base = slash + 1; 3339 3340 if (base[0] == '\0' || 3341 (base[0] == '.' && base[1] == '\0') || 3342 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) { 3343 /* Don't bother trying to create null path, '.', or '..'. */ 3344 if (slash != NULL) { 3345 *slash = '\0'; 3346 r = create_dir(a, path); 3347 *slash = '/'; 3348 return (r); 3349 } 3350 return (ARCHIVE_OK); 3351 } 3352 3353 /* 3354 * Yes, this should be stat() and not lstat(). Using lstat() 3355 * here loses the ability to extract through symlinks. Also note 3356 * that this should not use the a->st cache. 3357 */ 3358 if (la_stat(path, &st) == 0) { 3359 if (S_ISDIR(st.st_mode)) 3360 return (ARCHIVE_OK); 3361 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) { 3362 archive_set_error(&a->archive, EEXIST, 3363 "Can't create directory '%s'", path); 3364 return (ARCHIVE_FAILED); 3365 } 3366 if (unlink(path) != 0) { 3367 archive_set_error(&a->archive, errno, 3368 "Can't create directory '%s': " 3369 "Conflicting file cannot be removed", 3370 path); 3371 return (ARCHIVE_FAILED); 3372 } 3373 } else if (errno != ENOENT && errno != ENOTDIR) { 3374 /* Stat failed? */ 3375 archive_set_error(&a->archive, errno, 3376 "Can't test directory '%s'", path); 3377 return (ARCHIVE_FAILED); 3378 } else if (slash != NULL) { 3379 *slash = '\0'; 3380 r = create_dir(a, path); 3381 *slash = '/'; 3382 if (r != ARCHIVE_OK) 3383 return (r); 3384 } 3385 3386 /* 3387 * Mode we want for the final restored directory. Per POSIX, 3388 * implicitly-created dirs must be created obeying the umask. 3389 * There's no mention whether this is different for privileged 3390 * restores (which the rest of this code handles by pretending 3391 * umask=0). I've chosen here to always obey the user's umask for 3392 * implicit dirs, even if _EXTRACT_PERM was specified. 3393 */ 3394 mode_final = DEFAULT_DIR_MODE & ~a->user_umask; 3395 /* Mode we want on disk during the restore process. */ 3396 mode = mode_final; 3397 mode |= MINIMUM_DIR_MODE; 3398 mode &= MAXIMUM_DIR_MODE; 3399 if (mkdir(path, mode) == 0) { 3400 if (mode != mode_final) { 3401 le = new_fixup(a, path); 3402 if (le == NULL) 3403 return (ARCHIVE_FATAL); 3404 le->fixup |=TODO_MODE_BASE; 3405 le->mode = mode_final; 3406 } 3407 return (ARCHIVE_OK); 3408 } 3409 3410 /* 3411 * Without the following check, a/b/../b/c/d fails at the 3412 * second visit to 'b', so 'd' can't be created. Note that we 3413 * don't add it to the fixup list here, as it's already been 3414 * added. 3415 */ 3416 if (la_stat(path, &st) == 0 && S_ISDIR(st.st_mode)) 3417 return (ARCHIVE_OK); 3418 3419 archive_set_error(&a->archive, errno, "Failed to create dir '%s'", 3420 path); 3421 return (ARCHIVE_FAILED); 3422 } 3423 3424 /* 3425 * Note: Although we can skip setting the user id if the desired user 3426 * id matches the current user, we cannot skip setting the group, as 3427 * many systems set the gid based on the containing directory. So 3428 * we have to perform a chown syscall if we want to set the SGID 3429 * bit. (The alternative is to stat() and then possibly chown(); it's 3430 * more efficient to skip the stat() and just always chown().) Note 3431 * that a successful chown() here clears the TODO_SGID_CHECK bit, which 3432 * allows set_mode to skip the stat() check for the GID. 3433 */ 3434 static int 3435 set_ownership(struct archive_write_disk *a) 3436 { 3437 #if !defined(__CYGWIN__) && !defined(__linux__) 3438 /* 3439 * On Linux, a process may have the CAP_CHOWN capability. 3440 * On Windows there is no 'root' user with uid 0. 3441 * Elsewhere we can skip calling chown if we are not root and the desired 3442 * user id does not match the current user. 3443 */ 3444 if (a->user_uid != 0 && a->user_uid != a->uid) { 3445 archive_set_error(&a->archive, errno, 3446 "Can't set UID=%jd", (intmax_t)a->uid); 3447 return (ARCHIVE_WARN); 3448 } 3449 #endif 3450 3451 #ifdef HAVE_FCHOWN 3452 /* If we have an fd, we can avoid a race. */ 3453 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) { 3454 /* We've set owner and know uid/gid are correct. */ 3455 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3456 return (ARCHIVE_OK); 3457 } 3458 #endif 3459 3460 /* We prefer lchown() but will use chown() if that's all we have. */ 3461 /* Of course, if we have neither, this will always fail. */ 3462 #ifdef HAVE_LCHOWN 3463 if (lchown(a->name, a->uid, a->gid) == 0) { 3464 /* We've set owner and know uid/gid are correct. */ 3465 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3466 return (ARCHIVE_OK); 3467 } 3468 #elif HAVE_CHOWN 3469 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) { 3470 /* We've set owner and know uid/gid are correct. */ 3471 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK); 3472 return (ARCHIVE_OK); 3473 } 3474 #endif 3475 3476 archive_set_error(&a->archive, errno, 3477 "Can't set user=%jd/group=%jd for %s", 3478 (intmax_t)a->uid, (intmax_t)a->gid, a->name); 3479 return (ARCHIVE_WARN); 3480 } 3481 3482 /* 3483 * Note: Returns 0 on success, non-zero on failure. 3484 */ 3485 static int 3486 set_time(int fd, int mode, const char *name, 3487 time_t atime, long atime_nsec, 3488 time_t mtime, long mtime_nsec) 3489 { 3490 /* Select the best implementation for this platform. */ 3491 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS) 3492 /* 3493 * utimensat() and futimens() are defined in 3494 * POSIX.1-2008. They support ns resolution and setting times 3495 * on fds and symlinks. 3496 */ 3497 struct timespec ts[2]; 3498 (void)mode; /* UNUSED */ 3499 if (atime == (time_t)-1) { 3500 ts[0].tv_sec = 0; 3501 ts[0].tv_nsec = UTIME_OMIT; 3502 } else { 3503 ts[0].tv_sec = atime; 3504 ts[0].tv_nsec = atime_nsec; 3505 } 3506 if (mtime == (time_t)-1) { 3507 ts[1].tv_sec = 0; 3508 ts[1].tv_nsec = UTIME_OMIT; 3509 } else { 3510 ts[1].tv_sec = mtime; 3511 ts[1].tv_nsec = mtime_nsec; 3512 } 3513 if (fd >= 0) 3514 return futimens(fd, ts); 3515 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW); 3516 3517 #elif HAVE_UTIMES 3518 /* 3519 * The utimes()-family functions support µs-resolution and 3520 * setting times fds and symlinks. utimes() is documented as 3521 * LEGACY by POSIX, futimes() and lutimes() are not described 3522 * in POSIX. 3523 */ 3524 struct timeval times[2]; 3525 3526 times[0].tv_sec = atime; 3527 times[0].tv_usec = atime_nsec / 1000; 3528 times[1].tv_sec = mtime; 3529 times[1].tv_usec = mtime_nsec / 1000; 3530 3531 #ifdef HAVE_FUTIMES 3532 if (fd >= 0) 3533 return (futimes(fd, times)); 3534 #else 3535 (void)fd; /* UNUSED */ 3536 #endif 3537 #ifdef HAVE_LUTIMES 3538 (void)mode; /* UNUSED */ 3539 return (lutimes(name, times)); 3540 #else 3541 if (S_ISLNK(mode)) 3542 return (0); 3543 return (utimes(name, times)); 3544 #endif 3545 3546 #elif defined(HAVE_UTIME) 3547 /* 3548 * utime() is POSIX-standard but only supports 1s resolution and 3549 * does not support fds or symlinks. 3550 */ 3551 struct utimbuf times; 3552 (void)fd; /* UNUSED */ 3553 (void)name; /* UNUSED */ 3554 (void)atime_nsec; /* UNUSED */ 3555 (void)mtime_nsec; /* UNUSED */ 3556 times.actime = atime; 3557 times.modtime = mtime; 3558 if (S_ISLNK(mode)) 3559 return (ARCHIVE_OK); 3560 return (utime(name, ×)); 3561 3562 #else 3563 /* 3564 * We don't know how to set the time on this platform. 3565 */ 3566 (void)fd; /* UNUSED */ 3567 (void)mode; /* UNUSED */ 3568 (void)name; /* UNUSED */ 3569 (void)atime_nsec; /* UNUSED */ 3570 (void)mtime_nsec; /* UNUSED */ 3571 return (ARCHIVE_WARN); 3572 #endif 3573 } 3574 3575 #ifdef F_SETTIMES 3576 static int 3577 set_time_tru64(int fd, int mode, const char *name, 3578 time_t atime, long atime_nsec, 3579 time_t mtime, long mtime_nsec, 3580 time_t ctime, long ctime_nsec) 3581 { 3582 struct attr_timbuf tstamp; 3583 tstamp.atime.tv_sec = atime; 3584 tstamp.mtime.tv_sec = mtime; 3585 tstamp.ctime.tv_sec = ctime; 3586 #if defined (__hpux) && defined (__ia64) 3587 tstamp.atime.tv_nsec = atime_nsec; 3588 tstamp.mtime.tv_nsec = mtime_nsec; 3589 tstamp.ctime.tv_nsec = ctime_nsec; 3590 #else 3591 tstamp.atime.tv_usec = atime_nsec / 1000; 3592 tstamp.mtime.tv_usec = mtime_nsec / 1000; 3593 tstamp.ctime.tv_usec = ctime_nsec / 1000; 3594 #endif 3595 return (fcntl(fd,F_SETTIMES,&tstamp)); 3596 } 3597 #endif /* F_SETTIMES */ 3598 3599 static int 3600 set_times(struct archive_write_disk *a, 3601 int fd, int mode, const char *name, 3602 time_t atime, long atime_nanos, 3603 time_t birthtime, long birthtime_nanos, 3604 time_t mtime, long mtime_nanos, 3605 time_t cctime, long ctime_nanos) 3606 { 3607 /* Note: set_time doesn't use libarchive return conventions! 3608 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */ 3609 int r1 = 0, r2 = 0; 3610 3611 #ifdef F_SETTIMES 3612 /* 3613 * on Tru64 try own fcntl first which can restore even the 3614 * ctime, fall back to default code path below if it fails 3615 * or if we are not running as root 3616 */ 3617 if (a->user_uid == 0 && 3618 set_time_tru64(fd, mode, name, 3619 atime, atime_nanos, mtime, 3620 mtime_nanos, cctime, ctime_nanos) == 0) { 3621 return (ARCHIVE_OK); 3622 } 3623 #else /* Tru64 */ 3624 (void)cctime; /* UNUSED */ 3625 (void)ctime_nanos; /* UNUSED */ 3626 #endif /* Tru64 */ 3627 3628 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME 3629 /* 3630 * If you have struct stat.st_birthtime, we assume BSD 3631 * birthtime semantics, in which {f,l,}utimes() updates 3632 * birthtime to earliest mtime. So we set the time twice, 3633 * first using the birthtime, then using the mtime. If 3634 * birthtime == mtime, this isn't necessary, so we skip it. 3635 * If birthtime > mtime, then this won't work, so we skip it. 3636 */ 3637 if (birthtime < mtime 3638 || (birthtime == mtime && birthtime_nanos < mtime_nanos)) 3639 r1 = set_time(fd, mode, name, 3640 atime, atime_nanos, 3641 birthtime, birthtime_nanos); 3642 #else 3643 (void)birthtime; /* UNUSED */ 3644 (void)birthtime_nanos; /* UNUSED */ 3645 #endif 3646 r2 = set_time(fd, mode, name, 3647 atime, atime_nanos, 3648 mtime, mtime_nanos); 3649 if (r1 != 0 || r2 != 0) { 3650 archive_set_error(&a->archive, errno, 3651 "Can't restore time"); 3652 return (ARCHIVE_WARN); 3653 } 3654 return (ARCHIVE_OK); 3655 } 3656 3657 static int 3658 set_times_from_entry(struct archive_write_disk *a) 3659 { 3660 time_t atime, birthtime, mtime, cctime; 3661 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec; 3662 3663 /* Suitable defaults. */ 3664 atime = birthtime = mtime = cctime = a->start_time; 3665 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0; 3666 3667 /* If no time was provided, we're done. */ 3668 if (!archive_entry_atime_is_set(a->entry) 3669 #if HAVE_STRUCT_STAT_ST_BIRTHTIME 3670 && !archive_entry_birthtime_is_set(a->entry) 3671 #endif 3672 && !archive_entry_mtime_is_set(a->entry)) 3673 return (ARCHIVE_OK); 3674 3675 if (archive_entry_atime_is_set(a->entry)) { 3676 atime = archive_entry_atime(a->entry); 3677 atime_nsec = archive_entry_atime_nsec(a->entry); 3678 } 3679 if (archive_entry_birthtime_is_set(a->entry)) { 3680 birthtime = archive_entry_birthtime(a->entry); 3681 birthtime_nsec = archive_entry_birthtime_nsec(a->entry); 3682 } 3683 if (archive_entry_mtime_is_set(a->entry)) { 3684 mtime = archive_entry_mtime(a->entry); 3685 mtime_nsec = archive_entry_mtime_nsec(a->entry); 3686 } 3687 if (archive_entry_ctime_is_set(a->entry)) { 3688 cctime = archive_entry_ctime(a->entry); 3689 ctime_nsec = archive_entry_ctime_nsec(a->entry); 3690 } 3691 3692 return set_times(a, a->fd, a->mode, a->name, 3693 atime, atime_nsec, 3694 birthtime, birthtime_nsec, 3695 mtime, mtime_nsec, 3696 cctime, ctime_nsec); 3697 } 3698 3699 static int 3700 set_mode(struct archive_write_disk *a, int mode) 3701 { 3702 int r = ARCHIVE_OK; 3703 int r2; 3704 mode &= 07777; /* Strip off file type bits. */ 3705 3706 if (a->todo & TODO_SGID_CHECK) { 3707 /* 3708 * If we don't know the GID is right, we must stat() 3709 * to verify it. We can't just check the GID of this 3710 * process, since systems sometimes set GID from 3711 * the enclosing dir or based on ACLs. 3712 */ 3713 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3714 return (r); 3715 if (a->pst->st_gid != a->gid) { 3716 mode &= ~ S_ISGID; 3717 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3718 /* 3719 * This is only an error if you 3720 * requested owner restore. If you 3721 * didn't, we'll try to restore 3722 * sgid/suid, but won't consider it a 3723 * problem if we can't. 3724 */ 3725 archive_set_error(&a->archive, -1, 3726 "Can't restore SGID bit"); 3727 r = ARCHIVE_WARN; 3728 } 3729 } 3730 /* While we're here, double-check the UID. */ 3731 if (a->pst->st_uid != a->uid 3732 && (a->todo & TODO_SUID)) { 3733 mode &= ~ S_ISUID; 3734 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3735 archive_set_error(&a->archive, -1, 3736 "Can't restore SUID bit"); 3737 r = ARCHIVE_WARN; 3738 } 3739 } 3740 a->todo &= ~TODO_SGID_CHECK; 3741 a->todo &= ~TODO_SUID_CHECK; 3742 } else if (a->todo & TODO_SUID_CHECK) { 3743 /* 3744 * If we don't know the UID is right, we can just check 3745 * the user, since all systems set the file UID from 3746 * the process UID. 3747 */ 3748 if (a->user_uid != a->uid) { 3749 mode &= ~ S_ISUID; 3750 if (a->flags & ARCHIVE_EXTRACT_OWNER) { 3751 archive_set_error(&a->archive, -1, 3752 "Can't make file SUID"); 3753 r = ARCHIVE_WARN; 3754 } 3755 } 3756 a->todo &= ~TODO_SUID_CHECK; 3757 } 3758 3759 if (S_ISLNK(a->mode)) { 3760 #ifdef HAVE_LCHMOD 3761 /* 3762 * If this is a symlink, use lchmod(). If the 3763 * platform doesn't support lchmod(), just skip it. A 3764 * platform that doesn't provide a way to set 3765 * permissions on symlinks probably ignores 3766 * permissions on symlinks, so a failure here has no 3767 * impact. 3768 */ 3769 if (lchmod(a->name, mode) != 0) { 3770 switch (errno) { 3771 case ENOTSUP: 3772 case ENOSYS: 3773 #if ENOTSUP != EOPNOTSUPP 3774 case EOPNOTSUPP: 3775 #endif 3776 /* 3777 * if lchmod is defined but the platform 3778 * doesn't support it, silently ignore 3779 * error 3780 */ 3781 break; 3782 default: 3783 archive_set_error(&a->archive, errno, 3784 "Can't set permissions to 0%o", (int)mode); 3785 r = ARCHIVE_WARN; 3786 } 3787 } 3788 #endif 3789 } else if (!S_ISDIR(a->mode)) { 3790 /* 3791 * If it's not a symlink and not a dir, then use 3792 * fchmod() or chmod(), depending on whether we have 3793 * an fd. Dirs get their perms set during the 3794 * post-extract fixup, which is handled elsewhere. 3795 */ 3796 #ifdef HAVE_FCHMOD 3797 if (a->fd >= 0) 3798 r2 = fchmod(a->fd, mode); 3799 else 3800 #endif 3801 /* If this platform lacks fchmod(), then 3802 * we'll just use chmod(). */ 3803 r2 = chmod(a->name, mode); 3804 3805 if (r2 != 0) { 3806 archive_set_error(&a->archive, errno, 3807 "Can't set permissions to 0%o", (int)mode); 3808 r = ARCHIVE_WARN; 3809 } 3810 } 3811 return (r); 3812 } 3813 3814 static int 3815 set_fflags(struct archive_write_disk *a) 3816 { 3817 struct fixup_entry *le; 3818 unsigned long set, clear; 3819 int r; 3820 mode_t mode = archive_entry_mode(a->entry); 3821 /* 3822 * Make 'critical_flags' hold all file flags that can't be 3823 * immediately restored. For example, on BSD systems, 3824 * SF_IMMUTABLE prevents hardlinks from being created, so 3825 * should not be set until after any hardlinks are created. To 3826 * preserve some semblance of portability, this uses #ifdef 3827 * extensively. Ugly, but it works. 3828 * 3829 * Yes, Virginia, this does create a security race. It's mitigated 3830 * somewhat by the practice of creating dirs 0700 until the extract 3831 * is done, but it would be nice if we could do more than that. 3832 * People restoring critical file systems should be wary of 3833 * other programs that might try to muck with files as they're 3834 * being restored. 3835 */ 3836 const int critical_flags = 0 3837 #ifdef SF_IMMUTABLE 3838 | SF_IMMUTABLE 3839 #endif 3840 #ifdef UF_IMMUTABLE 3841 | UF_IMMUTABLE 3842 #endif 3843 #ifdef SF_APPEND 3844 | SF_APPEND 3845 #endif 3846 #ifdef UF_APPEND 3847 | UF_APPEND 3848 #endif 3849 #if defined(FS_APPEND_FL) 3850 | FS_APPEND_FL 3851 #elif defined(EXT2_APPEND_FL) 3852 | EXT2_APPEND_FL 3853 #endif 3854 #if defined(FS_IMMUTABLE_FL) 3855 | FS_IMMUTABLE_FL 3856 #elif defined(EXT2_IMMUTABLE_FL) 3857 | EXT2_IMMUTABLE_FL 3858 #endif 3859 #ifdef FS_JOURNAL_DATA_FL 3860 | FS_JOURNAL_DATA_FL 3861 #endif 3862 ; 3863 3864 if (a->todo & TODO_FFLAGS) { 3865 archive_entry_fflags(a->entry, &set, &clear); 3866 3867 /* 3868 * The first test encourages the compiler to eliminate 3869 * all of this if it's not necessary. 3870 */ 3871 if ((critical_flags != 0) && (set & critical_flags)) { 3872 le = current_fixup(a, a->name); 3873 if (le == NULL) 3874 return (ARCHIVE_FATAL); 3875 le->filetype = archive_entry_filetype(a->entry); 3876 le->fixup |= TODO_FFLAGS; 3877 le->fflags_set = set; 3878 /* Store the mode if it's not already there. */ 3879 if ((le->fixup & TODO_MODE) == 0) 3880 le->mode = mode; 3881 } else { 3882 r = set_fflags_platform(a, a->fd, 3883 a->name, mode, set, clear); 3884 if (r != ARCHIVE_OK) 3885 return (r); 3886 } 3887 } 3888 return (ARCHIVE_OK); 3889 } 3890 3891 static int 3892 clear_nochange_fflags(struct archive_write_disk *a) 3893 { 3894 mode_t mode = archive_entry_mode(a->entry); 3895 const int nochange_flags = 0 3896 #ifdef SF_IMMUTABLE 3897 | SF_IMMUTABLE 3898 #endif 3899 #ifdef UF_IMMUTABLE 3900 | UF_IMMUTABLE 3901 #endif 3902 #ifdef SF_APPEND 3903 | SF_APPEND 3904 #endif 3905 #ifdef UF_APPEND 3906 | UF_APPEND 3907 #endif 3908 #ifdef EXT2_APPEND_FL 3909 | EXT2_APPEND_FL 3910 #endif 3911 #ifdef EXT2_IMMUTABLE_FL 3912 | EXT2_IMMUTABLE_FL 3913 #endif 3914 ; 3915 3916 return (set_fflags_platform(a, a->fd, a->name, mode, 0, 3917 nochange_flags)); 3918 } 3919 3920 3921 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS) 3922 /* 3923 * BSD reads flags using stat() and sets them with one of {f,l,}chflags() 3924 */ 3925 static int 3926 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 3927 mode_t mode, unsigned long set, unsigned long clear) 3928 { 3929 int r; 3930 const int sf_mask = 0 3931 #ifdef SF_APPEND 3932 | SF_APPEND 3933 #endif 3934 #ifdef SF_ARCHIVED 3935 | SF_ARCHIVED 3936 #endif 3937 #ifdef SF_IMMUTABLE 3938 | SF_IMMUTABLE 3939 #endif 3940 #ifdef SF_NOUNLINK 3941 | SF_NOUNLINK 3942 #endif 3943 ; 3944 (void)mode; /* UNUSED */ 3945 3946 if (set == 0 && clear == 0) 3947 return (ARCHIVE_OK); 3948 3949 /* 3950 * XXX Is the stat here really necessary? Or can I just use 3951 * the 'set' flags directly? In particular, I'm not sure 3952 * about the correct approach if we're overwriting an existing 3953 * file that already has flags on it. XXX 3954 */ 3955 if ((r = lazy_stat(a)) != ARCHIVE_OK) 3956 return (r); 3957 3958 a->st.st_flags &= ~clear; 3959 a->st.st_flags |= set; 3960 3961 /* Only super-user may change SF_* flags */ 3962 3963 if (a->user_uid != 0) 3964 a->st.st_flags &= ~sf_mask; 3965 3966 #ifdef HAVE_FCHFLAGS 3967 /* If platform has fchflags() and we were given an fd, use it. */ 3968 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0) 3969 return (ARCHIVE_OK); 3970 #endif 3971 /* 3972 * If we can't use the fd to set the flags, we'll use the 3973 * pathname to set flags. We prefer lchflags() but will use 3974 * chflags() if we must. 3975 */ 3976 #ifdef HAVE_LCHFLAGS 3977 if (lchflags(name, a->st.st_flags) == 0) 3978 return (ARCHIVE_OK); 3979 #elif defined(HAVE_CHFLAGS) 3980 if (S_ISLNK(a->st.st_mode)) { 3981 archive_set_error(&a->archive, errno, 3982 "Can't set file flags on symlink."); 3983 return (ARCHIVE_WARN); 3984 } 3985 if (chflags(name, a->st.st_flags) == 0) 3986 return (ARCHIVE_OK); 3987 #endif 3988 archive_set_error(&a->archive, errno, 3989 "Failed to set file flags"); 3990 return (ARCHIVE_WARN); 3991 } 3992 3993 #elif (defined(FS_IOC_GETFLAGS) && defined(FS_IOC_SETFLAGS) && \ 3994 defined(HAVE_WORKING_FS_IOC_GETFLAGS)) || \ 3995 (defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && \ 3996 defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)) 3997 /* 3998 * Linux uses ioctl() to read and write file flags. 3999 */ 4000 static int 4001 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 4002 mode_t mode, unsigned long set, unsigned long clear) 4003 { 4004 int ret; 4005 int myfd = fd; 4006 int newflags, oldflags; 4007 /* 4008 * Linux has no define for the flags that are only settable by 4009 * the root user. This code may seem a little complex, but 4010 * there seem to be some Linux systems that lack these 4011 * defines. (?) The code below degrades reasonably gracefully 4012 * if sf_mask is incomplete. 4013 */ 4014 const int sf_mask = 0 4015 #if defined(FS_IMMUTABLE_FL) 4016 | FS_IMMUTABLE_FL 4017 #elif defined(EXT2_IMMUTABLE_FL) 4018 | EXT2_IMMUTABLE_FL 4019 #endif 4020 #if defined(FS_APPEND_FL) 4021 | FS_APPEND_FL 4022 #elif defined(EXT2_APPEND_FL) 4023 | EXT2_APPEND_FL 4024 #endif 4025 #if defined(FS_JOURNAL_DATA_FL) 4026 | FS_JOURNAL_DATA_FL 4027 #endif 4028 ; 4029 4030 if (set == 0 && clear == 0) 4031 return (ARCHIVE_OK); 4032 /* Only regular files and dirs can have flags. */ 4033 if (!S_ISREG(mode) && !S_ISDIR(mode)) 4034 return (ARCHIVE_OK); 4035 4036 /* If we weren't given an fd, open it ourselves. */ 4037 if (myfd < 0) { 4038 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | 4039 O_CLOEXEC | O_NOFOLLOW); 4040 __archive_ensure_cloexec_flag(myfd); 4041 } 4042 if (myfd < 0) 4043 return (ARCHIVE_OK); 4044 4045 /* 4046 * XXX As above, this would be way simpler if we didn't have 4047 * to read the current flags from disk. XXX 4048 */ 4049 ret = ARCHIVE_OK; 4050 4051 /* Read the current file flags. */ 4052 if (ioctl(myfd, 4053 #ifdef FS_IOC_GETFLAGS 4054 FS_IOC_GETFLAGS, 4055 #else 4056 EXT2_IOC_GETFLAGS, 4057 #endif 4058 &oldflags) < 0) 4059 goto fail; 4060 4061 /* Try setting the flags as given. */ 4062 newflags = (oldflags & ~clear) | set; 4063 if (ioctl(myfd, 4064 #ifdef FS_IOC_SETFLAGS 4065 FS_IOC_SETFLAGS, 4066 #else 4067 EXT2_IOC_SETFLAGS, 4068 #endif 4069 &newflags) >= 0) 4070 goto cleanup; 4071 if (errno != EPERM) 4072 goto fail; 4073 4074 /* If we couldn't set all the flags, try again with a subset. */ 4075 newflags &= ~sf_mask; 4076 oldflags &= sf_mask; 4077 newflags |= oldflags; 4078 if (ioctl(myfd, 4079 #ifdef FS_IOC_SETFLAGS 4080 FS_IOC_SETFLAGS, 4081 #else 4082 EXT2_IOC_SETFLAGS, 4083 #endif 4084 &newflags) >= 0) 4085 goto cleanup; 4086 4087 /* We couldn't set the flags, so report the failure. */ 4088 fail: 4089 archive_set_error(&a->archive, errno, 4090 "Failed to set file flags"); 4091 ret = ARCHIVE_WARN; 4092 cleanup: 4093 if (fd < 0) 4094 close(myfd); 4095 return (ret); 4096 } 4097 4098 #else 4099 4100 /* 4101 * Of course, some systems have neither BSD chflags() nor Linux' flags 4102 * support through ioctl(). 4103 */ 4104 static int 4105 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name, 4106 mode_t mode, unsigned long set, unsigned long clear) 4107 { 4108 (void)a; /* UNUSED */ 4109 (void)fd; /* UNUSED */ 4110 (void)name; /* UNUSED */ 4111 (void)mode; /* UNUSED */ 4112 (void)set; /* UNUSED */ 4113 (void)clear; /* UNUSED */ 4114 return (ARCHIVE_OK); 4115 } 4116 4117 #endif /* __linux */ 4118 4119 #ifndef HAVE_COPYFILE_H 4120 /* Default is to simply drop Mac extended metadata. */ 4121 static int 4122 set_mac_metadata(struct archive_write_disk *a, const char *pathname, 4123 const void *metadata, size_t metadata_size) 4124 { 4125 (void)a; /* UNUSED */ 4126 (void)pathname; /* UNUSED */ 4127 (void)metadata; /* UNUSED */ 4128 (void)metadata_size; /* UNUSED */ 4129 return (ARCHIVE_OK); 4130 } 4131 4132 static int 4133 fixup_appledouble(struct archive_write_disk *a, const char *pathname) 4134 { 4135 (void)a; /* UNUSED */ 4136 (void)pathname; /* UNUSED */ 4137 return (ARCHIVE_OK); 4138 } 4139 #else 4140 4141 /* 4142 * On Mac OS, we use copyfile() to unpack the metadata and 4143 * apply it to the target file. 4144 */ 4145 4146 #if defined(HAVE_SYS_XATTR_H) 4147 static int 4148 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd) 4149 { 4150 ssize_t xattr_size; 4151 char *xattr_names = NULL, *xattr_val = NULL; 4152 int ret = ARCHIVE_OK, xattr_i; 4153 4154 xattr_size = flistxattr(tmpfd, NULL, 0, 0); 4155 if (xattr_size == -1) { 4156 archive_set_error(&a->archive, errno, 4157 "Failed to read metadata(xattr)"); 4158 ret = ARCHIVE_WARN; 4159 goto exit_xattr; 4160 } 4161 xattr_names = malloc(xattr_size); 4162 if (xattr_names == NULL) { 4163 archive_set_error(&a->archive, ENOMEM, 4164 "Can't allocate memory for metadata(xattr)"); 4165 ret = ARCHIVE_FATAL; 4166 goto exit_xattr; 4167 } 4168 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0); 4169 if (xattr_size == -1) { 4170 archive_set_error(&a->archive, errno, 4171 "Failed to read metadata(xattr)"); 4172 ret = ARCHIVE_WARN; 4173 goto exit_xattr; 4174 } 4175 for (xattr_i = 0; xattr_i < xattr_size; 4176 xattr_i += strlen(xattr_names + xattr_i) + 1) { 4177 char *xattr_val_saved; 4178 ssize_t s; 4179 int f; 4180 4181 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0); 4182 if (s == -1) { 4183 archive_set_error(&a->archive, errno, 4184 "Failed to get metadata(xattr)"); 4185 ret = ARCHIVE_WARN; 4186 goto exit_xattr; 4187 } 4188 xattr_val_saved = xattr_val; 4189 xattr_val = realloc(xattr_val, s); 4190 if (xattr_val == NULL) { 4191 archive_set_error(&a->archive, ENOMEM, 4192 "Failed to get metadata(xattr)"); 4193 ret = ARCHIVE_WARN; 4194 free(xattr_val_saved); 4195 goto exit_xattr; 4196 } 4197 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0); 4198 if (s == -1) { 4199 archive_set_error(&a->archive, errno, 4200 "Failed to get metadata(xattr)"); 4201 ret = ARCHIVE_WARN; 4202 goto exit_xattr; 4203 } 4204 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0); 4205 if (f == -1) { 4206 archive_set_error(&a->archive, errno, 4207 "Failed to get metadata(xattr)"); 4208 ret = ARCHIVE_WARN; 4209 goto exit_xattr; 4210 } 4211 } 4212 exit_xattr: 4213 free(xattr_names); 4214 free(xattr_val); 4215 return (ret); 4216 } 4217 #endif 4218 4219 static int 4220 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd) 4221 { 4222 #ifndef HAVE_SYS_ACL_H 4223 return 0; 4224 #else 4225 acl_t acl, dfacl = NULL; 4226 int acl_r, ret = ARCHIVE_OK; 4227 4228 acl = acl_get_fd(tmpfd); 4229 if (acl == NULL) { 4230 if (errno == ENOENT) 4231 /* There are not any ACLs. */ 4232 return (ret); 4233 archive_set_error(&a->archive, errno, 4234 "Failed to get metadata(acl)"); 4235 ret = ARCHIVE_WARN; 4236 goto exit_acl; 4237 } 4238 dfacl = acl_dup(acl); 4239 acl_r = acl_set_fd(dffd, dfacl); 4240 if (acl_r == -1) { 4241 archive_set_error(&a->archive, errno, 4242 "Failed to get metadata(acl)"); 4243 ret = ARCHIVE_WARN; 4244 goto exit_acl; 4245 } 4246 exit_acl: 4247 if (acl) 4248 acl_free(acl); 4249 if (dfacl) 4250 acl_free(dfacl); 4251 return (ret); 4252 #endif 4253 } 4254 4255 static int 4256 create_tempdatafork(struct archive_write_disk *a, const char *pathname) 4257 { 4258 struct archive_string tmpdatafork; 4259 int tmpfd; 4260 4261 archive_string_init(&tmpdatafork); 4262 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX"); 4263 tmpfd = mkstemp(tmpdatafork.s); 4264 if (tmpfd < 0) { 4265 archive_set_error(&a->archive, errno, 4266 "Failed to mkstemp"); 4267 archive_string_free(&tmpdatafork); 4268 return (-1); 4269 } 4270 if (copyfile(pathname, tmpdatafork.s, 0, 4271 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4272 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4273 archive_set_error(&a->archive, errno, 4274 "Failed to restore metadata"); 4275 close(tmpfd); 4276 tmpfd = -1; 4277 } 4278 unlink(tmpdatafork.s); 4279 archive_string_free(&tmpdatafork); 4280 return (tmpfd); 4281 } 4282 4283 static int 4284 copy_metadata(struct archive_write_disk *a, const char *metadata, 4285 const char *datafork, int datafork_compressed) 4286 { 4287 int ret = ARCHIVE_OK; 4288 4289 if (datafork_compressed) { 4290 int dffd, tmpfd; 4291 4292 tmpfd = create_tempdatafork(a, metadata); 4293 if (tmpfd == -1) 4294 return (ARCHIVE_WARN); 4295 4296 /* 4297 * Do not open the data fork compressed by HFS+ compression 4298 * with at least a writing mode(O_RDWR or O_WRONLY). it 4299 * makes the data fork uncompressed. 4300 */ 4301 dffd = open(datafork, 0); 4302 if (dffd == -1) { 4303 archive_set_error(&a->archive, errno, 4304 "Failed to open the data fork for metadata"); 4305 close(tmpfd); 4306 return (ARCHIVE_WARN); 4307 } 4308 4309 #if defined(HAVE_SYS_XATTR_H) 4310 ret = copy_xattrs(a, tmpfd, dffd); 4311 if (ret == ARCHIVE_OK) 4312 #endif 4313 ret = copy_acls(a, tmpfd, dffd); 4314 close(tmpfd); 4315 close(dffd); 4316 } else { 4317 if (copyfile(metadata, datafork, 0, 4318 COPYFILE_UNPACK | COPYFILE_NOFOLLOW 4319 | COPYFILE_ACL | COPYFILE_XATTR) < 0) { 4320 archive_set_error(&a->archive, errno, 4321 "Failed to restore metadata"); 4322 ret = ARCHIVE_WARN; 4323 } 4324 } 4325 return (ret); 4326 } 4327 4328 static int 4329 set_mac_metadata(struct archive_write_disk *a, const char *pathname, 4330 const void *metadata, size_t metadata_size) 4331 { 4332 struct archive_string tmp; 4333 ssize_t written; 4334 int fd; 4335 int ret = ARCHIVE_OK; 4336 4337 /* This would be simpler if copyfile() could just accept the 4338 * metadata as a block of memory; then we could sidestep this 4339 * silly dance of writing the data to disk just so that 4340 * copyfile() can read it back in again. */ 4341 archive_string_init(&tmp); 4342 archive_strcpy(&tmp, pathname); 4343 archive_strcat(&tmp, ".XXXXXX"); 4344 fd = mkstemp(tmp.s); 4345 4346 if (fd < 0) { 4347 archive_set_error(&a->archive, errno, 4348 "Failed to restore metadata"); 4349 archive_string_free(&tmp); 4350 return (ARCHIVE_WARN); 4351 } 4352 written = write(fd, metadata, metadata_size); 4353 close(fd); 4354 if ((size_t)written != metadata_size) { 4355 archive_set_error(&a->archive, errno, 4356 "Failed to restore metadata"); 4357 ret = ARCHIVE_WARN; 4358 } else { 4359 int compressed; 4360 4361 #if defined(UF_COMPRESSED) 4362 if ((a->todo & TODO_HFS_COMPRESSION) != 0 && 4363 (ret = lazy_stat(a)) == ARCHIVE_OK) 4364 compressed = a->st.st_flags & UF_COMPRESSED; 4365 else 4366 #endif 4367 compressed = 0; 4368 ret = copy_metadata(a, tmp.s, pathname, compressed); 4369 } 4370 unlink(tmp.s); 4371 archive_string_free(&tmp); 4372 return (ret); 4373 } 4374 4375 static int 4376 fixup_appledouble(struct archive_write_disk *a, const char *pathname) 4377 { 4378 char buff[8]; 4379 struct stat st; 4380 const char *p; 4381 struct archive_string datafork; 4382 int fd = -1, ret = ARCHIVE_OK; 4383 4384 archive_string_init(&datafork); 4385 /* Check if the current file name is a type of the resource 4386 * fork file. */ 4387 p = strrchr(pathname, '/'); 4388 if (p == NULL) 4389 p = pathname; 4390 else 4391 p++; 4392 if (p[0] != '.' || p[1] != '_') 4393 goto skip_appledouble; 4394 4395 /* 4396 * Check if the data fork file exists. 4397 * 4398 * TODO: Check if this write disk object has handled it. 4399 */ 4400 archive_strncpy(&datafork, pathname, p - pathname); 4401 archive_strcat(&datafork, p + 2); 4402 if (lstat(datafork.s, &st) == -1 || 4403 (st.st_mode & AE_IFMT) != AE_IFREG) 4404 goto skip_appledouble; 4405 4406 /* 4407 * Check if the file is in the AppleDouble form. 4408 */ 4409 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC); 4410 __archive_ensure_cloexec_flag(fd); 4411 if (fd == -1) { 4412 archive_set_error(&a->archive, errno, 4413 "Failed to open a restoring file"); 4414 ret = ARCHIVE_WARN; 4415 goto skip_appledouble; 4416 } 4417 if (read(fd, buff, 8) == -1) { 4418 archive_set_error(&a->archive, errno, 4419 "Failed to read a restoring file"); 4420 close(fd); 4421 ret = ARCHIVE_WARN; 4422 goto skip_appledouble; 4423 } 4424 close(fd); 4425 /* Check AppleDouble Magic Code. */ 4426 if (archive_be32dec(buff) != 0x00051607) 4427 goto skip_appledouble; 4428 /* Check AppleDouble Version. */ 4429 if (archive_be32dec(buff+4) != 0x00020000) 4430 goto skip_appledouble; 4431 4432 ret = copy_metadata(a, pathname, datafork.s, 4433 #if defined(UF_COMPRESSED) 4434 st.st_flags & UF_COMPRESSED); 4435 #else 4436 0); 4437 #endif 4438 if (ret == ARCHIVE_OK) { 4439 unlink(pathname); 4440 ret = ARCHIVE_EOF; 4441 } 4442 skip_appledouble: 4443 archive_string_free(&datafork); 4444 return (ret); 4445 } 4446 #endif 4447 4448 #if ARCHIVE_XATTR_LINUX || ARCHIVE_XATTR_DARWIN || ARCHIVE_XATTR_AIX 4449 /* 4450 * Restore extended attributes - Linux, Darwin and AIX implementations: 4451 * AIX' ea interface is syntaxwise identical to the Linux xattr interface. 4452 */ 4453 static int 4454 set_xattrs(struct archive_write_disk *a) 4455 { 4456 struct archive_entry *entry = a->entry; 4457 struct archive_string errlist; 4458 int ret = ARCHIVE_OK; 4459 int i = archive_entry_xattr_reset(entry); 4460 short fail = 0; 4461 4462 archive_string_init(&errlist); 4463 4464 while (i--) { 4465 const char *name; 4466 const void *value; 4467 size_t size; 4468 int e; 4469 4470 archive_entry_xattr_next(entry, &name, &value, &size); 4471 4472 if (name == NULL) 4473 continue; 4474 #if ARCHIVE_XATTR_LINUX 4475 /* Linux: quietly skip POSIX.1e ACL extended attributes */ 4476 if (strncmp(name, "system.", 7) == 0 && 4477 (strcmp(name + 7, "posix_acl_access") == 0 || 4478 strcmp(name + 7, "posix_acl_default") == 0)) 4479 continue; 4480 if (strncmp(name, "trusted.SGI_", 12) == 0 && 4481 (strcmp(name + 12, "ACL_DEFAULT") == 0 || 4482 strcmp(name + 12, "ACL_FILE") == 0)) 4483 continue; 4484 4485 /* Linux: xfsroot namespace is obsolete and unsupported */ 4486 if (strncmp(name, "xfsroot.", 8) == 0) { 4487 fail = 1; 4488 archive_strcat(&errlist, name); 4489 archive_strappend_char(&errlist, ' '); 4490 continue; 4491 } 4492 #endif 4493 4494 if (a->fd >= 0) { 4495 #if ARCHIVE_XATTR_LINUX 4496 e = fsetxattr(a->fd, name, value, size, 0); 4497 #elif ARCHIVE_XATTR_DARWIN 4498 e = fsetxattr(a->fd, name, value, size, 0, 0); 4499 #elif ARCHIVE_XATTR_AIX 4500 e = fsetea(a->fd, name, value, size, 0); 4501 #endif 4502 } else { 4503 #if ARCHIVE_XATTR_LINUX 4504 e = lsetxattr(archive_entry_pathname(entry), 4505 name, value, size, 0); 4506 #elif ARCHIVE_XATTR_DARWIN 4507 e = setxattr(archive_entry_pathname(entry), 4508 name, value, size, 0, XATTR_NOFOLLOW); 4509 #elif ARCHIVE_XATTR_AIX 4510 e = lsetea(archive_entry_pathname(entry), 4511 name, value, size, 0); 4512 #endif 4513 } 4514 if (e == -1) { 4515 ret = ARCHIVE_WARN; 4516 archive_strcat(&errlist, name); 4517 archive_strappend_char(&errlist, ' '); 4518 if (errno != ENOTSUP && errno != ENOSYS) 4519 fail = 1; 4520 } 4521 } 4522 4523 if (ret == ARCHIVE_WARN) { 4524 if (fail && errlist.length > 0) { 4525 errlist.length--; 4526 errlist.s[errlist.length] = '\0'; 4527 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4528 "Cannot restore extended attributes: %s", 4529 errlist.s); 4530 } else 4531 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4532 "Cannot restore extended " 4533 "attributes on this file system."); 4534 } 4535 4536 archive_string_free(&errlist); 4537 return (ret); 4538 } 4539 #elif ARCHIVE_XATTR_FREEBSD 4540 /* 4541 * Restore extended attributes - FreeBSD implementation 4542 */ 4543 static int 4544 set_xattrs(struct archive_write_disk *a) 4545 { 4546 struct archive_entry *entry = a->entry; 4547 struct archive_string errlist; 4548 int ret = ARCHIVE_OK; 4549 int i = archive_entry_xattr_reset(entry); 4550 short fail = 0; 4551 4552 archive_string_init(&errlist); 4553 4554 while (i--) { 4555 const char *name; 4556 const void *value; 4557 size_t size; 4558 archive_entry_xattr_next(entry, &name, &value, &size); 4559 if (name != NULL) { 4560 int e; 4561 int namespace; 4562 4563 namespace = EXTATTR_NAMESPACE_USER; 4564 4565 if (strncmp(name, "user.", 5) == 0) { 4566 /* "user." attributes go to user namespace */ 4567 name += 5; 4568 namespace = EXTATTR_NAMESPACE_USER; 4569 } else if (strncmp(name, "system.", 7) == 0) { 4570 name += 7; 4571 namespace = EXTATTR_NAMESPACE_SYSTEM; 4572 if (!strcmp(name, "nfs4.acl") || 4573 !strcmp(name, "posix1e.acl_access") || 4574 !strcmp(name, "posix1e.acl_default")) 4575 continue; 4576 } else { 4577 /* Other namespaces are unsupported */ 4578 archive_strcat(&errlist, name); 4579 archive_strappend_char(&errlist, ' '); 4580 fail = 1; 4581 ret = ARCHIVE_WARN; 4582 continue; 4583 } 4584 4585 if (a->fd >= 0) { 4586 /* 4587 * On FreeBSD, extattr_set_fd does not 4588 * return the same as 4589 * extattr_set_file. It returns zero 4590 * on success, non-zero on failure. 4591 * 4592 * We can detect the failure by 4593 * manually setting errno prior to the 4594 * call and checking after. 4595 * 4596 * If errno remains zero, fake the 4597 * return value by setting e to size. 4598 * 4599 * This is a hack for now until I 4600 * (Shawn Webb) get FreeBSD to fix the 4601 * issue, if that's even possible. 4602 */ 4603 errno = 0; 4604 e = extattr_set_fd(a->fd, namespace, name, 4605 value, size); 4606 if (e == 0 && errno == 0) { 4607 e = size; 4608 } 4609 } else { 4610 e = extattr_set_link( 4611 archive_entry_pathname(entry), namespace, 4612 name, value, size); 4613 } 4614 if (e != (int)size) { 4615 archive_strcat(&errlist, name); 4616 archive_strappend_char(&errlist, ' '); 4617 ret = ARCHIVE_WARN; 4618 if (errno != ENOTSUP && errno != ENOSYS) 4619 fail = 1; 4620 } 4621 } 4622 } 4623 4624 if (ret == ARCHIVE_WARN) { 4625 if (fail && errlist.length > 0) { 4626 errlist.length--; 4627 errlist.s[errlist.length] = '\0'; 4628 4629 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4630 "Cannot restore extended attributes: %s", 4631 errlist.s); 4632 } else 4633 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, 4634 "Cannot restore extended " 4635 "attributes on this file system."); 4636 } 4637 4638 archive_string_free(&errlist); 4639 return (ret); 4640 } 4641 #else 4642 /* 4643 * Restore extended attributes - stub implementation for unsupported systems 4644 */ 4645 static int 4646 set_xattrs(struct archive_write_disk *a) 4647 { 4648 static int warning_done = 0; 4649 4650 /* If there aren't any extended attributes, then it's okay not 4651 * to extract them, otherwise, issue a single warning. */ 4652 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) { 4653 warning_done = 1; 4654 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, 4655 "Cannot restore extended attributes on this system"); 4656 return (ARCHIVE_WARN); 4657 } 4658 /* Warning was already emitted; suppress further warnings. */ 4659 return (ARCHIVE_OK); 4660 } 4661 #endif 4662 4663 /* 4664 * Test if file on disk is older than entry. 4665 */ 4666 static int 4667 older(struct stat *st, struct archive_entry *entry) 4668 { 4669 /* First, test the seconds and return if we have a definite answer. */ 4670 /* Definitely older. */ 4671 if (to_int64_time(st->st_mtime) < to_int64_time(archive_entry_mtime(entry))) 4672 return (1); 4673 /* Definitely younger. */ 4674 if (to_int64_time(st->st_mtime) > to_int64_time(archive_entry_mtime(entry))) 4675 return (0); 4676 /* If this platform supports fractional seconds, try those. */ 4677 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC 4678 /* Definitely older. */ 4679 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry)) 4680 return (1); 4681 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC 4682 /* Definitely older. */ 4683 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry)) 4684 return (1); 4685 #elif HAVE_STRUCT_STAT_ST_MTIME_N 4686 /* older. */ 4687 if (st->st_mtime_n < archive_entry_mtime_nsec(entry)) 4688 return (1); 4689 #elif HAVE_STRUCT_STAT_ST_UMTIME 4690 /* older. */ 4691 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry)) 4692 return (1); 4693 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC 4694 /* older. */ 4695 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry)) 4696 return (1); 4697 #else 4698 /* This system doesn't have high-res timestamps. */ 4699 #endif 4700 /* Same age or newer, so not older. */ 4701 return (0); 4702 } 4703 4704 #ifndef ARCHIVE_ACL_SUPPORT 4705 int 4706 archive_write_disk_set_acls(struct archive *a, int fd, const char *name, 4707 struct archive_acl *abstract_acl, __LA_MODE_T mode) 4708 { 4709 (void)a; /* UNUSED */ 4710 (void)fd; /* UNUSED */ 4711 (void)name; /* UNUSED */ 4712 (void)abstract_acl; /* UNUSED */ 4713 (void)mode; /* UNUSED */ 4714 return (ARCHIVE_OK); 4715 } 4716 #endif 4717 4718 #endif /* !_WIN32 || __CYGWIN__ */ 4719 4720