1 /*-
2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 */
27
28 #include "archive_platform.h"
29
30 #if !defined(_WIN32) || defined(__CYGWIN__)
31
32 #ifdef HAVE_SYS_TYPES_H
33 #include <sys/types.h>
34 #endif
35 #ifdef HAVE_SYS_ACL_H
36 #include <sys/acl.h>
37 #endif
38 #ifdef HAVE_SYS_EXTATTR_H
39 #include <sys/extattr.h>
40 #endif
41 #if HAVE_SYS_XATTR_H
42 #include <sys/xattr.h>
43 #elif HAVE_ATTR_XATTR_H
44 #include <attr/xattr.h>
45 #endif
46 #ifdef HAVE_SYS_EA_H
47 #include <sys/ea.h>
48 #endif
49 #ifdef HAVE_SYS_IOCTL_H
50 #include <sys/ioctl.h>
51 #endif
52 #ifdef HAVE_SYS_STAT_H
53 #include <sys/stat.h>
54 #endif
55 #ifdef HAVE_SYS_TIME_H
56 #include <sys/time.h>
57 #endif
58 #ifdef HAVE_SYS_UTIME_H
59 #include <sys/utime.h>
60 #endif
61 #ifdef HAVE_COPYFILE_H
62 #include <copyfile.h>
63 #endif
64 #ifdef HAVE_ERRNO_H
65 #include <errno.h>
66 #endif
67 #ifdef HAVE_FCNTL_H
68 #include <fcntl.h>
69 #endif
70 #ifdef HAVE_GRP_H
71 #include <grp.h>
72 #endif
73 #ifdef HAVE_LANGINFO_H
74 #include <langinfo.h>
75 #endif
76 #ifdef HAVE_LINUX_FS_H
77 #include <linux/fs.h> /* for Linux file flags */
78 #endif
79 /*
80 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
81 * As the include guards don't agree, the order of include is important.
82 */
83 #ifdef HAVE_LINUX_EXT2_FS_H
84 #include <linux/ext2_fs.h> /* for Linux file flags */
85 #endif
86 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
87 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
88 #endif
89 #ifdef HAVE_LIMITS_H
90 #include <limits.h>
91 #endif
92 #ifdef HAVE_PWD_H
93 #include <pwd.h>
94 #endif
95 #include <stdio.h>
96 #ifdef HAVE_STDLIB_H
97 #include <stdlib.h>
98 #endif
99 #ifdef HAVE_STRING_H
100 #include <string.h>
101 #endif
102 #ifdef HAVE_UNISTD_H
103 #include <unistd.h>
104 #endif
105 #ifdef HAVE_UTIME_H
106 #include <utime.h>
107 #endif
108 #ifdef F_GETTIMES /* Tru64 specific */
109 #include <sys/fcntl1.h>
110 #endif
111
112 /*
113 * Macro to cast st_mtime and time_t to an int64 so that 2 numbers can reliably be compared.
114 *
115 * It assumes that the input is an integer type of no more than 64 bits.
116 * If the number is less than zero, t must be a signed type, so it fits in
117 * int64_t. Otherwise, it's a nonnegative value so we can cast it to uint64_t
118 * without loss. But it could be a large unsigned value, so we have to clip it
119 * to INT64_MAX.*
120 */
121 #define to_int64_time(t) \
122 ((t) < 0 ? (int64_t)(t) : (uint64_t)(t) > (uint64_t)INT64_MAX ? INT64_MAX : (int64_t)(t))
123
124 #if __APPLE__
125 #include <TargetConditionals.h>
126 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
127 #include <quarantine.h>
128 #define HAVE_QUARANTINE 1
129 #endif
130 #endif
131
132 #ifdef HAVE_ZLIB_H
133 #include <zlib.h>
134 #endif
135
136 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
137 * standard tag to mark files that have been downloaded as "tainted".
138 * On Mac OS, we should mark the extracted files as tainted if the
139 * archive being read was tainted. Windows has a similar feature; we
140 * should investigate ways to support this generically. */
141
142 #include "archive.h"
143 #include "archive_acl_private.h"
144 #include "archive_string.h"
145 #include "archive_endian.h"
146 #include "archive_entry.h"
147 #include "archive_private.h"
148 #include "archive_write_disk_private.h"
149
150 #ifndef O_BINARY
151 #define O_BINARY 0
152 #endif
153 #ifndef O_CLOEXEC
154 #define O_CLOEXEC 0
155 #endif
156
157 /* Ignore non-int O_NOFOLLOW constant. */
158 /* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
159 #if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
160 #undef O_NOFOLLOW
161 #endif
162
163 #ifndef O_NOFOLLOW
164 #define O_NOFOLLOW 0
165 #endif
166
167 #ifndef AT_FDCWD
168 #define AT_FDCWD -100
169 #endif
170
171 struct fixup_entry {
172 struct fixup_entry *next;
173 struct archive_acl acl;
174 mode_t mode;
175 __LA_MODE_T filetype;
176 int64_t atime;
177 int64_t birthtime;
178 int64_t mtime;
179 int64_t ctime;
180 unsigned long atime_nanos;
181 unsigned long birthtime_nanos;
182 unsigned long mtime_nanos;
183 unsigned long ctime_nanos;
184 unsigned long fflags_set;
185 size_t mac_metadata_size;
186 void *mac_metadata;
187 int fixup; /* bitmask of what needs fixing */
188 char *name;
189 };
190
191 /*
192 * We use a bitmask to track which operations remain to be done for
193 * this file. In particular, this helps us avoid unnecessary
194 * operations when it's possible to take care of one step as a
195 * side-effect of another. For example, mkdir() can specify the mode
196 * for the newly-created object but symlink() cannot. This means we
197 * can skip chmod() if mkdir() succeeded, but we must explicitly
198 * chmod() if we're trying to create a directory that already exists
199 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
200 * need to verify UID/GID before trying to restore SUID/SGID bits;
201 * that verification can occur explicitly through a stat() call or
202 * implicitly because of a successful chown() call.
203 */
204 #define TODO_MODE_FORCE 0x40000000
205 #define TODO_MODE_BASE 0x20000000
206 #define TODO_SUID 0x10000000
207 #define TODO_SUID_CHECK 0x08000000
208 #define TODO_SGID 0x04000000
209 #define TODO_SGID_CHECK 0x02000000
210 #define TODO_APPLEDOUBLE 0x01000000
211 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
212 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
213 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
214 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
215 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
216 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
217 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
218 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
219
220 struct archive_write_disk {
221 struct archive archive;
222
223 mode_t user_umask;
224 struct fixup_entry *fixup_list;
225 struct fixup_entry *current_fixup;
226 int64_t user_uid;
227 int skip_file_set;
228 int64_t skip_file_dev;
229 int64_t skip_file_ino;
230 time_t start_time;
231
232 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
233 void (*cleanup_gid)(void *private);
234 void *lookup_gid_data;
235 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
236 void (*cleanup_uid)(void *private);
237 void *lookup_uid_data;
238
239 /*
240 * Full path of last file to satisfy symlink checks.
241 */
242 struct archive_string path_safe;
243
244 /*
245 * Cached stat data from disk for the current entry.
246 * If this is valid, pst points to st. Otherwise,
247 * pst is null.
248 */
249 struct stat st;
250 struct stat *pst;
251
252 /* Information about the object being restored right now. */
253 struct archive_entry *entry; /* Entry being extracted. */
254 char *name; /* Name of entry, possibly edited. */
255 struct archive_string _name_data; /* backing store for 'name' */
256 char *tmpname; /* Temporary name * */
257 struct archive_string _tmpname_data; /* backing store for 'tmpname' */
258 /* Tasks remaining for this object. */
259 int todo;
260 /* Tasks deferred until end-of-archive. */
261 int deferred;
262 /* Options requested by the client. */
263 int flags;
264 /* Handle for the file we're restoring. */
265 int fd;
266 /* Current offset for writing data to the file. */
267 int64_t offset;
268 /* Last offset actually written to disk. */
269 int64_t fd_offset;
270 /* Total bytes actually written to files. */
271 int64_t total_bytes_written;
272 /* Maximum size of file, -1 if unknown. */
273 int64_t filesize;
274 /* Dir we were in before this restore; only for deep paths. */
275 int restore_pwd;
276 /* Mode we should use for this entry; affected by _PERM and umask. */
277 mode_t mode;
278 /* UID/GID to use in restoring this entry. */
279 int64_t uid;
280 int64_t gid;
281 /*
282 * HFS+ Compression.
283 */
284 /* Xattr "com.apple.decmpfs". */
285 uint32_t decmpfs_attr_size;
286 unsigned char *decmpfs_header_p;
287 /* ResourceFork set options used for fsetxattr. */
288 int rsrc_xattr_options;
289 /* Xattr "com.apple.ResourceFork". */
290 unsigned char *resource_fork;
291 size_t resource_fork_allocated_size;
292 unsigned int decmpfs_block_count;
293 uint32_t *decmpfs_block_info;
294 /* Buffer for compressed data. */
295 unsigned char *compressed_buffer;
296 size_t compressed_buffer_size;
297 size_t compressed_buffer_remaining;
298 /* The offset of the ResourceFork where compressed data will
299 * be placed. */
300 uint32_t compressed_rsrc_position;
301 uint32_t compressed_rsrc_position_v;
302 /* Buffer for uncompressed data. */
303 char *uncompressed_buffer;
304 size_t block_remaining_bytes;
305 size_t file_remaining_bytes;
306 #ifdef HAVE_ZLIB_H
307 z_stream stream;
308 int stream_valid;
309 int decmpfs_compression_level;
310 #endif
311 };
312
313 /*
314 * Default mode for dirs created automatically (will be modified by umask).
315 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
316 * by the process' file creation mask."
317 */
318 #define DEFAULT_DIR_MODE 0777
319 /*
320 * Dir modes are restored in two steps: During the extraction, the permissions
321 * in the archive are modified to match the following limits. During
322 * the post-extract fixup pass, the permissions from the archive are
323 * applied.
324 */
325 #define MINIMUM_DIR_MODE 0700
326 #define MAXIMUM_DIR_MODE 0775
327
328 /*
329 * Maximum uncompressed size of a decmpfs block.
330 */
331 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
332 /*
333 * HFS+ compression type.
334 */
335 #define CMP_XATTR 3/* Compressed data in xattr. */
336 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
337 /*
338 * HFS+ compression resource fork.
339 */
340 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
341 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
342 /* Size to write compressed data to resource fork. */
343 #define COMPRESSED_W_SIZE (64 * 1024)
344 /* decmpfs definitions. */
345 #define MAX_DECMPFS_XATTR_SIZE 3802
346 #ifndef DECMPFS_XATTR_NAME
347 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
348 #endif
349 #define DECMPFS_MAGIC 0x636d7066
350 #define DECMPFS_COMPRESSION_MAGIC 0
351 #define DECMPFS_COMPRESSION_TYPE 4
352 #define DECMPFS_UNCOMPRESSED_SIZE 8
353 #define DECMPFS_HEADER_SIZE 16
354
355 #define HFS_BLOCKS(s) ((s) >> 12)
356
357
358 static int la_opendirat(int, const char *);
359 static int la_mktemp(struct archive_write_disk *);
360 static int la_verify_filetype(mode_t, __LA_MODE_T);
361 static void fsobj_error(int *, struct archive_string *, int, const char *,
362 const char *);
363 static int check_symlinks_fsobj(char *, int *, struct archive_string *,
364 int, int);
365 static int check_symlinks(struct archive_write_disk *);
366 static int create_filesystem_object(struct archive_write_disk *);
367 static struct fixup_entry *current_fixup(struct archive_write_disk *,
368 const char *pathname);
369 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
370 static void edit_deep_directories(struct archive_write_disk *ad);
371 #endif
372 static int cleanup_pathname_fsobj(char *, int *, struct archive_string *,
373 int);
374 static int cleanup_pathname(struct archive_write_disk *);
375 static int create_dir(struct archive_write_disk *, char *);
376 static int create_parent_dir(struct archive_write_disk *, char *);
377 static ssize_t hfs_write_data_block(struct archive_write_disk *,
378 const char *, size_t);
379 static int fixup_appledouble(struct archive_write_disk *, const char *);
380 static int older(struct stat *, struct archive_entry *);
381 static int restore_entry(struct archive_write_disk *);
382 static int set_mac_metadata(struct archive_write_disk *, const char *,
383 const void *, size_t);
384 static int set_xattrs(struct archive_write_disk *);
385 static int clear_nochange_fflags(struct archive_write_disk *);
386 static int set_fflags(struct archive_write_disk *);
387 static int set_fflags_platform(struct archive_write_disk *, int fd,
388 const char *name, mode_t mode,
389 unsigned long fflags_set, unsigned long fflags_clear);
390 static int set_ownership(struct archive_write_disk *);
391 static int set_mode(struct archive_write_disk *, int mode);
392 static int set_time(int, int, const char *, time_t, long, time_t, long);
393 static int set_times(struct archive_write_disk *, int, int, const char *,
394 time_t, long, time_t, long, time_t, long, time_t, long);
395 static int set_times_from_entry(struct archive_write_disk *);
396 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
397 static ssize_t write_data_block(struct archive_write_disk *,
398 const char *, size_t);
399 static void close_file_descriptor(struct archive_write_disk *);
400
401 static int _archive_write_disk_close(struct archive *);
402 static int _archive_write_disk_free(struct archive *);
403 static int _archive_write_disk_header(struct archive *,
404 struct archive_entry *);
405 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
406 static int _archive_write_disk_finish_entry(struct archive *);
407 static ssize_t _archive_write_disk_data(struct archive *, const void *,
408 size_t);
409 static ssize_t _archive_write_disk_data_block(struct archive *, const void *,
410 size_t, int64_t);
411
412 static int
la_mktemp(struct archive_write_disk * a)413 la_mktemp(struct archive_write_disk *a)
414 {
415 int oerrno, fd;
416 mode_t mode;
417
418 archive_string_empty(&a->_tmpname_data);
419 archive_string_sprintf(&a->_tmpname_data, "%s.XXXXXX", a->name);
420 a->tmpname = a->_tmpname_data.s;
421
422 fd = __archive_mkstemp(a->tmpname);
423 if (fd == -1)
424 return -1;
425
426 mode = a->mode & 0777 & ~a->user_umask;
427 if (fchmod(fd, mode) == -1) {
428 oerrno = errno;
429 close(fd);
430 errno = oerrno;
431 return -1;
432 }
433 return fd;
434 }
435
436 static int
la_opendirat(int fd,const char * path)437 la_opendirat(int fd, const char *path) {
438 const int flags = O_CLOEXEC
439 #if defined(O_BINARY)
440 | O_BINARY
441 #endif
442 #if defined(O_DIRECTORY)
443 | O_DIRECTORY
444 #endif
445 #if defined(O_PATH)
446 | O_PATH
447 #elif defined(O_SEARCH)
448 | O_SEARCH
449 #elif defined(__FreeBSD__) && defined(O_EXEC)
450 | O_EXEC
451 #else
452 | O_RDONLY
453 #endif
454 ;
455
456 #if !defined(HAVE_OPENAT)
457 if (fd != AT_FDCWD) {
458 errno = ENOTSUP;
459 return (-1);
460 } else
461 return (open(path, flags));
462 #else
463 return (openat(fd, path, flags));
464 #endif
465 }
466
467 static int
la_verify_filetype(mode_t mode,__LA_MODE_T filetype)468 la_verify_filetype(mode_t mode, __LA_MODE_T filetype) {
469 int ret = 0;
470
471 switch (filetype) {
472 case AE_IFREG:
473 ret = (S_ISREG(mode));
474 break;
475 case AE_IFDIR:
476 ret = (S_ISDIR(mode));
477 break;
478 case AE_IFLNK:
479 ret = (S_ISLNK(mode));
480 break;
481 case AE_IFSOCK:
482 ret = (S_ISSOCK(mode));
483 break;
484 case AE_IFCHR:
485 ret = (S_ISCHR(mode));
486 break;
487 case AE_IFBLK:
488 ret = (S_ISBLK(mode));
489 break;
490 case AE_IFIFO:
491 ret = (S_ISFIFO(mode));
492 break;
493 default:
494 break;
495 }
496
497 return (ret);
498 }
499
500 static int
lazy_stat(struct archive_write_disk * a)501 lazy_stat(struct archive_write_disk *a)
502 {
503 if (a->pst != NULL) {
504 /* Already have stat() data available. */
505 return (ARCHIVE_OK);
506 }
507 #ifdef HAVE_FSTAT
508 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
509 a->pst = &a->st;
510 return (ARCHIVE_OK);
511 }
512 #endif
513 /*
514 * XXX At this point, symlinks should not be hit, otherwise
515 * XXX a race occurred. Do we want to check explicitly for that?
516 */
517 #ifdef HAVE_LSTAT
518 if (lstat(a->name, &a->st) == 0)
519 #else
520 if (la_stat(a->name, &a->st) == 0)
521 #endif
522 {
523 a->pst = &a->st;
524 return (ARCHIVE_OK);
525 }
526 archive_set_error(&a->archive, errno, "Couldn't stat file");
527 return (ARCHIVE_WARN);
528 }
529
530 static const struct archive_vtable
531 archive_write_disk_vtable = {
532 .archive_close = _archive_write_disk_close,
533 .archive_filter_bytes = _archive_write_disk_filter_bytes,
534 .archive_free = _archive_write_disk_free,
535 .archive_write_header = _archive_write_disk_header,
536 .archive_write_finish_entry = _archive_write_disk_finish_entry,
537 .archive_write_data = _archive_write_disk_data,
538 .archive_write_data_block = _archive_write_disk_data_block,
539 };
540
541 static int64_t
_archive_write_disk_filter_bytes(struct archive * _a,int n)542 _archive_write_disk_filter_bytes(struct archive *_a, int n)
543 {
544 struct archive_write_disk *a = (struct archive_write_disk *)_a;
545 (void)n; /* UNUSED */
546 if (n == -1 || n == 0)
547 return (a->total_bytes_written);
548 return (-1);
549 }
550
551
552 int
archive_write_disk_set_options(struct archive * _a,int flags)553 archive_write_disk_set_options(struct archive *_a, int flags)
554 {
555 struct archive_write_disk *a = (struct archive_write_disk *)_a;
556
557 a->flags = flags;
558 return (ARCHIVE_OK);
559 }
560
561
562 /*
563 * Extract this entry to disk.
564 *
565 * TODO: Validate hardlinks. According to the standards, we're
566 * supposed to check each extracted hardlink and squawk if it refers
567 * to a file that we didn't restore. I'm not entirely convinced this
568 * is a good idea, but more importantly: Is there any way to validate
569 * hardlinks without keeping a complete list of filenames from the
570 * entire archive?? Ugh.
571 *
572 */
573 static int
_archive_write_disk_header(struct archive * _a,struct archive_entry * entry)574 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
575 {
576 struct archive_write_disk *a = (struct archive_write_disk *)_a;
577 struct fixup_entry *fe;
578 const char *linkname;
579 int ret, r;
580
581 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
582 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
583 "archive_write_disk_header");
584 archive_clear_error(&a->archive);
585 if (a->archive.state & ARCHIVE_STATE_DATA) {
586 r = _archive_write_disk_finish_entry(&a->archive);
587 if (r == ARCHIVE_FATAL)
588 return (r);
589 }
590
591 /* Set up for this particular entry. */
592 a->pst = NULL;
593 a->current_fixup = NULL;
594 a->deferred = 0;
595 if (a->entry) {
596 archive_entry_free(a->entry);
597 a->entry = NULL;
598 }
599 a->entry = archive_entry_clone(entry);
600 a->fd = -1;
601 a->fd_offset = 0;
602 a->offset = 0;
603 a->restore_pwd = -1;
604 a->uid = a->user_uid;
605 a->mode = archive_entry_mode(a->entry);
606 if (archive_entry_size_is_set(a->entry))
607 a->filesize = archive_entry_size(a->entry);
608 else
609 a->filesize = -1;
610 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
611 a->name = a->_name_data.s;
612 archive_clear_error(&a->archive);
613
614 /*
615 * Clean up the requested path. This is necessary for correct
616 * dir restores; the dir restore logic otherwise gets messed
617 * up by nonsense like "dir/.".
618 */
619 ret = cleanup_pathname(a);
620 if (ret != ARCHIVE_OK)
621 return (ret);
622
623 /*
624 * Check if we have a hardlink that points to itself.
625 */
626 linkname = archive_entry_hardlink(a->entry);
627 if (linkname != NULL && strcmp(a->name, linkname) == 0) {
628 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
629 "Skipping hardlink pointing to itself: %s",
630 a->name);
631 return (ARCHIVE_WARN);
632 }
633
634 /*
635 * Query the umask so we get predictable mode settings.
636 * This gets done on every call to _write_header in case the
637 * user edits their umask during the extraction for some
638 * reason.
639 */
640 umask(a->user_umask = umask(0));
641
642 /* Figure out what we need to do for this entry. */
643 a->todo = TODO_MODE_BASE;
644 if (a->flags & ARCHIVE_EXTRACT_PERM) {
645 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
646 /*
647 * SGID requires an extra "check" step because we
648 * cannot easily predict the GID that the system will
649 * assign. (Different systems assign GIDs to files
650 * based on a variety of criteria, including process
651 * credentials and the gid of the enclosing
652 * directory.) We can only restore the SGID bit if
653 * the file has the right GID, and we only know the
654 * GID if we either set it (see set_ownership) or if
655 * we've actually called stat() on the file after it
656 * was restored. Since there are several places at
657 * which we might verify the GID, we need a TODO bit
658 * to keep track.
659 */
660 if (a->mode & S_ISGID)
661 a->todo |= TODO_SGID | TODO_SGID_CHECK;
662 /*
663 * Verifying the SUID is simpler, but can still be
664 * done in multiple ways, hence the separate "check" bit.
665 */
666 if (a->mode & S_ISUID)
667 a->todo |= TODO_SUID | TODO_SUID_CHECK;
668 } else {
669 /*
670 * User didn't request full permissions, so don't
671 * restore SUID, SGID bits and obey umask.
672 */
673 a->mode &= ~S_ISUID;
674 a->mode &= ~S_ISGID;
675 a->mode &= ~S_ISVTX;
676 a->mode &= ~a->user_umask;
677 }
678 if (a->flags & ARCHIVE_EXTRACT_OWNER)
679 a->todo |= TODO_OWNER;
680 if (a->flags & ARCHIVE_EXTRACT_TIME)
681 a->todo |= TODO_TIMES;
682 if (a->flags & ARCHIVE_EXTRACT_ACL) {
683 #if ARCHIVE_ACL_DARWIN
684 /*
685 * On MacOS, platform ACLs get stored in mac_metadata, too.
686 * If we intend to extract mac_metadata and it is present
687 * we skip extracting libarchive NFSv4 ACLs.
688 */
689 size_t metadata_size;
690
691 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 ||
692 archive_entry_mac_metadata(a->entry,
693 &metadata_size) == NULL || metadata_size == 0)
694 #endif
695 #if ARCHIVE_ACL_LIBRICHACL
696 /*
697 * RichACLs are stored in an extended attribute.
698 * If we intend to extract extended attributes and have this
699 * attribute we skip extracting libarchive NFSv4 ACLs.
700 */
701 short extract_acls = 1;
702 if (a->flags & ARCHIVE_EXTRACT_XATTR && (
703 archive_entry_acl_types(a->entry) &
704 ARCHIVE_ENTRY_ACL_TYPE_NFS4)) {
705 const char *attr_name;
706 const void *attr_value;
707 size_t attr_size;
708 int i = archive_entry_xattr_reset(a->entry);
709 while (i--) {
710 archive_entry_xattr_next(a->entry, &attr_name,
711 &attr_value, &attr_size);
712 if (attr_name != NULL && attr_value != NULL &&
713 attr_size > 0 && strcmp(attr_name,
714 "trusted.richacl") == 0) {
715 extract_acls = 0;
716 break;
717 }
718 }
719 }
720 if (extract_acls)
721 #endif
722 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL
723 {
724 #endif
725 if (archive_entry_filetype(a->entry) == AE_IFDIR)
726 a->deferred |= TODO_ACLS;
727 else
728 a->todo |= TODO_ACLS;
729 #if ARCHIVE_ACL_DARWIN || ARCHIVE_ACL_LIBRICHACL
730 }
731 #endif
732 }
733 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
734 if (archive_entry_filetype(a->entry) == AE_IFDIR)
735 a->deferred |= TODO_MAC_METADATA;
736 else
737 a->todo |= TODO_MAC_METADATA;
738 }
739 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
740 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
741 unsigned long set, clear;
742 archive_entry_fflags(a->entry, &set, &clear);
743 if ((set & ~clear) & UF_COMPRESSED) {
744 a->todo |= TODO_HFS_COMPRESSION;
745 a->decmpfs_block_count = (unsigned)-1;
746 }
747 }
748 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
749 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
750 a->todo |= TODO_HFS_COMPRESSION;
751 a->decmpfs_block_count = (unsigned)-1;
752 }
753 {
754 const char *p;
755
756 /* Check if the current file name is a type of the
757 * resource fork file. */
758 p = strrchr(a->name, '/');
759 if (p == NULL)
760 p = a->name;
761 else
762 p++;
763 if (p[0] == '.' && p[1] == '_') {
764 /* Do not compress "._XXX" files. */
765 a->todo &= ~TODO_HFS_COMPRESSION;
766 if (a->filesize > 0)
767 a->todo |= TODO_APPLEDOUBLE;
768 }
769 }
770 #endif
771
772 if (a->flags & ARCHIVE_EXTRACT_XATTR) {
773 #if ARCHIVE_XATTR_DARWIN
774 /*
775 * On MacOS, extended attributes get stored in mac_metadata,
776 * too. If we intend to extract mac_metadata and it is present
777 * we skip extracting extended attributes.
778 */
779 size_t metadata_size;
780
781 if ((a->flags & ARCHIVE_EXTRACT_MAC_METADATA) == 0 ||
782 archive_entry_mac_metadata(a->entry,
783 &metadata_size) == NULL || metadata_size == 0)
784 #endif
785 a->todo |= TODO_XATTR;
786 }
787 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
788 a->todo |= TODO_FFLAGS;
789 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
790 ret = check_symlinks(a);
791 if (ret != ARCHIVE_OK)
792 return (ret);
793 }
794 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
795 /* If path exceeds PATH_MAX, shorten the path. */
796 edit_deep_directories(a);
797 #endif
798
799 ret = restore_entry(a);
800
801 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
802 /*
803 * Check if the filesystem the file is restoring on supports
804 * HFS+ Compression. If not, cancel HFS+ Compression.
805 */
806 if (a->todo | TODO_HFS_COMPRESSION) {
807 /*
808 * NOTE: UF_COMPRESSED is ignored even if the filesystem
809 * supports HFS+ Compression because the file should
810 * have at least an extended attribute "com.apple.decmpfs"
811 * before the flag is set to indicate that the file have
812 * been compressed. If the filesystem does not support
813 * HFS+ Compression the system call will fail.
814 */
815 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
816 a->todo &= ~TODO_HFS_COMPRESSION;
817 }
818 #endif
819
820 /*
821 * TODO: There are rumours that some extended attributes must
822 * be restored before file data is written. If this is true,
823 * then we either need to write all extended attributes both
824 * before and after restoring the data, or find some rule for
825 * determining which must go first and which last. Due to the
826 * many ways people are using xattrs, this may prove to be an
827 * intractable problem.
828 */
829
830 #ifdef HAVE_FCHDIR
831 /* If we changed directory above, restore it here. */
832 if (a->restore_pwd >= 0) {
833 r = fchdir(a->restore_pwd);
834 if (r != 0) {
835 archive_set_error(&a->archive, errno,
836 "chdir() failure");
837 ret = ARCHIVE_FATAL;
838 }
839 close(a->restore_pwd);
840 a->restore_pwd = -1;
841 }
842 #endif
843
844 /*
845 * Fixup uses the unedited pathname from archive_entry_pathname(),
846 * because it is relative to the base dir and the edited path
847 * might be relative to some intermediate dir as a result of the
848 * deep restore logic.
849 */
850 if (a->deferred & TODO_MODE) {
851 fe = current_fixup(a, archive_entry_pathname(entry));
852 if (fe == NULL)
853 return (ARCHIVE_FATAL);
854 fe->filetype = archive_entry_filetype(entry);
855 fe->fixup |= TODO_MODE_BASE;
856 fe->mode = a->mode;
857 }
858
859 if ((a->deferred & TODO_TIMES)
860 && (archive_entry_mtime_is_set(entry)
861 || archive_entry_atime_is_set(entry))) {
862 fe = current_fixup(a, archive_entry_pathname(entry));
863 if (fe == NULL)
864 return (ARCHIVE_FATAL);
865 fe->filetype = archive_entry_filetype(entry);
866 fe->mode = a->mode;
867 fe->fixup |= TODO_TIMES;
868 if (archive_entry_atime_is_set(entry)) {
869 fe->atime = archive_entry_atime(entry);
870 fe->atime_nanos = archive_entry_atime_nsec(entry);
871 } else {
872 /* If atime is unset, use start time. */
873 fe->atime = a->start_time;
874 fe->atime_nanos = 0;
875 }
876 if (archive_entry_mtime_is_set(entry)) {
877 fe->mtime = archive_entry_mtime(entry);
878 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
879 } else {
880 /* If mtime is unset, use start time. */
881 fe->mtime = a->start_time;
882 fe->mtime_nanos = 0;
883 }
884 if (archive_entry_birthtime_is_set(entry)) {
885 fe->birthtime = archive_entry_birthtime(entry);
886 fe->birthtime_nanos = archive_entry_birthtime_nsec(
887 entry);
888 } else {
889 /* If birthtime is unset, use mtime. */
890 fe->birthtime = fe->mtime;
891 fe->birthtime_nanos = fe->mtime_nanos;
892 }
893 }
894
895 if (a->deferred & TODO_ACLS) {
896 fe = current_fixup(a, archive_entry_pathname(entry));
897 if (fe == NULL)
898 return (ARCHIVE_FATAL);
899 fe->filetype = archive_entry_filetype(entry);
900 fe->fixup |= TODO_ACLS;
901 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
902 }
903
904 if (a->deferred & TODO_MAC_METADATA) {
905 const void *metadata;
906 size_t metadata_size;
907 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
908 if (metadata != NULL && metadata_size > 0) {
909 fe = current_fixup(a, archive_entry_pathname(entry));
910 if (fe == NULL)
911 return (ARCHIVE_FATAL);
912 fe->filetype = archive_entry_filetype(entry);
913 fe->mac_metadata = malloc(metadata_size);
914 if (fe->mac_metadata != NULL) {
915 memcpy(fe->mac_metadata, metadata,
916 metadata_size);
917 fe->mac_metadata_size = metadata_size;
918 fe->fixup |= TODO_MAC_METADATA;
919 }
920 }
921 }
922
923 if (a->deferred & TODO_FFLAGS) {
924 fe = current_fixup(a, archive_entry_pathname(entry));
925 if (fe == NULL)
926 return (ARCHIVE_FATAL);
927 fe->filetype = archive_entry_filetype(entry);
928 fe->fixup |= TODO_FFLAGS;
929 /* TODO: Complete this.. defer fflags from below. */
930 }
931
932 /* We've created the object and are ready to pour data into it. */
933 if (ret >= ARCHIVE_WARN)
934 a->archive.state = ARCHIVE_STATE_DATA;
935 /*
936 * If it's not open, tell our client not to try writing.
937 * In particular, dirs, links, etc, don't get written to.
938 */
939 if (a->fd < 0) {
940 archive_entry_set_size(entry, 0);
941 a->filesize = 0;
942 }
943
944 return (ret);
945 }
946
947 int
archive_write_disk_set_skip_file(struct archive * _a,la_int64_t d,la_int64_t i)948 archive_write_disk_set_skip_file(struct archive *_a, la_int64_t d, la_int64_t i)
949 {
950 struct archive_write_disk *a = (struct archive_write_disk *)_a;
951 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
952 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
953 a->skip_file_set = 1;
954 a->skip_file_dev = d;
955 a->skip_file_ino = i;
956 return (ARCHIVE_OK);
957 }
958
959 static ssize_t
write_data_block(struct archive_write_disk * a,const char * buff,size_t size)960 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
961 {
962 uint64_t start_size = size;
963 ssize_t bytes_written = 0;
964 ssize_t block_size = 0, bytes_to_write;
965
966 if (size == 0)
967 return (ARCHIVE_OK);
968
969 if (a->filesize == 0 || a->fd < 0) {
970 archive_set_error(&a->archive, 0,
971 "Attempt to write to an empty file");
972 return (ARCHIVE_WARN);
973 }
974
975 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
976 #if HAVE_STRUCT_STAT_ST_BLKSIZE
977 int r;
978 if ((r = lazy_stat(a)) != ARCHIVE_OK)
979 return (r);
980 block_size = a->pst->st_blksize;
981 #else
982 /* XXX TODO XXX Is there a more appropriate choice here ? */
983 /* This needn't match the filesystem allocation size. */
984 block_size = 16*1024;
985 #endif
986 }
987
988 /* If this write would run beyond the file size, truncate it. */
989 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
990 start_size = size = (size_t)(a->filesize - a->offset);
991
992 /* Write the data. */
993 while (size > 0) {
994 if (block_size == 0) {
995 bytes_to_write = size;
996 } else {
997 /* We're sparsifying the file. */
998 const char *p, *end;
999 int64_t block_end;
1000
1001 /* Skip leading zero bytes. */
1002 for (p = buff, end = buff + size; p < end; ++p) {
1003 if (*p != '\0')
1004 break;
1005 }
1006 a->offset += p - buff;
1007 size -= p - buff;
1008 buff = p;
1009 if (size == 0)
1010 break;
1011
1012 /* Calculate next block boundary after offset. */
1013 block_end
1014 = (a->offset / block_size + 1) * block_size;
1015
1016 /* If the adjusted write would cross block boundary,
1017 * truncate it to the block boundary. */
1018 bytes_to_write = size;
1019 if (a->offset + bytes_to_write > block_end)
1020 bytes_to_write = block_end - a->offset;
1021 }
1022 /* Seek if necessary to the specified offset. */
1023 if (a->offset != a->fd_offset) {
1024 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
1025 archive_set_error(&a->archive, errno,
1026 "Seek failed");
1027 return (ARCHIVE_FATAL);
1028 }
1029 a->fd_offset = a->offset;
1030 }
1031 bytes_written = write(a->fd, buff, bytes_to_write);
1032 if (bytes_written < 0) {
1033 archive_set_error(&a->archive, errno, "Write failed");
1034 return (ARCHIVE_WARN);
1035 }
1036 buff += bytes_written;
1037 size -= bytes_written;
1038 a->total_bytes_written += bytes_written;
1039 a->offset += bytes_written;
1040 a->fd_offset = a->offset;
1041 }
1042 return (start_size - size);
1043 }
1044
1045 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
1046 && defined(HAVE_ZLIB_H)
1047
1048 /*
1049 * Set UF_COMPRESSED file flag.
1050 * This have to be called after hfs_write_decmpfs() because if the
1051 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
1052 */
1053 static int
hfs_set_compressed_fflag(struct archive_write_disk * a)1054 hfs_set_compressed_fflag(struct archive_write_disk *a)
1055 {
1056 int r;
1057
1058 if ((r = lazy_stat(a)) != ARCHIVE_OK)
1059 return (r);
1060
1061 a->st.st_flags |= UF_COMPRESSED;
1062 if (fchflags(a->fd, a->st.st_flags) != 0) {
1063 archive_set_error(&a->archive, errno,
1064 "Failed to set UF_COMPRESSED file flag");
1065 return (ARCHIVE_WARN);
1066 }
1067 return (ARCHIVE_OK);
1068 }
1069
1070 /*
1071 * HFS+ Compression decmpfs
1072 *
1073 * +------------------------------+ +0
1074 * | Magic(LE 4 bytes) |
1075 * +------------------------------+
1076 * | Type(LE 4 bytes) |
1077 * +------------------------------+
1078 * | Uncompressed size(LE 8 bytes)|
1079 * +------------------------------+ +16
1080 * | |
1081 * | Compressed data |
1082 * | (Placed only if Type == 3) |
1083 * | |
1084 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
1085 *
1086 * Type is 3: decmpfs has compressed data.
1087 * Type is 4: Resource Fork has compressed data.
1088 */
1089 /*
1090 * Write "com.apple.decmpfs"
1091 */
1092 static int
hfs_write_decmpfs(struct archive_write_disk * a)1093 hfs_write_decmpfs(struct archive_write_disk *a)
1094 {
1095 int r;
1096 uint32_t compression_type;
1097
1098 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
1099 a->decmpfs_attr_size, 0, 0);
1100 if (r < 0) {
1101 archive_set_error(&a->archive, errno,
1102 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
1103 compression_type = archive_le32dec(
1104 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
1105 if (compression_type == CMP_RESOURCE_FORK)
1106 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
1107 XATTR_SHOWCOMPRESSION);
1108 return (ARCHIVE_WARN);
1109 }
1110 return (ARCHIVE_OK);
1111 }
1112
1113 /*
1114 * HFS+ Compression Resource Fork
1115 *
1116 * +-----------------------------+
1117 * | Header(260 bytes) |
1118 * +-----------------------------+
1119 * | Block count(LE 4 bytes) |
1120 * +-----------------------------+ --+
1121 * +-- | Offset (LE 4 bytes) | |
1122 * | | [distance from Block count] | | Block 0
1123 * | +-----------------------------+ |
1124 * | | Compressed size(LE 4 bytes) | |
1125 * | +-----------------------------+ --+
1126 * | | |
1127 * | | .................. |
1128 * | | |
1129 * | +-----------------------------+ --+
1130 * | | Offset (LE 4 bytes) | |
1131 * | +-----------------------------+ | Block (Block count -1)
1132 * | | Compressed size(LE 4 bytes) | |
1133 * +-> +-----------------------------+ --+
1134 * | Compressed data(n bytes) | Block 0
1135 * +-----------------------------+
1136 * | |
1137 * | .................. |
1138 * | |
1139 * +-----------------------------+
1140 * | Compressed data(n bytes) | Block (Block count -1)
1141 * +-----------------------------+
1142 * | Footer(50 bytes) |
1143 * +-----------------------------+
1144 *
1145 */
1146 /*
1147 * Write the header of "com.apple.ResourceFork"
1148 */
1149 static int
hfs_write_resource_fork(struct archive_write_disk * a,unsigned char * buff,size_t bytes,uint32_t position)1150 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
1151 size_t bytes, uint32_t position)
1152 {
1153 int ret;
1154
1155 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
1156 position, a->rsrc_xattr_options);
1157 if (ret < 0) {
1158 archive_set_error(&a->archive, errno,
1159 "Cannot restore xattr: %s at %u pos %u bytes",
1160 XATTR_RESOURCEFORK_NAME,
1161 (unsigned)position,
1162 (unsigned)bytes);
1163 return (ARCHIVE_WARN);
1164 }
1165 a->rsrc_xattr_options &= ~XATTR_CREATE;
1166 return (ARCHIVE_OK);
1167 }
1168
1169 static int
hfs_write_compressed_data(struct archive_write_disk * a,size_t bytes_compressed)1170 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
1171 {
1172 int ret;
1173
1174 ret = hfs_write_resource_fork(a, a->compressed_buffer,
1175 bytes_compressed, a->compressed_rsrc_position);
1176 if (ret == ARCHIVE_OK)
1177 a->compressed_rsrc_position += bytes_compressed;
1178 return (ret);
1179 }
1180
1181 static int
hfs_write_resource_fork_header(struct archive_write_disk * a)1182 hfs_write_resource_fork_header(struct archive_write_disk *a)
1183 {
1184 unsigned char *buff;
1185 uint32_t rsrc_bytes;
1186 uint32_t rsrc_header_bytes;
1187
1188 /*
1189 * Write resource fork header + block info.
1190 */
1191 buff = a->resource_fork;
1192 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
1193 rsrc_header_bytes =
1194 RSRC_H_SIZE + /* Header base size. */
1195 4 + /* Block count. */
1196 (a->decmpfs_block_count * 8);/* Block info */
1197 archive_be32enc(buff, 0x100);
1198 archive_be32enc(buff + 4, rsrc_bytes);
1199 archive_be32enc(buff + 8, rsrc_bytes - 256);
1200 archive_be32enc(buff + 12, 0x32);
1201 memset(buff + 16, 0, 240);
1202 archive_be32enc(buff + 256, rsrc_bytes - 260);
1203 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1204 }
1205
1206 static size_t
hfs_set_resource_fork_footer(unsigned char * buff,size_t buff_size)1207 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1208 {
1209 static const char rsrc_footer[RSRC_F_SIZE] = {
1210 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1211 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1212 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1213 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1214 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1215 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1216 0x00, 0x00
1217 };
1218 if (buff_size < sizeof(rsrc_footer))
1219 return (0);
1220 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1221 return (sizeof(rsrc_footer));
1222 }
1223
1224 static int
hfs_reset_compressor(struct archive_write_disk * a)1225 hfs_reset_compressor(struct archive_write_disk *a)
1226 {
1227 int ret;
1228
1229 if (a->stream_valid)
1230 ret = deflateReset(&a->stream);
1231 else
1232 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1233
1234 if (ret != Z_OK) {
1235 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1236 "Failed to initialize compressor");
1237 return (ARCHIVE_FATAL);
1238 } else
1239 a->stream_valid = 1;
1240
1241 return (ARCHIVE_OK);
1242 }
1243
1244 static int
hfs_decompress(struct archive_write_disk * a)1245 hfs_decompress(struct archive_write_disk *a)
1246 {
1247 uint32_t *block_info;
1248 unsigned int block_count;
1249 uint32_t data_pos, data_size;
1250 ssize_t r;
1251 ssize_t bytes_written, bytes_to_write;
1252 unsigned char *b;
1253
1254 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1255 block_count = archive_le32dec(block_info++);
1256 while (block_count--) {
1257 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1258 data_size = archive_le32dec(block_info++);
1259 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1260 a->compressed_buffer, data_size, data_pos, 0);
1261 if (r != data_size) {
1262 archive_set_error(&a->archive,
1263 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1264 "Failed to read resource fork");
1265 return (ARCHIVE_WARN);
1266 }
1267 if (a->compressed_buffer[0] == 0xff) {
1268 bytes_to_write = data_size -1;
1269 b = a->compressed_buffer + 1;
1270 } else {
1271 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1272 int zr;
1273
1274 zr = uncompress((Bytef *)a->uncompressed_buffer,
1275 &dest_len, a->compressed_buffer, data_size);
1276 if (zr != Z_OK) {
1277 archive_set_error(&a->archive,
1278 ARCHIVE_ERRNO_MISC,
1279 "Failed to decompress resource fork");
1280 return (ARCHIVE_WARN);
1281 }
1282 bytes_to_write = dest_len;
1283 b = (unsigned char *)a->uncompressed_buffer;
1284 }
1285 do {
1286 bytes_written = write(a->fd, b, bytes_to_write);
1287 if (bytes_written < 0) {
1288 archive_set_error(&a->archive, errno,
1289 "Write failed");
1290 return (ARCHIVE_WARN);
1291 }
1292 bytes_to_write -= bytes_written;
1293 b += bytes_written;
1294 } while (bytes_to_write > 0);
1295 }
1296 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1297 if (r == -1) {
1298 archive_set_error(&a->archive, errno,
1299 "Failed to remove resource fork");
1300 return (ARCHIVE_WARN);
1301 }
1302 return (ARCHIVE_OK);
1303 }
1304
1305 static int
hfs_drive_compressor(struct archive_write_disk * a,const char * buff,size_t size)1306 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1307 size_t size)
1308 {
1309 unsigned char *buffer_compressed;
1310 size_t bytes_compressed;
1311 size_t bytes_used;
1312 int ret;
1313
1314 ret = hfs_reset_compressor(a);
1315 if (ret != ARCHIVE_OK)
1316 return (ret);
1317
1318 if (a->compressed_buffer == NULL) {
1319 size_t block_size;
1320
1321 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1322 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1323 a->compressed_buffer = malloc(block_size);
1324 if (a->compressed_buffer == NULL) {
1325 archive_set_error(&a->archive, ENOMEM,
1326 "Can't allocate memory for Resource Fork");
1327 return (ARCHIVE_FATAL);
1328 }
1329 a->compressed_buffer_size = block_size;
1330 a->compressed_buffer_remaining = block_size;
1331 }
1332
1333 buffer_compressed = a->compressed_buffer +
1334 a->compressed_buffer_size - a->compressed_buffer_remaining;
1335 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1336 a->stream.avail_in = size;
1337 a->stream.next_out = buffer_compressed;
1338 a->stream.avail_out = a->compressed_buffer_remaining;
1339 do {
1340 ret = deflate(&a->stream, Z_FINISH);
1341 switch (ret) {
1342 case Z_OK:
1343 case Z_STREAM_END:
1344 break;
1345 default:
1346 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1347 "Failed to compress data");
1348 return (ARCHIVE_FAILED);
1349 }
1350 } while (ret == Z_OK);
1351 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1352
1353 /*
1354 * If the compressed size is larger than the original size,
1355 * throw away compressed data, use uncompressed data instead.
1356 */
1357 if (bytes_compressed > size) {
1358 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1359 memcpy(buffer_compressed + 1, buff, size);
1360 bytes_compressed = size + 1;
1361 }
1362 a->compressed_buffer_remaining -= bytes_compressed;
1363
1364 /*
1365 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1366 * and the block count in the file is only one, store compressed
1367 * data to decmpfs xattr instead of the resource fork.
1368 */
1369 if (a->decmpfs_block_count == 1 &&
1370 (a->decmpfs_attr_size + bytes_compressed)
1371 <= MAX_DECMPFS_XATTR_SIZE) {
1372 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1373 CMP_XATTR);
1374 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1375 buffer_compressed, bytes_compressed);
1376 a->decmpfs_attr_size += bytes_compressed;
1377 a->compressed_buffer_remaining = a->compressed_buffer_size;
1378 /*
1379 * Finish HFS+ Compression.
1380 * - Write the decmpfs xattr.
1381 * - Set the UF_COMPRESSED file flag.
1382 */
1383 ret = hfs_write_decmpfs(a);
1384 if (ret == ARCHIVE_OK)
1385 ret = hfs_set_compressed_fflag(a);
1386 return (ret);
1387 }
1388
1389 /* Update block info. */
1390 archive_le32enc(a->decmpfs_block_info++,
1391 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1392 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1393 a->compressed_rsrc_position_v += bytes_compressed;
1394
1395 /*
1396 * Write the compressed data to the resource fork.
1397 */
1398 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1399 while (bytes_used >= COMPRESSED_W_SIZE) {
1400 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1401 if (ret != ARCHIVE_OK)
1402 return (ret);
1403 bytes_used -= COMPRESSED_W_SIZE;
1404 if (bytes_used > COMPRESSED_W_SIZE)
1405 memmove(a->compressed_buffer,
1406 a->compressed_buffer + COMPRESSED_W_SIZE,
1407 bytes_used);
1408 else
1409 memcpy(a->compressed_buffer,
1410 a->compressed_buffer + COMPRESSED_W_SIZE,
1411 bytes_used);
1412 }
1413 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1414
1415 /*
1416 * If the current block is the last block, write the remaining
1417 * compressed data and the resource fork footer.
1418 */
1419 if (a->file_remaining_bytes == 0) {
1420 size_t rsrc_size;
1421 int64_t bk;
1422
1423 /* Append the resource footer. */
1424 rsrc_size = hfs_set_resource_fork_footer(
1425 a->compressed_buffer + bytes_used,
1426 a->compressed_buffer_remaining);
1427 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1428 a->compressed_buffer_remaining = a->compressed_buffer_size;
1429
1430 /* If the compressed size is not enough smaller than
1431 * the uncompressed size. cancel HFS+ compression.
1432 * TODO: study a behavior of ditto utility and improve
1433 * the condition to fall back into no HFS+ compression. */
1434 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1435 bk += bk >> 7;
1436 if (bk > HFS_BLOCKS(a->filesize))
1437 return hfs_decompress(a);
1438 /*
1439 * Write the resourcefork header.
1440 */
1441 if (ret == ARCHIVE_OK)
1442 ret = hfs_write_resource_fork_header(a);
1443 /*
1444 * Finish HFS+ Compression.
1445 * - Write the decmpfs xattr.
1446 * - Set the UF_COMPRESSED file flag.
1447 */
1448 if (ret == ARCHIVE_OK)
1449 ret = hfs_write_decmpfs(a);
1450 if (ret == ARCHIVE_OK)
1451 ret = hfs_set_compressed_fflag(a);
1452 }
1453 return (ret);
1454 }
1455
1456 static ssize_t
hfs_write_decmpfs_block(struct archive_write_disk * a,const char * buff,size_t size)1457 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1458 size_t size)
1459 {
1460 const char *buffer_to_write;
1461 size_t bytes_to_write;
1462 int ret;
1463
1464 if (a->decmpfs_block_count == (unsigned)-1) {
1465 void *new_block;
1466 size_t new_size;
1467 unsigned int block_count;
1468
1469 if (a->decmpfs_header_p == NULL) {
1470 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1471 + sizeof(uint32_t));
1472 if (new_block == NULL) {
1473 archive_set_error(&a->archive, ENOMEM,
1474 "Can't allocate memory for decmpfs");
1475 return (ARCHIVE_FATAL);
1476 }
1477 a->decmpfs_header_p = new_block;
1478 }
1479 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1480 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1481 DECMPFS_MAGIC);
1482 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1483 CMP_RESOURCE_FORK);
1484 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1485 a->filesize);
1486
1487 /* Calculate a block count of the file. */
1488 block_count =
1489 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1490 MAX_DECMPFS_BLOCK_SIZE;
1491 /*
1492 * Allocate buffer for resource fork.
1493 * Set up related pointers;
1494 */
1495 new_size =
1496 RSRC_H_SIZE + /* header */
1497 4 + /* Block count */
1498 (block_count * sizeof(uint32_t) * 2) +
1499 RSRC_F_SIZE; /* footer */
1500 if (new_size > a->resource_fork_allocated_size) {
1501 new_block = realloc(a->resource_fork, new_size);
1502 if (new_block == NULL) {
1503 archive_set_error(&a->archive, ENOMEM,
1504 "Can't allocate memory for ResourceFork");
1505 return (ARCHIVE_FATAL);
1506 }
1507 a->resource_fork_allocated_size = new_size;
1508 a->resource_fork = new_block;
1509 }
1510
1511 /* Allocate uncompressed buffer */
1512 if (a->uncompressed_buffer == NULL) {
1513 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1514 if (new_block == NULL) {
1515 archive_set_error(&a->archive, ENOMEM,
1516 "Can't allocate memory for decmpfs");
1517 return (ARCHIVE_FATAL);
1518 }
1519 a->uncompressed_buffer = new_block;
1520 }
1521 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1522 a->file_remaining_bytes = a->filesize;
1523 a->compressed_buffer_remaining = a->compressed_buffer_size;
1524
1525 /*
1526 * Set up a resource fork.
1527 */
1528 a->rsrc_xattr_options = XATTR_CREATE;
1529 /* Get the position where we are going to set a bunch
1530 * of block info. */
1531 a->decmpfs_block_info =
1532 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1533 /* Set the block count to the resource fork. */
1534 archive_le32enc(a->decmpfs_block_info++, block_count);
1535 /* Get the position where we are going to set compressed
1536 * data. */
1537 a->compressed_rsrc_position =
1538 RSRC_H_SIZE + 4 + (block_count * 8);
1539 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1540 a->decmpfs_block_count = block_count;
1541 }
1542
1543 /* Ignore redundant bytes. */
1544 if (a->file_remaining_bytes == 0)
1545 return ((ssize_t)size);
1546
1547 /* Do not overrun a block size. */
1548 if (size > a->block_remaining_bytes)
1549 bytes_to_write = a->block_remaining_bytes;
1550 else
1551 bytes_to_write = size;
1552 /* Do not overrun the file size. */
1553 if (bytes_to_write > a->file_remaining_bytes)
1554 bytes_to_write = a->file_remaining_bytes;
1555
1556 /* For efficiency, if a copy length is full of the uncompressed
1557 * buffer size, do not copy writing data to it. */
1558 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1559 buffer_to_write = buff;
1560 else {
1561 memcpy(a->uncompressed_buffer +
1562 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1563 buff, bytes_to_write);
1564 buffer_to_write = a->uncompressed_buffer;
1565 }
1566 a->block_remaining_bytes -= bytes_to_write;
1567 a->file_remaining_bytes -= bytes_to_write;
1568
1569 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1570 ret = hfs_drive_compressor(a, buffer_to_write,
1571 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1572 if (ret < 0)
1573 return (ret);
1574 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1575 }
1576 /* Ignore redundant bytes. */
1577 if (a->file_remaining_bytes == 0)
1578 return ((ssize_t)size);
1579 return (bytes_to_write);
1580 }
1581
1582 static ssize_t
hfs_write_data_block(struct archive_write_disk * a,const char * buff,size_t size)1583 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1584 size_t size)
1585 {
1586 uint64_t start_size = size;
1587 ssize_t bytes_written = 0;
1588 ssize_t bytes_to_write;
1589
1590 if (size == 0)
1591 return (ARCHIVE_OK);
1592
1593 if (a->filesize == 0 || a->fd < 0) {
1594 archive_set_error(&a->archive, 0,
1595 "Attempt to write to an empty file");
1596 return (ARCHIVE_WARN);
1597 }
1598
1599 /* If this write would run beyond the file size, truncate it. */
1600 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1601 start_size = size = (size_t)(a->filesize - a->offset);
1602
1603 /* Write the data. */
1604 while (size > 0) {
1605 bytes_to_write = size;
1606 /* Seek if necessary to the specified offset. */
1607 if (a->offset < a->fd_offset) {
1608 /* Can't support backward move. */
1609 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1610 "Seek failed");
1611 return (ARCHIVE_FATAL);
1612 } else if (a->offset > a->fd_offset) {
1613 uint64_t skip = a->offset - a->fd_offset;
1614 char nullblock[1024];
1615
1616 memset(nullblock, 0, sizeof(nullblock));
1617 while (skip > 0) {
1618 if (skip > sizeof(nullblock))
1619 bytes_written = hfs_write_decmpfs_block(
1620 a, nullblock, sizeof(nullblock));
1621 else
1622 bytes_written = hfs_write_decmpfs_block(
1623 a, nullblock, skip);
1624 if (bytes_written < 0) {
1625 archive_set_error(&a->archive, errno,
1626 "Write failed");
1627 return (ARCHIVE_WARN);
1628 }
1629 skip -= bytes_written;
1630 }
1631
1632 a->fd_offset = a->offset;
1633 }
1634 bytes_written =
1635 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1636 if (bytes_written < 0)
1637 return (bytes_written);
1638 buff += bytes_written;
1639 size -= bytes_written;
1640 a->total_bytes_written += bytes_written;
1641 a->offset += bytes_written;
1642 a->fd_offset = a->offset;
1643 }
1644 return (start_size - size);
1645 }
1646 #else
1647 static ssize_t
hfs_write_data_block(struct archive_write_disk * a,const char * buff,size_t size)1648 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1649 size_t size)
1650 {
1651 return (write_data_block(a, buff, size));
1652 }
1653 #endif
1654
1655 static ssize_t
_archive_write_disk_data_block(struct archive * _a,const void * buff,size_t size,int64_t offset)1656 _archive_write_disk_data_block(struct archive *_a,
1657 const void *buff, size_t size, int64_t offset)
1658 {
1659 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1660 ssize_t r;
1661
1662 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1663 ARCHIVE_STATE_DATA, "archive_write_data_block");
1664
1665 a->offset = offset;
1666 if (a->todo & TODO_HFS_COMPRESSION)
1667 r = hfs_write_data_block(a, buff, size);
1668 else
1669 r = write_data_block(a, buff, size);
1670 if (r < ARCHIVE_OK)
1671 return (r);
1672 if ((size_t)r < size) {
1673 archive_set_error(&a->archive, 0,
1674 "Too much data: Truncating file at %ju bytes",
1675 (uintmax_t)a->filesize);
1676 return (ARCHIVE_WARN);
1677 }
1678 #if ARCHIVE_VERSION_NUMBER < 3999000
1679 return (ARCHIVE_OK);
1680 #else
1681 return (size);
1682 #endif
1683 }
1684
1685 static ssize_t
_archive_write_disk_data(struct archive * _a,const void * buff,size_t size)1686 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1687 {
1688 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1689
1690 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1691 ARCHIVE_STATE_DATA, "archive_write_data");
1692
1693 if (a->todo & TODO_HFS_COMPRESSION)
1694 return (hfs_write_data_block(a, buff, size));
1695 return (write_data_block(a, buff, size));
1696 }
1697
1698 static int
_archive_write_disk_finish_entry(struct archive * _a)1699 _archive_write_disk_finish_entry(struct archive *_a)
1700 {
1701 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1702 int ret = ARCHIVE_OK;
1703
1704 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1705 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1706 "archive_write_finish_entry");
1707 if (a->archive.state & ARCHIVE_STATE_HEADER)
1708 return (ARCHIVE_OK);
1709 archive_clear_error(&a->archive);
1710
1711 /* Pad or truncate file to the right size. */
1712 if (a->fd < 0) {
1713 /* There's no file. */
1714 } else if (a->filesize < 0) {
1715 /* File size is unknown, so we can't set the size. */
1716 } else if (a->fd_offset == a->filesize) {
1717 /* Last write ended at exactly the filesize; we're done. */
1718 /* Hopefully, this is the common case. */
1719 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1720 } else if (a->todo & TODO_HFS_COMPRESSION) {
1721 char null_d[1024];
1722 ssize_t r;
1723
1724 if (a->file_remaining_bytes)
1725 memset(null_d, 0, sizeof(null_d));
1726 while (a->file_remaining_bytes) {
1727 if (a->file_remaining_bytes > sizeof(null_d))
1728 r = hfs_write_data_block(
1729 a, null_d, sizeof(null_d));
1730 else
1731 r = hfs_write_data_block(
1732 a, null_d, a->file_remaining_bytes);
1733 if (r < 0) {
1734 close_file_descriptor(a);
1735 return ((int)r);
1736 }
1737 }
1738 #endif
1739 } else {
1740 #if HAVE_FTRUNCATE
1741 if (ftruncate(a->fd, a->filesize) == -1 &&
1742 a->filesize == 0) {
1743 archive_set_error(&a->archive, errno,
1744 "File size could not be restored");
1745 close_file_descriptor(a);
1746 return (ARCHIVE_FAILED);
1747 }
1748 #endif
1749 /*
1750 * Not all platforms implement the XSI option to
1751 * extend files via ftruncate. Stat() the file again
1752 * to see what happened.
1753 */
1754 a->pst = NULL;
1755 if ((ret = lazy_stat(a)) != ARCHIVE_OK) {
1756 close_file_descriptor(a);
1757 return (ret);
1758 }
1759 /* We can use lseek()/write() to extend the file if
1760 * ftruncate didn't work or isn't available. */
1761 if (a->st.st_size < a->filesize) {
1762 const char nul = '\0';
1763 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1764 archive_set_error(&a->archive, errno,
1765 "Seek failed");
1766 close_file_descriptor(a);
1767 return (ARCHIVE_FATAL);
1768 }
1769 if (write(a->fd, &nul, 1) < 0) {
1770 archive_set_error(&a->archive, errno,
1771 "Write to restore size failed");
1772 close_file_descriptor(a);
1773 return (ARCHIVE_FATAL);
1774 }
1775 a->pst = NULL;
1776 }
1777 }
1778
1779 /* Restore metadata. */
1780
1781 /*
1782 * This is specific to Mac OS X.
1783 * If the current file is an AppleDouble file, it should be
1784 * linked with the data fork file and remove it.
1785 */
1786 if (a->todo & TODO_APPLEDOUBLE) {
1787 int r2 = fixup_appledouble(a, a->name);
1788 if (r2 == ARCHIVE_EOF) {
1789 /* The current file has been successfully linked
1790 * with the data fork file and removed. So there
1791 * is nothing to do on the current file. */
1792 goto finish_metadata;
1793 }
1794 if (r2 < ret) ret = r2;
1795 }
1796
1797 /*
1798 * Look up the "real" UID only if we're going to need it.
1799 * TODO: the TODO_SGID condition can be dropped here, can't it?
1800 */
1801 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1802 a->uid = archive_write_disk_uid(&a->archive,
1803 archive_entry_uname(a->entry),
1804 archive_entry_uid(a->entry));
1805 }
1806 /* Look up the "real" GID only if we're going to need it. */
1807 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1808 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1809 a->gid = archive_write_disk_gid(&a->archive,
1810 archive_entry_gname(a->entry),
1811 archive_entry_gid(a->entry));
1812 }
1813
1814 /*
1815 * Restore ownership before set_mode tries to restore suid/sgid
1816 * bits. If we set the owner, we know what it is and can skip
1817 * a stat() call to examine the ownership of the file on disk.
1818 */
1819 if (a->todo & TODO_OWNER) {
1820 int r2 = set_ownership(a);
1821 if (r2 < ret) ret = r2;
1822 }
1823
1824 /*
1825 * HYPOTHESIS:
1826 * If we're not root, we won't be setting any security
1827 * attributes that may be wiped by the set_mode() routine
1828 * below. We also can't set xattr on non-owner-writable files,
1829 * which may be the state after set_mode(). Perform
1830 * set_xattrs() first based on these constraints.
1831 */
1832 if (a->user_uid != 0 &&
1833 (a->todo & TODO_XATTR)) {
1834 int r2 = set_xattrs(a);
1835 if (r2 < ret) ret = r2;
1836 }
1837
1838 /*
1839 * set_mode must precede ACLs on systems such as Solaris and
1840 * FreeBSD where setting the mode implicitly clears extended ACLs
1841 */
1842 if (a->todo & TODO_MODE) {
1843 int r2 = set_mode(a, a->mode);
1844 if (r2 < ret) ret = r2;
1845 }
1846
1847 /*
1848 * Security-related extended attributes (such as
1849 * security.capability on Linux) have to be restored last,
1850 * since they're implicitly removed by other file changes.
1851 * We do this last only when root.
1852 */
1853 if (a->user_uid == 0 &&
1854 (a->todo & TODO_XATTR)) {
1855 int r2 = set_xattrs(a);
1856 if (r2 < ret) ret = r2;
1857 }
1858
1859 /*
1860 * Some flags prevent file modification; they must be restored after
1861 * file contents are written.
1862 */
1863 if (a->todo & TODO_FFLAGS) {
1864 int r2 = set_fflags(a);
1865 if (r2 < ret) ret = r2;
1866 }
1867
1868 /*
1869 * Time must follow most other metadata;
1870 * otherwise atime will get changed.
1871 */
1872 if (a->todo & TODO_TIMES) {
1873 int r2 = set_times_from_entry(a);
1874 if (r2 < ret) ret = r2;
1875 }
1876
1877 /*
1878 * Mac extended metadata includes ACLs.
1879 */
1880 if (a->todo & TODO_MAC_METADATA) {
1881 const void *metadata;
1882 size_t metadata_size;
1883 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1884 if (metadata != NULL && metadata_size > 0) {
1885 int r2 = set_mac_metadata(a, archive_entry_pathname(
1886 a->entry), metadata, metadata_size);
1887 if (r2 < ret) ret = r2;
1888 }
1889 }
1890
1891 /*
1892 * ACLs must be restored after timestamps because there are
1893 * ACLs that prevent attribute changes (including time).
1894 */
1895 if (a->todo & TODO_ACLS) {
1896 int r2;
1897 r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1898 archive_entry_pathname(a->entry),
1899 archive_entry_acl(a->entry),
1900 archive_entry_mode(a->entry));
1901 if (r2 < ret) ret = r2;
1902 }
1903
1904 finish_metadata:
1905 /* If there's an fd, we can close it now. */
1906 if (a->fd >= 0) {
1907 close(a->fd);
1908 a->fd = -1;
1909 if (a->tmpname) {
1910 if (rename(a->tmpname, a->name) == -1) {
1911 archive_set_error(&a->archive, errno,
1912 "Failed to rename temporary file");
1913 ret = ARCHIVE_FAILED;
1914 unlink(a->tmpname);
1915 }
1916 a->tmpname = NULL;
1917 }
1918 }
1919 /* If there's an entry, we can release it now. */
1920 archive_entry_free(a->entry);
1921 a->entry = NULL;
1922 a->archive.state = ARCHIVE_STATE_HEADER;
1923 return (ret);
1924 }
1925
1926 int
archive_write_disk_set_group_lookup(struct archive * _a,void * private_data,la_int64_t (* lookup_gid)(void * private,const char * gname,la_int64_t gid),void (* cleanup_gid)(void * private))1927 archive_write_disk_set_group_lookup(struct archive *_a,
1928 void *private_data,
1929 la_int64_t (*lookup_gid)(void *private, const char *gname, la_int64_t gid),
1930 void (*cleanup_gid)(void *private))
1931 {
1932 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1933 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1934 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1935
1936 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1937 (a->cleanup_gid)(a->lookup_gid_data);
1938
1939 a->lookup_gid = lookup_gid;
1940 a->cleanup_gid = cleanup_gid;
1941 a->lookup_gid_data = private_data;
1942 return (ARCHIVE_OK);
1943 }
1944
1945 int
archive_write_disk_set_user_lookup(struct archive * _a,void * private_data,int64_t (* lookup_uid)(void * private,const char * uname,int64_t uid),void (* cleanup_uid)(void * private))1946 archive_write_disk_set_user_lookup(struct archive *_a,
1947 void *private_data,
1948 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1949 void (*cleanup_uid)(void *private))
1950 {
1951 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1952 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1953 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1954
1955 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1956 (a->cleanup_uid)(a->lookup_uid_data);
1957
1958 a->lookup_uid = lookup_uid;
1959 a->cleanup_uid = cleanup_uid;
1960 a->lookup_uid_data = private_data;
1961 return (ARCHIVE_OK);
1962 }
1963
1964 int64_t
archive_write_disk_gid(struct archive * _a,const char * name,la_int64_t id)1965 archive_write_disk_gid(struct archive *_a, const char *name, la_int64_t id)
1966 {
1967 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1968 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1969 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1970 if (a->lookup_gid)
1971 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1972 return (id);
1973 }
1974
1975 int64_t
archive_write_disk_uid(struct archive * _a,const char * name,la_int64_t id)1976 archive_write_disk_uid(struct archive *_a, const char *name, la_int64_t id)
1977 {
1978 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1979 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1980 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1981 if (a->lookup_uid)
1982 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1983 return (id);
1984 }
1985
1986 /*
1987 * Create a new archive_write_disk object and initialize it with global state.
1988 */
1989 struct archive *
archive_write_disk_new(void)1990 archive_write_disk_new(void)
1991 {
1992 struct archive_write_disk *a;
1993
1994 a = calloc(1, sizeof(*a));
1995 if (a == NULL)
1996 return (NULL);
1997 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1998 /* We're ready to write a header immediately. */
1999 a->archive.state = ARCHIVE_STATE_HEADER;
2000 a->archive.vtable = &archive_write_disk_vtable;
2001 a->start_time = time(NULL);
2002 /* Query and restore the umask. */
2003 umask(a->user_umask = umask(0));
2004 #ifdef HAVE_GETEUID
2005 a->user_uid = geteuid();
2006 #endif /* HAVE_GETEUID */
2007 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
2008 free(a);
2009 return (NULL);
2010 }
2011 a->path_safe.s[0] = 0;
2012
2013 #ifdef HAVE_ZLIB_H
2014 a->decmpfs_compression_level = 5;
2015 #endif
2016 return (&a->archive);
2017 }
2018
2019
2020 /*
2021 * If pathname is longer than PATH_MAX, chdir to a suitable
2022 * intermediate dir and edit the path down to a shorter suffix. Note
2023 * that this routine never returns an error; if the chdir() attempt
2024 * fails for any reason, we just go ahead with the long pathname. The
2025 * object creation is likely to fail, but any error will get handled
2026 * at that time.
2027 */
2028 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
2029 static void
edit_deep_directories(struct archive_write_disk * a)2030 edit_deep_directories(struct archive_write_disk *a)
2031 {
2032 int ret;
2033 char *tail = a->name;
2034
2035 /* If path is short, avoid the open() below. */
2036 if (strlen(tail) < PATH_MAX)
2037 return;
2038
2039 /* Try to record our starting dir. */
2040 a->restore_pwd = la_opendirat(AT_FDCWD, ".");
2041 __archive_ensure_cloexec_flag(a->restore_pwd);
2042 if (a->restore_pwd < 0)
2043 return;
2044
2045 /* As long as the path is too long... */
2046 while (strlen(tail) >= PATH_MAX) {
2047 /* Locate a dir prefix shorter than PATH_MAX. */
2048 tail += PATH_MAX - 8;
2049 while (tail > a->name && *tail != '/')
2050 tail--;
2051 /* Exit if we find a too-long path component. */
2052 if (tail <= a->name)
2053 return;
2054 /* Create the intermediate dir and chdir to it. */
2055 *tail = '\0'; /* Terminate dir portion */
2056 ret = create_dir(a, a->name);
2057 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
2058 ret = ARCHIVE_FAILED;
2059 *tail = '/'; /* Restore the / we removed. */
2060 if (ret != ARCHIVE_OK)
2061 return;
2062 tail++;
2063 /* The chdir() succeeded; we've now shortened the path. */
2064 a->name = tail;
2065 }
2066 return;
2067 }
2068 #endif
2069
2070 /*
2071 * The main restore function.
2072 */
2073 static int
restore_entry(struct archive_write_disk * a)2074 restore_entry(struct archive_write_disk *a)
2075 {
2076 int ret = ARCHIVE_OK, en;
2077
2078 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
2079 /*
2080 * TODO: Fix this. Apparently, there are platforms
2081 * that still allow root to hose the entire filesystem
2082 * by unlinking a dir. The S_ISDIR() test above
2083 * prevents us from using unlink() here if the new
2084 * object is a dir, but that doesn't mean the old
2085 * object isn't a dir.
2086 */
2087 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
2088 (void)clear_nochange_fflags(a);
2089 if (unlink(a->name) == 0) {
2090 /* We removed it, reset cached stat. */
2091 a->pst = NULL;
2092 } else if (errno == ENOENT) {
2093 /* File didn't exist, that's just as good. */
2094 } else if (rmdir(a->name) == 0) {
2095 /* It was a dir, but now it's gone. */
2096 a->pst = NULL;
2097 } else {
2098 /* We tried, but couldn't get rid of it. */
2099 archive_set_error(&a->archive, errno,
2100 "Could not unlink");
2101 return(ARCHIVE_FAILED);
2102 }
2103 }
2104
2105 /* Try creating it first; if this fails, we'll try to recover. */
2106 en = create_filesystem_object(a);
2107
2108 if ((en == ENOTDIR || en == ENOENT)
2109 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
2110 /* If the parent dir doesn't exist, try creating it. */
2111 create_parent_dir(a, a->name);
2112 /* Now try to create the object again. */
2113 en = create_filesystem_object(a);
2114 }
2115
2116 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) {
2117 archive_set_error(&a->archive, en,
2118 "Hard-link target '%s' does not exist.",
2119 archive_entry_hardlink(a->entry));
2120 return (ARCHIVE_FAILED);
2121 }
2122
2123 if ((en == EISDIR || en == EEXIST)
2124 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2125 /* If we're not overwriting, we're done. */
2126 if (S_ISDIR(a->mode)) {
2127 /* Don't overwrite any settings on existing directories. */
2128 a->todo = 0;
2129 }
2130 archive_entry_unset_size(a->entry);
2131 return (ARCHIVE_OK);
2132 }
2133
2134 /*
2135 * Some platforms return EISDIR if you call
2136 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
2137 * return EEXIST. POSIX is ambiguous, requiring EISDIR
2138 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
2139 * on an existing item.
2140 */
2141 if (en == EISDIR) {
2142 /* A dir is in the way of a non-dir, rmdir it. */
2143 if (rmdir(a->name) != 0) {
2144 archive_set_error(&a->archive, errno,
2145 "Can't remove already-existing dir");
2146 return (ARCHIVE_FAILED);
2147 }
2148 a->pst = NULL;
2149 /* Try again. */
2150 en = create_filesystem_object(a);
2151 } else if (en == EEXIST) {
2152 /*
2153 * We know something is in the way, but we don't know what;
2154 * we need to find out before we go any further.
2155 */
2156 int r = 0;
2157 /*
2158 * The SECURE_SYMLINKS logic has already removed a
2159 * symlink to a dir if the client wants that. So
2160 * follow the symlink if we're creating a dir.
2161 */
2162 if (S_ISDIR(a->mode))
2163 r = la_stat(a->name, &a->st);
2164 /*
2165 * If it's not a dir (or it's a broken symlink),
2166 * then don't follow it.
2167 */
2168 if (r != 0 || !S_ISDIR(a->mode))
2169 #ifdef HAVE_LSTAT
2170 r = lstat(a->name, &a->st);
2171 #else
2172 r = la_stat(a->name, &a->st);
2173 #endif
2174 if (r != 0) {
2175 archive_set_error(&a->archive, errno,
2176 "Can't stat existing object");
2177 return (ARCHIVE_FAILED);
2178 }
2179
2180 /*
2181 * NO_OVERWRITE_NEWER doesn't apply to directories.
2182 */
2183 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
2184 && !S_ISDIR(a->st.st_mode)) {
2185 if (!older(&(a->st), a->entry)) {
2186 archive_entry_unset_size(a->entry);
2187 return (ARCHIVE_OK);
2188 }
2189 }
2190
2191 /* If it's our archive, we're done. */
2192 if (a->skip_file_set &&
2193 a->st.st_dev == (dev_t)a->skip_file_dev &&
2194 a->st.st_ino == (ino_t)a->skip_file_ino) {
2195 archive_set_error(&a->archive, 0,
2196 "Refusing to overwrite archive");
2197 return (ARCHIVE_FAILED);
2198 }
2199
2200 if (!S_ISDIR(a->st.st_mode)) {
2201 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
2202 (void)clear_nochange_fflags(a);
2203
2204 if ((a->flags & ARCHIVE_EXTRACT_SAFE_WRITES) &&
2205 S_ISREG(a->st.st_mode)) {
2206 /* Use a temporary file to extract */
2207 if ((a->fd = la_mktemp(a)) == -1) {
2208 archive_set_error(&a->archive, errno,
2209 "Can't create temporary file");
2210 return ARCHIVE_FAILED;
2211 }
2212 a->pst = NULL;
2213 en = 0;
2214 } else {
2215 /* A non-dir is in the way, unlink it. */
2216 if (unlink(a->name) != 0) {
2217 archive_set_error(&a->archive, errno,
2218 "Can't unlink already-existing "
2219 "object");
2220 return (ARCHIVE_FAILED);
2221 }
2222 a->pst = NULL;
2223 /* Try again. */
2224 en = create_filesystem_object(a);
2225 }
2226 } else if (!S_ISDIR(a->mode)) {
2227 /* A dir is in the way of a non-dir, rmdir it. */
2228 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
2229 (void)clear_nochange_fflags(a);
2230 if (rmdir(a->name) != 0) {
2231 archive_set_error(&a->archive, errno,
2232 "Can't replace existing directory with non-directory");
2233 return (ARCHIVE_FAILED);
2234 }
2235 /* Try again. */
2236 en = create_filesystem_object(a);
2237 } else {
2238 /*
2239 * There's a dir in the way of a dir. Don't
2240 * waste time with rmdir()/mkdir(), just fix
2241 * up the permissions on the existing dir.
2242 * Note that we don't change perms on existing
2243 * dirs unless _EXTRACT_PERM is specified.
2244 */
2245 if ((a->mode != a->st.st_mode)
2246 && (a->todo & TODO_MODE_FORCE))
2247 a->deferred |= (a->todo & TODO_MODE);
2248 /* Ownership doesn't need deferred fixup. */
2249 en = 0; /* Forget the EEXIST. */
2250 }
2251 }
2252
2253 if (en) {
2254 /* Everything failed; give up here. */
2255 if ((&a->archive)->error == NULL)
2256 archive_set_error(&a->archive, en, "Can't create '%s'",
2257 a->name);
2258 return (ARCHIVE_FAILED);
2259 }
2260
2261 a->pst = NULL; /* Cached stat data no longer valid. */
2262 return (ret);
2263 }
2264
2265 /*
2266 * Returns 0 if creation succeeds, or else returns errno value from
2267 * the failed system call. Note: This function should only ever perform
2268 * a single system call.
2269 */
2270 static int
create_filesystem_object(struct archive_write_disk * a)2271 create_filesystem_object(struct archive_write_disk *a)
2272 {
2273 /* Create the entry. */
2274 const char *linkname;
2275 mode_t final_mode, mode;
2276 int r;
2277 /* these for check_symlinks_fsobj */
2278 char *linkname_copy; /* non-const copy of linkname */
2279 struct stat st;
2280 struct archive_string error_string;
2281 int error_number;
2282
2283 /* We identify hard/symlinks according to the link names. */
2284 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2285 linkname = archive_entry_hardlink(a->entry);
2286 if (linkname != NULL) {
2287 #if !HAVE_LINK
2288 return (EPERM);
2289 #else
2290 archive_string_init(&error_string);
2291 linkname_copy = strdup(linkname);
2292 if (linkname_copy == NULL) {
2293 return (EPERM);
2294 }
2295 /*
2296 * TODO: consider using the cleaned-up path as the link
2297 * target?
2298 */
2299 r = cleanup_pathname_fsobj(linkname_copy, &error_number,
2300 &error_string, a->flags);
2301 if (r != ARCHIVE_OK) {
2302 archive_set_error(&a->archive, error_number, "%s",
2303 error_string.s);
2304 free(linkname_copy);
2305 archive_string_free(&error_string);
2306 /*
2307 * EPERM is more appropriate than error_number for our
2308 * callers
2309 */
2310 return (EPERM);
2311 }
2312 r = check_symlinks_fsobj(linkname_copy, &error_number,
2313 &error_string, a->flags, 1);
2314 if (r != ARCHIVE_OK) {
2315 archive_set_error(&a->archive, error_number, "%s",
2316 error_string.s);
2317 free(linkname_copy);
2318 archive_string_free(&error_string);
2319 /*
2320 * EPERM is more appropriate than error_number for our
2321 * callers
2322 */
2323 return (EPERM);
2324 }
2325 free(linkname_copy);
2326 archive_string_free(&error_string);
2327 /*
2328 * Unlinking and linking here is really not atomic,
2329 * but doing it right, would require us to construct
2330 * an mktemplink() function, and then use rename(2).
2331 */
2332 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES)
2333 unlink(a->name);
2334 #ifdef HAVE_LINKAT
2335 r = linkat(AT_FDCWD, linkname, AT_FDCWD, a->name,
2336 0) ? errno : 0;
2337 #else
2338 r = link(linkname, a->name) ? errno : 0;
2339 #endif
2340 /*
2341 * New cpio and pax formats allow hardlink entries
2342 * to carry data, so we may have to open the file
2343 * for hardlink entries.
2344 *
2345 * If the hardlink was successfully created and
2346 * the archive doesn't have carry data for it,
2347 * consider it to be non-authoritative for meta data.
2348 * This is consistent with GNU tar and BSD pax.
2349 * If the hardlink does carry data, let the last
2350 * archive entry decide ownership.
2351 */
2352 if (r == 0 && a->filesize <= 0) {
2353 a->todo = 0;
2354 a->deferred = 0;
2355 } else if (r == 0 && a->filesize > 0) {
2356 #ifdef HAVE_LSTAT
2357 r = lstat(a->name, &st);
2358 #else
2359 r = la_stat(a->name, &st);
2360 #endif
2361 if (r != 0)
2362 r = errno;
2363 else if ((st.st_mode & AE_IFMT) == AE_IFREG) {
2364 a->fd = open(a->name, O_WRONLY | O_TRUNC |
2365 O_BINARY | O_CLOEXEC | O_NOFOLLOW);
2366 __archive_ensure_cloexec_flag(a->fd);
2367 if (a->fd < 0)
2368 r = errno;
2369 }
2370 }
2371 return (r);
2372 #endif
2373 }
2374 linkname = archive_entry_symlink(a->entry);
2375 if (linkname != NULL) {
2376 #if HAVE_SYMLINK
2377 /*
2378 * Unlinking and linking here is really not atomic,
2379 * but doing it right, would require us to construct
2380 * an mktempsymlink() function, and then use rename(2).
2381 */
2382 if (a->flags & ARCHIVE_EXTRACT_SAFE_WRITES)
2383 unlink(a->name);
2384 return symlink(linkname, a->name) ? errno : 0;
2385 #else
2386 return (EPERM);
2387 #endif
2388 }
2389
2390 /*
2391 * The remaining system calls all set permissions, so let's
2392 * try to take advantage of that to avoid an extra chmod()
2393 * call. (Recall that umask is set to zero right now!)
2394 */
2395
2396 /* Mode we want for the final restored object (w/o file type bits). */
2397 final_mode = a->mode & 07777;
2398 /*
2399 * The mode that will actually be restored in this step. Note
2400 * that SUID, SGID, etc, require additional work to ensure
2401 * security, so we never restore them at this point.
2402 */
2403 mode = final_mode & 0777 & ~a->user_umask;
2404
2405 /*
2406 * Always create writable such that [f]setxattr() works if we're not
2407 * root.
2408 */
2409 if (a->user_uid != 0 &&
2410 a->todo & (TODO_HFS_COMPRESSION | TODO_XATTR)) {
2411 mode |= 0200;
2412 }
2413
2414 switch (a->mode & AE_IFMT) {
2415 default:
2416 /* POSIX requires that we fall through here. */
2417 /* FALLTHROUGH */
2418 case AE_IFREG:
2419 a->tmpname = NULL;
2420 a->fd = open(a->name,
2421 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2422 __archive_ensure_cloexec_flag(a->fd);
2423 r = (a->fd < 0);
2424 break;
2425 case AE_IFCHR:
2426 #ifdef HAVE_MKNOD
2427 /* Note: we use AE_IFCHR for the case label, and
2428 * S_IFCHR for the mknod() call. This is correct. */
2429 r = mknod(a->name, mode | S_IFCHR,
2430 archive_entry_rdev(a->entry));
2431 break;
2432 #else
2433 /* TODO: Find a better way to warn about our inability
2434 * to restore a char device node. */
2435 return (EINVAL);
2436 #endif /* HAVE_MKNOD */
2437 case AE_IFBLK:
2438 #ifdef HAVE_MKNOD
2439 r = mknod(a->name, mode | S_IFBLK,
2440 archive_entry_rdev(a->entry));
2441 break;
2442 #else
2443 /* TODO: Find a better way to warn about our inability
2444 * to restore a block device node. */
2445 return (EINVAL);
2446 #endif /* HAVE_MKNOD */
2447 case AE_IFDIR:
2448 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2449 r = mkdir(a->name, mode);
2450 if (r == 0) {
2451 /* Defer setting dir times. */
2452 a->deferred |= (a->todo & TODO_TIMES);
2453 a->todo &= ~TODO_TIMES;
2454 /* Never use an immediate chmod(). */
2455 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2456 * because of SysV SGID inheritance. */
2457 if ((mode != final_mode)
2458 || (a->flags & ARCHIVE_EXTRACT_PERM))
2459 a->deferred |= (a->todo & TODO_MODE);
2460 a->todo &= ~TODO_MODE;
2461 }
2462 break;
2463 case AE_IFIFO:
2464 #ifdef HAVE_MKFIFO
2465 r = mkfifo(a->name, mode);
2466 break;
2467 #else
2468 /* TODO: Find a better way to warn about our inability
2469 * to restore a fifo. */
2470 return (EINVAL);
2471 #endif /* HAVE_MKFIFO */
2472 }
2473
2474 /* All the system calls above set errno on failure. */
2475 if (r)
2476 return (errno);
2477
2478 /* If we managed to set the final mode, we've avoided a chmod(). */
2479 if (mode == final_mode)
2480 a->todo &= ~TODO_MODE;
2481 return (0);
2482 }
2483
2484 /*
2485 * Cleanup function for archive_extract. Mostly, this involves processing
2486 * the fixup list, which is used to address a number of problems:
2487 * * Dir permissions might prevent us from restoring a file in that
2488 * dir, so we restore the dir with minimum 0700 permissions first,
2489 * then correct the mode at the end.
2490 * * Similarly, the act of restoring a file touches the directory
2491 * and changes the timestamp on the dir, so we have to touch-up dir
2492 * timestamps at the end as well.
2493 * * Some file flags can interfere with the restore by, for example,
2494 * preventing the creation of hardlinks to those files.
2495 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2496 *
2497 * Note that tar/cpio do not require that archives be in a particular
2498 * order; there is no way to know when the last file has been restored
2499 * within a directory, so there's no way to optimize the memory usage
2500 * here by fixing up the directory any earlier than the
2501 * end-of-archive.
2502 *
2503 * XXX TODO: Directory ACLs should be restored here, for the same
2504 * reason we set directory perms here. XXX
2505 */
2506 static int
_archive_write_disk_close(struct archive * _a)2507 _archive_write_disk_close(struct archive *_a)
2508 {
2509 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2510 struct fixup_entry *next, *p;
2511 struct stat st;
2512 char *c;
2513 int fd, ret, openflags;
2514
2515 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2516 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2517 "archive_write_disk_close");
2518 ret = _archive_write_disk_finish_entry(&a->archive);
2519
2520 /* Sort dir list so directories are fixed up in depth-first order. */
2521 p = sort_dir_list(a->fixup_list);
2522
2523 while (p != NULL) {
2524 fd = -1;
2525 a->pst = NULL; /* Mark stat cache as out-of-date. */
2526
2527 /* We must strip trailing slashes from the path to avoid
2528 dereferencing symbolic links to directories */
2529 c = p->name;
2530 while (*c != '\0')
2531 c++;
2532 while (c != p->name && *(c - 1) == '/') {
2533 c--;
2534 *c = '\0';
2535 }
2536
2537 if (p->fixup == 0)
2538 goto skip_fixup_entry;
2539 else {
2540 /*
2541 * We need to verify if the type of the file
2542 * we are going to open matches the file type
2543 * of the fixup entry.
2544 */
2545 openflags = O_BINARY | O_NOFOLLOW | O_RDONLY
2546 | O_CLOEXEC;
2547 #if defined(O_DIRECTORY)
2548 if (p->filetype == AE_IFDIR)
2549 openflags |= O_DIRECTORY;
2550 #endif
2551 fd = open(p->name, openflags);
2552
2553 #if defined(O_DIRECTORY)
2554 /*
2555 * If we support O_DIRECTORY and open was
2556 * successful we can skip the file type check
2557 * for directories. For other file types
2558 * we need to verify via fstat() or lstat()
2559 */
2560 if (fd == -1 || p->filetype != AE_IFDIR) {
2561 #if HAVE_FSTAT
2562 if (fd > 0 && (
2563 fstat(fd, &st) != 0 ||
2564 la_verify_filetype(st.st_mode,
2565 p->filetype) == 0)) {
2566 goto skip_fixup_entry;
2567 } else
2568 #endif
2569 if (
2570 #ifdef HAVE_LSTAT
2571 lstat(p->name, &st) != 0 ||
2572 #else
2573 la_stat(p->name, &st) != 0 ||
2574 #endif
2575 la_verify_filetype(st.st_mode,
2576 p->filetype) == 0) {
2577 goto skip_fixup_entry;
2578 }
2579 }
2580 #else
2581 #if HAVE_FSTAT
2582 if (fd > 0 && (
2583 fstat(fd, &st) != 0 ||
2584 la_verify_filetype(st.st_mode,
2585 p->filetype) == 0)) {
2586 goto skip_fixup_entry;
2587 } else
2588 #endif
2589 if (
2590 #ifdef HAVE_LSTAT
2591 lstat(p->name, &st) != 0 ||
2592 #else
2593 la_stat(p->name, &st) != 0 ||
2594 #endif
2595 la_verify_filetype(st.st_mode,
2596 p->filetype) == 0) {
2597 goto skip_fixup_entry;
2598 }
2599 #endif
2600 }
2601 if (p->fixup & TODO_TIMES) {
2602 set_times(a, fd, p->mode, p->name,
2603 p->atime, p->atime_nanos,
2604 p->birthtime, p->birthtime_nanos,
2605 p->mtime, p->mtime_nanos,
2606 p->ctime, p->ctime_nanos);
2607 }
2608 if (p->fixup & TODO_MODE_BASE) {
2609 #ifdef HAVE_FCHMOD
2610 if (fd >= 0)
2611 fchmod(fd, p->mode & 07777);
2612 else
2613 #endif
2614 #ifdef HAVE_LCHMOD
2615 lchmod(p->name, p->mode & 07777);
2616 #else
2617 chmod(p->name, p->mode & 07777);
2618 #endif
2619 }
2620 if (p->fixup & TODO_ACLS)
2621 archive_write_disk_set_acls(&a->archive, fd,
2622 p->name, &p->acl, p->mode);
2623 if (p->fixup & TODO_FFLAGS)
2624 set_fflags_platform(a, fd, p->name,
2625 p->mode, p->fflags_set, 0);
2626 if (p->fixup & TODO_MAC_METADATA)
2627 set_mac_metadata(a, p->name, p->mac_metadata,
2628 p->mac_metadata_size);
2629 skip_fixup_entry:
2630 next = p->next;
2631 archive_acl_clear(&p->acl);
2632 free(p->mac_metadata);
2633 free(p->name);
2634 if (fd >= 0)
2635 close(fd);
2636 free(p);
2637 p = next;
2638 }
2639 a->fixup_list = NULL;
2640 return (ret);
2641 }
2642
2643 static int
_archive_write_disk_free(struct archive * _a)2644 _archive_write_disk_free(struct archive *_a)
2645 {
2646 struct archive_write_disk *a;
2647 int ret;
2648 if (_a == NULL)
2649 return (ARCHIVE_OK);
2650 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2651 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2652 a = (struct archive_write_disk *)_a;
2653 ret = _archive_write_disk_close(&a->archive);
2654 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2655 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2656 archive_entry_free(a->entry);
2657 archive_string_free(&a->_name_data);
2658 archive_string_free(&a->_tmpname_data);
2659 archive_string_free(&a->archive.error_string);
2660 archive_string_free(&a->path_safe);
2661 a->archive.magic = 0;
2662 __archive_clean(&a->archive);
2663 free(a->decmpfs_header_p);
2664 free(a->resource_fork);
2665 free(a->compressed_buffer);
2666 free(a->uncompressed_buffer);
2667 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
2668 && defined(HAVE_ZLIB_H)
2669 if (a->stream_valid) {
2670 switch (deflateEnd(&a->stream)) {
2671 case Z_OK:
2672 break;
2673 default:
2674 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2675 "Failed to clean up compressor");
2676 ret = ARCHIVE_FATAL;
2677 break;
2678 }
2679 }
2680 #endif
2681 free(a);
2682 return (ret);
2683 }
2684
2685 /*
2686 * Simple O(n log n) merge sort to order the fixup list. In
2687 * particular, we want to restore dir timestamps depth-first.
2688 */
2689 static struct fixup_entry *
sort_dir_list(struct fixup_entry * p)2690 sort_dir_list(struct fixup_entry *p)
2691 {
2692 struct fixup_entry *a, *b, *t;
2693
2694 if (p == NULL)
2695 return (NULL);
2696 /* A one-item list is already sorted. */
2697 if (p->next == NULL)
2698 return (p);
2699
2700 /* Step 1: split the list. */
2701 t = p;
2702 a = p->next->next;
2703 while (a != NULL) {
2704 /* Step a twice, t once. */
2705 a = a->next;
2706 if (a != NULL)
2707 a = a->next;
2708 t = t->next;
2709 }
2710 /* Now, t is at the mid-point, so break the list here. */
2711 b = t->next;
2712 t->next = NULL;
2713 a = p;
2714
2715 /* Step 2: Recursively sort the two sub-lists. */
2716 a = sort_dir_list(a);
2717 b = sort_dir_list(b);
2718
2719 /* Step 3: Merge the returned lists. */
2720 /* Pick the first element for the merged list. */
2721 if (strcmp(a->name, b->name) > 0) {
2722 t = p = a;
2723 a = a->next;
2724 } else {
2725 t = p = b;
2726 b = b->next;
2727 }
2728
2729 /* Always put the later element on the list first. */
2730 while (a != NULL && b != NULL) {
2731 if (strcmp(a->name, b->name) > 0) {
2732 t->next = a;
2733 a = a->next;
2734 } else {
2735 t->next = b;
2736 b = b->next;
2737 }
2738 t = t->next;
2739 }
2740
2741 /* Only one list is non-empty, so just splice it on. */
2742 if (a != NULL)
2743 t->next = a;
2744 if (b != NULL)
2745 t->next = b;
2746
2747 return (p);
2748 }
2749
2750 /*
2751 * Returns a new, initialized fixup entry.
2752 *
2753 * TODO: Reduce the memory requirements for this list by using a tree
2754 * structure rather than a simple list of names.
2755 */
2756 static struct fixup_entry *
new_fixup(struct archive_write_disk * a,const char * pathname)2757 new_fixup(struct archive_write_disk *a, const char *pathname)
2758 {
2759 struct fixup_entry *fe;
2760
2761 fe = calloc(1, sizeof(struct fixup_entry));
2762 if (fe == NULL) {
2763 archive_set_error(&a->archive, ENOMEM,
2764 "Can't allocate memory for a fixup");
2765 return (NULL);
2766 }
2767 fe->next = a->fixup_list;
2768 a->fixup_list = fe;
2769 fe->fixup = 0;
2770 fe->filetype = 0;
2771 fe->name = strdup(pathname);
2772 return (fe);
2773 }
2774
2775 /*
2776 * Returns a fixup structure for the current entry.
2777 */
2778 static struct fixup_entry *
current_fixup(struct archive_write_disk * a,const char * pathname)2779 current_fixup(struct archive_write_disk *a, const char *pathname)
2780 {
2781 if (a->current_fixup == NULL)
2782 a->current_fixup = new_fixup(a, pathname);
2783 return (a->current_fixup);
2784 }
2785
2786 /* Error helper for new *_fsobj functions */
2787 static void
fsobj_error(int * a_eno,struct archive_string * a_estr,int err,const char * errstr,const char * path)2788 fsobj_error(int *a_eno, struct archive_string *a_estr,
2789 int err, const char *errstr, const char *path)
2790 {
2791 if (a_eno)
2792 *a_eno = err;
2793 if (a_estr)
2794 archive_string_sprintf(a_estr, "%s%s", errstr, path);
2795 }
2796
2797 /*
2798 * TODO: Someday, integrate this with the deep dir support; they both
2799 * scan the path and both can be optimized by comparing against other
2800 * recent paths.
2801 */
2802 /*
2803 * Checks the given path to see if any elements along it are symlinks. Returns
2804 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
2805 */
2806 static int
check_symlinks_fsobj(char * path,int * a_eno,struct archive_string * a_estr,int flags,int checking_linkname)2807 check_symlinks_fsobj(char *path, int *a_eno, struct archive_string *a_estr,
2808 int flags, int checking_linkname)
2809 {
2810 #if !defined(HAVE_LSTAT) && \
2811 !(defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT))
2812 /* Platform doesn't have lstat, so we can't look for symlinks. */
2813 (void)path; /* UNUSED */
2814 (void)a_eno; /* UNUSED */
2815 (void)a_estr; /* UNUSED */
2816 (void)flags; /* UNUSED */
2817 (void)checking_linkname; /* UNUSED */
2818 return (ARCHIVE_OK);
2819 #else
2820 int res = ARCHIVE_OK;
2821 char *tail;
2822 char *head;
2823 int last;
2824 char c = '\0';
2825 int r;
2826 struct stat st;
2827 int chdir_fd;
2828 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2829 int fd;
2830 #endif
2831
2832 /* Nothing to do here if name is empty */
2833 if(path[0] == '\0')
2834 return (ARCHIVE_OK);
2835
2836 /*
2837 * Guard against symlink tricks. Reject any archive entry whose
2838 * destination would be altered by a symlink.
2839 *
2840 * Walk the filename in chunks separated by '/'. For each segment:
2841 * - if it doesn't exist, continue
2842 * - if it's symlink, abort or remove it
2843 * - if it's a directory and it's not the last chunk, cd into it
2844 * As we go:
2845 * head points to the current (relative) path
2846 * tail points to the temporary \0 terminating the segment we're
2847 * currently examining
2848 * c holds what used to be in *tail
2849 * last is 1 if this is the last tail
2850 */
2851 chdir_fd = la_opendirat(AT_FDCWD, ".");
2852 __archive_ensure_cloexec_flag(chdir_fd);
2853 if (chdir_fd < 0) {
2854 fsobj_error(a_eno, a_estr, errno,
2855 "Could not open ", path);
2856 return (ARCHIVE_FATAL);
2857 }
2858 head = path;
2859 tail = path;
2860 last = 0;
2861 /* TODO: reintroduce a safe cache here? */
2862 /* Skip the root directory if the path is absolute. */
2863 if(tail == path && tail[0] == '/')
2864 ++tail;
2865 /* Keep going until we've checked the entire name.
2866 * head, tail, path all alias the same string, which is
2867 * temporarily zeroed at tail, so be careful restoring the
2868 * stashed (c=tail[0]) for error messages.
2869 * Exiting the loop with break is okay; continue is not.
2870 */
2871 while (!last) {
2872 /*
2873 * Skip the separator we just consumed, plus any adjacent ones
2874 */
2875 while (*tail == '/')
2876 ++tail;
2877 /* Skip the next path element. */
2878 while (*tail != '\0' && *tail != '/')
2879 ++tail;
2880 /* is this the last path component? */
2881 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
2882 /* temporarily truncate the string here */
2883 c = tail[0];
2884 tail[0] = '\0';
2885 /* Check that we haven't hit a symlink. */
2886 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2887 r = fstatat(chdir_fd, head, &st, AT_SYMLINK_NOFOLLOW);
2888 #elif defined(HAVE_LSTAT)
2889 r = lstat(head, &st);
2890 #else
2891 r = la_stat(head, &st);
2892 #endif
2893 if (r != 0) {
2894 tail[0] = c;
2895 /* We've hit a dir that doesn't exist; stop now. */
2896 if (errno == ENOENT) {
2897 break;
2898 } else {
2899 /*
2900 * Treat any other error as fatal - best to be
2901 * paranoid here.
2902 * Note: This effectively disables deep
2903 * directory support when security checks are
2904 * enabled. Otherwise, very long pathnames that
2905 * trigger an error here could evade the
2906 * sandbox.
2907 * TODO: We could do better, but it would
2908 * probably require merging the symlink checks
2909 * with the deep-directory editing.
2910 */
2911 fsobj_error(a_eno, a_estr, errno,
2912 "Could not stat ", path);
2913 res = ARCHIVE_FAILED;
2914 break;
2915 }
2916 } else if (S_ISDIR(st.st_mode)) {
2917 if (!last) {
2918 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2919 fd = la_opendirat(chdir_fd, head);
2920 if (fd < 0)
2921 r = -1;
2922 else {
2923 r = 0;
2924 close(chdir_fd);
2925 chdir_fd = fd;
2926 }
2927 #else
2928 r = chdir(head);
2929 #endif
2930 if (r != 0) {
2931 tail[0] = c;
2932 fsobj_error(a_eno, a_estr, errno,
2933 "Could not chdir ", path);
2934 res = (ARCHIVE_FATAL);
2935 break;
2936 }
2937 /* Our view is now from inside this dir: */
2938 head = tail + 1;
2939 }
2940 } else if (S_ISLNK(st.st_mode)) {
2941 if (last && checking_linkname) {
2942 #ifdef HAVE_LINKAT
2943 /*
2944 * Hardlinks to symlinks are safe to write
2945 * if linkat() is supported as it does not
2946 * follow symlinks.
2947 */
2948 res = ARCHIVE_OK;
2949 #else
2950 /*
2951 * We return ARCHIVE_FAILED here as we are
2952 * not able to safely write hardlinks
2953 * to symlinks.
2954 */
2955 tail[0] = c;
2956 fsobj_error(a_eno, a_estr, errno,
2957 "Cannot write hardlink to symlink ",
2958 path);
2959 res = ARCHIVE_FAILED;
2960 #endif
2961 break;
2962 } else
2963 if (last) {
2964 /*
2965 * Last element is symlink; remove it
2966 * so we can overwrite it with the
2967 * item being extracted.
2968 */
2969 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
2970 r = unlinkat(chdir_fd, head, 0);
2971 #else
2972 r = unlink(head);
2973 #endif
2974 if (r != 0) {
2975 tail[0] = c;
2976 fsobj_error(a_eno, a_estr, errno,
2977 "Could not remove symlink ",
2978 path);
2979 res = ARCHIVE_FAILED;
2980 break;
2981 }
2982 /*
2983 * Even if we did remove it, a warning
2984 * is in order. The warning is silly,
2985 * though, if we're just replacing one
2986 * symlink with another symlink.
2987 */
2988 tail[0] = c;
2989 /*
2990 * FIXME: not sure how important this is to
2991 * restore
2992 */
2993 /*
2994 if (!S_ISLNK(path)) {
2995 fsobj_error(a_eno, a_estr, 0,
2996 "Removing symlink ", path);
2997 }
2998 */
2999 /* Symlink gone. No more problem! */
3000 res = ARCHIVE_OK;
3001 break;
3002 } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
3003 /* User asked us to remove problems. */
3004 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
3005 r = unlinkat(chdir_fd, head, 0);
3006 #else
3007 r = unlink(head);
3008 #endif
3009 if (r != 0) {
3010 tail[0] = c;
3011 fsobj_error(a_eno, a_estr, 0,
3012 "Cannot remove intervening "
3013 "symlink ", path);
3014 res = ARCHIVE_FAILED;
3015 break;
3016 }
3017 tail[0] = c;
3018 } else if ((flags &
3019 ARCHIVE_EXTRACT_SECURE_SYMLINKS) == 0) {
3020 /*
3021 * We are not the last element and we want to
3022 * follow symlinks if they are a directory.
3023 *
3024 * This is needed to extract hardlinks over
3025 * symlinks.
3026 */
3027 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
3028 r = fstatat(chdir_fd, head, &st, 0);
3029 #else
3030 r = la_stat(head, &st);
3031 #endif
3032 if (r != 0) {
3033 tail[0] = c;
3034 if (errno == ENOENT) {
3035 break;
3036 } else {
3037 fsobj_error(a_eno, a_estr,
3038 errno,
3039 "Could not stat ", path);
3040 res = (ARCHIVE_FAILED);
3041 break;
3042 }
3043 } else if (S_ISDIR(st.st_mode)) {
3044 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
3045 fd = la_opendirat(chdir_fd, head);
3046 if (fd < 0)
3047 r = -1;
3048 else {
3049 r = 0;
3050 close(chdir_fd);
3051 chdir_fd = fd;
3052 }
3053 #else
3054 r = chdir(head);
3055 #endif
3056 if (r != 0) {
3057 tail[0] = c;
3058 fsobj_error(a_eno, a_estr,
3059 errno,
3060 "Could not chdir ", path);
3061 res = (ARCHIVE_FATAL);
3062 break;
3063 }
3064 /*
3065 * Our view is now from inside
3066 * this dir:
3067 */
3068 head = tail + 1;
3069 } else {
3070 tail[0] = c;
3071 fsobj_error(a_eno, a_estr, 0,
3072 "Cannot extract through "
3073 "symlink ", path);
3074 res = ARCHIVE_FAILED;
3075 break;
3076 }
3077 } else {
3078 tail[0] = c;
3079 fsobj_error(a_eno, a_estr, 0,
3080 "Cannot extract through symlink ", path);
3081 res = ARCHIVE_FAILED;
3082 break;
3083 }
3084 }
3085 /* be sure to always maintain this */
3086 tail[0] = c;
3087 if (tail[0] != '\0')
3088 tail++; /* Advance to the next segment. */
3089 }
3090 /* Catches loop exits via break */
3091 tail[0] = c;
3092 #if defined(HAVE_OPENAT) && defined(HAVE_FSTATAT) && defined(HAVE_UNLINKAT)
3093 /* If we operate with openat(), fstatat() and unlinkat() there was
3094 * no chdir(), so just close the fd */
3095 if (chdir_fd >= 0)
3096 close(chdir_fd);
3097 #elif HAVE_FCHDIR
3098 /* If we changed directory above, restore it here. */
3099 if (chdir_fd >= 0) {
3100 r = fchdir(chdir_fd);
3101 if (r != 0) {
3102 fsobj_error(a_eno, a_estr, errno,
3103 "chdir() failure", "");
3104 }
3105 close(chdir_fd);
3106 chdir_fd = -1;
3107 if (r != 0) {
3108 res = (ARCHIVE_FATAL);
3109 }
3110 }
3111 #endif
3112 /* TODO: reintroduce a safe cache here? */
3113 return res;
3114 #endif
3115 }
3116
3117 /*
3118 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
3119 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
3120 */
3121 static int
check_symlinks(struct archive_write_disk * a)3122 check_symlinks(struct archive_write_disk *a)
3123 {
3124 struct archive_string error_string;
3125 int error_number;
3126 int rc;
3127 archive_string_init(&error_string);
3128 rc = check_symlinks_fsobj(a->name, &error_number, &error_string,
3129 a->flags, 0);
3130 if (rc != ARCHIVE_OK) {
3131 archive_set_error(&a->archive, error_number, "%s",
3132 error_string.s);
3133 }
3134 archive_string_free(&error_string);
3135 a->pst = NULL; /* to be safe */
3136 return rc;
3137 }
3138
3139
3140 #if defined(__CYGWIN__)
3141 /*
3142 * 1. Convert a path separator from '\' to '/' .
3143 * We shouldn't check multibyte character directly because some
3144 * character-set have been using the '\' character for a part of
3145 * its multibyte character code.
3146 * 2. Replace unusable characters in Windows with underscore('_').
3147 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
3148 */
3149 static void
cleanup_pathname_win(char * path)3150 cleanup_pathname_win(char *path)
3151 {
3152 wchar_t wc;
3153 char *p;
3154 size_t alen, l;
3155 int mb, complete, utf8;
3156
3157 alen = 0;
3158 mb = 0;
3159 complete = 1;
3160 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
3161 for (p = path; *p != '\0'; p++) {
3162 ++alen;
3163 if (*p == '\\') {
3164 /* If previous byte is smaller than 128,
3165 * this is not second byte of multibyte characters,
3166 * so we can replace '\' with '/'. */
3167 if (utf8 || !mb)
3168 *p = '/';
3169 else
3170 complete = 0;/* uncompleted. */
3171 } else if (*(unsigned char *)p > 127)
3172 mb = 1;
3173 else
3174 mb = 0;
3175 /* Rewrite the path name if its next character is unusable. */
3176 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
3177 *p == '<' || *p == '>' || *p == '|')
3178 *p = '_';
3179 }
3180 if (complete)
3181 return;
3182
3183 /*
3184 * Convert path separator in wide-character.
3185 */
3186 p = path;
3187 while (*p != '\0' && alen) {
3188 l = mbtowc(&wc, p, alen);
3189 if (l == (size_t)-1) {
3190 while (*p != '\0') {
3191 if (*p == '\\')
3192 *p = '/';
3193 ++p;
3194 }
3195 break;
3196 }
3197 if (l == 1 && wc == L'\\')
3198 *p = '/';
3199 p += l;
3200 alen -= l;
3201 }
3202 }
3203 #endif
3204
3205 /*
3206 * Canonicalize the pathname. In particular, this strips duplicate
3207 * '/' characters, '.' elements, and trailing '/'. It also raises an
3208 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
3209 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
3210 * is set) if the path is absolute.
3211 */
3212 static int
cleanup_pathname_fsobj(char * path,int * a_eno,struct archive_string * a_estr,int flags)3213 cleanup_pathname_fsobj(char *path, int *a_eno, struct archive_string *a_estr,
3214 int flags)
3215 {
3216 char *dest, *src;
3217 char separator = '\0';
3218
3219 dest = src = path;
3220 if (*src == '\0') {
3221 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC,
3222 "Invalid empty ", "pathname");
3223 return (ARCHIVE_FAILED);
3224 }
3225
3226 #if defined(__CYGWIN__)
3227 cleanup_pathname_win(path);
3228 #endif
3229 /* Skip leading '/'. */
3230 if (*src == '/') {
3231 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
3232 fsobj_error(a_eno, a_estr, ARCHIVE_ERRNO_MISC,
3233 "Path is ", "absolute");
3234 return (ARCHIVE_FAILED);
3235 }
3236
3237 separator = *src++;
3238 }
3239
3240 /* Scan the pathname one element at a time. */
3241 for (;;) {
3242 /* src points to first char after '/' */
3243 if (src[0] == '\0') {
3244 break;
3245 } else if (src[0] == '/') {
3246 /* Found '//', ignore second one. */
3247 src++;
3248 continue;
3249 } else if (src[0] == '.') {
3250 if (src[1] == '\0') {
3251 /* Ignore trailing '.' */
3252 break;
3253 } else if (src[1] == '/') {
3254 /* Skip './'. */
3255 src += 2;
3256 continue;
3257 } else if (src[1] == '.') {
3258 if (src[2] == '/' || src[2] == '\0') {
3259 /* Conditionally warn about '..' */
3260 if (flags
3261 & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
3262 fsobj_error(a_eno, a_estr,
3263 ARCHIVE_ERRNO_MISC,
3264 "Path contains ", "'..'");
3265 return (ARCHIVE_FAILED);
3266 }
3267 }
3268 /*
3269 * Note: Under no circumstances do we
3270 * remove '..' elements. In
3271 * particular, restoring
3272 * '/foo/../bar/' should create the
3273 * 'foo' dir as a side-effect.
3274 */
3275 }
3276 }
3277
3278 /* Copy current element, including leading '/'. */
3279 if (separator)
3280 *dest++ = '/';
3281 while (*src != '\0' && *src != '/') {
3282 *dest++ = *src++;
3283 }
3284
3285 if (*src == '\0')
3286 break;
3287
3288 /* Skip '/' separator. */
3289 separator = *src++;
3290 }
3291 /*
3292 * We've just copied zero or more path elements, not including the
3293 * final '/'.
3294 */
3295 if (dest == path) {
3296 /*
3297 * Nothing got copied. The path must have been something
3298 * like '.' or '/' or './' or '/././././/./'.
3299 */
3300 if (separator)
3301 *dest++ = '/';
3302 else
3303 *dest++ = '.';
3304 }
3305 /* Terminate the result. */
3306 *dest = '\0';
3307 return (ARCHIVE_OK);
3308 }
3309
3310 static int
cleanup_pathname(struct archive_write_disk * a)3311 cleanup_pathname(struct archive_write_disk *a)
3312 {
3313 struct archive_string error_string;
3314 int error_number;
3315 int rc;
3316 archive_string_init(&error_string);
3317 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string,
3318 a->flags);
3319 if (rc != ARCHIVE_OK) {
3320 archive_set_error(&a->archive, error_number, "%s",
3321 error_string.s);
3322 }
3323 archive_string_free(&error_string);
3324 return rc;
3325 }
3326
3327 /*
3328 * Create the parent directory of the specified path, assuming path
3329 * is already in mutable storage.
3330 */
3331 static int
create_parent_dir(struct archive_write_disk * a,char * path)3332 create_parent_dir(struct archive_write_disk *a, char *path)
3333 {
3334 char *slash;
3335 int r;
3336
3337 /* Remove tail element to obtain parent name. */
3338 slash = strrchr(path, '/');
3339 if (slash == NULL)
3340 return (ARCHIVE_OK);
3341 *slash = '\0';
3342 r = create_dir(a, path);
3343 *slash = '/';
3344 return (r);
3345 }
3346
3347 /*
3348 * Create the specified dir, recursing to create parents as necessary.
3349 *
3350 * Returns ARCHIVE_OK if the path exists when we're done here.
3351 * Otherwise, returns ARCHIVE_FAILED.
3352 * Assumes path is in mutable storage; path is unchanged on exit.
3353 */
3354 static int
create_dir(struct archive_write_disk * a,char * path)3355 create_dir(struct archive_write_disk *a, char *path)
3356 {
3357 struct stat st;
3358 struct fixup_entry *le;
3359 char *slash, *base;
3360 mode_t mode_final, mode;
3361 int r;
3362
3363 /* Check for special names and just skip them. */
3364 slash = strrchr(path, '/');
3365 if (slash == NULL)
3366 base = path;
3367 else
3368 base = slash + 1;
3369
3370 if (base[0] == '\0' ||
3371 (base[0] == '.' && base[1] == '\0') ||
3372 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
3373 /* Don't bother trying to create null path, '.', or '..'. */
3374 if (slash != NULL) {
3375 *slash = '\0';
3376 r = create_dir(a, path);
3377 *slash = '/';
3378 return (r);
3379 }
3380 return (ARCHIVE_OK);
3381 }
3382
3383 /*
3384 * Yes, this should be stat() and not lstat(). Using lstat()
3385 * here loses the ability to extract through symlinks. Also note
3386 * that this should not use the a->st cache.
3387 */
3388 if (la_stat(path, &st) == 0) {
3389 if (S_ISDIR(st.st_mode))
3390 return (ARCHIVE_OK);
3391 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
3392 archive_set_error(&a->archive, EEXIST,
3393 "Can't create directory '%s'", path);
3394 return (ARCHIVE_FAILED);
3395 }
3396 if (unlink(path) != 0) {
3397 archive_set_error(&a->archive, errno,
3398 "Can't create directory '%s': "
3399 "Conflicting file cannot be removed",
3400 path);
3401 return (ARCHIVE_FAILED);
3402 }
3403 } else if (errno != ENOENT && errno != ENOTDIR) {
3404 /* Stat failed? */
3405 archive_set_error(&a->archive, errno,
3406 "Can't test directory '%s'", path);
3407 return (ARCHIVE_FAILED);
3408 } else if (slash != NULL) {
3409 *slash = '\0';
3410 r = create_dir(a, path);
3411 *slash = '/';
3412 if (r != ARCHIVE_OK)
3413 return (r);
3414 }
3415
3416 /*
3417 * Mode we want for the final restored directory. Per POSIX,
3418 * implicitly-created dirs must be created obeying the umask.
3419 * There's no mention whether this is different for privileged
3420 * restores (which the rest of this code handles by pretending
3421 * umask=0). I've chosen here to always obey the user's umask for
3422 * implicit dirs, even if _EXTRACT_PERM was specified.
3423 */
3424 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
3425 /* Mode we want on disk during the restore process. */
3426 mode = mode_final;
3427 mode |= MINIMUM_DIR_MODE;
3428 mode &= MAXIMUM_DIR_MODE;
3429 if (mkdir(path, mode) == 0) {
3430 if (mode != mode_final) {
3431 le = new_fixup(a, path);
3432 if (le == NULL)
3433 return (ARCHIVE_FATAL);
3434 le->fixup |=TODO_MODE_BASE;
3435 le->mode = mode_final;
3436 }
3437 return (ARCHIVE_OK);
3438 }
3439
3440 /*
3441 * Without the following check, a/b/../b/c/d fails at the
3442 * second visit to 'b', so 'd' can't be created. Note that we
3443 * don't add it to the fixup list here, as it's already been
3444 * added.
3445 */
3446 if (la_stat(path, &st) == 0 && S_ISDIR(st.st_mode))
3447 return (ARCHIVE_OK);
3448
3449 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
3450 path);
3451 return (ARCHIVE_FAILED);
3452 }
3453
3454 /*
3455 * Note: Although we can skip setting the user id if the desired user
3456 * id matches the current user, we cannot skip setting the group, as
3457 * many systems set the gid based on the containing directory. So
3458 * we have to perform a chown syscall if we want to set the SGID
3459 * bit. (The alternative is to stat() and then possibly chown(); it's
3460 * more efficient to skip the stat() and just always chown().) Note
3461 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
3462 * allows set_mode to skip the stat() check for the GID.
3463 */
3464 static int
set_ownership(struct archive_write_disk * a)3465 set_ownership(struct archive_write_disk *a)
3466 {
3467 #if !defined(__CYGWIN__) && !defined(__linux__)
3468 /*
3469 * On Linux, a process may have the CAP_CHOWN capability.
3470 * On Windows there is no 'root' user with uid 0.
3471 * Elsewhere we can skip calling chown if we are not root and the desired
3472 * user id does not match the current user.
3473 */
3474 if (a->user_uid != 0 && a->user_uid != a->uid) {
3475 archive_set_error(&a->archive, errno,
3476 "Can't set UID=%jd", (intmax_t)a->uid);
3477 return (ARCHIVE_WARN);
3478 }
3479 #endif
3480
3481 #ifdef HAVE_FCHOWN
3482 /* If we have an fd, we can avoid a race. */
3483 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
3484 /* We've set owner and know uid/gid are correct. */
3485 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
3486 return (ARCHIVE_OK);
3487 }
3488 #endif
3489
3490 /* We prefer lchown() but will use chown() if that's all we have. */
3491 /* Of course, if we have neither, this will always fail. */
3492 #ifdef HAVE_LCHOWN
3493 if (lchown(a->name, a->uid, a->gid) == 0) {
3494 /* We've set owner and know uid/gid are correct. */
3495 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
3496 return (ARCHIVE_OK);
3497 }
3498 #elif HAVE_CHOWN
3499 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
3500 /* We've set owner and know uid/gid are correct. */
3501 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
3502 return (ARCHIVE_OK);
3503 }
3504 #endif
3505
3506 archive_set_error(&a->archive, errno,
3507 "Can't set user=%jd/group=%jd for %s",
3508 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
3509 return (ARCHIVE_WARN);
3510 }
3511
3512 /*
3513 * Note: Returns 0 on success, non-zero on failure.
3514 */
3515 static int
set_time(int fd,int mode,const char * name,time_t atime,long atime_nsec,time_t mtime,long mtime_nsec)3516 set_time(int fd, int mode, const char *name,
3517 time_t atime, long atime_nsec,
3518 time_t mtime, long mtime_nsec)
3519 {
3520 /* Select the best implementation for this platform. */
3521 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
3522 /*
3523 * utimensat() and futimens() are defined in
3524 * POSIX.1-2008. They support ns resolution and setting times
3525 * on fds and symlinks.
3526 */
3527 struct timespec ts[2];
3528 (void)mode; /* UNUSED */
3529 ts[0].tv_sec = atime;
3530 ts[0].tv_nsec = atime_nsec;
3531 ts[1].tv_sec = mtime;
3532 ts[1].tv_nsec = mtime_nsec;
3533 if (fd >= 0)
3534 return futimens(fd, ts);
3535 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
3536
3537 #elif HAVE_UTIMES
3538 /*
3539 * The utimes()-family functions support µs-resolution and
3540 * setting times fds and symlinks. utimes() is documented as
3541 * LEGACY by POSIX, futimes() and lutimes() are not described
3542 * in POSIX.
3543 */
3544 struct timeval times[2];
3545
3546 times[0].tv_sec = atime;
3547 times[0].tv_usec = atime_nsec / 1000;
3548 times[1].tv_sec = mtime;
3549 times[1].tv_usec = mtime_nsec / 1000;
3550
3551 #ifdef HAVE_FUTIMES
3552 if (fd >= 0)
3553 return (futimes(fd, times));
3554 #else
3555 (void)fd; /* UNUSED */
3556 #endif
3557 #ifdef HAVE_LUTIMES
3558 (void)mode; /* UNUSED */
3559 return (lutimes(name, times));
3560 #else
3561 if (S_ISLNK(mode))
3562 return (0);
3563 return (utimes(name, times));
3564 #endif
3565
3566 #elif defined(HAVE_UTIME)
3567 /*
3568 * utime() is POSIX-standard but only supports 1s resolution and
3569 * does not support fds or symlinks.
3570 */
3571 struct utimbuf times;
3572 (void)fd; /* UNUSED */
3573 (void)name; /* UNUSED */
3574 (void)atime_nsec; /* UNUSED */
3575 (void)mtime_nsec; /* UNUSED */
3576 times.actime = atime;
3577 times.modtime = mtime;
3578 if (S_ISLNK(mode))
3579 return (ARCHIVE_OK);
3580 return (utime(name, ×));
3581
3582 #else
3583 /*
3584 * We don't know how to set the time on this platform.
3585 */
3586 (void)fd; /* UNUSED */
3587 (void)mode; /* UNUSED */
3588 (void)name; /* UNUSED */
3589 (void)atime; /* UNUSED */
3590 (void)atime_nsec; /* UNUSED */
3591 (void)mtime; /* UNUSED */
3592 (void)mtime_nsec; /* UNUSED */
3593 return (ARCHIVE_WARN);
3594 #endif
3595 }
3596
3597 #ifdef F_SETTIMES
3598 static int
set_time_tru64(int fd,int mode,const char * name,time_t atime,long atime_nsec,time_t mtime,long mtime_nsec,time_t ctime,long ctime_nsec)3599 set_time_tru64(int fd, int mode, const char *name,
3600 time_t atime, long atime_nsec,
3601 time_t mtime, long mtime_nsec,
3602 time_t ctime, long ctime_nsec)
3603 {
3604 struct attr_timbuf tstamp;
3605 tstamp.atime.tv_sec = atime;
3606 tstamp.mtime.tv_sec = mtime;
3607 tstamp.ctime.tv_sec = ctime;
3608 #if defined (__hpux) && defined (__ia64)
3609 tstamp.atime.tv_nsec = atime_nsec;
3610 tstamp.mtime.tv_nsec = mtime_nsec;
3611 tstamp.ctime.tv_nsec = ctime_nsec;
3612 #else
3613 tstamp.atime.tv_usec = atime_nsec / 1000;
3614 tstamp.mtime.tv_usec = mtime_nsec / 1000;
3615 tstamp.ctime.tv_usec = ctime_nsec / 1000;
3616 #endif
3617 return (fcntl(fd,F_SETTIMES,&tstamp));
3618 }
3619 #endif /* F_SETTIMES */
3620
3621 static int
set_times(struct archive_write_disk * a,int fd,int mode,const char * name,time_t atime,long atime_nanos,time_t birthtime,long birthtime_nanos,time_t mtime,long mtime_nanos,time_t cctime,long ctime_nanos)3622 set_times(struct archive_write_disk *a,
3623 int fd, int mode, const char *name,
3624 time_t atime, long atime_nanos,
3625 time_t birthtime, long birthtime_nanos,
3626 time_t mtime, long mtime_nanos,
3627 time_t cctime, long ctime_nanos)
3628 {
3629 /* Note: set_time doesn't use libarchive return conventions!
3630 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
3631 int r1 = 0, r2 = 0;
3632
3633 #ifdef F_SETTIMES
3634 /*
3635 * on Tru64 try own fcntl first which can restore even the
3636 * ctime, fall back to default code path below if it fails
3637 * or if we are not running as root
3638 */
3639 if (a->user_uid == 0 &&
3640 set_time_tru64(fd, mode, name,
3641 atime, atime_nanos, mtime,
3642 mtime_nanos, cctime, ctime_nanos) == 0) {
3643 return (ARCHIVE_OK);
3644 }
3645 #else /* Tru64 */
3646 (void)cctime; /* UNUSED */
3647 (void)ctime_nanos; /* UNUSED */
3648 #endif /* Tru64 */
3649
3650 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
3651 /*
3652 * If you have struct stat.st_birthtime, we assume BSD
3653 * birthtime semantics, in which {f,l,}utimes() updates
3654 * birthtime to earliest mtime. So we set the time twice,
3655 * first using the birthtime, then using the mtime. If
3656 * birthtime == mtime, this isn't necessary, so we skip it.
3657 * If birthtime > mtime, then this won't work, so we skip it.
3658 */
3659 if (birthtime < mtime
3660 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
3661 r1 = set_time(fd, mode, name,
3662 atime, atime_nanos,
3663 birthtime, birthtime_nanos);
3664 #else
3665 (void)birthtime; /* UNUSED */
3666 (void)birthtime_nanos; /* UNUSED */
3667 #endif
3668 r2 = set_time(fd, mode, name,
3669 atime, atime_nanos,
3670 mtime, mtime_nanos);
3671 if (r1 != 0 || r2 != 0) {
3672 archive_set_error(&a->archive, errno,
3673 "Can't restore time");
3674 return (ARCHIVE_WARN);
3675 }
3676 return (ARCHIVE_OK);
3677 }
3678
3679 static int
set_times_from_entry(struct archive_write_disk * a)3680 set_times_from_entry(struct archive_write_disk *a)
3681 {
3682 time_t atime, birthtime, mtime, cctime;
3683 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
3684
3685 /* Suitable defaults. */
3686 atime = birthtime = mtime = cctime = a->start_time;
3687 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
3688
3689 /* If no time was provided, we're done. */
3690 if (!archive_entry_atime_is_set(a->entry)
3691 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
3692 && !archive_entry_birthtime_is_set(a->entry)
3693 #endif
3694 && !archive_entry_mtime_is_set(a->entry))
3695 return (ARCHIVE_OK);
3696
3697 if (archive_entry_atime_is_set(a->entry)) {
3698 atime = archive_entry_atime(a->entry);
3699 atime_nsec = archive_entry_atime_nsec(a->entry);
3700 }
3701 if (archive_entry_birthtime_is_set(a->entry)) {
3702 birthtime = archive_entry_birthtime(a->entry);
3703 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
3704 }
3705 if (archive_entry_mtime_is_set(a->entry)) {
3706 mtime = archive_entry_mtime(a->entry);
3707 mtime_nsec = archive_entry_mtime_nsec(a->entry);
3708 }
3709 if (archive_entry_ctime_is_set(a->entry)) {
3710 cctime = archive_entry_ctime(a->entry);
3711 ctime_nsec = archive_entry_ctime_nsec(a->entry);
3712 }
3713
3714 return set_times(a, a->fd, a->mode, a->name,
3715 atime, atime_nsec,
3716 birthtime, birthtime_nsec,
3717 mtime, mtime_nsec,
3718 cctime, ctime_nsec);
3719 }
3720
3721 static int
set_mode(struct archive_write_disk * a,int mode)3722 set_mode(struct archive_write_disk *a, int mode)
3723 {
3724 int r = ARCHIVE_OK;
3725 int r2;
3726 mode &= 07777; /* Strip off file type bits. */
3727
3728 if (a->todo & TODO_SGID_CHECK) {
3729 /*
3730 * If we don't know the GID is right, we must stat()
3731 * to verify it. We can't just check the GID of this
3732 * process, since systems sometimes set GID from
3733 * the enclosing dir or based on ACLs.
3734 */
3735 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3736 return (r);
3737 if (a->pst->st_gid != a->gid) {
3738 mode &= ~ S_ISGID;
3739 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3740 /*
3741 * This is only an error if you
3742 * requested owner restore. If you
3743 * didn't, we'll try to restore
3744 * sgid/suid, but won't consider it a
3745 * problem if we can't.
3746 */
3747 archive_set_error(&a->archive, -1,
3748 "Can't restore SGID bit");
3749 r = ARCHIVE_WARN;
3750 }
3751 }
3752 /* While we're here, double-check the UID. */
3753 if (a->pst->st_uid != a->uid
3754 && (a->todo & TODO_SUID)) {
3755 mode &= ~ S_ISUID;
3756 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3757 archive_set_error(&a->archive, -1,
3758 "Can't restore SUID bit");
3759 r = ARCHIVE_WARN;
3760 }
3761 }
3762 a->todo &= ~TODO_SGID_CHECK;
3763 a->todo &= ~TODO_SUID_CHECK;
3764 } else if (a->todo & TODO_SUID_CHECK) {
3765 /*
3766 * If we don't know the UID is right, we can just check
3767 * the user, since all systems set the file UID from
3768 * the process UID.
3769 */
3770 if (a->user_uid != a->uid) {
3771 mode &= ~ S_ISUID;
3772 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3773 archive_set_error(&a->archive, -1,
3774 "Can't make file SUID");
3775 r = ARCHIVE_WARN;
3776 }
3777 }
3778 a->todo &= ~TODO_SUID_CHECK;
3779 }
3780
3781 if (S_ISLNK(a->mode)) {
3782 #ifdef HAVE_LCHMOD
3783 /*
3784 * If this is a symlink, use lchmod(). If the
3785 * platform doesn't support lchmod(), just skip it. A
3786 * platform that doesn't provide a way to set
3787 * permissions on symlinks probably ignores
3788 * permissions on symlinks, so a failure here has no
3789 * impact.
3790 */
3791 if (lchmod(a->name, mode) != 0) {
3792 switch (errno) {
3793 case ENOTSUP:
3794 case ENOSYS:
3795 #if ENOTSUP != EOPNOTSUPP
3796 case EOPNOTSUPP:
3797 #endif
3798 /*
3799 * if lchmod is defined but the platform
3800 * doesn't support it, silently ignore
3801 * error
3802 */
3803 break;
3804 default:
3805 archive_set_error(&a->archive, errno,
3806 "Can't set permissions to 0%o", (int)mode);
3807 r = ARCHIVE_WARN;
3808 }
3809 }
3810 #endif
3811 } else if (!S_ISDIR(a->mode)) {
3812 /*
3813 * If it's not a symlink and not a dir, then use
3814 * fchmod() or chmod(), depending on whether we have
3815 * an fd. Dirs get their perms set during the
3816 * post-extract fixup, which is handled elsewhere.
3817 */
3818 #ifdef HAVE_FCHMOD
3819 if (a->fd >= 0)
3820 r2 = fchmod(a->fd, mode);
3821 else
3822 #endif
3823 /* If this platform lacks fchmod(), then
3824 * we'll just use chmod(). */
3825 r2 = chmod(a->name, mode);
3826
3827 if (r2 != 0) {
3828 archive_set_error(&a->archive, errno,
3829 "Can't set permissions to 0%o", (int)mode);
3830 r = ARCHIVE_WARN;
3831 }
3832 }
3833 return (r);
3834 }
3835
3836 static int
set_fflags(struct archive_write_disk * a)3837 set_fflags(struct archive_write_disk *a)
3838 {
3839 struct fixup_entry *le;
3840 unsigned long set, clear;
3841 int r;
3842 mode_t mode = archive_entry_mode(a->entry);
3843 /*
3844 * Make 'critical_flags' hold all file flags that can't be
3845 * immediately restored. For example, on BSD systems,
3846 * SF_IMMUTABLE prevents hardlinks from being created, so
3847 * should not be set until after any hardlinks are created. To
3848 * preserve some semblance of portability, this uses #ifdef
3849 * extensively. Ugly, but it works.
3850 *
3851 * Yes, Virginia, this does create a security race. It's mitigated
3852 * somewhat by the practice of creating dirs 0700 until the extract
3853 * is done, but it would be nice if we could do more than that.
3854 * People restoring critical file systems should be wary of
3855 * other programs that might try to muck with files as they're
3856 * being restored.
3857 */
3858 const int critical_flags = 0
3859 #ifdef SF_IMMUTABLE
3860 | SF_IMMUTABLE
3861 #endif
3862 #ifdef UF_IMMUTABLE
3863 | UF_IMMUTABLE
3864 #endif
3865 #ifdef SF_APPEND
3866 | SF_APPEND
3867 #endif
3868 #ifdef UF_APPEND
3869 | UF_APPEND
3870 #endif
3871 #if defined(FS_APPEND_FL)
3872 | FS_APPEND_FL
3873 #elif defined(EXT2_APPEND_FL)
3874 | EXT2_APPEND_FL
3875 #endif
3876 #if defined(FS_IMMUTABLE_FL)
3877 | FS_IMMUTABLE_FL
3878 #elif defined(EXT2_IMMUTABLE_FL)
3879 | EXT2_IMMUTABLE_FL
3880 #endif
3881 #ifdef FS_JOURNAL_DATA_FL
3882 | FS_JOURNAL_DATA_FL
3883 #endif
3884 ;
3885
3886 if (a->todo & TODO_FFLAGS) {
3887 archive_entry_fflags(a->entry, &set, &clear);
3888
3889 /*
3890 * The first test encourages the compiler to eliminate
3891 * all of this if it's not necessary.
3892 */
3893 if ((critical_flags != 0) && (set & critical_flags)) {
3894 le = current_fixup(a, a->name);
3895 if (le == NULL)
3896 return (ARCHIVE_FATAL);
3897 le->filetype = archive_entry_filetype(a->entry);
3898 le->fixup |= TODO_FFLAGS;
3899 le->fflags_set = set;
3900 /* Store the mode if it's not already there. */
3901 if ((le->fixup & TODO_MODE) == 0)
3902 le->mode = mode;
3903 } else {
3904 r = set_fflags_platform(a, a->fd,
3905 a->name, mode, set, clear);
3906 if (r != ARCHIVE_OK)
3907 return (r);
3908 }
3909 }
3910 return (ARCHIVE_OK);
3911 }
3912
3913 static int
clear_nochange_fflags(struct archive_write_disk * a)3914 clear_nochange_fflags(struct archive_write_disk *a)
3915 {
3916 mode_t mode = archive_entry_mode(a->entry);
3917 const int nochange_flags = 0
3918 #ifdef SF_IMMUTABLE
3919 | SF_IMMUTABLE
3920 #endif
3921 #ifdef UF_IMMUTABLE
3922 | UF_IMMUTABLE
3923 #endif
3924 #ifdef SF_APPEND
3925 | SF_APPEND
3926 #endif
3927 #ifdef UF_APPEND
3928 | UF_APPEND
3929 #endif
3930 #ifdef EXT2_APPEND_FL
3931 | EXT2_APPEND_FL
3932 #endif
3933 #ifdef EXT2_IMMUTABLE_FL
3934 | EXT2_IMMUTABLE_FL
3935 #endif
3936 ;
3937
3938 return (set_fflags_platform(a, a->fd, a->name, mode, 0,
3939 nochange_flags));
3940 }
3941
3942
3943 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3944 /*
3945 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3946 */
3947 static int
set_fflags_platform(struct archive_write_disk * a,int fd,const char * name,mode_t mode,unsigned long set,unsigned long clear)3948 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3949 mode_t mode, unsigned long set, unsigned long clear)
3950 {
3951 int r;
3952 const int sf_mask = 0
3953 #ifdef SF_APPEND
3954 | SF_APPEND
3955 #endif
3956 #ifdef SF_ARCHIVED
3957 | SF_ARCHIVED
3958 #endif
3959 #ifdef SF_IMMUTABLE
3960 | SF_IMMUTABLE
3961 #endif
3962 #ifdef SF_NOUNLINK
3963 | SF_NOUNLINK
3964 #endif
3965 ;
3966 (void)mode; /* UNUSED */
3967
3968 if (set == 0 && clear == 0)
3969 return (ARCHIVE_OK);
3970
3971 /*
3972 * XXX Is the stat here really necessary? Or can I just use
3973 * the 'set' flags directly? In particular, I'm not sure
3974 * about the correct approach if we're overwriting an existing
3975 * file that already has flags on it. XXX
3976 */
3977 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3978 return (r);
3979
3980 a->st.st_flags &= ~clear;
3981 a->st.st_flags |= set;
3982
3983 /* Only super-user may change SF_* flags */
3984
3985 if (a->user_uid != 0)
3986 a->st.st_flags &= ~sf_mask;
3987
3988 #ifdef HAVE_FCHFLAGS
3989 /* If platform has fchflags() and we were given an fd, use it. */
3990 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3991 return (ARCHIVE_OK);
3992 #endif
3993 /*
3994 * If we can't use the fd to set the flags, we'll use the
3995 * pathname to set flags. We prefer lchflags() but will use
3996 * chflags() if we must.
3997 */
3998 #ifdef HAVE_LCHFLAGS
3999 if (lchflags(name, a->st.st_flags) == 0)
4000 return (ARCHIVE_OK);
4001 #elif defined(HAVE_CHFLAGS)
4002 if (S_ISLNK(a->st.st_mode)) {
4003 archive_set_error(&a->archive, errno,
4004 "Can't set file flags on symlink.");
4005 return (ARCHIVE_WARN);
4006 }
4007 if (chflags(name, a->st.st_flags) == 0)
4008 return (ARCHIVE_OK);
4009 #endif
4010 archive_set_error(&a->archive, errno,
4011 "Failed to set file flags");
4012 return (ARCHIVE_WARN);
4013 }
4014
4015 #elif (defined(FS_IOC_GETFLAGS) && defined(FS_IOC_SETFLAGS) && \
4016 defined(HAVE_WORKING_FS_IOC_GETFLAGS)) || \
4017 (defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && \
4018 defined(HAVE_WORKING_EXT2_IOC_GETFLAGS))
4019 /*
4020 * Linux uses ioctl() to read and write file flags.
4021 */
4022 static int
set_fflags_platform(struct archive_write_disk * a,int fd,const char * name,mode_t mode,unsigned long set,unsigned long clear)4023 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
4024 mode_t mode, unsigned long set, unsigned long clear)
4025 {
4026 int ret;
4027 int myfd = fd;
4028 int newflags, oldflags;
4029 /*
4030 * Linux has no define for the flags that are only settable by
4031 * the root user. This code may seem a little complex, but
4032 * there seem to be some Linux systems that lack these
4033 * defines. (?) The code below degrades reasonably gracefully
4034 * if sf_mask is incomplete.
4035 */
4036 const int sf_mask = 0
4037 #if defined(FS_IMMUTABLE_FL)
4038 | FS_IMMUTABLE_FL
4039 #elif defined(EXT2_IMMUTABLE_FL)
4040 | EXT2_IMMUTABLE_FL
4041 #endif
4042 #if defined(FS_APPEND_FL)
4043 | FS_APPEND_FL
4044 #elif defined(EXT2_APPEND_FL)
4045 | EXT2_APPEND_FL
4046 #endif
4047 #if defined(FS_JOURNAL_DATA_FL)
4048 | FS_JOURNAL_DATA_FL
4049 #endif
4050 ;
4051
4052 if (set == 0 && clear == 0)
4053 return (ARCHIVE_OK);
4054 /* Only regular files and dirs can have flags. */
4055 if (!S_ISREG(mode) && !S_ISDIR(mode))
4056 return (ARCHIVE_OK);
4057
4058 /* If we weren't given an fd, open it ourselves. */
4059 if (myfd < 0) {
4060 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY |
4061 O_CLOEXEC | O_NOFOLLOW);
4062 __archive_ensure_cloexec_flag(myfd);
4063 }
4064 if (myfd < 0)
4065 return (ARCHIVE_OK);
4066
4067 /*
4068 * XXX As above, this would be way simpler if we didn't have
4069 * to read the current flags from disk. XXX
4070 */
4071 ret = ARCHIVE_OK;
4072
4073 /* Read the current file flags. */
4074 if (ioctl(myfd,
4075 #ifdef FS_IOC_GETFLAGS
4076 FS_IOC_GETFLAGS,
4077 #else
4078 EXT2_IOC_GETFLAGS,
4079 #endif
4080 &oldflags) < 0)
4081 goto fail;
4082
4083 /* Try setting the flags as given. */
4084 newflags = (oldflags & ~clear) | set;
4085 if (ioctl(myfd,
4086 #ifdef FS_IOC_SETFLAGS
4087 FS_IOC_SETFLAGS,
4088 #else
4089 EXT2_IOC_SETFLAGS,
4090 #endif
4091 &newflags) >= 0)
4092 goto cleanup;
4093 if (errno != EPERM)
4094 goto fail;
4095
4096 /* If we couldn't set all the flags, try again with a subset. */
4097 newflags &= ~sf_mask;
4098 oldflags &= sf_mask;
4099 newflags |= oldflags;
4100 if (ioctl(myfd,
4101 #ifdef FS_IOC_SETFLAGS
4102 FS_IOC_SETFLAGS,
4103 #else
4104 EXT2_IOC_SETFLAGS,
4105 #endif
4106 &newflags) >= 0)
4107 goto cleanup;
4108
4109 /* We couldn't set the flags, so report the failure. */
4110 fail:
4111 archive_set_error(&a->archive, errno,
4112 "Failed to set file flags");
4113 ret = ARCHIVE_WARN;
4114 cleanup:
4115 if (fd < 0)
4116 close(myfd);
4117 return (ret);
4118 }
4119
4120 #else
4121
4122 /*
4123 * Of course, some systems have neither BSD chflags() nor Linux' flags
4124 * support through ioctl().
4125 */
4126 static int
set_fflags_platform(struct archive_write_disk * a,int fd,const char * name,mode_t mode,unsigned long set,unsigned long clear)4127 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
4128 mode_t mode, unsigned long set, unsigned long clear)
4129 {
4130 (void)a; /* UNUSED */
4131 (void)fd; /* UNUSED */
4132 (void)name; /* UNUSED */
4133 (void)mode; /* UNUSED */
4134 (void)set; /* UNUSED */
4135 (void)clear; /* UNUSED */
4136 return (ARCHIVE_OK);
4137 }
4138
4139 #endif /* __linux */
4140
4141 #ifndef HAVE_COPYFILE_H
4142 /* Default is to simply drop Mac extended metadata. */
4143 static int
set_mac_metadata(struct archive_write_disk * a,const char * pathname,const void * metadata,size_t metadata_size)4144 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
4145 const void *metadata, size_t metadata_size)
4146 {
4147 (void)a; /* UNUSED */
4148 (void)pathname; /* UNUSED */
4149 (void)metadata; /* UNUSED */
4150 (void)metadata_size; /* UNUSED */
4151 return (ARCHIVE_OK);
4152 }
4153
4154 static int
fixup_appledouble(struct archive_write_disk * a,const char * pathname)4155 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
4156 {
4157 (void)a; /* UNUSED */
4158 (void)pathname; /* UNUSED */
4159 return (ARCHIVE_OK);
4160 }
4161 #else
4162
4163 /*
4164 * On Mac OS, we use copyfile() to unpack the metadata and
4165 * apply it to the target file.
4166 */
4167
4168 #if defined(HAVE_SYS_XATTR_H)
4169 static int
copy_xattrs(struct archive_write_disk * a,int tmpfd,int dffd)4170 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
4171 {
4172 ssize_t xattr_size;
4173 char *xattr_names = NULL, *xattr_val = NULL;
4174 int ret = ARCHIVE_OK, xattr_i;
4175
4176 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
4177 if (xattr_size == -1) {
4178 archive_set_error(&a->archive, errno,
4179 "Failed to read metadata(xattr)");
4180 ret = ARCHIVE_WARN;
4181 goto exit_xattr;
4182 }
4183 xattr_names = malloc(xattr_size);
4184 if (xattr_names == NULL) {
4185 archive_set_error(&a->archive, ENOMEM,
4186 "Can't allocate memory for metadata(xattr)");
4187 ret = ARCHIVE_FATAL;
4188 goto exit_xattr;
4189 }
4190 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
4191 if (xattr_size == -1) {
4192 archive_set_error(&a->archive, errno,
4193 "Failed to read metadata(xattr)");
4194 ret = ARCHIVE_WARN;
4195 goto exit_xattr;
4196 }
4197 for (xattr_i = 0; xattr_i < xattr_size;
4198 xattr_i += strlen(xattr_names + xattr_i) + 1) {
4199 char *p;
4200 ssize_t s;
4201 int f;
4202
4203 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
4204 if (s == -1) {
4205 archive_set_error(&a->archive, errno,
4206 "Failed to get metadata(xattr)");
4207 ret = ARCHIVE_WARN;
4208 goto exit_xattr;
4209 }
4210 p = realloc(xattr_val, s);
4211 if (p == NULL) {
4212 archive_set_error(&a->archive, ENOMEM,
4213 "Failed to get metadata(xattr)");
4214 ret = ARCHIVE_WARN;
4215 goto exit_xattr;
4216 }
4217 xattr_val = p;
4218 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
4219 if (s == -1) {
4220 archive_set_error(&a->archive, errno,
4221 "Failed to get metadata(xattr)");
4222 ret = ARCHIVE_WARN;
4223 goto exit_xattr;
4224 }
4225 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
4226 if (f == -1) {
4227 archive_set_error(&a->archive, errno,
4228 "Failed to get metadata(xattr)");
4229 ret = ARCHIVE_WARN;
4230 goto exit_xattr;
4231 }
4232 }
4233 exit_xattr:
4234 free(xattr_names);
4235 free(xattr_val);
4236 return (ret);
4237 }
4238 #endif
4239
4240 static int
copy_acls(struct archive_write_disk * a,int tmpfd,int dffd)4241 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
4242 {
4243 #ifndef HAVE_SYS_ACL_H
4244 return 0;
4245 #else
4246 acl_t acl, dfacl = NULL;
4247 int acl_r, ret = ARCHIVE_OK;
4248
4249 acl = acl_get_fd(tmpfd);
4250 if (acl == NULL) {
4251 if (errno == ENOENT)
4252 /* There are not any ACLs. */
4253 return (ret);
4254 archive_set_error(&a->archive, errno,
4255 "Failed to get metadata(acl)");
4256 ret = ARCHIVE_WARN;
4257 goto exit_acl;
4258 }
4259 dfacl = acl_dup(acl);
4260 acl_r = acl_set_fd(dffd, dfacl);
4261 if (acl_r == -1) {
4262 archive_set_error(&a->archive, errno,
4263 "Failed to get metadata(acl)");
4264 ret = ARCHIVE_WARN;
4265 goto exit_acl;
4266 }
4267 exit_acl:
4268 if (acl)
4269 acl_free(acl);
4270 if (dfacl)
4271 acl_free(dfacl);
4272 return (ret);
4273 #endif
4274 }
4275
4276 static int
create_tempdatafork(struct archive_write_disk * a,const char * pathname)4277 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
4278 {
4279 struct archive_string tmpdatafork;
4280 int tmpfd;
4281
4282 archive_string_init(&tmpdatafork);
4283 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
4284 tmpfd = mkstemp(tmpdatafork.s);
4285 if (tmpfd < 0) {
4286 archive_set_error(&a->archive, errno,
4287 "Failed to mkstemp");
4288 archive_string_free(&tmpdatafork);
4289 return (-1);
4290 }
4291 if (copyfile(pathname, tmpdatafork.s, 0,
4292 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
4293 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
4294 archive_set_error(&a->archive, errno,
4295 "Failed to restore metadata");
4296 close(tmpfd);
4297 tmpfd = -1;
4298 }
4299 unlink(tmpdatafork.s);
4300 archive_string_free(&tmpdatafork);
4301 return (tmpfd);
4302 }
4303
4304 static int
copy_metadata(struct archive_write_disk * a,const char * metadata,const char * datafork,int datafork_compressed)4305 copy_metadata(struct archive_write_disk *a, const char *metadata,
4306 const char *datafork, int datafork_compressed)
4307 {
4308 int ret = ARCHIVE_OK;
4309
4310 if (datafork_compressed) {
4311 int dffd, tmpfd;
4312
4313 tmpfd = create_tempdatafork(a, metadata);
4314 if (tmpfd == -1)
4315 return (ARCHIVE_WARN);
4316
4317 /*
4318 * Do not open the data fork compressed by HFS+ compression
4319 * with at least a writing mode(O_RDWR or O_WRONLY). it
4320 * makes the data fork uncompressed.
4321 */
4322 dffd = open(datafork, 0);
4323 if (dffd == -1) {
4324 archive_set_error(&a->archive, errno,
4325 "Failed to open the data fork for metadata");
4326 close(tmpfd);
4327 return (ARCHIVE_WARN);
4328 }
4329
4330 #if defined(HAVE_SYS_XATTR_H)
4331 ret = copy_xattrs(a, tmpfd, dffd);
4332 if (ret == ARCHIVE_OK)
4333 #endif
4334 ret = copy_acls(a, tmpfd, dffd);
4335 close(tmpfd);
4336 close(dffd);
4337 } else {
4338 if (copyfile(metadata, datafork, 0,
4339 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
4340 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
4341 archive_set_error(&a->archive, errno,
4342 "Failed to restore metadata");
4343 ret = ARCHIVE_WARN;
4344 }
4345 }
4346 return (ret);
4347 }
4348
4349 static int
set_mac_metadata(struct archive_write_disk * a,const char * pathname,const void * metadata,size_t metadata_size)4350 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
4351 const void *metadata, size_t metadata_size)
4352 {
4353 struct archive_string tmp;
4354 ssize_t written;
4355 int fd;
4356 int ret = ARCHIVE_OK;
4357
4358 /* This would be simpler if copyfile() could just accept the
4359 * metadata as a block of memory; then we could sidestep this
4360 * silly dance of writing the data to disk just so that
4361 * copyfile() can read it back in again. */
4362 archive_string_init(&tmp);
4363 archive_strcpy(&tmp, "tar.mmd.XXXXXX");
4364 fd = mkstemp(tmp.s);
4365
4366 if (fd < 0) {
4367 archive_set_error(&a->archive, errno,
4368 "Failed to restore metadata");
4369 archive_string_free(&tmp);
4370 return (ARCHIVE_WARN);
4371 }
4372 written = write(fd, metadata, metadata_size);
4373 close(fd);
4374 if ((size_t)written != metadata_size) {
4375 archive_set_error(&a->archive, errno,
4376 "Failed to restore metadata");
4377 ret = ARCHIVE_WARN;
4378 } else {
4379 int compressed;
4380
4381 #if defined(UF_COMPRESSED)
4382 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
4383 (ret = lazy_stat(a)) == ARCHIVE_OK)
4384 compressed = a->st.st_flags & UF_COMPRESSED;
4385 else
4386 #endif
4387 compressed = 0;
4388 ret = copy_metadata(a, tmp.s, pathname, compressed);
4389 }
4390 unlink(tmp.s);
4391 archive_string_free(&tmp);
4392 return (ret);
4393 }
4394
4395 static int
fixup_appledouble(struct archive_write_disk * a,const char * pathname)4396 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
4397 {
4398 char buff[8];
4399 struct stat st;
4400 const char *p;
4401 struct archive_string datafork;
4402 int fd = -1, ret = ARCHIVE_OK;
4403
4404 archive_string_init(&datafork);
4405 /* Check if the current file name is a type of the resource
4406 * fork file. */
4407 p = strrchr(pathname, '/');
4408 if (p == NULL)
4409 p = pathname;
4410 else
4411 p++;
4412 if (p[0] != '.' || p[1] != '_')
4413 goto skip_appledouble;
4414
4415 /*
4416 * Check if the data fork file exists.
4417 *
4418 * TODO: Check if this write disk object has handled it.
4419 */
4420 archive_strncpy(&datafork, pathname, p - pathname);
4421 archive_strcat(&datafork, p + 2);
4422 if (
4423 #ifdef HAVE_LSTAT
4424 lstat(datafork.s, &st) == -1 ||
4425 #else
4426 la_stat(datafork.s, &st) == -1 ||
4427 #endif
4428 (((st.st_mode & AE_IFMT) != AE_IFREG) &&
4429 ((st.st_mode & AE_IFMT) != AE_IFDIR)))
4430 goto skip_appledouble;
4431
4432 /*
4433 * Check if the file is in the AppleDouble form.
4434 */
4435 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
4436 __archive_ensure_cloexec_flag(fd);
4437 if (fd == -1) {
4438 archive_set_error(&a->archive, errno,
4439 "Failed to open a restoring file");
4440 ret = ARCHIVE_WARN;
4441 goto skip_appledouble;
4442 }
4443 if (read(fd, buff, 8) == -1) {
4444 archive_set_error(&a->archive, errno,
4445 "Failed to read a restoring file");
4446 close(fd);
4447 ret = ARCHIVE_WARN;
4448 goto skip_appledouble;
4449 }
4450 close(fd);
4451 /* Check AppleDouble Magic Code. */
4452 if (archive_be32dec(buff) != 0x00051607)
4453 goto skip_appledouble;
4454 /* Check AppleDouble Version. */
4455 if (archive_be32dec(buff+4) != 0x00020000)
4456 goto skip_appledouble;
4457
4458 ret = copy_metadata(a, pathname, datafork.s,
4459 #if defined(UF_COMPRESSED)
4460 st.st_flags & UF_COMPRESSED);
4461 #else
4462 0);
4463 #endif
4464 if (ret == ARCHIVE_OK) {
4465 unlink(pathname);
4466 ret = ARCHIVE_EOF;
4467 }
4468 skip_appledouble:
4469 archive_string_free(&datafork);
4470 return (ret);
4471 }
4472 #endif
4473
4474 #if ARCHIVE_XATTR_LINUX || ARCHIVE_XATTR_DARWIN || ARCHIVE_XATTR_AIX
4475 /*
4476 * Restore extended attributes - Linux, Darwin and AIX implementations:
4477 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
4478 */
4479 static int
set_xattrs(struct archive_write_disk * a)4480 set_xattrs(struct archive_write_disk *a)
4481 {
4482 struct archive_entry *entry = a->entry;
4483 struct archive_string errlist;
4484 int ret = ARCHIVE_OK;
4485 int i = archive_entry_xattr_reset(entry);
4486 short fail = 0;
4487
4488 archive_string_init(&errlist);
4489
4490 while (i--) {
4491 const char *name;
4492 const void *value;
4493 size_t size;
4494 int e;
4495
4496 archive_entry_xattr_next(entry, &name, &value, &size);
4497
4498 if (name == NULL)
4499 continue;
4500 #if ARCHIVE_XATTR_LINUX
4501 /* Linux: quietly skip POSIX.1e ACL extended attributes */
4502 if (strncmp(name, "system.", 7) == 0 &&
4503 (strcmp(name + 7, "posix_acl_access") == 0 ||
4504 strcmp(name + 7, "posix_acl_default") == 0))
4505 continue;
4506 if (strncmp(name, "trusted.SGI_", 12) == 0 &&
4507 (strcmp(name + 12, "ACL_DEFAULT") == 0 ||
4508 strcmp(name + 12, "ACL_FILE") == 0))
4509 continue;
4510
4511 /* Linux: xfsroot namespace is obsolete and unsupported */
4512 if (strncmp(name, "xfsroot.", 8) == 0) {
4513 fail = 1;
4514 archive_strcat(&errlist, name);
4515 archive_strappend_char(&errlist, ' ');
4516 continue;
4517 }
4518 #endif
4519
4520 if (a->fd >= 0) {
4521 #if ARCHIVE_XATTR_LINUX
4522 e = fsetxattr(a->fd, name, value, size, 0);
4523 #elif ARCHIVE_XATTR_DARWIN
4524 e = fsetxattr(a->fd, name, value, size, 0, 0);
4525 #elif ARCHIVE_XATTR_AIX
4526 e = fsetea(a->fd, name, value, size, 0);
4527 #endif
4528 } else {
4529 #if ARCHIVE_XATTR_LINUX
4530 e = lsetxattr(archive_entry_pathname(entry),
4531 name, value, size, 0);
4532 #elif ARCHIVE_XATTR_DARWIN
4533 e = setxattr(archive_entry_pathname(entry),
4534 name, value, size, 0, XATTR_NOFOLLOW);
4535 #elif ARCHIVE_XATTR_AIX
4536 e = lsetea(archive_entry_pathname(entry),
4537 name, value, size, 0);
4538 #endif
4539 }
4540 if (e == -1) {
4541 ret = ARCHIVE_WARN;
4542 archive_strcat(&errlist, name);
4543 archive_strappend_char(&errlist, ' ');
4544 if (errno != ENOTSUP && errno != ENOSYS)
4545 fail = 1;
4546 }
4547 }
4548
4549 if (ret == ARCHIVE_WARN) {
4550 if (fail && errlist.length > 0) {
4551 errlist.length--;
4552 errlist.s[errlist.length] = '\0';
4553 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4554 "Cannot restore extended attributes: %s",
4555 errlist.s);
4556 } else
4557 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4558 "Cannot restore extended "
4559 "attributes on this file system.");
4560 }
4561
4562 archive_string_free(&errlist);
4563 return (ret);
4564 }
4565 #elif ARCHIVE_XATTR_FREEBSD
4566 /*
4567 * Restore extended attributes - FreeBSD implementation
4568 */
4569 static int
set_xattrs(struct archive_write_disk * a)4570 set_xattrs(struct archive_write_disk *a)
4571 {
4572 struct archive_entry *entry = a->entry;
4573 struct archive_string errlist;
4574 int ret = ARCHIVE_OK;
4575 int i = archive_entry_xattr_reset(entry);
4576 short fail = 0;
4577
4578 archive_string_init(&errlist);
4579
4580 while (i--) {
4581 const char *name;
4582 const void *value;
4583 size_t size;
4584 archive_entry_xattr_next(entry, &name, &value, &size);
4585 if (name != NULL) {
4586 ssize_t e;
4587 int namespace;
4588
4589 namespace = EXTATTR_NAMESPACE_USER;
4590
4591 if (strncmp(name, "user.", 5) == 0) {
4592 /* "user." attributes go to user namespace */
4593 name += 5;
4594 namespace = EXTATTR_NAMESPACE_USER;
4595 } else if (strncmp(name, "system.", 7) == 0) {
4596 name += 7;
4597 namespace = EXTATTR_NAMESPACE_SYSTEM;
4598 if (!strcmp(name, "nfs4.acl") ||
4599 !strcmp(name, "posix1e.acl_access") ||
4600 !strcmp(name, "posix1e.acl_default"))
4601 continue;
4602 } else {
4603 /* Other namespaces are unsupported */
4604 archive_strcat(&errlist, name);
4605 archive_strappend_char(&errlist, ' ');
4606 fail = 1;
4607 ret = ARCHIVE_WARN;
4608 continue;
4609 }
4610
4611 if (a->fd >= 0) {
4612 /*
4613 * On FreeBSD, extattr_set_fd does not
4614 * return the same as
4615 * extattr_set_file. It returns zero
4616 * on success, non-zero on failure.
4617 *
4618 * We can detect the failure by
4619 * manually setting errno prior to the
4620 * call and checking after.
4621 *
4622 * If errno remains zero, fake the
4623 * return value by setting e to size.
4624 *
4625 * This is a hack for now until I
4626 * (Shawn Webb) get FreeBSD to fix the
4627 * issue, if that's even possible.
4628 */
4629 errno = 0;
4630 e = extattr_set_fd(a->fd, namespace, name,
4631 value, size);
4632 if (e == 0 && errno == 0) {
4633 e = size;
4634 }
4635 } else {
4636 e = extattr_set_link(
4637 archive_entry_pathname(entry), namespace,
4638 name, value, size);
4639 }
4640 if (e != (ssize_t)size) {
4641 archive_strcat(&errlist, name);
4642 archive_strappend_char(&errlist, ' ');
4643 ret = ARCHIVE_WARN;
4644 if (errno != ENOTSUP && errno != ENOSYS)
4645 fail = 1;
4646 }
4647 }
4648 }
4649
4650 if (ret == ARCHIVE_WARN) {
4651 if (fail && errlist.length > 0) {
4652 errlist.length--;
4653 errlist.s[errlist.length] = '\0';
4654
4655 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4656 "Cannot restore extended attributes: %s",
4657 errlist.s);
4658 } else
4659 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
4660 "Cannot restore extended "
4661 "attributes on this file system.");
4662 }
4663
4664 archive_string_free(&errlist);
4665 return (ret);
4666 }
4667 #else
4668 /*
4669 * Restore extended attributes - stub implementation for unsupported systems
4670 */
4671 static int
set_xattrs(struct archive_write_disk * a)4672 set_xattrs(struct archive_write_disk *a)
4673 {
4674 static int warning_done = 0;
4675
4676 /* If there aren't any extended attributes, then it's okay not
4677 * to extract them, otherwise, issue a single warning. */
4678 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
4679 warning_done = 1;
4680 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
4681 "Cannot restore extended attributes on this system");
4682 return (ARCHIVE_WARN);
4683 }
4684 /* Warning was already emitted; suppress further warnings. */
4685 return (ARCHIVE_OK);
4686 }
4687 #endif
4688
4689 /*
4690 * Test if file on disk is older than entry.
4691 */
4692 static int
older(struct stat * st,struct archive_entry * entry)4693 older(struct stat *st, struct archive_entry *entry)
4694 {
4695 /* First, test the seconds and return if we have a definite answer. */
4696 /* Definitely older. */
4697 if (to_int64_time(st->st_mtime) < to_int64_time(archive_entry_mtime(entry)))
4698 return (1);
4699 /* Definitely younger. */
4700 if (to_int64_time(st->st_mtime) > to_int64_time(archive_entry_mtime(entry)))
4701 return (0);
4702 /* If this platform supports fractional seconds, try those. */
4703 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
4704 /* Definitely older. */
4705 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
4706 return (1);
4707 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
4708 /* Definitely older. */
4709 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
4710 return (1);
4711 #elif HAVE_STRUCT_STAT_ST_MTIME_N
4712 /* older. */
4713 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
4714 return (1);
4715 #elif HAVE_STRUCT_STAT_ST_UMTIME
4716 /* older. */
4717 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
4718 return (1);
4719 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
4720 /* older. */
4721 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
4722 return (1);
4723 #else
4724 /* This system doesn't have high-res timestamps. */
4725 #endif
4726 /* Same age or newer, so not older. */
4727 return (0);
4728 }
4729
4730 #ifndef ARCHIVE_ACL_SUPPORT
4731 int
archive_write_disk_set_acls(struct archive * a,int fd,const char * name,struct archive_acl * abstract_acl,__LA_MODE_T mode)4732 archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
4733 struct archive_acl *abstract_acl, __LA_MODE_T mode)
4734 {
4735 (void)a; /* UNUSED */
4736 (void)fd; /* UNUSED */
4737 (void)name; /* UNUSED */
4738 (void)abstract_acl; /* UNUSED */
4739 (void)mode; /* UNUSED */
4740 return (ARCHIVE_OK);
4741 }
4742 #endif
4743
4744 /*
4745 * Close the file descriptor if one is open.
4746 */
close_file_descriptor(struct archive_write_disk * a)4747 static void close_file_descriptor(struct archive_write_disk* a)
4748 {
4749 if (a->fd >= 0) {
4750 close(a->fd);
4751 a->fd = -1;
4752 }
4753 }
4754
4755
4756 #endif /* !_WIN32 || __CYGWIN__ */
4757
4758