2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
31 #if !defined(_WIN32) || defined(__CYGWIN__)
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
42 #if defined(HAVE_SYS_XATTR_H)
43 #include <sys/xattr.h>
44 #elif defined(HAVE_ATTR_XATTR_H)
45 #include <attr/xattr.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
53 #ifdef HAVE_SYS_STAT_H
56 #ifdef HAVE_SYS_TIME_H
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
62 #ifdef HAVE_COPYFILE_H
74 #ifdef HAVE_LANGINFO_H
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
114 #include <TargetConditionals.h>
115 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
116 #include <quarantine.h>
117 #define HAVE_QUARANTINE 1
125 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
126 * standard tag to mark files that have been downloaded as "tainted".
127 * On Mac OS, we should mark the extracted files as tainted if the
128 * archive being read was tainted. Windows has a similar feature; we
129 * should investigate ways to support this generically. */
132 #include "archive_acl_private.h"
133 #include "archive_string.h"
134 #include "archive_endian.h"
135 #include "archive_entry.h"
136 #include "archive_private.h"
137 #include "archive_write_disk_private.h"
147 struct fixup_entry *next;
148 struct archive_acl acl;
154 unsigned long atime_nanos;
155 unsigned long birthtime_nanos;
156 unsigned long mtime_nanos;
157 unsigned long ctime_nanos;
158 unsigned long fflags_set;
159 size_t mac_metadata_size;
161 int fixup; /* bitmask of what needs fixing */
166 * We use a bitmask to track which operations remain to be done for
167 * this file. In particular, this helps us avoid unnecessary
168 * operations when it's possible to take care of one step as a
169 * side-effect of another. For example, mkdir() can specify the mode
170 * for the newly-created object but symlink() cannot. This means we
171 * can skip chmod() if mkdir() succeeded, but we must explicitly
172 * chmod() if we're trying to create a directory that already exists
173 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
174 * need to verify UID/GID before trying to restore SUID/SGID bits;
175 * that verification can occur explicitly through a stat() call or
176 * implicitly because of a successful chown() call.
178 #define TODO_MODE_FORCE 0x40000000
179 #define TODO_MODE_BASE 0x20000000
180 #define TODO_SUID 0x10000000
181 #define TODO_SUID_CHECK 0x08000000
182 #define TODO_SGID 0x04000000
183 #define TODO_SGID_CHECK 0x02000000
184 #define TODO_APPLEDOUBLE 0x01000000
185 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
186 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
187 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
188 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
189 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
190 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
191 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
192 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
194 struct archive_write_disk {
195 struct archive archive;
198 struct fixup_entry *fixup_list;
199 struct fixup_entry *current_fixup;
202 int64_t skip_file_dev;
203 int64_t skip_file_ino;
206 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
207 void (*cleanup_gid)(void *private);
208 void *lookup_gid_data;
209 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
210 void (*cleanup_uid)(void *private);
211 void *lookup_uid_data;
214 * Full path of last file to satisfy symlink checks.
216 struct archive_string path_safe;
219 * Cached stat data from disk for the current entry.
220 * If this is valid, pst points to st. Otherwise,
226 /* Information about the object being restored right now. */
227 struct archive_entry *entry; /* Entry being extracted. */
228 char *name; /* Name of entry, possibly edited. */
229 struct archive_string _name_data; /* backing store for 'name' */
230 /* Tasks remaining for this object. */
232 /* Tasks deferred until end-of-archive. */
234 /* Options requested by the client. */
236 /* Handle for the file we're restoring. */
238 /* Current offset for writing data to the file. */
240 /* Last offset actually written to disk. */
242 /* Total bytes actually written to files. */
243 int64_t total_bytes_written;
244 /* Maximum size of file, -1 if unknown. */
246 /* Dir we were in before this restore; only for deep paths. */
248 /* Mode we should use for this entry; affected by _PERM and umask. */
250 /* UID/GID to use in restoring this entry. */
256 /* Xattr "com.apple.decmpfs". */
257 uint32_t decmpfs_attr_size;
258 unsigned char *decmpfs_header_p;
259 /* ResourceFork set options used for fsetxattr. */
260 int rsrc_xattr_options;
261 /* Xattr "com.apple.ResourceFork". */
262 unsigned char *resource_fork;
263 size_t resource_fork_allocated_size;
264 unsigned int decmpfs_block_count;
265 uint32_t *decmpfs_block_info;
266 /* Buffer for compressed data. */
267 unsigned char *compressed_buffer;
268 size_t compressed_buffer_size;
269 size_t compressed_buffer_remaining;
270 /* The offset of the ResourceFork where compressed data will
272 uint32_t compressed_rsrc_position;
273 uint32_t compressed_rsrc_position_v;
274 /* Buffer for uncompressed data. */
275 char *uncompressed_buffer;
276 size_t block_remaining_bytes;
277 size_t file_remaining_bytes;
281 int decmpfs_compression_level;
286 * Default mode for dirs created automatically (will be modified by umask).
287 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
288 * by the process' file creation mask."
290 #define DEFAULT_DIR_MODE 0777
292 * Dir modes are restored in two steps: During the extraction, the permissions
293 * in the archive are modified to match the following limits. During
294 * the post-extract fixup pass, the permissions from the archive are
297 #define MINIMUM_DIR_MODE 0700
298 #define MAXIMUM_DIR_MODE 0775
301 * Maxinum uncompressed size of a decmpfs block.
303 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
305 * HFS+ compression type.
307 #define CMP_XATTR 3/* Compressed data in xattr. */
308 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
310 * HFS+ compression resource fork.
312 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
313 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
314 /* Size to write compressed data to resource fork. */
315 #define COMPRESSED_W_SIZE (64 * 1024)
316 /* decmpfs difinitions. */
317 #define MAX_DECMPFS_XATTR_SIZE 3802
318 #ifndef DECMPFS_XATTR_NAME
319 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
321 #define DECMPFS_MAGIC 0x636d7066
322 #define DECMPFS_COMPRESSION_MAGIC 0
323 #define DECMPFS_COMPRESSION_TYPE 4
324 #define DECMPFS_UNCOMPRESSED_SIZE 8
325 #define DECMPFS_HEADER_SIZE 16
327 #define HFS_BLOCKS(s) ((s) >> 12)
329 static int check_symlinks(struct archive_write_disk *);
330 static int create_filesystem_object(struct archive_write_disk *);
331 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
332 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
333 static void edit_deep_directories(struct archive_write_disk *ad);
335 static int cleanup_pathname(struct archive_write_disk *);
336 static int create_dir(struct archive_write_disk *, char *);
337 static int create_parent_dir(struct archive_write_disk *, char *);
338 static ssize_t hfs_write_data_block(struct archive_write_disk *,
339 const char *, size_t);
340 static int fixup_appledouble(struct archive_write_disk *, const char *);
341 static int older(struct stat *, struct archive_entry *);
342 static int restore_entry(struct archive_write_disk *);
343 static int set_mac_metadata(struct archive_write_disk *, const char *,
344 const void *, size_t);
345 static int set_xattrs(struct archive_write_disk *);
346 static int clear_nochange_fflags(struct archive_write_disk *);
347 static int set_fflags(struct archive_write_disk *);
348 static int set_fflags_platform(struct archive_write_disk *, int fd,
349 const char *name, mode_t mode,
350 unsigned long fflags_set, unsigned long fflags_clear);
351 static int set_ownership(struct archive_write_disk *);
352 static int set_mode(struct archive_write_disk *, int mode);
353 static int set_time(int, int, const char *, time_t, long, time_t, long);
354 static int set_times(struct archive_write_disk *, int, int, const char *,
355 time_t, long, time_t, long, time_t, long, time_t, long);
356 static int set_times_from_entry(struct archive_write_disk *);
357 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
358 static ssize_t write_data_block(struct archive_write_disk *,
359 const char *, size_t);
361 static struct archive_vtable *archive_write_disk_vtable(void);
363 static int _archive_write_disk_close(struct archive *);
364 static int _archive_write_disk_free(struct archive *);
365 static int _archive_write_disk_header(struct archive *, struct archive_entry *);
366 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
367 static int _archive_write_disk_finish_entry(struct archive *);
368 static ssize_t _archive_write_disk_data(struct archive *, const void *, size_t);
369 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, size_t, int64_t);
372 lazy_stat(struct archive_write_disk *a)
374 if (a->pst != NULL) {
375 /* Already have stat() data available. */
379 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
385 * XXX At this point, symlinks should not be hit, otherwise
386 * XXX a race occurred. Do we want to check explicitly for that?
388 if (lstat(a->name, &a->st) == 0) {
392 archive_set_error(&a->archive, errno, "Couldn't stat file");
393 return (ARCHIVE_WARN);
396 static struct archive_vtable *
397 archive_write_disk_vtable(void)
399 static struct archive_vtable av;
400 static int inited = 0;
403 av.archive_close = _archive_write_disk_close;
404 av.archive_filter_bytes = _archive_write_disk_filter_bytes;
405 av.archive_free = _archive_write_disk_free;
406 av.archive_write_header = _archive_write_disk_header;
407 av.archive_write_finish_entry
408 = _archive_write_disk_finish_entry;
409 av.archive_write_data = _archive_write_disk_data;
410 av.archive_write_data_block = _archive_write_disk_data_block;
417 _archive_write_disk_filter_bytes(struct archive *_a, int n)
419 struct archive_write_disk *a = (struct archive_write_disk *)_a;
420 (void)n; /* UNUSED */
421 if (n == -1 || n == 0)
422 return (a->total_bytes_written);
428 archive_write_disk_set_options(struct archive *_a, int flags)
430 struct archive_write_disk *a = (struct archive_write_disk *)_a;
438 * Extract this entry to disk.
440 * TODO: Validate hardlinks. According to the standards, we're
441 * supposed to check each extracted hardlink and squawk if it refers
442 * to a file that we didn't restore. I'm not entirely convinced this
443 * is a good idea, but more importantly: Is there any way to validate
444 * hardlinks without keeping a complete list of filenames from the
445 * entire archive?? Ugh.
449 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
451 struct archive_write_disk *a = (struct archive_write_disk *)_a;
452 struct fixup_entry *fe;
455 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
456 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
457 "archive_write_disk_header");
458 archive_clear_error(&a->archive);
459 if (a->archive.state & ARCHIVE_STATE_DATA) {
460 r = _archive_write_disk_finish_entry(&a->archive);
461 if (r == ARCHIVE_FATAL)
465 /* Set up for this particular entry. */
467 a->current_fixup = NULL;
470 archive_entry_free(a->entry);
473 a->entry = archive_entry_clone(entry);
478 a->uid = a->user_uid;
479 a->mode = archive_entry_mode(a->entry);
480 if (archive_entry_size_is_set(a->entry))
481 a->filesize = archive_entry_size(a->entry);
484 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
485 a->name = a->_name_data.s;
486 archive_clear_error(&a->archive);
489 * Clean up the requested path. This is necessary for correct
490 * dir restores; the dir restore logic otherwise gets messed
491 * up by nonsense like "dir/.".
493 ret = cleanup_pathname(a);
494 if (ret != ARCHIVE_OK)
498 * Query the umask so we get predictable mode settings.
499 * This gets done on every call to _write_header in case the
500 * user edits their umask during the extraction for some
503 umask(a->user_umask = umask(0));
505 /* Figure out what we need to do for this entry. */
506 a->todo = TODO_MODE_BASE;
507 if (a->flags & ARCHIVE_EXTRACT_PERM) {
508 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
510 * SGID requires an extra "check" step because we
511 * cannot easily predict the GID that the system will
512 * assign. (Different systems assign GIDs to files
513 * based on a variety of criteria, including process
514 * credentials and the gid of the enclosing
515 * directory.) We can only restore the SGID bit if
516 * the file has the right GID, and we only know the
517 * GID if we either set it (see set_ownership) or if
518 * we've actually called stat() on the file after it
519 * was restored. Since there are several places at
520 * which we might verify the GID, we need a TODO bit
523 if (a->mode & S_ISGID)
524 a->todo |= TODO_SGID | TODO_SGID_CHECK;
526 * Verifying the SUID is simpler, but can still be
527 * done in multiple ways, hence the separate "check" bit.
529 if (a->mode & S_ISUID)
530 a->todo |= TODO_SUID | TODO_SUID_CHECK;
533 * User didn't request full permissions, so don't
534 * restore SUID, SGID bits and obey umask.
539 a->mode &= ~a->user_umask;
541 if (a->flags & ARCHIVE_EXTRACT_OWNER)
542 a->todo |= TODO_OWNER;
543 if (a->flags & ARCHIVE_EXTRACT_TIME)
544 a->todo |= TODO_TIMES;
545 if (a->flags & ARCHIVE_EXTRACT_ACL) {
546 if (archive_entry_filetype(a->entry) == AE_IFDIR)
547 a->deferred |= TODO_ACLS;
549 a->todo |= TODO_ACLS;
551 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
552 if (archive_entry_filetype(a->entry) == AE_IFDIR)
553 a->deferred |= TODO_MAC_METADATA;
555 a->todo |= TODO_MAC_METADATA;
557 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
558 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
559 unsigned long set, clear;
560 archive_entry_fflags(a->entry, &set, &clear);
561 if ((set & ~clear) & UF_COMPRESSED) {
562 a->todo |= TODO_HFS_COMPRESSION;
563 a->decmpfs_block_count = (unsigned)-1;
566 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
567 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
568 a->todo |= TODO_HFS_COMPRESSION;
569 a->decmpfs_block_count = (unsigned)-1;
574 /* Check if the current file name is a type of the
575 * resource fork file. */
576 p = strrchr(a->name, '/');
581 if (p[0] == '.' && p[1] == '_') {
582 /* Do not compress "._XXX" files. */
583 a->todo &= ~TODO_HFS_COMPRESSION;
585 a->todo |= TODO_APPLEDOUBLE;
590 if (a->flags & ARCHIVE_EXTRACT_XATTR)
591 a->todo |= TODO_XATTR;
592 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
593 a->todo |= TODO_FFLAGS;
594 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
595 ret = check_symlinks(a);
596 if (ret != ARCHIVE_OK)
599 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
600 /* If path exceeds PATH_MAX, shorten the path. */
601 edit_deep_directories(a);
604 ret = restore_entry(a);
606 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
608 * Check if the filesystem the file is restoring on supports
609 * HFS+ Compression. If not, cancel HFS+ Compression.
611 if (a->todo | TODO_HFS_COMPRESSION) {
613 * NOTE: UF_COMPRESSED is ignored even if the filesystem
614 * supports HFS+ Compression because the file should
615 * have at least an extended attriute "com.apple.decmpfs"
616 * before the flag is set to indicate that the file have
617 * been compressed. If hte filesystem does not support
618 * HFS+ Compression the system call will fail.
620 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
621 a->todo &= ~TODO_HFS_COMPRESSION;
626 * TODO: There are rumours that some extended attributes must
627 * be restored before file data is written. If this is true,
628 * then we either need to write all extended attributes both
629 * before and after restoring the data, or find some rule for
630 * determining which must go first and which last. Due to the
631 * many ways people are using xattrs, this may prove to be an
632 * intractable problem.
636 /* If we changed directory above, restore it here. */
637 if (a->restore_pwd >= 0) {
638 r = fchdir(a->restore_pwd);
640 archive_set_error(&a->archive, errno, "chdir() failure");
643 close(a->restore_pwd);
649 * Fixup uses the unedited pathname from archive_entry_pathname(),
650 * because it is relative to the base dir and the edited path
651 * might be relative to some intermediate dir as a result of the
652 * deep restore logic.
654 if (a->deferred & TODO_MODE) {
655 fe = current_fixup(a, archive_entry_pathname(entry));
657 return (ARCHIVE_FATAL);
658 fe->fixup |= TODO_MODE_BASE;
662 if ((a->deferred & TODO_TIMES)
663 && (archive_entry_mtime_is_set(entry)
664 || archive_entry_atime_is_set(entry))) {
665 fe = current_fixup(a, archive_entry_pathname(entry));
667 return (ARCHIVE_FATAL);
669 fe->fixup |= TODO_TIMES;
670 if (archive_entry_atime_is_set(entry)) {
671 fe->atime = archive_entry_atime(entry);
672 fe->atime_nanos = archive_entry_atime_nsec(entry);
674 /* If atime is unset, use start time. */
675 fe->atime = a->start_time;
678 if (archive_entry_mtime_is_set(entry)) {
679 fe->mtime = archive_entry_mtime(entry);
680 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
682 /* If mtime is unset, use start time. */
683 fe->mtime = a->start_time;
686 if (archive_entry_birthtime_is_set(entry)) {
687 fe->birthtime = archive_entry_birthtime(entry);
688 fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
690 /* If birthtime is unset, use mtime. */
691 fe->birthtime = fe->mtime;
692 fe->birthtime_nanos = fe->mtime_nanos;
696 if (a->deferred & TODO_ACLS) {
697 fe = current_fixup(a, archive_entry_pathname(entry));
699 return (ARCHIVE_FATAL);
700 fe->fixup |= TODO_ACLS;
701 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
704 if (a->deferred & TODO_MAC_METADATA) {
705 const void *metadata;
706 size_t metadata_size;
707 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
708 if (metadata != NULL && metadata_size > 0) {
709 fe = current_fixup(a, archive_entry_pathname(entry));
711 return (ARCHIVE_FATAL);
712 fe->mac_metadata = malloc(metadata_size);
713 if (fe->mac_metadata != NULL) {
714 memcpy(fe->mac_metadata, metadata, metadata_size);
715 fe->mac_metadata_size = metadata_size;
716 fe->fixup |= TODO_MAC_METADATA;
721 if (a->deferred & TODO_FFLAGS) {
722 fe = current_fixup(a, archive_entry_pathname(entry));
724 return (ARCHIVE_FATAL);
725 fe->fixup |= TODO_FFLAGS;
726 /* TODO: Complete this.. defer fflags from below. */
729 /* We've created the object and are ready to pour data into it. */
730 if (ret >= ARCHIVE_WARN)
731 a->archive.state = ARCHIVE_STATE_DATA;
733 * If it's not open, tell our client not to try writing.
734 * In particular, dirs, links, etc, don't get written to.
737 archive_entry_set_size(entry, 0);
745 archive_write_disk_set_skip_file(struct archive *_a, int64_t d, int64_t i)
747 struct archive_write_disk *a = (struct archive_write_disk *)_a;
748 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
749 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
750 a->skip_file_set = 1;
751 a->skip_file_dev = d;
752 a->skip_file_ino = i;
757 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
759 uint64_t start_size = size;
760 ssize_t bytes_written = 0;
761 ssize_t block_size = 0, bytes_to_write;
766 if (a->filesize == 0 || a->fd < 0) {
767 archive_set_error(&a->archive, 0,
768 "Attempt to write to an empty file");
769 return (ARCHIVE_WARN);
772 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
773 #if HAVE_STRUCT_STAT_ST_BLKSIZE
775 if ((r = lazy_stat(a)) != ARCHIVE_OK)
777 block_size = a->pst->st_blksize;
779 /* XXX TODO XXX Is there a more appropriate choice here ? */
780 /* This needn't match the filesystem allocation size. */
781 block_size = 16*1024;
785 /* If this write would run beyond the file size, truncate it. */
786 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
787 start_size = size = (size_t)(a->filesize - a->offset);
789 /* Write the data. */
791 if (block_size == 0) {
792 bytes_to_write = size;
794 /* We're sparsifying the file. */
798 /* Skip leading zero bytes. */
799 for (p = buff, end = buff + size; p < end; ++p) {
803 a->offset += p - buff;
809 /* Calculate next block boundary after offset. */
811 = (a->offset / block_size + 1) * block_size;
813 /* If the adjusted write would cross block boundary,
814 * truncate it to the block boundary. */
815 bytes_to_write = size;
816 if (a->offset + bytes_to_write > block_end)
817 bytes_to_write = block_end - a->offset;
819 /* Seek if necessary to the specified offset. */
820 if (a->offset != a->fd_offset) {
821 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
822 archive_set_error(&a->archive, errno,
824 return (ARCHIVE_FATAL);
826 a->fd_offset = a->offset;
828 bytes_written = write(a->fd, buff, bytes_to_write);
829 if (bytes_written < 0) {
830 archive_set_error(&a->archive, errno, "Write failed");
831 return (ARCHIVE_WARN);
833 buff += bytes_written;
834 size -= bytes_written;
835 a->total_bytes_written += bytes_written;
836 a->offset += bytes_written;
837 a->fd_offset = a->offset;
839 return (start_size - size);
842 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
843 && defined(HAVE_ZLIB_H)
846 * Set UF_COMPRESSED file flag.
847 * This have to be called after hfs_write_decmpfs() because if the
848 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
851 hfs_set_compressed_fflag(struct archive_write_disk *a)
855 if ((r = lazy_stat(a)) != ARCHIVE_OK)
858 a->st.st_flags |= UF_COMPRESSED;
859 if (fchflags(a->fd, a->st.st_flags) != 0) {
860 archive_set_error(&a->archive, errno,
861 "Failed to set UF_COMPRESSED file flag");
862 return (ARCHIVE_WARN);
868 * HFS+ Compression decmpfs
870 * +------------------------------+ +0
871 * | Magic(LE 4 bytes) |
872 * +------------------------------+
873 * | Type(LE 4 bytes) |
874 * +------------------------------+
875 * | Uncompressed size(LE 8 bytes)|
876 * +------------------------------+ +16
878 * | Compressed data |
879 * | (Placed only if Type == 3) |
881 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
883 * Type is 3: decmpfs has compressed data.
884 * Type is 4: Resource Fork has compressed data.
887 * Write "com.apple.decmpfs"
890 hfs_write_decmpfs(struct archive_write_disk *a)
893 uint32_t compression_type;
895 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
896 a->decmpfs_attr_size, 0, 0);
898 archive_set_error(&a->archive, errno,
899 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
900 compression_type = archive_le32dec(
901 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
902 if (compression_type == CMP_RESOURCE_FORK)
903 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
904 XATTR_SHOWCOMPRESSION);
905 return (ARCHIVE_WARN);
911 * HFS+ Compression Resource Fork
913 * +-----------------------------+
914 * | Header(260 bytes) |
915 * +-----------------------------+
916 * | Block count(LE 4 bytes) |
917 * +-----------------------------+ --+
918 * +-- | Offset (LE 4 bytes) | |
919 * | | [distance from Block count] | | Block 0
920 * | +-----------------------------+ |
921 * | | Compressed size(LE 4 bytes) | |
922 * | +-----------------------------+ --+
924 * | | .................. |
926 * | +-----------------------------+ --+
927 * | | Offset (LE 4 bytes) | |
928 * | +-----------------------------+ | Block (Block count -1)
929 * | | Compressed size(LE 4 bytes) | |
930 * +-> +-----------------------------+ --+
931 * | Compressed data(n bytes) | Block 0
932 * +-----------------------------+
934 * | .................. |
936 * +-----------------------------+
937 * | Compressed data(n bytes) | Block (Block count -1)
938 * +-----------------------------+
939 * | Footer(50 bytes) |
940 * +-----------------------------+
944 * Write the header of "com.apple.ResourceFork"
947 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
948 size_t bytes, uint32_t position)
952 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
953 position, a->rsrc_xattr_options);
955 archive_set_error(&a->archive, errno,
956 "Cannot restore xattr: %s at %u pos %u bytes",
957 XATTR_RESOURCEFORK_NAME,
960 return (ARCHIVE_WARN);
962 a->rsrc_xattr_options &= ~XATTR_CREATE;
967 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
971 ret = hfs_write_resource_fork(a, a->compressed_buffer,
972 bytes_compressed, a->compressed_rsrc_position);
973 if (ret == ARCHIVE_OK)
974 a->compressed_rsrc_position += bytes_compressed;
979 hfs_write_resource_fork_header(struct archive_write_disk *a)
983 uint32_t rsrc_header_bytes;
986 * Write resource fork header + block info.
988 buff = a->resource_fork;
989 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
991 RSRC_H_SIZE + /* Header base size. */
992 4 + /* Block count. */
993 (a->decmpfs_block_count * 8);/* Block info */
994 archive_be32enc(buff, 0x100);
995 archive_be32enc(buff + 4, rsrc_bytes);
996 archive_be32enc(buff + 8, rsrc_bytes - 256);
997 archive_be32enc(buff + 12, 0x32);
998 memset(buff + 16, 0, 240);
999 archive_be32enc(buff + 256, rsrc_bytes - 260);
1000 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1004 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1006 static const char rsrc_footer[RSRC_F_SIZE] = {
1007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1009 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1010 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1011 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1012 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1015 if (buff_size < sizeof(rsrc_footer))
1017 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1018 return (sizeof(rsrc_footer));
1022 hfs_reset_compressor(struct archive_write_disk *a)
1026 if (a->stream_valid)
1027 ret = deflateReset(&a->stream);
1029 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1032 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1033 "Failed to initialize compressor");
1034 return (ARCHIVE_FATAL);
1036 a->stream_valid = 1;
1038 return (ARCHIVE_OK);
1042 hfs_decompress(struct archive_write_disk *a)
1044 uint32_t *block_info;
1045 unsigned int block_count;
1046 uint32_t data_pos, data_size;
1048 ssize_t bytes_written, bytes_to_write;
1051 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1052 block_count = archive_le32dec(block_info++);
1053 while (block_count--) {
1054 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1055 data_size = archive_le32dec(block_info++);
1056 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1057 a->compressed_buffer, data_size, data_pos, 0);
1058 if (r != data_size) {
1059 archive_set_error(&a->archive,
1060 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1061 "Failed to read resource fork");
1062 return (ARCHIVE_WARN);
1064 if (a->compressed_buffer[0] == 0xff) {
1065 bytes_to_write = data_size -1;
1066 b = a->compressed_buffer + 1;
1068 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1071 zr = uncompress((Bytef *)a->uncompressed_buffer,
1072 &dest_len, a->compressed_buffer, data_size);
1074 archive_set_error(&a->archive,
1076 "Failed to decompress resource fork");
1077 return (ARCHIVE_WARN);
1079 bytes_to_write = dest_len;
1080 b = (unsigned char *)a->uncompressed_buffer;
1083 bytes_written = write(a->fd, b, bytes_to_write);
1084 if (bytes_written < 0) {
1085 archive_set_error(&a->archive, errno,
1087 return (ARCHIVE_WARN);
1089 bytes_to_write -= bytes_written;
1091 } while (bytes_to_write > 0);
1093 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1095 archive_set_error(&a->archive, errno,
1096 "Failed to remove resource fork");
1097 return (ARCHIVE_WARN);
1099 return (ARCHIVE_OK);
1103 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1106 unsigned char *buffer_compressed;
1107 size_t bytes_compressed;
1111 ret = hfs_reset_compressor(a);
1112 if (ret != ARCHIVE_OK)
1115 if (a->compressed_buffer == NULL) {
1118 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1119 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1120 a->compressed_buffer = malloc(block_size);
1121 if (a->compressed_buffer == NULL) {
1122 archive_set_error(&a->archive, ENOMEM,
1123 "Can't allocate memory for Resource Fork");
1124 return (ARCHIVE_FATAL);
1126 a->compressed_buffer_size = block_size;
1127 a->compressed_buffer_remaining = block_size;
1130 buffer_compressed = a->compressed_buffer +
1131 a->compressed_buffer_size - a->compressed_buffer_remaining;
1132 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1133 a->stream.avail_in = size;
1134 a->stream.next_out = buffer_compressed;
1135 a->stream.avail_out = a->compressed_buffer_remaining;
1137 ret = deflate(&a->stream, Z_FINISH);
1143 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1144 "Failed to compress data");
1145 return (ARCHIVE_FAILED);
1147 } while (ret == Z_OK);
1148 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1151 * If the compressed size is larger than the original size,
1152 * throw away compressed data, use uncompressed data instead.
1154 if (bytes_compressed > size) {
1155 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1156 memcpy(buffer_compressed + 1, buff, size);
1157 bytes_compressed = size + 1;
1159 a->compressed_buffer_remaining -= bytes_compressed;
1162 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1163 * and the block count in the file is only one, store compressed
1164 * data to decmpfs xattr instead of the resource fork.
1166 if (a->decmpfs_block_count == 1 &&
1167 (a->decmpfs_attr_size + bytes_compressed)
1168 <= MAX_DECMPFS_XATTR_SIZE) {
1169 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1171 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1172 buffer_compressed, bytes_compressed);
1173 a->decmpfs_attr_size += bytes_compressed;
1174 a->compressed_buffer_remaining = a->compressed_buffer_size;
1176 * Finish HFS+ Compression.
1177 * - Write the decmpfs xattr.
1178 * - Set the UF_COMPRESSED file flag.
1180 ret = hfs_write_decmpfs(a);
1181 if (ret == ARCHIVE_OK)
1182 ret = hfs_set_compressed_fflag(a);
1186 /* Update block info. */
1187 archive_le32enc(a->decmpfs_block_info++,
1188 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1189 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1190 a->compressed_rsrc_position_v += bytes_compressed;
1193 * Write the compressed data to the resource fork.
1195 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1196 while (bytes_used >= COMPRESSED_W_SIZE) {
1197 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1198 if (ret != ARCHIVE_OK)
1200 bytes_used -= COMPRESSED_W_SIZE;
1201 if (bytes_used > COMPRESSED_W_SIZE)
1202 memmove(a->compressed_buffer,
1203 a->compressed_buffer + COMPRESSED_W_SIZE,
1206 memcpy(a->compressed_buffer,
1207 a->compressed_buffer + COMPRESSED_W_SIZE,
1210 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1213 * If the current block is the last block, write the remaining
1214 * compressed data and the resource fork footer.
1216 if (a->file_remaining_bytes == 0) {
1220 /* Append the resource footer. */
1221 rsrc_size = hfs_set_resource_fork_footer(
1222 a->compressed_buffer + bytes_used,
1223 a->compressed_buffer_remaining);
1224 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1225 a->compressed_buffer_remaining = a->compressed_buffer_size;
1227 /* If the compressed size is not enouph smaller than
1228 * the uncompressed size. cancel HFS+ compression.
1229 * TODO: study a behavior of ditto utility and improve
1230 * the condition to fall back into no HFS+ compression. */
1231 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1233 if (bk > HFS_BLOCKS(a->filesize))
1234 return hfs_decompress(a);
1236 * Write the resourcefork header.
1238 if (ret == ARCHIVE_OK)
1239 ret = hfs_write_resource_fork_header(a);
1241 * Finish HFS+ Compression.
1242 * - Write the decmpfs xattr.
1243 * - Set the UF_COMPRESSED file flag.
1245 if (ret == ARCHIVE_OK)
1246 ret = hfs_write_decmpfs(a);
1247 if (ret == ARCHIVE_OK)
1248 ret = hfs_set_compressed_fflag(a);
1254 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1257 const char *buffer_to_write;
1258 size_t bytes_to_write;
1261 if (a->decmpfs_block_count == (unsigned)-1) {
1264 unsigned int block_count;
1266 if (a->decmpfs_header_p == NULL) {
1267 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1268 + sizeof(uint32_t));
1269 if (new_block == NULL) {
1270 archive_set_error(&a->archive, ENOMEM,
1271 "Can't allocate memory for decmpfs");
1272 return (ARCHIVE_FATAL);
1274 a->decmpfs_header_p = new_block;
1276 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1277 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1279 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1281 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1284 /* Calculate a block count of the file. */
1286 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1287 MAX_DECMPFS_BLOCK_SIZE;
1289 * Allocate buffer for resource fork.
1290 * Set up related pointers;
1293 RSRC_H_SIZE + /* header */
1294 4 + /* Block count */
1295 (block_count * sizeof(uint32_t) * 2) +
1296 RSRC_F_SIZE; /* footer */
1297 if (new_size > a->resource_fork_allocated_size) {
1298 new_block = realloc(a->resource_fork, new_size);
1299 if (new_block == NULL) {
1300 archive_set_error(&a->archive, ENOMEM,
1301 "Can't allocate memory for ResourceFork");
1302 return (ARCHIVE_FATAL);
1304 a->resource_fork_allocated_size = new_size;
1305 a->resource_fork = new_block;
1308 /* Allocate uncompressed buffer */
1309 if (a->uncompressed_buffer == NULL) {
1310 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1311 if (new_block == NULL) {
1312 archive_set_error(&a->archive, ENOMEM,
1313 "Can't allocate memory for decmpfs");
1314 return (ARCHIVE_FATAL);
1316 a->uncompressed_buffer = new_block;
1318 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1319 a->file_remaining_bytes = a->filesize;
1320 a->compressed_buffer_remaining = a->compressed_buffer_size;
1323 * Set up a resource fork.
1325 a->rsrc_xattr_options = XATTR_CREATE;
1326 /* Get the position where we are going to set a bunch
1328 a->decmpfs_block_info =
1329 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1330 /* Set the block count to the resource fork. */
1331 archive_le32enc(a->decmpfs_block_info++, block_count);
1332 /* Get the position where we are goint to set compressed
1334 a->compressed_rsrc_position =
1335 RSRC_H_SIZE + 4 + (block_count * 8);
1336 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1337 a->decmpfs_block_count = block_count;
1340 /* Ignore redundant bytes. */
1341 if (a->file_remaining_bytes == 0)
1342 return ((ssize_t)size);
1344 /* Do not overrun a block size. */
1345 if (size > a->block_remaining_bytes)
1346 bytes_to_write = a->block_remaining_bytes;
1348 bytes_to_write = size;
1349 /* Do not overrun the file size. */
1350 if (bytes_to_write > a->file_remaining_bytes)
1351 bytes_to_write = a->file_remaining_bytes;
1353 /* For efficiency, if a copy length is full of the uncompressed
1354 * buffer size, do not copy writing data to it. */
1355 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1356 buffer_to_write = buff;
1358 memcpy(a->uncompressed_buffer +
1359 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1360 buff, bytes_to_write);
1361 buffer_to_write = a->uncompressed_buffer;
1363 a->block_remaining_bytes -= bytes_to_write;
1364 a->file_remaining_bytes -= bytes_to_write;
1366 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1367 ret = hfs_drive_compressor(a, buffer_to_write,
1368 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1371 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1373 /* Ignore redundant bytes. */
1374 if (a->file_remaining_bytes == 0)
1375 return ((ssize_t)size);
1376 return (bytes_to_write);
1380 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1383 uint64_t start_size = size;
1384 ssize_t bytes_written = 0;
1385 ssize_t bytes_to_write;
1388 return (ARCHIVE_OK);
1390 if (a->filesize == 0 || a->fd < 0) {
1391 archive_set_error(&a->archive, 0,
1392 "Attempt to write to an empty file");
1393 return (ARCHIVE_WARN);
1396 /* If this write would run beyond the file size, truncate it. */
1397 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1398 start_size = size = (size_t)(a->filesize - a->offset);
1400 /* Write the data. */
1402 bytes_to_write = size;
1403 /* Seek if necessary to the specified offset. */
1404 if (a->offset < a->fd_offset) {
1405 /* Can't support backword move. */
1406 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1408 return (ARCHIVE_FATAL);
1409 } else if (a->offset > a->fd_offset) {
1410 int64_t skip = a->offset - a->fd_offset;
1411 char nullblock[1024];
1413 memset(nullblock, 0, sizeof(nullblock));
1415 if (skip > (int64_t)sizeof(nullblock))
1416 bytes_written = hfs_write_decmpfs_block(
1417 a, nullblock, sizeof(nullblock));
1419 bytes_written = hfs_write_decmpfs_block(
1420 a, nullblock, skip);
1421 if (bytes_written < 0) {
1422 archive_set_error(&a->archive, errno,
1424 return (ARCHIVE_WARN);
1426 skip -= bytes_written;
1429 a->fd_offset = a->offset;
1432 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1433 if (bytes_written < 0)
1434 return (bytes_written);
1435 buff += bytes_written;
1436 size -= bytes_written;
1437 a->total_bytes_written += bytes_written;
1438 a->offset += bytes_written;
1439 a->fd_offset = a->offset;
1441 return (start_size - size);
1445 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1448 return (write_data_block(a, buff, size));
1453 _archive_write_disk_data_block(struct archive *_a,
1454 const void *buff, size_t size, int64_t offset)
1456 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1459 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1460 ARCHIVE_STATE_DATA, "archive_write_data_block");
1463 if (a->todo & TODO_HFS_COMPRESSION)
1464 r = hfs_write_data_block(a, buff, size);
1466 r = write_data_block(a, buff, size);
1469 if ((size_t)r < size) {
1470 archive_set_error(&a->archive, 0,
1471 "Too much data: Truncating file at %ju bytes", (uintmax_t)a->filesize);
1472 return (ARCHIVE_WARN);
1474 #if ARCHIVE_VERSION_NUMBER < 3999000
1475 return (ARCHIVE_OK);
1482 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1484 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1486 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1487 ARCHIVE_STATE_DATA, "archive_write_data");
1489 if (a->todo & TODO_HFS_COMPRESSION)
1490 return (hfs_write_data_block(a, buff, size));
1491 return (write_data_block(a, buff, size));
1495 _archive_write_disk_finish_entry(struct archive *_a)
1497 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1498 int ret = ARCHIVE_OK;
1500 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1501 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1502 "archive_write_finish_entry");
1503 if (a->archive.state & ARCHIVE_STATE_HEADER)
1504 return (ARCHIVE_OK);
1505 archive_clear_error(&a->archive);
1507 /* Pad or truncate file to the right size. */
1509 /* There's no file. */
1510 } else if (a->filesize < 0) {
1511 /* File size is unknown, so we can't set the size. */
1512 } else if (a->fd_offset == a->filesize) {
1513 /* Last write ended at exactly the filesize; we're done. */
1514 /* Hopefully, this is the common case. */
1515 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1516 } else if (a->todo & TODO_HFS_COMPRESSION) {
1520 if (a->file_remaining_bytes)
1521 memset(null_d, 0, sizeof(null_d));
1522 while (a->file_remaining_bytes) {
1523 if (a->file_remaining_bytes > sizeof(null_d))
1524 r = hfs_write_data_block(
1525 a, null_d, sizeof(null_d));
1527 r = hfs_write_data_block(
1528 a, null_d, a->file_remaining_bytes);
1535 if (ftruncate(a->fd, a->filesize) == -1 &&
1537 archive_set_error(&a->archive, errno,
1538 "File size could not be restored");
1539 return (ARCHIVE_FAILED);
1543 * Not all platforms implement the XSI option to
1544 * extend files via ftruncate. Stat() the file again
1545 * to see what happened.
1548 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1550 /* We can use lseek()/write() to extend the file if
1551 * ftruncate didn't work or isn't available. */
1552 if (a->st.st_size < a->filesize) {
1553 const char nul = '\0';
1554 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1555 archive_set_error(&a->archive, errno,
1557 return (ARCHIVE_FATAL);
1559 if (write(a->fd, &nul, 1) < 0) {
1560 archive_set_error(&a->archive, errno,
1561 "Write to restore size failed");
1562 return (ARCHIVE_FATAL);
1568 /* Restore metadata. */
1571 * This is specific to Mac OS X.
1572 * If the current file is an AppleDouble file, it should be
1573 * linked with the data fork file and remove it.
1575 if (a->todo & TODO_APPLEDOUBLE) {
1576 int r2 = fixup_appledouble(a, a->name);
1577 if (r2 == ARCHIVE_EOF) {
1578 /* The current file has been successfully linked
1579 * with the data fork file and removed. So there
1580 * is nothing to do on the current file. */
1581 goto finish_metadata;
1583 if (r2 < ret) ret = r2;
1587 * Look up the "real" UID only if we're going to need it.
1588 * TODO: the TODO_SGID condition can be dropped here, can't it?
1590 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1591 a->uid = archive_write_disk_uid(&a->archive,
1592 archive_entry_uname(a->entry),
1593 archive_entry_uid(a->entry));
1595 /* Look up the "real" GID only if we're going to need it. */
1596 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1597 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1598 a->gid = archive_write_disk_gid(&a->archive,
1599 archive_entry_gname(a->entry),
1600 archive_entry_gid(a->entry));
1604 * Restore ownership before set_mode tries to restore suid/sgid
1605 * bits. If we set the owner, we know what it is and can skip
1606 * a stat() call to examine the ownership of the file on disk.
1608 if (a->todo & TODO_OWNER) {
1609 int r2 = set_ownership(a);
1610 if (r2 < ret) ret = r2;
1614 * set_mode must precede ACLs on systems such as Solaris and
1615 * FreeBSD where setting the mode implicitly clears extended ACLs
1617 if (a->todo & TODO_MODE) {
1618 int r2 = set_mode(a, a->mode);
1619 if (r2 < ret) ret = r2;
1623 * Security-related extended attributes (such as
1624 * security.capability on Linux) have to be restored last,
1625 * since they're implicitly removed by other file changes.
1627 if (a->todo & TODO_XATTR) {
1628 int r2 = set_xattrs(a);
1629 if (r2 < ret) ret = r2;
1633 * Some flags prevent file modification; they must be restored after
1634 * file contents are written.
1636 if (a->todo & TODO_FFLAGS) {
1637 int r2 = set_fflags(a);
1638 if (r2 < ret) ret = r2;
1642 * Time must follow most other metadata;
1643 * otherwise atime will get changed.
1645 if (a->todo & TODO_TIMES) {
1646 int r2 = set_times_from_entry(a);
1647 if (r2 < ret) ret = r2;
1651 * Mac extended metadata includes ACLs.
1653 if (a->todo & TODO_MAC_METADATA) {
1654 const void *metadata;
1655 size_t metadata_size;
1656 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1657 if (metadata != NULL && metadata_size > 0) {
1658 int r2 = set_mac_metadata(a, archive_entry_pathname(
1659 a->entry), metadata, metadata_size);
1660 if (r2 < ret) ret = r2;
1665 * ACLs must be restored after timestamps because there are
1666 * ACLs that prevent attribute changes (including time).
1668 if (a->todo & TODO_ACLS) {
1669 int r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1670 archive_entry_pathname(a->entry),
1671 archive_entry_acl(a->entry));
1672 if (r2 < ret) ret = r2;
1676 /* If there's an fd, we can close it now. */
1681 /* If there's an entry, we can release it now. */
1683 archive_entry_free(a->entry);
1686 a->archive.state = ARCHIVE_STATE_HEADER;
1691 archive_write_disk_set_group_lookup(struct archive *_a,
1693 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid),
1694 void (*cleanup_gid)(void *private))
1696 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1697 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1698 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1700 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1701 (a->cleanup_gid)(a->lookup_gid_data);
1703 a->lookup_gid = lookup_gid;
1704 a->cleanup_gid = cleanup_gid;
1705 a->lookup_gid_data = private_data;
1706 return (ARCHIVE_OK);
1710 archive_write_disk_set_user_lookup(struct archive *_a,
1712 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1713 void (*cleanup_uid)(void *private))
1715 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1716 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1717 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1719 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1720 (a->cleanup_uid)(a->lookup_uid_data);
1722 a->lookup_uid = lookup_uid;
1723 a->cleanup_uid = cleanup_uid;
1724 a->lookup_uid_data = private_data;
1725 return (ARCHIVE_OK);
1729 archive_write_disk_gid(struct archive *_a, const char *name, int64_t id)
1731 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1732 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1733 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1735 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1740 archive_write_disk_uid(struct archive *_a, const char *name, int64_t id)
1742 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1743 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1744 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1746 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1751 * Create a new archive_write_disk object and initialize it with global state.
1754 archive_write_disk_new(void)
1756 struct archive_write_disk *a;
1758 a = (struct archive_write_disk *)malloc(sizeof(*a));
1761 memset(a, 0, sizeof(*a));
1762 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1763 /* We're ready to write a header immediately. */
1764 a->archive.state = ARCHIVE_STATE_HEADER;
1765 a->archive.vtable = archive_write_disk_vtable();
1766 a->start_time = time(NULL);
1767 /* Query and restore the umask. */
1768 umask(a->user_umask = umask(0));
1770 a->user_uid = geteuid();
1771 #endif /* HAVE_GETEUID */
1772 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1777 a->decmpfs_compression_level = 5;
1779 return (&a->archive);
1784 * If pathname is longer than PATH_MAX, chdir to a suitable
1785 * intermediate dir and edit the path down to a shorter suffix. Note
1786 * that this routine never returns an error; if the chdir() attempt
1787 * fails for any reason, we just go ahead with the long pathname. The
1788 * object creation is likely to fail, but any error will get handled
1791 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
1793 edit_deep_directories(struct archive_write_disk *a)
1796 char *tail = a->name;
1798 /* If path is short, avoid the open() below. */
1799 if (strlen(tail) < PATH_MAX)
1802 /* Try to record our starting dir. */
1803 a->restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
1804 __archive_ensure_cloexec_flag(a->restore_pwd);
1805 if (a->restore_pwd < 0)
1808 /* As long as the path is too long... */
1809 while (strlen(tail) >= PATH_MAX) {
1810 /* Locate a dir prefix shorter than PATH_MAX. */
1811 tail += PATH_MAX - 8;
1812 while (tail > a->name && *tail != '/')
1814 /* Exit if we find a too-long path component. */
1815 if (tail <= a->name)
1817 /* Create the intermediate dir and chdir to it. */
1818 *tail = '\0'; /* Terminate dir portion */
1819 ret = create_dir(a, a->name);
1820 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
1821 ret = ARCHIVE_FAILED;
1822 *tail = '/'; /* Restore the / we removed. */
1823 if (ret != ARCHIVE_OK)
1826 /* The chdir() succeeded; we've now shortened the path. */
1834 * The main restore function.
1837 restore_entry(struct archive_write_disk *a)
1839 int ret = ARCHIVE_OK, en;
1841 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
1843 * TODO: Fix this. Apparently, there are platforms
1844 * that still allow root to hose the entire filesystem
1845 * by unlinking a dir. The S_ISDIR() test above
1846 * prevents us from using unlink() here if the new
1847 * object is a dir, but that doesn't mean the old
1848 * object isn't a dir.
1850 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
1851 (void)clear_nochange_fflags(a);
1852 if (unlink(a->name) == 0) {
1853 /* We removed it, reset cached stat. */
1855 } else if (errno == ENOENT) {
1856 /* File didn't exist, that's just as good. */
1857 } else if (rmdir(a->name) == 0) {
1858 /* It was a dir, but now it's gone. */
1861 /* We tried, but couldn't get rid of it. */
1862 archive_set_error(&a->archive, errno,
1863 "Could not unlink");
1864 return(ARCHIVE_FAILED);
1868 /* Try creating it first; if this fails, we'll try to recover. */
1869 en = create_filesystem_object(a);
1871 if ((en == ENOTDIR || en == ENOENT)
1872 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
1873 /* If the parent dir doesn't exist, try creating it. */
1874 create_parent_dir(a, a->name);
1875 /* Now try to create the object again. */
1876 en = create_filesystem_object(a);
1879 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) {
1880 archive_set_error(&a->archive, en,
1881 "Hard-link target '%s' does not exist.",
1882 archive_entry_hardlink(a->entry));
1883 return (ARCHIVE_FAILED);
1886 if ((en == EISDIR || en == EEXIST)
1887 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1888 /* If we're not overwriting, we're done. */
1889 archive_entry_unset_size(a->entry);
1890 return (ARCHIVE_OK);
1894 * Some platforms return EISDIR if you call
1895 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
1896 * return EEXIST. POSIX is ambiguous, requiring EISDIR
1897 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
1898 * on an existing item.
1901 /* A dir is in the way of a non-dir, rmdir it. */
1902 if (rmdir(a->name) != 0) {
1903 archive_set_error(&a->archive, errno,
1904 "Can't remove already-existing dir");
1905 return (ARCHIVE_FAILED);
1909 en = create_filesystem_object(a);
1910 } else if (en == EEXIST) {
1912 * We know something is in the way, but we don't know what;
1913 * we need to find out before we go any further.
1917 * The SECURE_SYMLINKS logic has already removed a
1918 * symlink to a dir if the client wants that. So
1919 * follow the symlink if we're creating a dir.
1921 if (S_ISDIR(a->mode))
1922 r = stat(a->name, &a->st);
1924 * If it's not a dir (or it's a broken symlink),
1925 * then don't follow it.
1927 if (r != 0 || !S_ISDIR(a->mode))
1928 r = lstat(a->name, &a->st);
1930 archive_set_error(&a->archive, errno,
1931 "Can't stat existing object");
1932 return (ARCHIVE_FAILED);
1936 * NO_OVERWRITE_NEWER doesn't apply to directories.
1938 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
1939 && !S_ISDIR(a->st.st_mode)) {
1940 if (!older(&(a->st), a->entry)) {
1941 archive_entry_unset_size(a->entry);
1942 return (ARCHIVE_OK);
1946 /* If it's our archive, we're done. */
1947 if (a->skip_file_set &&
1948 a->st.st_dev == (dev_t)a->skip_file_dev &&
1949 a->st.st_ino == (ino_t)a->skip_file_ino) {
1950 archive_set_error(&a->archive, 0,
1951 "Refusing to overwrite archive");
1952 return (ARCHIVE_FAILED);
1955 if (!S_ISDIR(a->st.st_mode)) {
1956 /* A non-dir is in the way, unlink it. */
1957 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
1958 (void)clear_nochange_fflags(a);
1959 if (unlink(a->name) != 0) {
1960 archive_set_error(&a->archive, errno,
1961 "Can't unlink already-existing object");
1962 return (ARCHIVE_FAILED);
1966 en = create_filesystem_object(a);
1967 } else if (!S_ISDIR(a->mode)) {
1968 /* A dir is in the way of a non-dir, rmdir it. */
1969 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
1970 (void)clear_nochange_fflags(a);
1971 if (rmdir(a->name) != 0) {
1972 archive_set_error(&a->archive, errno,
1973 "Can't replace existing directory with non-directory");
1974 return (ARCHIVE_FAILED);
1977 en = create_filesystem_object(a);
1980 * There's a dir in the way of a dir. Don't
1981 * waste time with rmdir()/mkdir(), just fix
1982 * up the permissions on the existing dir.
1983 * Note that we don't change perms on existing
1984 * dirs unless _EXTRACT_PERM is specified.
1986 if ((a->mode != a->st.st_mode)
1987 && (a->todo & TODO_MODE_FORCE))
1988 a->deferred |= (a->todo & TODO_MODE);
1989 /* Ownership doesn't need deferred fixup. */
1990 en = 0; /* Forget the EEXIST. */
1995 /* Everything failed; give up here. */
1996 archive_set_error(&a->archive, en, "Can't create '%s'",
1998 return (ARCHIVE_FAILED);
2001 a->pst = NULL; /* Cached stat data no longer valid. */
2006 * Returns 0 if creation succeeds, or else returns errno value from
2007 * the failed system call. Note: This function should only ever perform
2008 * a single system call.
2011 create_filesystem_object(struct archive_write_disk *a)
2013 /* Create the entry. */
2014 const char *linkname;
2015 mode_t final_mode, mode;
2018 /* We identify hard/symlinks according to the link names. */
2019 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2020 linkname = archive_entry_hardlink(a->entry);
2021 if (linkname != NULL) {
2025 r = link(linkname, a->name) ? errno : 0;
2027 * New cpio and pax formats allow hardlink entries
2028 * to carry data, so we may have to open the file
2029 * for hardlink entries.
2031 * If the hardlink was successfully created and
2032 * the archive doesn't have carry data for it,
2033 * consider it to be non-authoritative for meta data.
2034 * This is consistent with GNU tar and BSD pax.
2035 * If the hardlink does carry data, let the last
2036 * archive entry decide ownership.
2038 if (r == 0 && a->filesize <= 0) {
2041 } else if (r == 0 && a->filesize > 0) {
2042 a->fd = open(a->name,
2043 O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
2044 __archive_ensure_cloexec_flag(a->fd);
2051 linkname = archive_entry_symlink(a->entry);
2052 if (linkname != NULL) {
2054 return symlink(linkname, a->name) ? errno : 0;
2061 * The remaining system calls all set permissions, so let's
2062 * try to take advantage of that to avoid an extra chmod()
2063 * call. (Recall that umask is set to zero right now!)
2066 /* Mode we want for the final restored object (w/o file type bits). */
2067 final_mode = a->mode & 07777;
2069 * The mode that will actually be restored in this step. Note
2070 * that SUID, SGID, etc, require additional work to ensure
2071 * security, so we never restore them at this point.
2073 mode = final_mode & 0777 & ~a->user_umask;
2075 switch (a->mode & AE_IFMT) {
2077 /* POSIX requires that we fall through here. */
2080 a->fd = open(a->name,
2081 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2082 __archive_ensure_cloexec_flag(a->fd);
2087 /* Note: we use AE_IFCHR for the case label, and
2088 * S_IFCHR for the mknod() call. This is correct. */
2089 r = mknod(a->name, mode | S_IFCHR,
2090 archive_entry_rdev(a->entry));
2093 /* TODO: Find a better way to warn about our inability
2094 * to restore a char device node. */
2096 #endif /* HAVE_MKNOD */
2099 r = mknod(a->name, mode | S_IFBLK,
2100 archive_entry_rdev(a->entry));
2103 /* TODO: Find a better way to warn about our inability
2104 * to restore a block device node. */
2106 #endif /* HAVE_MKNOD */
2108 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2109 r = mkdir(a->name, mode);
2111 /* Defer setting dir times. */
2112 a->deferred |= (a->todo & TODO_TIMES);
2113 a->todo &= ~TODO_TIMES;
2114 /* Never use an immediate chmod(). */
2115 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2116 * because of SysV SGID inheritance. */
2117 if ((mode != final_mode)
2118 || (a->flags & ARCHIVE_EXTRACT_PERM))
2119 a->deferred |= (a->todo & TODO_MODE);
2120 a->todo &= ~TODO_MODE;
2125 r = mkfifo(a->name, mode);
2128 /* TODO: Find a better way to warn about our inability
2129 * to restore a fifo. */
2131 #endif /* HAVE_MKFIFO */
2134 /* All the system calls above set errno on failure. */
2138 /* If we managed to set the final mode, we've avoided a chmod(). */
2139 if (mode == final_mode)
2140 a->todo &= ~TODO_MODE;
2145 * Cleanup function for archive_extract. Mostly, this involves processing
2146 * the fixup list, which is used to address a number of problems:
2147 * * Dir permissions might prevent us from restoring a file in that
2148 * dir, so we restore the dir with minimum 0700 permissions first,
2149 * then correct the mode at the end.
2150 * * Similarly, the act of restoring a file touches the directory
2151 * and changes the timestamp on the dir, so we have to touch-up dir
2152 * timestamps at the end as well.
2153 * * Some file flags can interfere with the restore by, for example,
2154 * preventing the creation of hardlinks to those files.
2155 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2157 * Note that tar/cpio do not require that archives be in a particular
2158 * order; there is no way to know when the last file has been restored
2159 * within a directory, so there's no way to optimize the memory usage
2160 * here by fixing up the directory any earlier than the
2163 * XXX TODO: Directory ACLs should be restored here, for the same
2164 * reason we set directory perms here. XXX
2167 _archive_write_disk_close(struct archive *_a)
2169 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2170 struct fixup_entry *next, *p;
2173 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2174 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2175 "archive_write_disk_close");
2176 ret = _archive_write_disk_finish_entry(&a->archive);
2178 /* Sort dir list so directories are fixed up in depth-first order. */
2179 p = sort_dir_list(a->fixup_list);
2182 a->pst = NULL; /* Mark stat cache as out-of-date. */
2183 if (p->fixup & TODO_TIMES) {
2184 set_times(a, -1, p->mode, p->name,
2185 p->atime, p->atime_nanos,
2186 p->birthtime, p->birthtime_nanos,
2187 p->mtime, p->mtime_nanos,
2188 p->ctime, p->ctime_nanos);
2190 if (p->fixup & TODO_MODE_BASE)
2191 chmod(p->name, p->mode);
2192 if (p->fixup & TODO_ACLS)
2193 archive_write_disk_set_acls(&a->archive,
2194 -1, p->name, &p->acl);
2195 if (p->fixup & TODO_FFLAGS)
2196 set_fflags_platform(a, -1, p->name,
2197 p->mode, p->fflags_set, 0);
2198 if (p->fixup & TODO_MAC_METADATA)
2199 set_mac_metadata(a, p->name, p->mac_metadata,
2200 p->mac_metadata_size);
2202 archive_acl_clear(&p->acl);
2203 free(p->mac_metadata);
2208 a->fixup_list = NULL;
2213 _archive_write_disk_free(struct archive *_a)
2215 struct archive_write_disk *a;
2218 return (ARCHIVE_OK);
2219 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2220 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2221 a = (struct archive_write_disk *)_a;
2222 ret = _archive_write_disk_close(&a->archive);
2223 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2224 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2226 archive_entry_free(a->entry);
2227 archive_string_free(&a->_name_data);
2228 archive_string_free(&a->archive.error_string);
2229 archive_string_free(&a->path_safe);
2230 a->archive.magic = 0;
2231 __archive_clean(&a->archive);
2232 free(a->decmpfs_header_p);
2233 free(a->resource_fork);
2234 free(a->compressed_buffer);
2235 free(a->uncompressed_buffer);
2236 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
2237 && defined(HAVE_ZLIB_H)
2238 if (a->stream_valid) {
2239 switch (deflateEnd(&a->stream)) {
2243 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2244 "Failed to clean up compressor");
2245 ret = ARCHIVE_FATAL;
2255 * Simple O(n log n) merge sort to order the fixup list. In
2256 * particular, we want to restore dir timestamps depth-first.
2258 static struct fixup_entry *
2259 sort_dir_list(struct fixup_entry *p)
2261 struct fixup_entry *a, *b, *t;
2265 /* A one-item list is already sorted. */
2266 if (p->next == NULL)
2269 /* Step 1: split the list. */
2273 /* Step a twice, t once. */
2279 /* Now, t is at the mid-point, so break the list here. */
2284 /* Step 2: Recursively sort the two sub-lists. */
2285 a = sort_dir_list(a);
2286 b = sort_dir_list(b);
2288 /* Step 3: Merge the returned lists. */
2289 /* Pick the first element for the merged list. */
2290 if (strcmp(a->name, b->name) > 0) {
2298 /* Always put the later element on the list first. */
2299 while (a != NULL && b != NULL) {
2300 if (strcmp(a->name, b->name) > 0) {
2310 /* Only one list is non-empty, so just splice it on. */
2320 * Returns a new, initialized fixup entry.
2322 * TODO: Reduce the memory requirements for this list by using a tree
2323 * structure rather than a simple list of names.
2325 static struct fixup_entry *
2326 new_fixup(struct archive_write_disk *a, const char *pathname)
2328 struct fixup_entry *fe;
2330 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2332 archive_set_error(&a->archive, ENOMEM,
2333 "Can't allocate memory for a fixup");
2336 fe->next = a->fixup_list;
2339 fe->name = strdup(pathname);
2344 * Returns a fixup structure for the current entry.
2346 static struct fixup_entry *
2347 current_fixup(struct archive_write_disk *a, const char *pathname)
2349 if (a->current_fixup == NULL)
2350 a->current_fixup = new_fixup(a, pathname);
2351 return (a->current_fixup);
2354 /* TODO: Make this work. */
2356 * TODO: The deep-directory support bypasses this; disable deep directory
2357 * support if we're doing symlink checks.
2360 * TODO: Someday, integrate this with the deep dir support; they both
2361 * scan the path and both can be optimized by comparing against other
2364 /* TODO: Extend this to support symlinks on Windows Vista and later. */
2366 check_symlinks(struct archive_write_disk *a)
2368 #if !defined(HAVE_LSTAT)
2369 /* Platform doesn't have lstat, so we can't look for symlinks. */
2370 (void)a; /* UNUSED */
2371 return (ARCHIVE_OK);
2379 * Guard against symlink tricks. Reject any archive entry whose
2380 * destination would be altered by a symlink.
2382 /* Whatever we checked last time doesn't need to be re-checked. */
2384 if (archive_strlen(&(a->path_safe)) > 0) {
2385 char *p = a->path_safe.s;
2386 while ((*pn != '\0') && (*p == *pn))
2389 /* Skip the root directory if the path is absolute. */
2390 if(pn == a->name && pn[0] == '/')
2393 /* Keep going until we've checked the entire name. */
2394 while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
2395 /* Skip the next path element. */
2396 while (*pn != '\0' && *pn != '/')
2400 /* Check that we haven't hit a symlink. */
2401 r = lstat(a->name, &st);
2403 /* We've hit a dir that doesn't exist; stop now. */
2404 if (errno == ENOENT) {
2407 /* Note: This effectively disables deep directory
2408 * support when security checks are enabled.
2409 * Otherwise, very long pathnames that trigger
2410 * an error here could evade the sandbox.
2411 * TODO: We could do better, but it would probably
2412 * require merging the symlink checks with the
2413 * deep-directory editing. */
2414 return (ARCHIVE_FAILED);
2416 } else if (S_ISLNK(st.st_mode)) {
2419 * Last element is symlink; remove it
2420 * so we can overwrite it with the
2421 * item being extracted.
2423 if (unlink(a->name)) {
2424 archive_set_error(&a->archive, errno,
2425 "Could not remove symlink %s",
2428 return (ARCHIVE_FAILED);
2432 * Even if we did remove it, a warning
2433 * is in order. The warning is silly,
2434 * though, if we're just replacing one
2435 * symlink with another symlink.
2437 if (!S_ISLNK(a->mode)) {
2438 archive_set_error(&a->archive, 0,
2439 "Removing symlink %s",
2442 /* Symlink gone. No more problem! */
2445 } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
2446 /* User asked us to remove problems. */
2447 if (unlink(a->name) != 0) {
2448 archive_set_error(&a->archive, 0,
2449 "Cannot remove intervening symlink %s",
2452 return (ARCHIVE_FAILED);
2456 archive_set_error(&a->archive, 0,
2457 "Cannot extract through symlink %s",
2460 return (ARCHIVE_FAILED);
2465 pn++; /* Advance to the next segment. */
2468 /* We've checked and/or cleaned the whole path, so remember it. */
2469 archive_strcpy(&a->path_safe, a->name);
2470 return (ARCHIVE_OK);
2474 #if defined(__CYGWIN__)
2476 * 1. Convert a path separator from '\' to '/' .
2477 * We shouldn't check multibyte character directly because some
2478 * character-set have been using the '\' character for a part of
2479 * its multibyte character code.
2480 * 2. Replace unusable characters in Windows with underscore('_').
2481 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
2484 cleanup_pathname_win(struct archive_write_disk *a)
2489 int mb, complete, utf8;
2494 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
2495 for (p = a->name; *p != '\0'; p++) {
2498 /* If previous byte is smaller than 128,
2499 * this is not second byte of multibyte characters,
2500 * so we can replace '\' with '/'. */
2504 complete = 0;/* uncompleted. */
2505 } else if (*(unsigned char *)p > 127)
2509 /* Rewrite the path name if its next character is unusable. */
2510 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
2511 *p == '<' || *p == '>' || *p == '|')
2518 * Convert path separator in wide-character.
2521 while (*p != '\0' && alen) {
2522 l = mbtowc(&wc, p, alen);
2523 if (l == (size_t)-1) {
2524 while (*p != '\0') {
2531 if (l == 1 && wc == L'\\')
2540 * Canonicalize the pathname. In particular, this strips duplicate
2541 * '/' characters, '.' elements, and trailing '/'. It also raises an
2542 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
2543 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
2544 * is set) if the path is absolute.
2547 cleanup_pathname(struct archive_write_disk *a)
2550 char separator = '\0';
2552 dest = src = a->name;
2554 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2555 "Invalid empty pathname");
2556 return (ARCHIVE_FAILED);
2559 #if defined(__CYGWIN__)
2560 cleanup_pathname_win(a);
2562 /* Skip leading '/'. */
2564 if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
2565 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2566 "Path is absolute");
2567 return (ARCHIVE_FAILED);
2573 /* Scan the pathname one element at a time. */
2575 /* src points to first char after '/' */
2576 if (src[0] == '\0') {
2578 } else if (src[0] == '/') {
2579 /* Found '//', ignore second one. */
2582 } else if (src[0] == '.') {
2583 if (src[1] == '\0') {
2584 /* Ignore trailing '.' */
2586 } else if (src[1] == '/') {
2590 } else if (src[1] == '.') {
2591 if (src[2] == '/' || src[2] == '\0') {
2592 /* Conditionally warn about '..' */
2593 if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
2594 archive_set_error(&a->archive,
2596 "Path contains '..'");
2597 return (ARCHIVE_FAILED);
2601 * Note: Under no circumstances do we
2602 * remove '..' elements. In
2603 * particular, restoring
2604 * '/foo/../bar/' should create the
2605 * 'foo' dir as a side-effect.
2610 /* Copy current element, including leading '/'. */
2613 while (*src != '\0' && *src != '/') {
2620 /* Skip '/' separator. */
2624 * We've just copied zero or more path elements, not including the
2627 if (dest == a->name) {
2629 * Nothing got copied. The path must have been something
2630 * like '.' or '/' or './' or '/././././/./'.
2637 /* Terminate the result. */
2639 return (ARCHIVE_OK);
2643 * Create the parent directory of the specified path, assuming path
2644 * is already in mutable storage.
2647 create_parent_dir(struct archive_write_disk *a, char *path)
2652 /* Remove tail element to obtain parent name. */
2653 slash = strrchr(path, '/');
2655 return (ARCHIVE_OK);
2657 r = create_dir(a, path);
2663 * Create the specified dir, recursing to create parents as necessary.
2665 * Returns ARCHIVE_OK if the path exists when we're done here.
2666 * Otherwise, returns ARCHIVE_FAILED.
2667 * Assumes path is in mutable storage; path is unchanged on exit.
2670 create_dir(struct archive_write_disk *a, char *path)
2673 struct fixup_entry *le;
2675 mode_t mode_final, mode;
2678 /* Check for special names and just skip them. */
2679 slash = strrchr(path, '/');
2685 if (base[0] == '\0' ||
2686 (base[0] == '.' && base[1] == '\0') ||
2687 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
2688 /* Don't bother trying to create null path, '.', or '..'. */
2689 if (slash != NULL) {
2691 r = create_dir(a, path);
2695 return (ARCHIVE_OK);
2699 * Yes, this should be stat() and not lstat(). Using lstat()
2700 * here loses the ability to extract through symlinks. Also note
2701 * that this should not use the a->st cache.
2703 if (stat(path, &st) == 0) {
2704 if (S_ISDIR(st.st_mode))
2705 return (ARCHIVE_OK);
2706 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2707 archive_set_error(&a->archive, EEXIST,
2708 "Can't create directory '%s'", path);
2709 return (ARCHIVE_FAILED);
2711 if (unlink(path) != 0) {
2712 archive_set_error(&a->archive, errno,
2713 "Can't create directory '%s': "
2714 "Conflicting file cannot be removed",
2716 return (ARCHIVE_FAILED);
2718 } else if (errno != ENOENT && errno != ENOTDIR) {
2720 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
2721 return (ARCHIVE_FAILED);
2722 } else if (slash != NULL) {
2724 r = create_dir(a, path);
2726 if (r != ARCHIVE_OK)
2731 * Mode we want for the final restored directory. Per POSIX,
2732 * implicitly-created dirs must be created obeying the umask.
2733 * There's no mention whether this is different for privileged
2734 * restores (which the rest of this code handles by pretending
2735 * umask=0). I've chosen here to always obey the user's umask for
2736 * implicit dirs, even if _EXTRACT_PERM was specified.
2738 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
2739 /* Mode we want on disk during the restore process. */
2741 mode |= MINIMUM_DIR_MODE;
2742 mode &= MAXIMUM_DIR_MODE;
2743 if (mkdir(path, mode) == 0) {
2744 if (mode != mode_final) {
2745 le = new_fixup(a, path);
2747 return (ARCHIVE_FATAL);
2748 le->fixup |=TODO_MODE_BASE;
2749 le->mode = mode_final;
2751 return (ARCHIVE_OK);
2755 * Without the following check, a/b/../b/c/d fails at the
2756 * second visit to 'b', so 'd' can't be created. Note that we
2757 * don't add it to the fixup list here, as it's already been
2760 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
2761 return (ARCHIVE_OK);
2763 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
2765 return (ARCHIVE_FAILED);
2769 * Note: Although we can skip setting the user id if the desired user
2770 * id matches the current user, we cannot skip setting the group, as
2771 * many systems set the gid based on the containing directory. So
2772 * we have to perform a chown syscall if we want to set the SGID
2773 * bit. (The alternative is to stat() and then possibly chown(); it's
2774 * more efficient to skip the stat() and just always chown().) Note
2775 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
2776 * allows set_mode to skip the stat() check for the GID.
2779 set_ownership(struct archive_write_disk *a)
2782 /* unfortunately, on win32 there is no 'root' user with uid 0,
2783 so we just have to try the chown and see if it works */
2785 /* If we know we can't change it, don't bother trying. */
2786 if (a->user_uid != 0 && a->user_uid != a->uid) {
2787 archive_set_error(&a->archive, errno,
2788 "Can't set UID=%jd", (intmax_t)a->uid);
2789 return (ARCHIVE_WARN);
2794 /* If we have an fd, we can avoid a race. */
2795 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
2796 /* We've set owner and know uid/gid are correct. */
2797 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2798 return (ARCHIVE_OK);
2802 /* We prefer lchown() but will use chown() if that's all we have. */
2803 /* Of course, if we have neither, this will always fail. */
2805 if (lchown(a->name, a->uid, a->gid) == 0) {
2806 /* We've set owner and know uid/gid are correct. */
2807 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2808 return (ARCHIVE_OK);
2811 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
2812 /* We've set owner and know uid/gid are correct. */
2813 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2814 return (ARCHIVE_OK);
2818 archive_set_error(&a->archive, errno,
2819 "Can't set user=%jd/group=%jd for %s",
2820 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
2821 return (ARCHIVE_WARN);
2825 * Note: Returns 0 on success, non-zero on failure.
2828 set_time(int fd, int mode, const char *name,
2829 time_t atime, long atime_nsec,
2830 time_t mtime, long mtime_nsec)
2832 /* Select the best implementation for this platform. */
2833 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
2835 * utimensat() and futimens() are defined in
2836 * POSIX.1-2008. They support ns resolution and setting times
2837 * on fds and symlinks.
2839 struct timespec ts[2];
2840 (void)mode; /* UNUSED */
2841 ts[0].tv_sec = atime;
2842 ts[0].tv_nsec = atime_nsec;
2843 ts[1].tv_sec = mtime;
2844 ts[1].tv_nsec = mtime_nsec;
2846 return futimens(fd, ts);
2847 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
2851 * The utimes()-family functions support µs-resolution and
2852 * setting times fds and symlinks. utimes() is documented as
2853 * LEGACY by POSIX, futimes() and lutimes() are not described
2856 struct timeval times[2];
2858 times[0].tv_sec = atime;
2859 times[0].tv_usec = atime_nsec / 1000;
2860 times[1].tv_sec = mtime;
2861 times[1].tv_usec = mtime_nsec / 1000;
2865 return (futimes(fd, times));
2867 (void)fd; /* UNUSED */
2870 (void)mode; /* UNUSED */
2871 return (lutimes(name, times));
2875 return (utimes(name, times));
2878 #elif defined(HAVE_UTIME)
2880 * utime() is POSIX-standard but only supports 1s resolution and
2881 * does not support fds or symlinks.
2883 struct utimbuf times;
2884 (void)fd; /* UNUSED */
2885 (void)name; /* UNUSED */
2886 (void)atime_nsec; /* UNUSED */
2887 (void)mtime_nsec; /* UNUSED */
2888 times.actime = atime;
2889 times.modtime = mtime;
2891 return (ARCHIVE_OK);
2892 return (utime(name, ×));
2896 * We don't know how to set the time on this platform.
2898 (void)fd; /* UNUSED */
2899 (void)mode; /* UNUSED */
2900 (void)name; /* UNUSED */
2901 (void)atime_nsec; /* UNUSED */
2902 (void)mtime_nsec; /* UNUSED */
2903 return (ARCHIVE_WARN);
2909 set_time_tru64(int fd, int mode, const char *name,
2910 time_t atime, long atime_nsec,
2911 time_t mtime, long mtime_nsec,
2912 time_t ctime, long ctime_nsec)
2914 struct attr_timbuf tstamp;
2915 tstamp.atime.tv_sec = atime;
2916 tstamp.mtime.tv_sec = mtime;
2917 tstamp.ctime.tv_sec = ctime;
2918 #if defined (__hpux) && defined (__ia64)
2919 tstamp.atime.tv_nsec = atime_nsec;
2920 tstamp.mtime.tv_nsec = mtime_nsec;
2921 tstamp.ctime.tv_nsec = ctime_nsec;
2923 tstamp.atime.tv_usec = atime_nsec / 1000;
2924 tstamp.mtime.tv_usec = mtime_nsec / 1000;
2925 tstamp.ctime.tv_usec = ctime_nsec / 1000;
2927 return (fcntl(fd,F_SETTIMES,&tstamp));
2929 #endif /* F_SETTIMES */
2932 set_times(struct archive_write_disk *a,
2933 int fd, int mode, const char *name,
2934 time_t atime, long atime_nanos,
2935 time_t birthtime, long birthtime_nanos,
2936 time_t mtime, long mtime_nanos,
2937 time_t cctime, long ctime_nanos)
2939 /* Note: set_time doesn't use libarchive return conventions!
2940 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
2945 * on Tru64 try own fcntl first which can restore even the
2946 * ctime, fall back to default code path below if it fails
2947 * or if we are not running as root
2949 if (a->user_uid == 0 &&
2950 set_time_tru64(fd, mode, name,
2951 atime, atime_nanos, mtime,
2952 mtime_nanos, cctime, ctime_nanos) == 0) {
2953 return (ARCHIVE_OK);
2956 (void)cctime; /* UNUSED */
2957 (void)ctime_nanos; /* UNUSED */
2960 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
2962 * If you have struct stat.st_birthtime, we assume BSD
2963 * birthtime semantics, in which {f,l,}utimes() updates
2964 * birthtime to earliest mtime. So we set the time twice,
2965 * first using the birthtime, then using the mtime. If
2966 * birthtime == mtime, this isn't necessary, so we skip it.
2967 * If birthtime > mtime, then this won't work, so we skip it.
2969 if (birthtime < mtime
2970 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
2971 r1 = set_time(fd, mode, name,
2973 birthtime, birthtime_nanos);
2975 (void)birthtime; /* UNUSED */
2976 (void)birthtime_nanos; /* UNUSED */
2978 r2 = set_time(fd, mode, name,
2980 mtime, mtime_nanos);
2981 if (r1 != 0 || r2 != 0) {
2982 archive_set_error(&a->archive, errno,
2983 "Can't restore time");
2984 return (ARCHIVE_WARN);
2986 return (ARCHIVE_OK);
2990 set_times_from_entry(struct archive_write_disk *a)
2992 time_t atime, birthtime, mtime, cctime;
2993 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
2995 /* Suitable defaults. */
2996 atime = birthtime = mtime = cctime = a->start_time;
2997 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
2999 /* If no time was provided, we're done. */
3000 if (!archive_entry_atime_is_set(a->entry)
3001 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
3002 && !archive_entry_birthtime_is_set(a->entry)
3004 && !archive_entry_mtime_is_set(a->entry))
3005 return (ARCHIVE_OK);
3007 if (archive_entry_atime_is_set(a->entry)) {
3008 atime = archive_entry_atime(a->entry);
3009 atime_nsec = archive_entry_atime_nsec(a->entry);
3011 if (archive_entry_birthtime_is_set(a->entry)) {
3012 birthtime = archive_entry_birthtime(a->entry);
3013 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
3015 if (archive_entry_mtime_is_set(a->entry)) {
3016 mtime = archive_entry_mtime(a->entry);
3017 mtime_nsec = archive_entry_mtime_nsec(a->entry);
3019 if (archive_entry_ctime_is_set(a->entry)) {
3020 cctime = archive_entry_ctime(a->entry);
3021 ctime_nsec = archive_entry_ctime_nsec(a->entry);
3024 return set_times(a, a->fd, a->mode, a->name,
3026 birthtime, birthtime_nsec,
3028 cctime, ctime_nsec);
3032 set_mode(struct archive_write_disk *a, int mode)
3035 mode &= 07777; /* Strip off file type bits. */
3037 if (a->todo & TODO_SGID_CHECK) {
3039 * If we don't know the GID is right, we must stat()
3040 * to verify it. We can't just check the GID of this
3041 * process, since systems sometimes set GID from
3042 * the enclosing dir or based on ACLs.
3044 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3046 if (a->pst->st_gid != a->gid) {
3048 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3050 * This is only an error if you
3051 * requested owner restore. If you
3052 * didn't, we'll try to restore
3053 * sgid/suid, but won't consider it a
3054 * problem if we can't.
3056 archive_set_error(&a->archive, -1,
3057 "Can't restore SGID bit");
3061 /* While we're here, double-check the UID. */
3062 if (a->pst->st_uid != a->uid
3063 && (a->todo & TODO_SUID)) {
3065 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3066 archive_set_error(&a->archive, -1,
3067 "Can't restore SUID bit");
3071 a->todo &= ~TODO_SGID_CHECK;
3072 a->todo &= ~TODO_SUID_CHECK;
3073 } else if (a->todo & TODO_SUID_CHECK) {
3075 * If we don't know the UID is right, we can just check
3076 * the user, since all systems set the file UID from
3079 if (a->user_uid != a->uid) {
3081 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3082 archive_set_error(&a->archive, -1,
3083 "Can't make file SUID");
3087 a->todo &= ~TODO_SUID_CHECK;
3090 if (S_ISLNK(a->mode)) {
3093 * If this is a symlink, use lchmod(). If the
3094 * platform doesn't support lchmod(), just skip it. A
3095 * platform that doesn't provide a way to set
3096 * permissions on symlinks probably ignores
3097 * permissions on symlinks, so a failure here has no
3100 if (lchmod(a->name, mode) != 0) {
3104 #if ENOTSUP != EOPNOTSUPP
3108 * if lchmod is defined but the platform
3109 * doesn't support it, silently ignore
3114 archive_set_error(&a->archive, errno,
3115 "Can't set permissions to 0%o", (int)mode);
3120 } else if (!S_ISDIR(a->mode)) {
3122 * If it's not a symlink and not a dir, then use
3123 * fchmod() or chmod(), depending on whether we have
3124 * an fd. Dirs get their perms set during the
3125 * post-extract fixup, which is handled elsewhere.
3129 if (fchmod(a->fd, mode) != 0) {
3130 archive_set_error(&a->archive, errno,
3131 "Can't set permissions to 0%o", (int)mode);
3136 /* If this platform lacks fchmod(), then
3137 * we'll just use chmod(). */
3138 if (chmod(a->name, mode) != 0) {
3139 archive_set_error(&a->archive, errno,
3140 "Can't set permissions to 0%o", (int)mode);
3148 set_fflags(struct archive_write_disk *a)
3150 struct fixup_entry *le;
3151 unsigned long set, clear;
3154 mode_t mode = archive_entry_mode(a->entry);
3157 * Make 'critical_flags' hold all file flags that can't be
3158 * immediately restored. For example, on BSD systems,
3159 * SF_IMMUTABLE prevents hardlinks from being created, so
3160 * should not be set until after any hardlinks are created. To
3161 * preserve some semblance of portability, this uses #ifdef
3162 * extensively. Ugly, but it works.
3164 * Yes, Virginia, this does create a security race. It's mitigated
3165 * somewhat by the practice of creating dirs 0700 until the extract
3166 * is done, but it would be nice if we could do more than that.
3167 * People restoring critical file systems should be wary of
3168 * other programs that might try to muck with files as they're
3171 /* Hopefully, the compiler will optimize this mess into a constant. */
3174 critical_flags |= SF_IMMUTABLE;
3177 critical_flags |= UF_IMMUTABLE;
3180 critical_flags |= SF_APPEND;
3183 critical_flags |= UF_APPEND;
3185 #ifdef EXT2_APPEND_FL
3186 critical_flags |= EXT2_APPEND_FL;
3188 #ifdef EXT2_IMMUTABLE_FL
3189 critical_flags |= EXT2_IMMUTABLE_FL;
3192 if (a->todo & TODO_FFLAGS) {
3193 archive_entry_fflags(a->entry, &set, &clear);
3196 * The first test encourages the compiler to eliminate
3197 * all of this if it's not necessary.
3199 if ((critical_flags != 0) && (set & critical_flags)) {
3200 le = current_fixup(a, a->name);
3202 return (ARCHIVE_FATAL);
3203 le->fixup |= TODO_FFLAGS;
3204 le->fflags_set = set;
3205 /* Store the mode if it's not already there. */
3206 if ((le->fixup & TODO_MODE) == 0)
3209 r = set_fflags_platform(a, a->fd,
3210 a->name, mode, set, clear);
3211 if (r != ARCHIVE_OK)
3215 return (ARCHIVE_OK);
3219 clear_nochange_fflags(struct archive_write_disk *a)
3222 mode_t mode = archive_entry_mode(a->entry);
3224 /* Hopefully, the compiler will optimize this mess into a constant. */
3227 nochange_flags |= SF_IMMUTABLE;
3230 nochange_flags |= UF_IMMUTABLE;
3233 nochange_flags |= SF_APPEND;
3236 nochange_flags |= UF_APPEND;
3238 #ifdef EXT2_APPEND_FL
3239 nochange_flags |= EXT2_APPEND_FL;
3241 #ifdef EXT2_IMMUTABLE_FL
3242 nochange_flags |= EXT2_IMMUTABLE_FL;
3245 return (set_fflags_platform(a, a->fd, a->name, mode, 0, nochange_flags));
3249 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3251 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3254 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3255 mode_t mode, unsigned long set, unsigned long clear)
3259 (void)mode; /* UNUSED */
3260 if (set == 0 && clear == 0)
3261 return (ARCHIVE_OK);
3264 * XXX Is the stat here really necessary? Or can I just use
3265 * the 'set' flags directly? In particular, I'm not sure
3266 * about the correct approach if we're overwriting an existing
3267 * file that already has flags on it. XXX
3269 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3272 a->st.st_flags &= ~clear;
3273 a->st.st_flags |= set;
3274 #ifdef HAVE_FCHFLAGS
3275 /* If platform has fchflags() and we were given an fd, use it. */
3276 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3277 return (ARCHIVE_OK);
3280 * If we can't use the fd to set the flags, we'll use the
3281 * pathname to set flags. We prefer lchflags() but will use
3282 * chflags() if we must.
3284 #ifdef HAVE_LCHFLAGS
3285 if (lchflags(name, a->st.st_flags) == 0)
3286 return (ARCHIVE_OK);
3287 #elif defined(HAVE_CHFLAGS)
3288 if (S_ISLNK(a->st.st_mode)) {
3289 archive_set_error(&a->archive, errno,
3290 "Can't set file flags on symlink.");
3291 return (ARCHIVE_WARN);
3293 if (chflags(name, a->st.st_flags) == 0)
3294 return (ARCHIVE_OK);
3296 archive_set_error(&a->archive, errno,
3297 "Failed to set file flags");
3298 return (ARCHIVE_WARN);
3301 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
3303 * Linux uses ioctl() to read and write file flags.
3306 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3307 mode_t mode, unsigned long set, unsigned long clear)
3311 int newflags, oldflags;
3314 if (set == 0 && clear == 0)
3315 return (ARCHIVE_OK);
3316 /* Only regular files and dirs can have flags. */
3317 if (!S_ISREG(mode) && !S_ISDIR(mode))
3318 return (ARCHIVE_OK);
3320 /* If we weren't given an fd, open it ourselves. */
3322 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
3323 __archive_ensure_cloexec_flag(myfd);
3326 return (ARCHIVE_OK);
3329 * Linux has no define for the flags that are only settable by
3330 * the root user. This code may seem a little complex, but
3331 * there seem to be some Linux systems that lack these
3332 * defines. (?) The code below degrades reasonably gracefully
3333 * if sf_mask is incomplete.
3335 #ifdef EXT2_IMMUTABLE_FL
3336 sf_mask |= EXT2_IMMUTABLE_FL;
3338 #ifdef EXT2_APPEND_FL
3339 sf_mask |= EXT2_APPEND_FL;
3342 * XXX As above, this would be way simpler if we didn't have
3343 * to read the current flags from disk. XXX
3347 /* Read the current file flags. */
3348 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) < 0)
3351 /* Try setting the flags as given. */
3352 newflags = (oldflags & ~clear) | set;
3353 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3358 /* If we couldn't set all the flags, try again with a subset. */
3359 newflags &= ~sf_mask;
3360 oldflags &= sf_mask;
3361 newflags |= oldflags;
3362 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3365 /* We couldn't set the flags, so report the failure. */
3367 archive_set_error(&a->archive, errno,
3368 "Failed to set file flags");
3379 * Of course, some systems have neither BSD chflags() nor Linux' flags
3380 * support through ioctl().
3383 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3384 mode_t mode, unsigned long set, unsigned long clear)
3386 (void)a; /* UNUSED */
3387 (void)fd; /* UNUSED */
3388 (void)name; /* UNUSED */
3389 (void)mode; /* UNUSED */
3390 (void)set; /* UNUSED */
3391 (void)clear; /* UNUSED */
3392 return (ARCHIVE_OK);
3395 #endif /* __linux */
3397 #ifndef HAVE_COPYFILE_H
3398 /* Default is to simply drop Mac extended metadata. */
3400 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3401 const void *metadata, size_t metadata_size)
3403 (void)a; /* UNUSED */
3404 (void)pathname; /* UNUSED */
3405 (void)metadata; /* UNUSED */
3406 (void)metadata_size; /* UNUSED */
3407 return (ARCHIVE_OK);
3411 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3413 (void)a; /* UNUSED */
3414 (void)pathname; /* UNUSED */
3415 return (ARCHIVE_OK);
3420 * On Mac OS, we use copyfile() to unpack the metadata and
3421 * apply it to the target file.
3424 #if defined(HAVE_SYS_XATTR_H)
3426 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
3429 char *xattr_names = NULL, *xattr_val = NULL;
3430 int ret = ARCHIVE_OK, xattr_i;
3432 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
3433 if (xattr_size == -1) {
3434 archive_set_error(&a->archive, errno,
3435 "Failed to read metadata(xattr)");
3439 xattr_names = malloc(xattr_size);
3440 if (xattr_names == NULL) {
3441 archive_set_error(&a->archive, ENOMEM,
3442 "Can't allocate memory for metadata(xattr)");
3443 ret = ARCHIVE_FATAL;
3446 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
3447 if (xattr_size == -1) {
3448 archive_set_error(&a->archive, errno,
3449 "Failed to read metadata(xattr)");
3453 for (xattr_i = 0; xattr_i < xattr_size;
3454 xattr_i += strlen(xattr_names + xattr_i) + 1) {
3455 char *xattr_val_saved;
3459 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
3461 archive_set_error(&a->archive, errno,
3462 "Failed to get metadata(xattr)");
3466 xattr_val_saved = xattr_val;
3467 xattr_val = realloc(xattr_val, s);
3468 if (xattr_val == NULL) {
3469 archive_set_error(&a->archive, ENOMEM,
3470 "Failed to get metadata(xattr)");
3472 free(xattr_val_saved);
3475 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3477 archive_set_error(&a->archive, errno,
3478 "Failed to get metadata(xattr)");
3482 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3484 archive_set_error(&a->archive, errno,
3485 "Failed to get metadata(xattr)");
3498 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
3500 #ifndef HAVE_SYS_ACL_H
3503 acl_t acl, dfacl = NULL;
3504 int acl_r, ret = ARCHIVE_OK;
3506 acl = acl_get_fd(tmpfd);
3508 if (errno == ENOENT)
3509 /* There are not any ACLs. */
3511 archive_set_error(&a->archive, errno,
3512 "Failed to get metadata(acl)");
3516 dfacl = acl_dup(acl);
3517 acl_r = acl_set_fd(dffd, dfacl);
3519 archive_set_error(&a->archive, errno,
3520 "Failed to get metadata(acl)");
3534 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
3536 struct archive_string tmpdatafork;
3539 archive_string_init(&tmpdatafork);
3540 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
3541 tmpfd = mkstemp(tmpdatafork.s);
3543 archive_set_error(&a->archive, errno,
3544 "Failed to mkstemp");
3545 archive_string_free(&tmpdatafork);
3548 if (copyfile(pathname, tmpdatafork.s, 0,
3549 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3550 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3551 archive_set_error(&a->archive, errno,
3552 "Failed to restore metadata");
3556 unlink(tmpdatafork.s);
3557 archive_string_free(&tmpdatafork);
3562 copy_metadata(struct archive_write_disk *a, const char *metadata,
3563 const char *datafork, int datafork_compressed)
3565 int ret = ARCHIVE_OK;
3567 if (datafork_compressed) {
3570 tmpfd = create_tempdatafork(a, metadata);
3572 return (ARCHIVE_WARN);
3575 * Do not open the data fork compressed by HFS+ compression
3576 * with at least a writing mode(O_RDWR or O_WRONLY). it
3577 * makes the data fork uncompressed.
3579 dffd = open(datafork, 0);
3581 archive_set_error(&a->archive, errno,
3582 "Failed to open the data fork for metadata");
3584 return (ARCHIVE_WARN);
3587 #if defined(HAVE_SYS_XATTR_H)
3588 ret = copy_xattrs(a, tmpfd, dffd);
3589 if (ret == ARCHIVE_OK)
3591 ret = copy_acls(a, tmpfd, dffd);
3595 if (copyfile(metadata, datafork, 0,
3596 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3597 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3598 archive_set_error(&a->archive, errno,
3599 "Failed to restore metadata");
3607 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3608 const void *metadata, size_t metadata_size)
3610 struct archive_string tmp;
3613 int ret = ARCHIVE_OK;
3615 /* This would be simpler if copyfile() could just accept the
3616 * metadata as a block of memory; then we could sidestep this
3617 * silly dance of writing the data to disk just so that
3618 * copyfile() can read it back in again. */
3619 archive_string_init(&tmp);
3620 archive_strcpy(&tmp, pathname);
3621 archive_strcat(&tmp, ".XXXXXX");
3622 fd = mkstemp(tmp.s);
3625 archive_set_error(&a->archive, errno,
3626 "Failed to restore metadata");
3627 archive_string_free(&tmp);
3628 return (ARCHIVE_WARN);
3630 written = write(fd, metadata, metadata_size);
3632 if ((size_t)written != metadata_size) {
3633 archive_set_error(&a->archive, errno,
3634 "Failed to restore metadata");
3639 #if defined(UF_COMPRESSED)
3640 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
3641 (ret = lazy_stat(a)) == ARCHIVE_OK)
3642 compressed = a->st.st_flags & UF_COMPRESSED;
3646 ret = copy_metadata(a, tmp.s, pathname, compressed);
3649 archive_string_free(&tmp);
3654 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3659 struct archive_string datafork;
3660 int fd = -1, ret = ARCHIVE_OK;
3662 archive_string_init(&datafork);
3663 /* Check if the current file name is a type of the resource
3665 p = strrchr(pathname, '/');
3670 if (p[0] != '.' || p[1] != '_')
3671 goto skip_appledouble;
3674 * Check if the data fork file exists.
3676 * TODO: Check if this write disk object has handled it.
3678 archive_strncpy(&datafork, pathname, p - pathname);
3679 archive_strcat(&datafork, p + 2);
3680 if (lstat(datafork.s, &st) == -1 ||
3681 (st.st_mode & AE_IFMT) != AE_IFREG)
3682 goto skip_appledouble;
3685 * Check if the file is in the AppleDouble form.
3687 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
3688 __archive_ensure_cloexec_flag(fd);
3690 archive_set_error(&a->archive, errno,
3691 "Failed to open a restoring file");
3693 goto skip_appledouble;
3695 if (read(fd, buff, 8) == -1) {
3696 archive_set_error(&a->archive, errno,
3697 "Failed to read a restoring file");
3700 goto skip_appledouble;
3703 /* Check AppleDouble Magic Code. */
3704 if (archive_be32dec(buff) != 0x00051607)
3705 goto skip_appledouble;
3706 /* Check AppleDouble Version. */
3707 if (archive_be32dec(buff+4) != 0x00020000)
3708 goto skip_appledouble;
3710 ret = copy_metadata(a, pathname, datafork.s,
3711 #if defined(UF_COMPRESSED)
3712 st.st_flags & UF_COMPRESSED);
3716 if (ret == ARCHIVE_OK) {
3721 archive_string_free(&datafork);
3726 #if HAVE_LSETXATTR || HAVE_LSETEA
3728 * Restore extended attributes - Linux and AIX implementations:
3729 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
3732 set_xattrs(struct archive_write_disk *a)
3734 struct archive_entry *entry = a->entry;
3735 static int warning_done = 0;
3736 int ret = ARCHIVE_OK;
3737 int i = archive_entry_xattr_reset(entry);
3743 archive_entry_xattr_next(entry, &name, &value, &size);
3745 strncmp(name, "xfsroot.", 8) != 0 &&
3746 strncmp(name, "system.", 7) != 0) {
3750 e = fsetxattr(a->fd, name, value, size, 0);
3754 e = fsetea(a->fd, name, value, size, 0);
3759 e = lsetxattr(archive_entry_pathname(entry),
3760 name, value, size, 0);
3762 e = lsetea(archive_entry_pathname(entry),
3763 name, value, size, 0);
3767 if (errno == ENOTSUP || errno == ENOSYS) {
3768 if (!warning_done) {
3770 archive_set_error(&a->archive, errno,
3771 "Cannot restore extended "
3772 "attributes on this file "
3776 archive_set_error(&a->archive, errno,
3777 "Failed to set extended attribute");
3781 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3782 "Invalid extended attribute encountered");
3788 #elif HAVE_EXTATTR_SET_FILE && HAVE_DECL_EXTATTR_NAMESPACE_USER
3790 * Restore extended attributes - FreeBSD implementation
3793 set_xattrs(struct archive_write_disk *a)
3795 struct archive_entry *entry = a->entry;
3796 static int warning_done = 0;
3797 int ret = ARCHIVE_OK;
3798 int i = archive_entry_xattr_reset(entry);
3804 archive_entry_xattr_next(entry, &name, &value, &size);
3809 if (strncmp(name, "user.", 5) == 0) {
3810 /* "user." attributes go to user namespace */
3812 namespace = EXTATTR_NAMESPACE_USER;
3814 /* Warn about other extended attributes. */
3815 archive_set_error(&a->archive,
3816 ARCHIVE_ERRNO_FILE_FORMAT,
3817 "Can't restore extended attribute ``%s''",
3823 #if HAVE_EXTATTR_SET_FD
3825 e = extattr_set_fd(a->fd, namespace, name, value, size);
3828 /* TODO: should we use extattr_set_link() instead? */
3830 e = extattr_set_file(archive_entry_pathname(entry),
3831 namespace, name, value, size);
3833 if (e != (ssize_t)size) {
3834 if (errno == ENOTSUP || errno == ENOSYS) {
3835 if (!warning_done) {
3837 archive_set_error(&a->archive, errno,
3838 "Cannot restore extended "
3839 "attributes on this file "
3843 archive_set_error(&a->archive, errno,
3844 "Failed to set extended attribute");
3855 * Restore extended attributes - stub implementation for unsupported systems
3858 set_xattrs(struct archive_write_disk *a)
3860 static int warning_done = 0;
3862 /* If there aren't any extended attributes, then it's okay not
3863 * to extract them, otherwise, issue a single warning. */
3864 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
3866 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3867 "Cannot restore extended attributes on this system");
3868 return (ARCHIVE_WARN);
3870 /* Warning was already emitted; suppress further warnings. */
3871 return (ARCHIVE_OK);
3876 * Test if file on disk is older than entry.
3879 older(struct stat *st, struct archive_entry *entry)
3881 /* First, test the seconds and return if we have a definite answer. */
3882 /* Definitely older. */
3883 if (st->st_mtime < archive_entry_mtime(entry))
3885 /* Definitely younger. */
3886 if (st->st_mtime > archive_entry_mtime(entry))
3888 /* If this platform supports fractional seconds, try those. */
3889 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
3890 /* Definitely older. */
3891 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
3893 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
3894 /* Definitely older. */
3895 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
3897 #elif HAVE_STRUCT_STAT_ST_MTIME_N
3899 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
3901 #elif HAVE_STRUCT_STAT_ST_UMTIME
3903 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
3905 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
3907 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
3910 /* This system doesn't have high-res timestamps. */
3912 /* Same age or newer, so not older. */
3916 #endif /* !_WIN32 || __CYGWIN__ */