2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
31 #if !defined(_WIN32) || defined(__CYGWIN__)
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
42 #if defined(HAVE_SYS_XATTR_H)
43 #include <sys/xattr.h>
44 #elif defined(HAVE_ATTR_XATTR_H)
45 #include <attr/xattr.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
53 #ifdef HAVE_SYS_STAT_H
56 #ifdef HAVE_SYS_TIME_H
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
62 #ifdef HAVE_COPYFILE_H
74 #ifdef HAVE_LANGINFO_H
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
114 #include <TargetConditionals.h>
115 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
116 #include <quarantine.h>
117 #define HAVE_QUARANTINE 1
125 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
126 * standard tag to mark files that have been downloaded as "tainted".
127 * On Mac OS, we should mark the extracted files as tainted if the
128 * archive being read was tainted. Windows has a similar feature; we
129 * should investigate ways to support this generically. */
132 #include "archive_acl_private.h"
133 #include "archive_string.h"
134 #include "archive_endian.h"
135 #include "archive_entry.h"
136 #include "archive_private.h"
137 #include "archive_write_disk_private.h"
147 struct fixup_entry *next;
148 struct archive_acl acl;
154 unsigned long atime_nanos;
155 unsigned long birthtime_nanos;
156 unsigned long mtime_nanos;
157 unsigned long ctime_nanos;
158 unsigned long fflags_set;
159 size_t mac_metadata_size;
161 int fixup; /* bitmask of what needs fixing */
166 * We use a bitmask to track which operations remain to be done for
167 * this file. In particular, this helps us avoid unnecessary
168 * operations when it's possible to take care of one step as a
169 * side-effect of another. For example, mkdir() can specify the mode
170 * for the newly-created object but symlink() cannot. This means we
171 * can skip chmod() if mkdir() succeeded, but we must explicitly
172 * chmod() if we're trying to create a directory that already exists
173 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
174 * need to verify UID/GID before trying to restore SUID/SGID bits;
175 * that verification can occur explicitly through a stat() call or
176 * implicitly because of a successful chown() call.
178 #define TODO_MODE_FORCE 0x40000000
179 #define TODO_MODE_BASE 0x20000000
180 #define TODO_SUID 0x10000000
181 #define TODO_SUID_CHECK 0x08000000
182 #define TODO_SGID 0x04000000
183 #define TODO_SGID_CHECK 0x02000000
184 #define TODO_APPLEDOUBLE 0x01000000
185 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
186 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
187 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
188 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
189 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
190 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
191 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
192 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
194 struct archive_write_disk {
195 struct archive archive;
198 struct fixup_entry *fixup_list;
199 struct fixup_entry *current_fixup;
202 int64_t skip_file_dev;
203 int64_t skip_file_ino;
206 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
207 void (*cleanup_gid)(void *private);
208 void *lookup_gid_data;
209 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
210 void (*cleanup_uid)(void *private);
211 void *lookup_uid_data;
214 * Full path of last file to satisfy symlink checks.
216 struct archive_string path_safe;
219 * Cached stat data from disk for the current entry.
220 * If this is valid, pst points to st. Otherwise,
226 /* Information about the object being restored right now. */
227 struct archive_entry *entry; /* Entry being extracted. */
228 char *name; /* Name of entry, possibly edited. */
229 struct archive_string _name_data; /* backing store for 'name' */
230 /* Tasks remaining for this object. */
232 /* Tasks deferred until end-of-archive. */
234 /* Options requested by the client. */
236 /* Handle for the file we're restoring. */
238 /* Current offset for writing data to the file. */
240 /* Last offset actually written to disk. */
242 /* Total bytes actually written to files. */
243 int64_t total_bytes_written;
244 /* Maximum size of file, -1 if unknown. */
246 /* Dir we were in before this restore; only for deep paths. */
248 /* Mode we should use for this entry; affected by _PERM and umask. */
250 /* UID/GID to use in restoring this entry. */
256 /* Xattr "com.apple.decmpfs". */
257 uint32_t decmpfs_attr_size;
258 unsigned char *decmpfs_header_p;
259 /* ResourceFork set options used for fsetxattr. */
260 int rsrc_xattr_options;
261 /* Xattr "com.apple.ResourceFork". */
262 unsigned char *resource_fork;
263 size_t resource_fork_allocated_size;
264 unsigned int decmpfs_block_count;
265 uint32_t *decmpfs_block_info;
266 /* Buffer for compressed data. */
267 unsigned char *compressed_buffer;
268 size_t compressed_buffer_size;
269 size_t compressed_buffer_remaining;
270 /* The offset of the ResourceFork where compressed data will
272 uint32_t compressed_rsrc_position;
273 uint32_t compressed_rsrc_position_v;
274 /* Buffer for uncompressed data. */
275 char *uncompressed_buffer;
276 size_t block_remaining_bytes;
277 size_t file_remaining_bytes;
281 int decmpfs_compression_level;
286 * Default mode for dirs created automatically (will be modified by umask).
287 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
288 * by the process' file creation mask."
290 #define DEFAULT_DIR_MODE 0777
292 * Dir modes are restored in two steps: During the extraction, the permissions
293 * in the archive are modified to match the following limits. During
294 * the post-extract fixup pass, the permissions from the archive are
297 #define MINIMUM_DIR_MODE 0700
298 #define MAXIMUM_DIR_MODE 0775
301 * Maxinum uncompressed size of a decmpfs block.
303 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
305 * HFS+ compression type.
307 #define CMP_XATTR 3/* Compressed data in xattr. */
308 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
310 * HFS+ compression resource fork.
312 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
313 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
314 /* Size to write compressed data to resource fork. */
315 #define COMPRESSED_W_SIZE (64 * 1024)
316 /* decmpfs difinitions. */
317 #define MAX_DECMPFS_XATTR_SIZE 3802
318 #ifndef DECMPFS_XATTR_NAME
319 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
321 #define DECMPFS_MAGIC 0x636d7066
322 #define DECMPFS_COMPRESSION_MAGIC 0
323 #define DECMPFS_COMPRESSION_TYPE 4
324 #define DECMPFS_UNCOMPRESSED_SIZE 8
325 #define DECMPFS_HEADER_SIZE 16
327 #define HFS_BLOCKS(s) ((s) >> 12)
329 static int check_symlinks(struct archive_write_disk *);
330 static int create_filesystem_object(struct archive_write_disk *);
331 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
332 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
333 static void edit_deep_directories(struct archive_write_disk *ad);
335 static int cleanup_pathname(struct archive_write_disk *);
336 static int create_dir(struct archive_write_disk *, char *);
337 static int create_parent_dir(struct archive_write_disk *, char *);
338 static ssize_t hfs_write_data_block(struct archive_write_disk *,
339 const char *, size_t);
340 static int fixup_appledouble(struct archive_write_disk *, const char *);
341 static int older(struct stat *, struct archive_entry *);
342 static int restore_entry(struct archive_write_disk *);
343 static int set_mac_metadata(struct archive_write_disk *, const char *,
344 const void *, size_t);
345 static int set_xattrs(struct archive_write_disk *);
346 static int set_fflags(struct archive_write_disk *);
347 static int set_fflags_platform(struct archive_write_disk *, int fd,
348 const char *name, mode_t mode,
349 unsigned long fflags_set, unsigned long fflags_clear);
350 static int set_ownership(struct archive_write_disk *);
351 static int set_mode(struct archive_write_disk *, int mode);
352 static int set_time(int, int, const char *, time_t, long, time_t, long);
353 static int set_times(struct archive_write_disk *, int, int, const char *,
354 time_t, long, time_t, long, time_t, long, time_t, long);
355 static int set_times_from_entry(struct archive_write_disk *);
356 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
357 static ssize_t write_data_block(struct archive_write_disk *,
358 const char *, size_t);
360 static struct archive_vtable *archive_write_disk_vtable(void);
362 static int _archive_write_disk_close(struct archive *);
363 static int _archive_write_disk_free(struct archive *);
364 static int _archive_write_disk_header(struct archive *, struct archive_entry *);
365 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
366 static int _archive_write_disk_finish_entry(struct archive *);
367 static ssize_t _archive_write_disk_data(struct archive *, const void *, size_t);
368 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, size_t, int64_t);
371 lazy_stat(struct archive_write_disk *a)
373 if (a->pst != NULL) {
374 /* Already have stat() data available. */
378 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
384 * XXX At this point, symlinks should not be hit, otherwise
385 * XXX a race occurred. Do we want to check explicitly for that?
387 if (lstat(a->name, &a->st) == 0) {
391 archive_set_error(&a->archive, errno, "Couldn't stat file");
392 return (ARCHIVE_WARN);
395 static struct archive_vtable *
396 archive_write_disk_vtable(void)
398 static struct archive_vtable av;
399 static int inited = 0;
402 av.archive_close = _archive_write_disk_close;
403 av.archive_filter_bytes = _archive_write_disk_filter_bytes;
404 av.archive_free = _archive_write_disk_free;
405 av.archive_write_header = _archive_write_disk_header;
406 av.archive_write_finish_entry
407 = _archive_write_disk_finish_entry;
408 av.archive_write_data = _archive_write_disk_data;
409 av.archive_write_data_block = _archive_write_disk_data_block;
416 _archive_write_disk_filter_bytes(struct archive *_a, int n)
418 struct archive_write_disk *a = (struct archive_write_disk *)_a;
419 (void)n; /* UNUSED */
420 if (n == -1 || n == 0)
421 return (a->total_bytes_written);
427 archive_write_disk_set_options(struct archive *_a, int flags)
429 struct archive_write_disk *a = (struct archive_write_disk *)_a;
437 * Extract this entry to disk.
439 * TODO: Validate hardlinks. According to the standards, we're
440 * supposed to check each extracted hardlink and squawk if it refers
441 * to a file that we didn't restore. I'm not entirely convinced this
442 * is a good idea, but more importantly: Is there any way to validate
443 * hardlinks without keeping a complete list of filenames from the
444 * entire archive?? Ugh.
448 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
450 struct archive_write_disk *a = (struct archive_write_disk *)_a;
451 struct fixup_entry *fe;
454 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
455 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
456 "archive_write_disk_header");
457 archive_clear_error(&a->archive);
458 if (a->archive.state & ARCHIVE_STATE_DATA) {
459 r = _archive_write_disk_finish_entry(&a->archive);
460 if (r == ARCHIVE_FATAL)
464 /* Set up for this particular entry. */
466 a->current_fixup = NULL;
469 archive_entry_free(a->entry);
472 a->entry = archive_entry_clone(entry);
477 a->uid = a->user_uid;
478 a->mode = archive_entry_mode(a->entry);
479 if (archive_entry_size_is_set(a->entry))
480 a->filesize = archive_entry_size(a->entry);
483 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
484 a->name = a->_name_data.s;
485 archive_clear_error(&a->archive);
488 * Clean up the requested path. This is necessary for correct
489 * dir restores; the dir restore logic otherwise gets messed
490 * up by nonsense like "dir/.".
492 ret = cleanup_pathname(a);
493 if (ret != ARCHIVE_OK)
497 * Query the umask so we get predictable mode settings.
498 * This gets done on every call to _write_header in case the
499 * user edits their umask during the extraction for some
502 umask(a->user_umask = umask(0));
504 /* Figure out what we need to do for this entry. */
505 a->todo = TODO_MODE_BASE;
506 if (a->flags & ARCHIVE_EXTRACT_PERM) {
507 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
509 * SGID requires an extra "check" step because we
510 * cannot easily predict the GID that the system will
511 * assign. (Different systems assign GIDs to files
512 * based on a variety of criteria, including process
513 * credentials and the gid of the enclosing
514 * directory.) We can only restore the SGID bit if
515 * the file has the right GID, and we only know the
516 * GID if we either set it (see set_ownership) or if
517 * we've actually called stat() on the file after it
518 * was restored. Since there are several places at
519 * which we might verify the GID, we need a TODO bit
522 if (a->mode & S_ISGID)
523 a->todo |= TODO_SGID | TODO_SGID_CHECK;
525 * Verifying the SUID is simpler, but can still be
526 * done in multiple ways, hence the separate "check" bit.
528 if (a->mode & S_ISUID)
529 a->todo |= TODO_SUID | TODO_SUID_CHECK;
532 * User didn't request full permissions, so don't
533 * restore SUID, SGID bits and obey umask.
538 a->mode &= ~a->user_umask;
540 if (a->flags & ARCHIVE_EXTRACT_OWNER)
541 a->todo |= TODO_OWNER;
542 if (a->flags & ARCHIVE_EXTRACT_TIME)
543 a->todo |= TODO_TIMES;
544 if (a->flags & ARCHIVE_EXTRACT_ACL) {
545 if (archive_entry_filetype(a->entry) == AE_IFDIR)
546 a->deferred |= TODO_ACLS;
548 a->todo |= TODO_ACLS;
550 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
551 if (archive_entry_filetype(a->entry) == AE_IFDIR)
552 a->deferred |= TODO_MAC_METADATA;
554 a->todo |= TODO_MAC_METADATA;
556 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
557 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
558 unsigned long set, clear;
559 archive_entry_fflags(a->entry, &set, &clear);
560 if ((set & ~clear) & UF_COMPRESSED) {
561 a->todo |= TODO_HFS_COMPRESSION;
562 a->decmpfs_block_count = (unsigned)-1;
565 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
566 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
567 a->todo |= TODO_HFS_COMPRESSION;
568 a->decmpfs_block_count = (unsigned)-1;
573 /* Check if the current file name is a type of the
574 * resource fork file. */
575 p = strrchr(a->name, '/');
580 if (p[0] == '.' && p[1] == '_') {
581 /* Do not compress "._XXX" files. */
582 a->todo &= ~TODO_HFS_COMPRESSION;
584 a->todo |= TODO_APPLEDOUBLE;
589 if (a->flags & ARCHIVE_EXTRACT_XATTR)
590 a->todo |= TODO_XATTR;
591 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
592 a->todo |= TODO_FFLAGS;
593 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
594 ret = check_symlinks(a);
595 if (ret != ARCHIVE_OK)
598 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
599 /* If path exceeds PATH_MAX, shorten the path. */
600 edit_deep_directories(a);
603 ret = restore_entry(a);
605 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
607 * Check if the filesystem the file is restoring on supports
608 * HFS+ Compression. If not, cancel HFS+ Compression.
610 if (a->todo | TODO_HFS_COMPRESSION) {
612 * NOTE: UF_COMPRESSED is ignored even if the filesystem
613 * supports HFS+ Compression because the file should
614 * have at least an extended attriute "com.apple.decmpfs"
615 * before the flag is set to indicate that the file have
616 * been compressed. If hte filesystem does not support
617 * HFS+ Compression the system call will fail.
619 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
620 a->todo &= ~TODO_HFS_COMPRESSION;
625 * TODO: There are rumours that some extended attributes must
626 * be restored before file data is written. If this is true,
627 * then we either need to write all extended attributes both
628 * before and after restoring the data, or find some rule for
629 * determining which must go first and which last. Due to the
630 * many ways people are using xattrs, this may prove to be an
631 * intractable problem.
635 /* If we changed directory above, restore it here. */
636 if (a->restore_pwd >= 0) {
637 r = fchdir(a->restore_pwd);
639 archive_set_error(&a->archive, errno, "chdir() failure");
642 close(a->restore_pwd);
648 * Fixup uses the unedited pathname from archive_entry_pathname(),
649 * because it is relative to the base dir and the edited path
650 * might be relative to some intermediate dir as a result of the
651 * deep restore logic.
653 if (a->deferred & TODO_MODE) {
654 fe = current_fixup(a, archive_entry_pathname(entry));
656 return (ARCHIVE_FATAL);
657 fe->fixup |= TODO_MODE_BASE;
661 if ((a->deferred & TODO_TIMES)
662 && (archive_entry_mtime_is_set(entry)
663 || archive_entry_atime_is_set(entry))) {
664 fe = current_fixup(a, archive_entry_pathname(entry));
666 return (ARCHIVE_FATAL);
668 fe->fixup |= TODO_TIMES;
669 if (archive_entry_atime_is_set(entry)) {
670 fe->atime = archive_entry_atime(entry);
671 fe->atime_nanos = archive_entry_atime_nsec(entry);
673 /* If atime is unset, use start time. */
674 fe->atime = a->start_time;
677 if (archive_entry_mtime_is_set(entry)) {
678 fe->mtime = archive_entry_mtime(entry);
679 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
681 /* If mtime is unset, use start time. */
682 fe->mtime = a->start_time;
685 if (archive_entry_birthtime_is_set(entry)) {
686 fe->birthtime = archive_entry_birthtime(entry);
687 fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
689 /* If birthtime is unset, use mtime. */
690 fe->birthtime = fe->mtime;
691 fe->birthtime_nanos = fe->mtime_nanos;
695 if (a->deferred & TODO_ACLS) {
696 fe = current_fixup(a, archive_entry_pathname(entry));
698 return (ARCHIVE_FATAL);
699 fe->fixup |= TODO_ACLS;
700 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
703 if (a->deferred & TODO_MAC_METADATA) {
704 const void *metadata;
705 size_t metadata_size;
706 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
707 if (metadata != NULL && metadata_size > 0) {
708 fe = current_fixup(a, archive_entry_pathname(entry));
710 return (ARCHIVE_FATAL);
711 fe->mac_metadata = malloc(metadata_size);
712 if (fe->mac_metadata != NULL) {
713 memcpy(fe->mac_metadata, metadata, metadata_size);
714 fe->mac_metadata_size = metadata_size;
715 fe->fixup |= TODO_MAC_METADATA;
720 if (a->deferred & TODO_FFLAGS) {
721 fe = current_fixup(a, archive_entry_pathname(entry));
723 return (ARCHIVE_FATAL);
724 fe->fixup |= TODO_FFLAGS;
725 /* TODO: Complete this.. defer fflags from below. */
728 /* We've created the object and are ready to pour data into it. */
729 if (ret >= ARCHIVE_WARN)
730 a->archive.state = ARCHIVE_STATE_DATA;
732 * If it's not open, tell our client not to try writing.
733 * In particular, dirs, links, etc, don't get written to.
736 archive_entry_set_size(entry, 0);
744 archive_write_disk_set_skip_file(struct archive *_a, int64_t d, int64_t i)
746 struct archive_write_disk *a = (struct archive_write_disk *)_a;
747 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
748 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
749 a->skip_file_set = 1;
750 a->skip_file_dev = d;
751 a->skip_file_ino = i;
756 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
758 uint64_t start_size = size;
759 ssize_t bytes_written = 0;
760 ssize_t block_size = 0, bytes_to_write;
765 if (a->filesize == 0 || a->fd < 0) {
766 archive_set_error(&a->archive, 0,
767 "Attempt to write to an empty file");
768 return (ARCHIVE_WARN);
771 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
772 #if HAVE_STRUCT_STAT_ST_BLKSIZE
774 if ((r = lazy_stat(a)) != ARCHIVE_OK)
776 block_size = a->pst->st_blksize;
778 /* XXX TODO XXX Is there a more appropriate choice here ? */
779 /* This needn't match the filesystem allocation size. */
780 block_size = 16*1024;
784 /* If this write would run beyond the file size, truncate it. */
785 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
786 start_size = size = (size_t)(a->filesize - a->offset);
788 /* Write the data. */
790 if (block_size == 0) {
791 bytes_to_write = size;
793 /* We're sparsifying the file. */
797 /* Skip leading zero bytes. */
798 for (p = buff, end = buff + size; p < end; ++p) {
802 a->offset += p - buff;
808 /* Calculate next block boundary after offset. */
810 = (a->offset / block_size + 1) * block_size;
812 /* If the adjusted write would cross block boundary,
813 * truncate it to the block boundary. */
814 bytes_to_write = size;
815 if (a->offset + bytes_to_write > block_end)
816 bytes_to_write = block_end - a->offset;
818 /* Seek if necessary to the specified offset. */
819 if (a->offset != a->fd_offset) {
820 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
821 archive_set_error(&a->archive, errno,
823 return (ARCHIVE_FATAL);
825 a->fd_offset = a->offset;
827 bytes_written = write(a->fd, buff, bytes_to_write);
828 if (bytes_written < 0) {
829 archive_set_error(&a->archive, errno, "Write failed");
830 return (ARCHIVE_WARN);
832 buff += bytes_written;
833 size -= bytes_written;
834 a->total_bytes_written += bytes_written;
835 a->offset += bytes_written;
836 a->fd_offset = a->offset;
838 return (start_size - size);
841 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
842 && defined(HAVE_ZLIB_H)
845 * Set UF_COMPRESSED file flag.
846 * This have to be called after hfs_write_decmpfs() because if the
847 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
850 hfs_set_compressed_fflag(struct archive_write_disk *a)
854 if ((r = lazy_stat(a)) != ARCHIVE_OK)
857 a->st.st_flags |= UF_COMPRESSED;
858 if (fchflags(a->fd, a->st.st_flags) != 0) {
859 archive_set_error(&a->archive, errno,
860 "Failed to set UF_COMPRESSED file flag");
861 return (ARCHIVE_WARN);
867 * HFS+ Compression decmpfs
869 * +------------------------------+ +0
870 * | Magic(LE 4 bytes) |
871 * +------------------------------+
872 * | Type(LE 4 bytes) |
873 * +------------------------------+
874 * | Uncompressed size(LE 8 bytes)|
875 * +------------------------------+ +16
877 * | Compressed data |
878 * | (Placed only if Type == 3) |
880 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
882 * Type is 3: decmpfs has compressed data.
883 * Type is 4: Resource Fork has compressed data.
886 * Write "com.apple.decmpfs"
889 hfs_write_decmpfs(struct archive_write_disk *a)
892 uint32_t compression_type;
894 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
895 a->decmpfs_attr_size, 0, 0);
897 archive_set_error(&a->archive, errno,
898 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
899 compression_type = archive_le32dec(
900 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
901 if (compression_type == CMP_RESOURCE_FORK)
902 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
903 XATTR_SHOWCOMPRESSION);
904 return (ARCHIVE_WARN);
910 * HFS+ Compression Resource Fork
912 * +-----------------------------+
913 * | Header(260 bytes) |
914 * +-----------------------------+
915 * | Block count(LE 4 bytes) |
916 * +-----------------------------+ --+
917 * +-- | Offset (LE 4 bytes) | |
918 * | | [distance from Block count] | | Block 0
919 * | +-----------------------------+ |
920 * | | Compressed size(LE 4 bytes) | |
921 * | +-----------------------------+ --+
923 * | | .................. |
925 * | +-----------------------------+ --+
926 * | | Offset (LE 4 bytes) | |
927 * | +-----------------------------+ | Block (Block count -1)
928 * | | Compressed size(LE 4 bytes) | |
929 * +-> +-----------------------------+ --+
930 * | Compressed data(n bytes) | Block 0
931 * +-----------------------------+
933 * | .................. |
935 * +-----------------------------+
936 * | Compressed data(n bytes) | Block (Block count -1)
937 * +-----------------------------+
938 * | Footer(50 bytes) |
939 * +-----------------------------+
943 * Write the header of "com.apple.ResourceFork"
946 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
947 size_t bytes, uint32_t position)
951 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
952 position, a->rsrc_xattr_options);
954 archive_set_error(&a->archive, errno,
955 "Cannot restore xattr: %s at %u pos %u bytes",
956 XATTR_RESOURCEFORK_NAME,
959 return (ARCHIVE_WARN);
961 a->rsrc_xattr_options &= ~XATTR_CREATE;
966 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
970 ret = hfs_write_resource_fork(a, a->compressed_buffer,
971 bytes_compressed, a->compressed_rsrc_position);
972 if (ret == ARCHIVE_OK)
973 a->compressed_rsrc_position += bytes_compressed;
978 hfs_write_resource_fork_header(struct archive_write_disk *a)
982 uint32_t rsrc_header_bytes;
985 * Write resource fork header + block info.
987 buff = a->resource_fork;
988 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
990 RSRC_H_SIZE + /* Header base size. */
991 4 + /* Block count. */
992 (a->decmpfs_block_count * 8);/* Block info */
993 archive_be32enc(buff, 0x100);
994 archive_be32enc(buff + 4, rsrc_bytes);
995 archive_be32enc(buff + 8, rsrc_bytes - 256);
996 archive_be32enc(buff + 12, 0x32);
997 memset(buff + 16, 0, 240);
998 archive_be32enc(buff + 256, rsrc_bytes - 260);
999 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1003 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1005 static const char rsrc_footer[RSRC_F_SIZE] = {
1006 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1009 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1010 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1011 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1014 if (buff_size < sizeof(rsrc_footer))
1016 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1017 return (sizeof(rsrc_footer));
1021 hfs_reset_compressor(struct archive_write_disk *a)
1025 if (a->stream_valid)
1026 ret = deflateReset(&a->stream);
1028 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1032 "Failed to initialize compressor");
1033 return (ARCHIVE_FATAL);
1035 a->stream_valid = 1;
1037 return (ARCHIVE_OK);
1041 hfs_decompress(struct archive_write_disk *a)
1043 uint32_t *block_info;
1044 unsigned int block_count;
1045 uint32_t data_pos, data_size;
1047 ssize_t bytes_written, bytes_to_write;
1050 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1051 block_count = archive_le32dec(block_info++);
1052 while (block_count--) {
1053 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1054 data_size = archive_le32dec(block_info++);
1055 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1056 a->compressed_buffer, data_size, data_pos, 0);
1057 if (r != data_size) {
1058 archive_set_error(&a->archive,
1059 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1060 "Failed to read resource fork");
1061 return (ARCHIVE_WARN);
1063 if (a->compressed_buffer[0] == 0xff) {
1064 bytes_to_write = data_size -1;
1065 b = a->compressed_buffer + 1;
1067 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1070 zr = uncompress((Bytef *)a->uncompressed_buffer,
1071 &dest_len, a->compressed_buffer, data_size);
1073 archive_set_error(&a->archive,
1075 "Failed to decompress resource fork");
1076 return (ARCHIVE_WARN);
1078 bytes_to_write = dest_len;
1079 b = (unsigned char *)a->uncompressed_buffer;
1082 bytes_written = write(a->fd, b, bytes_to_write);
1083 if (bytes_written < 0) {
1084 archive_set_error(&a->archive, errno,
1086 return (ARCHIVE_WARN);
1088 bytes_to_write -= bytes_written;
1090 } while (bytes_to_write > 0);
1092 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1094 archive_set_error(&a->archive, errno,
1095 "Failed to remove resource fork");
1096 return (ARCHIVE_WARN);
1098 return (ARCHIVE_OK);
1102 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1105 unsigned char *buffer_compressed;
1106 size_t bytes_compressed;
1110 ret = hfs_reset_compressor(a);
1111 if (ret != ARCHIVE_OK)
1114 if (a->compressed_buffer == NULL) {
1117 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1118 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1119 a->compressed_buffer = malloc(block_size);
1120 if (a->compressed_buffer == NULL) {
1121 archive_set_error(&a->archive, ENOMEM,
1122 "Can't allocate memory for Resource Fork");
1123 return (ARCHIVE_FATAL);
1125 a->compressed_buffer_size = block_size;
1126 a->compressed_buffer_remaining = block_size;
1129 buffer_compressed = a->compressed_buffer +
1130 a->compressed_buffer_size - a->compressed_buffer_remaining;
1131 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1132 a->stream.avail_in = size;
1133 a->stream.next_out = buffer_compressed;
1134 a->stream.avail_out = a->compressed_buffer_remaining;
1136 ret = deflate(&a->stream, Z_FINISH);
1142 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1143 "Failed to compress data");
1144 return (ARCHIVE_FAILED);
1146 } while (ret == Z_OK);
1147 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1150 * If the compressed size is larger than the original size,
1151 * throw away compressed data, use uncompressed data instead.
1153 if (bytes_compressed > size) {
1154 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1155 memcpy(buffer_compressed + 1, buff, size);
1156 bytes_compressed = size + 1;
1158 a->compressed_buffer_remaining -= bytes_compressed;
1161 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1162 * and the block count in the file is only one, store compressed
1163 * data to decmpfs xattr instead of the resource fork.
1165 if (a->decmpfs_block_count == 1 &&
1166 (a->decmpfs_attr_size + bytes_compressed)
1167 <= MAX_DECMPFS_XATTR_SIZE) {
1168 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1170 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1171 buffer_compressed, bytes_compressed);
1172 a->decmpfs_attr_size += bytes_compressed;
1173 a->compressed_buffer_remaining = a->compressed_buffer_size;
1175 * Finish HFS+ Compression.
1176 * - Write the decmpfs xattr.
1177 * - Set the UF_COMPRESSED file flag.
1179 ret = hfs_write_decmpfs(a);
1180 if (ret == ARCHIVE_OK)
1181 ret = hfs_set_compressed_fflag(a);
1185 /* Update block info. */
1186 archive_le32enc(a->decmpfs_block_info++,
1187 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1188 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1189 a->compressed_rsrc_position_v += bytes_compressed;
1192 * Write the compressed data to the resource fork.
1194 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1195 while (bytes_used >= COMPRESSED_W_SIZE) {
1196 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1197 if (ret != ARCHIVE_OK)
1199 bytes_used -= COMPRESSED_W_SIZE;
1200 if (bytes_used > COMPRESSED_W_SIZE)
1201 memmove(a->compressed_buffer,
1202 a->compressed_buffer + COMPRESSED_W_SIZE,
1205 memcpy(a->compressed_buffer,
1206 a->compressed_buffer + COMPRESSED_W_SIZE,
1209 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1212 * If the current block is the last block, write the remaining
1213 * compressed data and the resource fork footer.
1215 if (a->file_remaining_bytes == 0) {
1219 /* Append the resource footer. */
1220 rsrc_size = hfs_set_resource_fork_footer(
1221 a->compressed_buffer + bytes_used,
1222 a->compressed_buffer_remaining);
1223 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1224 a->compressed_buffer_remaining = a->compressed_buffer_size;
1226 /* If the compressed size is not enouph smaller than
1227 * the uncompressed size. cancel HFS+ compression.
1228 * TODO: study a behavior of ditto utility and improve
1229 * the condition to fall back into no HFS+ compression. */
1230 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1232 if (bk > HFS_BLOCKS(a->filesize))
1233 return hfs_decompress(a);
1235 * Write the resourcefork header.
1237 if (ret == ARCHIVE_OK)
1238 ret = hfs_write_resource_fork_header(a);
1240 * Finish HFS+ Compression.
1241 * - Write the decmpfs xattr.
1242 * - Set the UF_COMPRESSED file flag.
1244 if (ret == ARCHIVE_OK)
1245 ret = hfs_write_decmpfs(a);
1246 if (ret == ARCHIVE_OK)
1247 ret = hfs_set_compressed_fflag(a);
1253 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1256 const char *buffer_to_write;
1257 size_t bytes_to_write;
1260 if (a->decmpfs_block_count == (unsigned)-1) {
1263 unsigned int block_count;
1265 if (a->decmpfs_header_p == NULL) {
1266 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1267 + sizeof(uint32_t));
1268 if (new_block == NULL) {
1269 archive_set_error(&a->archive, ENOMEM,
1270 "Can't allocate memory for decmpfs");
1271 return (ARCHIVE_FATAL);
1273 a->decmpfs_header_p = new_block;
1275 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1276 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1278 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1280 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1283 /* Calculate a block count of the file. */
1285 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1286 MAX_DECMPFS_BLOCK_SIZE;
1288 * Allocate buffer for resource fork.
1289 * Set up related pointers;
1292 RSRC_H_SIZE + /* header */
1293 4 + /* Block count */
1294 (block_count * sizeof(uint32_t) * 2) +
1295 RSRC_F_SIZE; /* footer */
1296 if (new_size > a->resource_fork_allocated_size) {
1297 new_block = realloc(a->resource_fork, new_size);
1298 if (new_block == NULL) {
1299 archive_set_error(&a->archive, ENOMEM,
1300 "Can't allocate memory for ResourceFork");
1301 return (ARCHIVE_FATAL);
1303 a->resource_fork_allocated_size = new_size;
1304 a->resource_fork = new_block;
1307 /* Allocate uncompressed buffer */
1308 if (a->uncompressed_buffer == NULL) {
1309 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1310 if (new_block == NULL) {
1311 archive_set_error(&a->archive, ENOMEM,
1312 "Can't allocate memory for decmpfs");
1313 return (ARCHIVE_FATAL);
1315 a->uncompressed_buffer = new_block;
1317 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1318 a->file_remaining_bytes = a->filesize;
1319 a->compressed_buffer_remaining = a->compressed_buffer_size;
1322 * Set up a resource fork.
1324 a->rsrc_xattr_options = XATTR_CREATE;
1325 /* Get the position where we are going to set a bunch
1327 a->decmpfs_block_info =
1328 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1329 /* Set the block count to the resource fork. */
1330 archive_le32enc(a->decmpfs_block_info++, block_count);
1331 /* Get the position where we are goint to set compressed
1333 a->compressed_rsrc_position =
1334 RSRC_H_SIZE + 4 + (block_count * 8);
1335 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1336 a->decmpfs_block_count = block_count;
1339 /* Ignore redundant bytes. */
1340 if (a->file_remaining_bytes == 0)
1341 return ((ssize_t)size);
1343 /* Do not overrun a block size. */
1344 if (size > a->block_remaining_bytes)
1345 bytes_to_write = a->block_remaining_bytes;
1347 bytes_to_write = size;
1348 /* Do not overrun the file size. */
1349 if (bytes_to_write > a->file_remaining_bytes)
1350 bytes_to_write = a->file_remaining_bytes;
1352 /* For efficiency, if a copy length is full of the uncompressed
1353 * buffer size, do not copy writing data to it. */
1354 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1355 buffer_to_write = buff;
1357 memcpy(a->uncompressed_buffer +
1358 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1359 buff, bytes_to_write);
1360 buffer_to_write = a->uncompressed_buffer;
1362 a->block_remaining_bytes -= bytes_to_write;
1363 a->file_remaining_bytes -= bytes_to_write;
1365 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1366 ret = hfs_drive_compressor(a, buffer_to_write,
1367 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1370 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1372 /* Ignore redundant bytes. */
1373 if (a->file_remaining_bytes == 0)
1374 return ((ssize_t)size);
1375 return (bytes_to_write);
1379 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1382 uint64_t start_size = size;
1383 ssize_t bytes_written = 0;
1384 ssize_t bytes_to_write;
1387 return (ARCHIVE_OK);
1389 if (a->filesize == 0 || a->fd < 0) {
1390 archive_set_error(&a->archive, 0,
1391 "Attempt to write to an empty file");
1392 return (ARCHIVE_WARN);
1395 /* If this write would run beyond the file size, truncate it. */
1396 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1397 start_size = size = (size_t)(a->filesize - a->offset);
1399 /* Write the data. */
1401 bytes_to_write = size;
1402 /* Seek if necessary to the specified offset. */
1403 if (a->offset < a->fd_offset) {
1404 /* Can't support backword move. */
1405 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1407 return (ARCHIVE_FATAL);
1408 } else if (a->offset > a->fd_offset) {
1409 int64_t skip = a->offset - a->fd_offset;
1410 char nullblock[1024];
1412 memset(nullblock, 0, sizeof(nullblock));
1414 if (skip > (int64_t)sizeof(nullblock))
1415 bytes_written = hfs_write_decmpfs_block(
1416 a, nullblock, sizeof(nullblock));
1418 bytes_written = hfs_write_decmpfs_block(
1419 a, nullblock, skip);
1420 if (bytes_written < 0) {
1421 archive_set_error(&a->archive, errno,
1423 return (ARCHIVE_WARN);
1425 skip -= bytes_written;
1428 a->fd_offset = a->offset;
1431 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1432 if (bytes_written < 0)
1433 return (bytes_written);
1434 buff += bytes_written;
1435 size -= bytes_written;
1436 a->total_bytes_written += bytes_written;
1437 a->offset += bytes_written;
1438 a->fd_offset = a->offset;
1440 return (start_size - size);
1444 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1447 return (write_data_block(a, buff, size));
1452 _archive_write_disk_data_block(struct archive *_a,
1453 const void *buff, size_t size, int64_t offset)
1455 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1458 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1459 ARCHIVE_STATE_DATA, "archive_write_data_block");
1462 if (a->todo & TODO_HFS_COMPRESSION)
1463 r = hfs_write_data_block(a, buff, size);
1465 r = write_data_block(a, buff, size);
1468 if ((size_t)r < size) {
1469 archive_set_error(&a->archive, 0,
1470 "Write request too large");
1471 return (ARCHIVE_WARN);
1473 return (ARCHIVE_OK);
1477 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1479 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1481 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1482 ARCHIVE_STATE_DATA, "archive_write_data");
1484 if (a->todo & TODO_HFS_COMPRESSION)
1485 return (hfs_write_data_block(a, buff, size));
1486 return (write_data_block(a, buff, size));
1490 _archive_write_disk_finish_entry(struct archive *_a)
1492 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1493 int ret = ARCHIVE_OK;
1495 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1496 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1497 "archive_write_finish_entry");
1498 if (a->archive.state & ARCHIVE_STATE_HEADER)
1499 return (ARCHIVE_OK);
1500 archive_clear_error(&a->archive);
1502 /* Pad or truncate file to the right size. */
1504 /* There's no file. */
1505 } else if (a->filesize < 0) {
1506 /* File size is unknown, so we can't set the size. */
1507 } else if (a->fd_offset == a->filesize) {
1508 /* Last write ended at exactly the filesize; we're done. */
1509 /* Hopefully, this is the common case. */
1510 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1511 } else if (a->todo & TODO_HFS_COMPRESSION) {
1515 if (a->file_remaining_bytes)
1516 memset(null_d, 0, sizeof(null_d));
1517 while (a->file_remaining_bytes) {
1518 if (a->file_remaining_bytes > sizeof(null_d))
1519 r = hfs_write_data_block(
1520 a, null_d, sizeof(null_d));
1522 r = hfs_write_data_block(
1523 a, null_d, a->file_remaining_bytes);
1530 if (ftruncate(a->fd, a->filesize) == -1 &&
1532 archive_set_error(&a->archive, errno,
1533 "File size could not be restored");
1534 return (ARCHIVE_FAILED);
1538 * Not all platforms implement the XSI option to
1539 * extend files via ftruncate. Stat() the file again
1540 * to see what happened.
1543 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1545 /* We can use lseek()/write() to extend the file if
1546 * ftruncate didn't work or isn't available. */
1547 if (a->st.st_size < a->filesize) {
1548 const char nul = '\0';
1549 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1550 archive_set_error(&a->archive, errno,
1552 return (ARCHIVE_FATAL);
1554 if (write(a->fd, &nul, 1) < 0) {
1555 archive_set_error(&a->archive, errno,
1556 "Write to restore size failed");
1557 return (ARCHIVE_FATAL);
1563 /* Restore metadata. */
1566 * This is specific to Mac OS X.
1567 * If the current file is an AppleDouble file, it should be
1568 * linked with the data fork file and remove it.
1570 if (a->todo & TODO_APPLEDOUBLE) {
1571 int r2 = fixup_appledouble(a, a->name);
1572 if (r2 == ARCHIVE_EOF) {
1573 /* The current file has been successfully linked
1574 * with the data fork file and removed. So there
1575 * is nothing to do on the current file. */
1576 goto finish_metadata;
1578 if (r2 < ret) ret = r2;
1582 * Look up the "real" UID only if we're going to need it.
1583 * TODO: the TODO_SGID condition can be dropped here, can't it?
1585 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1586 a->uid = archive_write_disk_uid(&a->archive,
1587 archive_entry_uname(a->entry),
1588 archive_entry_uid(a->entry));
1590 /* Look up the "real" GID only if we're going to need it. */
1591 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1592 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1593 a->gid = archive_write_disk_gid(&a->archive,
1594 archive_entry_gname(a->entry),
1595 archive_entry_gid(a->entry));
1599 * Restore ownership before set_mode tries to restore suid/sgid
1600 * bits. If we set the owner, we know what it is and can skip
1601 * a stat() call to examine the ownership of the file on disk.
1603 if (a->todo & TODO_OWNER) {
1604 int r2 = set_ownership(a);
1605 if (r2 < ret) ret = r2;
1609 * set_mode must precede ACLs on systems such as Solaris and
1610 * FreeBSD where setting the mode implicitly clears extended ACLs
1612 if (a->todo & TODO_MODE) {
1613 int r2 = set_mode(a, a->mode);
1614 if (r2 < ret) ret = r2;
1618 * Security-related extended attributes (such as
1619 * security.capability on Linux) have to be restored last,
1620 * since they're implicitly removed by other file changes.
1622 if (a->todo & TODO_XATTR) {
1623 int r2 = set_xattrs(a);
1624 if (r2 < ret) ret = r2;
1628 * Some flags prevent file modification; they must be restored after
1629 * file contents are written.
1631 if (a->todo & TODO_FFLAGS) {
1632 int r2 = set_fflags(a);
1633 if (r2 < ret) ret = r2;
1637 * Time must follow most other metadata;
1638 * otherwise atime will get changed.
1640 if (a->todo & TODO_TIMES) {
1641 int r2 = set_times_from_entry(a);
1642 if (r2 < ret) ret = r2;
1646 * Mac extended metadata includes ACLs.
1648 if (a->todo & TODO_MAC_METADATA) {
1649 const void *metadata;
1650 size_t metadata_size;
1651 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1652 if (metadata != NULL && metadata_size > 0) {
1653 int r2 = set_mac_metadata(a, archive_entry_pathname(
1654 a->entry), metadata, metadata_size);
1655 if (r2 < ret) ret = r2;
1660 * ACLs must be restored after timestamps because there are
1661 * ACLs that prevent attribute changes (including time).
1663 if (a->todo & TODO_ACLS) {
1664 int r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1665 archive_entry_pathname(a->entry),
1666 archive_entry_acl(a->entry));
1667 if (r2 < ret) ret = r2;
1671 /* If there's an fd, we can close it now. */
1676 /* If there's an entry, we can release it now. */
1678 archive_entry_free(a->entry);
1681 a->archive.state = ARCHIVE_STATE_HEADER;
1686 archive_write_disk_set_group_lookup(struct archive *_a,
1688 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid),
1689 void (*cleanup_gid)(void *private))
1691 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1692 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1693 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1695 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1696 (a->cleanup_gid)(a->lookup_gid_data);
1698 a->lookup_gid = lookup_gid;
1699 a->cleanup_gid = cleanup_gid;
1700 a->lookup_gid_data = private_data;
1701 return (ARCHIVE_OK);
1705 archive_write_disk_set_user_lookup(struct archive *_a,
1707 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1708 void (*cleanup_uid)(void *private))
1710 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1711 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1712 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1714 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1715 (a->cleanup_uid)(a->lookup_uid_data);
1717 a->lookup_uid = lookup_uid;
1718 a->cleanup_uid = cleanup_uid;
1719 a->lookup_uid_data = private_data;
1720 return (ARCHIVE_OK);
1724 archive_write_disk_gid(struct archive *_a, const char *name, int64_t id)
1726 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1727 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1728 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1730 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1735 archive_write_disk_uid(struct archive *_a, const char *name, int64_t id)
1737 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1738 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1739 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1741 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1746 * Create a new archive_write_disk object and initialize it with global state.
1749 archive_write_disk_new(void)
1751 struct archive_write_disk *a;
1753 a = (struct archive_write_disk *)malloc(sizeof(*a));
1756 memset(a, 0, sizeof(*a));
1757 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1758 /* We're ready to write a header immediately. */
1759 a->archive.state = ARCHIVE_STATE_HEADER;
1760 a->archive.vtable = archive_write_disk_vtable();
1761 a->start_time = time(NULL);
1762 /* Query and restore the umask. */
1763 umask(a->user_umask = umask(0));
1765 a->user_uid = geteuid();
1766 #endif /* HAVE_GETEUID */
1767 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1772 a->decmpfs_compression_level = 5;
1774 return (&a->archive);
1779 * If pathname is longer than PATH_MAX, chdir to a suitable
1780 * intermediate dir and edit the path down to a shorter suffix. Note
1781 * that this routine never returns an error; if the chdir() attempt
1782 * fails for any reason, we just go ahead with the long pathname. The
1783 * object creation is likely to fail, but any error will get handled
1786 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
1788 edit_deep_directories(struct archive_write_disk *a)
1791 char *tail = a->name;
1793 /* If path is short, avoid the open() below. */
1794 if (strlen(tail) <= PATH_MAX)
1797 /* Try to record our starting dir. */
1798 a->restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
1799 __archive_ensure_cloexec_flag(a->restore_pwd);
1800 if (a->restore_pwd < 0)
1803 /* As long as the path is too long... */
1804 while (strlen(tail) > PATH_MAX) {
1805 /* Locate a dir prefix shorter than PATH_MAX. */
1806 tail += PATH_MAX - 8;
1807 while (tail > a->name && *tail != '/')
1809 /* Exit if we find a too-long path component. */
1810 if (tail <= a->name)
1812 /* Create the intermediate dir and chdir to it. */
1813 *tail = '\0'; /* Terminate dir portion */
1814 ret = create_dir(a, a->name);
1815 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
1816 ret = ARCHIVE_FAILED;
1817 *tail = '/'; /* Restore the / we removed. */
1818 if (ret != ARCHIVE_OK)
1821 /* The chdir() succeeded; we've now shortened the path. */
1829 * The main restore function.
1832 restore_entry(struct archive_write_disk *a)
1834 int ret = ARCHIVE_OK, en;
1836 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
1838 * TODO: Fix this. Apparently, there are platforms
1839 * that still allow root to hose the entire filesystem
1840 * by unlinking a dir. The S_ISDIR() test above
1841 * prevents us from using unlink() here if the new
1842 * object is a dir, but that doesn't mean the old
1843 * object isn't a dir.
1845 if (unlink(a->name) == 0) {
1846 /* We removed it, reset cached stat. */
1848 } else if (errno == ENOENT) {
1849 /* File didn't exist, that's just as good. */
1850 } else if (rmdir(a->name) == 0) {
1851 /* It was a dir, but now it's gone. */
1854 /* We tried, but couldn't get rid of it. */
1855 archive_set_error(&a->archive, errno,
1856 "Could not unlink");
1857 return(ARCHIVE_FAILED);
1861 /* Try creating it first; if this fails, we'll try to recover. */
1862 en = create_filesystem_object(a);
1864 if ((en == ENOTDIR || en == ENOENT)
1865 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
1866 /* If the parent dir doesn't exist, try creating it. */
1867 create_parent_dir(a, a->name);
1868 /* Now try to create the object again. */
1869 en = create_filesystem_object(a);
1872 if ((en == EISDIR || en == EEXIST)
1873 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1874 /* If we're not overwriting, we're done. */
1875 archive_entry_unset_size(a->entry);
1876 return (ARCHIVE_OK);
1880 * Some platforms return EISDIR if you call
1881 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
1882 * return EEXIST. POSIX is ambiguous, requiring EISDIR
1883 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
1884 * on an existing item.
1887 /* A dir is in the way of a non-dir, rmdir it. */
1888 if (rmdir(a->name) != 0) {
1889 archive_set_error(&a->archive, errno,
1890 "Can't remove already-existing dir");
1891 return (ARCHIVE_FAILED);
1895 en = create_filesystem_object(a);
1896 } else if (en == EEXIST) {
1898 * We know something is in the way, but we don't know what;
1899 * we need to find out before we go any further.
1903 * The SECURE_SYMLINKS logic has already removed a
1904 * symlink to a dir if the client wants that. So
1905 * follow the symlink if we're creating a dir.
1907 if (S_ISDIR(a->mode))
1908 r = stat(a->name, &a->st);
1910 * If it's not a dir (or it's a broken symlink),
1911 * then don't follow it.
1913 if (r != 0 || !S_ISDIR(a->mode))
1914 r = lstat(a->name, &a->st);
1916 archive_set_error(&a->archive, errno,
1917 "Can't stat existing object");
1918 return (ARCHIVE_FAILED);
1922 * NO_OVERWRITE_NEWER doesn't apply to directories.
1924 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
1925 && !S_ISDIR(a->st.st_mode)) {
1926 if (!older(&(a->st), a->entry)) {
1927 archive_entry_unset_size(a->entry);
1928 return (ARCHIVE_OK);
1932 /* If it's our archive, we're done. */
1933 if (a->skip_file_set &&
1934 a->st.st_dev == (dev_t)a->skip_file_dev &&
1935 a->st.st_ino == (ino_t)a->skip_file_ino) {
1936 archive_set_error(&a->archive, 0,
1937 "Refusing to overwrite archive");
1938 return (ARCHIVE_FAILED);
1941 if (!S_ISDIR(a->st.st_mode)) {
1942 /* A non-dir is in the way, unlink it. */
1943 if (unlink(a->name) != 0) {
1944 archive_set_error(&a->archive, errno,
1945 "Can't unlink already-existing object");
1946 return (ARCHIVE_FAILED);
1950 en = create_filesystem_object(a);
1951 } else if (!S_ISDIR(a->mode)) {
1952 /* A dir is in the way of a non-dir, rmdir it. */
1953 if (rmdir(a->name) != 0) {
1954 archive_set_error(&a->archive, errno,
1955 "Can't replace existing directory with non-directory");
1956 return (ARCHIVE_FAILED);
1959 en = create_filesystem_object(a);
1962 * There's a dir in the way of a dir. Don't
1963 * waste time with rmdir()/mkdir(), just fix
1964 * up the permissions on the existing dir.
1965 * Note that we don't change perms on existing
1966 * dirs unless _EXTRACT_PERM is specified.
1968 if ((a->mode != a->st.st_mode)
1969 && (a->todo & TODO_MODE_FORCE))
1970 a->deferred |= (a->todo & TODO_MODE);
1971 /* Ownership doesn't need deferred fixup. */
1972 en = 0; /* Forget the EEXIST. */
1977 /* Everything failed; give up here. */
1978 archive_set_error(&a->archive, en, "Can't create '%s'",
1980 return (ARCHIVE_FAILED);
1983 a->pst = NULL; /* Cached stat data no longer valid. */
1988 * Returns 0 if creation succeeds, or else returns errno value from
1989 * the failed system call. Note: This function should only ever perform
1990 * a single system call.
1993 create_filesystem_object(struct archive_write_disk *a)
1995 /* Create the entry. */
1996 const char *linkname;
1997 mode_t final_mode, mode;
2000 /* We identify hard/symlinks according to the link names. */
2001 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2002 linkname = archive_entry_hardlink(a->entry);
2003 if (linkname != NULL) {
2007 r = link(linkname, a->name) ? errno : 0;
2009 * New cpio and pax formats allow hardlink entries
2010 * to carry data, so we may have to open the file
2011 * for hardlink entries.
2013 * If the hardlink was successfully created and
2014 * the archive doesn't have carry data for it,
2015 * consider it to be non-authoritative for meta data.
2016 * This is consistent with GNU tar and BSD pax.
2017 * If the hardlink does carry data, let the last
2018 * archive entry decide ownership.
2020 if (r == 0 && a->filesize <= 0) {
2023 } else if (r == 0 && a->filesize > 0) {
2024 a->fd = open(a->name,
2025 O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
2026 __archive_ensure_cloexec_flag(a->fd);
2033 linkname = archive_entry_symlink(a->entry);
2034 if (linkname != NULL) {
2036 return symlink(linkname, a->name) ? errno : 0;
2043 * The remaining system calls all set permissions, so let's
2044 * try to take advantage of that to avoid an extra chmod()
2045 * call. (Recall that umask is set to zero right now!)
2048 /* Mode we want for the final restored object (w/o file type bits). */
2049 final_mode = a->mode & 07777;
2051 * The mode that will actually be restored in this step. Note
2052 * that SUID, SGID, etc, require additional work to ensure
2053 * security, so we never restore them at this point.
2055 mode = final_mode & 0777 & ~a->user_umask;
2057 switch (a->mode & AE_IFMT) {
2059 /* POSIX requires that we fall through here. */
2062 a->fd = open(a->name,
2063 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2064 __archive_ensure_cloexec_flag(a->fd);
2069 /* Note: we use AE_IFCHR for the case label, and
2070 * S_IFCHR for the mknod() call. This is correct. */
2071 r = mknod(a->name, mode | S_IFCHR,
2072 archive_entry_rdev(a->entry));
2075 /* TODO: Find a better way to warn about our inability
2076 * to restore a char device node. */
2078 #endif /* HAVE_MKNOD */
2081 r = mknod(a->name, mode | S_IFBLK,
2082 archive_entry_rdev(a->entry));
2085 /* TODO: Find a better way to warn about our inability
2086 * to restore a block device node. */
2088 #endif /* HAVE_MKNOD */
2090 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2091 r = mkdir(a->name, mode);
2093 /* Defer setting dir times. */
2094 a->deferred |= (a->todo & TODO_TIMES);
2095 a->todo &= ~TODO_TIMES;
2096 /* Never use an immediate chmod(). */
2097 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2098 * because of SysV SGID inheritance. */
2099 if ((mode != final_mode)
2100 || (a->flags & ARCHIVE_EXTRACT_PERM))
2101 a->deferred |= (a->todo & TODO_MODE);
2102 a->todo &= ~TODO_MODE;
2107 r = mkfifo(a->name, mode);
2110 /* TODO: Find a better way to warn about our inability
2111 * to restore a fifo. */
2113 #endif /* HAVE_MKFIFO */
2116 /* All the system calls above set errno on failure. */
2120 /* If we managed to set the final mode, we've avoided a chmod(). */
2121 if (mode == final_mode)
2122 a->todo &= ~TODO_MODE;
2127 * Cleanup function for archive_extract. Mostly, this involves processing
2128 * the fixup list, which is used to address a number of problems:
2129 * * Dir permissions might prevent us from restoring a file in that
2130 * dir, so we restore the dir with minimum 0700 permissions first,
2131 * then correct the mode at the end.
2132 * * Similarly, the act of restoring a file touches the directory
2133 * and changes the timestamp on the dir, so we have to touch-up dir
2134 * timestamps at the end as well.
2135 * * Some file flags can interfere with the restore by, for example,
2136 * preventing the creation of hardlinks to those files.
2137 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2139 * Note that tar/cpio do not require that archives be in a particular
2140 * order; there is no way to know when the last file has been restored
2141 * within a directory, so there's no way to optimize the memory usage
2142 * here by fixing up the directory any earlier than the
2145 * XXX TODO: Directory ACLs should be restored here, for the same
2146 * reason we set directory perms here. XXX
2149 _archive_write_disk_close(struct archive *_a)
2151 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2152 struct fixup_entry *next, *p;
2155 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2156 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2157 "archive_write_disk_close");
2158 ret = _archive_write_disk_finish_entry(&a->archive);
2160 /* Sort dir list so directories are fixed up in depth-first order. */
2161 p = sort_dir_list(a->fixup_list);
2164 a->pst = NULL; /* Mark stat cache as out-of-date. */
2165 if (p->fixup & TODO_TIMES) {
2166 set_times(a, -1, p->mode, p->name,
2167 p->atime, p->atime_nanos,
2168 p->birthtime, p->birthtime_nanos,
2169 p->mtime, p->mtime_nanos,
2170 p->ctime, p->ctime_nanos);
2172 if (p->fixup & TODO_MODE_BASE)
2173 chmod(p->name, p->mode);
2174 if (p->fixup & TODO_ACLS)
2175 archive_write_disk_set_acls(&a->archive,
2176 -1, p->name, &p->acl);
2177 if (p->fixup & TODO_FFLAGS)
2178 set_fflags_platform(a, -1, p->name,
2179 p->mode, p->fflags_set, 0);
2180 if (p->fixup & TODO_MAC_METADATA)
2181 set_mac_metadata(a, p->name, p->mac_metadata,
2182 p->mac_metadata_size);
2184 archive_acl_clear(&p->acl);
2185 free(p->mac_metadata);
2190 a->fixup_list = NULL;
2195 _archive_write_disk_free(struct archive *_a)
2197 struct archive_write_disk *a;
2200 return (ARCHIVE_OK);
2201 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2202 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2203 a = (struct archive_write_disk *)_a;
2204 ret = _archive_write_disk_close(&a->archive);
2205 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2206 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2208 archive_entry_free(a->entry);
2209 archive_string_free(&a->_name_data);
2210 archive_string_free(&a->archive.error_string);
2211 archive_string_free(&a->path_safe);
2212 a->archive.magic = 0;
2213 __archive_clean(&a->archive);
2214 free(a->decmpfs_header_p);
2215 free(a->resource_fork);
2216 free(a->compressed_buffer);
2217 free(a->uncompressed_buffer);
2219 if (a->stream_valid) {
2220 switch (deflateEnd(&a->stream)) {
2224 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2225 "Failed to clean up compressor");
2226 ret = ARCHIVE_FATAL;
2236 * Simple O(n log n) merge sort to order the fixup list. In
2237 * particular, we want to restore dir timestamps depth-first.
2239 static struct fixup_entry *
2240 sort_dir_list(struct fixup_entry *p)
2242 struct fixup_entry *a, *b, *t;
2246 /* A one-item list is already sorted. */
2247 if (p->next == NULL)
2250 /* Step 1: split the list. */
2254 /* Step a twice, t once. */
2260 /* Now, t is at the mid-point, so break the list here. */
2265 /* Step 2: Recursively sort the two sub-lists. */
2266 a = sort_dir_list(a);
2267 b = sort_dir_list(b);
2269 /* Step 3: Merge the returned lists. */
2270 /* Pick the first element for the merged list. */
2271 if (strcmp(a->name, b->name) > 0) {
2279 /* Always put the later element on the list first. */
2280 while (a != NULL && b != NULL) {
2281 if (strcmp(a->name, b->name) > 0) {
2291 /* Only one list is non-empty, so just splice it on. */
2301 * Returns a new, initialized fixup entry.
2303 * TODO: Reduce the memory requirements for this list by using a tree
2304 * structure rather than a simple list of names.
2306 static struct fixup_entry *
2307 new_fixup(struct archive_write_disk *a, const char *pathname)
2309 struct fixup_entry *fe;
2311 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2313 archive_set_error(&a->archive, ENOMEM,
2314 "Can't allocate memory for a fixup");
2317 fe->next = a->fixup_list;
2320 fe->name = strdup(pathname);
2325 * Returns a fixup structure for the current entry.
2327 static struct fixup_entry *
2328 current_fixup(struct archive_write_disk *a, const char *pathname)
2330 if (a->current_fixup == NULL)
2331 a->current_fixup = new_fixup(a, pathname);
2332 return (a->current_fixup);
2335 /* TODO: Make this work. */
2337 * TODO: The deep-directory support bypasses this; disable deep directory
2338 * support if we're doing symlink checks.
2341 * TODO: Someday, integrate this with the deep dir support; they both
2342 * scan the path and both can be optimized by comparing against other
2345 /* TODO: Extend this to support symlinks on Windows Vista and later. */
2347 check_symlinks(struct archive_write_disk *a)
2349 #if !defined(HAVE_LSTAT)
2350 /* Platform doesn't have lstat, so we can't look for symlinks. */
2351 (void)a; /* UNUSED */
2352 return (ARCHIVE_OK);
2360 * Guard against symlink tricks. Reject any archive entry whose
2361 * destination would be altered by a symlink.
2363 /* Whatever we checked last time doesn't need to be re-checked. */
2365 if (archive_strlen(&(a->path_safe)) > 0) {
2366 char *p = a->path_safe.s;
2367 while ((*pn != '\0') && (*p == *pn))
2371 /* Keep going until we've checked the entire name. */
2372 while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
2373 /* Skip the next path element. */
2374 while (*pn != '\0' && *pn != '/')
2378 /* Check that we haven't hit a symlink. */
2379 r = lstat(a->name, &st);
2381 /* We've hit a dir that doesn't exist; stop now. */
2382 if (errno == ENOENT)
2384 } else if (S_ISLNK(st.st_mode)) {
2387 * Last element is symlink; remove it
2388 * so we can overwrite it with the
2389 * item being extracted.
2391 if (unlink(a->name)) {
2392 archive_set_error(&a->archive, errno,
2393 "Could not remove symlink %s",
2396 return (ARCHIVE_FAILED);
2400 * Even if we did remove it, a warning
2401 * is in order. The warning is silly,
2402 * though, if we're just replacing one
2403 * symlink with another symlink.
2405 if (!S_ISLNK(a->mode)) {
2406 archive_set_error(&a->archive, 0,
2407 "Removing symlink %s",
2410 /* Symlink gone. No more problem! */
2413 } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
2414 /* User asked us to remove problems. */
2415 if (unlink(a->name) != 0) {
2416 archive_set_error(&a->archive, 0,
2417 "Cannot remove intervening symlink %s",
2420 return (ARCHIVE_FAILED);
2424 archive_set_error(&a->archive, 0,
2425 "Cannot extract through symlink %s",
2428 return (ARCHIVE_FAILED);
2433 /* We've checked and/or cleaned the whole path, so remember it. */
2434 archive_strcpy(&a->path_safe, a->name);
2435 return (ARCHIVE_OK);
2439 #if defined(__CYGWIN__)
2441 * 1. Convert a path separator from '\' to '/' .
2442 * We shouldn't check multibyte character directly because some
2443 * character-set have been using the '\' character for a part of
2444 * its multibyte character code.
2445 * 2. Replace unusable characters in Windows with underscore('_').
2446 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
2449 cleanup_pathname_win(struct archive_write_disk *a)
2454 int mb, complete, utf8;
2459 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
2460 for (p = a->name; *p != '\0'; p++) {
2463 /* If previous byte is smaller than 128,
2464 * this is not second byte of multibyte characters,
2465 * so we can replace '\' with '/'. */
2469 complete = 0;/* uncompleted. */
2470 } else if (*(unsigned char *)p > 127)
2474 /* Rewrite the path name if its next character is unusable. */
2475 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
2476 *p == '<' || *p == '>' || *p == '|')
2483 * Convert path separator in wide-character.
2486 while (*p != '\0' && alen) {
2487 l = mbtowc(&wc, p, alen);
2488 if (l == (size_t)-1) {
2489 while (*p != '\0') {
2496 if (l == 1 && wc == L'\\')
2505 * Canonicalize the pathname. In particular, this strips duplicate
2506 * '/' characters, '.' elements, and trailing '/'. It also raises an
2507 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
2508 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
2509 * is set) if the path is absolute.
2512 cleanup_pathname(struct archive_write_disk *a)
2515 char separator = '\0';
2517 dest = src = a->name;
2519 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2520 "Invalid empty pathname");
2521 return (ARCHIVE_FAILED);
2524 #if defined(__CYGWIN__)
2525 cleanup_pathname_win(a);
2527 /* Skip leading '/'. */
2529 if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
2530 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2531 "Path is absolute");
2532 return (ARCHIVE_FAILED);
2538 /* Scan the pathname one element at a time. */
2540 /* src points to first char after '/' */
2541 if (src[0] == '\0') {
2543 } else if (src[0] == '/') {
2544 /* Found '//', ignore second one. */
2547 } else if (src[0] == '.') {
2548 if (src[1] == '\0') {
2549 /* Ignore trailing '.' */
2551 } else if (src[1] == '/') {
2555 } else if (src[1] == '.') {
2556 if (src[2] == '/' || src[2] == '\0') {
2557 /* Conditionally warn about '..' */
2558 if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
2559 archive_set_error(&a->archive,
2561 "Path contains '..'");
2562 return (ARCHIVE_FAILED);
2566 * Note: Under no circumstances do we
2567 * remove '..' elements. In
2568 * particular, restoring
2569 * '/foo/../bar/' should create the
2570 * 'foo' dir as a side-effect.
2575 /* Copy current element, including leading '/'. */
2578 while (*src != '\0' && *src != '/') {
2585 /* Skip '/' separator. */
2589 * We've just copied zero or more path elements, not including the
2592 if (dest == a->name) {
2594 * Nothing got copied. The path must have been something
2595 * like '.' or '/' or './' or '/././././/./'.
2602 /* Terminate the result. */
2604 return (ARCHIVE_OK);
2608 * Create the parent directory of the specified path, assuming path
2609 * is already in mutable storage.
2612 create_parent_dir(struct archive_write_disk *a, char *path)
2617 /* Remove tail element to obtain parent name. */
2618 slash = strrchr(path, '/');
2620 return (ARCHIVE_OK);
2622 r = create_dir(a, path);
2628 * Create the specified dir, recursing to create parents as necessary.
2630 * Returns ARCHIVE_OK if the path exists when we're done here.
2631 * Otherwise, returns ARCHIVE_FAILED.
2632 * Assumes path is in mutable storage; path is unchanged on exit.
2635 create_dir(struct archive_write_disk *a, char *path)
2638 struct fixup_entry *le;
2640 mode_t mode_final, mode;
2643 /* Check for special names and just skip them. */
2644 slash = strrchr(path, '/');
2650 if (base[0] == '\0' ||
2651 (base[0] == '.' && base[1] == '\0') ||
2652 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
2653 /* Don't bother trying to create null path, '.', or '..'. */
2654 if (slash != NULL) {
2656 r = create_dir(a, path);
2660 return (ARCHIVE_OK);
2664 * Yes, this should be stat() and not lstat(). Using lstat()
2665 * here loses the ability to extract through symlinks. Also note
2666 * that this should not use the a->st cache.
2668 if (stat(path, &st) == 0) {
2669 if (S_ISDIR(st.st_mode))
2670 return (ARCHIVE_OK);
2671 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2672 archive_set_error(&a->archive, EEXIST,
2673 "Can't create directory '%s'", path);
2674 return (ARCHIVE_FAILED);
2676 if (unlink(path) != 0) {
2677 archive_set_error(&a->archive, errno,
2678 "Can't create directory '%s': "
2679 "Conflicting file cannot be removed",
2681 return (ARCHIVE_FAILED);
2683 } else if (errno != ENOENT && errno != ENOTDIR) {
2685 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
2686 return (ARCHIVE_FAILED);
2687 } else if (slash != NULL) {
2689 r = create_dir(a, path);
2691 if (r != ARCHIVE_OK)
2696 * Mode we want for the final restored directory. Per POSIX,
2697 * implicitly-created dirs must be created obeying the umask.
2698 * There's no mention whether this is different for privileged
2699 * restores (which the rest of this code handles by pretending
2700 * umask=0). I've chosen here to always obey the user's umask for
2701 * implicit dirs, even if _EXTRACT_PERM was specified.
2703 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
2704 /* Mode we want on disk during the restore process. */
2706 mode |= MINIMUM_DIR_MODE;
2707 mode &= MAXIMUM_DIR_MODE;
2708 if (mkdir(path, mode) == 0) {
2709 if (mode != mode_final) {
2710 le = new_fixup(a, path);
2712 return (ARCHIVE_FATAL);
2713 le->fixup |=TODO_MODE_BASE;
2714 le->mode = mode_final;
2716 return (ARCHIVE_OK);
2720 * Without the following check, a/b/../b/c/d fails at the
2721 * second visit to 'b', so 'd' can't be created. Note that we
2722 * don't add it to the fixup list here, as it's already been
2725 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
2726 return (ARCHIVE_OK);
2728 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
2730 return (ARCHIVE_FAILED);
2734 * Note: Although we can skip setting the user id if the desired user
2735 * id matches the current user, we cannot skip setting the group, as
2736 * many systems set the gid based on the containing directory. So
2737 * we have to perform a chown syscall if we want to set the SGID
2738 * bit. (The alternative is to stat() and then possibly chown(); it's
2739 * more efficient to skip the stat() and just always chown().) Note
2740 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
2741 * allows set_mode to skip the stat() check for the GID.
2744 set_ownership(struct archive_write_disk *a)
2747 /* unfortunately, on win32 there is no 'root' user with uid 0,
2748 so we just have to try the chown and see if it works */
2750 /* If we know we can't change it, don't bother trying. */
2751 if (a->user_uid != 0 && a->user_uid != a->uid) {
2752 archive_set_error(&a->archive, errno,
2753 "Can't set UID=%jd", (intmax_t)a->uid);
2754 return (ARCHIVE_WARN);
2759 /* If we have an fd, we can avoid a race. */
2760 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
2761 /* We've set owner and know uid/gid are correct. */
2762 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2763 return (ARCHIVE_OK);
2767 /* We prefer lchown() but will use chown() if that's all we have. */
2768 /* Of course, if we have neither, this will always fail. */
2770 if (lchown(a->name, a->uid, a->gid) == 0) {
2771 /* We've set owner and know uid/gid are correct. */
2772 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2773 return (ARCHIVE_OK);
2776 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
2777 /* We've set owner and know uid/gid are correct. */
2778 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2779 return (ARCHIVE_OK);
2783 archive_set_error(&a->archive, errno,
2784 "Can't set user=%jd/group=%jd for %s",
2785 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
2786 return (ARCHIVE_WARN);
2790 * Note: Returns 0 on success, non-zero on failure.
2793 set_time(int fd, int mode, const char *name,
2794 time_t atime, long atime_nsec,
2795 time_t mtime, long mtime_nsec)
2797 /* Select the best implementation for this platform. */
2798 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
2800 * utimensat() and futimens() are defined in
2801 * POSIX.1-2008. They support ns resolution and setting times
2802 * on fds and symlinks.
2804 struct timespec ts[2];
2805 (void)mode; /* UNUSED */
2806 ts[0].tv_sec = atime;
2807 ts[0].tv_nsec = atime_nsec;
2808 ts[1].tv_sec = mtime;
2809 ts[1].tv_nsec = mtime_nsec;
2811 return futimens(fd, ts);
2812 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
2816 * The utimes()-family functions support µs-resolution and
2817 * setting times fds and symlinks. utimes() is documented as
2818 * LEGACY by POSIX, futimes() and lutimes() are not described
2821 struct timeval times[2];
2823 times[0].tv_sec = atime;
2824 times[0].tv_usec = atime_nsec / 1000;
2825 times[1].tv_sec = mtime;
2826 times[1].tv_usec = mtime_nsec / 1000;
2830 return (futimes(fd, times));
2832 (void)fd; /* UNUSED */
2835 (void)mode; /* UNUSED */
2836 return (lutimes(name, times));
2840 return (utimes(name, times));
2843 #elif defined(HAVE_UTIME)
2845 * utime() is POSIX-standard but only supports 1s resolution and
2846 * does not support fds or symlinks.
2848 struct utimbuf times;
2849 (void)fd; /* UNUSED */
2850 (void)name; /* UNUSED */
2851 (void)atime_nsec; /* UNUSED */
2852 (void)mtime_nsec; /* UNUSED */
2853 times.actime = atime;
2854 times.modtime = mtime;
2856 return (ARCHIVE_OK);
2857 return (utime(name, ×));
2861 * We don't know how to set the time on this platform.
2863 (void)fd; /* UNUSED */
2864 (void)mode; /* UNUSED */
2865 (void)name; /* UNUSED */
2866 (void)atime_nsec; /* UNUSED */
2867 (void)mtime_nsec; /* UNUSED */
2868 return (ARCHIVE_WARN);
2872 #ifdef F_SETTIMES /* Tru64 */
2874 set_time_tru64(int fd, int mode, const char *name,
2875 time_t atime, long atime_nsec,
2876 time_t mtime, long mtime_nsec,
2877 time_t ctime, long ctime_nsec)
2879 struct attr_timbuf tstamp;
2880 struct timeval times[3];
2881 times[0].tv_sec = atime;
2882 times[0].tv_usec = atime_nsec / 1000;
2883 times[1].tv_sec = mtime;
2884 times[1].tv_usec = mtime_nsec / 1000;
2885 times[2].tv_sec = ctime;
2886 times[2].tv_usec = ctime_nsec / 1000;
2887 tstamp.atime = times[0];
2888 tstamp.mtime = times[1];
2889 tstamp.ctime = times[2];
2890 return (fcntl(fd,F_SETTIMES,&tstamp));
2895 set_times(struct archive_write_disk *a,
2896 int fd, int mode, const char *name,
2897 time_t atime, long atime_nanos,
2898 time_t birthtime, long birthtime_nanos,
2899 time_t mtime, long mtime_nanos,
2900 time_t cctime, long ctime_nanos)
2902 /* Note: set_time doesn't use libarchive return conventions!
2903 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
2908 * on Tru64 try own fcntl first which can restore even the
2909 * ctime, fall back to default code path below if it fails
2910 * or if we are not running as root
2912 if (a->user_uid == 0 &&
2913 set_time_tru64(fd, mode, name,
2914 atime, atime_nanos, mtime,
2915 mtime_nanos, cctime, ctime_nanos) == 0) {
2916 return (ARCHIVE_OK);
2919 (void)cctime; /* UNUSED */
2920 (void)ctime_nanos; /* UNUSED */
2923 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
2925 * If you have struct stat.st_birthtime, we assume BSD
2926 * birthtime semantics, in which {f,l,}utimes() updates
2927 * birthtime to earliest mtime. So we set the time twice,
2928 * first using the birthtime, then using the mtime. If
2929 * birthtime == mtime, this isn't necessary, so we skip it.
2930 * If birthtime > mtime, then this won't work, so we skip it.
2932 if (birthtime < mtime
2933 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
2934 r1 = set_time(fd, mode, name,
2936 birthtime, birthtime_nanos);
2938 (void)birthtime; /* UNUSED */
2939 (void)birthtime_nanos; /* UNUSED */
2941 r2 = set_time(fd, mode, name,
2943 mtime, mtime_nanos);
2944 if (r1 != 0 || r2 != 0) {
2945 archive_set_error(&a->archive, errno,
2946 "Can't restore time");
2947 return (ARCHIVE_WARN);
2949 return (ARCHIVE_OK);
2953 set_times_from_entry(struct archive_write_disk *a)
2955 time_t atime, birthtime, mtime, cctime;
2956 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
2958 /* Suitable defaults. */
2959 atime = birthtime = mtime = cctime = a->start_time;
2960 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
2962 /* If no time was provided, we're done. */
2963 if (!archive_entry_atime_is_set(a->entry)
2964 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
2965 && !archive_entry_birthtime_is_set(a->entry)
2967 && !archive_entry_mtime_is_set(a->entry))
2968 return (ARCHIVE_OK);
2970 if (archive_entry_atime_is_set(a->entry)) {
2971 atime = archive_entry_atime(a->entry);
2972 atime_nsec = archive_entry_atime_nsec(a->entry);
2974 if (archive_entry_birthtime_is_set(a->entry)) {
2975 birthtime = archive_entry_birthtime(a->entry);
2976 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
2978 if (archive_entry_mtime_is_set(a->entry)) {
2979 mtime = archive_entry_mtime(a->entry);
2980 mtime_nsec = archive_entry_mtime_nsec(a->entry);
2982 if (archive_entry_ctime_is_set(a->entry)) {
2983 cctime = archive_entry_ctime(a->entry);
2984 ctime_nsec = archive_entry_ctime_nsec(a->entry);
2987 return set_times(a, a->fd, a->mode, a->name,
2989 birthtime, birthtime_nsec,
2991 cctime, ctime_nsec);
2995 set_mode(struct archive_write_disk *a, int mode)
2998 mode &= 07777; /* Strip off file type bits. */
3000 if (a->todo & TODO_SGID_CHECK) {
3002 * If we don't know the GID is right, we must stat()
3003 * to verify it. We can't just check the GID of this
3004 * process, since systems sometimes set GID from
3005 * the enclosing dir or based on ACLs.
3007 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3009 if (a->pst->st_gid != a->gid) {
3011 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3013 * This is only an error if you
3014 * requested owner restore. If you
3015 * didn't, we'll try to restore
3016 * sgid/suid, but won't consider it a
3017 * problem if we can't.
3019 archive_set_error(&a->archive, -1,
3020 "Can't restore SGID bit");
3024 /* While we're here, double-check the UID. */
3025 if (a->pst->st_uid != a->uid
3026 && (a->todo & TODO_SUID)) {
3028 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3029 archive_set_error(&a->archive, -1,
3030 "Can't restore SUID bit");
3034 a->todo &= ~TODO_SGID_CHECK;
3035 a->todo &= ~TODO_SUID_CHECK;
3036 } else if (a->todo & TODO_SUID_CHECK) {
3038 * If we don't know the UID is right, we can just check
3039 * the user, since all systems set the file UID from
3042 if (a->user_uid != a->uid) {
3044 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3045 archive_set_error(&a->archive, -1,
3046 "Can't make file SUID");
3050 a->todo &= ~TODO_SUID_CHECK;
3053 if (S_ISLNK(a->mode)) {
3056 * If this is a symlink, use lchmod(). If the
3057 * platform doesn't support lchmod(), just skip it. A
3058 * platform that doesn't provide a way to set
3059 * permissions on symlinks probably ignores
3060 * permissions on symlinks, so a failure here has no
3063 if (lchmod(a->name, mode) != 0) {
3064 archive_set_error(&a->archive, errno,
3065 "Can't set permissions to 0%o", (int)mode);
3069 } else if (!S_ISDIR(a->mode)) {
3071 * If it's not a symlink and not a dir, then use
3072 * fchmod() or chmod(), depending on whether we have
3073 * an fd. Dirs get their perms set during the
3074 * post-extract fixup, which is handled elsewhere.
3078 if (fchmod(a->fd, mode) != 0) {
3079 archive_set_error(&a->archive, errno,
3080 "Can't set permissions to 0%o", (int)mode);
3085 /* If this platform lacks fchmod(), then
3086 * we'll just use chmod(). */
3087 if (chmod(a->name, mode) != 0) {
3088 archive_set_error(&a->archive, errno,
3089 "Can't set permissions to 0%o", (int)mode);
3097 set_fflags(struct archive_write_disk *a)
3099 struct fixup_entry *le;
3100 unsigned long set, clear;
3103 mode_t mode = archive_entry_mode(a->entry);
3106 * Make 'critical_flags' hold all file flags that can't be
3107 * immediately restored. For example, on BSD systems,
3108 * SF_IMMUTABLE prevents hardlinks from being created, so
3109 * should not be set until after any hardlinks are created. To
3110 * preserve some semblance of portability, this uses #ifdef
3111 * extensively. Ugly, but it works.
3113 * Yes, Virginia, this does create a security race. It's mitigated
3114 * somewhat by the practice of creating dirs 0700 until the extract
3115 * is done, but it would be nice if we could do more than that.
3116 * People restoring critical file systems should be wary of
3117 * other programs that might try to muck with files as they're
3120 /* Hopefully, the compiler will optimize this mess into a constant. */
3123 critical_flags |= SF_IMMUTABLE;
3126 critical_flags |= UF_IMMUTABLE;
3129 critical_flags |= SF_APPEND;
3132 critical_flags |= UF_APPEND;
3134 #ifdef EXT2_APPEND_FL
3135 critical_flags |= EXT2_APPEND_FL;
3137 #ifdef EXT2_IMMUTABLE_FL
3138 critical_flags |= EXT2_IMMUTABLE_FL;
3141 if (a->todo & TODO_FFLAGS) {
3142 archive_entry_fflags(a->entry, &set, &clear);
3145 * The first test encourages the compiler to eliminate
3146 * all of this if it's not necessary.
3148 if ((critical_flags != 0) && (set & critical_flags)) {
3149 le = current_fixup(a, a->name);
3151 return (ARCHIVE_FATAL);
3152 le->fixup |= TODO_FFLAGS;
3153 le->fflags_set = set;
3154 /* Store the mode if it's not already there. */
3155 if ((le->fixup & TODO_MODE) == 0)
3158 r = set_fflags_platform(a, a->fd,
3159 a->name, mode, set, clear);
3160 if (r != ARCHIVE_OK)
3164 return (ARCHIVE_OK);
3168 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3170 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3173 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3174 mode_t mode, unsigned long set, unsigned long clear)
3178 (void)mode; /* UNUSED */
3179 if (set == 0 && clear == 0)
3180 return (ARCHIVE_OK);
3183 * XXX Is the stat here really necessary? Or can I just use
3184 * the 'set' flags directly? In particular, I'm not sure
3185 * about the correct approach if we're overwriting an existing
3186 * file that already has flags on it. XXX
3188 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3191 a->st.st_flags &= ~clear;
3192 a->st.st_flags |= set;
3193 #ifdef HAVE_FCHFLAGS
3194 /* If platform has fchflags() and we were given an fd, use it. */
3195 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3196 return (ARCHIVE_OK);
3199 * If we can't use the fd to set the flags, we'll use the
3200 * pathname to set flags. We prefer lchflags() but will use
3201 * chflags() if we must.
3203 #ifdef HAVE_LCHFLAGS
3204 if (lchflags(name, a->st.st_flags) == 0)
3205 return (ARCHIVE_OK);
3206 #elif defined(HAVE_CHFLAGS)
3207 if (S_ISLNK(a->st.st_mode)) {
3208 archive_set_error(&a->archive, errno,
3209 "Can't set file flags on symlink.");
3210 return (ARCHIVE_WARN);
3212 if (chflags(name, a->st.st_flags) == 0)
3213 return (ARCHIVE_OK);
3215 archive_set_error(&a->archive, errno,
3216 "Failed to set file flags");
3217 return (ARCHIVE_WARN);
3220 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
3222 * Linux uses ioctl() to read and write file flags.
3225 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3226 mode_t mode, unsigned long set, unsigned long clear)
3230 int newflags, oldflags;
3233 if (set == 0 && clear == 0)
3234 return (ARCHIVE_OK);
3235 /* Only regular files and dirs can have flags. */
3236 if (!S_ISREG(mode) && !S_ISDIR(mode))
3237 return (ARCHIVE_OK);
3239 /* If we weren't given an fd, open it ourselves. */
3241 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
3242 __archive_ensure_cloexec_flag(myfd);
3245 return (ARCHIVE_OK);
3248 * Linux has no define for the flags that are only settable by
3249 * the root user. This code may seem a little complex, but
3250 * there seem to be some Linux systems that lack these
3251 * defines. (?) The code below degrades reasonably gracefully
3252 * if sf_mask is incomplete.
3254 #ifdef EXT2_IMMUTABLE_FL
3255 sf_mask |= EXT2_IMMUTABLE_FL;
3257 #ifdef EXT2_APPEND_FL
3258 sf_mask |= EXT2_APPEND_FL;
3261 * XXX As above, this would be way simpler if we didn't have
3262 * to read the current flags from disk. XXX
3266 /* Read the current file flags. */
3267 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) < 0)
3270 /* Try setting the flags as given. */
3271 newflags = (oldflags & ~clear) | set;
3272 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3277 /* If we couldn't set all the flags, try again with a subset. */
3278 newflags &= ~sf_mask;
3279 oldflags &= sf_mask;
3280 newflags |= oldflags;
3281 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3284 /* We couldn't set the flags, so report the failure. */
3286 archive_set_error(&a->archive, errno,
3287 "Failed to set file flags");
3298 * Of course, some systems have neither BSD chflags() nor Linux' flags
3299 * support through ioctl().
3302 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3303 mode_t mode, unsigned long set, unsigned long clear)
3305 (void)a; /* UNUSED */
3306 (void)fd; /* UNUSED */
3307 (void)name; /* UNUSED */
3308 (void)mode; /* UNUSED */
3309 (void)set; /* UNUSED */
3310 (void)clear; /* UNUSED */
3311 return (ARCHIVE_OK);
3314 #endif /* __linux */
3316 #ifndef HAVE_COPYFILE_H
3317 /* Default is to simply drop Mac extended metadata. */
3319 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3320 const void *metadata, size_t metadata_size)
3322 (void)a; /* UNUSED */
3323 (void)pathname; /* UNUSED */
3324 (void)metadata; /* UNUSED */
3325 (void)metadata_size; /* UNUSED */
3326 return (ARCHIVE_OK);
3330 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3332 (void)a; /* UNUSED */
3333 (void)pathname; /* UNUSED */
3334 return (ARCHIVE_OK);
3339 * On Mac OS, we use copyfile() to unpack the metadata and
3340 * apply it to the target file.
3343 #if defined(HAVE_SYS_XATTR_H)
3345 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
3348 char *xattr_names = NULL, *xattr_val = NULL;
3349 int ret = ARCHIVE_OK, xattr_i;
3351 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
3352 if (xattr_size == -1) {
3353 archive_set_error(&a->archive, errno,
3354 "Failed to read metadata(xattr)");
3358 xattr_names = malloc(xattr_size);
3359 if (xattr_names == NULL) {
3360 archive_set_error(&a->archive, ENOMEM,
3361 "Can't allocate memory for metadata(xattr)");
3362 ret = ARCHIVE_FATAL;
3365 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
3366 if (xattr_size == -1) {
3367 archive_set_error(&a->archive, errno,
3368 "Failed to read metadata(xattr)");
3372 for (xattr_i = 0; xattr_i < xattr_size;
3373 xattr_i += strlen(xattr_names + xattr_i) + 1) {
3377 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
3379 archive_set_error(&a->archive, errno,
3380 "Failed to get metadata(xattr)");
3384 xattr_val = realloc(xattr_val, s);
3385 if (xattr_val == NULL) {
3386 archive_set_error(&a->archive, ENOMEM,
3387 "Failed to get metadata(xattr)");
3391 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3393 archive_set_error(&a->archive, errno,
3394 "Failed to get metadata(xattr)");
3398 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3400 archive_set_error(&a->archive, errno,
3401 "Failed to get metadata(xattr)");
3414 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
3416 acl_t acl, dfacl = NULL;
3417 int acl_r, ret = ARCHIVE_OK;
3419 acl = acl_get_fd(tmpfd);
3421 if (errno == ENOENT)
3422 /* There are not any ACLs. */
3424 archive_set_error(&a->archive, errno,
3425 "Failed to get metadata(acl)");
3429 dfacl = acl_dup(acl);
3430 acl_r = acl_set_fd(dffd, dfacl);
3432 archive_set_error(&a->archive, errno,
3433 "Failed to get metadata(acl)");
3446 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
3448 struct archive_string tmpdatafork;
3451 archive_string_init(&tmpdatafork);
3452 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
3453 tmpfd = mkstemp(tmpdatafork.s);
3455 archive_set_error(&a->archive, errno,
3456 "Failed to mkstemp");
3457 archive_string_free(&tmpdatafork);
3460 if (copyfile(pathname, tmpdatafork.s, 0,
3461 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3462 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3463 archive_set_error(&a->archive, errno,
3464 "Failed to restore metadata");
3468 unlink(tmpdatafork.s);
3469 archive_string_free(&tmpdatafork);
3474 copy_metadata(struct archive_write_disk *a, const char *metadata,
3475 const char *datafork, int datafork_compressed)
3477 int ret = ARCHIVE_OK;
3479 if (datafork_compressed) {
3482 tmpfd = create_tempdatafork(a, metadata);
3484 return (ARCHIVE_WARN);
3487 * Do not open the data fork compressed by HFS+ compression
3488 * with at least a writing mode(O_RDWR or O_WRONLY). it
3489 * makes the data fork uncompressed.
3491 dffd = open(datafork, 0);
3493 archive_set_error(&a->archive, errno,
3494 "Failed to open the data fork for metadata");
3496 return (ARCHIVE_WARN);
3499 #if defined(HAVE_SYS_XATTR_H)
3500 ret = copy_xattrs(a, tmpfd, dffd);
3501 if (ret == ARCHIVE_OK)
3503 ret = copy_acls(a, tmpfd, dffd);
3507 if (copyfile(metadata, datafork, 0,
3508 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3509 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3510 archive_set_error(&a->archive, errno,
3511 "Failed to restore metadata");
3519 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3520 const void *metadata, size_t metadata_size)
3522 struct archive_string tmp;
3525 int ret = ARCHIVE_OK;
3527 /* This would be simpler if copyfile() could just accept the
3528 * metadata as a block of memory; then we could sidestep this
3529 * silly dance of writing the data to disk just so that
3530 * copyfile() can read it back in again. */
3531 archive_string_init(&tmp);
3532 archive_strcpy(&tmp, pathname);
3533 archive_strcat(&tmp, ".XXXXXX");
3534 fd = mkstemp(tmp.s);
3537 archive_set_error(&a->archive, errno,
3538 "Failed to restore metadata");
3539 archive_string_free(&tmp);
3540 return (ARCHIVE_WARN);
3542 written = write(fd, metadata, metadata_size);
3544 if ((size_t)written != metadata_size) {
3545 archive_set_error(&a->archive, errno,
3546 "Failed to restore metadata");
3551 #if defined(UF_COMPRESSED)
3552 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
3553 (ret = lazy_stat(a)) == ARCHIVE_OK)
3554 compressed = a->st.st_flags & UF_COMPRESSED;
3558 ret = copy_metadata(a, tmp.s, pathname, compressed);
3561 archive_string_free(&tmp);
3566 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3571 struct archive_string datafork;
3572 int fd = -1, ret = ARCHIVE_OK;
3574 archive_string_init(&datafork);
3575 /* Check if the current file name is a type of the resource
3577 p = strrchr(pathname, '/');
3582 if (p[0] != '.' || p[1] != '_')
3583 goto skip_appledouble;
3586 * Check if the data fork file exists.
3588 * TODO: Check if this write disk object has handled it.
3590 archive_strncpy(&datafork, pathname, p - pathname);
3591 archive_strcat(&datafork, p + 2);
3592 if (lstat(datafork.s, &st) == -1 ||
3593 (st.st_mode & AE_IFMT) != AE_IFREG)
3594 goto skip_appledouble;
3597 * Check if the file is in the AppleDouble form.
3599 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
3600 __archive_ensure_cloexec_flag(fd);
3602 archive_set_error(&a->archive, errno,
3603 "Failed to open a restoring file");
3605 goto skip_appledouble;
3607 if (read(fd, buff, 8) == -1) {
3608 archive_set_error(&a->archive, errno,
3609 "Failed to read a restoring file");
3612 goto skip_appledouble;
3615 /* Check AppleDouble Magic Code. */
3616 if (archive_be32dec(buff) != 0x00051607)
3617 goto skip_appledouble;
3618 /* Check AppleDouble Version. */
3619 if (archive_be32dec(buff+4) != 0x00020000)
3620 goto skip_appledouble;
3622 ret = copy_metadata(a, pathname, datafork.s,
3623 #if defined(UF_COMPRESSED)
3624 st.st_flags & UF_COMPRESSED);
3628 if (ret == ARCHIVE_OK) {
3633 archive_string_free(&datafork);
3638 #if HAVE_LSETXATTR || HAVE_LSETEA
3640 * Restore extended attributes - Linux and AIX implementations:
3641 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
3644 set_xattrs(struct archive_write_disk *a)
3646 struct archive_entry *entry = a->entry;
3647 static int warning_done = 0;
3648 int ret = ARCHIVE_OK;
3649 int i = archive_entry_xattr_reset(entry);
3655 archive_entry_xattr_next(entry, &name, &value, &size);
3657 strncmp(name, "xfsroot.", 8) != 0 &&
3658 strncmp(name, "system.", 7) != 0) {
3662 e = fsetxattr(a->fd, name, value, size, 0);
3666 e = fsetea(a->fd, name, value, size, 0);
3671 e = lsetxattr(archive_entry_pathname(entry),
3672 name, value, size, 0);
3674 e = lsetea(archive_entry_pathname(entry),
3675 name, value, size, 0);
3679 if (errno == ENOTSUP || errno == ENOSYS) {
3680 if (!warning_done) {
3682 archive_set_error(&a->archive, errno,
3683 "Cannot restore extended "
3684 "attributes on this file "
3688 archive_set_error(&a->archive, errno,
3689 "Failed to set extended attribute");
3693 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3694 "Invalid extended attribute encountered");
3700 #elif HAVE_EXTATTR_SET_FILE && HAVE_DECL_EXTATTR_NAMESPACE_USER
3702 * Restore extended attributes - FreeBSD implementation
3705 set_xattrs(struct archive_write_disk *a)
3707 struct archive_entry *entry = a->entry;
3708 static int warning_done = 0;
3709 int ret = ARCHIVE_OK;
3710 int i = archive_entry_xattr_reset(entry);
3716 archive_entry_xattr_next(entry, &name, &value, &size);
3721 if (strncmp(name, "user.", 5) == 0) {
3722 /* "user." attributes go to user namespace */
3724 namespace = EXTATTR_NAMESPACE_USER;
3726 /* Warn about other extended attributes. */
3727 archive_set_error(&a->archive,
3728 ARCHIVE_ERRNO_FILE_FORMAT,
3729 "Can't restore extended attribute ``%s''",
3735 #if HAVE_EXTATTR_SET_FD
3737 e = extattr_set_fd(a->fd, namespace, name, value, size);
3740 /* TODO: should we use extattr_set_link() instead? */
3742 e = extattr_set_file(archive_entry_pathname(entry),
3743 namespace, name, value, size);
3745 if (e != (ssize_t)size) {
3746 if (errno == ENOTSUP || errno == ENOSYS) {
3747 if (!warning_done) {
3749 archive_set_error(&a->archive, errno,
3750 "Cannot restore extended "
3751 "attributes on this file "
3755 archive_set_error(&a->archive, errno,
3756 "Failed to set extended attribute");
3767 * Restore extended attributes - stub implementation for unsupported systems
3770 set_xattrs(struct archive_write_disk *a)
3772 static int warning_done = 0;
3774 /* If there aren't any extended attributes, then it's okay not
3775 * to extract them, otherwise, issue a single warning. */
3776 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
3778 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3779 "Cannot restore extended attributes on this system");
3780 return (ARCHIVE_WARN);
3782 /* Warning was already emitted; suppress further warnings. */
3783 return (ARCHIVE_OK);
3788 * Test if file on disk is older than entry.
3791 older(struct stat *st, struct archive_entry *entry)
3793 /* First, test the seconds and return if we have a definite answer. */
3794 /* Definitely older. */
3795 if (st->st_mtime < archive_entry_mtime(entry))
3797 /* Definitely younger. */
3798 if (st->st_mtime > archive_entry_mtime(entry))
3800 /* If this platform supports fractional seconds, try those. */
3801 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
3802 /* Definitely older. */
3803 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
3805 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
3806 /* Definitely older. */
3807 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
3809 #elif HAVE_STRUCT_STAT_ST_MTIME_N
3811 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
3813 #elif HAVE_STRUCT_STAT_ST_UMTIME
3815 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
3817 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
3819 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
3822 /* This system doesn't have high-res timestamps. */
3824 /* Same age or newer, so not older. */
3828 #endif /* !_WIN32 || __CYGWIN__ */