2 * Copyright (c) 2003-2007 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer
10 * in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include "archive_platform.h"
28 __FBSDID("$FreeBSD$");
30 #ifdef HAVE_SYS_TYPES_H
31 #include <sys/types.h>
36 #ifdef HAVE_ATTR_XATTR_H
37 #include <attr/xattr.h>
39 #ifdef HAVE_SYS_IOCTL_H
40 #include <sys/ioctl.h>
42 #ifdef HAVE_SYS_STAT_H
45 #ifdef HAVE_SYS_TIME_H
49 #ifdef HAVE_EXT2FS_EXT2_FS_H
50 #include <ext2fs/ext2_fs.h> /* for Linux file flags */
61 #ifdef HAVE_LINUX_FS_H
62 #include <linux/fs.h> /* for Linux file flags */
64 #ifdef HAVE_LINUX_EXT2_FS_H
65 #include <linux/ext2_fs.h> /* for Linux file flags */
88 #include "archive_string.h"
89 #include "archive_entry.h"
90 #include "archive_private.h"
93 struct fixup_entry *next;
97 unsigned long mtime_nanos;
98 unsigned long atime_nanos;
99 unsigned long fflags_set;
100 int fixup; /* bitmask of what needs fixing */
105 * We use a bitmask to track which operations remain to be done for
106 * this file. In particular, this helps us avoid unnecessary
107 * operations when it's possible to take care of one step as a
108 * side-effect of another. For example, mkdir() can specify the mode
109 * for the newly-created object but symlink() cannot. This means we
110 * can skip chmod() if mkdir() succeeded, but we must explicitly
111 * chmod() if we're trying to create a directory that already exists
112 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
113 * need to verify UID/GID before trying to restore SUID/SGID bits;
114 * that verification can occur explicitly through a stat() call or
115 * implicitly because of a successful chown() call.
117 #define TODO_MODE_FORCE 0x40000000
118 #define TODO_MODE_BASE 0x20000000
119 #define TODO_SUID 0x10000000
120 #define TODO_SUID_CHECK 0x08000000
121 #define TODO_SGID 0x04000000
122 #define TODO_SGID_CHECK 0x02000000
123 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
124 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
125 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
126 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
127 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
128 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
130 struct archive_write_disk {
131 struct archive archive;
134 struct fixup_entry *fixup_list;
135 struct fixup_entry *current_fixup;
140 gid_t (*lookup_gid)(void *private, const char *gname, gid_t gid);
141 void (*cleanup_gid)(void *private);
142 void *lookup_gid_data;
143 uid_t (*lookup_uid)(void *private, const char *gname, gid_t gid);
144 void (*cleanup_uid)(void *private);
145 void *lookup_uid_data;
148 * Full path of last file to satisfy symlink checks.
150 struct archive_string path_safe;
153 * Cached stat data from disk for the current entry.
154 * If this is valid, pst points to st. Otherwise,
160 /* Information about the object being restored right now. */
161 struct archive_entry *entry; /* Entry being extracted. */
162 char *name; /* Name of entry, possibly edited. */
163 struct archive_string _name_data; /* backing store for 'name' */
164 /* Tasks remaining for this object. */
166 /* Tasks deferred until end-of-archive. */
168 /* Options requested by the client. */
170 /* Handle for the file we're restoring. */
172 /* Current offset for writing data to the file. */
174 /* Dir we were in before this restore; only for deep paths. */
176 /* Mode we should use for this entry; affected by _PERM and umask. */
178 /* UID/GID to use in restoring this entry. */
184 * Default mode for dirs created automatically (will be modified by umask).
185 * Note that POSIX specifies 0777 for implicity-created dirs, "modified
186 * by the process' file creation mask."
188 #define DEFAULT_DIR_MODE 0777
190 * Dir modes are restored in two steps: During the extraction, the permissions
191 * in the archive are modified to match the following limits. During
192 * the post-extract fixup pass, the permissions from the archive are
195 #define MINIMUM_DIR_MODE 0700
196 #define MAXIMUM_DIR_MODE 0775
198 static int check_symlinks(struct archive_write_disk *);
199 static int create_filesystem_object(struct archive_write_disk *);
200 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
202 static void edit_deep_directories(struct archive_write_disk *ad);
204 static int cleanup_pathname(struct archive_write_disk *);
205 static int create_dir(struct archive_write_disk *, char *);
206 static int create_parent_dir(struct archive_write_disk *, char *);
207 static int older(struct stat *, struct archive_entry *);
208 static int restore_entry(struct archive_write_disk *);
209 #ifdef HAVE_POSIX_ACL
210 static int set_acl(struct archive_write_disk *, int fd, struct archive_entry *,
211 acl_type_t, int archive_entry_acl_type, const char *tn);
213 static int set_acls(struct archive_write_disk *);
214 static int set_xattrs(struct archive_write_disk *);
215 static int set_fflags(struct archive_write_disk *);
216 static int set_fflags_platform(struct archive_write_disk *, int fd,
217 const char *name, mode_t mode,
218 unsigned long fflags_set, unsigned long fflags_clear);
219 static int set_ownership(struct archive_write_disk *);
220 static int set_mode(struct archive_write_disk *, int mode);
221 static int set_time(struct archive_write_disk *);
222 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
223 static gid_t trivial_lookup_gid(void *, const char *, gid_t);
224 static uid_t trivial_lookup_uid(void *, const char *, uid_t);
227 static struct archive_vtable *archive_write_disk_vtable(void);
229 static int _archive_write_close(struct archive *);
230 static int _archive_write_finish(struct archive *);
231 static int _archive_write_header(struct archive *, struct archive_entry *);
232 static int _archive_write_finish_entry(struct archive *);
233 static ssize_t _archive_write_data(struct archive *, const void *, size_t);
234 static ssize_t _archive_write_data_block(struct archive *, const void *, size_t, off_t);
236 static struct archive_vtable *
237 archive_write_disk_vtable(void)
239 static struct archive_vtable av;
240 static int inited = 0;
243 av.archive_write_close = _archive_write_close;
244 av.archive_write_finish = _archive_write_finish;
245 av.archive_write_header = _archive_write_header;
246 av.archive_write_finish_entry = _archive_write_finish_entry;
247 av.archive_write_data = _archive_write_data;
248 av.archive_write_data_block = _archive_write_data_block;
255 archive_write_disk_set_options(struct archive *_a, int flags)
257 struct archive_write_disk *a = (struct archive_write_disk *)_a;
265 * Extract this entry to disk.
267 * TODO: Validate hardlinks. According to the standards, we're
268 * supposed to check each extracted hardlink and squawk if it refers
269 * to a file that we didn't restore. I'm not entirely convinced this
270 * is a good idea, but more importantly: Is there any way to validate
271 * hardlinks without keeping a complete list of filenames from the
272 * entire archive?? Ugh.
276 _archive_write_header(struct archive *_a, struct archive_entry *entry)
278 struct archive_write_disk *a = (struct archive_write_disk *)_a;
279 struct fixup_entry *fe;
282 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
283 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
284 "archive_write_disk_header");
285 archive_clear_error(&a->archive);
286 if (a->archive.state & ARCHIVE_STATE_DATA) {
287 r = _archive_write_finish_entry(&a->archive);
292 /* Set up for this particular entry. */
294 a->current_fixup = NULL;
297 archive_entry_free(a->entry);
300 a->entry = archive_entry_clone(entry);
303 a->uid = a->user_uid;
304 a->mode = archive_entry_mode(a->entry);
305 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
306 a->name = a->_name_data.s;
307 archive_clear_error(&a->archive);
310 * Clean up the requested path. This is necessary for correct
311 * dir restores; the dir restore logic otherwise gets messed
312 * up by nonsense like "dir/.".
314 ret = cleanup_pathname(a);
315 if (ret != ARCHIVE_OK)
319 * Set the umask to zero so we get predictable mode settings.
320 * This gets done on every call to _write_header in case the
321 * user edits their umask during the extraction for some
322 * reason. This will be reset before we return. Note that we
323 * don't need to do this in _finish_entry, as the chmod(), etc,
324 * system calls don't obey umask.
326 a->user_umask = umask(0);
327 /* From here on, early exit requires "goto done" to clean up. */
329 /* Figure out what we need to do for this entry. */
330 a->todo = TODO_MODE_BASE;
331 if (a->flags & ARCHIVE_EXTRACT_PERM) {
332 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
334 * SGID requires an extra "check" step because we
335 * cannot easily predict the GID that the system will
336 * assign. (Different systems assign GIDs to files
337 * based on a variety of criteria, including process
338 * credentials and the gid of the enclosing
339 * directory.) We can only restore the SGID bit if
340 * the file has the right GID, and we only know the
341 * GID if we either set it (see set_ownership) or if
342 * we've actually called stat() on the file after it
343 * was restored. Since there are several places at
344 * which we might verify the GID, we need a TODO bit
347 if (a->mode & S_ISGID)
348 a->todo |= TODO_SGID | TODO_SGID_CHECK;
350 * Verifying the SUID is simpler, but can still be
351 * done in multiple ways, hence the separate "check" bit.
353 if (a->mode & S_ISUID)
354 a->todo |= TODO_SUID | TODO_SUID_CHECK;
357 * User didn't request full permissions, so don't
358 * restore SUID, SGID bits and obey umask.
363 a->mode &= ~a->user_umask;
365 if (a->flags & ARCHIVE_EXTRACT_OWNER)
366 a->todo |= TODO_OWNER;
367 if (a->flags & ARCHIVE_EXTRACT_TIME)
368 a->todo |= TODO_TIMES;
369 if (a->flags & ARCHIVE_EXTRACT_ACL)
370 a->todo |= TODO_ACLS;
371 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
372 a->todo |= TODO_FFLAGS;
373 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
374 ret = check_symlinks(a);
375 if (ret != ARCHIVE_OK)
379 /* If path exceeds PATH_MAX, shorten the path. */
380 edit_deep_directories(a);
383 ret = restore_entry(a);
386 /* If we changed directory above, restore it here. */
387 if (a->restore_pwd >= 0) {
388 fchdir(a->restore_pwd);
389 close(a->restore_pwd);
395 * Fixup uses the unedited pathname from archive_entry_pathname(),
396 * because it is relative to the base dir and the edited path
397 * might be relative to some intermediate dir as a result of the
398 * deep restore logic.
400 if (a->deferred & TODO_MODE) {
401 fe = current_fixup(a, archive_entry_pathname(entry));
402 fe->fixup |= TODO_MODE_BASE;
406 if (a->deferred & TODO_TIMES) {
407 fe = current_fixup(a, archive_entry_pathname(entry));
408 fe->fixup |= TODO_TIMES;
409 fe->mtime = archive_entry_mtime(entry);
410 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
411 fe->atime = archive_entry_atime(entry);
412 fe->atime_nanos = archive_entry_atime_nsec(entry);
415 if (a->deferred & TODO_FFLAGS) {
416 fe = current_fixup(a, archive_entry_pathname(entry));
417 fe->fixup |= TODO_FFLAGS;
418 /* TODO: Complete this.. defer fflags from below. */
421 /* We've created the object and are ready to pour data into it. */
422 if (ret == ARCHIVE_OK)
423 a->archive.state = ARCHIVE_STATE_DATA;
425 /* Restore the user's umask before returning. */
426 umask(a->user_umask);
432 archive_write_disk_set_skip_file(struct archive *_a, dev_t d, ino_t i)
434 struct archive_write_disk *a = (struct archive_write_disk *)_a;
435 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
436 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
437 a->skip_file_dev = d;
438 a->skip_file_ino = i;
443 _archive_write_data_block(struct archive *_a,
444 const void *buff, size_t size, off_t offset)
446 struct archive_write_disk *a = (struct archive_write_disk *)_a;
447 ssize_t bytes_written = 0;
449 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
450 ARCHIVE_STATE_DATA, "archive_write_disk_block");
452 archive_set_error(&a->archive, 0, "File not open");
453 return (ARCHIVE_WARN);
455 archive_clear_error(&a->archive);
457 /* Seek if necessary to the specified offset. */
458 if (offset != a->offset) {
459 if (lseek(a->fd, offset, SEEK_SET) < 0) {
460 archive_set_error(&a->archive, errno, "Seek failed");
461 return (ARCHIVE_WARN);
466 /* Write the data. */
468 bytes_written = write(a->fd, buff, size);
469 if (bytes_written < 0) {
470 archive_set_error(&a->archive, errno, "Write failed");
471 return (ARCHIVE_WARN);
473 size -= bytes_written;
474 a->offset += bytes_written;
480 _archive_write_data(struct archive *_a, const void *buff, size_t size)
482 struct archive_write_disk *a = (struct archive_write_disk *)_a;
485 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
486 ARCHIVE_STATE_DATA, "archive_write_data");
490 r = _archive_write_data_block(_a, buff, size, a->offset);
497 _archive_write_finish_entry(struct archive *_a)
499 struct archive_write_disk *a = (struct archive_write_disk *)_a;
500 int ret = ARCHIVE_OK;
502 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
503 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
504 "archive_write_finish_entry");
505 if (a->archive.state & ARCHIVE_STATE_HEADER)
507 archive_clear_error(&a->archive);
509 /* Restore metadata. */
512 * Look up the "real" UID only if we're going to need it. We
513 * need this for TODO_SGID because chown() requires both.
515 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
516 a->uid = a->lookup_uid(a->lookup_uid_data,
517 archive_entry_uname(a->entry),
518 archive_entry_uid(a->entry));
520 /* Look up the "real" GID only if we're going to need it. */
521 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
522 a->gid = a->lookup_gid(a->lookup_gid_data,
523 archive_entry_gname(a->entry),
524 archive_entry_gid(a->entry));
527 * If restoring ownership, do it before trying to restore suid/sgid
528 * bits. If we set the owner, we know what it is and can skip
529 * a stat() call to examine the ownership of the file on disk.
531 if (a->todo & TODO_OWNER)
532 ret = set_ownership(a);
533 if (a->todo & TODO_MODE) {
534 int r2 = set_mode(a, a->mode);
535 if (r2 < ret) ret = r2;
537 if (a->todo & TODO_TIMES) {
538 int r2 = set_time(a);
539 if (r2 < ret) ret = r2;
541 if (a->todo & TODO_ACLS) {
542 int r2 = set_acls(a);
543 if (r2 < ret) ret = r2;
545 if (a->todo & TODO_XATTR) {
546 int r2 = set_xattrs(a);
547 if (r2 < ret) ret = r2;
549 if (a->todo & TODO_FFLAGS) {
550 int r2 = set_fflags(a);
551 if (r2 < ret) ret = r2;
554 /* If there's an fd, we can close it now. */
559 /* If there's an entry, we can release it now. */
561 archive_entry_free(a->entry);
564 a->archive.state = ARCHIVE_STATE_HEADER;
569 archive_write_disk_set_group_lookup(struct archive *_a,
571 gid_t (*lookup_gid)(void *private, const char *gname, gid_t gid),
572 void (*cleanup_gid)(void *private))
574 struct archive_write_disk *a = (struct archive_write_disk *)_a;
575 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
576 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
578 a->lookup_gid = lookup_gid;
579 a->cleanup_gid = cleanup_gid;
580 a->lookup_gid_data = private_data;
585 archive_write_disk_set_user_lookup(struct archive *_a,
587 uid_t (*lookup_uid)(void *private, const char *uname, uid_t uid),
588 void (*cleanup_uid)(void *private))
590 struct archive_write_disk *a = (struct archive_write_disk *)_a;
591 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
592 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
594 a->lookup_uid = lookup_uid;
595 a->cleanup_uid = cleanup_uid;
596 a->lookup_uid_data = private_data;
602 * Create a new archive_write_disk object and initialize it with global state.
605 archive_write_disk_new(void)
607 struct archive_write_disk *a;
609 a = (struct archive_write_disk *)malloc(sizeof(*a));
612 memset(a, 0, sizeof(*a));
613 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
614 /* We're ready to write a header immediately. */
615 a->archive.state = ARCHIVE_STATE_HEADER;
616 a->archive.vtable = archive_write_disk_vtable();
617 a->lookup_uid = trivial_lookup_uid;
618 a->lookup_gid = trivial_lookup_gid;
619 a->user_uid = geteuid();
620 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
624 return (&a->archive);
629 * If pathname is longer than PATH_MAX, chdir to a suitable
630 * intermediate dir and edit the path down to a shorter suffix. Note
631 * that this routine never returns an error; if the chdir() attempt
632 * fails for any reason, we just go ahead with the long pathname. The
633 * object creation is likely to fail, but any error will get handled
638 edit_deep_directories(struct archive_write_disk *a)
641 char *tail = a->name;
645 /* If path is short, avoid the open() below. */
646 if (strlen(tail) <= PATH_MAX)
649 /* Try to record our starting dir. */
650 a->restore_pwd = open(".", O_RDONLY);
651 if (a->restore_pwd < 0)
654 /* As long as the path is too long... */
655 while (strlen(tail) > PATH_MAX) {
656 /* Locate a dir prefix shorter than PATH_MAX. */
657 tail += PATH_MAX - 8;
658 while (tail > a->name && *tail != '/')
660 /* Exit if we find a too-long path component. */
663 /* Create the intermediate dir and chdir to it. */
664 *tail = '\0'; /* Terminate dir portion */
665 ret = create_dir(a, a->name);
666 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
668 *tail = '/'; /* Restore the / we removed. */
669 if (ret != ARCHIVE_OK)
672 /* The chdir() succeeded; we've now shortened the path. */
680 * The main restore function.
683 restore_entry(struct archive_write_disk *a)
685 int ret = ARCHIVE_OK, en;
687 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
688 if (unlink(a->name) == 0) {
689 /* We removed it, we're done. */
690 } else if (errno == ENOENT) {
691 /* File didn't exist, that's just as good. */
692 } else if (rmdir(a->name) == 0) {
693 /* It was a dir, but now it's gone. */
695 /* We tried, but couldn't get rid of it. */
696 archive_set_error(&a->archive, errno,
698 return(ARCHIVE_WARN);
702 /* Try creating it first; if this fails, we'll try to recover. */
703 en = create_filesystem_object(a);
705 if ((en == ENOTDIR || en == ENOENT)
706 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
707 /* If the parent dir doesn't exist, try creating it. */
708 create_parent_dir(a, a->name);
709 /* Now try to create the object again. */
710 en = create_filesystem_object(a);
713 if ((en == EISDIR || en == EEXIST)
714 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
715 /* If we're not overwriting, we're done. */
716 archive_set_error(&a->archive, en, "Already exists");
717 return (ARCHIVE_WARN);
721 * Some platforms return EISDIR if you call
722 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
723 * return EEXIST. POSIX is ambiguous, requiring EISDIR
724 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
725 * on an existing item.
728 /* A dir is in the way of a non-dir, rmdir it. */
729 if (rmdir(a->name) != 0) {
730 archive_set_error(&a->archive, errno,
731 "Can't remove already-existing dir");
732 return (ARCHIVE_WARN);
735 en = create_filesystem_object(a);
736 } else if (en == EEXIST) {
738 * We know something is in the way, but we don't know what;
739 * we need to find out before we go any further.
741 if (lstat(a->name, &a->st) != 0) {
742 archive_set_error(&a->archive, errno,
743 "Can't stat existing object");
744 return (ARCHIVE_WARN);
747 /* TODO: if it's a symlink... */
749 if (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER) {
750 if (!older(&(a->st), a->entry)) {
751 archive_set_error(&a->archive, 0,
752 "File on disk is not older; skipping.");
753 return (ARCHIVE_FAILED);
757 /* If it's our archive, we're done. */
758 if (a->skip_file_dev > 0 &&
759 a->skip_file_ino > 0 &&
760 a->st.st_dev == a->skip_file_dev &&
761 a->st.st_ino == a->skip_file_ino) {
762 archive_set_error(&a->archive, 0, "Refusing to overwrite archive");
763 return (ARCHIVE_FAILED);
766 if (!S_ISDIR(a->st.st_mode)) {
767 /* A non-dir is in the way, unlink it. */
768 if (unlink(a->name) != 0) {
769 archive_set_error(&a->archive, errno,
770 "Can't unlink already-existing object");
771 return (ARCHIVE_WARN);
774 en = create_filesystem_object(a);
775 } else if (!S_ISDIR(a->mode)) {
776 /* A dir is in the way of a non-dir, rmdir it. */
777 if (rmdir(a->name) != 0) {
778 archive_set_error(&a->archive, errno,
779 "Can't remove already-existing dir");
780 return (ARCHIVE_WARN);
783 en = create_filesystem_object(a);
786 * There's a dir in the way of a dir. Don't
787 * waste time with rmdir()/mkdir(), just fix
788 * up the permissions on the existing dir.
789 * Note that we don't change perms on existing
790 * dirs unless _EXTRACT_PERM is specified.
792 if ((a->mode != a->st.st_mode)
793 && (a->todo & TODO_MODE_FORCE))
794 a->deferred |= (a->todo & TODO_MODE);
795 /* Ownership doesn't need deferred fixup. */
796 en = 0; /* Forget the EEXIST. */
801 /* Everything failed; give up here. */
802 archive_set_error(&a->archive, en, "Can't create '%s'", a->name);
803 return (ARCHIVE_WARN);
806 a->pst = NULL; /* Cached stat data no longer valid. */
811 * Returns 0 if creation succeeds, or else returns errno value from
812 * the failed system call. Note: This function should only ever perform
813 * a single system call.
816 create_filesystem_object(struct archive_write_disk *a)
818 /* Create the entry. */
819 const char *linkname;
820 mode_t final_mode, mode;
823 /* We identify hard/symlinks according to the link names. */
824 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
825 linkname = archive_entry_hardlink(a->entry);
826 if (linkname != NULL)
827 return link(linkname, a->name) ? errno : 0;
828 linkname = archive_entry_symlink(a->entry);
829 if (linkname != NULL)
830 return symlink(linkname, a->name) ? errno : 0;
833 * The remaining system calls all set permissions, so let's
834 * try to take advantage of that to avoid an extra chmod()
835 * call. (Recall that umask is set to zero right now!)
838 /* Mode we want for the final restored object (w/o file type bits). */
839 final_mode = a->mode & 07777;
841 * The mode that will actually be restored in this step. Note
842 * that SUID, SGID, etc, require additional work to ensure
843 * security, so we never restore them at this point.
845 mode = final_mode & 0777;
847 switch (a->mode & S_IFMT) {
849 /* POSIX requires that we fall through here. */
852 a->fd = open(a->name,
853 O_WRONLY | O_CREAT | O_EXCL, mode);
857 r = mknod(a->name, mode | S_IFCHR,
858 archive_entry_rdev(a->entry));
861 r = mknod(a->name, mode | S_IFBLK,
862 archive_entry_rdev(a->entry));
865 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
866 r = mkdir(a->name, mode);
868 /* Defer setting dir times. */
869 a->deferred |= (a->todo & TODO_TIMES);
870 a->todo &= ~TODO_TIMES;
871 /* Never use an immediate chmod(). */
872 if (mode != final_mode)
873 a->deferred |= (a->todo & TODO_MODE);
874 a->todo &= ~TODO_MODE;
878 r = mkfifo(a->name, mode);
882 /* All the system calls above set errno on failure. */
886 /* If we managed to set the final mode, we've avoided a chmod(). */
887 if (mode == final_mode)
888 a->todo &= ~TODO_MODE;
893 * Cleanup function for archive_extract. Mostly, this involves processing
894 * the fixup list, which is used to address a number of problems:
895 * * Dir permissions might prevent us from restoring a file in that
896 * dir, so we restore the dir with minimum 0700 permissions first,
897 * then correct the mode at the end.
898 * * Similarly, the act of restoring a file touches the directory
899 * and changes the timestamp on the dir, so we have to touch-up dir
900 * timestamps at the end as well.
901 * * Some file flags can interfere with the restore by, for example,
902 * preventing the creation of hardlinks to those files.
904 * Note that tar/cpio do not require that archives be in a particular
905 * order; there is no way to know when the last file has been restored
906 * within a directory, so there's no way to optimize the memory usage
907 * here by fixing up the directory any earlier than the
910 * XXX TODO: Directory ACLs should be restored here, for the same
911 * reason we set directory perms here. XXX
914 _archive_write_close(struct archive *_a)
916 struct archive_write_disk *a = (struct archive_write_disk *)_a;
917 struct fixup_entry *next, *p;
920 __archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
921 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
922 "archive_write_disk_close");
923 ret = _archive_write_finish_entry(&a->archive);
925 /* Sort dir list so directories are fixed up in depth-first order. */
926 p = sort_dir_list(a->fixup_list);
929 a->pst = NULL; /* Mark stat cache as out-of-date. */
930 if (p->fixup & TODO_TIMES) {
932 /* {f,l,}utimes() are preferred, when available. */
933 struct timeval times[2];
934 times[1].tv_sec = p->mtime;
935 times[1].tv_usec = p->mtime_nanos / 1000;
936 times[0].tv_sec = p->atime;
937 times[0].tv_usec = p->atime_nanos / 1000;
939 lutimes(p->name, times);
941 utimes(p->name, times);
944 /* utime() is more portable, but less precise. */
945 struct utimbuf times;
946 times.modtime = p->mtime;
947 times.actime = p->atime;
949 utime(p->name, ×);
952 if (p->fixup & TODO_MODE_BASE)
953 chmod(p->name, p->mode);
955 if (p->fixup & TODO_FFLAGS)
956 set_fflags_platform(a, -1, p->name,
957 p->mode, p->fflags_set, 0);
964 a->fixup_list = NULL;
969 _archive_write_finish(struct archive *_a)
971 struct archive_write_disk *a = (struct archive_write_disk *)_a;
973 ret = _archive_write_close(&a->archive);
974 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
975 (a->cleanup_gid)(a->lookup_gid_data);
976 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
977 (a->cleanup_uid)(a->lookup_uid_data);
978 archive_string_free(&a->_name_data);
979 archive_string_free(&a->archive.error_string);
980 archive_string_free(&a->path_safe);
986 * Simple O(n log n) merge sort to order the fixup list. In
987 * particular, we want to restore dir timestamps depth-first.
989 static struct fixup_entry *
990 sort_dir_list(struct fixup_entry *p)
992 struct fixup_entry *a, *b, *t;
996 /* A one-item list is already sorted. */
1000 /* Step 1: split the list. */
1004 /* Step a twice, t once. */
1010 /* Now, t is at the mid-point, so break the list here. */
1015 /* Step 2: Recursively sort the two sub-lists. */
1016 a = sort_dir_list(a);
1017 b = sort_dir_list(b);
1019 /* Step 3: Merge the returned lists. */
1020 /* Pick the first element for the merged list. */
1021 if (strcmp(a->name, b->name) > 0) {
1029 /* Always put the later element on the list first. */
1030 while (a != NULL && b != NULL) {
1031 if (strcmp(a->name, b->name) > 0) {
1041 /* Only one list is non-empty, so just splice it on. */
1051 * Returns a new, initialized fixup entry.
1053 * TODO: Reduce the memory requirements for this list by using a tree
1054 * structure rather than a simple list of names.
1056 static struct fixup_entry *
1057 new_fixup(struct archive_write_disk *a, const char *pathname)
1059 struct fixup_entry *fe;
1061 fe = (struct fixup_entry *)malloc(sizeof(struct fixup_entry));
1064 fe->next = a->fixup_list;
1067 fe->name = strdup(pathname);
1072 * Returns a fixup structure for the current entry.
1074 static struct fixup_entry *
1075 current_fixup(struct archive_write_disk *a, const char *pathname)
1077 if (a->current_fixup == NULL)
1078 a->current_fixup = new_fixup(a, pathname);
1079 return (a->current_fixup);
1082 /* TODO: Make this work. */
1084 * TODO: The deep-directory support bypasses this; disable deep directory
1085 * support if we're doing symlink checks.
1088 * TODO: Someday, integrate this with the deep dir support; they both
1089 * scan the path and both can be optimized by comparing against other
1093 check_symlinks(struct archive_write_disk *a)
1101 * Gaurd against symlink tricks. Reject any archive entry whose
1102 * destination would be altered by a symlink.
1104 /* Whatever we checked last time doesn't need to be re-checked. */
1107 while ((*pn != '\0') && (*p == *pn))
1110 /* Keep going until we've checked the entire name. */
1111 while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
1112 /* Skip the next path element. */
1113 while (*pn != '\0' && *pn != '/')
1117 /* Check that we haven't hit a symlink. */
1118 r = lstat(a->name, &st);
1120 /* We've hit a dir that doesn't exist; stop now. */
1121 if (errno == ENOENT)
1123 } else if (S_ISLNK(st.st_mode)) {
1126 * Last element is symlink; remove it
1127 * so we can overwrite it with the
1128 * item being extracted.
1130 if (unlink(a->name)) {
1131 archive_set_error(&a->archive, errno,
1132 "Could not remove symlink %s",
1135 return (ARCHIVE_WARN);
1138 * Even if we did remove it, a warning
1139 * is in order. The warning is silly,
1140 * though, if we're just replacing one
1141 * symlink with another symlink.
1143 if (!S_ISLNK(a->mode)) {
1144 archive_set_error(&a->archive, 0,
1145 "Removing symlink %s",
1148 /* Symlink gone. No more problem! */
1151 } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
1152 /* User asked us to remove problems. */
1153 if (unlink(a->name) != 0) {
1154 archive_set_error(&a->archive, 0,
1155 "Cannot remove intervening symlink %s",
1158 return (ARCHIVE_WARN);
1161 archive_set_error(&a->archive, 0,
1162 "Cannot extract through symlink %s",
1165 return (ARCHIVE_WARN);
1170 /* We've checked and/or cleaned the whole path, so remember it. */
1171 archive_strcpy(&a->path_safe, a->name);
1172 return (ARCHIVE_OK);
1176 * Canonicalize the pathname. In particular, this strips duplicate
1177 * '/' characters, '.' elements, and trailing '/'. It also raises an
1178 * error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
1179 * set) any '..' in the path.
1182 cleanup_pathname(struct archive_write_disk *a)
1185 char separator = '\0';
1186 int lastdotdot = 0; /* True if last elt copied was '..' */
1188 dest = src = a->name;
1190 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1191 "Invalid empty pathname");
1192 return (ARCHIVE_WARN);
1195 /* Skip leading '/'. */
1199 /* Scan the pathname one element at a time. */
1201 /* src points to first char after '/' */
1202 if (src[0] == '\0') {
1204 } else if (src[0] == '/') {
1205 /* Found '//', ignore second one. */
1208 } else if (src[0] == '.') {
1209 if (src[1] == '\0') {
1210 /* Ignore trailing '.' */
1212 } else if (src[1] == '/') {
1216 } else if (src[1] == '.') {
1217 if (src[2] == '/' || src[2] == '\0') {
1218 /* Conditionally warn about '..' */
1219 if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
1220 archive_set_error(&a->archive,
1222 "Path contains '..'");
1223 return (ARCHIVE_WARN);
1229 * Note: Under no circumstances do we
1230 * remove '..' elements. In
1231 * particular, restoring
1232 * '/foo/../bar/' should create the
1233 * 'foo' dir as a side-effect.
1240 /* Copy current element, including leading '/'. */
1243 while (*src != '\0' && *src != '/') {
1250 /* Skip '/' separator. */
1254 * We've just copied zero or more path elements, not including the
1258 /* Trailing '..' is always wrong. */
1259 archive_set_error(&a->archive,
1261 "Path contains trailing '..'");
1262 return (ARCHIVE_WARN);
1264 if (dest == a->name) {
1266 * Nothing got copied. The path must have been something
1267 * like '.' or '/' or './' or '/././././/./'.
1274 /* Terminate the result. */
1276 return (ARCHIVE_OK);
1280 * Create the parent directory of the specified path, assuming path
1281 * is already in mutable storage.
1284 create_parent_dir(struct archive_write_disk *a, char *path)
1289 /* Remove tail element to obtain parent name. */
1290 slash = strrchr(path, '/');
1292 return (ARCHIVE_OK);
1294 r = create_dir(a, path);
1300 * Create the specified dir, recursing to create parents as necessary.
1302 * Returns ARCHIVE_OK if the path exists when we're done here.
1303 * Otherwise, returns ARCHIVE_WARN.
1304 * Assumes path is in mutable storage; path is unchanged on exit.
1307 create_dir(struct archive_write_disk *a, char *path)
1310 struct fixup_entry *le;
1312 mode_t mode_final, mode;
1317 /* Check for special names and just skip them. */
1318 slash = strrchr(path, '/');
1324 if (base[0] == '\0' ||
1325 (base[0] == '.' && base[1] == '\0') ||
1326 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
1327 /* Don't bother trying to create null path, '.', or '..'. */
1328 if (slash != NULL) {
1330 r = create_dir(a, path);
1334 return (ARCHIVE_OK);
1338 * Yes, this should be stat() and not lstat(). Using lstat()
1339 * here loses the ability to extract through symlinks. Also note
1340 * that this should not use the a->st cache.
1342 if (stat(path, &st) == 0) {
1343 if (S_ISDIR(st.st_mode))
1344 return (ARCHIVE_OK);
1345 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1346 archive_set_error(&a->archive, EEXIST,
1347 "Can't create directory '%s'", path);
1348 return (ARCHIVE_WARN);
1350 if (unlink(path) != 0) {
1351 archive_set_error(&a->archive, errno,
1352 "Can't create directory '%s': "
1353 "Conflicting file cannot be removed");
1354 return (ARCHIVE_WARN);
1356 } else if (errno != ENOENT && errno != ENOTDIR) {
1358 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
1359 return (ARCHIVE_WARN);
1360 } else if (slash != NULL) {
1362 r = create_dir(a, path);
1364 if (r != ARCHIVE_OK)
1369 * Mode we want for the final restored directory. Per POSIX,
1370 * implicitly-created dirs must be created obeying the umask.
1371 * There's no mention whether this is different for privileged
1372 * restores (which the rest of this code handles by pretending
1373 * umask=0). I've chosen here to always obey the user's umask for
1374 * implicit dirs, even if _EXTRACT_PERM was specified.
1376 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
1377 /* Mode we want on disk during the restore process. */
1379 mode |= MINIMUM_DIR_MODE;
1380 mode &= MAXIMUM_DIR_MODE;
1381 if (mkdir(path, mode) == 0) {
1382 if (mode != mode_final) {
1383 le = new_fixup(a, path);
1384 le->fixup |=TODO_MODE_BASE;
1385 le->mode = mode_final;
1387 return (ARCHIVE_OK);
1391 * Without the following check, a/b/../b/c/d fails at the
1392 * second visit to 'b', so 'd' can't be created. Note that we
1393 * don't add it to the fixup list here, as it's already been
1396 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
1397 return (ARCHIVE_OK);
1399 archive_set_error(&a->archive, errno, "Failed to create dir '%s'", path);
1400 return (ARCHIVE_WARN);
1404 * Note: Although we can skip setting the user id if the desired user
1405 * id matches the current user, we cannot skip setting the group, as
1406 * many systems set the gid bit based on the containing directory. So
1407 * we have to perform a chown syscall if we want to restore the SGID
1408 * bit. (The alternative is to stat() and then possibly chown(); it's
1409 * more efficient to skip the stat() and just always chown().) Note
1410 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
1411 * allows set_mode to skip the stat() check for the GID.
1414 set_ownership(struct archive_write_disk *a)
1416 /* If we know we can't change it, don't bother trying. */
1417 if (a->user_uid != 0 && a->user_uid != a->uid) {
1418 archive_set_error(&a->archive, errno,
1419 "Can't set UID=%d", a->uid);
1420 return (ARCHIVE_WARN);
1424 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0)
1429 if (lchown(a->name, a->uid, a->gid) == 0)
1432 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0)
1436 archive_set_error(&a->archive, errno,
1437 "Can't set user=%d/group=%d for %s", a->uid, a->gid,
1439 return (ARCHIVE_WARN);
1441 a->todo &= ~TODO_OWNER;
1442 /* We know the user/group are correct now. */
1443 a->todo &= ~TODO_SGID_CHECK;
1444 a->todo &= ~TODO_SUID_CHECK;
1445 return (ARCHIVE_OK);
1450 * The utimes()-family functions provide high resolution and
1451 * a way to set time on an fd or a symlink. We prefer them
1452 * when they're available.
1455 set_time(struct archive_write_disk *a)
1457 struct timeval times[2];
1459 times[1].tv_sec = archive_entry_mtime(a->entry);
1460 times[1].tv_usec = archive_entry_mtime_nsec(a->entry) / 1000;
1462 times[0].tv_sec = archive_entry_atime(a->entry);
1463 times[0].tv_usec = archive_entry_atime_nsec(a->entry) / 1000;
1466 if (a->fd >= 0 && futimes(a->fd, times) == 0) {
1467 return (ARCHIVE_OK);
1472 if (lutimes(a->name, times) != 0)
1474 if (!S_ISLNK(a->mode) && utimes(a->name, times) != 0)
1477 archive_set_error(&a->archive, errno, "Can't update time for %s",
1479 return (ARCHIVE_WARN);
1483 * Note: POSIX does not provide a portable way to restore ctime.
1484 * (Apart from resetting the system clock, which is distasteful.)
1485 * So, any restoration of ctime will necessarily be OS-specific.
1488 /* XXX TODO: Can FreeBSD restore ctime? XXX */
1489 return (ARCHIVE_OK);
1491 #elif defined(HAVE_UTIME)
1493 * utime() is an older, more standard interface that we'll use
1494 * if utimes() isn't available.
1497 set_time(struct archive_write_disk *a)
1499 struct utimbuf times;
1501 times.modtime = archive_entry_mtime(a->entry);
1502 times.actime = archive_entry_atime(a->entry);
1503 if (!S_ISLNK(a->mode) && utime(a->name, ×) != 0) {
1504 archive_set_error(&a->archive, errno,
1505 "Can't update time for %s", a->name);
1506 return (ARCHIVE_WARN);
1508 return (ARCHIVE_OK);
1511 /* This platform doesn't give us a way to restore the time. */
1513 set_time(struct archive_write_disk *a)
1515 (void)a; /* UNUSED */
1516 archive_set_error(&a->archive, errno,
1517 "Can't update time for %s", a->name);
1518 return (ARCHIVE_WARN);
1524 set_mode(struct archive_write_disk *a, int mode)
1527 mode &= 07777; /* Strip off file type bits. */
1529 if (a->todo & TODO_SGID_CHECK) {
1531 * If we don't know the GID is right, we must stat()
1532 * to verify it. We can't just check the GID of this
1533 * process, since systems sometimes set GID from
1534 * the enclosing dir or based on ACLs.
1536 if (a->pst != NULL) {
1537 /* Already have stat() data available. */
1539 } else if (fd >= 0 && fstat(fd, &a->st) == 0) {
1542 } else if (stat(a->name, &a->st) == 0) {
1545 archive_set_error(&a->archive, errno,
1546 "Couldn't stat file");
1547 return (ARCHIVE_WARN);
1549 if (a->pst->st_gid != a->gid) {
1551 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
1553 * This is only an error if you
1554 * requested owner restore. If you
1555 * didn't, we'll try to restore
1556 * sgid/suid, but won't consider it a
1557 * problem if we can't.
1559 archive_set_error(&a->archive, -1,
1560 "Can't restore SGID bit");
1564 /* While we're here, double-check the UID. */
1565 if (a->pst->st_uid != a->uid
1566 && (a->todo & TODO_SUID)) {
1568 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
1569 archive_set_error(&a->archive, -1,
1570 "Can't restore SUID bit");
1574 a->todo &= ~TODO_SGID_CHECK;
1575 a->todo &= ~TODO_SUID_CHECK;
1576 } else if (a->todo & TODO_SUID_CHECK) {
1578 * If we don't know the UID is right, we can just check
1579 * the user, since all systems set the file UID from
1582 if (a->user_uid != a->uid) {
1584 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
1585 archive_set_error(&a->archive, -1,
1586 "Can't make file SUID");
1590 a->todo &= ~TODO_SUID_CHECK;
1593 if (S_ISLNK(a->mode)) {
1596 * If this is a symlink, use lchmod(). If the
1597 * platform doesn't support lchmod(), just skip it. A
1598 * platform that doesn't provide a way to set
1599 * permissions on symlinks probably ignores
1600 * permissions on symlinks, so a failure here has no
1603 if (lchmod(a->name, mode) != 0) {
1604 archive_set_error(&a->archive, errno,
1605 "Can't set permissions to 0%o", (int)mode);
1609 } else if (!S_ISDIR(a->mode)) {
1611 * If it's not a symlink and not a dir, then use
1612 * fchmod() or chmod(), depending on whether we have
1613 * an fd. Dirs get their perms set during the
1614 * post-extract fixup, which is handled elsewhere.
1618 if (fchmod(a->fd, mode) != 0) {
1619 archive_set_error(&a->archive, errno,
1620 "Can't set permissions to 0%o", (int)mode);
1625 /* If this platform lacks fchmod(), then
1626 * we'll just use chmod(). */
1627 if (chmod(a->name, mode) != 0) {
1628 archive_set_error(&a->archive, errno,
1629 "Can't set permissions to 0%o", (int)mode);
1637 set_fflags(struct archive_write_disk *a)
1639 struct fixup_entry *le;
1640 unsigned long set, clear;
1643 mode_t mode = archive_entry_mode(a->entry);
1646 * Make 'critical_flags' hold all file flags that can't be
1647 * immediately restored. For example, on BSD systems,
1648 * SF_IMMUTABLE prevents hardlinks from being created, so
1649 * should not be set until after any hardlinks are created. To
1650 * preserve some semblance of portability, this uses #ifdef
1651 * extensively. Ugly, but it works.
1653 * Yes, Virginia, this does create a security race. It's mitigated
1654 * somewhat by the practice of creating dirs 0700 until the extract
1655 * is done, but it would be nice if we could do more than that.
1656 * People restoring critical file systems should be wary of
1657 * other programs that might try to muck with files as they're
1660 /* Hopefully, the compiler will optimize this mess into a constant. */
1663 critical_flags |= SF_IMMUTABLE;
1666 critical_flags |= UF_IMMUTABLE;
1669 critical_flags |= SF_APPEND;
1672 critical_flags |= UF_APPEND;
1674 #ifdef EXT2_APPEND_FL
1675 critical_flags |= EXT2_APPEND_FL;
1677 #ifdef EXT2_IMMUTABLE_FL
1678 critical_flags |= EXT2_IMMUTABLE_FL;
1681 if (a->todo & TODO_FFLAGS) {
1682 archive_entry_fflags(a->entry, &set, &clear);
1685 * The first test encourages the compiler to eliminate
1686 * all of this if it's not necessary.
1688 if ((critical_flags != 0) && (set & critical_flags)) {
1689 le = current_fixup(a, a->name);
1690 le->fixup |= TODO_FFLAGS;
1691 le->fflags_set = set;
1692 /* Store the mode if it's not already there. */
1693 if ((le->fixup & TODO_MODE) == 0)
1696 r = set_fflags_platform(a, a->fd,
1697 a->name, mode, set, clear);
1698 if (r != ARCHIVE_OK)
1702 return (ARCHIVE_OK);
1706 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && !defined(__linux)
1708 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
1709 mode_t mode, unsigned long set, unsigned long clear)
1711 (void)mode; /* UNUSED */
1712 if (set == 0 && clear == 0)
1713 return (ARCHIVE_OK);
1716 * XXX Is the stat here really necessary? Or can I just use
1717 * the 'set' flags directly? In particular, I'm not sure
1718 * about the correct approach if we're overwriting an existing
1719 * file that already has flags on it. XXX
1721 if (fd >= 0 && fstat(fd, &a->st) == 0)
1723 else if (lstat(name, &a->st) == 0)
1726 archive_set_error(&a->archive, errno,
1727 "Couldn't stat file");
1728 return (ARCHIVE_WARN);
1731 a->st.st_flags &= ~clear;
1732 a->st.st_flags |= set;
1733 #ifdef HAVE_FCHFLAGS
1734 /* If platform has fchflags() and we were given an fd, use it. */
1735 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
1736 return (ARCHIVE_OK);
1739 * If we can't use the fd to set the flags, we'll use the
1740 * pathname to set flags. We prefer lchflags() but will use
1741 * chflags() if we must.
1743 #ifdef HAVE_LCHFLAGS
1744 if (lchflags(name, a->st.st_flags) == 0)
1745 return (ARCHIVE_OK);
1746 #elif defined(HAVE_CHFLAGS)
1747 if (S_ISLNK(a->st.st_mode)) {
1748 archive_set_error(&a->archive, errno,
1749 "Can't set file flags on symlink.");
1750 return (ARCHIVE_WARN);
1752 if (chflags(name, a->st.st_flags) == 0)
1753 return (ARCHIVE_OK);
1755 archive_set_error(&a->archive, errno,
1756 "Failed to set file flags");
1757 return (ARCHIVE_WARN);
1760 #elif defined(__linux) && defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS)
1763 * Linux has flags too, but uses ioctl() to access them instead of
1764 * having a separate chflags() system call.
1767 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
1768 mode_t mode, unsigned long set, unsigned long clear)
1772 unsigned long newflags, oldflags;
1773 unsigned long sf_mask = 0;
1775 if (set == 0 && clear == 0)
1776 return (ARCHIVE_OK);
1777 /* Only regular files and dirs can have flags. */
1778 if (!S_ISREG(mode) && !S_ISDIR(mode))
1779 return (ARCHIVE_OK);
1781 /* If we weren't given an fd, open it ourselves. */
1783 myfd = open(name, O_RDONLY|O_NONBLOCK);
1785 return (ARCHIVE_OK);
1788 * Linux has no define for the flags that are only settable by
1789 * the root user. This code may seem a little complex, but
1790 * there seem to be some Linux systems that lack these
1791 * defines. (?) The code below degrades reasonably gracefully
1792 * if sf_mask is incomplete.
1794 #ifdef EXT2_IMMUTABLE_FL
1795 sf_mask |= EXT2_IMMUTABLE_FL;
1797 #ifdef EXT2_APPEND_FL
1798 sf_mask |= EXT2_APPEND_FL;
1801 * XXX As above, this would be way simpler if we didn't have
1802 * to read the current flags from disk. XXX
1805 /* Try setting the flags as given. */
1806 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) >= 0) {
1807 newflags = (oldflags & ~clear) | set;
1808 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
1813 /* If we couldn't set all the flags, try again with a subset. */
1814 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) >= 0) {
1815 newflags &= ~sf_mask;
1816 oldflags &= sf_mask;
1817 newflags |= oldflags;
1818 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
1821 /* We couldn't set the flags, so report the failure. */
1823 archive_set_error(&a->archive, errno,
1824 "Failed to set file flags");
1832 #else /* Not HAVE_CHFLAGS && Not __linux */
1835 * Of course, some systems have neither BSD chflags() nor Linux' flags
1836 * support through ioctl().
1839 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
1840 mode_t mode, unsigned long set, unsigned long clear)
1842 (void)a; /* UNUSED */
1843 (void)fd; /* UNUSED */
1844 (void)name; /* UNUSED */
1845 (void)mode; /* UNUSED */
1846 (void)set; /* UNUSED */
1847 (void)clear; /* UNUSED */
1848 return (ARCHIVE_OK);
1851 #endif /* __linux */
1853 #ifndef HAVE_POSIX_ACL
1854 /* Default empty function body to satisfy mainline code. */
1856 set_acls(struct archive_write_disk *a)
1858 (void)a; /* UNUSED */
1859 return (ARCHIVE_OK);
1865 * XXX TODO: What about ACL types other than ACCESS and DEFAULT?
1868 set_acls(struct archive_write_disk *a)
1872 ret = set_acl(a, a->fd, a->entry, ACL_TYPE_ACCESS,
1873 ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
1874 if (ret != ARCHIVE_OK)
1876 ret = set_acl(a, a->fd, a->entry, ACL_TYPE_DEFAULT,
1877 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
1883 set_acl(struct archive_write_disk *a, int fd, struct archive_entry *entry,
1884 acl_type_t acl_type, int ae_requested_type, const char *tname)
1887 acl_entry_t acl_entry;
1888 acl_permset_t acl_permset;
1890 int ae_type, ae_permset, ae_tag, ae_id;
1893 const char *ae_name;
1898 entries = archive_entry_acl_reset(entry, ae_requested_type);
1900 return (ARCHIVE_OK);
1901 acl = acl_init(entries);
1902 while (archive_entry_acl_next(entry, ae_requested_type, &ae_type,
1903 &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
1904 acl_create_entry(&acl, &acl_entry);
1907 case ARCHIVE_ENTRY_ACL_USER:
1908 acl_set_tag_type(acl_entry, ACL_USER);
1909 ae_uid = a->lookup_uid(a->lookup_uid_data,
1911 acl_set_qualifier(acl_entry, &ae_uid);
1913 case ARCHIVE_ENTRY_ACL_GROUP:
1914 acl_set_tag_type(acl_entry, ACL_GROUP);
1915 ae_gid = a->lookup_gid(a->lookup_gid_data,
1917 acl_set_qualifier(acl_entry, &ae_gid);
1919 case ARCHIVE_ENTRY_ACL_USER_OBJ:
1920 acl_set_tag_type(acl_entry, ACL_USER_OBJ);
1922 case ARCHIVE_ENTRY_ACL_GROUP_OBJ:
1923 acl_set_tag_type(acl_entry, ACL_GROUP_OBJ);
1925 case ARCHIVE_ENTRY_ACL_MASK:
1926 acl_set_tag_type(acl_entry, ACL_MASK);
1928 case ARCHIVE_ENTRY_ACL_OTHER:
1929 acl_set_tag_type(acl_entry, ACL_OTHER);
1936 acl_get_permset(acl_entry, &acl_permset);
1937 acl_clear_perms(acl_permset);
1938 if (ae_permset & ARCHIVE_ENTRY_ACL_EXECUTE)
1939 acl_add_perm(acl_permset, ACL_EXECUTE);
1940 if (ae_permset & ARCHIVE_ENTRY_ACL_WRITE)
1941 acl_add_perm(acl_permset, ACL_WRITE);
1942 if (ae_permset & ARCHIVE_ENTRY_ACL_READ)
1943 acl_add_perm(acl_permset, ACL_READ);
1946 name = archive_entry_pathname(entry);
1948 /* Try restoring the ACL through 'fd' if we can. */
1950 if (fd >= 0 && acl_type == ACL_TYPE_ACCESS && acl_set_fd(fd, acl) == 0)
1954 #if HAVE_ACL_SET_FD_NP
1955 if (fd >= 0 && acl_set_fd_np(fd, acl, acl_type) == 0)
1960 if (acl_set_file(name, acl_type, acl) != 0) {
1961 archive_set_error(&a->archive, errno, "Failed to set %s acl", tname);
1971 * Restore extended attributes - Linux implementation
1974 set_xattrs(struct archive_write_disk *a)
1976 struct archive_entry *entry = a->entry;
1977 static int warning_done = 0;
1978 int ret = ARCHIVE_OK;
1979 int i = archive_entry_xattr_reset(entry);
1985 archive_entry_xattr_next(entry, &name, &value, &size);
1987 strncmp(name, "xfsroot.", 8) != 0 &&
1988 strncmp(name, "system.", 7) != 0) {
1992 e = fsetxattr(a->fd, name, value, size, 0);
1996 e = lsetxattr(archive_entry_pathname(entry),
1997 name, value, size, 0);
2000 if (errno == ENOTSUP) {
2001 if (!warning_done) {
2003 archive_set_error(&a->archive, errno,
2004 "Cannot restore extended "
2005 "attributes on this file "
2009 archive_set_error(&a->archive, errno,
2010 "Failed to set extended attribute");
2014 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2015 "Invalid extended attribute encountered");
2023 * Restore extended attributes - stub implementation for unsupported systems
2026 set_xattrs(struct archive_write_disk *a)
2028 static int warning_done = 0;
2030 /* If there aren't any extended attributes, then it's okay not
2031 * to extract them, otherwise, issue a single warning. */
2032 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
2034 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2035 "Cannot restore extended attributes on this system");
2036 return (ARCHIVE_WARN);
2038 /* Warning was already emitted; suppress further warnings. */
2039 return (ARCHIVE_OK);
2045 * Trivial implementations of gid/uid lookup functions.
2046 * These are normally overridden by the client, but these stub
2047 * versions ensure that we always have something that works.
2050 trivial_lookup_gid(void *private_data, const char *gname, gid_t gid)
2052 (void)private_data; /* UNUSED */
2053 (void)gname; /* UNUSED */
2058 trivial_lookup_uid(void *private_data, const char *uname, uid_t uid)
2060 (void)private_data; /* UNUSED */
2061 (void)uname; /* UNUSED */
2066 * Test if file on disk is older than entry.
2069 older(struct stat *st, struct archive_entry *entry)
2071 /* First, test the seconds and return if we have a definite answer. */
2072 /* Definitely older. */
2073 if (st->st_mtime < archive_entry_mtime(entry))
2075 /* Definitely younger. */
2076 if (st->st_mtime > archive_entry_mtime(entry))
2078 /* If this platform supports fractional seconds, try those. */
2079 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
2080 /* Definitely older. */
2081 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
2083 /* Definitely younger. */
2084 if (st->st_mtimespec.tv_nsec > archive_entry_mtime_nsec(entry))
2086 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
2087 /* Definitely older. */
2088 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
2090 /* Definitely older. */
2091 if (st->st_mtim.tv_nsec > archive_entry_mtime_nsec(entry))
2094 /* This system doesn't have high-res timestamps. */
2096 /* Same age, so not older. */
projects / FreeBSD / FreeBSD.git / blob