2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
31 #if !defined(_WIN32) || defined(__CYGWIN__)
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
42 #if defined(HAVE_SYS_XATTR_H)
43 #include <sys/xattr.h>
44 #elif defined(HAVE_ATTR_XATTR_H)
45 #include <attr/xattr.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
53 #ifdef HAVE_SYS_STAT_H
56 #ifdef HAVE_SYS_TIME_H
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
62 #ifdef HAVE_COPYFILE_H
74 #ifdef HAVE_LANGINFO_H
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
114 #include <TargetConditionals.h>
115 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
116 #include <quarantine.h>
117 #define HAVE_QUARANTINE 1
125 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
126 * standard tag to mark files that have been downloaded as "tainted".
127 * On Mac OS, we should mark the extracted files as tainted if the
128 * archive being read was tainted. Windows has a similar feature; we
129 * should investigate ways to support this generically. */
132 #include "archive_acl_private.h"
133 #include "archive_string.h"
134 #include "archive_endian.h"
135 #include "archive_entry.h"
136 #include "archive_private.h"
137 #include "archive_write_disk_private.h"
146 /* Ignore non-int O_NOFOLLOW constant. */
147 /* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
148 #if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
157 struct fixup_entry *next;
158 struct archive_acl acl;
164 unsigned long atime_nanos;
165 unsigned long birthtime_nanos;
166 unsigned long mtime_nanos;
167 unsigned long ctime_nanos;
168 unsigned long fflags_set;
169 size_t mac_metadata_size;
171 int fixup; /* bitmask of what needs fixing */
176 * We use a bitmask to track which operations remain to be done for
177 * this file. In particular, this helps us avoid unnecessary
178 * operations when it's possible to take care of one step as a
179 * side-effect of another. For example, mkdir() can specify the mode
180 * for the newly-created object but symlink() cannot. This means we
181 * can skip chmod() if mkdir() succeeded, but we must explicitly
182 * chmod() if we're trying to create a directory that already exists
183 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
184 * need to verify UID/GID before trying to restore SUID/SGID bits;
185 * that verification can occur explicitly through a stat() call or
186 * implicitly because of a successful chown() call.
188 #define TODO_MODE_FORCE 0x40000000
189 #define TODO_MODE_BASE 0x20000000
190 #define TODO_SUID 0x10000000
191 #define TODO_SUID_CHECK 0x08000000
192 #define TODO_SGID 0x04000000
193 #define TODO_SGID_CHECK 0x02000000
194 #define TODO_APPLEDOUBLE 0x01000000
195 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
196 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
197 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
198 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
199 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
200 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
201 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
202 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
204 struct archive_write_disk {
205 struct archive archive;
208 struct fixup_entry *fixup_list;
209 struct fixup_entry *current_fixup;
212 int64_t skip_file_dev;
213 int64_t skip_file_ino;
216 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
217 void (*cleanup_gid)(void *private);
218 void *lookup_gid_data;
219 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
220 void (*cleanup_uid)(void *private);
221 void *lookup_uid_data;
224 * Full path of last file to satisfy symlink checks.
226 struct archive_string path_safe;
229 * Cached stat data from disk for the current entry.
230 * If this is valid, pst points to st. Otherwise,
236 /* Information about the object being restored right now. */
237 struct archive_entry *entry; /* Entry being extracted. */
238 char *name; /* Name of entry, possibly edited. */
239 struct archive_string _name_data; /* backing store for 'name' */
240 /* Tasks remaining for this object. */
242 /* Tasks deferred until end-of-archive. */
244 /* Options requested by the client. */
246 /* Handle for the file we're restoring. */
248 /* Current offset for writing data to the file. */
250 /* Last offset actually written to disk. */
252 /* Total bytes actually written to files. */
253 int64_t total_bytes_written;
254 /* Maximum size of file, -1 if unknown. */
256 /* Dir we were in before this restore; only for deep paths. */
258 /* Mode we should use for this entry; affected by _PERM and umask. */
260 /* UID/GID to use in restoring this entry. */
266 /* Xattr "com.apple.decmpfs". */
267 uint32_t decmpfs_attr_size;
268 unsigned char *decmpfs_header_p;
269 /* ResourceFork set options used for fsetxattr. */
270 int rsrc_xattr_options;
271 /* Xattr "com.apple.ResourceFork". */
272 unsigned char *resource_fork;
273 size_t resource_fork_allocated_size;
274 unsigned int decmpfs_block_count;
275 uint32_t *decmpfs_block_info;
276 /* Buffer for compressed data. */
277 unsigned char *compressed_buffer;
278 size_t compressed_buffer_size;
279 size_t compressed_buffer_remaining;
280 /* The offset of the ResourceFork where compressed data will
282 uint32_t compressed_rsrc_position;
283 uint32_t compressed_rsrc_position_v;
284 /* Buffer for uncompressed data. */
285 char *uncompressed_buffer;
286 size_t block_remaining_bytes;
287 size_t file_remaining_bytes;
291 int decmpfs_compression_level;
296 * Default mode for dirs created automatically (will be modified by umask).
297 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
298 * by the process' file creation mask."
300 #define DEFAULT_DIR_MODE 0777
302 * Dir modes are restored in two steps: During the extraction, the permissions
303 * in the archive are modified to match the following limits. During
304 * the post-extract fixup pass, the permissions from the archive are
307 #define MINIMUM_DIR_MODE 0700
308 #define MAXIMUM_DIR_MODE 0775
311 * Maxinum uncompressed size of a decmpfs block.
313 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
315 * HFS+ compression type.
317 #define CMP_XATTR 3/* Compressed data in xattr. */
318 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
320 * HFS+ compression resource fork.
322 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
323 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
324 /* Size to write compressed data to resource fork. */
325 #define COMPRESSED_W_SIZE (64 * 1024)
326 /* decmpfs difinitions. */
327 #define MAX_DECMPFS_XATTR_SIZE 3802
328 #ifndef DECMPFS_XATTR_NAME
329 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
331 #define DECMPFS_MAGIC 0x636d7066
332 #define DECMPFS_COMPRESSION_MAGIC 0
333 #define DECMPFS_COMPRESSION_TYPE 4
334 #define DECMPFS_UNCOMPRESSED_SIZE 8
335 #define DECMPFS_HEADER_SIZE 16
337 #define HFS_BLOCKS(s) ((s) >> 12)
339 static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
340 static int check_symlinks(struct archive_write_disk *);
341 static int create_filesystem_object(struct archive_write_disk *);
342 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
343 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
344 static void edit_deep_directories(struct archive_write_disk *ad);
346 static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
347 static int cleanup_pathname(struct archive_write_disk *);
348 static int create_dir(struct archive_write_disk *, char *);
349 static int create_parent_dir(struct archive_write_disk *, char *);
350 static ssize_t hfs_write_data_block(struct archive_write_disk *,
351 const char *, size_t);
352 static int fixup_appledouble(struct archive_write_disk *, const char *);
353 static int older(struct stat *, struct archive_entry *);
354 static int restore_entry(struct archive_write_disk *);
355 static int set_mac_metadata(struct archive_write_disk *, const char *,
356 const void *, size_t);
357 static int set_xattrs(struct archive_write_disk *);
358 static int set_fflags(struct archive_write_disk *);
359 static int set_fflags_platform(struct archive_write_disk *, int fd,
360 const char *name, mode_t mode,
361 unsigned long fflags_set, unsigned long fflags_clear);
362 static int set_ownership(struct archive_write_disk *);
363 static int set_mode(struct archive_write_disk *, int mode);
364 static int set_time(int, int, const char *, time_t, long, time_t, long);
365 static int set_times(struct archive_write_disk *, int, int, const char *,
366 time_t, long, time_t, long, time_t, long, time_t, long);
367 static int set_times_from_entry(struct archive_write_disk *);
368 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
369 static ssize_t write_data_block(struct archive_write_disk *,
370 const char *, size_t);
372 static struct archive_vtable *archive_write_disk_vtable(void);
374 static int _archive_write_disk_close(struct archive *);
375 static int _archive_write_disk_free(struct archive *);
376 static int _archive_write_disk_header(struct archive *, struct archive_entry *);
377 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
378 static int _archive_write_disk_finish_entry(struct archive *);
379 static ssize_t _archive_write_disk_data(struct archive *, const void *, size_t);
380 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, size_t, int64_t);
383 lazy_stat(struct archive_write_disk *a)
385 if (a->pst != NULL) {
386 /* Already have stat() data available. */
390 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
396 * XXX At this point, symlinks should not be hit, otherwise
397 * XXX a race occurred. Do we want to check explicitly for that?
399 if (lstat(a->name, &a->st) == 0) {
403 archive_set_error(&a->archive, errno, "Couldn't stat file");
404 return (ARCHIVE_WARN);
407 static struct archive_vtable *
408 archive_write_disk_vtable(void)
410 static struct archive_vtable av;
411 static int inited = 0;
414 av.archive_close = _archive_write_disk_close;
415 av.archive_filter_bytes = _archive_write_disk_filter_bytes;
416 av.archive_free = _archive_write_disk_free;
417 av.archive_write_header = _archive_write_disk_header;
418 av.archive_write_finish_entry
419 = _archive_write_disk_finish_entry;
420 av.archive_write_data = _archive_write_disk_data;
421 av.archive_write_data_block = _archive_write_disk_data_block;
428 _archive_write_disk_filter_bytes(struct archive *_a, int n)
430 struct archive_write_disk *a = (struct archive_write_disk *)_a;
431 (void)n; /* UNUSED */
432 if (n == -1 || n == 0)
433 return (a->total_bytes_written);
439 archive_write_disk_set_options(struct archive *_a, int flags)
441 struct archive_write_disk *a = (struct archive_write_disk *)_a;
449 * Extract this entry to disk.
451 * TODO: Validate hardlinks. According to the standards, we're
452 * supposed to check each extracted hardlink and squawk if it refers
453 * to a file that we didn't restore. I'm not entirely convinced this
454 * is a good idea, but more importantly: Is there any way to validate
455 * hardlinks without keeping a complete list of filenames from the
456 * entire archive?? Ugh.
460 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
462 struct archive_write_disk *a = (struct archive_write_disk *)_a;
463 struct fixup_entry *fe;
466 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
467 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
468 "archive_write_disk_header");
469 archive_clear_error(&a->archive);
470 if (a->archive.state & ARCHIVE_STATE_DATA) {
471 r = _archive_write_disk_finish_entry(&a->archive);
472 if (r == ARCHIVE_FATAL)
476 /* Set up for this particular entry. */
478 a->current_fixup = NULL;
481 archive_entry_free(a->entry);
484 a->entry = archive_entry_clone(entry);
489 a->uid = a->user_uid;
490 a->mode = archive_entry_mode(a->entry);
491 if (archive_entry_size_is_set(a->entry))
492 a->filesize = archive_entry_size(a->entry);
495 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
496 a->name = a->_name_data.s;
497 archive_clear_error(&a->archive);
500 * Clean up the requested path. This is necessary for correct
501 * dir restores; the dir restore logic otherwise gets messed
502 * up by nonsense like "dir/.".
504 ret = cleanup_pathname(a);
505 if (ret != ARCHIVE_OK)
509 * Query the umask so we get predictable mode settings.
510 * This gets done on every call to _write_header in case the
511 * user edits their umask during the extraction for some
514 umask(a->user_umask = umask(0));
516 /* Figure out what we need to do for this entry. */
517 a->todo = TODO_MODE_BASE;
518 if (a->flags & ARCHIVE_EXTRACT_PERM) {
519 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
521 * SGID requires an extra "check" step because we
522 * cannot easily predict the GID that the system will
523 * assign. (Different systems assign GIDs to files
524 * based on a variety of criteria, including process
525 * credentials and the gid of the enclosing
526 * directory.) We can only restore the SGID bit if
527 * the file has the right GID, and we only know the
528 * GID if we either set it (see set_ownership) or if
529 * we've actually called stat() on the file after it
530 * was restored. Since there are several places at
531 * which we might verify the GID, we need a TODO bit
534 if (a->mode & S_ISGID)
535 a->todo |= TODO_SGID | TODO_SGID_CHECK;
537 * Verifying the SUID is simpler, but can still be
538 * done in multiple ways, hence the separate "check" bit.
540 if (a->mode & S_ISUID)
541 a->todo |= TODO_SUID | TODO_SUID_CHECK;
544 * User didn't request full permissions, so don't
545 * restore SUID, SGID bits and obey umask.
550 a->mode &= ~a->user_umask;
552 if (a->flags & ARCHIVE_EXTRACT_OWNER)
553 a->todo |= TODO_OWNER;
554 if (a->flags & ARCHIVE_EXTRACT_TIME)
555 a->todo |= TODO_TIMES;
556 if (a->flags & ARCHIVE_EXTRACT_ACL) {
557 if (archive_entry_filetype(a->entry) == AE_IFDIR)
558 a->deferred |= TODO_ACLS;
560 a->todo |= TODO_ACLS;
562 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
563 if (archive_entry_filetype(a->entry) == AE_IFDIR)
564 a->deferred |= TODO_MAC_METADATA;
566 a->todo |= TODO_MAC_METADATA;
568 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
569 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
570 unsigned long set, clear;
571 archive_entry_fflags(a->entry, &set, &clear);
572 if ((set & ~clear) & UF_COMPRESSED) {
573 a->todo |= TODO_HFS_COMPRESSION;
574 a->decmpfs_block_count = (unsigned)-1;
577 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
578 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
579 a->todo |= TODO_HFS_COMPRESSION;
580 a->decmpfs_block_count = (unsigned)-1;
585 /* Check if the current file name is a type of the
586 * resource fork file. */
587 p = strrchr(a->name, '/');
592 if (p[0] == '.' && p[1] == '_') {
593 /* Do not compress "._XXX" files. */
594 a->todo &= ~TODO_HFS_COMPRESSION;
596 a->todo |= TODO_APPLEDOUBLE;
601 if (a->flags & ARCHIVE_EXTRACT_XATTR)
602 a->todo |= TODO_XATTR;
603 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
604 a->todo |= TODO_FFLAGS;
605 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
606 ret = check_symlinks(a);
607 if (ret != ARCHIVE_OK)
610 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
611 /* If path exceeds PATH_MAX, shorten the path. */
612 edit_deep_directories(a);
615 ret = restore_entry(a);
617 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
619 * Check if the filesystem the file is restoring on supports
620 * HFS+ Compression. If not, cancel HFS+ Compression.
622 if (a->todo | TODO_HFS_COMPRESSION) {
624 * NOTE: UF_COMPRESSED is ignored even if the filesystem
625 * supports HFS+ Compression because the file should
626 * have at least an extended attriute "com.apple.decmpfs"
627 * before the flag is set to indicate that the file have
628 * been compressed. If hte filesystem does not support
629 * HFS+ Compression the system call will fail.
631 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
632 a->todo &= ~TODO_HFS_COMPRESSION;
637 * TODO: There are rumours that some extended attributes must
638 * be restored before file data is written. If this is true,
639 * then we either need to write all extended attributes both
640 * before and after restoring the data, or find some rule for
641 * determining which must go first and which last. Due to the
642 * many ways people are using xattrs, this may prove to be an
643 * intractable problem.
647 /* If we changed directory above, restore it here. */
648 if (a->restore_pwd >= 0) {
649 r = fchdir(a->restore_pwd);
651 archive_set_error(&a->archive, errno, "chdir() failure");
654 close(a->restore_pwd);
660 * Fixup uses the unedited pathname from archive_entry_pathname(),
661 * because it is relative to the base dir and the edited path
662 * might be relative to some intermediate dir as a result of the
663 * deep restore logic.
665 if (a->deferred & TODO_MODE) {
666 fe = current_fixup(a, archive_entry_pathname(entry));
668 return (ARCHIVE_FATAL);
669 fe->fixup |= TODO_MODE_BASE;
673 if ((a->deferred & TODO_TIMES)
674 && (archive_entry_mtime_is_set(entry)
675 || archive_entry_atime_is_set(entry))) {
676 fe = current_fixup(a, archive_entry_pathname(entry));
678 return (ARCHIVE_FATAL);
680 fe->fixup |= TODO_TIMES;
681 if (archive_entry_atime_is_set(entry)) {
682 fe->atime = archive_entry_atime(entry);
683 fe->atime_nanos = archive_entry_atime_nsec(entry);
685 /* If atime is unset, use start time. */
686 fe->atime = a->start_time;
689 if (archive_entry_mtime_is_set(entry)) {
690 fe->mtime = archive_entry_mtime(entry);
691 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
693 /* If mtime is unset, use start time. */
694 fe->mtime = a->start_time;
697 if (archive_entry_birthtime_is_set(entry)) {
698 fe->birthtime = archive_entry_birthtime(entry);
699 fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
701 /* If birthtime is unset, use mtime. */
702 fe->birthtime = fe->mtime;
703 fe->birthtime_nanos = fe->mtime_nanos;
707 if (a->deferred & TODO_ACLS) {
708 fe = current_fixup(a, archive_entry_pathname(entry));
710 return (ARCHIVE_FATAL);
711 fe->fixup |= TODO_ACLS;
712 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
715 if (a->deferred & TODO_MAC_METADATA) {
716 const void *metadata;
717 size_t metadata_size;
718 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
719 if (metadata != NULL && metadata_size > 0) {
720 fe = current_fixup(a, archive_entry_pathname(entry));
722 return (ARCHIVE_FATAL);
723 fe->mac_metadata = malloc(metadata_size);
724 if (fe->mac_metadata != NULL) {
725 memcpy(fe->mac_metadata, metadata, metadata_size);
726 fe->mac_metadata_size = metadata_size;
727 fe->fixup |= TODO_MAC_METADATA;
732 if (a->deferred & TODO_FFLAGS) {
733 fe = current_fixup(a, archive_entry_pathname(entry));
735 return (ARCHIVE_FATAL);
736 fe->fixup |= TODO_FFLAGS;
737 /* TODO: Complete this.. defer fflags from below. */
740 /* We've created the object and are ready to pour data into it. */
741 if (ret >= ARCHIVE_WARN)
742 a->archive.state = ARCHIVE_STATE_DATA;
744 * If it's not open, tell our client not to try writing.
745 * In particular, dirs, links, etc, don't get written to.
748 archive_entry_set_size(entry, 0);
756 archive_write_disk_set_skip_file(struct archive *_a, int64_t d, int64_t i)
758 struct archive_write_disk *a = (struct archive_write_disk *)_a;
759 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
760 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
761 a->skip_file_set = 1;
762 a->skip_file_dev = d;
763 a->skip_file_ino = i;
768 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
770 uint64_t start_size = size;
771 ssize_t bytes_written = 0;
772 ssize_t block_size = 0, bytes_to_write;
777 if (a->filesize == 0 || a->fd < 0) {
778 archive_set_error(&a->archive, 0,
779 "Attempt to write to an empty file");
780 return (ARCHIVE_WARN);
783 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
784 #if HAVE_STRUCT_STAT_ST_BLKSIZE
786 if ((r = lazy_stat(a)) != ARCHIVE_OK)
788 block_size = a->pst->st_blksize;
790 /* XXX TODO XXX Is there a more appropriate choice here ? */
791 /* This needn't match the filesystem allocation size. */
792 block_size = 16*1024;
796 /* If this write would run beyond the file size, truncate it. */
797 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
798 start_size = size = (size_t)(a->filesize - a->offset);
800 /* Write the data. */
802 if (block_size == 0) {
803 bytes_to_write = size;
805 /* We're sparsifying the file. */
809 /* Skip leading zero bytes. */
810 for (p = buff, end = buff + size; p < end; ++p) {
814 a->offset += p - buff;
820 /* Calculate next block boundary after offset. */
822 = (a->offset / block_size + 1) * block_size;
824 /* If the adjusted write would cross block boundary,
825 * truncate it to the block boundary. */
826 bytes_to_write = size;
827 if (a->offset + bytes_to_write > block_end)
828 bytes_to_write = block_end - a->offset;
830 /* Seek if necessary to the specified offset. */
831 if (a->offset != a->fd_offset) {
832 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
833 archive_set_error(&a->archive, errno,
835 return (ARCHIVE_FATAL);
837 a->fd_offset = a->offset;
839 bytes_written = write(a->fd, buff, bytes_to_write);
840 if (bytes_written < 0) {
841 archive_set_error(&a->archive, errno, "Write failed");
842 return (ARCHIVE_WARN);
844 buff += bytes_written;
845 size -= bytes_written;
846 a->total_bytes_written += bytes_written;
847 a->offset += bytes_written;
848 a->fd_offset = a->offset;
850 return (start_size - size);
853 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
854 && defined(HAVE_ZLIB_H)
857 * Set UF_COMPRESSED file flag.
858 * This have to be called after hfs_write_decmpfs() because if the
859 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
862 hfs_set_compressed_fflag(struct archive_write_disk *a)
866 if ((r = lazy_stat(a)) != ARCHIVE_OK)
869 a->st.st_flags |= UF_COMPRESSED;
870 if (fchflags(a->fd, a->st.st_flags) != 0) {
871 archive_set_error(&a->archive, errno,
872 "Failed to set UF_COMPRESSED file flag");
873 return (ARCHIVE_WARN);
879 * HFS+ Compression decmpfs
881 * +------------------------------+ +0
882 * | Magic(LE 4 bytes) |
883 * +------------------------------+
884 * | Type(LE 4 bytes) |
885 * +------------------------------+
886 * | Uncompressed size(LE 8 bytes)|
887 * +------------------------------+ +16
889 * | Compressed data |
890 * | (Placed only if Type == 3) |
892 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
894 * Type is 3: decmpfs has compressed data.
895 * Type is 4: Resource Fork has compressed data.
898 * Write "com.apple.decmpfs"
901 hfs_write_decmpfs(struct archive_write_disk *a)
904 uint32_t compression_type;
906 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
907 a->decmpfs_attr_size, 0, 0);
909 archive_set_error(&a->archive, errno,
910 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
911 compression_type = archive_le32dec(
912 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
913 if (compression_type == CMP_RESOURCE_FORK)
914 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
915 XATTR_SHOWCOMPRESSION);
916 return (ARCHIVE_WARN);
922 * HFS+ Compression Resource Fork
924 * +-----------------------------+
925 * | Header(260 bytes) |
926 * +-----------------------------+
927 * | Block count(LE 4 bytes) |
928 * +-----------------------------+ --+
929 * +-- | Offset (LE 4 bytes) | |
930 * | | [distance from Block count] | | Block 0
931 * | +-----------------------------+ |
932 * | | Compressed size(LE 4 bytes) | |
933 * | +-----------------------------+ --+
935 * | | .................. |
937 * | +-----------------------------+ --+
938 * | | Offset (LE 4 bytes) | |
939 * | +-----------------------------+ | Block (Block count -1)
940 * | | Compressed size(LE 4 bytes) | |
941 * +-> +-----------------------------+ --+
942 * | Compressed data(n bytes) | Block 0
943 * +-----------------------------+
945 * | .................. |
947 * +-----------------------------+
948 * | Compressed data(n bytes) | Block (Block count -1)
949 * +-----------------------------+
950 * | Footer(50 bytes) |
951 * +-----------------------------+
955 * Write the header of "com.apple.ResourceFork"
958 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
959 size_t bytes, uint32_t position)
963 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
964 position, a->rsrc_xattr_options);
966 archive_set_error(&a->archive, errno,
967 "Cannot restore xattr: %s at %u pos %u bytes",
968 XATTR_RESOURCEFORK_NAME,
971 return (ARCHIVE_WARN);
973 a->rsrc_xattr_options &= ~XATTR_CREATE;
978 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
982 ret = hfs_write_resource_fork(a, a->compressed_buffer,
983 bytes_compressed, a->compressed_rsrc_position);
984 if (ret == ARCHIVE_OK)
985 a->compressed_rsrc_position += bytes_compressed;
990 hfs_write_resource_fork_header(struct archive_write_disk *a)
994 uint32_t rsrc_header_bytes;
997 * Write resource fork header + block info.
999 buff = a->resource_fork;
1000 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
1002 RSRC_H_SIZE + /* Header base size. */
1003 4 + /* Block count. */
1004 (a->decmpfs_block_count * 8);/* Block info */
1005 archive_be32enc(buff, 0x100);
1006 archive_be32enc(buff + 4, rsrc_bytes);
1007 archive_be32enc(buff + 8, rsrc_bytes - 256);
1008 archive_be32enc(buff + 12, 0x32);
1009 memset(buff + 16, 0, 240);
1010 archive_be32enc(buff + 256, rsrc_bytes - 260);
1011 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1015 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1017 static const char rsrc_footer[RSRC_F_SIZE] = {
1018 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1019 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1020 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1021 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1022 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1023 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1026 if (buff_size < sizeof(rsrc_footer))
1028 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1029 return (sizeof(rsrc_footer));
1033 hfs_reset_compressor(struct archive_write_disk *a)
1037 if (a->stream_valid)
1038 ret = deflateReset(&a->stream);
1040 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1043 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1044 "Failed to initialize compressor");
1045 return (ARCHIVE_FATAL);
1047 a->stream_valid = 1;
1049 return (ARCHIVE_OK);
1053 hfs_decompress(struct archive_write_disk *a)
1055 uint32_t *block_info;
1056 unsigned int block_count;
1057 uint32_t data_pos, data_size;
1059 ssize_t bytes_written, bytes_to_write;
1062 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1063 block_count = archive_le32dec(block_info++);
1064 while (block_count--) {
1065 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1066 data_size = archive_le32dec(block_info++);
1067 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1068 a->compressed_buffer, data_size, data_pos, 0);
1069 if (r != data_size) {
1070 archive_set_error(&a->archive,
1071 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1072 "Failed to read resource fork");
1073 return (ARCHIVE_WARN);
1075 if (a->compressed_buffer[0] == 0xff) {
1076 bytes_to_write = data_size -1;
1077 b = a->compressed_buffer + 1;
1079 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1082 zr = uncompress((Bytef *)a->uncompressed_buffer,
1083 &dest_len, a->compressed_buffer, data_size);
1085 archive_set_error(&a->archive,
1087 "Failed to decompress resource fork");
1088 return (ARCHIVE_WARN);
1090 bytes_to_write = dest_len;
1091 b = (unsigned char *)a->uncompressed_buffer;
1094 bytes_written = write(a->fd, b, bytes_to_write);
1095 if (bytes_written < 0) {
1096 archive_set_error(&a->archive, errno,
1098 return (ARCHIVE_WARN);
1100 bytes_to_write -= bytes_written;
1102 } while (bytes_to_write > 0);
1104 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1106 archive_set_error(&a->archive, errno,
1107 "Failed to remove resource fork");
1108 return (ARCHIVE_WARN);
1110 return (ARCHIVE_OK);
1114 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1117 unsigned char *buffer_compressed;
1118 size_t bytes_compressed;
1122 ret = hfs_reset_compressor(a);
1123 if (ret != ARCHIVE_OK)
1126 if (a->compressed_buffer == NULL) {
1129 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1130 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1131 a->compressed_buffer = malloc(block_size);
1132 if (a->compressed_buffer == NULL) {
1133 archive_set_error(&a->archive, ENOMEM,
1134 "Can't allocate memory for Resource Fork");
1135 return (ARCHIVE_FATAL);
1137 a->compressed_buffer_size = block_size;
1138 a->compressed_buffer_remaining = block_size;
1141 buffer_compressed = a->compressed_buffer +
1142 a->compressed_buffer_size - a->compressed_buffer_remaining;
1143 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1144 a->stream.avail_in = size;
1145 a->stream.next_out = buffer_compressed;
1146 a->stream.avail_out = a->compressed_buffer_remaining;
1148 ret = deflate(&a->stream, Z_FINISH);
1154 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1155 "Failed to compress data");
1156 return (ARCHIVE_FAILED);
1158 } while (ret == Z_OK);
1159 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1162 * If the compressed size is larger than the original size,
1163 * throw away compressed data, use uncompressed data instead.
1165 if (bytes_compressed > size) {
1166 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1167 memcpy(buffer_compressed + 1, buff, size);
1168 bytes_compressed = size + 1;
1170 a->compressed_buffer_remaining -= bytes_compressed;
1173 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1174 * and the block count in the file is only one, store compressed
1175 * data to decmpfs xattr instead of the resource fork.
1177 if (a->decmpfs_block_count == 1 &&
1178 (a->decmpfs_attr_size + bytes_compressed)
1179 <= MAX_DECMPFS_XATTR_SIZE) {
1180 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1182 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1183 buffer_compressed, bytes_compressed);
1184 a->decmpfs_attr_size += bytes_compressed;
1185 a->compressed_buffer_remaining = a->compressed_buffer_size;
1187 * Finish HFS+ Compression.
1188 * - Write the decmpfs xattr.
1189 * - Set the UF_COMPRESSED file flag.
1191 ret = hfs_write_decmpfs(a);
1192 if (ret == ARCHIVE_OK)
1193 ret = hfs_set_compressed_fflag(a);
1197 /* Update block info. */
1198 archive_le32enc(a->decmpfs_block_info++,
1199 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1200 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1201 a->compressed_rsrc_position_v += bytes_compressed;
1204 * Write the compressed data to the resource fork.
1206 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1207 while (bytes_used >= COMPRESSED_W_SIZE) {
1208 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1209 if (ret != ARCHIVE_OK)
1211 bytes_used -= COMPRESSED_W_SIZE;
1212 if (bytes_used > COMPRESSED_W_SIZE)
1213 memmove(a->compressed_buffer,
1214 a->compressed_buffer + COMPRESSED_W_SIZE,
1217 memcpy(a->compressed_buffer,
1218 a->compressed_buffer + COMPRESSED_W_SIZE,
1221 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1224 * If the current block is the last block, write the remaining
1225 * compressed data and the resource fork footer.
1227 if (a->file_remaining_bytes == 0) {
1231 /* Append the resource footer. */
1232 rsrc_size = hfs_set_resource_fork_footer(
1233 a->compressed_buffer + bytes_used,
1234 a->compressed_buffer_remaining);
1235 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1236 a->compressed_buffer_remaining = a->compressed_buffer_size;
1238 /* If the compressed size is not enouph smaller than
1239 * the uncompressed size. cancel HFS+ compression.
1240 * TODO: study a behavior of ditto utility and improve
1241 * the condition to fall back into no HFS+ compression. */
1242 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1244 if (bk > HFS_BLOCKS(a->filesize))
1245 return hfs_decompress(a);
1247 * Write the resourcefork header.
1249 if (ret == ARCHIVE_OK)
1250 ret = hfs_write_resource_fork_header(a);
1252 * Finish HFS+ Compression.
1253 * - Write the decmpfs xattr.
1254 * - Set the UF_COMPRESSED file flag.
1256 if (ret == ARCHIVE_OK)
1257 ret = hfs_write_decmpfs(a);
1258 if (ret == ARCHIVE_OK)
1259 ret = hfs_set_compressed_fflag(a);
1265 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1268 const char *buffer_to_write;
1269 size_t bytes_to_write;
1272 if (a->decmpfs_block_count == (unsigned)-1) {
1275 unsigned int block_count;
1277 if (a->decmpfs_header_p == NULL) {
1278 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1279 + sizeof(uint32_t));
1280 if (new_block == NULL) {
1281 archive_set_error(&a->archive, ENOMEM,
1282 "Can't allocate memory for decmpfs");
1283 return (ARCHIVE_FATAL);
1285 a->decmpfs_header_p = new_block;
1287 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1288 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1290 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1292 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1295 /* Calculate a block count of the file. */
1297 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1298 MAX_DECMPFS_BLOCK_SIZE;
1300 * Allocate buffer for resource fork.
1301 * Set up related pointers;
1304 RSRC_H_SIZE + /* header */
1305 4 + /* Block count */
1306 (block_count * sizeof(uint32_t) * 2) +
1307 RSRC_F_SIZE; /* footer */
1308 if (new_size > a->resource_fork_allocated_size) {
1309 new_block = realloc(a->resource_fork, new_size);
1310 if (new_block == NULL) {
1311 archive_set_error(&a->archive, ENOMEM,
1312 "Can't allocate memory for ResourceFork");
1313 return (ARCHIVE_FATAL);
1315 a->resource_fork_allocated_size = new_size;
1316 a->resource_fork = new_block;
1319 /* Allocate uncompressed buffer */
1320 if (a->uncompressed_buffer == NULL) {
1321 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1322 if (new_block == NULL) {
1323 archive_set_error(&a->archive, ENOMEM,
1324 "Can't allocate memory for decmpfs");
1325 return (ARCHIVE_FATAL);
1327 a->uncompressed_buffer = new_block;
1329 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1330 a->file_remaining_bytes = a->filesize;
1331 a->compressed_buffer_remaining = a->compressed_buffer_size;
1334 * Set up a resource fork.
1336 a->rsrc_xattr_options = XATTR_CREATE;
1337 /* Get the position where we are going to set a bunch
1339 a->decmpfs_block_info =
1340 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1341 /* Set the block count to the resource fork. */
1342 archive_le32enc(a->decmpfs_block_info++, block_count);
1343 /* Get the position where we are goint to set compressed
1345 a->compressed_rsrc_position =
1346 RSRC_H_SIZE + 4 + (block_count * 8);
1347 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1348 a->decmpfs_block_count = block_count;
1351 /* Ignore redundant bytes. */
1352 if (a->file_remaining_bytes == 0)
1353 return ((ssize_t)size);
1355 /* Do not overrun a block size. */
1356 if (size > a->block_remaining_bytes)
1357 bytes_to_write = a->block_remaining_bytes;
1359 bytes_to_write = size;
1360 /* Do not overrun the file size. */
1361 if (bytes_to_write > a->file_remaining_bytes)
1362 bytes_to_write = a->file_remaining_bytes;
1364 /* For efficiency, if a copy length is full of the uncompressed
1365 * buffer size, do not copy writing data to it. */
1366 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1367 buffer_to_write = buff;
1369 memcpy(a->uncompressed_buffer +
1370 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1371 buff, bytes_to_write);
1372 buffer_to_write = a->uncompressed_buffer;
1374 a->block_remaining_bytes -= bytes_to_write;
1375 a->file_remaining_bytes -= bytes_to_write;
1377 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1378 ret = hfs_drive_compressor(a, buffer_to_write,
1379 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1382 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1384 /* Ignore redundant bytes. */
1385 if (a->file_remaining_bytes == 0)
1386 return ((ssize_t)size);
1387 return (bytes_to_write);
1391 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1394 uint64_t start_size = size;
1395 ssize_t bytes_written = 0;
1396 ssize_t bytes_to_write;
1399 return (ARCHIVE_OK);
1401 if (a->filesize == 0 || a->fd < 0) {
1402 archive_set_error(&a->archive, 0,
1403 "Attempt to write to an empty file");
1404 return (ARCHIVE_WARN);
1407 /* If this write would run beyond the file size, truncate it. */
1408 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1409 start_size = size = (size_t)(a->filesize - a->offset);
1411 /* Write the data. */
1413 bytes_to_write = size;
1414 /* Seek if necessary to the specified offset. */
1415 if (a->offset < a->fd_offset) {
1416 /* Can't support backword move. */
1417 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1419 return (ARCHIVE_FATAL);
1420 } else if (a->offset > a->fd_offset) {
1421 int64_t skip = a->offset - a->fd_offset;
1422 char nullblock[1024];
1424 memset(nullblock, 0, sizeof(nullblock));
1426 if (skip > (int64_t)sizeof(nullblock))
1427 bytes_written = hfs_write_decmpfs_block(
1428 a, nullblock, sizeof(nullblock));
1430 bytes_written = hfs_write_decmpfs_block(
1431 a, nullblock, skip);
1432 if (bytes_written < 0) {
1433 archive_set_error(&a->archive, errno,
1435 return (ARCHIVE_WARN);
1437 skip -= bytes_written;
1440 a->fd_offset = a->offset;
1443 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1444 if (bytes_written < 0)
1445 return (bytes_written);
1446 buff += bytes_written;
1447 size -= bytes_written;
1448 a->total_bytes_written += bytes_written;
1449 a->offset += bytes_written;
1450 a->fd_offset = a->offset;
1452 return (start_size - size);
1456 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1459 return (write_data_block(a, buff, size));
1464 _archive_write_disk_data_block(struct archive *_a,
1465 const void *buff, size_t size, int64_t offset)
1467 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1470 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1471 ARCHIVE_STATE_DATA, "archive_write_data_block");
1474 if (a->todo & TODO_HFS_COMPRESSION)
1475 r = hfs_write_data_block(a, buff, size);
1477 r = write_data_block(a, buff, size);
1480 if ((size_t)r < size) {
1481 archive_set_error(&a->archive, 0,
1482 "Write request too large");
1483 return (ARCHIVE_WARN);
1485 return (ARCHIVE_OK);
1489 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1491 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1493 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1494 ARCHIVE_STATE_DATA, "archive_write_data");
1496 if (a->todo & TODO_HFS_COMPRESSION)
1497 return (hfs_write_data_block(a, buff, size));
1498 return (write_data_block(a, buff, size));
1502 _archive_write_disk_finish_entry(struct archive *_a)
1504 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1505 int ret = ARCHIVE_OK;
1507 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1508 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1509 "archive_write_finish_entry");
1510 if (a->archive.state & ARCHIVE_STATE_HEADER)
1511 return (ARCHIVE_OK);
1512 archive_clear_error(&a->archive);
1514 /* Pad or truncate file to the right size. */
1516 /* There's no file. */
1517 } else if (a->filesize < 0) {
1518 /* File size is unknown, so we can't set the size. */
1519 } else if (a->fd_offset == a->filesize) {
1520 /* Last write ended at exactly the filesize; we're done. */
1521 /* Hopefully, this is the common case. */
1522 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1523 } else if (a->todo & TODO_HFS_COMPRESSION) {
1527 if (a->file_remaining_bytes)
1528 memset(null_d, 0, sizeof(null_d));
1529 while (a->file_remaining_bytes) {
1530 if (a->file_remaining_bytes > sizeof(null_d))
1531 r = hfs_write_data_block(
1532 a, null_d, sizeof(null_d));
1534 r = hfs_write_data_block(
1535 a, null_d, a->file_remaining_bytes);
1542 if (ftruncate(a->fd, a->filesize) == -1 &&
1544 archive_set_error(&a->archive, errno,
1545 "File size could not be restored");
1546 return (ARCHIVE_FAILED);
1550 * Not all platforms implement the XSI option to
1551 * extend files via ftruncate. Stat() the file again
1552 * to see what happened.
1555 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1557 /* We can use lseek()/write() to extend the file if
1558 * ftruncate didn't work or isn't available. */
1559 if (a->st.st_size < a->filesize) {
1560 const char nul = '\0';
1561 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1562 archive_set_error(&a->archive, errno,
1564 return (ARCHIVE_FATAL);
1566 if (write(a->fd, &nul, 1) < 0) {
1567 archive_set_error(&a->archive, errno,
1568 "Write to restore size failed");
1569 return (ARCHIVE_FATAL);
1575 /* Restore metadata. */
1578 * This is specific to Mac OS X.
1579 * If the current file is an AppleDouble file, it should be
1580 * linked with the data fork file and remove it.
1582 if (a->todo & TODO_APPLEDOUBLE) {
1583 int r2 = fixup_appledouble(a, a->name);
1584 if (r2 == ARCHIVE_EOF) {
1585 /* The current file has been successfully linked
1586 * with the data fork file and removed. So there
1587 * is nothing to do on the current file. */
1588 goto finish_metadata;
1590 if (r2 < ret) ret = r2;
1594 * Look up the "real" UID only if we're going to need it.
1595 * TODO: the TODO_SGID condition can be dropped here, can't it?
1597 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1598 a->uid = archive_write_disk_uid(&a->archive,
1599 archive_entry_uname(a->entry),
1600 archive_entry_uid(a->entry));
1602 /* Look up the "real" GID only if we're going to need it. */
1603 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1604 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1605 a->gid = archive_write_disk_gid(&a->archive,
1606 archive_entry_gname(a->entry),
1607 archive_entry_gid(a->entry));
1611 * Restore ownership before set_mode tries to restore suid/sgid
1612 * bits. If we set the owner, we know what it is and can skip
1613 * a stat() call to examine the ownership of the file on disk.
1615 if (a->todo & TODO_OWNER) {
1616 int r2 = set_ownership(a);
1617 if (r2 < ret) ret = r2;
1621 * set_mode must precede ACLs on systems such as Solaris and
1622 * FreeBSD where setting the mode implicitly clears extended ACLs
1624 if (a->todo & TODO_MODE) {
1625 int r2 = set_mode(a, a->mode);
1626 if (r2 < ret) ret = r2;
1630 * Security-related extended attributes (such as
1631 * security.capability on Linux) have to be restored last,
1632 * since they're implicitly removed by other file changes.
1634 if (a->todo & TODO_XATTR) {
1635 int r2 = set_xattrs(a);
1636 if (r2 < ret) ret = r2;
1640 * Some flags prevent file modification; they must be restored after
1641 * file contents are written.
1643 if (a->todo & TODO_FFLAGS) {
1644 int r2 = set_fflags(a);
1645 if (r2 < ret) ret = r2;
1649 * Time must follow most other metadata;
1650 * otherwise atime will get changed.
1652 if (a->todo & TODO_TIMES) {
1653 int r2 = set_times_from_entry(a);
1654 if (r2 < ret) ret = r2;
1658 * Mac extended metadata includes ACLs.
1660 if (a->todo & TODO_MAC_METADATA) {
1661 const void *metadata;
1662 size_t metadata_size;
1663 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1664 if (metadata != NULL && metadata_size > 0) {
1665 int r2 = set_mac_metadata(a, archive_entry_pathname(
1666 a->entry), metadata, metadata_size);
1667 if (r2 < ret) ret = r2;
1672 * ACLs must be restored after timestamps because there are
1673 * ACLs that prevent attribute changes (including time).
1675 if (a->todo & TODO_ACLS) {
1676 int r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1677 archive_entry_pathname(a->entry),
1678 archive_entry_acl(a->entry));
1679 if (r2 < ret) ret = r2;
1683 /* If there's an fd, we can close it now. */
1688 /* If there's an entry, we can release it now. */
1690 archive_entry_free(a->entry);
1693 a->archive.state = ARCHIVE_STATE_HEADER;
1698 archive_write_disk_set_group_lookup(struct archive *_a,
1700 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid),
1701 void (*cleanup_gid)(void *private))
1703 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1704 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1705 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1707 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1708 (a->cleanup_gid)(a->lookup_gid_data);
1710 a->lookup_gid = lookup_gid;
1711 a->cleanup_gid = cleanup_gid;
1712 a->lookup_gid_data = private_data;
1713 return (ARCHIVE_OK);
1717 archive_write_disk_set_user_lookup(struct archive *_a,
1719 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1720 void (*cleanup_uid)(void *private))
1722 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1723 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1724 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1726 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1727 (a->cleanup_uid)(a->lookup_uid_data);
1729 a->lookup_uid = lookup_uid;
1730 a->cleanup_uid = cleanup_uid;
1731 a->lookup_uid_data = private_data;
1732 return (ARCHIVE_OK);
1736 archive_write_disk_gid(struct archive *_a, const char *name, int64_t id)
1738 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1739 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1740 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1742 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1747 archive_write_disk_uid(struct archive *_a, const char *name, int64_t id)
1749 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1750 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1751 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1753 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1758 * Create a new archive_write_disk object and initialize it with global state.
1761 archive_write_disk_new(void)
1763 struct archive_write_disk *a;
1765 a = (struct archive_write_disk *)malloc(sizeof(*a));
1768 memset(a, 0, sizeof(*a));
1769 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1770 /* We're ready to write a header immediately. */
1771 a->archive.state = ARCHIVE_STATE_HEADER;
1772 a->archive.vtable = archive_write_disk_vtable();
1773 a->start_time = time(NULL);
1774 /* Query and restore the umask. */
1775 umask(a->user_umask = umask(0));
1777 a->user_uid = geteuid();
1778 #endif /* HAVE_GETEUID */
1779 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1784 a->decmpfs_compression_level = 5;
1786 return (&a->archive);
1791 * If pathname is longer than PATH_MAX, chdir to a suitable
1792 * intermediate dir and edit the path down to a shorter suffix. Note
1793 * that this routine never returns an error; if the chdir() attempt
1794 * fails for any reason, we just go ahead with the long pathname. The
1795 * object creation is likely to fail, but any error will get handled
1798 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
1800 edit_deep_directories(struct archive_write_disk *a)
1803 char *tail = a->name;
1805 /* If path is short, avoid the open() below. */
1806 if (strlen(tail) < PATH_MAX)
1809 /* Try to record our starting dir. */
1810 a->restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
1811 __archive_ensure_cloexec_flag(a->restore_pwd);
1812 if (a->restore_pwd < 0)
1815 /* As long as the path is too long... */
1816 while (strlen(tail) >= PATH_MAX) {
1817 /* Locate a dir prefix shorter than PATH_MAX. */
1818 tail += PATH_MAX - 8;
1819 while (tail > a->name && *tail != '/')
1821 /* Exit if we find a too-long path component. */
1822 if (tail <= a->name)
1824 /* Create the intermediate dir and chdir to it. */
1825 *tail = '\0'; /* Terminate dir portion */
1826 ret = create_dir(a, a->name);
1827 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
1828 ret = ARCHIVE_FAILED;
1829 *tail = '/'; /* Restore the / we removed. */
1830 if (ret != ARCHIVE_OK)
1833 /* The chdir() succeeded; we've now shortened the path. */
1841 * The main restore function.
1844 restore_entry(struct archive_write_disk *a)
1846 int ret = ARCHIVE_OK, en;
1848 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
1850 * TODO: Fix this. Apparently, there are platforms
1851 * that still allow root to hose the entire filesystem
1852 * by unlinking a dir. The S_ISDIR() test above
1853 * prevents us from using unlink() here if the new
1854 * object is a dir, but that doesn't mean the old
1855 * object isn't a dir.
1857 if (unlink(a->name) == 0) {
1858 /* We removed it, reset cached stat. */
1860 } else if (errno == ENOENT) {
1861 /* File didn't exist, that's just as good. */
1862 } else if (rmdir(a->name) == 0) {
1863 /* It was a dir, but now it's gone. */
1866 /* We tried, but couldn't get rid of it. */
1867 archive_set_error(&a->archive, errno,
1868 "Could not unlink");
1869 return(ARCHIVE_FAILED);
1873 /* Try creating it first; if this fails, we'll try to recover. */
1874 en = create_filesystem_object(a);
1876 if ((en == ENOTDIR || en == ENOENT)
1877 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
1878 /* If the parent dir doesn't exist, try creating it. */
1879 create_parent_dir(a, a->name);
1880 /* Now try to create the object again. */
1881 en = create_filesystem_object(a);
1884 if ((en == EISDIR || en == EEXIST)
1885 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1886 /* If we're not overwriting, we're done. */
1887 archive_entry_unset_size(a->entry);
1888 return (ARCHIVE_OK);
1892 * Some platforms return EISDIR if you call
1893 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
1894 * return EEXIST. POSIX is ambiguous, requiring EISDIR
1895 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
1896 * on an existing item.
1899 /* A dir is in the way of a non-dir, rmdir it. */
1900 if (rmdir(a->name) != 0) {
1901 archive_set_error(&a->archive, errno,
1902 "Can't remove already-existing dir");
1903 return (ARCHIVE_FAILED);
1907 en = create_filesystem_object(a);
1908 } else if (en == EEXIST) {
1910 * We know something is in the way, but we don't know what;
1911 * we need to find out before we go any further.
1915 * The SECURE_SYMLINKS logic has already removed a
1916 * symlink to a dir if the client wants that. So
1917 * follow the symlink if we're creating a dir.
1919 if (S_ISDIR(a->mode))
1920 r = stat(a->name, &a->st);
1922 * If it's not a dir (or it's a broken symlink),
1923 * then don't follow it.
1925 if (r != 0 || !S_ISDIR(a->mode))
1926 r = lstat(a->name, &a->st);
1928 archive_set_error(&a->archive, errno,
1929 "Can't stat existing object");
1930 return (ARCHIVE_FAILED);
1934 * NO_OVERWRITE_NEWER doesn't apply to directories.
1936 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
1937 && !S_ISDIR(a->st.st_mode)) {
1938 if (!older(&(a->st), a->entry)) {
1939 archive_entry_unset_size(a->entry);
1940 return (ARCHIVE_OK);
1944 /* If it's our archive, we're done. */
1945 if (a->skip_file_set &&
1946 a->st.st_dev == (dev_t)a->skip_file_dev &&
1947 a->st.st_ino == (ino_t)a->skip_file_ino) {
1948 archive_set_error(&a->archive, 0,
1949 "Refusing to overwrite archive");
1950 return (ARCHIVE_FAILED);
1953 if (!S_ISDIR(a->st.st_mode)) {
1954 /* A non-dir is in the way, unlink it. */
1955 if (unlink(a->name) != 0) {
1956 archive_set_error(&a->archive, errno,
1957 "Can't unlink already-existing object");
1958 return (ARCHIVE_FAILED);
1962 en = create_filesystem_object(a);
1963 } else if (!S_ISDIR(a->mode)) {
1964 /* A dir is in the way of a non-dir, rmdir it. */
1965 if (rmdir(a->name) != 0) {
1966 archive_set_error(&a->archive, errno,
1967 "Can't replace existing directory with non-directory");
1968 return (ARCHIVE_FAILED);
1971 en = create_filesystem_object(a);
1974 * There's a dir in the way of a dir. Don't
1975 * waste time with rmdir()/mkdir(), just fix
1976 * up the permissions on the existing dir.
1977 * Note that we don't change perms on existing
1978 * dirs unless _EXTRACT_PERM is specified.
1980 if ((a->mode != a->st.st_mode)
1981 && (a->todo & TODO_MODE_FORCE))
1982 a->deferred |= (a->todo & TODO_MODE);
1983 /* Ownership doesn't need deferred fixup. */
1984 en = 0; /* Forget the EEXIST. */
1989 /* Everything failed; give up here. */
1990 archive_set_error(&a->archive, en, "Can't create '%s'",
1992 return (ARCHIVE_FAILED);
1995 a->pst = NULL; /* Cached stat data no longer valid. */
2000 * Returns 0 if creation succeeds, or else returns errno value from
2001 * the failed system call. Note: This function should only ever perform
2002 * a single system call.
2005 create_filesystem_object(struct archive_write_disk *a)
2007 /* Create the entry. */
2008 const char *linkname;
2009 mode_t final_mode, mode;
2011 /* these for check_symlinks_fsobj */
2012 char *linkname_copy; /* non-const copy of linkname */
2013 struct archive_string error_string;
2016 /* We identify hard/symlinks according to the link names. */
2017 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2018 linkname = archive_entry_hardlink(a->entry);
2019 if (linkname != NULL) {
2023 archive_string_init(&error_string);
2024 linkname_copy = strdup(linkname);
2025 if (linkname_copy == NULL) {
2028 /* TODO: consider using the cleaned-up path as the link target? */
2029 r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
2030 if (r != ARCHIVE_OK) {
2031 archive_set_error(&a->archive, error_number, "%s", error_string.s);
2032 free(linkname_copy);
2033 /* EPERM is more appropriate than error_number for our callers */
2036 r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
2037 if (r != ARCHIVE_OK) {
2038 archive_set_error(&a->archive, error_number, "%s", error_string.s);
2039 free(linkname_copy);
2040 /* EPERM is more appropriate than error_number for our callers */
2043 free(linkname_copy);
2044 r = link(linkname, a->name) ? errno : 0;
2046 * New cpio and pax formats allow hardlink entries
2047 * to carry data, so we may have to open the file
2048 * for hardlink entries.
2050 * If the hardlink was successfully created and
2051 * the archive doesn't have carry data for it,
2052 * consider it to be non-authoritative for meta data.
2053 * This is consistent with GNU tar and BSD pax.
2054 * If the hardlink does carry data, let the last
2055 * archive entry decide ownership.
2057 if (r == 0 && a->filesize <= 0) {
2060 } else if (r == 0 && a->filesize > 0) {
2061 a->fd = open(a->name,
2062 O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC | O_NOFOLLOW);
2063 __archive_ensure_cloexec_flag(a->fd);
2070 linkname = archive_entry_symlink(a->entry);
2071 if (linkname != NULL) {
2073 return symlink(linkname, a->name) ? errno : 0;
2080 * The remaining system calls all set permissions, so let's
2081 * try to take advantage of that to avoid an extra chmod()
2082 * call. (Recall that umask is set to zero right now!)
2085 /* Mode we want for the final restored object (w/o file type bits). */
2086 final_mode = a->mode & 07777;
2088 * The mode that will actually be restored in this step. Note
2089 * that SUID, SGID, etc, require additional work to ensure
2090 * security, so we never restore them at this point.
2092 mode = final_mode & 0777 & ~a->user_umask;
2094 switch (a->mode & AE_IFMT) {
2096 /* POSIX requires that we fall through here. */
2099 a->fd = open(a->name,
2100 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2101 __archive_ensure_cloexec_flag(a->fd);
2106 /* Note: we use AE_IFCHR for the case label, and
2107 * S_IFCHR for the mknod() call. This is correct. */
2108 r = mknod(a->name, mode | S_IFCHR,
2109 archive_entry_rdev(a->entry));
2112 /* TODO: Find a better way to warn about our inability
2113 * to restore a char device node. */
2115 #endif /* HAVE_MKNOD */
2118 r = mknod(a->name, mode | S_IFBLK,
2119 archive_entry_rdev(a->entry));
2122 /* TODO: Find a better way to warn about our inability
2123 * to restore a block device node. */
2125 #endif /* HAVE_MKNOD */
2127 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2128 r = mkdir(a->name, mode);
2130 /* Defer setting dir times. */
2131 a->deferred |= (a->todo & TODO_TIMES);
2132 a->todo &= ~TODO_TIMES;
2133 /* Never use an immediate chmod(). */
2134 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2135 * because of SysV SGID inheritance. */
2136 if ((mode != final_mode)
2137 || (a->flags & ARCHIVE_EXTRACT_PERM))
2138 a->deferred |= (a->todo & TODO_MODE);
2139 a->todo &= ~TODO_MODE;
2144 r = mkfifo(a->name, mode);
2147 /* TODO: Find a better way to warn about our inability
2148 * to restore a fifo. */
2150 #endif /* HAVE_MKFIFO */
2153 /* All the system calls above set errno on failure. */
2157 /* If we managed to set the final mode, we've avoided a chmod(). */
2158 if (mode == final_mode)
2159 a->todo &= ~TODO_MODE;
2164 * Cleanup function for archive_extract. Mostly, this involves processing
2165 * the fixup list, which is used to address a number of problems:
2166 * * Dir permissions might prevent us from restoring a file in that
2167 * dir, so we restore the dir with minimum 0700 permissions first,
2168 * then correct the mode at the end.
2169 * * Similarly, the act of restoring a file touches the directory
2170 * and changes the timestamp on the dir, so we have to touch-up dir
2171 * timestamps at the end as well.
2172 * * Some file flags can interfere with the restore by, for example,
2173 * preventing the creation of hardlinks to those files.
2174 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2176 * Note that tar/cpio do not require that archives be in a particular
2177 * order; there is no way to know when the last file has been restored
2178 * within a directory, so there's no way to optimize the memory usage
2179 * here by fixing up the directory any earlier than the
2182 * XXX TODO: Directory ACLs should be restored here, for the same
2183 * reason we set directory perms here. XXX
2186 _archive_write_disk_close(struct archive *_a)
2188 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2189 struct fixup_entry *next, *p;
2192 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2193 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2194 "archive_write_disk_close");
2195 ret = _archive_write_disk_finish_entry(&a->archive);
2197 /* Sort dir list so directories are fixed up in depth-first order. */
2198 p = sort_dir_list(a->fixup_list);
2201 a->pst = NULL; /* Mark stat cache as out-of-date. */
2202 if (p->fixup & TODO_TIMES) {
2203 set_times(a, -1, p->mode, p->name,
2204 p->atime, p->atime_nanos,
2205 p->birthtime, p->birthtime_nanos,
2206 p->mtime, p->mtime_nanos,
2207 p->ctime, p->ctime_nanos);
2209 if (p->fixup & TODO_MODE_BASE)
2210 chmod(p->name, p->mode);
2211 if (p->fixup & TODO_ACLS)
2212 archive_write_disk_set_acls(&a->archive,
2213 -1, p->name, &p->acl);
2214 if (p->fixup & TODO_FFLAGS)
2215 set_fflags_platform(a, -1, p->name,
2216 p->mode, p->fflags_set, 0);
2217 if (p->fixup & TODO_MAC_METADATA)
2218 set_mac_metadata(a, p->name, p->mac_metadata,
2219 p->mac_metadata_size);
2221 archive_acl_clear(&p->acl);
2222 free(p->mac_metadata);
2227 a->fixup_list = NULL;
2232 _archive_write_disk_free(struct archive *_a)
2234 struct archive_write_disk *a;
2237 return (ARCHIVE_OK);
2238 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2239 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2240 a = (struct archive_write_disk *)_a;
2241 ret = _archive_write_disk_close(&a->archive);
2242 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2243 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2245 archive_entry_free(a->entry);
2246 archive_string_free(&a->_name_data);
2247 archive_string_free(&a->archive.error_string);
2248 archive_string_free(&a->path_safe);
2249 a->archive.magic = 0;
2250 __archive_clean(&a->archive);
2251 free(a->decmpfs_header_p);
2252 free(a->resource_fork);
2253 free(a->compressed_buffer);
2254 free(a->uncompressed_buffer);
2256 if (a->stream_valid) {
2257 switch (deflateEnd(&a->stream)) {
2261 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2262 "Failed to clean up compressor");
2263 ret = ARCHIVE_FATAL;
2273 * Simple O(n log n) merge sort to order the fixup list. In
2274 * particular, we want to restore dir timestamps depth-first.
2276 static struct fixup_entry *
2277 sort_dir_list(struct fixup_entry *p)
2279 struct fixup_entry *a, *b, *t;
2283 /* A one-item list is already sorted. */
2284 if (p->next == NULL)
2287 /* Step 1: split the list. */
2291 /* Step a twice, t once. */
2297 /* Now, t is at the mid-point, so break the list here. */
2302 /* Step 2: Recursively sort the two sub-lists. */
2303 a = sort_dir_list(a);
2304 b = sort_dir_list(b);
2306 /* Step 3: Merge the returned lists. */
2307 /* Pick the first element for the merged list. */
2308 if (strcmp(a->name, b->name) > 0) {
2316 /* Always put the later element on the list first. */
2317 while (a != NULL && b != NULL) {
2318 if (strcmp(a->name, b->name) > 0) {
2328 /* Only one list is non-empty, so just splice it on. */
2338 * Returns a new, initialized fixup entry.
2340 * TODO: Reduce the memory requirements for this list by using a tree
2341 * structure rather than a simple list of names.
2343 static struct fixup_entry *
2344 new_fixup(struct archive_write_disk *a, const char *pathname)
2346 struct fixup_entry *fe;
2348 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2350 archive_set_error(&a->archive, ENOMEM,
2351 "Can't allocate memory for a fixup");
2354 fe->next = a->fixup_list;
2357 fe->name = strdup(pathname);
2362 * Returns a fixup structure for the current entry.
2364 static struct fixup_entry *
2365 current_fixup(struct archive_write_disk *a, const char *pathname)
2367 if (a->current_fixup == NULL)
2368 a->current_fixup = new_fixup(a, pathname);
2369 return (a->current_fixup);
2373 * TODO: Someday, integrate this with the deep dir support; they both
2374 * scan the path and both can be optimized by comparing against other
2377 /* TODO: Extend this to support symlinks on Windows Vista and later. */
2380 * Checks the given path to see if any elements along it are symlinks. Returns
2381 * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
2384 check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
2386 #if !defined(HAVE_LSTAT)
2387 /* Platform doesn't have lstat, so we can't look for symlinks. */
2388 (void)path; /* UNUSED */
2389 (void)error_number; /* UNUSED */
2390 (void)error_string; /* UNUSED */
2391 (void)flags; /* UNUSED */
2392 return (ARCHIVE_OK);
2394 int res = ARCHIVE_OK;
2403 /* Nothing to do here if name is empty */
2405 return (ARCHIVE_OK);
2408 * Guard against symlink tricks. Reject any archive entry whose
2409 * destination would be altered by a symlink.
2411 * Walk the filename in chunks separated by '/'. For each segment:
2412 * - if it doesn't exist, continue
2413 * - if it's symlink, abort or remove it
2414 * - if it's a directory and it's not the last chunk, cd into it
2416 * head points to the current (relative) path
2417 * tail points to the temporary \0 terminating the segment we're currently examining
2418 * c holds what used to be in *tail
2419 * last is 1 if this is the last tail
2421 restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
2422 __archive_ensure_cloexec_flag(restore_pwd);
2423 if (restore_pwd < 0)
2424 return (ARCHIVE_FATAL);
2428 /* TODO: reintroduce a safe cache here? */
2429 /* Skip the root directory if the path is absolute. */
2430 if(tail == path && tail[0] == '/')
2432 /* Keep going until we've checked the entire name.
2433 * head, tail, path all alias the same string, which is
2434 * temporarily zeroed at tail, so be careful restoring the
2435 * stashed (c=tail[0]) for error messages.
2436 * Exiting the loop with break is okay; continue is not.
2439 /* Skip the separator we just consumed, plus any adjacent ones */
2440 while (*tail == '/')
2442 /* Skip the next path element. */
2443 while (*tail != '\0' && *tail != '/')
2445 /* is this the last path component? */
2446 last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
2447 /* temporarily truncate the string here */
2450 /* Check that we haven't hit a symlink. */
2451 r = lstat(head, &st);
2454 /* We've hit a dir that doesn't exist; stop now. */
2455 if (errno == ENOENT) {
2458 /* Treat any other error as fatal - best to be paranoid here
2459 * Note: This effectively disables deep directory
2460 * support when security checks are enabled.
2461 * Otherwise, very long pathnames that trigger
2462 * an error here could evade the sandbox.
2463 * TODO: We could do better, but it would probably
2464 * require merging the symlink checks with the
2465 * deep-directory editing. */
2466 if (error_number) *error_number = errno;
2468 archive_string_sprintf(error_string,
2469 "Could not stat %s",
2471 res = ARCHIVE_FAILED;
2474 } else if (S_ISDIR(st.st_mode)) {
2476 if (chdir(head) != 0) {
2478 if (error_number) *error_number = errno;
2480 archive_string_sprintf(error_string,
2481 "Could not chdir %s",
2483 res = (ARCHIVE_FATAL);
2486 /* Our view is now from inside this dir: */
2489 } else if (S_ISLNK(st.st_mode)) {
2492 * Last element is symlink; remove it
2493 * so we can overwrite it with the
2494 * item being extracted.
2498 if (error_number) *error_number = errno;
2500 archive_string_sprintf(error_string,
2501 "Could not remove symlink %s",
2503 res = ARCHIVE_FAILED;
2507 * Even if we did remove it, a warning
2508 * is in order. The warning is silly,
2509 * though, if we're just replacing one
2510 * symlink with another symlink.
2513 /* FIXME: not sure how important this is to restore
2514 if (!S_ISLNK(path)) {
2515 if (error_number) *error_number = 0;
2517 archive_string_sprintf(error_string,
2518 "Removing symlink %s",
2522 /* Symlink gone. No more problem! */
2525 } else if (flags & ARCHIVE_EXTRACT_UNLINK) {
2526 /* User asked us to remove problems. */
2527 if (unlink(head) != 0) {
2529 if (error_number) *error_number = 0;
2531 archive_string_sprintf(error_string,
2532 "Cannot remove intervening symlink %s",
2534 res = ARCHIVE_FAILED;
2540 if (error_number) *error_number = 0;
2542 archive_string_sprintf(error_string,
2543 "Cannot extract through symlink %s",
2545 res = ARCHIVE_FAILED;
2549 /* be sure to always maintain this */
2551 if (tail[0] != '\0')
2552 tail++; /* Advance to the next segment. */
2554 /* Catches loop exits via break */
2557 /* If we changed directory above, restore it here. */
2558 if (restore_pwd >= 0) {
2559 r = fchdir(restore_pwd);
2561 if(error_number) *error_number = errno;
2563 archive_string_sprintf(error_string,
2569 res = (ARCHIVE_FATAL);
2573 /* TODO: reintroduce a safe cache here? */
2579 * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
2580 * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
2583 check_symlinks(struct archive_write_disk *a)
2585 struct archive_string error_string;
2588 archive_string_init(&error_string);
2589 rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
2590 if (rc != ARCHIVE_OK) {
2591 archive_set_error(&a->archive, error_number, "%s", error_string.s);
2593 archive_string_free(&error_string);
2594 a->pst = NULL; /* to be safe */
2599 #if defined(__CYGWIN__)
2601 * 1. Convert a path separator from '\' to '/' .
2602 * We shouldn't check multibyte character directly because some
2603 * character-set have been using the '\' character for a part of
2604 * its multibyte character code.
2605 * 2. Replace unusable characters in Windows with underscore('_').
2606 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
2609 cleanup_pathname_win(struct archive_write_disk *a)
2614 int mb, complete, utf8;
2619 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
2620 for (p = a->name; *p != '\0'; p++) {
2623 /* If previous byte is smaller than 128,
2624 * this is not second byte of multibyte characters,
2625 * so we can replace '\' with '/'. */
2629 complete = 0;/* uncompleted. */
2630 } else if (*(unsigned char *)p > 127)
2634 /* Rewrite the path name if its next character is unusable. */
2635 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
2636 *p == '<' || *p == '>' || *p == '|')
2643 * Convert path separator in wide-character.
2646 while (*p != '\0' && alen) {
2647 l = mbtowc(&wc, p, alen);
2648 if (l == (size_t)-1) {
2649 while (*p != '\0') {
2656 if (l == 1 && wc == L'\\')
2665 * Canonicalize the pathname. In particular, this strips duplicate
2666 * '/' characters, '.' elements, and trailing '/'. It also raises an
2667 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
2668 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
2669 * is set) if the path is absolute.
2672 cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
2675 char separator = '\0';
2679 if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
2681 archive_string_sprintf(error_string,
2682 "Invalid empty pathname");
2683 return (ARCHIVE_FAILED);
2686 #if defined(__CYGWIN__)
2687 cleanup_pathname_win(a);
2689 /* Skip leading '/'. */
2691 if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
2692 if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
2694 archive_string_sprintf(error_string,
2695 "Path is absolute");
2696 return (ARCHIVE_FAILED);
2702 /* Scan the pathname one element at a time. */
2704 /* src points to first char after '/' */
2705 if (src[0] == '\0') {
2707 } else if (src[0] == '/') {
2708 /* Found '//', ignore second one. */
2711 } else if (src[0] == '.') {
2712 if (src[1] == '\0') {
2713 /* Ignore trailing '.' */
2715 } else if (src[1] == '/') {
2719 } else if (src[1] == '.') {
2720 if (src[2] == '/' || src[2] == '\0') {
2721 /* Conditionally warn about '..' */
2722 if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
2723 if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
2725 archive_string_sprintf(error_string,
2726 "Path contains '..'");
2727 return (ARCHIVE_FAILED);
2731 * Note: Under no circumstances do we
2732 * remove '..' elements. In
2733 * particular, restoring
2734 * '/foo/../bar/' should create the
2735 * 'foo' dir as a side-effect.
2740 /* Copy current element, including leading '/'. */
2743 while (*src != '\0' && *src != '/') {
2750 /* Skip '/' separator. */
2754 * We've just copied zero or more path elements, not including the
2759 * Nothing got copied. The path must have been something
2760 * like '.' or '/' or './' or '/././././/./'.
2767 /* Terminate the result. */
2769 return (ARCHIVE_OK);
2773 cleanup_pathname(struct archive_write_disk *a)
2775 struct archive_string error_string;
2778 archive_string_init(&error_string);
2779 rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
2780 if (rc != ARCHIVE_OK) {
2781 archive_set_error(&a->archive, error_number, "%s", error_string.s);
2783 archive_string_free(&error_string);
2788 * Create the parent directory of the specified path, assuming path
2789 * is already in mutable storage.
2792 create_parent_dir(struct archive_write_disk *a, char *path)
2797 /* Remove tail element to obtain parent name. */
2798 slash = strrchr(path, '/');
2800 return (ARCHIVE_OK);
2802 r = create_dir(a, path);
2808 * Create the specified dir, recursing to create parents as necessary.
2810 * Returns ARCHIVE_OK if the path exists when we're done here.
2811 * Otherwise, returns ARCHIVE_FAILED.
2812 * Assumes path is in mutable storage; path is unchanged on exit.
2815 create_dir(struct archive_write_disk *a, char *path)
2818 struct fixup_entry *le;
2820 mode_t mode_final, mode;
2823 /* Check for special names and just skip them. */
2824 slash = strrchr(path, '/');
2830 if (base[0] == '\0' ||
2831 (base[0] == '.' && base[1] == '\0') ||
2832 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
2833 /* Don't bother trying to create null path, '.', or '..'. */
2834 if (slash != NULL) {
2836 r = create_dir(a, path);
2840 return (ARCHIVE_OK);
2844 * Yes, this should be stat() and not lstat(). Using lstat()
2845 * here loses the ability to extract through symlinks. Also note
2846 * that this should not use the a->st cache.
2848 if (stat(path, &st) == 0) {
2849 if (S_ISDIR(st.st_mode))
2850 return (ARCHIVE_OK);
2851 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2852 archive_set_error(&a->archive, EEXIST,
2853 "Can't create directory '%s'", path);
2854 return (ARCHIVE_FAILED);
2856 if (unlink(path) != 0) {
2857 archive_set_error(&a->archive, errno,
2858 "Can't create directory '%s': "
2859 "Conflicting file cannot be removed",
2861 return (ARCHIVE_FAILED);
2863 } else if (errno != ENOENT && errno != ENOTDIR) {
2865 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
2866 return (ARCHIVE_FAILED);
2867 } else if (slash != NULL) {
2869 r = create_dir(a, path);
2871 if (r != ARCHIVE_OK)
2876 * Mode we want for the final restored directory. Per POSIX,
2877 * implicitly-created dirs must be created obeying the umask.
2878 * There's no mention whether this is different for privileged
2879 * restores (which the rest of this code handles by pretending
2880 * umask=0). I've chosen here to always obey the user's umask for
2881 * implicit dirs, even if _EXTRACT_PERM was specified.
2883 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
2884 /* Mode we want on disk during the restore process. */
2886 mode |= MINIMUM_DIR_MODE;
2887 mode &= MAXIMUM_DIR_MODE;
2888 if (mkdir(path, mode) == 0) {
2889 if (mode != mode_final) {
2890 le = new_fixup(a, path);
2892 return (ARCHIVE_FATAL);
2893 le->fixup |=TODO_MODE_BASE;
2894 le->mode = mode_final;
2896 return (ARCHIVE_OK);
2900 * Without the following check, a/b/../b/c/d fails at the
2901 * second visit to 'b', so 'd' can't be created. Note that we
2902 * don't add it to the fixup list here, as it's already been
2905 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
2906 return (ARCHIVE_OK);
2908 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
2910 return (ARCHIVE_FAILED);
2914 * Note: Although we can skip setting the user id if the desired user
2915 * id matches the current user, we cannot skip setting the group, as
2916 * many systems set the gid based on the containing directory. So
2917 * we have to perform a chown syscall if we want to set the SGID
2918 * bit. (The alternative is to stat() and then possibly chown(); it's
2919 * more efficient to skip the stat() and just always chown().) Note
2920 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
2921 * allows set_mode to skip the stat() check for the GID.
2924 set_ownership(struct archive_write_disk *a)
2927 /* unfortunately, on win32 there is no 'root' user with uid 0,
2928 so we just have to try the chown and see if it works */
2930 /* If we know we can't change it, don't bother trying. */
2931 if (a->user_uid != 0 && a->user_uid != a->uid) {
2932 archive_set_error(&a->archive, errno,
2933 "Can't set UID=%jd", (intmax_t)a->uid);
2934 return (ARCHIVE_WARN);
2939 /* If we have an fd, we can avoid a race. */
2940 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
2941 /* We've set owner and know uid/gid are correct. */
2942 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2943 return (ARCHIVE_OK);
2947 /* We prefer lchown() but will use chown() if that's all we have. */
2948 /* Of course, if we have neither, this will always fail. */
2950 if (lchown(a->name, a->uid, a->gid) == 0) {
2951 /* We've set owner and know uid/gid are correct. */
2952 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2953 return (ARCHIVE_OK);
2956 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
2957 /* We've set owner and know uid/gid are correct. */
2958 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2959 return (ARCHIVE_OK);
2963 archive_set_error(&a->archive, errno,
2964 "Can't set user=%jd/group=%jd for %s",
2965 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
2966 return (ARCHIVE_WARN);
2970 * Note: Returns 0 on success, non-zero on failure.
2973 set_time(int fd, int mode, const char *name,
2974 time_t atime, long atime_nsec,
2975 time_t mtime, long mtime_nsec)
2977 /* Select the best implementation for this platform. */
2978 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
2980 * utimensat() and futimens() are defined in
2981 * POSIX.1-2008. They support ns resolution and setting times
2982 * on fds and symlinks.
2984 struct timespec ts[2];
2985 (void)mode; /* UNUSED */
2986 ts[0].tv_sec = atime;
2987 ts[0].tv_nsec = atime_nsec;
2988 ts[1].tv_sec = mtime;
2989 ts[1].tv_nsec = mtime_nsec;
2991 return futimens(fd, ts);
2992 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
2996 * The utimes()-family functions support µs-resolution and
2997 * setting times fds and symlinks. utimes() is documented as
2998 * LEGACY by POSIX, futimes() and lutimes() are not described
3001 struct timeval times[2];
3003 times[0].tv_sec = atime;
3004 times[0].tv_usec = atime_nsec / 1000;
3005 times[1].tv_sec = mtime;
3006 times[1].tv_usec = mtime_nsec / 1000;
3010 return (futimes(fd, times));
3012 (void)fd; /* UNUSED */
3015 (void)mode; /* UNUSED */
3016 return (lutimes(name, times));
3020 return (utimes(name, times));
3023 #elif defined(HAVE_UTIME)
3025 * utime() is POSIX-standard but only supports 1s resolution and
3026 * does not support fds or symlinks.
3028 struct utimbuf times;
3029 (void)fd; /* UNUSED */
3030 (void)name; /* UNUSED */
3031 (void)atime_nsec; /* UNUSED */
3032 (void)mtime_nsec; /* UNUSED */
3033 times.actime = atime;
3034 times.modtime = mtime;
3036 return (ARCHIVE_OK);
3037 return (utime(name, ×));
3041 * We don't know how to set the time on this platform.
3043 (void)fd; /* UNUSED */
3044 (void)mode; /* UNUSED */
3045 (void)name; /* UNUSED */
3046 (void)atime_nsec; /* UNUSED */
3047 (void)mtime_nsec; /* UNUSED */
3048 return (ARCHIVE_WARN);
3052 #ifdef F_SETTIMES /* Tru64 */
3054 set_time_tru64(int fd, int mode, const char *name,
3055 time_t atime, long atime_nsec,
3056 time_t mtime, long mtime_nsec,
3057 time_t ctime, long ctime_nsec)
3059 struct attr_timbuf tstamp;
3060 struct timeval times[3];
3061 times[0].tv_sec = atime;
3062 times[0].tv_usec = atime_nsec / 1000;
3063 times[1].tv_sec = mtime;
3064 times[1].tv_usec = mtime_nsec / 1000;
3065 times[2].tv_sec = ctime;
3066 times[2].tv_usec = ctime_nsec / 1000;
3067 tstamp.atime = times[0];
3068 tstamp.mtime = times[1];
3069 tstamp.ctime = times[2];
3070 return (fcntl(fd,F_SETTIMES,&tstamp));
3075 set_times(struct archive_write_disk *a,
3076 int fd, int mode, const char *name,
3077 time_t atime, long atime_nanos,
3078 time_t birthtime, long birthtime_nanos,
3079 time_t mtime, long mtime_nanos,
3080 time_t cctime, long ctime_nanos)
3082 /* Note: set_time doesn't use libarchive return conventions!
3083 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
3088 * on Tru64 try own fcntl first which can restore even the
3089 * ctime, fall back to default code path below if it fails
3090 * or if we are not running as root
3092 if (a->user_uid == 0 &&
3093 set_time_tru64(fd, mode, name,
3094 atime, atime_nanos, mtime,
3095 mtime_nanos, cctime, ctime_nanos) == 0) {
3096 return (ARCHIVE_OK);
3099 (void)cctime; /* UNUSED */
3100 (void)ctime_nanos; /* UNUSED */
3103 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
3105 * If you have struct stat.st_birthtime, we assume BSD
3106 * birthtime semantics, in which {f,l,}utimes() updates
3107 * birthtime to earliest mtime. So we set the time twice,
3108 * first using the birthtime, then using the mtime. If
3109 * birthtime == mtime, this isn't necessary, so we skip it.
3110 * If birthtime > mtime, then this won't work, so we skip it.
3112 if (birthtime < mtime
3113 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
3114 r1 = set_time(fd, mode, name,
3116 birthtime, birthtime_nanos);
3118 (void)birthtime; /* UNUSED */
3119 (void)birthtime_nanos; /* UNUSED */
3121 r2 = set_time(fd, mode, name,
3123 mtime, mtime_nanos);
3124 if (r1 != 0 || r2 != 0) {
3125 archive_set_error(&a->archive, errno,
3126 "Can't restore time");
3127 return (ARCHIVE_WARN);
3129 return (ARCHIVE_OK);
3133 set_times_from_entry(struct archive_write_disk *a)
3135 time_t atime, birthtime, mtime, cctime;
3136 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
3138 /* Suitable defaults. */
3139 atime = birthtime = mtime = cctime = a->start_time;
3140 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
3142 /* If no time was provided, we're done. */
3143 if (!archive_entry_atime_is_set(a->entry)
3144 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
3145 && !archive_entry_birthtime_is_set(a->entry)
3147 && !archive_entry_mtime_is_set(a->entry))
3148 return (ARCHIVE_OK);
3150 if (archive_entry_atime_is_set(a->entry)) {
3151 atime = archive_entry_atime(a->entry);
3152 atime_nsec = archive_entry_atime_nsec(a->entry);
3154 if (archive_entry_birthtime_is_set(a->entry)) {
3155 birthtime = archive_entry_birthtime(a->entry);
3156 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
3158 if (archive_entry_mtime_is_set(a->entry)) {
3159 mtime = archive_entry_mtime(a->entry);
3160 mtime_nsec = archive_entry_mtime_nsec(a->entry);
3162 if (archive_entry_ctime_is_set(a->entry)) {
3163 cctime = archive_entry_ctime(a->entry);
3164 ctime_nsec = archive_entry_ctime_nsec(a->entry);
3167 return set_times(a, a->fd, a->mode, a->name,
3169 birthtime, birthtime_nsec,
3171 cctime, ctime_nsec);
3175 set_mode(struct archive_write_disk *a, int mode)
3178 mode &= 07777; /* Strip off file type bits. */
3180 if (a->todo & TODO_SGID_CHECK) {
3182 * If we don't know the GID is right, we must stat()
3183 * to verify it. We can't just check the GID of this
3184 * process, since systems sometimes set GID from
3185 * the enclosing dir or based on ACLs.
3187 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3189 if (a->pst->st_gid != a->gid) {
3191 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3193 * This is only an error if you
3194 * requested owner restore. If you
3195 * didn't, we'll try to restore
3196 * sgid/suid, but won't consider it a
3197 * problem if we can't.
3199 archive_set_error(&a->archive, -1,
3200 "Can't restore SGID bit");
3204 /* While we're here, double-check the UID. */
3205 if (a->pst->st_uid != a->uid
3206 && (a->todo & TODO_SUID)) {
3208 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3209 archive_set_error(&a->archive, -1,
3210 "Can't restore SUID bit");
3214 a->todo &= ~TODO_SGID_CHECK;
3215 a->todo &= ~TODO_SUID_CHECK;
3216 } else if (a->todo & TODO_SUID_CHECK) {
3218 * If we don't know the UID is right, we can just check
3219 * the user, since all systems set the file UID from
3222 if (a->user_uid != a->uid) {
3224 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3225 archive_set_error(&a->archive, -1,
3226 "Can't make file SUID");
3230 a->todo &= ~TODO_SUID_CHECK;
3233 if (S_ISLNK(a->mode)) {
3236 * If this is a symlink, use lchmod(). If the
3237 * platform doesn't support lchmod(), just skip it. A
3238 * platform that doesn't provide a way to set
3239 * permissions on symlinks probably ignores
3240 * permissions on symlinks, so a failure here has no
3243 if (lchmod(a->name, mode) != 0) {
3244 archive_set_error(&a->archive, errno,
3245 "Can't set permissions to 0%o", (int)mode);
3249 } else if (!S_ISDIR(a->mode)) {
3251 * If it's not a symlink and not a dir, then use
3252 * fchmod() or chmod(), depending on whether we have
3253 * an fd. Dirs get their perms set during the
3254 * post-extract fixup, which is handled elsewhere.
3258 if (fchmod(a->fd, mode) != 0) {
3259 archive_set_error(&a->archive, errno,
3260 "Can't set permissions to 0%o", (int)mode);
3265 /* If this platform lacks fchmod(), then
3266 * we'll just use chmod(). */
3267 if (chmod(a->name, mode) != 0) {
3268 archive_set_error(&a->archive, errno,
3269 "Can't set permissions to 0%o", (int)mode);
3277 set_fflags(struct archive_write_disk *a)
3279 struct fixup_entry *le;
3280 unsigned long set, clear;
3283 mode_t mode = archive_entry_mode(a->entry);
3286 * Make 'critical_flags' hold all file flags that can't be
3287 * immediately restored. For example, on BSD systems,
3288 * SF_IMMUTABLE prevents hardlinks from being created, so
3289 * should not be set until after any hardlinks are created. To
3290 * preserve some semblance of portability, this uses #ifdef
3291 * extensively. Ugly, but it works.
3293 * Yes, Virginia, this does create a security race. It's mitigated
3294 * somewhat by the practice of creating dirs 0700 until the extract
3295 * is done, but it would be nice if we could do more than that.
3296 * People restoring critical file systems should be wary of
3297 * other programs that might try to muck with files as they're
3300 /* Hopefully, the compiler will optimize this mess into a constant. */
3303 critical_flags |= SF_IMMUTABLE;
3306 critical_flags |= UF_IMMUTABLE;
3309 critical_flags |= SF_APPEND;
3312 critical_flags |= UF_APPEND;
3314 #ifdef EXT2_APPEND_FL
3315 critical_flags |= EXT2_APPEND_FL;
3317 #ifdef EXT2_IMMUTABLE_FL
3318 critical_flags |= EXT2_IMMUTABLE_FL;
3321 if (a->todo & TODO_FFLAGS) {
3322 archive_entry_fflags(a->entry, &set, &clear);
3325 * The first test encourages the compiler to eliminate
3326 * all of this if it's not necessary.
3328 if ((critical_flags != 0) && (set & critical_flags)) {
3329 le = current_fixup(a, a->name);
3331 return (ARCHIVE_FATAL);
3332 le->fixup |= TODO_FFLAGS;
3333 le->fflags_set = set;
3334 /* Store the mode if it's not already there. */
3335 if ((le->fixup & TODO_MODE) == 0)
3338 r = set_fflags_platform(a, a->fd,
3339 a->name, mode, set, clear);
3340 if (r != ARCHIVE_OK)
3344 return (ARCHIVE_OK);
3348 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3350 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3353 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3354 mode_t mode, unsigned long set, unsigned long clear)
3358 (void)mode; /* UNUSED */
3359 if (set == 0 && clear == 0)
3360 return (ARCHIVE_OK);
3363 * XXX Is the stat here really necessary? Or can I just use
3364 * the 'set' flags directly? In particular, I'm not sure
3365 * about the correct approach if we're overwriting an existing
3366 * file that already has flags on it. XXX
3368 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3371 a->st.st_flags &= ~clear;
3372 a->st.st_flags |= set;
3373 #ifdef HAVE_FCHFLAGS
3374 /* If platform has fchflags() and we were given an fd, use it. */
3375 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3376 return (ARCHIVE_OK);
3379 * If we can't use the fd to set the flags, we'll use the
3380 * pathname to set flags. We prefer lchflags() but will use
3381 * chflags() if we must.
3383 #ifdef HAVE_LCHFLAGS
3384 if (lchflags(name, a->st.st_flags) == 0)
3385 return (ARCHIVE_OK);
3386 #elif defined(HAVE_CHFLAGS)
3387 if (S_ISLNK(a->st.st_mode)) {
3388 archive_set_error(&a->archive, errno,
3389 "Can't set file flags on symlink.");
3390 return (ARCHIVE_WARN);
3392 if (chflags(name, a->st.st_flags) == 0)
3393 return (ARCHIVE_OK);
3395 archive_set_error(&a->archive, errno,
3396 "Failed to set file flags");
3397 return (ARCHIVE_WARN);
3400 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
3402 * Linux uses ioctl() to read and write file flags.
3405 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3406 mode_t mode, unsigned long set, unsigned long clear)
3410 int newflags, oldflags;
3413 if (set == 0 && clear == 0)
3414 return (ARCHIVE_OK);
3415 /* Only regular files and dirs can have flags. */
3416 if (!S_ISREG(mode) && !S_ISDIR(mode))
3417 return (ARCHIVE_OK);
3419 /* If we weren't given an fd, open it ourselves. */
3421 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
3422 __archive_ensure_cloexec_flag(myfd);
3425 return (ARCHIVE_OK);
3428 * Linux has no define for the flags that are only settable by
3429 * the root user. This code may seem a little complex, but
3430 * there seem to be some Linux systems that lack these
3431 * defines. (?) The code below degrades reasonably gracefully
3432 * if sf_mask is incomplete.
3434 #ifdef EXT2_IMMUTABLE_FL
3435 sf_mask |= EXT2_IMMUTABLE_FL;
3437 #ifdef EXT2_APPEND_FL
3438 sf_mask |= EXT2_APPEND_FL;
3441 * XXX As above, this would be way simpler if we didn't have
3442 * to read the current flags from disk. XXX
3446 /* Read the current file flags. */
3447 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) < 0)
3450 /* Try setting the flags as given. */
3451 newflags = (oldflags & ~clear) | set;
3452 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3457 /* If we couldn't set all the flags, try again with a subset. */
3458 newflags &= ~sf_mask;
3459 oldflags &= sf_mask;
3460 newflags |= oldflags;
3461 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3464 /* We couldn't set the flags, so report the failure. */
3466 archive_set_error(&a->archive, errno,
3467 "Failed to set file flags");
3478 * Of course, some systems have neither BSD chflags() nor Linux' flags
3479 * support through ioctl().
3482 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3483 mode_t mode, unsigned long set, unsigned long clear)
3485 (void)a; /* UNUSED */
3486 (void)fd; /* UNUSED */
3487 (void)name; /* UNUSED */
3488 (void)mode; /* UNUSED */
3489 (void)set; /* UNUSED */
3490 (void)clear; /* UNUSED */
3491 return (ARCHIVE_OK);
3494 #endif /* __linux */
3496 #ifndef HAVE_COPYFILE_H
3497 /* Default is to simply drop Mac extended metadata. */
3499 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3500 const void *metadata, size_t metadata_size)
3502 (void)a; /* UNUSED */
3503 (void)pathname; /* UNUSED */
3504 (void)metadata; /* UNUSED */
3505 (void)metadata_size; /* UNUSED */
3506 return (ARCHIVE_OK);
3510 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3512 (void)a; /* UNUSED */
3513 (void)pathname; /* UNUSED */
3514 return (ARCHIVE_OK);
3519 * On Mac OS, we use copyfile() to unpack the metadata and
3520 * apply it to the target file.
3523 #if defined(HAVE_SYS_XATTR_H)
3525 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
3528 char *xattr_names = NULL, *xattr_val = NULL;
3529 int ret = ARCHIVE_OK, xattr_i;
3531 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
3532 if (xattr_size == -1) {
3533 archive_set_error(&a->archive, errno,
3534 "Failed to read metadata(xattr)");
3538 xattr_names = malloc(xattr_size);
3539 if (xattr_names == NULL) {
3540 archive_set_error(&a->archive, ENOMEM,
3541 "Can't allocate memory for metadata(xattr)");
3542 ret = ARCHIVE_FATAL;
3545 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
3546 if (xattr_size == -1) {
3547 archive_set_error(&a->archive, errno,
3548 "Failed to read metadata(xattr)");
3552 for (xattr_i = 0; xattr_i < xattr_size;
3553 xattr_i += strlen(xattr_names + xattr_i) + 1) {
3557 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
3559 archive_set_error(&a->archive, errno,
3560 "Failed to get metadata(xattr)");
3564 xattr_val = realloc(xattr_val, s);
3565 if (xattr_val == NULL) {
3566 archive_set_error(&a->archive, ENOMEM,
3567 "Failed to get metadata(xattr)");
3571 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3573 archive_set_error(&a->archive, errno,
3574 "Failed to get metadata(xattr)");
3578 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3580 archive_set_error(&a->archive, errno,
3581 "Failed to get metadata(xattr)");
3594 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
3596 acl_t acl, dfacl = NULL;
3597 int acl_r, ret = ARCHIVE_OK;
3599 acl = acl_get_fd(tmpfd);
3601 if (errno == ENOENT)
3602 /* There are not any ACLs. */
3604 archive_set_error(&a->archive, errno,
3605 "Failed to get metadata(acl)");
3609 dfacl = acl_dup(acl);
3610 acl_r = acl_set_fd(dffd, dfacl);
3612 archive_set_error(&a->archive, errno,
3613 "Failed to get metadata(acl)");
3626 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
3628 struct archive_string tmpdatafork;
3631 archive_string_init(&tmpdatafork);
3632 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
3633 tmpfd = mkstemp(tmpdatafork.s);
3635 archive_set_error(&a->archive, errno,
3636 "Failed to mkstemp");
3637 archive_string_free(&tmpdatafork);
3640 if (copyfile(pathname, tmpdatafork.s, 0,
3641 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3642 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3643 archive_set_error(&a->archive, errno,
3644 "Failed to restore metadata");
3648 unlink(tmpdatafork.s);
3649 archive_string_free(&tmpdatafork);
3654 copy_metadata(struct archive_write_disk *a, const char *metadata,
3655 const char *datafork, int datafork_compressed)
3657 int ret = ARCHIVE_OK;
3659 if (datafork_compressed) {
3662 tmpfd = create_tempdatafork(a, metadata);
3664 return (ARCHIVE_WARN);
3667 * Do not open the data fork compressed by HFS+ compression
3668 * with at least a writing mode(O_RDWR or O_WRONLY). it
3669 * makes the data fork uncompressed.
3671 dffd = open(datafork, 0);
3673 archive_set_error(&a->archive, errno,
3674 "Failed to open the data fork for metadata");
3676 return (ARCHIVE_WARN);
3679 #if defined(HAVE_SYS_XATTR_H)
3680 ret = copy_xattrs(a, tmpfd, dffd);
3681 if (ret == ARCHIVE_OK)
3683 ret = copy_acls(a, tmpfd, dffd);
3687 if (copyfile(metadata, datafork, 0,
3688 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3689 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3690 archive_set_error(&a->archive, errno,
3691 "Failed to restore metadata");
3699 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3700 const void *metadata, size_t metadata_size)
3702 struct archive_string tmp;
3705 int ret = ARCHIVE_OK;
3707 /* This would be simpler if copyfile() could just accept the
3708 * metadata as a block of memory; then we could sidestep this
3709 * silly dance of writing the data to disk just so that
3710 * copyfile() can read it back in again. */
3711 archive_string_init(&tmp);
3712 archive_strcpy(&tmp, pathname);
3713 archive_strcat(&tmp, ".XXXXXX");
3714 fd = mkstemp(tmp.s);
3717 archive_set_error(&a->archive, errno,
3718 "Failed to restore metadata");
3719 archive_string_free(&tmp);
3720 return (ARCHIVE_WARN);
3722 written = write(fd, metadata, metadata_size);
3724 if ((size_t)written != metadata_size) {
3725 archive_set_error(&a->archive, errno,
3726 "Failed to restore metadata");
3731 #if defined(UF_COMPRESSED)
3732 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
3733 (ret = lazy_stat(a)) == ARCHIVE_OK)
3734 compressed = a->st.st_flags & UF_COMPRESSED;
3738 ret = copy_metadata(a, tmp.s, pathname, compressed);
3741 archive_string_free(&tmp);
3746 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3751 struct archive_string datafork;
3752 int fd = -1, ret = ARCHIVE_OK;
3754 archive_string_init(&datafork);
3755 /* Check if the current file name is a type of the resource
3757 p = strrchr(pathname, '/');
3762 if (p[0] != '.' || p[1] != '_')
3763 goto skip_appledouble;
3766 * Check if the data fork file exists.
3768 * TODO: Check if this write disk object has handled it.
3770 archive_strncpy(&datafork, pathname, p - pathname);
3771 archive_strcat(&datafork, p + 2);
3772 if (lstat(datafork.s, &st) == -1 ||
3773 (st.st_mode & AE_IFMT) != AE_IFREG)
3774 goto skip_appledouble;
3777 * Check if the file is in the AppleDouble form.
3779 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
3780 __archive_ensure_cloexec_flag(fd);
3782 archive_set_error(&a->archive, errno,
3783 "Failed to open a restoring file");
3785 goto skip_appledouble;
3787 if (read(fd, buff, 8) == -1) {
3788 archive_set_error(&a->archive, errno,
3789 "Failed to read a restoring file");
3792 goto skip_appledouble;
3795 /* Check AppleDouble Magic Code. */
3796 if (archive_be32dec(buff) != 0x00051607)
3797 goto skip_appledouble;
3798 /* Check AppleDouble Version. */
3799 if (archive_be32dec(buff+4) != 0x00020000)
3800 goto skip_appledouble;
3802 ret = copy_metadata(a, pathname, datafork.s,
3803 #if defined(UF_COMPRESSED)
3804 st.st_flags & UF_COMPRESSED);
3808 if (ret == ARCHIVE_OK) {
3813 archive_string_free(&datafork);
3818 #if HAVE_LSETXATTR || HAVE_LSETEA
3820 * Restore extended attributes - Linux and AIX implementations:
3821 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
3824 set_xattrs(struct archive_write_disk *a)
3826 struct archive_entry *entry = a->entry;
3827 static int warning_done = 0;
3828 int ret = ARCHIVE_OK;
3829 int i = archive_entry_xattr_reset(entry);
3835 archive_entry_xattr_next(entry, &name, &value, &size);
3837 strncmp(name, "xfsroot.", 8) != 0 &&
3838 strncmp(name, "system.", 7) != 0) {
3842 e = fsetxattr(a->fd, name, value, size, 0);
3846 e = fsetea(a->fd, name, value, size, 0);
3851 e = lsetxattr(archive_entry_pathname(entry),
3852 name, value, size, 0);
3854 e = lsetea(archive_entry_pathname(entry),
3855 name, value, size, 0);
3859 if (errno == ENOTSUP || errno == ENOSYS) {
3860 if (!warning_done) {
3862 archive_set_error(&a->archive, errno,
3863 "Cannot restore extended "
3864 "attributes on this file "
3868 archive_set_error(&a->archive, errno,
3869 "Failed to set extended attribute");
3873 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3874 "Invalid extended attribute encountered");
3880 #elif HAVE_EXTATTR_SET_FILE && HAVE_DECL_EXTATTR_NAMESPACE_USER
3882 * Restore extended attributes - FreeBSD implementation
3885 set_xattrs(struct archive_write_disk *a)
3887 struct archive_entry *entry = a->entry;
3888 static int warning_done = 0;
3889 int ret = ARCHIVE_OK;
3890 int i = archive_entry_xattr_reset(entry);
3896 archive_entry_xattr_next(entry, &name, &value, &size);
3901 if (strncmp(name, "user.", 5) == 0) {
3902 /* "user." attributes go to user namespace */
3904 namespace = EXTATTR_NAMESPACE_USER;
3906 /* Warn about other extended attributes. */
3907 archive_set_error(&a->archive,
3908 ARCHIVE_ERRNO_FILE_FORMAT,
3909 "Can't restore extended attribute ``%s''",
3915 #if HAVE_EXTATTR_SET_FD
3917 e = extattr_set_fd(a->fd, namespace, name, value, size);
3920 /* TODO: should we use extattr_set_link() instead? */
3922 e = extattr_set_file(archive_entry_pathname(entry),
3923 namespace, name, value, size);
3925 if (e != (ssize_t)size) {
3926 if (errno == ENOTSUP || errno == ENOSYS) {
3927 if (!warning_done) {
3929 archive_set_error(&a->archive, errno,
3930 "Cannot restore extended "
3931 "attributes on this file "
3935 archive_set_error(&a->archive, errno,
3936 "Failed to set extended attribute");
3947 * Restore extended attributes - stub implementation for unsupported systems
3950 set_xattrs(struct archive_write_disk *a)
3952 static int warning_done = 0;
3954 /* If there aren't any extended attributes, then it's okay not
3955 * to extract them, otherwise, issue a single warning. */
3956 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
3958 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3959 "Cannot restore extended attributes on this system");
3960 return (ARCHIVE_WARN);
3962 /* Warning was already emitted; suppress further warnings. */
3963 return (ARCHIVE_OK);
3968 * Test if file on disk is older than entry.
3971 older(struct stat *st, struct archive_entry *entry)
3973 /* First, test the seconds and return if we have a definite answer. */
3974 /* Definitely older. */
3975 if (st->st_mtime < archive_entry_mtime(entry))
3977 /* Definitely younger. */
3978 if (st->st_mtime > archive_entry_mtime(entry))
3980 /* If this platform supports fractional seconds, try those. */
3981 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
3982 /* Definitely older. */
3983 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
3985 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
3986 /* Definitely older. */
3987 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
3989 #elif HAVE_STRUCT_STAT_ST_MTIME_N
3991 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
3993 #elif HAVE_STRUCT_STAT_ST_UMTIME
3995 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
3997 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
3999 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
4002 /* This system doesn't have high-res timestamps. */
4004 /* Same age or newer, so not older. */
4008 #endif /* !_WIN32 || __CYGWIN__ */
projects / FreeBSD / releng / 10.2.git / blob