2 * Copyright (c) 2003-2010 Tim Kientzle
3 * Copyright (c) 2012 Michihiro NAKAJIMA
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer
11 * in this position and unchanged.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 #include "archive_platform.h"
29 __FBSDID("$FreeBSD$");
31 #if !defined(_WIN32) || defined(__CYGWIN__)
33 #ifdef HAVE_SYS_TYPES_H
34 #include <sys/types.h>
39 #ifdef HAVE_SYS_EXTATTR_H
40 #include <sys/extattr.h>
42 #if defined(HAVE_SYS_XATTR_H)
43 #include <sys/xattr.h>
44 #elif defined(HAVE_ATTR_XATTR_H)
45 #include <attr/xattr.h>
50 #ifdef HAVE_SYS_IOCTL_H
51 #include <sys/ioctl.h>
53 #ifdef HAVE_SYS_STAT_H
56 #ifdef HAVE_SYS_TIME_H
59 #ifdef HAVE_SYS_UTIME_H
60 #include <sys/utime.h>
62 #ifdef HAVE_COPYFILE_H
74 #ifdef HAVE_LANGINFO_H
77 #ifdef HAVE_LINUX_FS_H
78 #include <linux/fs.h> /* for Linux file flags */
81 * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
82 * As the include guards don't agree, the order of include is important.
84 #ifdef HAVE_LINUX_EXT2_FS_H
85 #include <linux/ext2_fs.h> /* for Linux file flags */
87 #if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
88 #include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
109 #ifdef F_GETTIMES /* Tru64 specific */
110 #include <sys/fcntl1.h>
114 #include <TargetConditionals.h>
115 #if TARGET_OS_MAC && !TARGET_OS_EMBEDDED && HAVE_QUARANTINE_H
116 #include <quarantine.h>
117 #define HAVE_QUARANTINE 1
125 /* TODO: Support Mac OS 'quarantine' feature. This is really just a
126 * standard tag to mark files that have been downloaded as "tainted".
127 * On Mac OS, we should mark the extracted files as tainted if the
128 * archive being read was tainted. Windows has a similar feature; we
129 * should investigate ways to support this generically. */
132 #include "archive_acl_private.h"
133 #include "archive_string.h"
134 #include "archive_endian.h"
135 #include "archive_entry.h"
136 #include "archive_private.h"
137 #include "archive_write_disk_private.h"
147 struct fixup_entry *next;
148 struct archive_acl acl;
154 unsigned long atime_nanos;
155 unsigned long birthtime_nanos;
156 unsigned long mtime_nanos;
157 unsigned long ctime_nanos;
158 unsigned long fflags_set;
159 size_t mac_metadata_size;
161 int fixup; /* bitmask of what needs fixing */
166 * We use a bitmask to track which operations remain to be done for
167 * this file. In particular, this helps us avoid unnecessary
168 * operations when it's possible to take care of one step as a
169 * side-effect of another. For example, mkdir() can specify the mode
170 * for the newly-created object but symlink() cannot. This means we
171 * can skip chmod() if mkdir() succeeded, but we must explicitly
172 * chmod() if we're trying to create a directory that already exists
173 * (mkdir() failed) or if we're restoring a symlink. Similarly, we
174 * need to verify UID/GID before trying to restore SUID/SGID bits;
175 * that verification can occur explicitly through a stat() call or
176 * implicitly because of a successful chown() call.
178 #define TODO_MODE_FORCE 0x40000000
179 #define TODO_MODE_BASE 0x20000000
180 #define TODO_SUID 0x10000000
181 #define TODO_SUID_CHECK 0x08000000
182 #define TODO_SGID 0x04000000
183 #define TODO_SGID_CHECK 0x02000000
184 #define TODO_APPLEDOUBLE 0x01000000
185 #define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
186 #define TODO_TIMES ARCHIVE_EXTRACT_TIME
187 #define TODO_OWNER ARCHIVE_EXTRACT_OWNER
188 #define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
189 #define TODO_ACLS ARCHIVE_EXTRACT_ACL
190 #define TODO_XATTR ARCHIVE_EXTRACT_XATTR
191 #define TODO_MAC_METADATA ARCHIVE_EXTRACT_MAC_METADATA
192 #define TODO_HFS_COMPRESSION ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED
194 struct archive_write_disk {
195 struct archive archive;
198 struct fixup_entry *fixup_list;
199 struct fixup_entry *current_fixup;
202 int64_t skip_file_dev;
203 int64_t skip_file_ino;
206 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid);
207 void (*cleanup_gid)(void *private);
208 void *lookup_gid_data;
209 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid);
210 void (*cleanup_uid)(void *private);
211 void *lookup_uid_data;
214 * Full path of last file to satisfy symlink checks.
216 struct archive_string path_safe;
219 * Cached stat data from disk for the current entry.
220 * If this is valid, pst points to st. Otherwise,
226 /* Information about the object being restored right now. */
227 struct archive_entry *entry; /* Entry being extracted. */
228 char *name; /* Name of entry, possibly edited. */
229 struct archive_string _name_data; /* backing store for 'name' */
230 /* Tasks remaining for this object. */
232 /* Tasks deferred until end-of-archive. */
234 /* Options requested by the client. */
236 /* Handle for the file we're restoring. */
238 /* Current offset for writing data to the file. */
240 /* Last offset actually written to disk. */
242 /* Total bytes actually written to files. */
243 int64_t total_bytes_written;
244 /* Maximum size of file, -1 if unknown. */
246 /* Dir we were in before this restore; only for deep paths. */
248 /* Mode we should use for this entry; affected by _PERM and umask. */
250 /* UID/GID to use in restoring this entry. */
256 /* Xattr "com.apple.decmpfs". */
257 uint32_t decmpfs_attr_size;
258 unsigned char *decmpfs_header_p;
259 /* ResourceFork set options used for fsetxattr. */
260 int rsrc_xattr_options;
261 /* Xattr "com.apple.ResourceFork". */
262 unsigned char *resource_fork;
263 size_t resource_fork_allocated_size;
264 unsigned int decmpfs_block_count;
265 uint32_t *decmpfs_block_info;
266 /* Buffer for compressed data. */
267 unsigned char *compressed_buffer;
268 size_t compressed_buffer_size;
269 size_t compressed_buffer_remaining;
270 /* The offset of the ResourceFork where compressed data will
272 uint32_t compressed_rsrc_position;
273 uint32_t compressed_rsrc_position_v;
274 /* Buffer for uncompressed data. */
275 char *uncompressed_buffer;
276 size_t block_remaining_bytes;
277 size_t file_remaining_bytes;
281 int decmpfs_compression_level;
286 * Default mode for dirs created automatically (will be modified by umask).
287 * Note that POSIX specifies 0777 for implicitly-created dirs, "modified
288 * by the process' file creation mask."
290 #define DEFAULT_DIR_MODE 0777
292 * Dir modes are restored in two steps: During the extraction, the permissions
293 * in the archive are modified to match the following limits. During
294 * the post-extract fixup pass, the permissions from the archive are
297 #define MINIMUM_DIR_MODE 0700
298 #define MAXIMUM_DIR_MODE 0775
301 * Maxinum uncompressed size of a decmpfs block.
303 #define MAX_DECMPFS_BLOCK_SIZE (64 * 1024)
305 * HFS+ compression type.
307 #define CMP_XATTR 3/* Compressed data in xattr. */
308 #define CMP_RESOURCE_FORK 4/* Compressed data in resource fork. */
310 * HFS+ compression resource fork.
312 #define RSRC_H_SIZE 260 /* Base size of Resource fork header. */
313 #define RSRC_F_SIZE 50 /* Size of Resource fork footer. */
314 /* Size to write compressed data to resource fork. */
315 #define COMPRESSED_W_SIZE (64 * 1024)
316 /* decmpfs difinitions. */
317 #define MAX_DECMPFS_XATTR_SIZE 3802
318 #ifndef DECMPFS_XATTR_NAME
319 #define DECMPFS_XATTR_NAME "com.apple.decmpfs"
321 #define DECMPFS_MAGIC 0x636d7066
322 #define DECMPFS_COMPRESSION_MAGIC 0
323 #define DECMPFS_COMPRESSION_TYPE 4
324 #define DECMPFS_UNCOMPRESSED_SIZE 8
325 #define DECMPFS_HEADER_SIZE 16
327 #define HFS_BLOCKS(s) ((s) >> 12)
329 static int check_symlinks(struct archive_write_disk *);
330 static int create_filesystem_object(struct archive_write_disk *);
331 static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
332 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
333 static void edit_deep_directories(struct archive_write_disk *ad);
335 static int cleanup_pathname(struct archive_write_disk *);
336 static int create_dir(struct archive_write_disk *, char *);
337 static int create_parent_dir(struct archive_write_disk *, char *);
338 static ssize_t hfs_write_data_block(struct archive_write_disk *,
339 const char *, size_t);
340 static int fixup_appledouble(struct archive_write_disk *, const char *);
341 static int older(struct stat *, struct archive_entry *);
342 static int restore_entry(struct archive_write_disk *);
343 static int set_mac_metadata(struct archive_write_disk *, const char *,
344 const void *, size_t);
345 static int set_xattrs(struct archive_write_disk *);
346 static int clear_nochange_fflags(struct archive_write_disk *);
347 static int set_fflags(struct archive_write_disk *);
348 static int set_fflags_platform(struct archive_write_disk *, int fd,
349 const char *name, mode_t mode,
350 unsigned long fflags_set, unsigned long fflags_clear);
351 static int set_ownership(struct archive_write_disk *);
352 static int set_mode(struct archive_write_disk *, int mode);
353 static int set_time(int, int, const char *, time_t, long, time_t, long);
354 static int set_times(struct archive_write_disk *, int, int, const char *,
355 time_t, long, time_t, long, time_t, long, time_t, long);
356 static int set_times_from_entry(struct archive_write_disk *);
357 static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
358 static ssize_t write_data_block(struct archive_write_disk *,
359 const char *, size_t);
361 static struct archive_vtable *archive_write_disk_vtable(void);
363 static int _archive_write_disk_close(struct archive *);
364 static int _archive_write_disk_free(struct archive *);
365 static int _archive_write_disk_header(struct archive *, struct archive_entry *);
366 static int64_t _archive_write_disk_filter_bytes(struct archive *, int);
367 static int _archive_write_disk_finish_entry(struct archive *);
368 static ssize_t _archive_write_disk_data(struct archive *, const void *, size_t);
369 static ssize_t _archive_write_disk_data_block(struct archive *, const void *, size_t, int64_t);
372 lazy_stat(struct archive_write_disk *a)
374 if (a->pst != NULL) {
375 /* Already have stat() data available. */
379 if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
385 * XXX At this point, symlinks should not be hit, otherwise
386 * XXX a race occurred. Do we want to check explicitly for that?
388 if (lstat(a->name, &a->st) == 0) {
392 archive_set_error(&a->archive, errno, "Couldn't stat file");
393 return (ARCHIVE_WARN);
396 static struct archive_vtable *
397 archive_write_disk_vtable(void)
399 static struct archive_vtable av;
400 static int inited = 0;
403 av.archive_close = _archive_write_disk_close;
404 av.archive_filter_bytes = _archive_write_disk_filter_bytes;
405 av.archive_free = _archive_write_disk_free;
406 av.archive_write_header = _archive_write_disk_header;
407 av.archive_write_finish_entry
408 = _archive_write_disk_finish_entry;
409 av.archive_write_data = _archive_write_disk_data;
410 av.archive_write_data_block = _archive_write_disk_data_block;
417 _archive_write_disk_filter_bytes(struct archive *_a, int n)
419 struct archive_write_disk *a = (struct archive_write_disk *)_a;
420 (void)n; /* UNUSED */
421 if (n == -1 || n == 0)
422 return (a->total_bytes_written);
428 archive_write_disk_set_options(struct archive *_a, int flags)
430 struct archive_write_disk *a = (struct archive_write_disk *)_a;
438 * Extract this entry to disk.
440 * TODO: Validate hardlinks. According to the standards, we're
441 * supposed to check each extracted hardlink and squawk if it refers
442 * to a file that we didn't restore. I'm not entirely convinced this
443 * is a good idea, but more importantly: Is there any way to validate
444 * hardlinks without keeping a complete list of filenames from the
445 * entire archive?? Ugh.
449 _archive_write_disk_header(struct archive *_a, struct archive_entry *entry)
451 struct archive_write_disk *a = (struct archive_write_disk *)_a;
452 struct fixup_entry *fe;
455 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
456 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
457 "archive_write_disk_header");
458 archive_clear_error(&a->archive);
459 if (a->archive.state & ARCHIVE_STATE_DATA) {
460 r = _archive_write_disk_finish_entry(&a->archive);
461 if (r == ARCHIVE_FATAL)
465 /* Set up for this particular entry. */
467 a->current_fixup = NULL;
470 archive_entry_free(a->entry);
473 a->entry = archive_entry_clone(entry);
478 a->uid = a->user_uid;
479 a->mode = archive_entry_mode(a->entry);
480 if (archive_entry_size_is_set(a->entry))
481 a->filesize = archive_entry_size(a->entry);
484 archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
485 a->name = a->_name_data.s;
486 archive_clear_error(&a->archive);
489 * Clean up the requested path. This is necessary for correct
490 * dir restores; the dir restore logic otherwise gets messed
491 * up by nonsense like "dir/.".
493 ret = cleanup_pathname(a);
494 if (ret != ARCHIVE_OK)
498 * Query the umask so we get predictable mode settings.
499 * This gets done on every call to _write_header in case the
500 * user edits their umask during the extraction for some
503 umask(a->user_umask = umask(0));
505 /* Figure out what we need to do for this entry. */
506 a->todo = TODO_MODE_BASE;
507 if (a->flags & ARCHIVE_EXTRACT_PERM) {
508 a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
510 * SGID requires an extra "check" step because we
511 * cannot easily predict the GID that the system will
512 * assign. (Different systems assign GIDs to files
513 * based on a variety of criteria, including process
514 * credentials and the gid of the enclosing
515 * directory.) We can only restore the SGID bit if
516 * the file has the right GID, and we only know the
517 * GID if we either set it (see set_ownership) or if
518 * we've actually called stat() on the file after it
519 * was restored. Since there are several places at
520 * which we might verify the GID, we need a TODO bit
523 if (a->mode & S_ISGID)
524 a->todo |= TODO_SGID | TODO_SGID_CHECK;
526 * Verifying the SUID is simpler, but can still be
527 * done in multiple ways, hence the separate "check" bit.
529 if (a->mode & S_ISUID)
530 a->todo |= TODO_SUID | TODO_SUID_CHECK;
533 * User didn't request full permissions, so don't
534 * restore SUID, SGID bits and obey umask.
539 a->mode &= ~a->user_umask;
541 if (a->flags & ARCHIVE_EXTRACT_OWNER)
542 a->todo |= TODO_OWNER;
543 if (a->flags & ARCHIVE_EXTRACT_TIME)
544 a->todo |= TODO_TIMES;
545 if (a->flags & ARCHIVE_EXTRACT_ACL) {
546 if (archive_entry_filetype(a->entry) == AE_IFDIR)
547 a->deferred |= TODO_ACLS;
549 a->todo |= TODO_ACLS;
551 if (a->flags & ARCHIVE_EXTRACT_MAC_METADATA) {
552 if (archive_entry_filetype(a->entry) == AE_IFDIR)
553 a->deferred |= TODO_MAC_METADATA;
555 a->todo |= TODO_MAC_METADATA;
557 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
558 if ((a->flags & ARCHIVE_EXTRACT_NO_HFS_COMPRESSION) == 0) {
559 unsigned long set, clear;
560 archive_entry_fflags(a->entry, &set, &clear);
561 if ((set & ~clear) & UF_COMPRESSED) {
562 a->todo |= TODO_HFS_COMPRESSION;
563 a->decmpfs_block_count = (unsigned)-1;
566 if ((a->flags & ARCHIVE_EXTRACT_HFS_COMPRESSION_FORCED) != 0 &&
567 (a->mode & AE_IFMT) == AE_IFREG && a->filesize > 0) {
568 a->todo |= TODO_HFS_COMPRESSION;
569 a->decmpfs_block_count = (unsigned)-1;
574 /* Check if the current file name is a type of the
575 * resource fork file. */
576 p = strrchr(a->name, '/');
581 if (p[0] == '.' && p[1] == '_') {
582 /* Do not compress "._XXX" files. */
583 a->todo &= ~TODO_HFS_COMPRESSION;
585 a->todo |= TODO_APPLEDOUBLE;
590 if (a->flags & ARCHIVE_EXTRACT_XATTR)
591 a->todo |= TODO_XATTR;
592 if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
593 a->todo |= TODO_FFLAGS;
594 if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
595 ret = check_symlinks(a);
596 if (ret != ARCHIVE_OK)
599 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
600 /* If path exceeds PATH_MAX, shorten the path. */
601 edit_deep_directories(a);
604 ret = restore_entry(a);
606 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
608 * Check if the filesystem the file is restoring on supports
609 * HFS+ Compression. If not, cancel HFS+ Compression.
611 if (a->todo | TODO_HFS_COMPRESSION) {
613 * NOTE: UF_COMPRESSED is ignored even if the filesystem
614 * supports HFS+ Compression because the file should
615 * have at least an extended attriute "com.apple.decmpfs"
616 * before the flag is set to indicate that the file have
617 * been compressed. If hte filesystem does not support
618 * HFS+ Compression the system call will fail.
620 if (a->fd < 0 || fchflags(a->fd, UF_COMPRESSED) != 0)
621 a->todo &= ~TODO_HFS_COMPRESSION;
626 * TODO: There are rumours that some extended attributes must
627 * be restored before file data is written. If this is true,
628 * then we either need to write all extended attributes both
629 * before and after restoring the data, or find some rule for
630 * determining which must go first and which last. Due to the
631 * many ways people are using xattrs, this may prove to be an
632 * intractable problem.
636 /* If we changed directory above, restore it here. */
637 if (a->restore_pwd >= 0) {
638 r = fchdir(a->restore_pwd);
640 archive_set_error(&a->archive, errno, "chdir() failure");
643 close(a->restore_pwd);
649 * Fixup uses the unedited pathname from archive_entry_pathname(),
650 * because it is relative to the base dir and the edited path
651 * might be relative to some intermediate dir as a result of the
652 * deep restore logic.
654 if (a->deferred & TODO_MODE) {
655 fe = current_fixup(a, archive_entry_pathname(entry));
657 return (ARCHIVE_FATAL);
658 fe->fixup |= TODO_MODE_BASE;
662 if ((a->deferred & TODO_TIMES)
663 && (archive_entry_mtime_is_set(entry)
664 || archive_entry_atime_is_set(entry))) {
665 fe = current_fixup(a, archive_entry_pathname(entry));
667 return (ARCHIVE_FATAL);
669 fe->fixup |= TODO_TIMES;
670 if (archive_entry_atime_is_set(entry)) {
671 fe->atime = archive_entry_atime(entry);
672 fe->atime_nanos = archive_entry_atime_nsec(entry);
674 /* If atime is unset, use start time. */
675 fe->atime = a->start_time;
678 if (archive_entry_mtime_is_set(entry)) {
679 fe->mtime = archive_entry_mtime(entry);
680 fe->mtime_nanos = archive_entry_mtime_nsec(entry);
682 /* If mtime is unset, use start time. */
683 fe->mtime = a->start_time;
686 if (archive_entry_birthtime_is_set(entry)) {
687 fe->birthtime = archive_entry_birthtime(entry);
688 fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
690 /* If birthtime is unset, use mtime. */
691 fe->birthtime = fe->mtime;
692 fe->birthtime_nanos = fe->mtime_nanos;
696 if (a->deferred & TODO_ACLS) {
697 fe = current_fixup(a, archive_entry_pathname(entry));
699 return (ARCHIVE_FATAL);
700 fe->fixup |= TODO_ACLS;
701 archive_acl_copy(&fe->acl, archive_entry_acl(entry));
704 if (a->deferred & TODO_MAC_METADATA) {
705 const void *metadata;
706 size_t metadata_size;
707 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
708 if (metadata != NULL && metadata_size > 0) {
709 fe = current_fixup(a, archive_entry_pathname(entry));
711 return (ARCHIVE_FATAL);
712 fe->mac_metadata = malloc(metadata_size);
713 if (fe->mac_metadata != NULL) {
714 memcpy(fe->mac_metadata, metadata, metadata_size);
715 fe->mac_metadata_size = metadata_size;
716 fe->fixup |= TODO_MAC_METADATA;
721 if (a->deferred & TODO_FFLAGS) {
722 fe = current_fixup(a, archive_entry_pathname(entry));
724 return (ARCHIVE_FATAL);
725 fe->fixup |= TODO_FFLAGS;
726 /* TODO: Complete this.. defer fflags from below. */
729 /* We've created the object and are ready to pour data into it. */
730 if (ret >= ARCHIVE_WARN)
731 a->archive.state = ARCHIVE_STATE_DATA;
733 * If it's not open, tell our client not to try writing.
734 * In particular, dirs, links, etc, don't get written to.
737 archive_entry_set_size(entry, 0);
745 archive_write_disk_set_skip_file(struct archive *_a, int64_t d, int64_t i)
747 struct archive_write_disk *a = (struct archive_write_disk *)_a;
748 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
749 ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
750 a->skip_file_set = 1;
751 a->skip_file_dev = d;
752 a->skip_file_ino = i;
757 write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
759 uint64_t start_size = size;
760 ssize_t bytes_written = 0;
761 ssize_t block_size = 0, bytes_to_write;
766 if (a->filesize == 0 || a->fd < 0) {
767 archive_set_error(&a->archive, 0,
768 "Attempt to write to an empty file");
769 return (ARCHIVE_WARN);
772 if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
773 #if HAVE_STRUCT_STAT_ST_BLKSIZE
775 if ((r = lazy_stat(a)) != ARCHIVE_OK)
777 block_size = a->pst->st_blksize;
779 /* XXX TODO XXX Is there a more appropriate choice here ? */
780 /* This needn't match the filesystem allocation size. */
781 block_size = 16*1024;
785 /* If this write would run beyond the file size, truncate it. */
786 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
787 start_size = size = (size_t)(a->filesize - a->offset);
789 /* Write the data. */
791 if (block_size == 0) {
792 bytes_to_write = size;
794 /* We're sparsifying the file. */
798 /* Skip leading zero bytes. */
799 for (p = buff, end = buff + size; p < end; ++p) {
803 a->offset += p - buff;
809 /* Calculate next block boundary after offset. */
811 = (a->offset / block_size + 1) * block_size;
813 /* If the adjusted write would cross block boundary,
814 * truncate it to the block boundary. */
815 bytes_to_write = size;
816 if (a->offset + bytes_to_write > block_end)
817 bytes_to_write = block_end - a->offset;
819 /* Seek if necessary to the specified offset. */
820 if (a->offset != a->fd_offset) {
821 if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
822 archive_set_error(&a->archive, errno,
824 return (ARCHIVE_FATAL);
826 a->fd_offset = a->offset;
828 bytes_written = write(a->fd, buff, bytes_to_write);
829 if (bytes_written < 0) {
830 archive_set_error(&a->archive, errno, "Write failed");
831 return (ARCHIVE_WARN);
833 buff += bytes_written;
834 size -= bytes_written;
835 a->total_bytes_written += bytes_written;
836 a->offset += bytes_written;
837 a->fd_offset = a->offset;
839 return (start_size - size);
842 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
843 && defined(HAVE_ZLIB_H)
846 * Set UF_COMPRESSED file flag.
847 * This have to be called after hfs_write_decmpfs() because if the
848 * file does not have "com.apple.decmpfs" xattr the flag is ignored.
851 hfs_set_compressed_fflag(struct archive_write_disk *a)
855 if ((r = lazy_stat(a)) != ARCHIVE_OK)
858 a->st.st_flags |= UF_COMPRESSED;
859 if (fchflags(a->fd, a->st.st_flags) != 0) {
860 archive_set_error(&a->archive, errno,
861 "Failed to set UF_COMPRESSED file flag");
862 return (ARCHIVE_WARN);
868 * HFS+ Compression decmpfs
870 * +------------------------------+ +0
871 * | Magic(LE 4 bytes) |
872 * +------------------------------+
873 * | Type(LE 4 bytes) |
874 * +------------------------------+
875 * | Uncompressed size(LE 8 bytes)|
876 * +------------------------------+ +16
878 * | Compressed data |
879 * | (Placed only if Type == 3) |
881 * +------------------------------+ +3802 = MAX_DECMPFS_XATTR_SIZE
883 * Type is 3: decmpfs has compressed data.
884 * Type is 4: Resource Fork has compressed data.
887 * Write "com.apple.decmpfs"
890 hfs_write_decmpfs(struct archive_write_disk *a)
893 uint32_t compression_type;
895 r = fsetxattr(a->fd, DECMPFS_XATTR_NAME, a->decmpfs_header_p,
896 a->decmpfs_attr_size, 0, 0);
898 archive_set_error(&a->archive, errno,
899 "Cannot restore xattr:%s", DECMPFS_XATTR_NAME);
900 compression_type = archive_le32dec(
901 &a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE]);
902 if (compression_type == CMP_RESOURCE_FORK)
903 fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME,
904 XATTR_SHOWCOMPRESSION);
905 return (ARCHIVE_WARN);
911 * HFS+ Compression Resource Fork
913 * +-----------------------------+
914 * | Header(260 bytes) |
915 * +-----------------------------+
916 * | Block count(LE 4 bytes) |
917 * +-----------------------------+ --+
918 * +-- | Offset (LE 4 bytes) | |
919 * | | [distance from Block count] | | Block 0
920 * | +-----------------------------+ |
921 * | | Compressed size(LE 4 bytes) | |
922 * | +-----------------------------+ --+
924 * | | .................. |
926 * | +-----------------------------+ --+
927 * | | Offset (LE 4 bytes) | |
928 * | +-----------------------------+ | Block (Block count -1)
929 * | | Compressed size(LE 4 bytes) | |
930 * +-> +-----------------------------+ --+
931 * | Compressed data(n bytes) | Block 0
932 * +-----------------------------+
934 * | .................. |
936 * +-----------------------------+
937 * | Compressed data(n bytes) | Block (Block count -1)
938 * +-----------------------------+
939 * | Footer(50 bytes) |
940 * +-----------------------------+
944 * Write the header of "com.apple.ResourceFork"
947 hfs_write_resource_fork(struct archive_write_disk *a, unsigned char *buff,
948 size_t bytes, uint32_t position)
952 ret = fsetxattr(a->fd, XATTR_RESOURCEFORK_NAME, buff, bytes,
953 position, a->rsrc_xattr_options);
955 archive_set_error(&a->archive, errno,
956 "Cannot restore xattr: %s at %u pos %u bytes",
957 XATTR_RESOURCEFORK_NAME,
960 return (ARCHIVE_WARN);
962 a->rsrc_xattr_options &= ~XATTR_CREATE;
967 hfs_write_compressed_data(struct archive_write_disk *a, size_t bytes_compressed)
971 ret = hfs_write_resource_fork(a, a->compressed_buffer,
972 bytes_compressed, a->compressed_rsrc_position);
973 if (ret == ARCHIVE_OK)
974 a->compressed_rsrc_position += bytes_compressed;
979 hfs_write_resource_fork_header(struct archive_write_disk *a)
983 uint32_t rsrc_header_bytes;
986 * Write resource fork header + block info.
988 buff = a->resource_fork;
989 rsrc_bytes = a->compressed_rsrc_position - RSRC_F_SIZE;
991 RSRC_H_SIZE + /* Header base size. */
992 4 + /* Block count. */
993 (a->decmpfs_block_count * 8);/* Block info */
994 archive_be32enc(buff, 0x100);
995 archive_be32enc(buff + 4, rsrc_bytes);
996 archive_be32enc(buff + 8, rsrc_bytes - 256);
997 archive_be32enc(buff + 12, 0x32);
998 memset(buff + 16, 0, 240);
999 archive_be32enc(buff + 256, rsrc_bytes - 260);
1000 return hfs_write_resource_fork(a, buff, rsrc_header_bytes, 0);
1004 hfs_set_resource_fork_footer(unsigned char *buff, size_t buff_size)
1006 static const char rsrc_footer[RSRC_F_SIZE] = {
1007 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1008 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1009 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1010 0x00, 0x1c, 0x00, 0x32, 0x00, 0x00, 'c', 'm',
1011 'p', 'f', 0x00, 0x00, 0x00, 0x0a, 0x00, 0x01,
1012 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
1015 if (buff_size < sizeof(rsrc_footer))
1017 memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
1018 return (sizeof(rsrc_footer));
1022 hfs_reset_compressor(struct archive_write_disk *a)
1026 if (a->stream_valid)
1027 ret = deflateReset(&a->stream);
1029 ret = deflateInit(&a->stream, a->decmpfs_compression_level);
1032 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1033 "Failed to initialize compressor");
1034 return (ARCHIVE_FATAL);
1036 a->stream_valid = 1;
1038 return (ARCHIVE_OK);
1042 hfs_decompress(struct archive_write_disk *a)
1044 uint32_t *block_info;
1045 unsigned int block_count;
1046 uint32_t data_pos, data_size;
1048 ssize_t bytes_written, bytes_to_write;
1051 block_info = (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1052 block_count = archive_le32dec(block_info++);
1053 while (block_count--) {
1054 data_pos = RSRC_H_SIZE + archive_le32dec(block_info++);
1055 data_size = archive_le32dec(block_info++);
1056 r = fgetxattr(a->fd, XATTR_RESOURCEFORK_NAME,
1057 a->compressed_buffer, data_size, data_pos, 0);
1058 if (r != data_size) {
1059 archive_set_error(&a->archive,
1060 (r < 0)?errno:ARCHIVE_ERRNO_MISC,
1061 "Failed to read resource fork");
1062 return (ARCHIVE_WARN);
1064 if (a->compressed_buffer[0] == 0xff) {
1065 bytes_to_write = data_size -1;
1066 b = a->compressed_buffer + 1;
1068 uLong dest_len = MAX_DECMPFS_BLOCK_SIZE;
1071 zr = uncompress((Bytef *)a->uncompressed_buffer,
1072 &dest_len, a->compressed_buffer, data_size);
1074 archive_set_error(&a->archive,
1076 "Failed to decompress resource fork");
1077 return (ARCHIVE_WARN);
1079 bytes_to_write = dest_len;
1080 b = (unsigned char *)a->uncompressed_buffer;
1083 bytes_written = write(a->fd, b, bytes_to_write);
1084 if (bytes_written < 0) {
1085 archive_set_error(&a->archive, errno,
1087 return (ARCHIVE_WARN);
1089 bytes_to_write -= bytes_written;
1091 } while (bytes_to_write > 0);
1093 r = fremovexattr(a->fd, XATTR_RESOURCEFORK_NAME, 0);
1095 archive_set_error(&a->archive, errno,
1096 "Failed to remove resource fork");
1097 return (ARCHIVE_WARN);
1099 return (ARCHIVE_OK);
1103 hfs_drive_compressor(struct archive_write_disk *a, const char *buff,
1106 unsigned char *buffer_compressed;
1107 size_t bytes_compressed;
1111 ret = hfs_reset_compressor(a);
1112 if (ret != ARCHIVE_OK)
1115 if (a->compressed_buffer == NULL) {
1118 block_size = COMPRESSED_W_SIZE + RSRC_F_SIZE +
1119 + compressBound(MAX_DECMPFS_BLOCK_SIZE);
1120 a->compressed_buffer = malloc(block_size);
1121 if (a->compressed_buffer == NULL) {
1122 archive_set_error(&a->archive, ENOMEM,
1123 "Can't allocate memory for Resource Fork");
1124 return (ARCHIVE_FATAL);
1126 a->compressed_buffer_size = block_size;
1127 a->compressed_buffer_remaining = block_size;
1130 buffer_compressed = a->compressed_buffer +
1131 a->compressed_buffer_size - a->compressed_buffer_remaining;
1132 a->stream.next_in = (Bytef *)(uintptr_t)(const void *)buff;
1133 a->stream.avail_in = size;
1134 a->stream.next_out = buffer_compressed;
1135 a->stream.avail_out = a->compressed_buffer_remaining;
1137 ret = deflate(&a->stream, Z_FINISH);
1143 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1144 "Failed to compress data");
1145 return (ARCHIVE_FAILED);
1147 } while (ret == Z_OK);
1148 bytes_compressed = a->compressed_buffer_remaining - a->stream.avail_out;
1151 * If the compressed size is larger than the original size,
1152 * throw away compressed data, use uncompressed data instead.
1154 if (bytes_compressed > size) {
1155 buffer_compressed[0] = 0xFF;/* uncompressed marker. */
1156 memcpy(buffer_compressed + 1, buff, size);
1157 bytes_compressed = size + 1;
1159 a->compressed_buffer_remaining -= bytes_compressed;
1162 * If the compressed size is smaller than MAX_DECMPFS_XATTR_SIZE
1163 * and the block count in the file is only one, store compressed
1164 * data to decmpfs xattr instead of the resource fork.
1166 if (a->decmpfs_block_count == 1 &&
1167 (a->decmpfs_attr_size + bytes_compressed)
1168 <= MAX_DECMPFS_XATTR_SIZE) {
1169 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1171 memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
1172 buffer_compressed, bytes_compressed);
1173 a->decmpfs_attr_size += bytes_compressed;
1174 a->compressed_buffer_remaining = a->compressed_buffer_size;
1176 * Finish HFS+ Compression.
1177 * - Write the decmpfs xattr.
1178 * - Set the UF_COMPRESSED file flag.
1180 ret = hfs_write_decmpfs(a);
1181 if (ret == ARCHIVE_OK)
1182 ret = hfs_set_compressed_fflag(a);
1186 /* Update block info. */
1187 archive_le32enc(a->decmpfs_block_info++,
1188 a->compressed_rsrc_position_v - RSRC_H_SIZE);
1189 archive_le32enc(a->decmpfs_block_info++, bytes_compressed);
1190 a->compressed_rsrc_position_v += bytes_compressed;
1193 * Write the compressed data to the resource fork.
1195 bytes_used = a->compressed_buffer_size - a->compressed_buffer_remaining;
1196 while (bytes_used >= COMPRESSED_W_SIZE) {
1197 ret = hfs_write_compressed_data(a, COMPRESSED_W_SIZE);
1198 if (ret != ARCHIVE_OK)
1200 bytes_used -= COMPRESSED_W_SIZE;
1201 if (bytes_used > COMPRESSED_W_SIZE)
1202 memmove(a->compressed_buffer,
1203 a->compressed_buffer + COMPRESSED_W_SIZE,
1206 memcpy(a->compressed_buffer,
1207 a->compressed_buffer + COMPRESSED_W_SIZE,
1210 a->compressed_buffer_remaining = a->compressed_buffer_size - bytes_used;
1213 * If the current block is the last block, write the remaining
1214 * compressed data and the resource fork footer.
1216 if (a->file_remaining_bytes == 0) {
1220 /* Append the resource footer. */
1221 rsrc_size = hfs_set_resource_fork_footer(
1222 a->compressed_buffer + bytes_used,
1223 a->compressed_buffer_remaining);
1224 ret = hfs_write_compressed_data(a, bytes_used + rsrc_size);
1225 a->compressed_buffer_remaining = a->compressed_buffer_size;
1227 /* If the compressed size is not enouph smaller than
1228 * the uncompressed size. cancel HFS+ compression.
1229 * TODO: study a behavior of ditto utility and improve
1230 * the condition to fall back into no HFS+ compression. */
1231 bk = HFS_BLOCKS(a->compressed_rsrc_position);
1233 if (bk > HFS_BLOCKS(a->filesize))
1234 return hfs_decompress(a);
1236 * Write the resourcefork header.
1238 if (ret == ARCHIVE_OK)
1239 ret = hfs_write_resource_fork_header(a);
1241 * Finish HFS+ Compression.
1242 * - Write the decmpfs xattr.
1243 * - Set the UF_COMPRESSED file flag.
1245 if (ret == ARCHIVE_OK)
1246 ret = hfs_write_decmpfs(a);
1247 if (ret == ARCHIVE_OK)
1248 ret = hfs_set_compressed_fflag(a);
1254 hfs_write_decmpfs_block(struct archive_write_disk *a, const char *buff,
1257 const char *buffer_to_write;
1258 size_t bytes_to_write;
1261 if (a->decmpfs_block_count == (unsigned)-1) {
1264 unsigned int block_count;
1266 if (a->decmpfs_header_p == NULL) {
1267 new_block = malloc(MAX_DECMPFS_XATTR_SIZE
1268 + sizeof(uint32_t));
1269 if (new_block == NULL) {
1270 archive_set_error(&a->archive, ENOMEM,
1271 "Can't allocate memory for decmpfs");
1272 return (ARCHIVE_FATAL);
1274 a->decmpfs_header_p = new_block;
1276 a->decmpfs_attr_size = DECMPFS_HEADER_SIZE;
1277 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_MAGIC],
1279 archive_le32enc(&a->decmpfs_header_p[DECMPFS_COMPRESSION_TYPE],
1281 archive_le64enc(&a->decmpfs_header_p[DECMPFS_UNCOMPRESSED_SIZE],
1284 /* Calculate a block count of the file. */
1286 (a->filesize + MAX_DECMPFS_BLOCK_SIZE -1) /
1287 MAX_DECMPFS_BLOCK_SIZE;
1289 * Allocate buffer for resource fork.
1290 * Set up related pointers;
1293 RSRC_H_SIZE + /* header */
1294 4 + /* Block count */
1295 (block_count * sizeof(uint32_t) * 2) +
1296 RSRC_F_SIZE; /* footer */
1297 if (new_size > a->resource_fork_allocated_size) {
1298 new_block = realloc(a->resource_fork, new_size);
1299 if (new_block == NULL) {
1300 archive_set_error(&a->archive, ENOMEM,
1301 "Can't allocate memory for ResourceFork");
1302 return (ARCHIVE_FATAL);
1304 a->resource_fork_allocated_size = new_size;
1305 a->resource_fork = new_block;
1308 /* Allocate uncompressed buffer */
1309 if (a->uncompressed_buffer == NULL) {
1310 new_block = malloc(MAX_DECMPFS_BLOCK_SIZE);
1311 if (new_block == NULL) {
1312 archive_set_error(&a->archive, ENOMEM,
1313 "Can't allocate memory for decmpfs");
1314 return (ARCHIVE_FATAL);
1316 a->uncompressed_buffer = new_block;
1318 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1319 a->file_remaining_bytes = a->filesize;
1320 a->compressed_buffer_remaining = a->compressed_buffer_size;
1323 * Set up a resource fork.
1325 a->rsrc_xattr_options = XATTR_CREATE;
1326 /* Get the position where we are going to set a bunch
1328 a->decmpfs_block_info =
1329 (uint32_t *)(a->resource_fork + RSRC_H_SIZE);
1330 /* Set the block count to the resource fork. */
1331 archive_le32enc(a->decmpfs_block_info++, block_count);
1332 /* Get the position where we are goint to set compressed
1334 a->compressed_rsrc_position =
1335 RSRC_H_SIZE + 4 + (block_count * 8);
1336 a->compressed_rsrc_position_v = a->compressed_rsrc_position;
1337 a->decmpfs_block_count = block_count;
1340 /* Ignore redundant bytes. */
1341 if (a->file_remaining_bytes == 0)
1342 return ((ssize_t)size);
1344 /* Do not overrun a block size. */
1345 if (size > a->block_remaining_bytes)
1346 bytes_to_write = a->block_remaining_bytes;
1348 bytes_to_write = size;
1349 /* Do not overrun the file size. */
1350 if (bytes_to_write > a->file_remaining_bytes)
1351 bytes_to_write = a->file_remaining_bytes;
1353 /* For efficiency, if a copy length is full of the uncompressed
1354 * buffer size, do not copy writing data to it. */
1355 if (bytes_to_write == MAX_DECMPFS_BLOCK_SIZE)
1356 buffer_to_write = buff;
1358 memcpy(a->uncompressed_buffer +
1359 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes,
1360 buff, bytes_to_write);
1361 buffer_to_write = a->uncompressed_buffer;
1363 a->block_remaining_bytes -= bytes_to_write;
1364 a->file_remaining_bytes -= bytes_to_write;
1366 if (a->block_remaining_bytes == 0 || a->file_remaining_bytes == 0) {
1367 ret = hfs_drive_compressor(a, buffer_to_write,
1368 MAX_DECMPFS_BLOCK_SIZE - a->block_remaining_bytes);
1371 a->block_remaining_bytes = MAX_DECMPFS_BLOCK_SIZE;
1373 /* Ignore redundant bytes. */
1374 if (a->file_remaining_bytes == 0)
1375 return ((ssize_t)size);
1376 return (bytes_to_write);
1380 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1383 uint64_t start_size = size;
1384 ssize_t bytes_written = 0;
1385 ssize_t bytes_to_write;
1388 return (ARCHIVE_OK);
1390 if (a->filesize == 0 || a->fd < 0) {
1391 archive_set_error(&a->archive, 0,
1392 "Attempt to write to an empty file");
1393 return (ARCHIVE_WARN);
1396 /* If this write would run beyond the file size, truncate it. */
1397 if (a->filesize >= 0 && (int64_t)(a->offset + size) > a->filesize)
1398 start_size = size = (size_t)(a->filesize - a->offset);
1400 /* Write the data. */
1402 bytes_to_write = size;
1403 /* Seek if necessary to the specified offset. */
1404 if (a->offset < a->fd_offset) {
1405 /* Can't support backword move. */
1406 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1408 return (ARCHIVE_FATAL);
1409 } else if (a->offset > a->fd_offset) {
1410 int64_t skip = a->offset - a->fd_offset;
1411 char nullblock[1024];
1413 memset(nullblock, 0, sizeof(nullblock));
1415 if (skip > (int64_t)sizeof(nullblock))
1416 bytes_written = hfs_write_decmpfs_block(
1417 a, nullblock, sizeof(nullblock));
1419 bytes_written = hfs_write_decmpfs_block(
1420 a, nullblock, skip);
1421 if (bytes_written < 0) {
1422 archive_set_error(&a->archive, errno,
1424 return (ARCHIVE_WARN);
1426 skip -= bytes_written;
1429 a->fd_offset = a->offset;
1432 hfs_write_decmpfs_block(a, buff, bytes_to_write);
1433 if (bytes_written < 0)
1434 return (bytes_written);
1435 buff += bytes_written;
1436 size -= bytes_written;
1437 a->total_bytes_written += bytes_written;
1438 a->offset += bytes_written;
1439 a->fd_offset = a->offset;
1441 return (start_size - size);
1445 hfs_write_data_block(struct archive_write_disk *a, const char *buff,
1448 return (write_data_block(a, buff, size));
1453 _archive_write_disk_data_block(struct archive *_a,
1454 const void *buff, size_t size, int64_t offset)
1456 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1459 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1460 ARCHIVE_STATE_DATA, "archive_write_data_block");
1463 if (a->todo & TODO_HFS_COMPRESSION)
1464 r = hfs_write_data_block(a, buff, size);
1466 r = write_data_block(a, buff, size);
1469 if ((size_t)r < size) {
1470 archive_set_error(&a->archive, 0,
1471 "Too much data: Truncating file at %ju bytes", (uintmax_t)a->filesize);
1472 return (ARCHIVE_WARN);
1474 #if ARCHIVE_VERSION_NUMBER < 3999000
1475 return (ARCHIVE_OK);
1482 _archive_write_disk_data(struct archive *_a, const void *buff, size_t size)
1484 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1486 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1487 ARCHIVE_STATE_DATA, "archive_write_data");
1489 if (a->todo & TODO_HFS_COMPRESSION)
1490 return (hfs_write_data_block(a, buff, size));
1491 return (write_data_block(a, buff, size));
1495 _archive_write_disk_finish_entry(struct archive *_a)
1497 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1498 int ret = ARCHIVE_OK;
1500 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1501 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
1502 "archive_write_finish_entry");
1503 if (a->archive.state & ARCHIVE_STATE_HEADER)
1504 return (ARCHIVE_OK);
1505 archive_clear_error(&a->archive);
1507 /* Pad or truncate file to the right size. */
1509 /* There's no file. */
1510 } else if (a->filesize < 0) {
1511 /* File size is unknown, so we can't set the size. */
1512 } else if (a->fd_offset == a->filesize) {
1513 /* Last write ended at exactly the filesize; we're done. */
1514 /* Hopefully, this is the common case. */
1515 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_ZLIB_H)
1516 } else if (a->todo & TODO_HFS_COMPRESSION) {
1520 if (a->file_remaining_bytes)
1521 memset(null_d, 0, sizeof(null_d));
1522 while (a->file_remaining_bytes) {
1523 if (a->file_remaining_bytes > sizeof(null_d))
1524 r = hfs_write_data_block(
1525 a, null_d, sizeof(null_d));
1527 r = hfs_write_data_block(
1528 a, null_d, a->file_remaining_bytes);
1535 if (ftruncate(a->fd, a->filesize) == -1 &&
1537 archive_set_error(&a->archive, errno,
1538 "File size could not be restored");
1539 return (ARCHIVE_FAILED);
1543 * Not all platforms implement the XSI option to
1544 * extend files via ftruncate. Stat() the file again
1545 * to see what happened.
1548 if ((ret = lazy_stat(a)) != ARCHIVE_OK)
1550 /* We can use lseek()/write() to extend the file if
1551 * ftruncate didn't work or isn't available. */
1552 if (a->st.st_size < a->filesize) {
1553 const char nul = '\0';
1554 if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
1555 archive_set_error(&a->archive, errno,
1557 return (ARCHIVE_FATAL);
1559 if (write(a->fd, &nul, 1) < 0) {
1560 archive_set_error(&a->archive, errno,
1561 "Write to restore size failed");
1562 return (ARCHIVE_FATAL);
1568 /* Restore metadata. */
1571 * This is specific to Mac OS X.
1572 * If the current file is an AppleDouble file, it should be
1573 * linked with the data fork file and remove it.
1575 if (a->todo & TODO_APPLEDOUBLE) {
1576 int r2 = fixup_appledouble(a, a->name);
1577 if (r2 == ARCHIVE_EOF) {
1578 /* The current file has been successfully linked
1579 * with the data fork file and removed. So there
1580 * is nothing to do on the current file. */
1581 goto finish_metadata;
1583 if (r2 < ret) ret = r2;
1587 * Look up the "real" UID only if we're going to need it.
1588 * TODO: the TODO_SGID condition can be dropped here, can't it?
1590 if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
1591 a->uid = archive_write_disk_uid(&a->archive,
1592 archive_entry_uname(a->entry),
1593 archive_entry_uid(a->entry));
1595 /* Look up the "real" GID only if we're going to need it. */
1596 /* TODO: the TODO_SUID condition can be dropped here, can't it? */
1597 if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
1598 a->gid = archive_write_disk_gid(&a->archive,
1599 archive_entry_gname(a->entry),
1600 archive_entry_gid(a->entry));
1604 * Restore ownership before set_mode tries to restore suid/sgid
1605 * bits. If we set the owner, we know what it is and can skip
1606 * a stat() call to examine the ownership of the file on disk.
1608 if (a->todo & TODO_OWNER) {
1609 int r2 = set_ownership(a);
1610 if (r2 < ret) ret = r2;
1614 * set_mode must precede ACLs on systems such as Solaris and
1615 * FreeBSD where setting the mode implicitly clears extended ACLs
1617 if (a->todo & TODO_MODE) {
1618 int r2 = set_mode(a, a->mode);
1619 if (r2 < ret) ret = r2;
1623 * Security-related extended attributes (such as
1624 * security.capability on Linux) have to be restored last,
1625 * since they're implicitly removed by other file changes.
1627 if (a->todo & TODO_XATTR) {
1628 int r2 = set_xattrs(a);
1629 if (r2 < ret) ret = r2;
1633 * Some flags prevent file modification; they must be restored after
1634 * file contents are written.
1636 if (a->todo & TODO_FFLAGS) {
1637 int r2 = set_fflags(a);
1638 if (r2 < ret) ret = r2;
1642 * Time must follow most other metadata;
1643 * otherwise atime will get changed.
1645 if (a->todo & TODO_TIMES) {
1646 int r2 = set_times_from_entry(a);
1647 if (r2 < ret) ret = r2;
1651 * Mac extended metadata includes ACLs.
1653 if (a->todo & TODO_MAC_METADATA) {
1654 const void *metadata;
1655 size_t metadata_size;
1656 metadata = archive_entry_mac_metadata(a->entry, &metadata_size);
1657 if (metadata != NULL && metadata_size > 0) {
1658 int r2 = set_mac_metadata(a, archive_entry_pathname(
1659 a->entry), metadata, metadata_size);
1660 if (r2 < ret) ret = r2;
1665 * ACLs must be restored after timestamps because there are
1666 * ACLs that prevent attribute changes (including time).
1668 if (a->todo & TODO_ACLS) {
1669 int r2 = archive_write_disk_set_acls(&a->archive, a->fd,
1670 archive_entry_pathname(a->entry),
1671 archive_entry_acl(a->entry));
1672 if (r2 < ret) ret = r2;
1676 /* If there's an fd, we can close it now. */
1681 /* If there's an entry, we can release it now. */
1683 archive_entry_free(a->entry);
1686 a->archive.state = ARCHIVE_STATE_HEADER;
1691 archive_write_disk_set_group_lookup(struct archive *_a,
1693 int64_t (*lookup_gid)(void *private, const char *gname, int64_t gid),
1694 void (*cleanup_gid)(void *private))
1696 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1697 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1698 ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
1700 if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
1701 (a->cleanup_gid)(a->lookup_gid_data);
1703 a->lookup_gid = lookup_gid;
1704 a->cleanup_gid = cleanup_gid;
1705 a->lookup_gid_data = private_data;
1706 return (ARCHIVE_OK);
1710 archive_write_disk_set_user_lookup(struct archive *_a,
1712 int64_t (*lookup_uid)(void *private, const char *uname, int64_t uid),
1713 void (*cleanup_uid)(void *private))
1715 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1716 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1717 ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
1719 if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
1720 (a->cleanup_uid)(a->lookup_uid_data);
1722 a->lookup_uid = lookup_uid;
1723 a->cleanup_uid = cleanup_uid;
1724 a->lookup_uid_data = private_data;
1725 return (ARCHIVE_OK);
1729 archive_write_disk_gid(struct archive *_a, const char *name, int64_t id)
1731 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1732 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1733 ARCHIVE_STATE_ANY, "archive_write_disk_gid");
1735 return (a->lookup_gid)(a->lookup_gid_data, name, id);
1740 archive_write_disk_uid(struct archive *_a, const char *name, int64_t id)
1742 struct archive_write_disk *a = (struct archive_write_disk *)_a;
1743 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
1744 ARCHIVE_STATE_ANY, "archive_write_disk_uid");
1746 return (a->lookup_uid)(a->lookup_uid_data, name, id);
1751 * Create a new archive_write_disk object and initialize it with global state.
1754 archive_write_disk_new(void)
1756 struct archive_write_disk *a;
1758 a = (struct archive_write_disk *)malloc(sizeof(*a));
1761 memset(a, 0, sizeof(*a));
1762 a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
1763 /* We're ready to write a header immediately. */
1764 a->archive.state = ARCHIVE_STATE_HEADER;
1765 a->archive.vtable = archive_write_disk_vtable();
1766 a->start_time = time(NULL);
1767 /* Query and restore the umask. */
1768 umask(a->user_umask = umask(0));
1770 a->user_uid = geteuid();
1771 #endif /* HAVE_GETEUID */
1772 if (archive_string_ensure(&a->path_safe, 512) == NULL) {
1777 a->decmpfs_compression_level = 5;
1779 return (&a->archive);
1784 * If pathname is longer than PATH_MAX, chdir to a suitable
1785 * intermediate dir and edit the path down to a shorter suffix. Note
1786 * that this routine never returns an error; if the chdir() attempt
1787 * fails for any reason, we just go ahead with the long pathname. The
1788 * object creation is likely to fail, but any error will get handled
1791 #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
1793 edit_deep_directories(struct archive_write_disk *a)
1796 char *tail = a->name;
1798 /* If path is short, avoid the open() below. */
1799 if (strlen(tail) <= PATH_MAX)
1802 /* Try to record our starting dir. */
1803 a->restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
1804 __archive_ensure_cloexec_flag(a->restore_pwd);
1805 if (a->restore_pwd < 0)
1808 /* As long as the path is too long... */
1809 while (strlen(tail) > PATH_MAX) {
1810 /* Locate a dir prefix shorter than PATH_MAX. */
1811 tail += PATH_MAX - 8;
1812 while (tail > a->name && *tail != '/')
1814 /* Exit if we find a too-long path component. */
1815 if (tail <= a->name)
1817 /* Create the intermediate dir and chdir to it. */
1818 *tail = '\0'; /* Terminate dir portion */
1819 ret = create_dir(a, a->name);
1820 if (ret == ARCHIVE_OK && chdir(a->name) != 0)
1821 ret = ARCHIVE_FAILED;
1822 *tail = '/'; /* Restore the / we removed. */
1823 if (ret != ARCHIVE_OK)
1826 /* The chdir() succeeded; we've now shortened the path. */
1834 * The main restore function.
1837 restore_entry(struct archive_write_disk *a)
1839 int ret = ARCHIVE_OK, en;
1841 if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
1843 * TODO: Fix this. Apparently, there are platforms
1844 * that still allow root to hose the entire filesystem
1845 * by unlinking a dir. The S_ISDIR() test above
1846 * prevents us from using unlink() here if the new
1847 * object is a dir, but that doesn't mean the old
1848 * object isn't a dir.
1850 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
1851 (void)clear_nochange_fflags(a);
1852 if (unlink(a->name) == 0) {
1853 /* We removed it, reset cached stat. */
1855 } else if (errno == ENOENT) {
1856 /* File didn't exist, that's just as good. */
1857 } else if (rmdir(a->name) == 0) {
1858 /* It was a dir, but now it's gone. */
1861 /* We tried, but couldn't get rid of it. */
1862 archive_set_error(&a->archive, errno,
1863 "Could not unlink");
1864 return(ARCHIVE_FAILED);
1868 /* Try creating it first; if this fails, we'll try to recover. */
1869 en = create_filesystem_object(a);
1871 if ((en == ENOTDIR || en == ENOENT)
1872 && !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
1873 /* If the parent dir doesn't exist, try creating it. */
1874 create_parent_dir(a, a->name);
1875 /* Now try to create the object again. */
1876 en = create_filesystem_object(a);
1879 if ((en == ENOENT) && (archive_entry_hardlink(a->entry) != NULL)) {
1880 archive_set_error(&a->archive, en,
1881 "Hard-link target '%s' does not exist.",
1882 archive_entry_hardlink(a->entry));
1883 return (ARCHIVE_FAILED);
1886 if ((en == EISDIR || en == EEXIST)
1887 && (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
1888 /* If we're not overwriting, we're done. */
1889 archive_entry_unset_size(a->entry);
1890 return (ARCHIVE_OK);
1894 * Some platforms return EISDIR if you call
1895 * open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
1896 * return EEXIST. POSIX is ambiguous, requiring EISDIR
1897 * for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
1898 * on an existing item.
1901 /* A dir is in the way of a non-dir, rmdir it. */
1902 if (rmdir(a->name) != 0) {
1903 archive_set_error(&a->archive, errno,
1904 "Can't remove already-existing dir");
1905 return (ARCHIVE_FAILED);
1909 en = create_filesystem_object(a);
1910 } else if (en == EEXIST) {
1912 * We know something is in the way, but we don't know what;
1913 * we need to find out before we go any further.
1917 * The SECURE_SYMLINKS logic has already removed a
1918 * symlink to a dir if the client wants that. So
1919 * follow the symlink if we're creating a dir.
1921 if (S_ISDIR(a->mode))
1922 r = stat(a->name, &a->st);
1924 * If it's not a dir (or it's a broken symlink),
1925 * then don't follow it.
1927 if (r != 0 || !S_ISDIR(a->mode))
1928 r = lstat(a->name, &a->st);
1930 archive_set_error(&a->archive, errno,
1931 "Can't stat existing object");
1932 return (ARCHIVE_FAILED);
1936 * NO_OVERWRITE_NEWER doesn't apply to directories.
1938 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
1939 && !S_ISDIR(a->st.st_mode)) {
1940 if (!older(&(a->st), a->entry)) {
1941 archive_entry_unset_size(a->entry);
1942 return (ARCHIVE_OK);
1946 /* If it's our archive, we're done. */
1947 if (a->skip_file_set &&
1948 a->st.st_dev == (dev_t)a->skip_file_dev &&
1949 a->st.st_ino == (ino_t)a->skip_file_ino) {
1950 archive_set_error(&a->archive, 0,
1951 "Refusing to overwrite archive");
1952 return (ARCHIVE_FAILED);
1955 if (!S_ISDIR(a->st.st_mode)) {
1956 /* A non-dir is in the way, unlink it. */
1957 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
1958 (void)clear_nochange_fflags(a);
1959 if (unlink(a->name) != 0) {
1960 archive_set_error(&a->archive, errno,
1961 "Can't unlink already-existing object");
1962 return (ARCHIVE_FAILED);
1966 en = create_filesystem_object(a);
1967 } else if (!S_ISDIR(a->mode)) {
1968 /* A dir is in the way of a non-dir, rmdir it. */
1969 if (a->flags & ARCHIVE_EXTRACT_CLEAR_NOCHANGE_FFLAGS)
1970 (void)clear_nochange_fflags(a);
1971 if (rmdir(a->name) != 0) {
1972 archive_set_error(&a->archive, errno,
1973 "Can't replace existing directory with non-directory");
1974 return (ARCHIVE_FAILED);
1977 en = create_filesystem_object(a);
1980 * There's a dir in the way of a dir. Don't
1981 * waste time with rmdir()/mkdir(), just fix
1982 * up the permissions on the existing dir.
1983 * Note that we don't change perms on existing
1984 * dirs unless _EXTRACT_PERM is specified.
1986 if ((a->mode != a->st.st_mode)
1987 && (a->todo & TODO_MODE_FORCE))
1988 a->deferred |= (a->todo & TODO_MODE);
1989 /* Ownership doesn't need deferred fixup. */
1990 en = 0; /* Forget the EEXIST. */
1995 /* Everything failed; give up here. */
1996 archive_set_error(&a->archive, en, "Can't create '%s'",
1998 return (ARCHIVE_FAILED);
2001 a->pst = NULL; /* Cached stat data no longer valid. */
2006 * Returns 0 if creation succeeds, or else returns errno value from
2007 * the failed system call. Note: This function should only ever perform
2008 * a single system call.
2011 create_filesystem_object(struct archive_write_disk *a)
2013 /* Create the entry. */
2014 const char *linkname;
2015 mode_t final_mode, mode;
2018 /* We identify hard/symlinks according to the link names. */
2019 /* Since link(2) and symlink(2) don't handle modes, we're done here. */
2020 linkname = archive_entry_hardlink(a->entry);
2021 if (linkname != NULL) {
2025 r = link(linkname, a->name) ? errno : 0;
2027 * New cpio and pax formats allow hardlink entries
2028 * to carry data, so we may have to open the file
2029 * for hardlink entries.
2031 * If the hardlink was successfully created and
2032 * the archive doesn't have carry data for it,
2033 * consider it to be non-authoritative for meta data.
2034 * This is consistent with GNU tar and BSD pax.
2035 * If the hardlink does carry data, let the last
2036 * archive entry decide ownership.
2038 if (r == 0 && a->filesize <= 0) {
2041 } else if (r == 0 && a->filesize > 0) {
2042 a->fd = open(a->name,
2043 O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
2044 __archive_ensure_cloexec_flag(a->fd);
2051 linkname = archive_entry_symlink(a->entry);
2052 if (linkname != NULL) {
2054 return symlink(linkname, a->name) ? errno : 0;
2061 * The remaining system calls all set permissions, so let's
2062 * try to take advantage of that to avoid an extra chmod()
2063 * call. (Recall that umask is set to zero right now!)
2066 /* Mode we want for the final restored object (w/o file type bits). */
2067 final_mode = a->mode & 07777;
2069 * The mode that will actually be restored in this step. Note
2070 * that SUID, SGID, etc, require additional work to ensure
2071 * security, so we never restore them at this point.
2073 mode = final_mode & 0777 & ~a->user_umask;
2075 switch (a->mode & AE_IFMT) {
2077 /* POSIX requires that we fall through here. */
2080 a->fd = open(a->name,
2081 O_WRONLY | O_CREAT | O_EXCL | O_BINARY | O_CLOEXEC, mode);
2082 __archive_ensure_cloexec_flag(a->fd);
2087 /* Note: we use AE_IFCHR for the case label, and
2088 * S_IFCHR for the mknod() call. This is correct. */
2089 r = mknod(a->name, mode | S_IFCHR,
2090 archive_entry_rdev(a->entry));
2093 /* TODO: Find a better way to warn about our inability
2094 * to restore a char device node. */
2096 #endif /* HAVE_MKNOD */
2099 r = mknod(a->name, mode | S_IFBLK,
2100 archive_entry_rdev(a->entry));
2103 /* TODO: Find a better way to warn about our inability
2104 * to restore a block device node. */
2106 #endif /* HAVE_MKNOD */
2108 mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
2109 r = mkdir(a->name, mode);
2111 /* Defer setting dir times. */
2112 a->deferred |= (a->todo & TODO_TIMES);
2113 a->todo &= ~TODO_TIMES;
2114 /* Never use an immediate chmod(). */
2115 /* We can't avoid the chmod() entirely if EXTRACT_PERM
2116 * because of SysV SGID inheritance. */
2117 if ((mode != final_mode)
2118 || (a->flags & ARCHIVE_EXTRACT_PERM))
2119 a->deferred |= (a->todo & TODO_MODE);
2120 a->todo &= ~TODO_MODE;
2125 r = mkfifo(a->name, mode);
2128 /* TODO: Find a better way to warn about our inability
2129 * to restore a fifo. */
2131 #endif /* HAVE_MKFIFO */
2134 /* All the system calls above set errno on failure. */
2138 /* If we managed to set the final mode, we've avoided a chmod(). */
2139 if (mode == final_mode)
2140 a->todo &= ~TODO_MODE;
2145 * Cleanup function for archive_extract. Mostly, this involves processing
2146 * the fixup list, which is used to address a number of problems:
2147 * * Dir permissions might prevent us from restoring a file in that
2148 * dir, so we restore the dir with minimum 0700 permissions first,
2149 * then correct the mode at the end.
2150 * * Similarly, the act of restoring a file touches the directory
2151 * and changes the timestamp on the dir, so we have to touch-up dir
2152 * timestamps at the end as well.
2153 * * Some file flags can interfere with the restore by, for example,
2154 * preventing the creation of hardlinks to those files.
2155 * * Mac OS extended metadata includes ACLs, so must be deferred on dirs.
2157 * Note that tar/cpio do not require that archives be in a particular
2158 * order; there is no way to know when the last file has been restored
2159 * within a directory, so there's no way to optimize the memory usage
2160 * here by fixing up the directory any earlier than the
2163 * XXX TODO: Directory ACLs should be restored here, for the same
2164 * reason we set directory perms here. XXX
2167 _archive_write_disk_close(struct archive *_a)
2169 struct archive_write_disk *a = (struct archive_write_disk *)_a;
2170 struct fixup_entry *next, *p;
2173 archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
2174 ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
2175 "archive_write_disk_close");
2176 ret = _archive_write_disk_finish_entry(&a->archive);
2178 /* Sort dir list so directories are fixed up in depth-first order. */
2179 p = sort_dir_list(a->fixup_list);
2182 a->pst = NULL; /* Mark stat cache as out-of-date. */
2183 if (p->fixup & TODO_TIMES) {
2184 set_times(a, -1, p->mode, p->name,
2185 p->atime, p->atime_nanos,
2186 p->birthtime, p->birthtime_nanos,
2187 p->mtime, p->mtime_nanos,
2188 p->ctime, p->ctime_nanos);
2190 if (p->fixup & TODO_MODE_BASE)
2191 chmod(p->name, p->mode);
2192 if (p->fixup & TODO_ACLS)
2193 archive_write_disk_set_acls(&a->archive,
2194 -1, p->name, &p->acl);
2195 if (p->fixup & TODO_FFLAGS)
2196 set_fflags_platform(a, -1, p->name,
2197 p->mode, p->fflags_set, 0);
2198 if (p->fixup & TODO_MAC_METADATA)
2199 set_mac_metadata(a, p->name, p->mac_metadata,
2200 p->mac_metadata_size);
2202 archive_acl_clear(&p->acl);
2203 free(p->mac_metadata);
2208 a->fixup_list = NULL;
2213 _archive_write_disk_free(struct archive *_a)
2215 struct archive_write_disk *a;
2218 return (ARCHIVE_OK);
2219 archive_check_magic(_a, ARCHIVE_WRITE_DISK_MAGIC,
2220 ARCHIVE_STATE_ANY | ARCHIVE_STATE_FATAL, "archive_write_disk_free");
2221 a = (struct archive_write_disk *)_a;
2222 ret = _archive_write_disk_close(&a->archive);
2223 archive_write_disk_set_group_lookup(&a->archive, NULL, NULL, NULL);
2224 archive_write_disk_set_user_lookup(&a->archive, NULL, NULL, NULL);
2226 archive_entry_free(a->entry);
2227 archive_string_free(&a->_name_data);
2228 archive_string_free(&a->archive.error_string);
2229 archive_string_free(&a->path_safe);
2230 a->archive.magic = 0;
2231 __archive_clean(&a->archive);
2232 free(a->decmpfs_header_p);
2233 free(a->resource_fork);
2234 free(a->compressed_buffer);
2235 free(a->uncompressed_buffer);
2236 #if defined(__APPLE__) && defined(UF_COMPRESSED) && defined(HAVE_SYS_XATTR_H)\
2237 && defined(HAVE_ZLIB_H)
2238 if (a->stream_valid) {
2239 switch (deflateEnd(&a->stream)) {
2243 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2244 "Failed to clean up compressor");
2245 ret = ARCHIVE_FATAL;
2255 * Simple O(n log n) merge sort to order the fixup list. In
2256 * particular, we want to restore dir timestamps depth-first.
2258 static struct fixup_entry *
2259 sort_dir_list(struct fixup_entry *p)
2261 struct fixup_entry *a, *b, *t;
2265 /* A one-item list is already sorted. */
2266 if (p->next == NULL)
2269 /* Step 1: split the list. */
2273 /* Step a twice, t once. */
2279 /* Now, t is at the mid-point, so break the list here. */
2284 /* Step 2: Recursively sort the two sub-lists. */
2285 a = sort_dir_list(a);
2286 b = sort_dir_list(b);
2288 /* Step 3: Merge the returned lists. */
2289 /* Pick the first element for the merged list. */
2290 if (strcmp(a->name, b->name) > 0) {
2298 /* Always put the later element on the list first. */
2299 while (a != NULL && b != NULL) {
2300 if (strcmp(a->name, b->name) > 0) {
2310 /* Only one list is non-empty, so just splice it on. */
2320 * Returns a new, initialized fixup entry.
2322 * TODO: Reduce the memory requirements for this list by using a tree
2323 * structure rather than a simple list of names.
2325 static struct fixup_entry *
2326 new_fixup(struct archive_write_disk *a, const char *pathname)
2328 struct fixup_entry *fe;
2330 fe = (struct fixup_entry *)calloc(1, sizeof(struct fixup_entry));
2332 archive_set_error(&a->archive, ENOMEM,
2333 "Can't allocate memory for a fixup");
2336 fe->next = a->fixup_list;
2339 fe->name = strdup(pathname);
2344 * Returns a fixup structure for the current entry.
2346 static struct fixup_entry *
2347 current_fixup(struct archive_write_disk *a, const char *pathname)
2349 if (a->current_fixup == NULL)
2350 a->current_fixup = new_fixup(a, pathname);
2351 return (a->current_fixup);
2354 /* TODO: Make this work. */
2356 * TODO: The deep-directory support bypasses this; disable deep directory
2357 * support if we're doing symlink checks.
2360 * TODO: Someday, integrate this with the deep dir support; they both
2361 * scan the path and both can be optimized by comparing against other
2364 /* TODO: Extend this to support symlinks on Windows Vista and later. */
2366 check_symlinks(struct archive_write_disk *a)
2368 #if !defined(HAVE_LSTAT)
2369 /* Platform doesn't have lstat, so we can't look for symlinks. */
2370 (void)a; /* UNUSED */
2371 return (ARCHIVE_OK);
2379 * Guard against symlink tricks. Reject any archive entry whose
2380 * destination would be altered by a symlink.
2382 /* Whatever we checked last time doesn't need to be re-checked. */
2384 if (archive_strlen(&(a->path_safe)) > 0) {
2385 char *p = a->path_safe.s;
2386 while ((*pn != '\0') && (*p == *pn))
2389 /* Skip the root directory if the path is absolute. */
2390 if(pn == a->name && pn[0] == '/')
2393 /* Keep going until we've checked the entire name. */
2394 while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
2395 /* Skip the next path element. */
2396 while (*pn != '\0' && *pn != '/')
2400 /* Check that we haven't hit a symlink. */
2401 r = lstat(a->name, &st);
2403 /* We've hit a dir that doesn't exist; stop now. */
2404 if (errno == ENOENT)
2406 } else if (S_ISLNK(st.st_mode)) {
2409 * Last element is symlink; remove it
2410 * so we can overwrite it with the
2411 * item being extracted.
2413 if (unlink(a->name)) {
2414 archive_set_error(&a->archive, errno,
2415 "Could not remove symlink %s",
2418 return (ARCHIVE_FAILED);
2422 * Even if we did remove it, a warning
2423 * is in order. The warning is silly,
2424 * though, if we're just replacing one
2425 * symlink with another symlink.
2427 if (!S_ISLNK(a->mode)) {
2428 archive_set_error(&a->archive, 0,
2429 "Removing symlink %s",
2432 /* Symlink gone. No more problem! */
2435 } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
2436 /* User asked us to remove problems. */
2437 if (unlink(a->name) != 0) {
2438 archive_set_error(&a->archive, 0,
2439 "Cannot remove intervening symlink %s",
2442 return (ARCHIVE_FAILED);
2446 archive_set_error(&a->archive, 0,
2447 "Cannot extract through symlink %s",
2450 return (ARCHIVE_FAILED);
2455 pn++; /* Advance to the next segment. */
2458 /* We've checked and/or cleaned the whole path, so remember it. */
2459 archive_strcpy(&a->path_safe, a->name);
2460 return (ARCHIVE_OK);
2464 #if defined(__CYGWIN__)
2466 * 1. Convert a path separator from '\' to '/' .
2467 * We shouldn't check multibyte character directly because some
2468 * character-set have been using the '\' character for a part of
2469 * its multibyte character code.
2470 * 2. Replace unusable characters in Windows with underscore('_').
2471 * See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
2474 cleanup_pathname_win(struct archive_write_disk *a)
2479 int mb, complete, utf8;
2484 utf8 = (strcmp(nl_langinfo(CODESET), "UTF-8") == 0)? 1: 0;
2485 for (p = a->name; *p != '\0'; p++) {
2488 /* If previous byte is smaller than 128,
2489 * this is not second byte of multibyte characters,
2490 * so we can replace '\' with '/'. */
2494 complete = 0;/* uncompleted. */
2495 } else if (*(unsigned char *)p > 127)
2499 /* Rewrite the path name if its next character is unusable. */
2500 if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
2501 *p == '<' || *p == '>' || *p == '|')
2508 * Convert path separator in wide-character.
2511 while (*p != '\0' && alen) {
2512 l = mbtowc(&wc, p, alen);
2513 if (l == (size_t)-1) {
2514 while (*p != '\0') {
2521 if (l == 1 && wc == L'\\')
2530 * Canonicalize the pathname. In particular, this strips duplicate
2531 * '/' characters, '.' elements, and trailing '/'. It also raises an
2532 * error for an empty path, a trailing '..', (if _SECURE_NODOTDOT is
2533 * set) any '..' in the path or (if ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS
2534 * is set) if the path is absolute.
2537 cleanup_pathname(struct archive_write_disk *a)
2540 char separator = '\0';
2542 dest = src = a->name;
2544 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2545 "Invalid empty pathname");
2546 return (ARCHIVE_FAILED);
2549 #if defined(__CYGWIN__)
2550 cleanup_pathname_win(a);
2552 /* Skip leading '/'. */
2554 if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
2555 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2556 "Path is absolute");
2557 return (ARCHIVE_FAILED);
2563 /* Scan the pathname one element at a time. */
2565 /* src points to first char after '/' */
2566 if (src[0] == '\0') {
2568 } else if (src[0] == '/') {
2569 /* Found '//', ignore second one. */
2572 } else if (src[0] == '.') {
2573 if (src[1] == '\0') {
2574 /* Ignore trailing '.' */
2576 } else if (src[1] == '/') {
2580 } else if (src[1] == '.') {
2581 if (src[2] == '/' || src[2] == '\0') {
2582 /* Conditionally warn about '..' */
2583 if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
2584 archive_set_error(&a->archive,
2586 "Path contains '..'");
2587 return (ARCHIVE_FAILED);
2591 * Note: Under no circumstances do we
2592 * remove '..' elements. In
2593 * particular, restoring
2594 * '/foo/../bar/' should create the
2595 * 'foo' dir as a side-effect.
2600 /* Copy current element, including leading '/'. */
2603 while (*src != '\0' && *src != '/') {
2610 /* Skip '/' separator. */
2614 * We've just copied zero or more path elements, not including the
2617 if (dest == a->name) {
2619 * Nothing got copied. The path must have been something
2620 * like '.' or '/' or './' or '/././././/./'.
2627 /* Terminate the result. */
2629 return (ARCHIVE_OK);
2633 * Create the parent directory of the specified path, assuming path
2634 * is already in mutable storage.
2637 create_parent_dir(struct archive_write_disk *a, char *path)
2642 /* Remove tail element to obtain parent name. */
2643 slash = strrchr(path, '/');
2645 return (ARCHIVE_OK);
2647 r = create_dir(a, path);
2653 * Create the specified dir, recursing to create parents as necessary.
2655 * Returns ARCHIVE_OK if the path exists when we're done here.
2656 * Otherwise, returns ARCHIVE_FAILED.
2657 * Assumes path is in mutable storage; path is unchanged on exit.
2660 create_dir(struct archive_write_disk *a, char *path)
2663 struct fixup_entry *le;
2665 mode_t mode_final, mode;
2668 /* Check for special names and just skip them. */
2669 slash = strrchr(path, '/');
2675 if (base[0] == '\0' ||
2676 (base[0] == '.' && base[1] == '\0') ||
2677 (base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
2678 /* Don't bother trying to create null path, '.', or '..'. */
2679 if (slash != NULL) {
2681 r = create_dir(a, path);
2685 return (ARCHIVE_OK);
2689 * Yes, this should be stat() and not lstat(). Using lstat()
2690 * here loses the ability to extract through symlinks. Also note
2691 * that this should not use the a->st cache.
2693 if (stat(path, &st) == 0) {
2694 if (S_ISDIR(st.st_mode))
2695 return (ARCHIVE_OK);
2696 if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
2697 archive_set_error(&a->archive, EEXIST,
2698 "Can't create directory '%s'", path);
2699 return (ARCHIVE_FAILED);
2701 if (unlink(path) != 0) {
2702 archive_set_error(&a->archive, errno,
2703 "Can't create directory '%s': "
2704 "Conflicting file cannot be removed",
2706 return (ARCHIVE_FAILED);
2708 } else if (errno != ENOENT && errno != ENOTDIR) {
2710 archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
2711 return (ARCHIVE_FAILED);
2712 } else if (slash != NULL) {
2714 r = create_dir(a, path);
2716 if (r != ARCHIVE_OK)
2721 * Mode we want for the final restored directory. Per POSIX,
2722 * implicitly-created dirs must be created obeying the umask.
2723 * There's no mention whether this is different for privileged
2724 * restores (which the rest of this code handles by pretending
2725 * umask=0). I've chosen here to always obey the user's umask for
2726 * implicit dirs, even if _EXTRACT_PERM was specified.
2728 mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
2729 /* Mode we want on disk during the restore process. */
2731 mode |= MINIMUM_DIR_MODE;
2732 mode &= MAXIMUM_DIR_MODE;
2733 if (mkdir(path, mode) == 0) {
2734 if (mode != mode_final) {
2735 le = new_fixup(a, path);
2737 return (ARCHIVE_FATAL);
2738 le->fixup |=TODO_MODE_BASE;
2739 le->mode = mode_final;
2741 return (ARCHIVE_OK);
2745 * Without the following check, a/b/../b/c/d fails at the
2746 * second visit to 'b', so 'd' can't be created. Note that we
2747 * don't add it to the fixup list here, as it's already been
2750 if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
2751 return (ARCHIVE_OK);
2753 archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
2755 return (ARCHIVE_FAILED);
2759 * Note: Although we can skip setting the user id if the desired user
2760 * id matches the current user, we cannot skip setting the group, as
2761 * many systems set the gid based on the containing directory. So
2762 * we have to perform a chown syscall if we want to set the SGID
2763 * bit. (The alternative is to stat() and then possibly chown(); it's
2764 * more efficient to skip the stat() and just always chown().) Note
2765 * that a successful chown() here clears the TODO_SGID_CHECK bit, which
2766 * allows set_mode to skip the stat() check for the GID.
2769 set_ownership(struct archive_write_disk *a)
2772 /* unfortunately, on win32 there is no 'root' user with uid 0,
2773 so we just have to try the chown and see if it works */
2775 /* If we know we can't change it, don't bother trying. */
2776 if (a->user_uid != 0 && a->user_uid != a->uid) {
2777 archive_set_error(&a->archive, errno,
2778 "Can't set UID=%jd", (intmax_t)a->uid);
2779 return (ARCHIVE_WARN);
2784 /* If we have an fd, we can avoid a race. */
2785 if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
2786 /* We've set owner and know uid/gid are correct. */
2787 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2788 return (ARCHIVE_OK);
2792 /* We prefer lchown() but will use chown() if that's all we have. */
2793 /* Of course, if we have neither, this will always fail. */
2795 if (lchown(a->name, a->uid, a->gid) == 0) {
2796 /* We've set owner and know uid/gid are correct. */
2797 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2798 return (ARCHIVE_OK);
2801 if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
2802 /* We've set owner and know uid/gid are correct. */
2803 a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
2804 return (ARCHIVE_OK);
2808 archive_set_error(&a->archive, errno,
2809 "Can't set user=%jd/group=%jd for %s",
2810 (intmax_t)a->uid, (intmax_t)a->gid, a->name);
2811 return (ARCHIVE_WARN);
2815 * Note: Returns 0 on success, non-zero on failure.
2818 set_time(int fd, int mode, const char *name,
2819 time_t atime, long atime_nsec,
2820 time_t mtime, long mtime_nsec)
2822 /* Select the best implementation for this platform. */
2823 #if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
2825 * utimensat() and futimens() are defined in
2826 * POSIX.1-2008. They support ns resolution and setting times
2827 * on fds and symlinks.
2829 struct timespec ts[2];
2830 (void)mode; /* UNUSED */
2831 ts[0].tv_sec = atime;
2832 ts[0].tv_nsec = atime_nsec;
2833 ts[1].tv_sec = mtime;
2834 ts[1].tv_nsec = mtime_nsec;
2836 return futimens(fd, ts);
2837 return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
2841 * The utimes()-family functions support µs-resolution and
2842 * setting times fds and symlinks. utimes() is documented as
2843 * LEGACY by POSIX, futimes() and lutimes() are not described
2846 struct timeval times[2];
2848 times[0].tv_sec = atime;
2849 times[0].tv_usec = atime_nsec / 1000;
2850 times[1].tv_sec = mtime;
2851 times[1].tv_usec = mtime_nsec / 1000;
2855 return (futimes(fd, times));
2857 (void)fd; /* UNUSED */
2860 (void)mode; /* UNUSED */
2861 return (lutimes(name, times));
2865 return (utimes(name, times));
2868 #elif defined(HAVE_UTIME)
2870 * utime() is POSIX-standard but only supports 1s resolution and
2871 * does not support fds or symlinks.
2873 struct utimbuf times;
2874 (void)fd; /* UNUSED */
2875 (void)name; /* UNUSED */
2876 (void)atime_nsec; /* UNUSED */
2877 (void)mtime_nsec; /* UNUSED */
2878 times.actime = atime;
2879 times.modtime = mtime;
2881 return (ARCHIVE_OK);
2882 return (utime(name, ×));
2886 * We don't know how to set the time on this platform.
2888 (void)fd; /* UNUSED */
2889 (void)mode; /* UNUSED */
2890 (void)name; /* UNUSED */
2891 (void)atime_nsec; /* UNUSED */
2892 (void)mtime_nsec; /* UNUSED */
2893 return (ARCHIVE_WARN);
2899 set_time_tru64(int fd, int mode, const char *name,
2900 time_t atime, long atime_nsec,
2901 time_t mtime, long mtime_nsec,
2902 time_t ctime, long ctime_nsec)
2904 struct attr_timbuf tstamp;
2905 tstamp.atime.tv_sec = atime;
2906 tstamp.mtime.tv_sec = mtime;
2907 tstamp.ctime.tv_sec = ctime;
2908 #if defined (__hpux) && defined (__ia64)
2909 tstamp.atime.tv_nsec = atime_nsec;
2910 tstamp.mtime.tv_nsec = mtime_nsec;
2911 tstamp.ctime.tv_nsec = ctime_nsec;
2913 tstamp.atime.tv_usec = atime_nsec / 1000;
2914 tstamp.mtime.tv_usec = mtime_nsec / 1000;
2915 tstamp.ctime.tv_usec = ctime_nsec / 1000;
2917 return (fcntl(fd,F_SETTIMES,&tstamp));
2919 #endif /* F_SETTIMES */
2922 set_times(struct archive_write_disk *a,
2923 int fd, int mode, const char *name,
2924 time_t atime, long atime_nanos,
2925 time_t birthtime, long birthtime_nanos,
2926 time_t mtime, long mtime_nanos,
2927 time_t cctime, long ctime_nanos)
2929 /* Note: set_time doesn't use libarchive return conventions!
2930 * It uses syscall conventions. So 0 here instead of ARCHIVE_OK. */
2935 * on Tru64 try own fcntl first which can restore even the
2936 * ctime, fall back to default code path below if it fails
2937 * or if we are not running as root
2939 if (a->user_uid == 0 &&
2940 set_time_tru64(fd, mode, name,
2941 atime, atime_nanos, mtime,
2942 mtime_nanos, cctime, ctime_nanos) == 0) {
2943 return (ARCHIVE_OK);
2946 (void)cctime; /* UNUSED */
2947 (void)ctime_nanos; /* UNUSED */
2950 #ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
2952 * If you have struct stat.st_birthtime, we assume BSD
2953 * birthtime semantics, in which {f,l,}utimes() updates
2954 * birthtime to earliest mtime. So we set the time twice,
2955 * first using the birthtime, then using the mtime. If
2956 * birthtime == mtime, this isn't necessary, so we skip it.
2957 * If birthtime > mtime, then this won't work, so we skip it.
2959 if (birthtime < mtime
2960 || (birthtime == mtime && birthtime_nanos < mtime_nanos))
2961 r1 = set_time(fd, mode, name,
2963 birthtime, birthtime_nanos);
2965 (void)birthtime; /* UNUSED */
2966 (void)birthtime_nanos; /* UNUSED */
2968 r2 = set_time(fd, mode, name,
2970 mtime, mtime_nanos);
2971 if (r1 != 0 || r2 != 0) {
2972 archive_set_error(&a->archive, errno,
2973 "Can't restore time");
2974 return (ARCHIVE_WARN);
2976 return (ARCHIVE_OK);
2980 set_times_from_entry(struct archive_write_disk *a)
2982 time_t atime, birthtime, mtime, cctime;
2983 long atime_nsec, birthtime_nsec, mtime_nsec, ctime_nsec;
2985 /* Suitable defaults. */
2986 atime = birthtime = mtime = cctime = a->start_time;
2987 atime_nsec = birthtime_nsec = mtime_nsec = ctime_nsec = 0;
2989 /* If no time was provided, we're done. */
2990 if (!archive_entry_atime_is_set(a->entry)
2991 #if HAVE_STRUCT_STAT_ST_BIRTHTIME
2992 && !archive_entry_birthtime_is_set(a->entry)
2994 && !archive_entry_mtime_is_set(a->entry))
2995 return (ARCHIVE_OK);
2997 if (archive_entry_atime_is_set(a->entry)) {
2998 atime = archive_entry_atime(a->entry);
2999 atime_nsec = archive_entry_atime_nsec(a->entry);
3001 if (archive_entry_birthtime_is_set(a->entry)) {
3002 birthtime = archive_entry_birthtime(a->entry);
3003 birthtime_nsec = archive_entry_birthtime_nsec(a->entry);
3005 if (archive_entry_mtime_is_set(a->entry)) {
3006 mtime = archive_entry_mtime(a->entry);
3007 mtime_nsec = archive_entry_mtime_nsec(a->entry);
3009 if (archive_entry_ctime_is_set(a->entry)) {
3010 cctime = archive_entry_ctime(a->entry);
3011 ctime_nsec = archive_entry_ctime_nsec(a->entry);
3014 return set_times(a, a->fd, a->mode, a->name,
3016 birthtime, birthtime_nsec,
3018 cctime, ctime_nsec);
3022 set_mode(struct archive_write_disk *a, int mode)
3025 mode &= 07777; /* Strip off file type bits. */
3027 if (a->todo & TODO_SGID_CHECK) {
3029 * If we don't know the GID is right, we must stat()
3030 * to verify it. We can't just check the GID of this
3031 * process, since systems sometimes set GID from
3032 * the enclosing dir or based on ACLs.
3034 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3036 if (a->pst->st_gid != a->gid) {
3038 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3040 * This is only an error if you
3041 * requested owner restore. If you
3042 * didn't, we'll try to restore
3043 * sgid/suid, but won't consider it a
3044 * problem if we can't.
3046 archive_set_error(&a->archive, -1,
3047 "Can't restore SGID bit");
3051 /* While we're here, double-check the UID. */
3052 if (a->pst->st_uid != a->uid
3053 && (a->todo & TODO_SUID)) {
3055 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3056 archive_set_error(&a->archive, -1,
3057 "Can't restore SUID bit");
3061 a->todo &= ~TODO_SGID_CHECK;
3062 a->todo &= ~TODO_SUID_CHECK;
3063 } else if (a->todo & TODO_SUID_CHECK) {
3065 * If we don't know the UID is right, we can just check
3066 * the user, since all systems set the file UID from
3069 if (a->user_uid != a->uid) {
3071 if (a->flags & ARCHIVE_EXTRACT_OWNER) {
3072 archive_set_error(&a->archive, -1,
3073 "Can't make file SUID");
3077 a->todo &= ~TODO_SUID_CHECK;
3080 if (S_ISLNK(a->mode)) {
3083 * If this is a symlink, use lchmod(). If the
3084 * platform doesn't support lchmod(), just skip it. A
3085 * platform that doesn't provide a way to set
3086 * permissions on symlinks probably ignores
3087 * permissions on symlinks, so a failure here has no
3090 if (lchmod(a->name, mode) != 0) {
3094 #if ENOTSUP != EOPNOTSUPP
3098 * if lchmod is defined but the platform
3099 * doesn't support it, silently ignore
3104 archive_set_error(&a->archive, errno,
3105 "Can't set permissions to 0%o", (int)mode);
3110 } else if (!S_ISDIR(a->mode)) {
3112 * If it's not a symlink and not a dir, then use
3113 * fchmod() or chmod(), depending on whether we have
3114 * an fd. Dirs get their perms set during the
3115 * post-extract fixup, which is handled elsewhere.
3119 if (fchmod(a->fd, mode) != 0) {
3120 archive_set_error(&a->archive, errno,
3121 "Can't set permissions to 0%o", (int)mode);
3126 /* If this platform lacks fchmod(), then
3127 * we'll just use chmod(). */
3128 if (chmod(a->name, mode) != 0) {
3129 archive_set_error(&a->archive, errno,
3130 "Can't set permissions to 0%o", (int)mode);
3138 set_fflags(struct archive_write_disk *a)
3140 struct fixup_entry *le;
3141 unsigned long set, clear;
3144 mode_t mode = archive_entry_mode(a->entry);
3147 * Make 'critical_flags' hold all file flags that can't be
3148 * immediately restored. For example, on BSD systems,
3149 * SF_IMMUTABLE prevents hardlinks from being created, so
3150 * should not be set until after any hardlinks are created. To
3151 * preserve some semblance of portability, this uses #ifdef
3152 * extensively. Ugly, but it works.
3154 * Yes, Virginia, this does create a security race. It's mitigated
3155 * somewhat by the practice of creating dirs 0700 until the extract
3156 * is done, but it would be nice if we could do more than that.
3157 * People restoring critical file systems should be wary of
3158 * other programs that might try to muck with files as they're
3161 /* Hopefully, the compiler will optimize this mess into a constant. */
3164 critical_flags |= SF_IMMUTABLE;
3167 critical_flags |= UF_IMMUTABLE;
3170 critical_flags |= SF_APPEND;
3173 critical_flags |= UF_APPEND;
3175 #ifdef EXT2_APPEND_FL
3176 critical_flags |= EXT2_APPEND_FL;
3178 #ifdef EXT2_IMMUTABLE_FL
3179 critical_flags |= EXT2_IMMUTABLE_FL;
3182 if (a->todo & TODO_FFLAGS) {
3183 archive_entry_fflags(a->entry, &set, &clear);
3186 * The first test encourages the compiler to eliminate
3187 * all of this if it's not necessary.
3189 if ((critical_flags != 0) && (set & critical_flags)) {
3190 le = current_fixup(a, a->name);
3192 return (ARCHIVE_FATAL);
3193 le->fixup |= TODO_FFLAGS;
3194 le->fflags_set = set;
3195 /* Store the mode if it's not already there. */
3196 if ((le->fixup & TODO_MODE) == 0)
3199 r = set_fflags_platform(a, a->fd,
3200 a->name, mode, set, clear);
3201 if (r != ARCHIVE_OK)
3205 return (ARCHIVE_OK);
3209 clear_nochange_fflags(struct archive_write_disk *a)
3212 mode_t mode = archive_entry_mode(a->entry);
3214 /* Hopefully, the compiler will optimize this mess into a constant. */
3217 nochange_flags |= SF_IMMUTABLE;
3220 nochange_flags |= UF_IMMUTABLE;
3223 nochange_flags |= SF_APPEND;
3226 nochange_flags |= UF_APPEND;
3228 #ifdef EXT2_APPEND_FL
3229 nochange_flags |= EXT2_APPEND_FL;
3231 #ifdef EXT2_IMMUTABLE_FL
3232 nochange_flags |= EXT2_IMMUTABLE_FL;
3235 return (set_fflags_platform(a, a->fd, a->name, mode, 0, nochange_flags));
3239 #if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
3241 * BSD reads flags using stat() and sets them with one of {f,l,}chflags()
3244 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3245 mode_t mode, unsigned long set, unsigned long clear)
3249 (void)mode; /* UNUSED */
3250 if (set == 0 && clear == 0)
3251 return (ARCHIVE_OK);
3254 * XXX Is the stat here really necessary? Or can I just use
3255 * the 'set' flags directly? In particular, I'm not sure
3256 * about the correct approach if we're overwriting an existing
3257 * file that already has flags on it. XXX
3259 if ((r = lazy_stat(a)) != ARCHIVE_OK)
3262 a->st.st_flags &= ~clear;
3263 a->st.st_flags |= set;
3264 #ifdef HAVE_FCHFLAGS
3265 /* If platform has fchflags() and we were given an fd, use it. */
3266 if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
3267 return (ARCHIVE_OK);
3270 * If we can't use the fd to set the flags, we'll use the
3271 * pathname to set flags. We prefer lchflags() but will use
3272 * chflags() if we must.
3274 #ifdef HAVE_LCHFLAGS
3275 if (lchflags(name, a->st.st_flags) == 0)
3276 return (ARCHIVE_OK);
3277 #elif defined(HAVE_CHFLAGS)
3278 if (S_ISLNK(a->st.st_mode)) {
3279 archive_set_error(&a->archive, errno,
3280 "Can't set file flags on symlink.");
3281 return (ARCHIVE_WARN);
3283 if (chflags(name, a->st.st_flags) == 0)
3284 return (ARCHIVE_OK);
3286 archive_set_error(&a->archive, errno,
3287 "Failed to set file flags");
3288 return (ARCHIVE_WARN);
3291 #elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS) && defined(HAVE_WORKING_EXT2_IOC_GETFLAGS)
3293 * Linux uses ioctl() to read and write file flags.
3296 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3297 mode_t mode, unsigned long set, unsigned long clear)
3301 int newflags, oldflags;
3304 if (set == 0 && clear == 0)
3305 return (ARCHIVE_OK);
3306 /* Only regular files and dirs can have flags. */
3307 if (!S_ISREG(mode) && !S_ISDIR(mode))
3308 return (ARCHIVE_OK);
3310 /* If we weren't given an fd, open it ourselves. */
3312 myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
3313 __archive_ensure_cloexec_flag(myfd);
3316 return (ARCHIVE_OK);
3319 * Linux has no define for the flags that are only settable by
3320 * the root user. This code may seem a little complex, but
3321 * there seem to be some Linux systems that lack these
3322 * defines. (?) The code below degrades reasonably gracefully
3323 * if sf_mask is incomplete.
3325 #ifdef EXT2_IMMUTABLE_FL
3326 sf_mask |= EXT2_IMMUTABLE_FL;
3328 #ifdef EXT2_APPEND_FL
3329 sf_mask |= EXT2_APPEND_FL;
3332 * XXX As above, this would be way simpler if we didn't have
3333 * to read the current flags from disk. XXX
3337 /* Read the current file flags. */
3338 if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) < 0)
3341 /* Try setting the flags as given. */
3342 newflags = (oldflags & ~clear) | set;
3343 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3348 /* If we couldn't set all the flags, try again with a subset. */
3349 newflags &= ~sf_mask;
3350 oldflags &= sf_mask;
3351 newflags |= oldflags;
3352 if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
3355 /* We couldn't set the flags, so report the failure. */
3357 archive_set_error(&a->archive, errno,
3358 "Failed to set file flags");
3369 * Of course, some systems have neither BSD chflags() nor Linux' flags
3370 * support through ioctl().
3373 set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
3374 mode_t mode, unsigned long set, unsigned long clear)
3376 (void)a; /* UNUSED */
3377 (void)fd; /* UNUSED */
3378 (void)name; /* UNUSED */
3379 (void)mode; /* UNUSED */
3380 (void)set; /* UNUSED */
3381 (void)clear; /* UNUSED */
3382 return (ARCHIVE_OK);
3385 #endif /* __linux */
3387 #ifndef HAVE_COPYFILE_H
3388 /* Default is to simply drop Mac extended metadata. */
3390 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3391 const void *metadata, size_t metadata_size)
3393 (void)a; /* UNUSED */
3394 (void)pathname; /* UNUSED */
3395 (void)metadata; /* UNUSED */
3396 (void)metadata_size; /* UNUSED */
3397 return (ARCHIVE_OK);
3401 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3403 (void)a; /* UNUSED */
3404 (void)pathname; /* UNUSED */
3405 return (ARCHIVE_OK);
3410 * On Mac OS, we use copyfile() to unpack the metadata and
3411 * apply it to the target file.
3414 #if defined(HAVE_SYS_XATTR_H)
3416 copy_xattrs(struct archive_write_disk *a, int tmpfd, int dffd)
3419 char *xattr_names = NULL, *xattr_val = NULL;
3420 int ret = ARCHIVE_OK, xattr_i;
3422 xattr_size = flistxattr(tmpfd, NULL, 0, 0);
3423 if (xattr_size == -1) {
3424 archive_set_error(&a->archive, errno,
3425 "Failed to read metadata(xattr)");
3429 xattr_names = malloc(xattr_size);
3430 if (xattr_names == NULL) {
3431 archive_set_error(&a->archive, ENOMEM,
3432 "Can't allocate memory for metadata(xattr)");
3433 ret = ARCHIVE_FATAL;
3436 xattr_size = flistxattr(tmpfd, xattr_names, xattr_size, 0);
3437 if (xattr_size == -1) {
3438 archive_set_error(&a->archive, errno,
3439 "Failed to read metadata(xattr)");
3443 for (xattr_i = 0; xattr_i < xattr_size;
3444 xattr_i += strlen(xattr_names + xattr_i) + 1) {
3445 char *xattr_val_saved;
3449 s = fgetxattr(tmpfd, xattr_names + xattr_i, NULL, 0, 0, 0);
3451 archive_set_error(&a->archive, errno,
3452 "Failed to get metadata(xattr)");
3456 xattr_val_saved = xattr_val;
3457 xattr_val = realloc(xattr_val, s);
3458 if (xattr_val == NULL) {
3459 archive_set_error(&a->archive, ENOMEM,
3460 "Failed to get metadata(xattr)");
3462 free(xattr_val_saved);
3465 s = fgetxattr(tmpfd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3467 archive_set_error(&a->archive, errno,
3468 "Failed to get metadata(xattr)");
3472 f = fsetxattr(dffd, xattr_names + xattr_i, xattr_val, s, 0, 0);
3474 archive_set_error(&a->archive, errno,
3475 "Failed to get metadata(xattr)");
3488 copy_acls(struct archive_write_disk *a, int tmpfd, int dffd)
3490 acl_t acl, dfacl = NULL;
3491 int acl_r, ret = ARCHIVE_OK;
3493 acl = acl_get_fd(tmpfd);
3495 if (errno == ENOENT)
3496 /* There are not any ACLs. */
3498 archive_set_error(&a->archive, errno,
3499 "Failed to get metadata(acl)");
3503 dfacl = acl_dup(acl);
3504 acl_r = acl_set_fd(dffd, dfacl);
3506 archive_set_error(&a->archive, errno,
3507 "Failed to get metadata(acl)");
3520 create_tempdatafork(struct archive_write_disk *a, const char *pathname)
3522 struct archive_string tmpdatafork;
3525 archive_string_init(&tmpdatafork);
3526 archive_strcpy(&tmpdatafork, "tar.md.XXXXXX");
3527 tmpfd = mkstemp(tmpdatafork.s);
3529 archive_set_error(&a->archive, errno,
3530 "Failed to mkstemp");
3531 archive_string_free(&tmpdatafork);
3534 if (copyfile(pathname, tmpdatafork.s, 0,
3535 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3536 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3537 archive_set_error(&a->archive, errno,
3538 "Failed to restore metadata");
3542 unlink(tmpdatafork.s);
3543 archive_string_free(&tmpdatafork);
3548 copy_metadata(struct archive_write_disk *a, const char *metadata,
3549 const char *datafork, int datafork_compressed)
3551 int ret = ARCHIVE_OK;
3553 if (datafork_compressed) {
3556 tmpfd = create_tempdatafork(a, metadata);
3558 return (ARCHIVE_WARN);
3561 * Do not open the data fork compressed by HFS+ compression
3562 * with at least a writing mode(O_RDWR or O_WRONLY). it
3563 * makes the data fork uncompressed.
3565 dffd = open(datafork, 0);
3567 archive_set_error(&a->archive, errno,
3568 "Failed to open the data fork for metadata");
3570 return (ARCHIVE_WARN);
3573 #if defined(HAVE_SYS_XATTR_H)
3574 ret = copy_xattrs(a, tmpfd, dffd);
3575 if (ret == ARCHIVE_OK)
3577 ret = copy_acls(a, tmpfd, dffd);
3581 if (copyfile(metadata, datafork, 0,
3582 COPYFILE_UNPACK | COPYFILE_NOFOLLOW
3583 | COPYFILE_ACL | COPYFILE_XATTR) < 0) {
3584 archive_set_error(&a->archive, errno,
3585 "Failed to restore metadata");
3593 set_mac_metadata(struct archive_write_disk *a, const char *pathname,
3594 const void *metadata, size_t metadata_size)
3596 struct archive_string tmp;
3599 int ret = ARCHIVE_OK;
3601 /* This would be simpler if copyfile() could just accept the
3602 * metadata as a block of memory; then we could sidestep this
3603 * silly dance of writing the data to disk just so that
3604 * copyfile() can read it back in again. */
3605 archive_string_init(&tmp);
3606 archive_strcpy(&tmp, pathname);
3607 archive_strcat(&tmp, ".XXXXXX");
3608 fd = mkstemp(tmp.s);
3611 archive_set_error(&a->archive, errno,
3612 "Failed to restore metadata");
3613 archive_string_free(&tmp);
3614 return (ARCHIVE_WARN);
3616 written = write(fd, metadata, metadata_size);
3618 if ((size_t)written != metadata_size) {
3619 archive_set_error(&a->archive, errno,
3620 "Failed to restore metadata");
3625 #if defined(UF_COMPRESSED)
3626 if ((a->todo & TODO_HFS_COMPRESSION) != 0 &&
3627 (ret = lazy_stat(a)) == ARCHIVE_OK)
3628 compressed = a->st.st_flags & UF_COMPRESSED;
3632 ret = copy_metadata(a, tmp.s, pathname, compressed);
3635 archive_string_free(&tmp);
3640 fixup_appledouble(struct archive_write_disk *a, const char *pathname)
3645 struct archive_string datafork;
3646 int fd = -1, ret = ARCHIVE_OK;
3648 archive_string_init(&datafork);
3649 /* Check if the current file name is a type of the resource
3651 p = strrchr(pathname, '/');
3656 if (p[0] != '.' || p[1] != '_')
3657 goto skip_appledouble;
3660 * Check if the data fork file exists.
3662 * TODO: Check if this write disk object has handled it.
3664 archive_strncpy(&datafork, pathname, p - pathname);
3665 archive_strcat(&datafork, p + 2);
3666 if (lstat(datafork.s, &st) == -1 ||
3667 (st.st_mode & AE_IFMT) != AE_IFREG)
3668 goto skip_appledouble;
3671 * Check if the file is in the AppleDouble form.
3673 fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
3674 __archive_ensure_cloexec_flag(fd);
3676 archive_set_error(&a->archive, errno,
3677 "Failed to open a restoring file");
3679 goto skip_appledouble;
3681 if (read(fd, buff, 8) == -1) {
3682 archive_set_error(&a->archive, errno,
3683 "Failed to read a restoring file");
3686 goto skip_appledouble;
3689 /* Check AppleDouble Magic Code. */
3690 if (archive_be32dec(buff) != 0x00051607)
3691 goto skip_appledouble;
3692 /* Check AppleDouble Version. */
3693 if (archive_be32dec(buff+4) != 0x00020000)
3694 goto skip_appledouble;
3696 ret = copy_metadata(a, pathname, datafork.s,
3697 #if defined(UF_COMPRESSED)
3698 st.st_flags & UF_COMPRESSED);
3702 if (ret == ARCHIVE_OK) {
3707 archive_string_free(&datafork);
3712 #if HAVE_LSETXATTR || HAVE_LSETEA
3714 * Restore extended attributes - Linux and AIX implementations:
3715 * AIX' ea interface is syntaxwise identical to the Linux xattr interface.
3718 set_xattrs(struct archive_write_disk *a)
3720 struct archive_entry *entry = a->entry;
3721 static int warning_done = 0;
3722 int ret = ARCHIVE_OK;
3723 int i = archive_entry_xattr_reset(entry);
3729 archive_entry_xattr_next(entry, &name, &value, &size);
3731 strncmp(name, "xfsroot.", 8) != 0 &&
3732 strncmp(name, "system.", 7) != 0) {
3736 e = fsetxattr(a->fd, name, value, size, 0);
3740 e = fsetea(a->fd, name, value, size, 0);
3745 e = lsetxattr(archive_entry_pathname(entry),
3746 name, value, size, 0);
3748 e = lsetea(archive_entry_pathname(entry),
3749 name, value, size, 0);
3753 if (errno == ENOTSUP || errno == ENOSYS) {
3754 if (!warning_done) {
3756 archive_set_error(&a->archive, errno,
3757 "Cannot restore extended "
3758 "attributes on this file "
3762 archive_set_error(&a->archive, errno,
3763 "Failed to set extended attribute");
3767 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3768 "Invalid extended attribute encountered");
3774 #elif HAVE_EXTATTR_SET_FILE && HAVE_DECL_EXTATTR_NAMESPACE_USER
3776 * Restore extended attributes - FreeBSD implementation
3779 set_xattrs(struct archive_write_disk *a)
3781 struct archive_entry *entry = a->entry;
3782 static int warning_done = 0;
3783 int ret = ARCHIVE_OK;
3784 int i = archive_entry_xattr_reset(entry);
3790 archive_entry_xattr_next(entry, &name, &value, &size);
3795 if (strncmp(name, "user.", 5) == 0) {
3796 /* "user." attributes go to user namespace */
3798 namespace = EXTATTR_NAMESPACE_USER;
3800 /* Warn about other extended attributes. */
3801 archive_set_error(&a->archive,
3802 ARCHIVE_ERRNO_FILE_FORMAT,
3803 "Can't restore extended attribute ``%s''",
3809 #if HAVE_EXTATTR_SET_FD
3811 e = extattr_set_fd(a->fd, namespace, name, value, size);
3814 /* TODO: should we use extattr_set_link() instead? */
3816 e = extattr_set_file(archive_entry_pathname(entry),
3817 namespace, name, value, size);
3819 if (e != (ssize_t)size) {
3820 if (errno == ENOTSUP || errno == ENOSYS) {
3821 if (!warning_done) {
3823 archive_set_error(&a->archive, errno,
3824 "Cannot restore extended "
3825 "attributes on this file "
3829 archive_set_error(&a->archive, errno,
3830 "Failed to set extended attribute");
3841 * Restore extended attributes - stub implementation for unsupported systems
3844 set_xattrs(struct archive_write_disk *a)
3846 static int warning_done = 0;
3848 /* If there aren't any extended attributes, then it's okay not
3849 * to extract them, otherwise, issue a single warning. */
3850 if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
3852 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3853 "Cannot restore extended attributes on this system");
3854 return (ARCHIVE_WARN);
3856 /* Warning was already emitted; suppress further warnings. */
3857 return (ARCHIVE_OK);
3862 * Test if file on disk is older than entry.
3865 older(struct stat *st, struct archive_entry *entry)
3867 /* First, test the seconds and return if we have a definite answer. */
3868 /* Definitely older. */
3869 if (st->st_mtime < archive_entry_mtime(entry))
3871 /* Definitely younger. */
3872 if (st->st_mtime > archive_entry_mtime(entry))
3874 /* If this platform supports fractional seconds, try those. */
3875 #if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
3876 /* Definitely older. */
3877 if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
3879 #elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
3880 /* Definitely older. */
3881 if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
3883 #elif HAVE_STRUCT_STAT_ST_MTIME_N
3885 if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
3887 #elif HAVE_STRUCT_STAT_ST_UMTIME
3889 if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
3891 #elif HAVE_STRUCT_STAT_ST_MTIME_USEC
3893 if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
3896 /* This system doesn't have high-res timestamps. */
3898 /* Same age or newer, so not older. */
3902 #endif /* !_WIN32 || __CYGWIN__ */