blob: f61ae1759252a881cedb2252bfbcf0e8ac4dbec1 [file] [log] [blame]
/*-
* Copyright (c) 2003-2007 Tim Kientzle
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer
* in this position and unchanged.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "archive_platform.h"
__FBSDID("$FreeBSD: head/lib/libarchive/archive_write_disk.c 201159 2009-12-29 05:35:40Z kientzle $");
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_ACL_H
#include <sys/acl.h>
#endif
#ifdef HAVE_SYS_EXTATTR_H
#include <sys/extattr.h>
#endif
#ifdef HAVE_SYS_XATTR_H
#include <sys/xattr.h>
#endif
#ifdef HAVE_ATTR_XATTR_H
#include <attr/xattr.h>
#endif
#ifdef HAVE_SYS_IOCTL_H
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_TIME_H
#include <sys/time.h>
#endif
#ifdef HAVE_SYS_UTIME_H
#include <sys/utime.h>
#endif
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
#ifdef HAVE_LINUX_FS_H
#include <linux/fs.h> /* for Linux file flags */
#endif
/*
* Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
* As the include guards don't agree, the order of include is important.
*/
#ifdef HAVE_LINUX_EXT2_FS_H
#include <linux/ext2_fs.h> /* for Linux file flags */
#endif
#if defined(HAVE_EXT2FS_EXT2_FS_H) && !defined(__CYGWIN__)
#include <ext2fs/ext2_fs.h> /* Linux file flags, broken on Cygwin */
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <stdio.h>
#ifdef HAVE_STDLIB_H
#include <stdlib.h>
#endif
#ifdef HAVE_STRING_H
#include <string.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_UTIME_H
#include <utime.h>
#endif
#include "archive.h"
#include "archive_string.h"
#include "archive_entry.h"
#include "archive_private.h"
#ifndef O_BINARY
#define O_BINARY 0
#endif
struct fixup_entry {
struct fixup_entry *next;
mode_t mode;
int64_t atime;
int64_t birthtime;
int64_t mtime;
unsigned long atime_nanos;
unsigned long birthtime_nanos;
unsigned long mtime_nanos;
unsigned long fflags_set;
int fixup; /* bitmask of what needs fixing */
char *name;
};
/*
* We use a bitmask to track which operations remain to be done for
* this file. In particular, this helps us avoid unnecessary
* operations when it's possible to take care of one step as a
* side-effect of another. For example, mkdir() can specify the mode
* for the newly-created object but symlink() cannot. This means we
* can skip chmod() if mkdir() succeeded, but we must explicitly
* chmod() if we're trying to create a directory that already exists
* (mkdir() failed) or if we're restoring a symlink. Similarly, we
* need to verify UID/GID before trying to restore SUID/SGID bits;
* that verification can occur explicitly through a stat() call or
* implicitly because of a successful chown() call.
*/
#define TODO_MODE_FORCE 0x40000000
#define TODO_MODE_BASE 0x20000000
#define TODO_SUID 0x10000000
#define TODO_SUID_CHECK 0x08000000
#define TODO_SGID 0x04000000
#define TODO_SGID_CHECK 0x02000000
#define TODO_MODE (TODO_MODE_BASE|TODO_SUID|TODO_SGID)
#define TODO_TIMES ARCHIVE_EXTRACT_TIME
#define TODO_OWNER ARCHIVE_EXTRACT_OWNER
#define TODO_FFLAGS ARCHIVE_EXTRACT_FFLAGS
#define TODO_ACLS ARCHIVE_EXTRACT_ACL
#define TODO_XATTR ARCHIVE_EXTRACT_XATTR
struct archive_write_disk {
struct archive archive;
mode_t user_umask;
struct fixup_entry *fixup_list;
struct fixup_entry *current_fixup;
uid_t user_uid;
dev_t skip_file_dev;
ino_t skip_file_ino;
time_t start_time;
gid_t (*lookup_gid)(void *private, const char *gname, gid_t gid);
void (*cleanup_gid)(void *private);
void *lookup_gid_data;
uid_t (*lookup_uid)(void *private, const char *gname, gid_t gid);
void (*cleanup_uid)(void *private);
void *lookup_uid_data;
/*
* Full path of last file to satisfy symlink checks.
*/
struct archive_string path_safe;
/*
* Cached stat data from disk for the current entry.
* If this is valid, pst points to st. Otherwise,
* pst is null.
*/
struct stat st;
struct stat *pst;
/* Information about the object being restored right now. */
struct archive_entry *entry; /* Entry being extracted. */
char *name; /* Name of entry, possibly edited. */
struct archive_string _name_data; /* backing store for 'name' */
/* Tasks remaining for this object. */
int todo;
/* Tasks deferred until end-of-archive. */
int deferred;
/* Options requested by the client. */
int flags;
/* Handle for the file we're restoring. */
int fd;
/* Current offset for writing data to the file. */
off_t offset;
/* Last offset actually written to disk. */
off_t fd_offset;
/* Maximum size of file, -1 if unknown. */
off_t filesize;
/* Dir we were in before this restore; only for deep paths. */
int restore_pwd;
/* Mode we should use for this entry; affected by _PERM and umask. */
mode_t mode;
/* UID/GID to use in restoring this entry. */
uid_t uid;
gid_t gid;
};
/*
* Default mode for dirs created automatically (will be modified by umask).
* Note that POSIX specifies 0777 for implicity-created dirs, "modified
* by the process' file creation mask."
*/
#define DEFAULT_DIR_MODE 0777
/*
* Dir modes are restored in two steps: During the extraction, the permissions
* in the archive are modified to match the following limits. During
* the post-extract fixup pass, the permissions from the archive are
* applied.
*/
#define MINIMUM_DIR_MODE 0700
#define MAXIMUM_DIR_MODE 0775
static int check_symlinks(struct archive_write_disk *);
static int create_filesystem_object(struct archive_write_disk *);
static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
#ifdef HAVE_FCHDIR
static void edit_deep_directories(struct archive_write_disk *ad);
#endif
static int cleanup_pathname(struct archive_write_disk *);
static int create_dir(struct archive_write_disk *, char *);
static int create_parent_dir(struct archive_write_disk *, char *);
static int older(struct stat *, struct archive_entry *);
static int restore_entry(struct archive_write_disk *);
#ifdef HAVE_POSIX_ACL
static int set_acl(struct archive_write_disk *, int fd, struct archive_entry *,
acl_type_t, int archive_entry_acl_type, const char *tn);
#endif
static int set_acls(struct archive_write_disk *);
static int set_xattrs(struct archive_write_disk *);
static int set_fflags(struct archive_write_disk *);
static int set_fflags_platform(struct archive_write_disk *, int fd,
const char *name, mode_t mode,
unsigned long fflags_set, unsigned long fflags_clear);
static int set_ownership(struct archive_write_disk *);
static int set_mode(struct archive_write_disk *, int mode);
static int set_time(int, int, const char *, time_t, long, time_t, long);
static int set_times(struct archive_write_disk *);
static struct fixup_entry *sort_dir_list(struct fixup_entry *p);
static gid_t trivial_lookup_gid(void *, const char *, gid_t);
static uid_t trivial_lookup_uid(void *, const char *, uid_t);
static ssize_t write_data_block(struct archive_write_disk *,
const char *, size_t);
static struct archive_vtable *archive_write_disk_vtable(void);
static int _archive_write_close(struct archive *);
static int _archive_write_finish(struct archive *);
static int _archive_write_header(struct archive *, struct archive_entry *);
static int _archive_write_finish_entry(struct archive *);
static ssize_t _archive_write_data(struct archive *, const void *, size_t);
static ssize_t _archive_write_data_block(struct archive *, const void *, size_t, off_t);
static int
_archive_write_disk_lazy_stat(struct archive_write_disk *a)
{
if (a->pst != NULL) {
/* Already have stat() data available. */
return (ARCHIVE_OK);
}
#ifdef HAVE_FSTAT
if (a->fd >= 0 && fstat(a->fd, &a->st) == 0) {
a->pst = &a->st;
return (ARCHIVE_OK);
}
#endif
/*
* XXX At this point, symlinks should not be hit, otherwise
* XXX a race occured. Do we want to check explicitly for that?
*/
if (lstat(a->name, &a->st) == 0) {
a->pst = &a->st;
return (ARCHIVE_OK);
}
archive_set_error(&a->archive, errno, "Couldn't stat file");
return (ARCHIVE_WARN);
}
static struct archive_vtable *
archive_write_disk_vtable(void)
{
static struct archive_vtable av;
static int inited = 0;
if (!inited) {
av.archive_close = _archive_write_close;
av.archive_finish = _archive_write_finish;
av.archive_write_header = _archive_write_header;
av.archive_write_finish_entry = _archive_write_finish_entry;
av.archive_write_data = _archive_write_data;
av.archive_write_data_block = _archive_write_data_block;
}
return (&av);
}
int
archive_write_disk_set_options(struct archive *_a, int flags)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
a->flags = flags;
return (ARCHIVE_OK);
}
/*
* Extract this entry to disk.
*
* TODO: Validate hardlinks. According to the standards, we're
* supposed to check each extracted hardlink and squawk if it refers
* to a file that we didn't restore. I'm not entirely convinced this
* is a good idea, but more importantly: Is there any way to validate
* hardlinks without keeping a complete list of filenames from the
* entire archive?? Ugh.
*
*/
static int
_archive_write_header(struct archive *_a, struct archive_entry *entry)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
struct fixup_entry *fe;
int ret, r;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
"archive_write_disk_header");
archive_clear_error(&a->archive);
if (a->archive.state & ARCHIVE_STATE_DATA) {
r = _archive_write_finish_entry(&a->archive);
if (r == ARCHIVE_FATAL)
return (r);
}
/* Set up for this particular entry. */
a->pst = NULL;
a->current_fixup = NULL;
a->deferred = 0;
if (a->entry) {
archive_entry_free(a->entry);
a->entry = NULL;
}
a->entry = archive_entry_clone(entry);
a->fd = -1;
a->fd_offset = 0;
a->offset = 0;
a->uid = a->user_uid;
a->mode = archive_entry_mode(a->entry);
if (archive_entry_size_is_set(a->entry))
a->filesize = archive_entry_size(a->entry);
else
a->filesize = -1;
archive_strcpy(&(a->_name_data), archive_entry_pathname(a->entry));
a->name = a->_name_data.s;
archive_clear_error(&a->archive);
/*
* Clean up the requested path. This is necessary for correct
* dir restores; the dir restore logic otherwise gets messed
* up by nonsense like "dir/.".
*/
ret = cleanup_pathname(a);
if (ret != ARCHIVE_OK)
return (ret);
/*
* Set the umask to zero so we get predictable mode settings.
* This gets done on every call to _write_header in case the
* user edits their umask during the extraction for some
* reason. This will be reset before we return. Note that we
* don't need to do this in _finish_entry, as the chmod(), etc,
* system calls don't obey umask.
*/
a->user_umask = umask(0);
/* From here on, early exit requires "goto done" to clean up. */
/* Figure out what we need to do for this entry. */
a->todo = TODO_MODE_BASE;
if (a->flags & ARCHIVE_EXTRACT_PERM) {
a->todo |= TODO_MODE_FORCE; /* Be pushy about permissions. */
/*
* SGID requires an extra "check" step because we
* cannot easily predict the GID that the system will
* assign. (Different systems assign GIDs to files
* based on a variety of criteria, including process
* credentials and the gid of the enclosing
* directory.) We can only restore the SGID bit if
* the file has the right GID, and we only know the
* GID if we either set it (see set_ownership) or if
* we've actually called stat() on the file after it
* was restored. Since there are several places at
* which we might verify the GID, we need a TODO bit
* to keep track.
*/
if (a->mode & S_ISGID)
a->todo |= TODO_SGID | TODO_SGID_CHECK;
/*
* Verifying the SUID is simpler, but can still be
* done in multiple ways, hence the separate "check" bit.
*/
if (a->mode & S_ISUID)
a->todo |= TODO_SUID | TODO_SUID_CHECK;
} else {
/*
* User didn't request full permissions, so don't
* restore SUID, SGID bits and obey umask.
*/
a->mode &= ~S_ISUID;
a->mode &= ~S_ISGID;
a->mode &= ~S_ISVTX;
a->mode &= ~a->user_umask;
}
#if !defined(_WIN32) || defined(__CYGWIN__)
if (a->flags & ARCHIVE_EXTRACT_OWNER)
a->todo |= TODO_OWNER;
#endif
if (a->flags & ARCHIVE_EXTRACT_TIME)
a->todo |= TODO_TIMES;
if (a->flags & ARCHIVE_EXTRACT_ACL)
a->todo |= TODO_ACLS;
if (a->flags & ARCHIVE_EXTRACT_XATTR)
a->todo |= TODO_XATTR;
if (a->flags & ARCHIVE_EXTRACT_FFLAGS)
a->todo |= TODO_FFLAGS;
if (a->flags & ARCHIVE_EXTRACT_SECURE_SYMLINKS) {
ret = check_symlinks(a);
if (ret != ARCHIVE_OK)
goto done;
}
#ifdef HAVE_FCHDIR
/* If path exceeds PATH_MAX, shorten the path. */
edit_deep_directories(a);
#endif
ret = restore_entry(a);
/*
* TODO: There are rumours that some extended attributes must
* be restored before file data is written. If this is true,
* then we either need to write all extended attributes both
* before and after restoring the data, or find some rule for
* determining which must go first and which last. Due to the
* many ways people are using xattrs, this may prove to be an
* intractable problem.
*/
#ifdef HAVE_FCHDIR
/* If we changed directory above, restore it here. */
if (a->restore_pwd >= 0) {
r = fchdir(a->restore_pwd);
if (r != 0) {
archive_set_error(&a->archive, errno, "chdir() failure");
ret = ARCHIVE_FATAL;
}
close(a->restore_pwd);
a->restore_pwd = -1;
}
#endif
/*
* Fixup uses the unedited pathname from archive_entry_pathname(),
* because it is relative to the base dir and the edited path
* might be relative to some intermediate dir as a result of the
* deep restore logic.
*/
if (a->deferred & TODO_MODE) {
fe = current_fixup(a, archive_entry_pathname(entry));
fe->fixup |= TODO_MODE_BASE;
fe->mode = a->mode;
}
if ((a->deferred & TODO_TIMES)
&& (archive_entry_mtime_is_set(entry)
|| archive_entry_atime_is_set(entry))) {
fe = current_fixup(a, archive_entry_pathname(entry));
fe->fixup |= TODO_TIMES;
if (archive_entry_atime_is_set(entry)) {
fe->atime = archive_entry_atime(entry);
fe->atime_nanos = archive_entry_atime_nsec(entry);
} else {
/* If atime is unset, use start time. */
fe->atime = a->start_time;
fe->atime_nanos = 0;
}
if (archive_entry_mtime_is_set(entry)) {
fe->mtime = archive_entry_mtime(entry);
fe->mtime_nanos = archive_entry_mtime_nsec(entry);
} else {
/* If mtime is unset, use start time. */
fe->mtime = a->start_time;
fe->mtime_nanos = 0;
}
if (archive_entry_birthtime_is_set(entry)) {
fe->birthtime = archive_entry_birthtime(entry);
fe->birthtime_nanos = archive_entry_birthtime_nsec(entry);
} else {
/* If birthtime is unset, use mtime. */
fe->birthtime = fe->mtime;
fe->birthtime_nanos = fe->mtime_nanos;
}
}
if (a->deferred & TODO_FFLAGS) {
fe = current_fixup(a, archive_entry_pathname(entry));
fe->fixup |= TODO_FFLAGS;
/* TODO: Complete this.. defer fflags from below. */
}
/* We've created the object and are ready to pour data into it. */
if (ret >= ARCHIVE_WARN)
a->archive.state = ARCHIVE_STATE_DATA;
/*
* If it's not open, tell our client not to try writing.
* In particular, dirs, links, etc, don't get written to.
*/
if (a->fd < 0) {
archive_entry_set_size(entry, 0);
a->filesize = 0;
}
done:
/* Restore the user's umask before returning. */
umask(a->user_umask);
return (ret);
}
int
archive_write_disk_set_skip_file(struct archive *_a, dev_t d, ino_t i)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_ANY, "archive_write_disk_set_skip_file");
a->skip_file_dev = d;
a->skip_file_ino = i;
return (ARCHIVE_OK);
}
static ssize_t
write_data_block(struct archive_write_disk *a, const char *buff, size_t size)
{
uint64_t start_size = size;
ssize_t bytes_written = 0;
ssize_t block_size = 0, bytes_to_write;
if (size == 0)
return (ARCHIVE_OK);
if (a->filesize == 0 || a->fd < 0) {
archive_set_error(&a->archive, 0,
"Attempt to write to an empty file");
return (ARCHIVE_WARN);
}
if (a->flags & ARCHIVE_EXTRACT_SPARSE) {
#if HAVE_STRUCT_STAT_ST_BLKSIZE
int r;
if ((r = _archive_write_disk_lazy_stat(a)) != ARCHIVE_OK)
return (r);
block_size = a->pst->st_blksize;
#else
/* XXX TODO XXX Is there a more appropriate choice here ? */
/* This needn't match the filesystem allocation size. */
block_size = 16*1024;
#endif
}
/* If this write would run beyond the file size, truncate it. */
if (a->filesize >= 0 && (off_t)(a->offset + size) > a->filesize)
start_size = size = (size_t)(a->filesize - a->offset);
/* Write the data. */
while (size > 0) {
if (block_size == 0) {
bytes_to_write = size;
} else {
/* We're sparsifying the file. */
const char *p, *end;
off_t block_end;
/* Skip leading zero bytes. */
for (p = buff, end = buff + size; p < end; ++p) {
if (*p != '\0')
break;
}
a->offset += p - buff;
size -= p - buff;
buff = p;
if (size == 0)
break;
/* Calculate next block boundary after offset. */
block_end
= (a->offset / block_size + 1) * block_size;
/* If the adjusted write would cross block boundary,
* truncate it to the block boundary. */
bytes_to_write = size;
if (a->offset + bytes_to_write > block_end)
bytes_to_write = block_end - a->offset;
}
/* Seek if necessary to the specified offset. */
if (a->offset != a->fd_offset) {
if (lseek(a->fd, a->offset, SEEK_SET) < 0) {
archive_set_error(&a->archive, errno,
"Seek failed");
return (ARCHIVE_FATAL);
}
a->fd_offset = a->offset;
a->archive.file_position = a->offset;
a->archive.raw_position = a->offset;
}
bytes_written = write(a->fd, buff, bytes_to_write);
if (bytes_written < 0) {
archive_set_error(&a->archive, errno, "Write failed");
return (ARCHIVE_WARN);
}
buff += bytes_written;
size -= bytes_written;
a->offset += bytes_written;
a->archive.file_position += bytes_written;
a->archive.raw_position += bytes_written;
a->fd_offset = a->offset;
}
return (start_size - size);
}
static ssize_t
_archive_write_data_block(struct archive *_a,
const void *buff, size_t size, off_t offset)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
ssize_t r;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_DATA, "archive_write_disk_block");
a->offset = offset;
r = write_data_block(a, buff, size);
if (r < ARCHIVE_OK)
return (r);
if ((size_t)r < size) {
archive_set_error(&a->archive, 0,
"Write request too large");
return (ARCHIVE_WARN);
}
return (ARCHIVE_OK);
}
static ssize_t
_archive_write_data(struct archive *_a, const void *buff, size_t size)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_DATA, "archive_write_data");
return (write_data_block(a, buff, size));
}
static int
_archive_write_finish_entry(struct archive *_a)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
int ret = ARCHIVE_OK;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
"archive_write_finish_entry");
if (a->archive.state & ARCHIVE_STATE_HEADER)
return (ARCHIVE_OK);
archive_clear_error(&a->archive);
/* Pad or truncate file to the right size. */
if (a->fd < 0) {
/* There's no file. */
} else if (a->filesize < 0) {
/* File size is unknown, so we can't set the size. */
} else if (a->fd_offset == a->filesize) {
/* Last write ended at exactly the filesize; we're done. */
/* Hopefully, this is the common case. */
} else {
#if HAVE_FTRUNCATE
if (ftruncate(a->fd, a->filesize) == -1 &&
a->filesize == 0) {
archive_set_error(&a->archive, errno,
"File size could not be restored");
return (ARCHIVE_FAILED);
}
#endif
/*
* Not all platforms implement the XSI option to
* extend files via ftruncate. Stat() the file again
* to see what happened.
*/
a->pst = NULL;
if ((ret = _archive_write_disk_lazy_stat(a)) != ARCHIVE_OK)
return (ret);
/* We can use lseek()/write() to extend the file if
* ftruncate didn't work or isn't available. */
if (a->st.st_size < a->filesize) {
const char nul = '\0';
if (lseek(a->fd, a->filesize - 1, SEEK_SET) < 0) {
archive_set_error(&a->archive, errno,
"Seek failed");
return (ARCHIVE_FATAL);
}
if (write(a->fd, &nul, 1) < 0) {
archive_set_error(&a->archive, errno,
"Write to restore size failed");
return (ARCHIVE_FATAL);
}
a->pst = NULL;
}
}
/* Restore metadata. */
/*
* Look up the "real" UID only if we're going to need it.
* TODO: the TODO_SGID condition can be dropped here, can't it?
*/
if (a->todo & (TODO_OWNER | TODO_SUID | TODO_SGID)) {
a->uid = a->lookup_uid(a->lookup_uid_data,
archive_entry_uname(a->entry),
archive_entry_uid(a->entry));
}
/* Look up the "real" GID only if we're going to need it. */
/* TODO: the TODO_SUID condition can be dropped here, can't it? */
if (a->todo & (TODO_OWNER | TODO_SGID | TODO_SUID)) {
a->gid = a->lookup_gid(a->lookup_gid_data,
archive_entry_gname(a->entry),
archive_entry_gid(a->entry));
}
/*
* If restoring ownership, do it before trying to restore suid/sgid
* bits. If we set the owner, we know what it is and can skip
* a stat() call to examine the ownership of the file on disk.
*/
if (a->todo & TODO_OWNER)
ret = set_ownership(a);
if (a->todo & TODO_MODE) {
int r2 = set_mode(a, a->mode);
if (r2 < ret) ret = r2;
}
if (a->todo & TODO_ACLS) {
int r2 = set_acls(a);
if (r2 < ret) ret = r2;
}
/*
* Security-related extended attributes (such as
* security.capability on Linux) have to be restored last,
* since they're implicitly removed by other file changes.
*/
if (a->todo & TODO_XATTR) {
int r2 = set_xattrs(a);
if (r2 < ret) ret = r2;
}
/*
* Some flags prevent file modification; they must be restored after
* file contents are written.
*/
if (a->todo & TODO_FFLAGS) {
int r2 = set_fflags(a);
if (r2 < ret) ret = r2;
}
/*
* Time has to be restored after all other metadata;
* otherwise atime will get changed.
*/
if (a->todo & TODO_TIMES) {
int r2 = set_times(a);
if (r2 < ret) ret = r2;
}
/* If there's an fd, we can close it now. */
if (a->fd >= 0) {
close(a->fd);
a->fd = -1;
}
/* If there's an entry, we can release it now. */
if (a->entry) {
archive_entry_free(a->entry);
a->entry = NULL;
}
a->archive.state = ARCHIVE_STATE_HEADER;
return (ret);
}
int
archive_write_disk_set_group_lookup(struct archive *_a,
void *private_data,
gid_t (*lookup_gid)(void *private, const char *gname, gid_t gid),
void (*cleanup_gid)(void *private))
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_ANY, "archive_write_disk_set_group_lookup");
a->lookup_gid = lookup_gid;
a->cleanup_gid = cleanup_gid;
a->lookup_gid_data = private_data;
return (ARCHIVE_OK);
}
int
archive_write_disk_set_user_lookup(struct archive *_a,
void *private_data,
uid_t (*lookup_uid)(void *private, const char *uname, uid_t uid),
void (*cleanup_uid)(void *private))
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_ANY, "archive_write_disk_set_user_lookup");
a->lookup_uid = lookup_uid;
a->cleanup_uid = cleanup_uid;
a->lookup_uid_data = private_data;
return (ARCHIVE_OK);
}
/*
* Create a new archive_write_disk object and initialize it with global state.
*/
struct archive *
archive_write_disk_new(void)
{
struct archive_write_disk *a;
a = (struct archive_write_disk *)malloc(sizeof(*a));
if (a == NULL)
return (NULL);
memset(a, 0, sizeof(*a));
a->archive.magic = ARCHIVE_WRITE_DISK_MAGIC;
/* We're ready to write a header immediately. */
a->archive.state = ARCHIVE_STATE_HEADER;
a->archive.vtable = archive_write_disk_vtable();
a->lookup_uid = trivial_lookup_uid;
a->lookup_gid = trivial_lookup_gid;
a->start_time = time(NULL);
#ifdef HAVE_GETEUID
a->user_uid = geteuid();
#endif /* HAVE_GETEUID */
if (archive_string_ensure(&a->path_safe, 512) == NULL) {
free(a);
return (NULL);
}
return (&a->archive);
}
/*
* If pathname is longer than PATH_MAX, chdir to a suitable
* intermediate dir and edit the path down to a shorter suffix. Note
* that this routine never returns an error; if the chdir() attempt
* fails for any reason, we just go ahead with the long pathname. The
* object creation is likely to fail, but any error will get handled
* at that time.
*/
#ifdef HAVE_FCHDIR
static void
edit_deep_directories(struct archive_write_disk *a)
{
int ret;
char *tail = a->name;
a->restore_pwd = -1;
/* If path is short, avoid the open() below. */
if (strlen(tail) <= PATH_MAX)
return;
/* Try to record our starting dir. */
a->restore_pwd = open(".", O_RDONLY | O_BINARY);
if (a->restore_pwd < 0)
return;
/* As long as the path is too long... */
while (strlen(tail) > PATH_MAX) {
/* Locate a dir prefix shorter than PATH_MAX. */
tail += PATH_MAX - 8;
while (tail > a->name && *tail != '/')
tail--;
/* Exit if we find a too-long path component. */
if (tail <= a->name)
return;
/* Create the intermediate dir and chdir to it. */
*tail = '\0'; /* Terminate dir portion */
ret = create_dir(a, a->name);
if (ret == ARCHIVE_OK && chdir(a->name) != 0)
ret = ARCHIVE_FAILED;
*tail = '/'; /* Restore the / we removed. */
if (ret != ARCHIVE_OK)
return;
tail++;
/* The chdir() succeeded; we've now shortened the path. */
a->name = tail;
}
return;
}
#endif
/*
* The main restore function.
*/
static int
restore_entry(struct archive_write_disk *a)
{
int ret = ARCHIVE_OK, en;
if (a->flags & ARCHIVE_EXTRACT_UNLINK && !S_ISDIR(a->mode)) {
/*
* TODO: Fix this. Apparently, there are platforms
* that still allow root to hose the entire filesystem
* by unlinking a dir. The S_ISDIR() test above
* prevents us from using unlink() here if the new
* object is a dir, but that doesn't mean the old
* object isn't a dir.
*/
if (unlink(a->name) == 0) {
/* We removed it, reset cached stat. */
a->pst = NULL;
} else if (errno == ENOENT) {
/* File didn't exist, that's just as good. */
} else if (rmdir(a->name) == 0) {
/* It was a dir, but now it's gone. */
a->pst = NULL;
} else {
/* We tried, but couldn't get rid of it. */
archive_set_error(&a->archive, errno,
"Could not unlink");
return(ARCHIVE_FAILED);
}
}
/* Try creating it first; if this fails, we'll try to recover. */
en = create_filesystem_object(a);
if ((en == ENOTDIR || en == ENOENT)
&& !(a->flags & ARCHIVE_EXTRACT_NO_AUTODIR)) {
/* If the parent dir doesn't exist, try creating it. */
create_parent_dir(a, a->name);
/* Now try to create the object again. */
en = create_filesystem_object(a);
}
if ((en == EISDIR || en == EEXIST)
&& (a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
/* If we're not overwriting, we're done. */
archive_set_error(&a->archive, en, "Already exists");
return (ARCHIVE_FAILED);
}
/*
* Some platforms return EISDIR if you call
* open(O_WRONLY | O_EXCL | O_CREAT) on a directory, some
* return EEXIST. POSIX is ambiguous, requiring EISDIR
* for open(O_WRONLY) on a dir and EEXIST for open(O_EXCL | O_CREAT)
* on an existing item.
*/
if (en == EISDIR) {
/* A dir is in the way of a non-dir, rmdir it. */
if (rmdir(a->name) != 0) {
archive_set_error(&a->archive, errno,
"Can't remove already-existing dir");
return (ARCHIVE_FAILED);
}
a->pst = NULL;
/* Try again. */
en = create_filesystem_object(a);
} else if (en == EEXIST) {
/*
* We know something is in the way, but we don't know what;
* we need to find out before we go any further.
*/
int r = 0;
/*
* The SECURE_SYMLINK logic has already removed a
* symlink to a dir if the client wants that. So
* follow the symlink if we're creating a dir.
*/
if (S_ISDIR(a->mode))
r = stat(a->name, &a->st);
/*
* If it's not a dir (or it's a broken symlink),
* then don't follow it.
*/
if (r != 0 || !S_ISDIR(a->mode))
r = lstat(a->name, &a->st);
if (r != 0) {
archive_set_error(&a->archive, errno,
"Can't stat existing object");
return (ARCHIVE_FAILED);
}
/*
* NO_OVERWRITE_NEWER doesn't apply to directories.
*/
if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE_NEWER)
&& !S_ISDIR(a->st.st_mode)) {
if (!older(&(a->st), a->entry)) {
archive_set_error(&a->archive, 0,
"File on disk is not older; skipping.");
return (ARCHIVE_FAILED);
}
}
/* If it's our archive, we're done. */
if (a->skip_file_dev > 0 &&
a->skip_file_ino > 0 &&
a->st.st_dev == a->skip_file_dev &&
a->st.st_ino == a->skip_file_ino) {
archive_set_error(&a->archive, 0, "Refusing to overwrite archive");
return (ARCHIVE_FAILED);
}
if (!S_ISDIR(a->st.st_mode)) {
/* A non-dir is in the way, unlink it. */
if (unlink(a->name) != 0) {
archive_set_error(&a->archive, errno,
"Can't unlink already-existing object");
return (ARCHIVE_FAILED);
}
a->pst = NULL;
/* Try again. */
en = create_filesystem_object(a);
} else if (!S_ISDIR(a->mode)) {
/* A dir is in the way of a non-dir, rmdir it. */
if (rmdir(a->name) != 0) {
archive_set_error(&a->archive, errno,
"Can't remove already-existing dir");
return (ARCHIVE_FAILED);
}
/* Try again. */
en = create_filesystem_object(a);
} else {
/*
* There's a dir in the way of a dir. Don't
* waste time with rmdir()/mkdir(), just fix
* up the permissions on the existing dir.
* Note that we don't change perms on existing
* dirs unless _EXTRACT_PERM is specified.
*/
if ((a->mode != a->st.st_mode)
&& (a->todo & TODO_MODE_FORCE))
a->deferred |= (a->todo & TODO_MODE);
/* Ownership doesn't need deferred fixup. */
en = 0; /* Forget the EEXIST. */
}
}
if (en) {
/* Everything failed; give up here. */
archive_set_error(&a->archive, en, "Can't create '%s'",
a->name);
return (ARCHIVE_FAILED);
}
a->pst = NULL; /* Cached stat data no longer valid. */
return (ret);
}
/*
* Returns 0 if creation succeeds, or else returns errno value from
* the failed system call. Note: This function should only ever perform
* a single system call.
*/
static int
create_filesystem_object(struct archive_write_disk *a)
{
/* Create the entry. */
const char *linkname;
mode_t final_mode, mode;
int r;
/* We identify hard/symlinks according to the link names. */
/* Since link(2) and symlink(2) don't handle modes, we're done here. */
linkname = archive_entry_hardlink(a->entry);
if (linkname != NULL) {
#if !HAVE_LINK
return (EPERM);
#else
r = link(linkname, a->name) ? errno : 0;
/*
* New cpio and pax formats allow hardlink entries
* to carry data, so we may have to open the file
* for hardlink entries.
*
* If the hardlink was successfully created and
* the archive doesn't have carry data for it,
* consider it to be non-authoritive for meta data.
* This is consistent with GNU tar and BSD pax.
* If the hardlink does carry data, let the last
* archive entry decide ownership.
*/
if (r == 0 && a->filesize <= 0) {
a->todo = 0;
a->deferred = 0;
} if (r == 0 && a->filesize > 0) {
a->fd = open(a->name, O_WRONLY | O_TRUNC | O_BINARY);
if (a->fd < 0)
r = errno;
}
return (r);
#endif
}
linkname = archive_entry_symlink(a->entry);
if (linkname != NULL) {
#if HAVE_SYMLINK
return symlink(linkname, a->name) ? errno : 0;
#else
return (EPERM);
#endif
}
/*
* The remaining system calls all set permissions, so let's
* try to take advantage of that to avoid an extra chmod()
* call. (Recall that umask is set to zero right now!)
*/
/* Mode we want for the final restored object (w/o file type bits). */
final_mode = a->mode & 07777;
/*
* The mode that will actually be restored in this step. Note
* that SUID, SGID, etc, require additional work to ensure
* security, so we never restore them at this point.
*/
mode = final_mode & 0777;
switch (a->mode & AE_IFMT) {
default:
/* POSIX requires that we fall through here. */
/* FALLTHROUGH */
case AE_IFREG:
a->fd = open(a->name,
O_WRONLY | O_CREAT | O_EXCL | O_BINARY, mode);
r = (a->fd < 0);
break;
case AE_IFCHR:
#ifdef HAVE_MKNOD
/* Note: we use AE_IFCHR for the case label, and
* S_IFCHR for the mknod() call. This is correct. */
r = mknod(a->name, mode | S_IFCHR,
archive_entry_rdev(a->entry));
break;
#else
/* TODO: Find a better way to warn about our inability
* to restore a char device node. */
return (EINVAL);
#endif /* HAVE_MKNOD */
case AE_IFBLK:
#ifdef HAVE_MKNOD
r = mknod(a->name, mode | S_IFBLK,
archive_entry_rdev(a->entry));
break;
#else
/* TODO: Find a better way to warn about our inability
* to restore a block device node. */
return (EINVAL);
#endif /* HAVE_MKNOD */
case AE_IFDIR:
mode = (mode | MINIMUM_DIR_MODE) & MAXIMUM_DIR_MODE;
r = mkdir(a->name, mode);
if (r == 0) {
/* Defer setting dir times. */
a->deferred |= (a->todo & TODO_TIMES);
a->todo &= ~TODO_TIMES;
/* Never use an immediate chmod(). */
/* We can't avoid the chmod() entirely if EXTRACT_PERM
* because of SysV SGID inheritance. */
if ((mode != final_mode)
|| (a->flags & ARCHIVE_EXTRACT_PERM))
a->deferred |= (a->todo & TODO_MODE);
a->todo &= ~TODO_MODE;
}
break;
case AE_IFIFO:
#ifdef HAVE_MKFIFO
r = mkfifo(a->name, mode);
break;
#else
/* TODO: Find a better way to warn about our inability
* to restore a fifo. */
return (EINVAL);
#endif /* HAVE_MKFIFO */
}
/* All the system calls above set errno on failure. */
if (r)
return (errno);
/* If we managed to set the final mode, we've avoided a chmod(). */
if (mode == final_mode)
a->todo &= ~TODO_MODE;
return (0);
}
/*
* Cleanup function for archive_extract. Mostly, this involves processing
* the fixup list, which is used to address a number of problems:
* * Dir permissions might prevent us from restoring a file in that
* dir, so we restore the dir with minimum 0700 permissions first,
* then correct the mode at the end.
* * Similarly, the act of restoring a file touches the directory
* and changes the timestamp on the dir, so we have to touch-up dir
* timestamps at the end as well.
* * Some file flags can interfere with the restore by, for example,
* preventing the creation of hardlinks to those files.
*
* Note that tar/cpio do not require that archives be in a particular
* order; there is no way to know when the last file has been restored
* within a directory, so there's no way to optimize the memory usage
* here by fixing up the directory any earlier than the
* end-of-archive.
*
* XXX TODO: Directory ACLs should be restored here, for the same
* reason we set directory perms here. XXX
*/
static int
_archive_write_close(struct archive *_a)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
struct fixup_entry *next, *p;
int ret;
__archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
ARCHIVE_STATE_HEADER | ARCHIVE_STATE_DATA,
"archive_write_disk_close");
ret = _archive_write_finish_entry(&a->archive);
/* Sort dir list so directories are fixed up in depth-first order. */
p = sort_dir_list(a->fixup_list);
while (p != NULL) {
a->pst = NULL; /* Mark stat cache as out-of-date. */
if (p->fixup & TODO_TIMES) {
#ifdef HAVE_UTIMES
/* {f,l,}utimes() are preferred, when available. */
#if defined(_WIN32) && !defined(__CYGWIN__)
struct __timeval times[2];
#else
struct timeval times[2];
#endif
times[0].tv_sec = p->atime;
times[0].tv_usec = p->atime_nanos / 1000;
#ifdef HAVE_STRUCT_STAT_ST_BIRTHTIME
/* if it's valid and not mtime, push the birthtime first */
if (((times[1].tv_sec = p->birthtime) < p->mtime) &&
(p->birthtime > 0))
{
times[1].tv_usec = p->birthtime_nanos / 1000;
utimes(p->name, times);
}
#endif
times[1].tv_sec = p->mtime;
times[1].tv_usec = p->mtime_nanos / 1000;
#ifdef HAVE_LUTIMES
lutimes(p->name, times);
#else
utimes(p->name, times);
#endif
#else
/* utime() is more portable, but less precise. */
struct utimbuf times;
times.modtime = p->mtime;
times.actime = p->atime;
utime(p->name, &times);
#endif
}
if (p->fixup & TODO_MODE_BASE)
chmod(p->name, p->mode);
if (p->fixup & TODO_FFLAGS)
set_fflags_platform(a, -1, p->name,
p->mode, p->fflags_set, 0);
next = p->next;
free(p->name);
free(p);
p = next;
}
a->fixup_list = NULL;
return (ret);
}
static int
_archive_write_finish(struct archive *_a)
{
struct archive_write_disk *a = (struct archive_write_disk *)_a;
int ret;
ret = _archive_write_close(&a->archive);
if (a->cleanup_gid != NULL && a->lookup_gid_data != NULL)
(a->cleanup_gid)(a->lookup_gid_data);
if (a->cleanup_uid != NULL && a->lookup_uid_data != NULL)
(a->cleanup_uid)(a->lookup_uid_data);
if (a->entry)
archive_entry_free(a->entry);
archive_string_free(&a->_name_data);
archive_string_free(&a->archive.error_string);
archive_string_free(&a->path_safe);
free(a);
return (ret);
}
/*
* Simple O(n log n) merge sort to order the fixup list. In
* particular, we want to restore dir timestamps depth-first.
*/
static struct fixup_entry *
sort_dir_list(struct fixup_entry *p)
{
struct fixup_entry *a, *b, *t;
if (p == NULL)
return (NULL);
/* A one-item list is already sorted. */
if (p->next == NULL)
return (p);
/* Step 1: split the list. */
t = p;
a = p->next->next;
while (a != NULL) {
/* Step a twice, t once. */
a = a->next;
if (a != NULL)
a = a->next;
t = t->next;
}
/* Now, t is at the mid-point, so break the list here. */
b = t->next;
t->next = NULL;
a = p;
/* Step 2: Recursively sort the two sub-lists. */
a = sort_dir_list(a);
b = sort_dir_list(b);
/* Step 3: Merge the returned lists. */
/* Pick the first element for the merged list. */
if (strcmp(a->name, b->name) > 0) {
t = p = a;
a = a->next;
} else {
t = p = b;
b = b->next;
}
/* Always put the later element on the list first. */
while (a != NULL && b != NULL) {
if (strcmp(a->name, b->name) > 0) {
t->next = a;
a = a->next;
} else {
t->next = b;
b = b->next;
}
t = t->next;
}
/* Only one list is non-empty, so just splice it on. */
if (a != NULL)
t->next = a;
if (b != NULL)
t->next = b;
return (p);
}
/*
* Returns a new, initialized fixup entry.
*
* TODO: Reduce the memory requirements for this list by using a tree
* structure rather than a simple list of names.
*/
static struct fixup_entry *
new_fixup(struct archive_write_disk *a, const char *pathname)
{
struct fixup_entry *fe;
fe = (struct fixup_entry *)malloc(sizeof(struct fixup_entry));
if (fe == NULL)
return (NULL);
fe->next = a->fixup_list;
a->fixup_list = fe;
fe->fixup = 0;
fe->name = strdup(pathname);
return (fe);
}
/*
* Returns a fixup structure for the current entry.
*/
static struct fixup_entry *
current_fixup(struct archive_write_disk *a, const char *pathname)
{
if (a->current_fixup == NULL)
a->current_fixup = new_fixup(a, pathname);
return (a->current_fixup);
}
/* TODO: Make this work. */
/*
* TODO: The deep-directory support bypasses this; disable deep directory
* support if we're doing symlink checks.
*/
/*
* TODO: Someday, integrate this with the deep dir support; they both
* scan the path and both can be optimized by comparing against other
* recent paths.
*/
/* TODO: Extend this to support symlinks on Windows Vista and later. */
static int
check_symlinks(struct archive_write_disk *a)
{
#if !defined(HAVE_LSTAT)
/* Platform doesn't have lstat, so we can't look for symlinks. */
(void)a; /* UNUSED */
return (ARCHIVE_OK);
#else
char *pn, *p;
char c;
int r;
struct stat st;
/*
* Guard against symlink tricks. Reject any archive entry whose
* destination would be altered by a symlink.
*/
/* Whatever we checked last time doesn't need to be re-checked. */
pn = a->name;
p = a->path_safe.s;
while ((*pn != '\0') && (*p == *pn))
++p, ++pn;
c = pn[0];
/* Keep going until we've checked the entire name. */
while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
/* Skip the next path element. */
while (*pn != '\0' && *pn != '/')
++pn;
c = pn[0];
pn[0] = '\0';
/* Check that we haven't hit a symlink. */
r = lstat(a->name, &st);
if (r != 0) {
/* We've hit a dir that doesn't exist; stop now. */
if (errno == ENOENT)
break;
} else if (S_ISLNK(st.st_mode)) {
if (c == '\0') {
/*
* Last element is symlink; remove it
* so we can overwrite it with the
* item being extracted.
*/
if (unlink(a->name)) {
archive_set_error(&a->archive, errno,
"Could not remove symlink %s",
a->name);
pn[0] = c;
return (ARCHIVE_FAILED);
}
a->pst = NULL;
/*
* Even if we did remove it, a warning
* is in order. The warning is silly,
* though, if we're just replacing one
* symlink with another symlink.
*/
if (!S_ISLNK(a->mode)) {
archive_set_error(&a->archive, 0,
"Removing symlink %s",
a->name);
}
/* Symlink gone. No more problem! */
pn[0] = c;
return (0);
} else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
/* User asked us to remove problems. */
if (unlink(a->name) != 0) {
archive_set_error(&a->archive, 0,
"Cannot remove intervening symlink %s",
a->name);
pn[0] = c;
return (ARCHIVE_FAILED);
}
a->pst = NULL;
} else {
archive_set_error(&a->archive, 0,
"Cannot extract through symlink %s",
a->name);
pn[0] = c;
return (ARCHIVE_FAILED);
}
}
}
pn[0] = c;
/* We've checked and/or cleaned the whole path, so remember it. */
archive_strcpy(&a->path_safe, a->name);
return (ARCHIVE_OK);
#endif
}
#if defined(_WIN32) || defined(__CYGWIN__)
/*
* 1. Convert a path separator from '\' to '/' .
* We shouldn't check multi-byte character directly because some
* character-set have been using the '\' character for a part of
* its multibyte character code.
* 2. Replace unusable characters in Windows with underscore('_').
* See also : http://msdn.microsoft.com/en-us/library/aa365247.aspx
*/
static void
cleanup_pathname_win(struct archive_write_disk *a)
{
wchar_t wc;
char *p;
size_t alen, l;
alen = 0;
l = 0;
for (p = a->name; *p != '\0'; p++) {
++alen;
if (*p == '\\')
l = 1;
/* Rewrite the path name if its character is a unusable. */
if (*p == ':' || *p == '*' || *p == '?' || *p == '"' ||
*p == '<' || *p == '>' || *p == '|')
*p = '_';
}
if (alen == 0 || l == 0)
return;
/*
* Convert path separator.
*/
p = a->name;
while (*p != '\0' && alen) {
l = mbtowc(&wc, p, alen);
if (l == -1) {
while (*p != '\0') {
if (*p == '\\')
*p = '/';
++p;
}
break;
}
if (l == 1 && wc == L'\\')
*p = '/';
p += l;
alen -= l;
}
}
#endif
/*
* Canonicalize the pathname. In particular, this strips duplicate
* '/' characters, '.' elements, and trailing '/'. It also raises an
* error for an empty path, a trailing '..' or (if _SECURE_NODOTDOT is
* set) any '..' in the path.
*/
static int
cleanup_pathname(struct archive_write_disk *a)
{
char *dest, *src;
char separator = '\0';
dest = src = a->name;
if (*src == '\0') {
archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
"Invalid empty pathname");
return (ARCHIVE_FAILED);
}
#if defined(_WIN32) || defined(__CYGWIN__)
cleanup_pathname_win(a);
#endif
/* Skip leading '/'. */
if (*src == '/')
separator = *src++;
/* Scan the pathname one element at a time. */
for (;;) {
/* src points to first char after '/' */
if (src[0] == '\0') {
break;
} else if (src[0] == '/') {
/* Found '//', ignore second one. */
src++;
continue;
} else if (src[0] == '.') {
if (src[1] == '\0') {
/* Ignore trailing '.' */
break;
} else if (src[1] == '/') {
/* Skip './'. */
src += 2;
continue;
} else if (src[1] == '.') {
if (src[2] == '/' || src[2] == '\0') {
/* Conditionally warn about '..' */
if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
archive_set_error(&a->archive,
ARCHIVE_ERRNO_MISC,
"Path contains '..'");
return (ARCHIVE_FAILED);
}
}
/*
* Note: Under no circumstances do we
* remove '..' elements. In
* particular, restoring
* '/foo/../bar/' should create the
* 'foo' dir as a side-effect.
*/
}
}
/* Copy current element, including leading '/'. */
if (separator)
*dest++ = '/';
while (*src != '\0' && *src != '/') {
*dest++ = *src++;
}
if (*src == '\0')
break;
/* Skip '/' separator. */
separator = *src++;
}
/*
* We've just copied zero or more path elements, not including the
* final '/'.
*/
if (dest == a->name) {
/*
* Nothing got copied. The path must have been something
* like '.' or '/' or './' or '/././././/./'.
*/
if (separator)
*dest++ = '/';
else
*dest++ = '.';
}
/* Terminate the result. */
*dest = '\0';
return (ARCHIVE_OK);
}
/*
* Create the parent directory of the specified path, assuming path
* is already in mutable storage.
*/
static int
create_parent_dir(struct archive_write_disk *a, char *path)
{
char *slash;
int r;
/* Remove tail element to obtain parent name. */
slash = strrchr(path, '/');
if (slash == NULL)
return (ARCHIVE_OK);
*slash = '\0';
r = create_dir(a, path);
*slash = '/';
return (r);
}
/*
* Create the specified dir, recursing to create parents as necessary.
*
* Returns ARCHIVE_OK if the path exists when we're done here.
* Otherwise, returns ARCHIVE_FAILED.
* Assumes path is in mutable storage; path is unchanged on exit.
*/
static int
create_dir(struct archive_write_disk *a, char *path)
{
struct stat st;
struct fixup_entry *le;
char *slash, *base;
mode_t mode_final, mode;
int r;
/* Check for special names and just skip them. */
slash = strrchr(path, '/');
if (slash == NULL)
base = path;
else
base = slash + 1;
if (base[0] == '\0' ||
(base[0] == '.' && base[1] == '\0') ||
(base[0] == '.' && base[1] == '.' && base[2] == '\0')) {
/* Don't bother trying to create null path, '.', or '..'. */
if (slash != NULL) {
*slash = '\0';
r = create_dir(a, path);
*slash = '/';
return (r);
}
return (ARCHIVE_OK);
}
/*
* Yes, this should be stat() and not lstat(). Using lstat()
* here loses the ability to extract through symlinks. Also note
* that this should not use the a->st cache.
*/
if (stat(path, &st) == 0) {
if (S_ISDIR(st.st_mode))
return (ARCHIVE_OK);
if ((a->flags & ARCHIVE_EXTRACT_NO_OVERWRITE)) {
archive_set_error(&a->archive, EEXIST,
"Can't create directory '%s'", path);
return (ARCHIVE_FAILED);
}
if (unlink(path) != 0) {
archive_set_error(&a->archive, errno,
"Can't create directory '%s': "
"Conflicting file cannot be removed");
return (ARCHIVE_FAILED);
}
} else if (errno != ENOENT && errno != ENOTDIR) {
/* Stat failed? */
archive_set_error(&a->archive, errno, "Can't test directory '%s'", path);
return (ARCHIVE_FAILED);
} else if (slash != NULL) {
*slash = '\0';
r = create_dir(a, path);
*slash = '/';
if (r != ARCHIVE_OK)
return (r);
}
/*
* Mode we want for the final restored directory. Per POSIX,
* implicitly-created dirs must be created obeying the umask.
* There's no mention whether this is different for privileged
* restores (which the rest of this code handles by pretending
* umask=0). I've chosen here to always obey the user's umask for
* implicit dirs, even if _EXTRACT_PERM was specified.
*/
mode_final = DEFAULT_DIR_MODE & ~a->user_umask;
/* Mode we want on disk during the restore process. */
mode = mode_final;
mode |= MINIMUM_DIR_MODE;
mode &= MAXIMUM_DIR_MODE;
if (mkdir(path, mode) == 0) {
if (mode != mode_final) {
le = new_fixup(a, path);
le->fixup |=TODO_MODE_BASE;
le->mode = mode_final;
}
return (ARCHIVE_OK);
}
/*
* Without the following check, a/b/../b/c/d fails at the
* second visit to 'b', so 'd' can't be created. Note that we
* don't add it to the fixup list here, as it's already been
* added.
*/
if (stat(path, &st) == 0 && S_ISDIR(st.st_mode))
return (ARCHIVE_OK);
archive_set_error(&a->archive, errno, "Failed to create dir '%s'",
path);
return (ARCHIVE_FAILED);
}
/*
* Note: Although we can skip setting the user id if the desired user
* id matches the current user, we cannot skip setting the group, as
* many systems set the gid based on the containing directory. So
* we have to perform a chown syscall if we want to set the SGID
* bit. (The alternative is to stat() and then possibly chown(); it's
* more efficient to skip the stat() and just always chown().) Note
* that a successful chown() here clears the TODO_SGID_CHECK bit, which
* allows set_mode to skip the stat() check for the GID.
*/
static int
set_ownership(struct archive_write_disk *a)
{
#ifndef __CYGWIN__
/* unfortunately, on win32 there is no 'root' user with uid 0,
so we just have to try the chown and see if it works */
/* If we know we can't change it, don't bother trying. */
if (a->user_uid != 0 && a->user_uid != a->uid) {
archive_set_error(&a->archive, errno,
"Can't set UID=%d", a->uid);
return (ARCHIVE_WARN);
}
#endif
#ifdef HAVE_FCHOWN
/* If we have an fd, we can avoid a race. */
if (a->fd >= 0 && fchown(a->fd, a->uid, a->gid) == 0) {
/* We've set owner and know uid/gid are correct. */
a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
return (ARCHIVE_OK);
}
#endif
/* We prefer lchown() but will use chown() if that's all we have. */
/* Of course, if we have neither, this will always fail. */
#ifdef HAVE_LCHOWN
if (lchown(a->name, a->uid, a->gid) == 0) {
/* We've set owner and know uid/gid are correct. */
a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
return (ARCHIVE_OK);
}
#elif HAVE_CHOWN
if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
/* We've set owner and know uid/gid are correct. */
a->todo &= ~(TODO_OWNER | TODO_SGID_CHECK | TODO_SUID_CHECK);
return (ARCHIVE_OK);
}
#endif
archive_set_error(&a->archive, errno,
"Can't set user=%d/group=%d for %s", a->uid, a->gid,
a->name);
return (ARCHIVE_WARN);
}
#if defined(HAVE_UTIMENSAT) && defined(HAVE_FUTIMENS)
/*
* utimensat() and futimens() are defined in POSIX.1-2008. They provide ns
* resolution and setting times on fd and on symlinks, too.
*/
static int
set_time(int fd, int mode, const char *name,
time_t atime, long atime_nsec,
time_t mtime, long mtime_nsec)
{
struct timespec ts[2];
ts[0].tv_sec = atime;
ts[0].tv_nsec = atime_nsec;
ts[1].tv_sec = mtime;
ts[1].tv_nsec = mtime_nsec;
if (fd >= 0)
return futimens(fd, ts);
return utimensat(AT_FDCWD, name, ts, AT_SYMLINK_NOFOLLOW);
}
#elif HAVE_UTIMES
/*
* The utimes()-family functions provide µs-resolution and
* a way to set time on an fd or a symlink. We prefer them
* when they're available and utimensat/futimens aren't there.
*/
static int
set_time(int fd, int mode, const char *name,
time_t atime, long atime_nsec,
time_t mtime, long mtime_nsec)
{
#if defined(_WIN32) && !defined(__CYGWIN__)
struct __timeval times[2];
#else
struct timeval times[2];
#endif
times[0].tv_sec = atime;
times[0].tv_usec = atime_nsec / 1000;
times[1].tv_sec = mtime;
times[1].tv_usec = mtime_nsec / 1000;
#ifdef HAVE_FUTIMES
if (fd >= 0)
return (futimes(fd, times));
#else
(void)fd; /* UNUSED */
#endif
#ifdef HAVE_LUTIMES
(void)mode; /* UNUSED */
return (lutimes(name, times));
#else
if (S_ISLNK(mode))
return (0);
return (utimes(name, times));
#endif
}
#elif defined(HAVE_UTIME)
/*
* utime() is an older, more standard interface that we'll use
* if utimes() isn't available.
*/
static int
set_time(int fd, int mode, const char *name,
time_t atime, long atime_nsec,
time_t mtime, long mtime_nsec)
{
struct utimbuf times;
(void)fd; /* UNUSED */
(void)name; /* UNUSED */
(void)atime_nsec; /* UNUSED */
(void)mtime_nsec; /* UNUSED */
times.actime = atime;
times.modtime = mtime;
if (S_ISLNK(mode))
return (ARCHIVE_OK);
return (utime(name, &times));
}
#else
static int
set_time(int fd, int mode, const char *name,
time_t atime, long atime_nsec,
time_t mtime, long mtime_nsec)
{
return (ARCHIVE_WARN);
}
#endif
static int
set_times(struct archive_write_disk *a)
{
time_t atime = a->start_time, mtime = a->start_time;
long atime_nsec = 0, mtime_nsec = 0;
/* If no time was provided, we're done. */
if (!archive_entry_atime_is_set(a->entry)
#if HAVE_STRUCT_STAT_ST_BIRTHTIME
&& !archive_entry_birthtime_is_set(a->entry)
#endif
&& !archive_entry_mtime_is_set(a->entry))
return (ARCHIVE_OK);
/* If no atime was specified, use start time instead. */
/* In theory, it would be marginally more correct to use
* time(NULL) here, but that would cost us an extra syscall
* for little gain. */
if (archive_entry_atime_is_set(a->entry)) {
atime = archive_entry_atime(a->entry);
atime_nsec = archive_entry_atime_nsec(a->entry);
}
/*
* If you have struct stat.st_birthtime, we assume BSD birthtime
* semantics, in which {f,l,}utimes() updates birthtime to earliest
* mtime. So we set the time twice, first using the birthtime,
* then using the mtime.
*/
#if HAVE_STRUCT_STAT_ST_BIRTHTIME
/* If birthtime is set, flush that through to disk first. */
if (archive_entry_birthtime_is_set(a->entry))
if (set_time(a->fd, a->mode, a->name, atime, atime_nsec,
archive_entry_birthtime(a->entry),
archive_entry_birthtime_nsec(a->entry))) {
archive_set_error(&a->archive, errno,
"Can't update time for %s",
a->name);
return (ARCHIVE_WARN);
}
#endif
if (archive_entry_mtime_is_set(a->entry)) {
mtime = archive_entry_mtime(a->entry);
mtime_nsec = archive_entry_mtime_nsec(a->entry);
}
if (set_time(a->fd, a->mode, a->name,
atime, atime_nsec, mtime, mtime_nsec)) {
archive_set_error(&a->archive, errno,
"Can't update time for %s",
a->name);
return (ARCHIVE_WARN);
}
/*
* Note: POSIX does not provide a portable way to restore ctime.
* (Apart from resetting the system clock, which is distasteful.)
* So, any restoration of ctime will necessarily be OS-specific.
*/
return (ARCHIVE_OK);
}
static int
set_mode(struct archive_write_disk *a, int mode)
{
int r = ARCHIVE_OK;
mode &= 07777; /* Strip off file type bits. */
if (a->todo & TODO_SGID_CHECK) {
/*
* If we don't know the GID is right, we must stat()
* to verify it. We can't just check the GID of this
* process, since systems sometimes set GID from
* the enclosing dir or based on ACLs.
*/
if ((r = _archive_write_disk_lazy_stat(a)) != ARCHIVE_OK)
return (r);
if (a->pst->st_gid != a->gid) {
mode &= ~ S_ISGID;
#if !defined(_WIN32) || defined(__CYGWIN__)
if (a->flags & ARCHIVE_EXTRACT_OWNER) {
/*
* This is only an error if you
* requested owner restore. If you
* didn't, we'll try to restore
* sgid/suid, but won't consider it a
* problem if we can't.
*/
archive_set_error(&a->archive, -1,
"Can't restore SGID bit");
r = ARCHIVE_WARN;
}
#endif
}
/* While we're here, double-check the UID. */
if (a->pst->st_uid != a->uid
&& (a->todo & TODO_SUID)) {
mode &= ~ S_ISUID;
#if !defined(_WIN32) || defined(__CYGWIN__)
if (a->flags & ARCHIVE_EXTRACT_OWNER) {
archive_set_error(&a->archive, -1,
"Can't restore SUID bit");
r = ARCHIVE_WARN;
}
#endif
}
a->todo &= ~TODO_SGID_CHECK;
a->todo &= ~TODO_SUID_CHECK;
} else if (a->todo & TODO_SUID_CHECK) {
/*
* If we don't know the UID is right, we can just check
* the user, since all systems set the file UID from
* the process UID.
*/
if (a->user_uid != a->uid) {
mode &= ~ S_ISUID;
#if !defined(_WIN32) || defined(__CYGWIN__)
if (a->flags & ARCHIVE_EXTRACT_OWNER) {
archive_set_error(&a->archive, -1,
"Can't make file SUID");
r = ARCHIVE_WARN;
}
#endif
}
a->todo &= ~TODO_SUID_CHECK;
}
if (S_ISLNK(a->mode)) {
#ifdef HAVE_LCHMOD
/*
* If this is a symlink, use lchmod(). If the
* platform doesn't support lchmod(), just skip it. A
* platform that doesn't provide a way to set
* permissions on symlinks probably ignores
* permissions on symlinks, so a failure here has no
* impact.
*/
if (lchmod(a->name, mode) != 0) {
archive_set_error(&a->archive, errno,
"Can't set permissions to 0%o", (int)mode);
r = ARCHIVE_WARN;
}
#endif
} else if (!S_ISDIR(a->mode)) {
/*
* If it's not a symlink and not a dir, then use
* fchmod() or chmod(), depending on whether we have
* an fd. Dirs get their perms set during the
* post-extract fixup, which is handled elsewhere.
*/
#ifdef HAVE_FCHMOD
if (a->fd >= 0) {
if (fchmod(a->fd, mode) != 0) {
archive_set_error(&a->archive, errno,
"Can't set permissions to 0%o", (int)mode);
r = ARCHIVE_WARN;
}
} else
#endif
/* If this platform lacks fchmod(), then
* we'll just use chmod(). */
if (chmod(a->name, mode) != 0) {
archive_set_error(&a->archive, errno,
"Can't set permissions to 0%o", (int)mode);
r = ARCHIVE_WARN;
}
}
return (r);
}
static int
set_fflags(struct archive_write_disk *a)
{
struct fixup_entry *le;
unsigned long set, clear;
int r;
int critical_flags;
mode_t mode = archive_entry_mode(a->entry);
/*
* Make 'critical_flags' hold all file flags that can't be
* immediately restored. For example, on BSD systems,
* SF_IMMUTABLE prevents hardlinks from being created, so
* should not be set until after any hardlinks are created. To
* preserve some semblance of portability, this uses #ifdef
* extensively. Ugly, but it works.
*
* Yes, Virginia, this does create a security race. It's mitigated
* somewhat by the practice of creating dirs 0700 until the extract
* is done, but it would be nice if we could do more than that.
* People restoring critical file systems should be wary of
* other programs that might try to muck with files as they're
* being restored.
*/
/* Hopefully, the compiler will optimize this mess into a constant. */
critical_flags = 0;
#ifdef SF_IMMUTABLE
critical_flags |= SF_IMMUTABLE;
#endif
#ifdef UF_IMMUTABLE
critical_flags |= UF_IMMUTABLE;
#endif
#ifdef SF_APPEND
critical_flags |= SF_APPEND;
#endif
#ifdef UF_APPEND
critical_flags |= UF_APPEND;
#endif
#ifdef EXT2_APPEND_FL
critical_flags |= EXT2_APPEND_FL;
#endif
#ifdef EXT2_IMMUTABLE_FL
critical_flags |= EXT2_IMMUTABLE_FL;
#endif
if (a->todo & TODO_FFLAGS) {
archive_entry_fflags(a->entry, &set, &clear);
/*
* The first test encourages the compiler to eliminate
* all of this if it's not necessary.
*/
if ((critical_flags != 0) && (set & critical_flags)) {
le = current_fixup(a, a->name);
le->fixup |= TODO_FFLAGS;
le->fflags_set = set;
/* Store the mode if it's not already there. */
if ((le->fixup & TODO_MODE) == 0)
le->mode = mode;
} else {
r = set_fflags_platform(a, a->fd,
a->name, mode, set, clear);
if (r != ARCHIVE_OK)
return (r);
}
}
return (ARCHIVE_OK);
}
#if ( defined(HAVE_LCHFLAGS) || defined(HAVE_CHFLAGS) || defined(HAVE_FCHFLAGS) ) && defined(HAVE_STRUCT_STAT_ST_FLAGS)
/*
* BSD reads flags using stat() and sets them with one of {f,l,}chflags()
*/
static int
set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
mode_t mode, unsigned long set, unsigned long clear)
{
int r;
(void)mode; /* UNUSED */
if (set == 0 && clear == 0)
return (ARCHIVE_OK);
/*
* XXX Is the stat here really necessary? Or can I just use
* the 'set' flags directly? In particular, I'm not sure
* about the correct approach if we're overwriting an existing
* file that already has flags on it. XXX
*/
if ((r = _archive_write_disk_lazy_stat(a)) != ARCHIVE_OK)
return (r);
a->st.st_flags &= ~clear;
a->st.st_flags |= set;
#ifdef HAVE_FCHFLAGS
/* If platform has fchflags() and we were given an fd, use it. */
if (fd >= 0 && fchflags(fd, a->st.st_flags) == 0)
return (ARCHIVE_OK);
#endif
/*
* If we can't use the fd to set the flags, we'll use the
* pathname to set flags. We prefer lchflags() but will use
* chflags() if we must.
*/
#ifdef HAVE_LCHFLAGS
if (lchflags(name, a->st.st_flags) == 0)
return (ARCHIVE_OK);
#elif defined(HAVE_CHFLAGS)
if (S_ISLNK(a->st.st_mode)) {
archive_set_error(&a->archive, errno,
"Can't set file flags on symlink.");
return (ARCHIVE_WARN);
}
if (chflags(name, a->st.st_flags) == 0)
return (ARCHIVE_OK);
#endif
archive_set_error(&a->archive, errno,
"Failed to set file flags");
return (ARCHIVE_WARN);
}
#elif defined(EXT2_IOC_GETFLAGS) && defined(EXT2_IOC_SETFLAGS)
/*
* Linux uses ioctl() to read and write file flags.
*/
static int
set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
mode_t mode, unsigned long set, unsigned long clear)
{
int ret;
int myfd = fd;
unsigned long newflags, oldflags;
unsigned long sf_mask = 0;
if (set == 0 && clear == 0)
return (ARCHIVE_OK);
/* Only regular files and dirs can have flags. */
if (!S_ISREG(mode) && !S_ISDIR(mode))
return (ARCHIVE_OK);
/* If we weren't given an fd, open it ourselves. */
if (myfd < 0)
myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY);
if (myfd < 0)
return (ARCHIVE_OK);
/*
* Linux has no define for the flags that are only settable by
* the root user. This code may seem a little complex, but
* there seem to be some Linux systems that lack these
* defines. (?) The code below degrades reasonably gracefully
* if sf_mask is incomplete.
*/
#ifdef EXT2_IMMUTABLE_FL
sf_mask |= EXT2_IMMUTABLE_FL;
#endif
#ifdef EXT2_APPEND_FL
sf_mask |= EXT2_APPEND_FL;
#endif
/*
* XXX As above, this would be way simpler if we didn't have
* to read the current flags from disk. XXX
*/
ret = ARCHIVE_OK;
/* Try setting the flags as given. */
if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) >= 0) {
newflags = (oldflags & ~clear) | set;
if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
goto cleanup;
if (errno != EPERM)
goto fail;
}
/* If we couldn't set all the flags, try again with a subset. */
if (ioctl(myfd, EXT2_IOC_GETFLAGS, &oldflags) >= 0) {
newflags &= ~sf_mask;
oldflags &= sf_mask;
newflags |= oldflags;
if (ioctl(myfd, EXT2_IOC_SETFLAGS, &newflags) >= 0)
goto cleanup;
}
/* We couldn't set the flags, so report the failure. */
fail:
archive_set_error(&a->archive, errno,
"Failed to set file flags");
ret = ARCHIVE_WARN;
cleanup:
if (fd < 0)
close(myfd);
return (ret);
}
#else
/*
* Of course, some systems have neither BSD chflags() nor Linux' flags
* support through ioctl().
*/
static int
set_fflags_platform(struct archive_write_disk *a, int fd, const char *name,
mode_t mode, unsigned long set, unsigned long clear)
{
(void)a; /* UNUSED */
(void)fd; /* UNUSED */
(void)name; /* UNUSED */
(void)mode; /* UNUSED */
(void)set; /* UNUSED */
(void)clear; /* UNUSED */
return (ARCHIVE_OK);
}
#endif /* __linux */
#ifndef HAVE_POSIX_ACL
/* Default empty function body to satisfy mainline code. */
static int
set_acls(struct archive_write_disk *a)
{
(void)a; /* UNUSED */
return (ARCHIVE_OK);
}
#else
/*
* XXX TODO: What about ACL types other than ACCESS and DEFAULT?
*/
static int
set_acls(struct archive_write_disk *a)
{
int ret;
ret = set_acl(a, a->fd, a->entry, ACL_TYPE_ACCESS,
ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
if (ret != ARCHIVE_OK)
return (ret);
ret = set_acl(a, a->fd, a->entry, ACL_TYPE_DEFAULT,
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
return (ret);
}
static int
set_acl(struct archive_write_disk *a, int fd, struct archive_entry *entry,
acl_type_t acl_type, int ae_requested_type, const char *tname)
{
acl_t acl;
acl_entry_t acl_entry;
acl_permset_t acl_permset;
int ret;
int ae_type, ae_permset, ae_tag, ae_id;
uid_t ae_uid;
gid_t ae_gid;
const char *ae_name;
int entries;
const char *name;
ret = ARCHIVE_OK;
entries = archive_entry_acl_reset(entry, ae_requested_type);
if (entries == 0)
return (ARCHIVE_OK);
acl = acl_init(entries);
while (archive_entry_acl_next(entry, ae_requested_type, &ae_type,
&ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
acl_create_entry(&acl, &acl_entry);
switch (ae_tag) {
case ARCHIVE_ENTRY_ACL_USER:
acl_set_tag_type(acl_entry, ACL_USER);
ae_uid = a->lookup_uid(a->lookup_uid_data,
ae_name, ae_id);
acl_set_qualifier(acl_entry, &ae_uid);
break;
case ARCHIVE_ENTRY_ACL_GROUP:
acl_set_tag_type(acl_entry, ACL_GROUP);
ae_gid = a->lookup_gid(a->lookup_gid_data,
ae_name, ae_id);
acl_set_qualifier(acl_entry, &ae_gid);
break;
case ARCHIVE_ENTRY_ACL_USER_OBJ:
acl_set_tag_type(acl_entry, ACL_USER_OBJ);
break;
case ARCHIVE_ENTRY_ACL_GROUP_OBJ:
acl_set_tag_type(acl_entry, ACL_GROUP_OBJ);
break;
case ARCHIVE_ENTRY_ACL_MASK:
acl_set_tag_type(acl_entry, ACL_MASK);
break;
case ARCHIVE_ENTRY_ACL_OTHER:
acl_set_tag_type(acl_entry, ACL_OTHER);
break;
default:
/* XXX */
break;
}
acl_get_permset(acl_entry, &acl_permset);
acl_clear_perms(acl_permset);
if (ae_permset & ARCHIVE_ENTRY_ACL_EXECUTE)
acl_add_perm(acl_permset, ACL_EXECUTE);
if (ae_permset & ARCHIVE_ENTRY_ACL_WRITE)
acl_add_perm(acl_permset, ACL_WRITE);
if (ae_permset & ARCHIVE_ENTRY_ACL_READ)
acl_add_perm(acl_permset, ACL_READ);
}
name = archive_entry_pathname(entry);
/* Try restoring the ACL through 'fd' if we can. */
#if HAVE_ACL_SET_FD
if (fd >= 0 && acl_type == ACL_TYPE_ACCESS && acl_set_fd(fd, acl) == 0)
ret = ARCHIVE_OK;
else
#else
#if HAVE_ACL_SET_FD_NP
if (fd >= 0 && acl_set_fd_np(fd, acl, acl_type) == 0)
ret = ARCHIVE_OK;
else
#endif
#endif
if (acl_set_file(name, acl_type, acl) != 0) {
archive_set_error(&a->archive, errno, "Failed to set %s acl", tname);
ret = ARCHIVE_WARN;
}
acl_free(acl);
return (ret);
}
#endif
#if HAVE_LSETXATTR
/*
* Restore extended attributes - Linux implementation
*/
static int
set_xattrs(struct archive_write_disk *a)
{
struct archive_entry *entry = a->entry;
static int warning_done = 0;
int ret = ARCHIVE_OK;
int i = archive_entry_xattr_reset(entry);
while (i--) {
const char *name;
const void *value;
size_t size;
archive_entry_xattr_next(entry, &name, &value, &size);
if (name != NULL &&
strncmp(name, "xfsroot.", 8) != 0 &&
strncmp(name, "system.", 7) != 0) {
int e;
#if HAVE_FSETXATTR
if (a->fd >= 0)
e = fsetxattr(a->fd, name, value, size, 0);
else
#endif
{
e = lsetxattr(archive_entry_pathname(entry),
name, value, size, 0);
}
if (e == -1) {
if (errno == ENOTSUP) {
if (!warning_done) {
warning_done = 1;
archive_set_error(&a->archive, errno,
"Cannot restore extended "
"attributes on this file "
"system");
}
} else
archive_set_error(&a->archive, errno,
"Failed to set extended attribute");
ret = ARCHIVE_WARN;
}
} else {
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
"Invalid extended attribute encountered");
ret = ARCHIVE_WARN;
}
}
return (ret);
}
#elif HAVE_EXTATTR_SET_FILE
/*
* Restore extended attributes - FreeBSD implementation
*/
static int
set_xattrs(struct archive_write_disk *a)
{
struct archive_entry *entry = a->entry;
static int warning_done = 0;
int ret = ARCHIVE_OK;
int i = archive_entry_xattr_reset(entry);
while (i--) {
const char *name;
const void *value;
size_t size;
archive_entry_xattr_next(entry, &name, &value, &size);
if (name != NULL) {
int e;
int namespace;
if (strncmp(name, "user.", 5) == 0) {
/* "user." attributes go to user namespace */
name += 5;
namespace = EXTATTR_NAMESPACE_USER;
} else {
/* Warn about other extended attributes. */
archive_set_error(&a->archive,
ARCHIVE_ERRNO_FILE_FORMAT,
"Can't restore extended attribute ``%s''",
name);
ret = ARCHIVE_WARN;
continue;
}
errno = 0;
#if HAVE_EXTATTR_SET_FD
if (a->fd >= 0)
e = extattr_set_fd(a->fd, namespace, name, value, size);
else
#endif
/* TODO: should we use extattr_set_link() instead? */
{
e = extattr_set_file(archive_entry_pathname(entry),
namespace, name, value, size);
}
if (e != (int)size) {
if (errno == ENOTSUP) {
if (!warning_done) {
warning_done = 1;
archive_set_error(&a->archive, errno,
"Cannot restore extended "
"attributes on this file "
"system");
}
} else {
archive_set_error(&a->archive, errno,
"Failed to set extended attribute");
}
ret = ARCHIVE_WARN;
}
}
}
return (ret);
}
#else
/*
* Restore extended attributes - stub implementation for unsupported systems
*/
static int
set_xattrs(struct archive_write_disk *a)
{
static int warning_done = 0;
/* If there aren't any extended attributes, then it's okay not
* to extract them, otherwise, issue a single warning. */
if (archive_entry_xattr_count(a->entry) != 0 && !warning_done) {
warning_done = 1;
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
"Cannot restore extended attributes on this system");
return (ARCHIVE_WARN);
}
/* Warning was already emitted; suppress further warnings. */
return (ARCHIVE_OK);
}
#endif
/*
* Trivial implementations of gid/uid lookup functions.
* These are normally overridden by the client, but these stub
* versions ensure that we always have something that works.
*/
static gid_t
trivial_lookup_gid(void *private_data, const char *gname, gid_t gid)
{
(void)private_data; /* UNUSED */
(void)gname; /* UNUSED */
return (gid);
}
static uid_t
trivial_lookup_uid(void *private_data, const char *uname, uid_t uid)
{
(void)private_data; /* UNUSED */
(void)uname; /* UNUSED */
return (uid);
}
/*
* Test if file on disk is older than entry.
*/
static int
older(struct stat *st, struct archive_entry *entry)
{
/* First, test the seconds and return if we have a definite answer. */
/* Definitely older. */
if (st->st_mtime < archive_entry_mtime(entry))
return (1);
/* Definitely younger. */
if (st->st_mtime > archive_entry_mtime(entry))
return (0);
/* If this platform supports fractional seconds, try those. */
#if HAVE_STRUCT_STAT_ST_MTIMESPEC_TV_NSEC
/* Definitely older. */
if (st->st_mtimespec.tv_nsec < archive_entry_mtime_nsec(entry))
return (1);
#elif HAVE_STRUCT_STAT_ST_MTIM_TV_NSEC
/* Definitely older. */
if (st->st_mtim.tv_nsec < archive_entry_mtime_nsec(entry))
return (1);
#elif HAVE_STRUCT_STAT_ST_MTIME_N
/* older. */
if (st->st_mtime_n < archive_entry_mtime_nsec(entry))
return (1);
#elif HAVE_STRUCT_STAT_ST_UMTIME
/* older. */
if (st->st_umtime * 1000 < archive_entry_mtime_nsec(entry))
return (1);
#elif HAVE_STRUCT_STAT_ST_MTIME_USEC
/* older. */
if (st->st_mtime_usec * 1000 < archive_entry_mtime_nsec(entry))
return (1);
#else
/* This system doesn't have high-res timestamps. */
#endif
/* Same age or newer, so not older. */
return (0);
}