Correct typo: vender -> vendor
[dragonfly.git] / contrib / bsdtar / read.c
1 /*-
2  * Copyright (c) 2003-2004 Tim Kientzle
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer
10  *    in this position and unchanged.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18  * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26
27 #include "bsdtar_platform.h"
28 __FBSDID("$FreeBSD: src/usr.bin/tar/read.c,v 1.23 2005/04/17 17:20:54 kientzle Exp $");
29
30 #include <sys/param.h>
31 #include <sys/types.h>
32 #include <sys/stat.h>
33
34 #include <archive.h>
35 #include <archive_entry.h>
36 #include <errno.h>
37 #include <grp.h>
38 #include <limits.h>
39 #include <pwd.h>
40 #include <stdio.h>
41 #include <stdlib.h>
42 #include <string.h>
43 #include <time.h>
44 #include <unistd.h>
45
46 #include "bsdtar.h"
47
48 static void     cleanup_security(struct bsdtar *);
49 static void     list_item_verbose(struct bsdtar *, FILE *,
50                     struct archive_entry *);
51 static void     read_archive(struct bsdtar *bsdtar, char mode);
52 static int      security_problem(struct bsdtar *, struct archive_entry *);
53
54 void
55 tar_mode_t(struct bsdtar *bsdtar)
56 {
57         read_archive(bsdtar, 't');
58 }
59
60 void
61 tar_mode_x(struct bsdtar *bsdtar)
62 {
63         read_archive(bsdtar, 'x');
64 }
65
66 /*
67  * Handle 'x' and 't' modes.
68  */
69 static void
70 read_archive(struct bsdtar *bsdtar, char mode)
71 {
72         FILE                     *out;
73         struct archive           *a;
74         struct archive_entry     *entry;
75         const struct stat        *st;
76         int                       r;
77
78         while (*bsdtar->argv) {
79                 include(bsdtar, *bsdtar->argv);
80                 bsdtar->argv++;
81         }
82
83         if (bsdtar->names_from_file != NULL)
84                 include_from_file(bsdtar, bsdtar->names_from_file);
85
86         a = archive_read_new();
87         archive_read_support_compression_all(a);
88         archive_read_support_format_all(a);
89         if (archive_read_open_file(a, bsdtar->filename,
90             bsdtar->bytes_per_block != 0 ? bsdtar->bytes_per_block :
91             DEFAULT_BYTES_PER_BLOCK))
92                 bsdtar_errc(bsdtar, 1, 0, "Error opening archive: %s",
93                     archive_error_string(a));
94
95         do_chdir(bsdtar);
96         for (;;) {
97                 /* Support --fast-read option */
98                 if (bsdtar->option_fast_read &&
99                     unmatched_inclusions(bsdtar) == 0)
100                         break;
101
102                 r = archive_read_next_header(a, &entry);
103                 if (r == ARCHIVE_EOF)
104                         break;
105                 if (r == ARCHIVE_WARN)
106                         bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
107                 if (r == ARCHIVE_FATAL) {
108                         bsdtar->return_value = 1;
109                         bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
110                         break;
111                 }
112                 if (r == ARCHIVE_RETRY) {
113                         /* Retryable error: try again */
114                         bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
115                         bsdtar_warnc(bsdtar, 0, "Retrying...");
116                         continue;
117                 }
118
119                 /*
120                  * Exclude entries that are too old.
121                  */
122                 st = archive_entry_stat(entry);
123                 if (bsdtar->newer_ctime_sec > 0) {
124                         if (st->st_ctime < bsdtar->newer_ctime_sec)
125                                 continue; /* Too old, skip it. */
126                         if (st->st_ctime == bsdtar->newer_ctime_sec
127                             && ARCHIVE_STAT_CTIME_NANOS(st)
128                             <= bsdtar->newer_ctime_nsec)
129                                 continue; /* Too old, skip it. */
130                 }
131                 if (bsdtar->newer_mtime_sec > 0) {
132                         if (st->st_mtime < bsdtar->newer_mtime_sec)
133                                 continue; /* Too old, skip it. */
134                         if (st->st_mtime == bsdtar->newer_mtime_sec
135                             && ARCHIVE_STAT_MTIME_NANOS(st)
136                             <= bsdtar->newer_mtime_nsec)
137                                 continue; /* Too old, skip it. */
138                 }
139
140                 /*
141                  * Note that pattern exclusions are checked before
142                  * pathname rewrites are handled.  This gives more
143                  * control over exclusions, since rewrites always lose
144                  * information.  (For example, consider a rewrite
145                  * s/foo[0-9]/foo/.  If we check exclusions after the
146                  * rewrite, there would be no way to exclude foo1/bar
147                  * while allowing foo2/bar.)
148                  */
149                 if (excluded(bsdtar, archive_entry_pathname(entry)))
150                         continue; /* Excluded by a pattern test. */
151
152                 /*
153                  * Modify the pathname as requested by the user.  We
154                  * do this for -t as well to give users a way to
155                  * preview the effects of their rewrites.  We also do
156                  * this before extraction security checks (including
157                  * leading '/' removal).  Note that some rewrite
158                  * failures prevent extraction.
159                  */
160                 if (edit_pathname(bsdtar, entry))
161                         continue; /* Excluded by a rewrite failure. */
162
163                 if (mode == 't') {
164                         /* Perversely, gtar uses -O to mean "send to stderr"
165                          * when used with -t. */
166                         out = bsdtar->option_stdout ? stderr : stdout;
167
168                         if (bsdtar->verbose < 2)
169                                 safe_fprintf(out, "%s",
170                                     archive_entry_pathname(entry));
171                         else
172                                 list_item_verbose(bsdtar, out, entry);
173                         fflush(out);
174                         r = archive_read_data_skip(a);
175                         if (r == ARCHIVE_WARN) {
176                                 fprintf(out, "\n");
177                                 bsdtar_warnc(bsdtar, 0, "%s",
178                                     archive_error_string(a));
179                         }
180                         if (r == ARCHIVE_RETRY) {
181                                 fprintf(out, "\n");
182                                 bsdtar_warnc(bsdtar, 0, "%s",
183                                     archive_error_string(a));
184                         }
185                         if (r == ARCHIVE_FATAL) {
186                                 fprintf(out, "\n");
187                                 bsdtar_warnc(bsdtar, 0, "%s",
188                                     archive_error_string(a));
189                                 break;
190                         }
191                         fprintf(out, "\n");
192                 } else {
193                         /*
194                          * Skip security problems before prompting.
195                          * Otherwise, the user may be confused that a
196                          * file they wanted to extract was
197                          * subsequently skipped.
198                          */
199                         if (security_problem(bsdtar, entry))
200                                 continue;
201
202                         if (bsdtar->option_interactive &&
203                             !yes("extract '%s'", archive_entry_pathname(entry)))
204                                 continue;
205
206                         /*
207                          * Format here is from SUSv2, including the
208                          * deferred '\n'.
209                          */
210                         if (bsdtar->verbose) {
211                                 safe_fprintf(stderr, "x %s",
212                                     archive_entry_pathname(entry));
213                                 fflush(stderr);
214                         }
215                         if (bsdtar->option_stdout) {
216                                 /* TODO: Catch/recover any errors here. */
217                                 archive_read_data_into_fd(a, 1);
218                         } else if (archive_read_extract(a, entry,
219                                        bsdtar->extract_flags)) {
220                                 if (!bsdtar->verbose)
221                                         safe_fprintf(stderr, "%s",
222                                             archive_entry_pathname(entry));
223                                 safe_fprintf(stderr, ": %s",
224                                     archive_error_string(a));
225                                 if (!bsdtar->verbose)
226                                         fprintf(stderr, "\n");
227                                 /*
228                                  * TODO: Decide how to handle
229                                  * extraction error... <sigh>
230                                  */
231                                 bsdtar->return_value = 1;
232                         }
233                         if (bsdtar->verbose)
234                                 fprintf(stderr, "\n");
235                 }
236         }
237
238         if (bsdtar->verbose > 2)
239                 fprintf(stdout, "Archive Format: %s,  Compression: %s\n",
240                     archive_format_name(a), archive_compression_name(a));
241
242         archive_read_finish(a);
243         cleanup_security(bsdtar);
244 }
245
246
247 /*
248  * Display information about the current file.
249  *
250  * The format here roughly duplicates the output of 'ls -l'.
251  * This is based on SUSv2, where 'tar tv' is documented as
252  * listing additional information in an "unspecified format,"
253  * and 'pax -l' is documented as using the same format as 'ls -l'.
254  */
255 static void
256 list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
257 {
258         const struct stat       *st;
259         char                     tmp[100];
260         size_t                   w;
261         const char              *p;
262         const char              *fmt;
263         time_t                   tim;
264         static time_t            now;
265
266         st = archive_entry_stat(entry);
267
268         /*
269          * We avoid collecting the entire list in memory at once by
270          * listing things as we see them.  However, that also means we can't
271          * just pre-compute the field widths.  Instead, we start with guesses
272          * and just widen them as necessary.  These numbers are completely
273          * arbitrary.
274          */
275         if (!bsdtar->u_width) {
276                 bsdtar->u_width = 6;
277                 bsdtar->gs_width = 13;
278         }
279         if (!now)
280                 time(&now);
281         bsdtar_strmode(entry, tmp);
282         fprintf(out, "%s %d ", tmp, st->st_nlink);
283
284         /* Use uname if it's present, else uid. */
285         p = archive_entry_uname(entry);
286         if ((p == NULL) || (*p == '\0')) {
287                 sprintf(tmp, "%d ", st->st_uid);
288                 p = tmp;
289         }
290         w = strlen(p);
291         if (w > bsdtar->u_width)
292                 bsdtar->u_width = w;
293         fprintf(out, "%-*s ", (int)bsdtar->u_width, p);
294
295         /* Use gname if it's present, else gid. */
296         p = archive_entry_gname(entry);
297         if (p != NULL && p[0] != '\0') {
298                 fprintf(out, "%s", p);
299                 w = strlen(p);
300         } else {
301                 sprintf(tmp, "%d", st->st_gid);
302                 w = strlen(tmp);
303                 fprintf(out, "%s", tmp);
304         }
305
306         /*
307          * Print device number or file size, right-aligned so as to make
308          * total width of group and devnum/filesize fields be gs_width.
309          * If gs_width is too small, grow it.
310          */
311         if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
312                 sprintf(tmp, "%d,%u",
313                     major(st->st_rdev),
314                     (unsigned)minor(st->st_rdev)); /* ls(1) also casts here. */
315         } else {
316                 /*
317                  * Note the use of platform-dependent macros to format
318                  * the filesize here.  We need the format string and the
319                  * corresponding type for the cast.
320                  */
321                 sprintf(tmp, BSDTAR_FILESIZE_PRINTF,
322                     (BSDTAR_FILESIZE_TYPE)st->st_size);
323         }
324         if (w + strlen(tmp) >= bsdtar->gs_width)
325                 bsdtar->gs_width = w+strlen(tmp)+1;
326         fprintf(out, "%*s", (int)(bsdtar->gs_width - w), tmp);
327
328         /* Format the time using 'ls -l' conventions. */
329         tim = (time_t)st->st_mtime;
330         if (abs(tim - now) > (365/2)*86400)
331                 fmt = bsdtar->day_first ? "%e %b  %Y" : "%b %e  %Y";
332         else
333                 fmt = bsdtar->day_first ? "%e %b %R" : "%b %e %R";
334         strftime(tmp, sizeof(tmp), fmt, localtime(&tim));
335         fprintf(out, " %s ", tmp);
336         safe_fprintf(out, "%s", archive_entry_pathname(entry));
337
338         /* Extra information for links. */
339         if (archive_entry_hardlink(entry)) /* Hard link */
340                 safe_fprintf(out, " link to %s",
341                     archive_entry_hardlink(entry));
342         else if (S_ISLNK(st->st_mode)) /* Symbolic link */
343                 safe_fprintf(out, " -> %s", archive_entry_symlink(entry));
344 }
345
346 /*
347  * Structure for storing path of last successful security check.
348  */
349 struct security {
350         char    *path;
351         size_t   path_size;
352 };
353
354 /*
355  * Check for a variety of security issues.  Fix what we can here,
356  * generate warnings as appropriate, return non-zero to prevent
357  * this entry from being extracted.
358  */
359 static int
360 security_problem(struct bsdtar *bsdtar, struct archive_entry *entry)
361 {
362         struct stat st;
363         const char *name, *pn;
364         char *p;
365         int r;
366
367         /* -P option forces us to just accept all pathnames as-is. */
368         if (bsdtar->option_absolute_paths)
369                 return (0);
370
371         name = archive_entry_pathname(entry);
372
373         /* Reject any archive entry with '..' as a path element. */
374         pn = name;
375         while (pn != NULL && pn[0] != '\0') {
376                 if (pn[0] == '.' && pn[1] == '.' &&
377                     (pn[2] == '\0' || pn[2] == '/')) {
378                         bsdtar_warnc(bsdtar, 0,
379                             "Skipping pathname containing ..");
380                         bsdtar->return_value = 1;
381                         return (1);
382                 }
383                 pn = strchr(pn, '/');
384                 if (pn != NULL)
385                         pn++;
386         }
387
388         /*
389          * Gaurd against symlink tricks.  Reject any archive entry whose
390          * destination would be altered by a symlink.
391          */
392         /* XXX TODO: Make this faster by comparing current path to
393          * prefix of last successful check to avoid duplicate lstat()
394          * calls. XXX */
395         pn = name;
396         if (bsdtar->security == NULL) {
397                 bsdtar->security = malloc(sizeof(*bsdtar->security));
398                 if (bsdtar->security == NULL)
399                         bsdtar_errc(bsdtar, 1, errno, "No Memory");
400                 bsdtar->security->path_size = MAXPATHLEN + 1;
401                 bsdtar->security->path = malloc(bsdtar->security->path_size);
402                 if (bsdtar->security->path == NULL)
403                         bsdtar_errc(bsdtar, 1, errno, "No Memory");
404         }
405         if (strlen(name) >= bsdtar->security->path_size) {
406                 free(bsdtar->security->path);
407                 while (strlen(name) >= bsdtar->security->path_size)
408                         bsdtar->security->path_size *= 2;
409                 bsdtar->security->path = malloc(bsdtar->security->path_size);
410                 if (bsdtar->security->path == NULL)
411                         bsdtar_errc(bsdtar, 1, errno, "No Memory");
412         }
413         p = bsdtar->security->path;
414         while (pn != NULL && pn[0] != '\0') {
415                 *p++ = *pn++;
416                 while (*pn != '\0' && *pn != '/')
417                         *p++ = *pn++;
418                 p[0] = '\0';
419                 r = lstat(bsdtar->security->path, &st);
420                 if (r != 0) {
421                         if (errno == ENOENT)
422                                 break;
423                 } else if (S_ISLNK(st.st_mode)) {
424                         if (pn[0] == '\0') {
425                                 /*
426                                  * Last element is symlink; remove it
427                                  * so we can overwrite it with the
428                                  * item being extracted.
429                                  */
430                                 if (!S_ISLNK(archive_entry_mode(entry))) {
431                                         /*
432                                          * Warn only if the symlink is being
433                                          * replaced with a non-symlink.
434                                          */
435                                         bsdtar_warnc(bsdtar, 0,
436                                             "Removing symlink %s",
437                                             bsdtar->security->path);
438                                 }
439                                 if (unlink(bsdtar->security->path))
440                                         bsdtar_errc(bsdtar, 1, errno,
441                                             "Unlink failed");
442                                 /* Symlink gone.  No more problem! */
443                                 return (0);
444                         } else if (bsdtar->option_unlink_first) {
445                                 /* User asked us to remove problems. */
446                                 if (unlink(bsdtar->security->path))
447                                         bsdtar_errc(bsdtar, 1, errno,
448                                             "Unlink failed");
449                         } else {
450                                 bsdtar_warnc(bsdtar, 0,
451                                     "Cannot extract %s through symlink %s",
452                                     name, bsdtar->security->path);
453                                 bsdtar->return_value = 1;
454                                 return (1);
455                         }
456                 }
457         }
458
459         return (0);
460 }
461
462 static void
463 cleanup_security(struct bsdtar *bsdtar)
464 {
465         if (bsdtar->security != NULL) {
466                 free(bsdtar->security->path);
467                 free(bsdtar->security);
468         }
469 }